You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Tobin <jt...@woh.com> on 2004/09/14 23:11:38 UTC
Cannot whitelist this address
If anyone can help I thank you. I run SA on win32. We use a third party
application which sends emails via SMTP from out DMZ to our mailserver.
The email is generated with a spoofed name and then sent so the headers
are partially fake. SA is detecting this and I cannot find anyway to let
this email through. I have hand-fed it through as ham and also
whitelisted the spoofed address, the IP addres and nothing yet is
working. Could someone give me some insight?
Here is the spam report.
MAIL FROM:<tr...@woh.com>
RCPT TO: <th...@woh.com>
X-GWIA: Thu, 09 Sep 2004 16:34:18 -0400;
localhost.localdomain(36.44.globalspec.com [216.136.44.36])
Received: from localhost.localdomain
(36.44.globalspec.com [216.136.44.36])
by mail.woh.com; Thu, 09 Sep 2004 16:34:18 -0400
To:lthiele@woh.com
From: immigrationpasswords.com
Subject: *****SPAM***** A new General Co. - Global Research Center
employee I-130/I-485
Content-type: text/html
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
eserver305.WOHAlbany.com
X-Spam-Report: * 1.9 DATE_MISSING Missing Date: header * 0.0
RM_hc_HTML Email is text/html format * 1.7 BAYES_80 BODY: Bayesian spam
probability is 80 to 90% * [score: 0.8854] * 0.3 MIME_HTML_ONLY
BODY: Message only has text/html MIME parts * 0.1 HTML_MESSAGE BODY:
HTML included in message * 0.0 RM_rb_ANCHOR BODY: Testing for HTML end
of anchor in emails * 0.0 RM_rb_BODY BODY: Testing for HTML BODY in
emails * 0.0 RM_rb_BREAK BODY: Testing for HTML Break in emails * 0.0
RM_rb_HTML BODY: Testing for HTML tag in emails * 0.6
MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset * 0.1
NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 2.2
MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
X-Spam-Status: Yes, hits=6.9 required=6.5
tests=BAYES_80,DATE_MISSING,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,RM_hc_HTML,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_BREAK,RM_rb_HTML
autolearn=no version=2.63
X-Spam-Level: ******
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
</head>
<body>
Yuko from General Co. - Global Research Center has submitted a new
I-130/I-485 for a new employee
<br><br>
.
<br><br>
You may review and accept this submission by clicking on this link:
<br><br>
<A
HREF="http://216.136.xx.xx/Scripts/TrkrIntake.exeDURANGO1094762210.trk">View
DURANGO I-130/I-485 Intake Questionnaire</A>
</body>
</html>
Josh Tobin
MIS Department
Network Administrator
Whiteman Osterman & Hanna
One Commerce Plaza
Albany, NY 12206
518-487-7634
www.woh.com
Re: Cannot whitelist this address
Posted by Matt Kettler <mk...@evi-inc.com>.
At 05:11 PM 9/14/2004, Tobin wrote:
>If anyone can help I thank you. I run SA on win32. We use a third party
>application which sends emails via SMTP from out DMZ to our mailserver.
>The email is generated with a spoofed name and then sent so the headers
>are partially fake. SA is detecting this and I cannot find anyway to let
>this email through. I have hand-fed it through as ham and also
>whitelisted the spoofed address, the IP addres and nothing yet is
>working. Could someone give me some insight?
Could you post an example of how you went about whitelisting the address?
Exactly?
I'm concerned you've got some problems understanding the config file
format, as there's no way to whitelist an IP address in SA, so I'm
concerned you're running around adding errors to your configfile and SA is
just spitting the whole thing out and ignoring it.
Can you run spamassassin --lint to check the config for errors?