http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5817
------- Additional Comments From [EMAIL PROTECTED] 2008-02-13 16:35 ------- (In reply to comment #4) > Daryl, maybe it's just too late for me today, and I missed it. Where's the > actual rule? The rule is in the 70_other.cf file in my sandbox (available via svn). http://wiki.apache.org/spamassassin/RuleSandboxes > The name doesn't suggest to me it checks the first two IPs for > equality, does it? The rule checks for suspected forged received headers by checking if external received headers contain (dot-)quads that are duplicated one after another. Hence the name DOS_FORGED_RCVD_QUADS. The rule is Sendmail-ish specific and relies on the IP having no rDNS. In your examples above the IPs do have rDNS so the rule wouldn't fire. I've just added a generic version of this rule, DOS_RCVD_IP_TWICE, that will fire on your examples. (In reply to comment #5) > I had some fun hacking SA, my own little mass-checker, and a plugin. Will > attach > that in a few. > Anyone interested? :) FWIW, you could implement the plugin via a couple of rules and achieve the same result. I'd either do that (and hopefully it'll be self documenting) or at least document what you're trying to achieve (and why) in your plugin. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
