On 1/16/2014 5:20 PM, Axb wrote:
On 01/16/2014 11:03 PM, Brian Bebeau wrote:
We're having a problem with the FH_RANDOM_SURE rule causing false
positives.
It has a subrule __ALL_RANDOM, which is:
header __ALL_RANDOM ALL =~
/(?:[%\#\[\$]R?A?NDO?M?|\%(?:CUSTOM|FROM|PROXY|X?MESSA|MAKE_TXT|FROM_USER))/i
We have a user "ndrier", so legitimate email sometimes has a header
that starts like:
References: <CEFAE1FA.101C2%ndrier@
which matches the rule, since it contains "%nd". It looks like it's
trying to
find "%random", but only "nd" is required to be there. Could the
score be
way lowered or the rule made more restrictive?
yes, the score can be lowered:
add:
score FH_RANDOM_SURE 0.1
to you local.cf.
That will fix your problem.
h2h
I don't show a single hit on this rule on my server in 10 days.
I'm setting a score ceiling of 0.5 on the rule and it should go out in a
day or so.
Regards,
KAM
