You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Patrick Baldwin <Pa...@studsvik.com> on 2008/03/26 19:01:39 UTC
{SPAM?} Many False Positives
Hi, I have an issue where much of my site's incoming
mail is being tagged as {SPAM?} when it's not.
The mail server here is Sendmail 8.12.5 on SunOS 5.8,
and it's happening with a variety of mail clients.
I'm looking to figure out where this {$SPAM} tag is coming
from. I've gone through the docs on the site and the archive,
and it seems like this should be in my local.cf, but I don't see
what entry I have that's doing this.
I'd also like to figure out how to get this to stop, as it's making
for unhappy users.
As far as I know, nothing has changed on my systems with regard
to Spamassassin, but this just started up today.
I've been trying Google for answers for the past few hours, but no
luck; I suspect I may not even know the right question to ask.
Any help much appreciated.
My main.rc file:
$ more main.rc
:0
* ^To: <postmaster
| /usr/local/bin/dmail +Postmaster
:0
* ^X-yoursite-MailScanner-SpamCheck: spam
| /usr/local/bin/dmail +spamassassin
:0
* ^X-yoursite-MailScanner: Found to be infected
| /usr/local/bin/dmail +spamassassin
:0
| /usr/local/bin/dmail
My spamassassin.procmail.rc:
$ more spamassassin.procmail.rc
:0fw
| /usr/local/bin/spamassassin -P
:0
* ^X-Spam-Status: Yes
| /usr/local/bin/dmail +spamassassin
The part of my local.cf file that isn't a whitelist:
blacklist_from *@*mailsubs.com
blacklist_from *@*cheetahmail.com
blacklist_from *@*chtah.com
blacklist_from *@*shinbiro.com
blacklist_from *@*azoogle.com
blacklist_from *@*whatsnew-mail.com
blacklist_from *@*ventrikulumspectoum.com
blacklist_from *@*globalgreat-deals.com
blacklist_from *@*trackingclicks.com
blacklist_from *@*lesbianseagulls.net
blacklist_from *@*home.nl
blacklist_from *@*ew01.com
blacklist_from *@virtumundo.com
blacklist_from *@vm-mail.com
blacklist_from *@abbasiapacific.com.sg
score FORGED_HOTMAIL_RCVD 2.5
score CTYPE_JUST_HTML 0.3
body FORTRAN_100 / INTEGER/
describe FORTRAN_100 looking for FORTRAN source
score FORTRAN_100 -15.0
body FORTRAN_101 / SUBROUTINE/
describe FORTRAN_101 looking for FORTRAN source
score FORTRAN_101 -15.0
score HTTP_EXCESSIVE_ESCAPES 105
score ALL_TRUSTED 0.000 0.000 0.000 0.000
score URIBL_AB_SURBL 0 4.000 0 4.000
score URIBL_OB_SURBL 0 4.000 0 4.000
score URIBL_PH_SURBL 0 4.000 0 4.000
score URIBL_SBL 0 4.000 0 4.000
score URIBL_SC_SURBL 0 4.000 0 4.000
score URIBL_WS_SURBL 0 4.000 0 4.000
score RCVD_ILLEGAL_IP 4.000 4.000 4.000 4.000
score RCVD_IN_BL_SPAMCOP_NET 0 4.000 0 4.000
score RCVD_IN_NJABL_DUL 0 2.000 0 2.000
score RCVD_IN_SORBS_DUL 0 2.000 0 2.000
--
Patrick Baldwin
Systems Administrator
Studsvik Scandpower
617-965-7455
Re: {SPAM?} Re: {SPAM?} Many False Positives
Posted by Patrick Baldwin <Pa...@studsvik.com>.
Mike Jackson wrote:
>> Hi, I have an issue where much of my site's incoming
>> mail is being tagged as {SPAM?} when it's not.
>
> You're using MailScanner. It's probably in there. Look if you're still
> using ORDB. :-)
>
>
That was it, thanks.
--
Patrick Baldwin
Systems Administrator
Studsvik Scandpower
617-965-7455
Re: {SPAM?} Many False Positives
Posted by Mike Jackson <mj...@barking-dog.net>.
> Hi, I have an issue where much of my site's incoming
> mail is being tagged as {SPAM?} when it's not.
You're using MailScanner. It's probably in there. Look if you're still
using ORDB. :-)
Re: {SPAM?} Many False Positives
Posted by John Hardin <jh...@impsec.org>.
On Wed, 26 Mar 2008, Patrick Baldwin wrote:
> Hi, I have an issue where much of my site's incoming
> mail is being tagged as {SPAM?} when it's not.
>
> I'm looking to figure out where this {$SPAM} tag is coming
> from.
Please post the full message headers from a false positive so that we can
get an idea which rules are hitting.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Microsoft is not a standards body.
-----------------------------------------------------------------------
18 days until Thomas Jefferson's 265th Birthday