You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by peter pilsl <pi...@goldfisch.at> on 2007/12/11 14:42:41 UTC
AWL giving me a headache
I use AWL and now I've got a user whos mail all get marked as spam cause
AWL give it a extra score
X-Spam-Report:
* -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.0000]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 9.6 AWL AWL: From: address is in the auto white-list
I understand the reason for that: The user is marked in the AWL with a
high spamscore (whyever) and now sends a low-score mail and AWL kicks in
to correct.
But now I tried to check in deeper and used check_whitelist (which is
part of newer spamassassin-versions. Why?) to examine my huge
autowhitelist:
There I see 138 of entries for that users emailadress. All paired with a
IP and most only from one or two emails and having a really high score
(>20). Seems like the users adress is often used as faked sender for spam.
And there is one entry for that user that has a low score based on many
mails. This is the "real" user. Sending a lot of low-scored mails from a
single ip-adress.
<skipped load of high-score singlemailbased entries>
24.6 (24.6/1) -- user@domain.net|ip=86.138
27.5 (27.5/1) -- user@domain.net|ip=85.102
16.7 (16.7/1) -- user@domain.net|ip=85.105
19.8 (19.8/1) -- user@domain.net|ip=85.49
20.7 (20.7/1) -- user@domain.net|ip=85.130
18.9 (18.9/1) -- user@domain.net|ip=62.118
-1.7 (-699.1/402) -- user@domain.net|ip=85.126
15.5 (15.5/1) -- user@domain.net|ip=212.25
17.2 (17.2/1) -- user@domain.net|ip=78.162
22.9 (22.9/1) -- user@domain.net|ip=212.120
22.9 (45.8/2) -- user@domain.net|ip=85.141
25.0 (25.0/1) -- user@domain.net|ip=85.140
23.2 (23.2/1) -- user@domain.net|ip=190.95
28.4 (28.4/1) -- user@domain.net|ip=66.232
25.9 (25.9/1) -- user@domain.net|ip=80.252
8.9 (8.9/1) -- user@domain.net|ip=80.250
18.2 (18.2/1) -- user@domain.net|ip=62.148
<skipped load of high-score singlemailbased entries>
I mean : to me as human its quite ununderstandable why spamassassin-AWL
punishes a mail from user@domain.net|ip=85.126 with an extrascore of 9.8
if the average-score for this mail/ip-combination is -1.7 in AWL ??
additionally I didnt find any manpage to check_whitelist or any
information what the clean and -n flags do and why this tool is not
included in version 3.2.2 any more?
thnx for your help,
peter
--
mag. peter pilsl - goldfisch.at
IT-Consulting
Tel: +43-650-3574035
Tel: +43-1-8900602
Fax: +43-1-8900602-15
skype: peter.pilsl
pilsl@goldfisch.at
www.goldfisch.at