Large emails being tagged as spam - false positives
Glenn Steen
glenn.steen at gmail.com
Thu Sep 28 15:28:40 IST 2006
On 28/09/06, Gordon Colyn <gordon at itnt.co.za> wrote:
> Here is an example, a legitimate 6.9M email that is classified as spam;
>
> cached not
> score=8.424
> 8 required
> -3.00 BAYES_00 Bayesian spam probability is 0 to 1%
> 0.14 FORGED_RCVD_HELO Received: contains a forged HELO
> 0.00 HTML_MESSAGE HTML included in message
> 1.82 MISSING_SUBJECT Missing Subject: header
> 2.60 RCVD_IN_DSBL Received via a relay in list.dsbl.org
> 1.95 RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
> 0.72 RCVD_IN_NJABL_PROXY NJABL: sender is an open proxy
> 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
> 2.16 RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
Uh, Gordon... These are tagged due to them being on several blackhole
lists (since they are mailing with a MTA on a box that has a dialup
type IP address), not because of size.
Either get them to wise up (why not suggest to them that they set a
meaningful Subject? Or see to it that they send "from their ISPs"
mailserver, and not from a dialup), or do something about their
general scoring... If they post SPF info, try doing a
def_whitelist_from_spf in local.cf ... else, you might set them in
your def_whitelist_from_rcvd (same place, different settings:). These
two latter ones aren't likely to be very possible with dynamic
addresses like that, but... who knows, or rather... you know:-).
> If possible I would rather not scan emails larger than 200k or give a large
> mail score of -10 to ensure no flase positives.
Well, as said. _That_ particular thing is _not_ the problem here.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list