Hello,
According to report from one of our customers it seems that this header is
being hit by multiple rules:
Received: from 217-112-174-194.cust.avonet.cz (217-112-174-194.cust.avonet.cz
[217.112.174.194]) (TLS: TLS1.0,192bits,RSA_3DES_EDE_CBC_SHA1) by
mailhub3.nextra.sk with esmtp; Wed, 18 Mar 2009 08:10:09 +0100 id
0000000000112EF1.0000000049C09E51.00007522
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
* 2)
* 0.5 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
* 1.6 TVD_RCVD_IP TVD_RCVD_IP
(running pcretest on those rules and this header confirmed that this header
causes those hits)
I guess that FH_HELO_EQ_D_D_D_D and TVD_RCVD_IP are superflous here because
they all match the same helo string.
I've made a small test:
% grep -F -e HELO_DYNAMIC_IPADDR2 -e FH_HELO_EQ_D_D_D_D -e TVD_RCVD_IP
/tmp/spamd > /tmp/spamd.dynip
% wc -l /tmp/spamd.dynip
423 /tmp/spamd.dynip
% grep -c HELO_DYNAMIC_IPADDR2 /tmp/spamd.dynip
232
% grep -c FH_HELO_EQ_D_D_D_D /tmp/spamd.dynip
325
% grep -c TVD_RCVD_IP /tmp/spamd.dynip
160
% grep HELO_DYNAMIC_IPADDR2 /tmp/spamd.dynip | grep FH_HELO_EQ_D_D_D_D | grep
TVD_RCVD_IP | wc -l
132
% grep HELO_DYNAMIC_IPADDR2 /tmp/spamd.dynip | grep FH_HELO_EQ_D_D_D_D | wc -l
143
% grep HELO_DYNAMIC_IPADDR2 /tmp/spamd.dynip | grep TVD_RCVD_IP | wc -l
143
% grep FH_HELO_EQ_D_D_D_D /tmp/spamd.dynip | grep TVD_RCVD_IP | wc -l
140
I'd say there are really pretty redundant... Of course, I can make meta
rules, but should I fill up a bugreport or can anyone comment this, maybe I
missed something here?
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
