false positive?
Damien McKenna
damien at MC-KENNA.COM
Wed Aug 13 15:33:51 IST 2003
On Tuesday 12 August 2003 11:16 am, mikea wrote:
> header RCVD_FAKE_HELO_DOTCOM Received =~ /^from (?:msn|yahoo|
> yourwebsite|lycos|excite|cs|aol|localhost|koreanmail|allexecs|
> mydomain|juno|eudoramail|compuserve|desertmail|excite|caramail)
> \.com \(/m
> describe RCVD_FAKE_HELO_DOTCOM Received contains a faked HELO hostname
One way to work around this "problem" would be to manually assign a lower
score for this flag. I changed some of the default scores to higher ratings,
eg for the 411 scam, etc, that way "real" spam gets a really high score while
might-be-spam gets a mediocre score.
--
Damien McKenna damien at mc-kenna.com http://mc-kenna.com/
More information about the MailScanner
mailing list