SpamAssassin 2.30

Julian Field jkf at ecs.soton.ac.uk
Sat Jun 15 17:59:49 IST 2002 

At 17:06 15/06/2002, you wrote:
>Here is another false positive. This time quite
>strange since it is a logwatch message from one of my machines
>just a couple of iptables log entries.

Try the patch I just sent you and see if it improves things.

However, note that message would not have been whitelisted as it really
came from <root at cedric.DMS.UMontreal.CA> and that name doesn't match any of
your whitelist.conf entries. It's the real envelope address (which has been
put in the Return-Path header for your convenience), not anything that
someone/something happened to put in the To header.


>First here is my whitelist.conf
>
> > cat spam.whitelist.conf
># This is a list of email addresses (with an @ sign in them) or entire email
># domains (without an @ sign in them) from which you will accept mail
>without
># ever marking it as spam.
>#jkf at ecs.soton.ac.uk
>#JulianField.net
>lists.sourceforge.net
>umontreal.ca
>crm.umontreal.ca
>UMontreal.CA
>DMS.UMontreal.CA
>dms.umontreal.ca
>spamassassin-talk at lists.sourceforge.net
>DAA.UMontreal.CA
>
>Here is the message that I just got.
>
> From - Sat Jun 15 12:01:33 2002
>X-Mozilla-Status: 0001
>X-Mozilla-Status2: 00000000
>Return-Path: <root at cedric.DMS.UMontreal.CA>^M
>Received: from cedric.DMS.UMontreal.CA (cedric.DMS.UMontreal.CA
>[132.204.53.52])^M
>         by euler.DMS.UMontreal.CA (8.11.4/8.11.4) with ESMTP id
>g5FG00t13045^M
>         for <root at euler.DMS.UMontreal.CA>; Sat, 15 Jun 2002 12:00:00
>-0400 (EDT)^M
>Received: (from root at localhost)^M
>         by cedric.DMS.UMontreal.CA (8.11.6/8.11.6) id g5FG00L22843^M
>         for root; Sat, 15 Jun 2002 12:00:00 -0400^M
>Date: Sat, 15 Jun 2002 12:00:00 -0400^M
>From: <root at cedric.DMS.UMontreal.CA>^M
>Message-Id: <200206151600.g5FG00L22843 at cedric.DMS.UMontreal.CA>^M
>To: root at cedric.DMS.UMontreal.CA^M
>Subject: {SPAM?} cedric.DMS.UMontreal.CA 06/15/02:12.00 system check^M
>X-MailScanner: Found to be clean^M
>X-MailScanner-SpamCheck: SpamAssassin (score=0.3, required 8,
>X_NOT_PRESENT,^M
>         NO_REAL_NAME, UPPERCASE_50_75, SUPERLONG_LINE, FROM_AND_TO_SAME,^M
>         NO_MX_FOR_FROM, AWL)^M
>^M
>^M
>Unusual System Events^M
>=-=-=-=-=-=-=-=-=-=-=^M
>Jun 15 11:38:43 cedric kernel: PUB_IN DROP 4 IN=eth0 OUT=
>MAC=ff:ff:ff:ff:ff:ff:08:00:20:d1:f9:7b:08:00 SRC=132.204.53.40
>DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=1 ID=17664 DF
>PROTO=UDP SPT=48937 DPT=67 LEN=308 ^M
>Jun 15 11:38:46 cedric kernel: PUB_IN DROP 4 IN=eth0 OUT=
>MAC=ff:ff:ff:ff:ff:ff:08:00:20:d1:f9:7b:08:00 SRC=132.204.53.40
>DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=1 ID=17665 DF
>PROTO=UDP SPT=48937 DPT=67 LEN=308 ^M

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list