On 07/04/2018 06:23 AM, bugzilla-dae...@bugzilla.spamassassin.org wrote:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7592--- Comment #3 from John Hardin <jhar...@impsec.org> --- I just scanned my inbox for sendgrid.net - lots of hits in ham, a few in spam. Most hams seem to come from domain-branded hosts (e.g. o5.sgmail.github.com, o6.email.quora.com). The ham I see that comes closest is: o1678961x80.outbound-mail.sendgrid.net - but that doesn't use the dashed-quad format so it doesn't "look" dynamic. I don't have *any* ham hits that look like your example. There are some hits in my spam like the one above, and *two* that look like your example. One was on June 6, so the scores are fairly recent: * 1.0 RDNS_DYNAMIC Delivered to internal network by host with * dynamic-looking rDNS * 2.0 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr * 1) Received: from o168-245-111-164.outbound-mail.sendgrid.net (o168-245-111-164.outbound-mail.sendgrid.net [168.245.111.164]) by ga.impsec.org (8.14.7/8.14.7) with ESMTP id w56NOWd5015495 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <jhar...@impsec.org>; Wed, 6 Jun 2018 17:24:38 -0600 This is scoreset 3 (Bayes + net tests) - the scores are higher if Bayes is disabled. Do you have Bayes disabled? If so, you might want to enable and train it.
IMO, these rules should be considered "legacy" and could be deprecated.
