On 08/08/13 04:29, Thomas Harold wrote:
Not documented on the wiki:
http://wiki.apache.org/spamassassin/Rules/FSL_HELO_BARE_IP_2
FSL_HELO_BARE_IP_1 is documented as:
X-Spam-Relays-External =~ /^[^\]]+ helo=\d+\.\d+\.\d+\.\d+ /i
Anyone know what the goal of FSL_HELO_BARE_IP_2 is?
Sure - I wrote both rules.
It's to identify hosts that HELO with a 'raw' IP e.g.
HELO 1.2.3.4
Which is not syntactically correct as per the RFC. IP addresses used in
the HELO should be in a IP literal format:
HELO [1.2.3.4]
FSL_HELO_BARE_IP_1 looks at only the last external IP address, whereas
FSL_HELO_BARE_IP_2 looks at all external received hops.
These were supposed just to be sandbox rules, but they've been
autopromoted by the masschecker and I hadn't noticed until now.
FSL_HELO_BARE_IP_2 should probably be meta'd to only hit if
FSL_HELO_IP_1 doesn't hit to prevent a double hit if the last external
is a raw IP.
I'll create an FSL_HELO_BARE_IP_3 rule as a meta and see what the
results are tomorrow, and then I'll remove FSL_HELO_BARE_IP_2 provided
the results are satisfactory.
Regards,
Steve.
