"Is Definitely Spam" rule not working ?

Pascal Maes pascal.maes at elec.ucl.ac.be
Fri Feb 1 11:56:59 GMT 2008 

Le 01-févr.-08 à 12:38, Julian Field a écrit :

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Pascal Maes wrote:
>> Hello,
>>
>>
>> In MailScanner.conf, we have
>>
>> # Spam Blacklist:
>> # Make this point to a ruleset, and anything in that ruleset whose  
>> value
>> # is "yes" will *always* be marked as spam.
>> # This value can be over-ridden by the "Is Definitely Not Spam"  
>> setting.
>> # This can also be the filename of a ruleset.
>> Is Definitely Spam = %rules-dir%/spam_blacklist.rules #was no
>>
>>
>> In spam_blacklist.rules, we have :
>>
>> From:           66.63.168.                              yes
>>
>> FromOrTo:       default                                 no
>>
>>
>>
>> As this rule could be over-ridden, I check that
>>
>> Is Definitely Not Spam = %rules-dir%/spam_whitelist.rules
>>
>> the file spam_whitelist.rules doesn't contain anything about that
>> domain or IP or the recipient
>>
>>
>> Then, I wonder why the following mail was not tagged as SPAM
>>
>> Received: from smtp4.sgsi.ucl.ac.be ([10.1.5.4])
>> by mmp.sipr-dc.ucl.ac.be (Sun Java(tm) System Messaging Server
>> 6.3-4.01 (built
>> Aug  3 2007; 32bit)) with ESMTP id
>> <0JVI00FQIWFSZ240 at mmp.sipr-dc.ucl.ac.be>
>> for <email_address> (ORCPT email_address); Thu,
>> 31 Jan 2008 20:21:28 +0100 (CET)
>> Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain  
>> [127.0.0.1])
>> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4C027EFA3D    for
>> <email_address>; Thu, 31 Jan 2008 20:21:38 +0100 (CET)
>> Received: from rssl2.mytravfolks.com (unknown [66.63.168.38])
>> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP    for  
>> <email_address>; Thu,
>> 31 Jan 2008 20:21:38 +0100 (CET)
>> Received: by rssl2.mytravfolks.com (qmail 412 by uid 77) id
>> hk8fra01g741; Thu,
>> 31 Jan 2008 14:19:07 -0500
>> Date: Thu, 31 Jan 2008 14:18:49 -0500
>> Date: Thu, 31 Jan 2008 14:18:48 -0500 (EST)
>> From: Travel Offers <Travel-Offers at mytravfolks.com>
>> X-SGSI-MailScanner: Found to be clean
>> X-SGSI-SpamCheck: NotSpam, SpamAssassin (not cached,    score=3.5,
>> requis 5, BOTNET_BADDNS 3.00, BOTNET_SOHO 0.50)
> Because it scored 3.5 where the required score is 5.
>>
>> X-SGSI-Spam-Score: sss
>> X-SGSI-From: travel-offers at mytravfolks.com
>> X-SGSI-Spam-Status: No
>>
>> -- 
>> Pascal
>>
>>
>>
>
> Jules
>

yes but as we have the header

Received: from rssl2.mytravfolks.com (unknown [66.63.168.38])

which matches the rule in spam_blacklist.rules

From:           66.63.168.                              yes

The message should have been tagged Spam


--
Pascal

More information about the MailScanner mailing list