I'm using SpamAssassin version 3.1.0 with default options, and have
run into a serious false positive problem. When I receive mail from
one of my correspondents, I get Received: lines like this one:
Received: from adsl-71-133-227-154.dsl.pltn13.pacbell.net
(71.133.227.154) (HELO genstor.com)
(TLSv1/SSLv3 DHE-RSA-AES256-SHA 256/256)
by scs.stanford.edu with SMTP;
for [EMAIL PROTECTED];
Wed, 07 Dec 2005 14:39:46 -0800 (PST)
That line alone is enough to flag a message as spam. It hits 3
different rules:
2.7 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
3.3 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1)
While I agree that maybe mail received from a DSL line like the above
should get a few points, it seems unreasonable to push it so far above
the default 5-point threshold--particularly when nothing else in the
message hit any rules.
A friend has suggested this may be a bug in the way that SpamAssassin
parses the Received header. Is this, in fact, a bug in SpamAssassin?
Or is my SMTP server generating Received: headers using an
incorrect format? (I don't see anything prohibiting that format in
RFC 2822.)
Do people have suggestions for working around the problem (other than
just re-scoring those three rules, which may be useful in other
circumstances)?
Thanks,
David
