I've recently upgraded to SA 3.4.0 - I'm seeing URI_DOTDOT_LOW_CNTRST scoring on many legitimate mails. E.g. from linkedin and distrelec.
For instance: http://files.jessen.ch/Tektronix-4-Kanal-Oszilloskop-deutlich-reduziert-TDS-2024C.eml When the above was processed I noticed this in the log: spamd[865]: dns: new_dns_packet (domain=chde..distrelec.com. type=A class=IN) failed: a domain name contains a null label As far as I can tell, the email above contains no such uri. I grep'ed a bit and found some more: http://files.jessen.ch/more-dotdot.txt I'm pretty certain 99% of those are false positives. Probably a hiccup on my installation, I was just wondering if anyone else is seeing this? -- Per Jessen, Zürich (6.3°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
