Have a hit from a rule but don't know from wich ruleset it comes

[Richard Frovarp]

tpickhan at sks-systeme.de wrote:
>
> Yesterday we had a false positive hit with an email. I took a look in 
> the log information from mailscanner and saw that there were several 
> rule hits for this ham.
>
> Two of this are named as helo_dynamic_dhcp and helo_dynamic_ipaddr.
>
> So these two rules were responsible for the detection as spam, 
> although the email was ham.
>
> The question is in what rulesets theses rules are included so that I 
> can deactive this ruleset.
>
>  
>
>  
>
>  
>
>

They are basic rules in the base set from SpamAssassin. Doing a grep -i 
helo_dynamic_dhcp /spam/rules/dir/on/your/system/* will find it. 
However, there are probably reasons for this rule to fire and you may 
want to look at those first. Who ever is running that server the email 
came from probably should fix their problem instead of you changing the 
scores.

Second you don't want to monkey with the rules in place. You need to 
edit your local.cf file to rescore those rules. Ask over on the 
SpamAssassin list as they can provide more guidance.