I've noticed that many of the false-positives I receive have hit
__RDNS_NONE after being relayed through outbound.protection.outlook.com
eg spamassassin -D
Apr 3 17:20:42.063 [523179] dbg: rules: ran header rule
__RDNS_NONE ======> got hit: "[ ip=2a01:111:f403:c205::5 rdns= "
Apr 3 17:20:42.063 [523179] dbg: rules: ran header rule
__LAST_EXTERNAL_RELAY_NO_AUTH ======> got hit: "[
ip=2a01:111:f403:c205::5 rdns=
helo=LO0P265CU003.outbound.protection.outlook.com
by=mailhub-hex-d.mythic-beasts.com ident= [email protected]
intl=0 id=1w7pf0-00A15k-1o auth= "
Is it reasonable to expect that IPv6 outbound servers have rDNS
(given that IPv6 space is so much bigger than IPv4) ?
Actually this one does appear to have rDNS:
# host 2a01:111:f403:c205::5
5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.2.c.3.0.4.f.1.1.1.0.1.0.a.2.ip6.arpa
domain name pointer
mail-uksouthazlp170120005.outbound.protection.outlook.com.
How do I debug why my Ubuntu machine is hitting this rule ?
Thanks,
--
Andrew C. Aitchison Kendal, UK
[email protected]
