> > > 2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: > > > sender on bogons IP block [102.176.29.76 listed in > > > combined-HIB.dnsiplists.completewhois.com] > > I wonder why score for RCVD_IN_WHOIS_BOGONS is 0 in 3.2.0-rc1 ? > > (unlike RCVD_IN_WHOIS_INVALID and RCVD_IN_WHOIS_HIJACKED... > > almost non-existent hits. rules/STATISTICS-set3.txt : > 0.000 0.0007 0.0000 1.000 0.51 0.00 RCVD_IN_WHOIS_BOGONS > that's like 6 out of nearly a million spams.
It seems like a waste to actually send out a query against a combined-HIB.dnsiplists.completewhois.com, but then ignore its result (apparently the score did help with the OP spam). The HIJACKED, BOGONS, and INVALID share the same RBL and only one query is send out if any of these three rules is nonzero. Setting RCVD_IN_WHOIS_BOGONS to 0 saves no resources. Mark
