You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/11/16 23:12:47 UTC
Re: Some default rules (X_MESSAGE_INFO) weighted too heavily
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yeah, if you're using gotmail, you need to disable that rule.
It'll never FP *except* on gotmail mail.
- --j.
Guyang Mao writes:
> To start with, I am using spamassassin as a part of mimedefang, with network
> tests enabled.
>
> And here's my situation:
>
> I have a Hotmail account, through which I'm subscribed to various Microsoft
> mailing lists such as security updates, MSDN information, MCP lists, etc.
> Microsoft's bulk mailer adds a X-Message-Info header. I fetch this mail
> through gotmail, which then stuffs it through
> sendmail/mimedefang/spamassassin.
>
> The matched rule X_MESSAGE_INFO is worth 4.2 points. With the default
> threshold of 5.0, all it usually needs is one other rule to push the mail
> over the limit. One problem is when the piece of mail enters DCC (since
> Microsoft lists have a HUGE distribution their mail is pretty much
> guaranteed to be listed in DCC, as I understand it) and is scored an
> additional 2.2. As far as I can tell DCC does not distinguish between
> potential spam and ham, so while it's useful in most circumstances it's
> really easy to false-positive with this rule.
>
> Another problem is the path Microsoft mail usually takes to hit Hotmail. A
> lot of their mailing list servers seem to take an internal path to the
> Hotmail servers, thus also triggering FORGED_HOTMAIL_RCVD rules, so even if
> the mail does not hit DCC it can also be snagged by this rule.
>
> While I'm happy enough to re-score X_MESSAGE_INFO in my local rules, it
> seems to me that this rule has such a large false-positive potential that
> the scoring should be reconsidered "upstream".
>
> Thanks for your attention.
>
> Guyang Mao
>
> - attached are two examples of false-positived Microsoft mail
> - I have also had Hewlett-Packard mail false-positived by X_MESSAGE_INFO, so
> it's by no means exclusive to Microsoft lists
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFBmntfMJF5cimLx9ARArAiAJ9U6Tq9fR41QFVWfQpSyfXnnf3k1wCfYHBT
O2CB1UEO7P+P7Fbe7bvaxsQ=
=UFCt
-----END PGP SIGNATURE-----