You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by FaberK <f....@gmail.com> on 2007/08/27 15:38:00 UTC

False negative

Hi to all,
I have a guest, that use an ADSL with Dynamic IP and is always spammed
by my spamassassin.
The guest is on my same domain. I receive normally only if I put that
address into whitelist.
I tried also, to give some ham including that address, but nothing change.
Always spammed as follow:

----------------------------------------------------------------------------------------------------------------------------

Content analysis details:   (9.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.8 FH_HOST_ALMOST_IP      The host almost looks like an IP addr.
 3.1 FH_HOST_EQ_DYNAMICIP   Host is dynamicip
 0.5 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [XX.XX.XXX.XX listed in zen.spamhaus.org]
 1.6 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [XX.XX.XXX.XX listed in dnsbl.sorbs.net]
 0.1 RDNS_DYNAMIC           Delivered to trusted network by host with
                            dynamic-looking rDNS
----------------------------------------------------------------------------------------------------------------------------

Any suggestions?
Thanks
-- 
.:FaberK:.

Re: False negative

Posted by OliverScott <ol...@fhsinternet.com>.

You need to either get him to change the way he sends his emails or adjust
your scores!

If he is sending directly from a dynamic IP address then he will be blocked
by a lot of peoples filters - for instance there is no chance of his emails
being accepted by AOL!

The way round this is for him to relay through his ISPs outgoing mail server
if at all possible. i.e. put smtp.ispname.com (or somthing like that) in the
outgoing server address of his email client.

If you want to accept emails from people with a similar setup to his without
adding them manually to a whitelist, then you will have to reduce the scores
for the rules which fire on these mails.

Edit your local.cf file (probably in /etc/mail/spamassassin) to include
somthing like:
score FH_HOST_ALMOST_IP 1.0 
score FH_HOST_EQ_DYNAMICIP 1.0 
score RCVD_IN_SORBS_DUL 0.5 

This will still help to catch some spam (though is has reduced the amount
you will catch) but will hopefully be enough to let emails like this through
as long as they don't hit any other rules.

I would suggest NOT using the BOTNET pluggin as it will probably make the
problem worse!
-- 
View this message in context: http://www.nabble.com/False-negative-tf4335349.html#a12347708
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.