You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Paul Ryan <pr...@iexposure.com> on 2006/06/28 18:26:44 UTC

Whitelisted, but still marked spam?!

List -
I did quite a bit of searching, but didn't find anything relevant.  
Basically I have a user on a mailing list that is getting an email which 
they do receive but it's marked as spam in the subject.  I've placed the 
sender in the manual whitelist (local.cf), but it doesn't work, it still 
rewrites the subject.  Below I've included relevant info, but have 
change the names and locations to protect the innocent.  You can see it 
gets a score of 5.1/5.0 despite the hits being -98.509.  The user is 
still getting the email, so functionally it's not a 'problem', but I 
don't understand why it's doing this and where it's catching it.

TIA for taking a look.

System:
SpamAssassin version 3.0.4
running on Perl version 5.8.6
Linux 2.6.8.1-24mdksmp #1 SMP Thu Jan 13 23:11:43 MST 2005 i686 Pentium 
III (Coppermine) unknown GNU/Linux - actually Mandriva

Email Header:
Return-Path: <ma...@abc.de>
Received: from localhost (trident.my-domain.com [xxx.yyy.zzz.4])
   by mail.my-domain.com (Postfix) with ESMTP id 8AB5C4FB30
   for <ju...@my-domain.com>; Tue, 27 Jun 2006 05:33:49 -0500 (CDT)
Received: from mail.my-domain.com ([xxx.yyy.zzz.1])
by localhost (trident.my-domain.com [xxx.yyy.zzz.4]) (amavisd-new, port
10025)
with LMTP id 19482-02-9 for <ju...@my-domain.com>;
Tue, 27 Jun 2006 05:33:47 -0500 (CDT)
Received: from rydia.2square.com (unknown [###.###.###.###])
   by mail.my-domain.com (Postfix) with ESMTP id D6D894FB19
   for <ju...@my-domain.com>; Tue, 27 Jun 2006 05:33:43 -0500 (CDT)
Authentication-Results: rydia.2square.com
   smtp.mail=mailing_list@abc.de; ip-match=fail
Authentication-Results: rydia.2square.com
   header.from=mailing_list@abc.de; domainkeys= (no key)
Received: from mail.abc.net (mail.abc.de [###.###.###.###])
   by rydia.2square.com (rydia.2square.com)
   (MDaemon.PRO.v8.1.3.R)
   with ESMTP id md50000011711.msg
   for <lo...@eiwioq-eiwn.com>; Tue, 27 Jun 2006 05:34:01 -0500
Received: (qmail 16011 invoked by alias); 27 Jun 2006 10:33:31 -0000
Delivered-To: GMX delivery to gnrletter%mailing_list@abc.de
Received: (qmail 15662 invoked by uid 0); 27 Jun 2006 10:33:29 -0000
Received: from 80.135.191.239 by www086.abc.net with HTTP;
Tue, 27 Jun 2006 12:33:30 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Date: Tue, 27 Jun 2006 12:33:30 +0200
From: mailing_list@abc.de
Message-ID: <20...@abc.net>
MIME-Version: 1.0
Subject: [***SPAM*** Score/Req: 05.1/5.0] GN'R 452 / AXL STILL UNDER ARREST
To: gnrletter%mailing_list@abc.de
X-Authenticated: #6748436
X-Mailer: WWW-Mail 6100 (Global Message Exchange)
X-Priority: 3
Content-Transfer-Encoding: 8bit
X-Lookup-Warning: MAIL lookup on mailing_list@abc.de does not match
###.###.###.###
X-MDRcpt-To: loretian@eiwioq-eiwn.com
X-Rcpt-To: loretian@eiwioq-eiwn.com
X-MDRemoteIP: 213.165.64.21
X-Return-Path: mailing_list@abc.de
X-Spam-Prev-Subject: GN'R 452 / AXL STILL UNDER ARREST
X-Spam-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:03 -0500
X-MDAV-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:04 -0500
X-MDRedirect: 1
X-MDaemon-Deliver-To: juser@my-domain.com
X-Virus-Scanned: amavisd-new at my-domain.com


Mail Log:
Jun 27 05:33:53 trident amavis[19482]: (19482-02-9) Passed     CLEAN , 
[###.###.###.###] <ma...@abc.de> -> <ju...@my-domain.com>  , 
Message-ID: <20...@abc.net>  , Hits: -98.509 , 
tests=AWL,BAYES_20,BIZ_TLD,NO_REAL_NAME,USER_IN_WHITELIST

RE: Whitelisted, but still marked spam?!

Posted by Gary V <mr...@hotmail.com>.

>List -
>I did quite a bit of searching, but didn't find anything relevant.  
>Basically I have a user on a mailing list that is getting an email which 
>they do receive but it's marked as spam in the subject.  I've placed the 
>sender in the manual whitelist (local.cf), but it doesn't work, it still 
>rewrites the subject.  Below I've included relevant info, but have change 
>the names and locations to protect the innocent.  You can see it gets a 
>score of 5.1/5.0 despite the hits being -98.509.  The user is still getting 
>the email, so functionally it's not a 'problem', but I don't understand why 
>it's doing this and where it's catching it.
>
>TIA for taking a look.
>
>System:
>SpamAssassin version 3.0.4
>running on Perl version 5.8.6
>Linux 2.6.8.1-24mdksmp #1 SMP Thu Jan 13 23:11:43 MST 2005 i686 Pentium III 
>(Coppermine) unknown GNU/Linux - actually Mandriva
>
>Email Header:
>Return-Path: <ma...@abc.de>
>Received: from localhost (trident.my-domain.com [xxx.yyy.zzz.4])
>   by mail.my-domain.com (Postfix) with ESMTP id 8AB5C4FB30
>   for <ju...@my-domain.com>; Tue, 27 Jun 2006 05:33:49 -0500 (CDT)
>Received: from mail.my-domain.com ([xxx.yyy.zzz.1])
>by localhost (trident.my-domain.com [xxx.yyy.zzz.4]) (amavisd-new, port
>10025)
>with LMTP id 19482-02-9 for <ju...@my-domain.com>;
>Tue, 27 Jun 2006 05:33:47 -0500 (CDT)
>Received: from rydia.2square.com (unknown [###.###.###.###])
>   by mail.my-domain.com (Postfix) with ESMTP id D6D894FB19
>   for <ju...@my-domain.com>; Tue, 27 Jun 2006 05:33:43 -0500 (CDT)
>Authentication-Results: rydia.2square.com
>   smtp.mail=mailing_list@abc.de; ip-match=fail
>Authentication-Results: rydia.2square.com
>   header.from=mailing_list@abc.de; domainkeys= (no key)
>Received: from mail.abc.net (mail.abc.de [###.###.###.###])
>   by rydia.2square.com (rydia.2square.com)
>   (MDaemon.PRO.v8.1.3.R)
>   with ESMTP id md50000011711.msg
>   for <lo...@eiwioq-eiwn.com>; Tue, 27 Jun 2006 05:34:01 -0500
>Received: (qmail 16011 invoked by alias); 27 Jun 2006 10:33:31 -0000
>Delivered-To: GMX delivery to gnrletter%mailing_list@abc.de
>Received: (qmail 15662 invoked by uid 0); 27 Jun 2006 10:33:29 -0000
>Received: from 80.135.191.239 by www086.abc.net with HTTP;
>Tue, 27 Jun 2006 12:33:30 +0200 (CEST)
>Content-Type: text/plain; charset="utf-8"
>Date: Tue, 27 Jun 2006 12:33:30 +0200
>From: mailing_list@abc.de
>Message-ID: <20...@abc.net>
>MIME-Version: 1.0
>Subject: [***SPAM*** Score/Req: 05.1/5.0] GN'R 452 / AXL STILL UNDER ARREST
>To: gnrletter%mailing_list@abc.de
>X-Authenticated: #6748436
>X-Mailer: WWW-Mail 6100 (Global Message Exchange)
>X-Priority: 3
>Content-Transfer-Encoding: 8bit
>X-Lookup-Warning: MAIL lookup on mailing_list@abc.de does not match
>###.###.###.###
>X-MDRcpt-To: loretian@eiwioq-eiwn.com
>X-Rcpt-To: loretian@eiwioq-eiwn.com
>X-MDRemoteIP: 213.165.64.21
>X-Return-Path: mailing_list@abc.de
>X-Spam-Prev-Subject: GN'R 452 / AXL STILL UNDER ARREST
>X-Spam-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:03 -0500
>X-MDAV-Processed: rydia.2square.com, Tue, 27 Jun 2006 05:34:04 -0500
>X-MDRedirect: 1
>X-MDaemon-Deliver-To: juser@my-domain.com
>X-Virus-Scanned: amavisd-new at my-domain.com
>
>
>Mail Log:
>Jun 27 05:33:53 trident amavis[19482]: (19482-02-9) Passed     CLEAN , 
>[###.###.###.###] <ma...@abc.de> -> <ju...@my-domain.com>  , 
>Message-ID: <20...@abc.net>  , Hits: -98.509 , 
>tests=AWL,BAYES_20,BIZ_TLD,NO_REAL_NAME,USER_IN_WHITELIST

It appears the subject line was rewriten by rydia.2square.com before it 
reached your system.

Gary V

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/