You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@embarqmail.com> on 2007/04/29 16:33:57 UTC
[Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
On Saturday 28 April 2007 11:22 pm, Matt Kettler wrote:
> From the looks of it, you need to adjust your trusted_networks.
>
> Right now it looks like it is mis-judging the network boundaries, and
> tagging all mail with the DUL lists.
>
> http://wiki.apache.org/spamassassin/TrustPath
>
Matt, here are the markups from your reply, mine first then Embarqs/Synacors:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00=-6.4
autolearn=disabled version=3.1.8
Old-X-Spam-Status: No, score=-2.545 tagged_above=-10 required=6.6
tests=[ALL_TRUSTED=-1.8, AWL=-0.054, BAYES_00=-2.599,
DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708]
Yet your reply is marked as [possible spam].
Here is my trust paths in my local.cf:
trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24 208.47.184/24
71.48.160.0/20
internal_networks 71.48.160.0/20
Looking at my post to the mailing list here are the markups:
This one I'll have to guess is Synacor's
X-Virus-Scanned: amavisd-new at
Old-X-Spam-Score: -2.599
Old-X-Spam-Level:
Old-X-Spam-Status: No, score=-2.599 tagged_above=-10 required=6.6
tests=[BAYES_00=-2.599]
Then there is this one:
X-ASF-Spam-Status: No, hits=0.0 required=10.0
tests=
Old-X-Spam-Check-By: apache.org
Then there is this one:
Message-Id: <20...@embarqmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Flag: YES
X-Old-Spam-Status: Yes, score=9.068 tagged_above=-10 required=6.6
tests=[AWL=1.576, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
Now I'm confused as to which Old-X-Spam markup is from Embarq/Synacor and
which is from Apache.org. The last one 'looks' like the markups that have
been showing up from Embarq/Synacor on my cronjob output posts:
X-Spam-Remote: Host localhost.localdomain
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.209,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
The one above is the markup from my box on a cronjob output, the one below is
the same cronjob output but marked up by Embarq/Synacor:
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.384
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.384 tagged_above=-10 required=6.6
tests=[AWL=3.256, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
My question then is what good would it do me to adjust my trusted_networks
setting, if in fact I have it incorrect. The [possible spam] markups are
being made by Embarq/Synacor not me.
BTW Matt, here is how your reply to me scored, on my box and by
Embarq/Synacor:
X-Spam-Remote: Host localhost.localdomain
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.209,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.384
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.384 tagged_above=-10 required=6.6
tests=[AWL=3.256, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
>
> My question then is what good would it do me to adjust my trusted_networks
> setting, if in fact I have it incorrect. The [possible spam] markups are
> being made by Embarq/Synacor not me.
Ahh, I get it.. Well, whoever is tagging that has a broken
trusted_networks. Their winding up with verizon's mailserver being
considered internal, and thus SA is seeing the message as if my home PC
was direct-delivering to your network.
Having the _DUL tests fire off on properly relayed mail is a sure-fire
sign that SA's trust-path is over-trusting.
My guess is they've got their inbound mailservers static NATed, and SA
by default assumes (guesses) that all private-range IP's are internal,
plus the first non-private. This guess breaks down when the inbound MX
is private-IP'ed due to static NATing, and here SA winds up thinking
verizon's smarthost is part of the local network when it isn't.