Have a hit from a rule but don't know from wich ruleset it comes

Mon Dec 11 22:01:33 GMT 2006

i've had the same problem recently.  The issue seems to be in a received line.

the client sent mail from their their dsl connection at
gak.64-212-98-78.dsl.goo.com 

thusly, the first received line reads approximately:
Received: from gak.64-212-98-78.dsl.goo.com [64.212.98.78]   etc....

the issie seems to be the inclusion of the IP address in the FQDN.  if i resend
this message with the same headers, but take out the 64-212-98.... secion from
the FQDN (not the bracketed IP address), it works just fine.  the IP matching or
being from a suspicious netblock seems to have no bearing on the problem

did you find anyithing else on this issue?