I have just noticed the same thing.
Increase in false positives due to that rule telling me the upstream
mail server addresses (which I don't control) have been listed in
combined-HIB.dnsiplists.completewhois.com.
Which is not right for any reason - they ought not be there. Looking
around at www.completewhois.com I cannot find those addresses at all.
I've had to change the score of the rule to zero as its hitting every
piece of mail as they all pass through those upstream servers.
Any suggestions would be appreciated.
thanks
r.
I was using 3.1.0 until today on my mail server at work and after the
upgrade suddenly I'm seeing a lot of RCVD_IN_WHOIS_BOGONS misfiring.
one example of a sender domain that triggered is d.dena.ne.jp which
doesn't directly resolve, but ns.dena.ne.jp resolves to 64.56.174.130
which shows as a network that appears in the
allocated-netrange-arin_after1995.txt on completewhois.com [1]
I've checked my trusted_networks and that seems to be OK... if i
let the
trusted_network be auto-determined (i.e. not set manually) or if i set
it manually I get the same results.
The machine is on a global network with a separate interface on an
internal network.
DISGUISE_PORN_MUNDANE appears to be hitting on Japanese text as well.
I'm only seeing the tests in the mail logs so I don't have any actual
headers at the moment.
can anyone offer any ideas as to where I should look or what might be
happening?
here's some debug info that might be useful:
[4392] dbg: dns: is Net::DNS::Resolver available? yes
[4392] dbg: dns: Net::DNS version: 0.57
[4392] dbg: diag: perl platform: 5.008005 linux
[4392] dbg: diag: module installed: Digest::SHA1, version 2.11
[4392] dbg: diag: module installed: Net::SMTP, version 2.29
[4392] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[4392] dbg: diag: module installed: IP::Country::Fast, version 604.001
[4392] dbg: diag: module installed: Razor2::Client::Agent, version
2.67
[4392] dbg: diag: module not installed: Net::Ident ('require' failed)
[4392] dbg: diag: module not installed: IO::Socket::INET6
('require' failed)
[4392] dbg: diag: module installed: IO::Socket::SSL, version 0.97
[4392] dbg: diag: module installed: Time::HiRes, version 1.87
[4392] dbg: diag: module installed: DBI, version 1.45
[4392] dbg: diag: module installed: Getopt::Long, version 2.34
[4392] dbg: diag: module installed: LWP::UserAgent, version 2.032
[4392] dbg: diag: module installed: HTTP::Date, version 1.46
[4392] dbg: diag: module installed: Archive::Tar, version 1.29
[4392] dbg: diag: module installed: IO::Zlib, version 1.04
[4392] dbg: diag: module installed: MIME::Base64, version 3.07
[4392] dbg: diag: module installed: HTML::Parser, version 3.54
[4392] dbg: diag: module installed: DB_File, version 1.810
[4392] dbg: diag: module installed: Net::DNS, version 0.57
Thanks,
Alan
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEjNs2E2gsBSKjZHQRAkMhAJ40RgtMeXak2enbljP0PQGQR4xh/wCgtmcd
dfZ7z+wtX2oVtrQR90L4lpI=
=BxhD
-END PGP SIGNATURE-
This message may contain confidential information which is intended only for
the individual named.
If you are not the named addressee you should not disseminate, distribute or
copy this email.
Please notify the sender immediately by email if you have received this email
by mistake and delete this email from your system.
Email transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of email transmission.
If verification is required please request a hard copy version.