Large emails being tagged as spam - false positives
Alex Broens
ms-list at alexb.ch
Fri Sep 29 08:24:12 IST 2006
On 9/29/2006 1:25 AM, Matt Kettler wrote:
> Gordon Colyn wrote:
>> Here is an example, a legitimate 6.9M email that is classified as spam;
>>
>> cached not
>> score=8.424
>> 8 required
>> -3.00 BAYES_00 Bayesian spam probability is 0 to 1%
>> 0.14 FORGED_RCVD_HELO Received: contains a forged HELO
>> 0.00 HTML_MESSAGE HTML included in message
>> 1.82 MISSING_SUBJECT Missing Subject: header
>> 2.60 RCVD_IN_DSBL Received via a relay in list.dsbl.org
>> 1.95 RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP
>> 0.72 RCVD_IN_NJABL_PROXY NJABL: sender is an open proxy
>> 2.05 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
>> 2.16 RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
>>
>
> Question: Have you checked your trust path?
>
> If this message wasn't direct-delivered to your network from a home-user type
> machine, and was properly relayed through an ISP's mailserver, then you likely
> have a broken trust path.
>
just as a side note:
Had MailScanner not scanned this msg, due to its overall size, this FP
(any possibly others) could have been easily avoided.
- Supports the SpamC logic of NOT sending msgs larger than X thru SA -
sorry.. had to let it out...
Alex
More information about the MailScanner
mailing list