False positives for TVD_RCVD_IP and TVD_RCVD_IP4 rules
Greetings fellow users,
from what I understand, the TVD_RCVD_IP and TVD_RCVD_IP4 rules are used
to determine when messages have been relayed via hosts without domain
names. As both of these are just regular expressions, this relies on the
various mail relays bothering to do the lookups.
My ISP (BT, which has Yahoo handle its mail) appears to never do this,
so the server are always IPs and SA always hits these rules, making them
useless. Presumably this is done for performance reasons. However, there
is the possibility that other servers are doing the same thing.
So, I was wondering if anyone else has had the same issue?
One might imagine that Spamassassin could lookup these IPs to verify if
they didn't have a domain name. Anyway, I estimate this would result in
one additional DNS lookup per spam which I guess would be considered
expensive. So such a rule only becomes useful if other mail servers are
doing this as well. Unfortunately, looking at the mail headers I have,
it seems to be pretty Yahoo specific.