Multiple rules for dynamic-looking IP addresses

I'm having problems with high scores from messages sent from IP addresses that appear to be dynamic, but in fact are static. Here's an example:

• 4.2 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
• IP)
• 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
• 2)
• 1.6 TVD_RCVD_IP TVD_RCVD_IP
• 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO

Here are the Received lines, with specific information cleaned:

Received: from 1.2.3.4.static.vsnl.net.in [1.2.3.4] by mail5.example2.com with SMTP;

   Sat, 25 Aug 2007 04:11:59 -0500
Received: from gbd07 ([192.168.96.107]) by mail.example1.com with Microsoft SMTPSVC(6.0.3790.1830);

         Sat, 25 Aug 2007 14:48:07 +0530

I realize that 1.2.3.4 should have a better reverse DNS, but it seems that it causes the SA score to be artificially high. I know I could disable some of these tests, but I feel like that would artificially lower scores.

How can I adjust the scores or write/fix rules so that static IP addresses are recognized as such?

I am an admin for example2.com.

Do you need help?
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related spamassassin.apache.org Links users Request more information about Pantek

Thanks in advance.

--df Received on Thu Aug 30 00:17:18 2007