Benny Pedersen wrote:
> X-Spam-Status: No, score=-8.001 tagged_above=-20 required=5
> tests=[BOTNET_SOHO=-2.5, MAILLISTS=-1.5, RCVD_IN_DNSWL_MED=-4,
> SPF_PASS=-0.001]
> Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
> by gate.junc.org (Postfix) with SMTP id C1CC016F4AD
> for ; Thu, 3 Apr 2008 14:41:47 +0200 (CEST)
>
> problem is that helo is not equal to reverse ptr ?
>

Look closely, the rule has a negative score, not a positive one... So,
there's no "problem" per se.

BOTNET_SOHO actually a counter-rule that tries to negate out some
botnet's false positive cases involving small office or home office
(SOHO) networks that have ISPs that will give static IPs, but won't set
reverse DNS to anything but their IP based default.

Why it triggers on apache is a bit unclear, but I've not studied the
ruleset closely.