"Is Definitely Spam" rule not working ?

Scott Silva ssilva at sgvwater.com
Fri Feb 1 19:33:48 GMT 2008 

on 2/1/2008 3:56 AM Pascal Maes spake the following:
> 
> Le 01-févr.-08 à 12:38, Julian Field a écrit :
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>>
>> Pascal Maes wrote:
>>> Hello,
>>>
>>>
>>> In MailScanner.conf, we have
>>>
>>> # Spam Blacklist:
>>> # Make this point to a ruleset, and anything in that ruleset whose value
>>> # is "yes" will *always* be marked as spam.
>>> # This value can be over-ridden by the "Is Definitely Not Spam" setting.
>>> # This can also be the filename of a ruleset.
>>> Is Definitely Spam = %rules-dir%/spam_blacklist.rules #was no
>>>
>>>
>>> In spam_blacklist.rules, we have :
>>>
>>> From:           66.63.168.                              yes
>>>
>>> FromOrTo:       default                                 no
>>>
>>>
>>>
>>> As this rule could be over-ridden, I check that
>>>
>>> Is Definitely Not Spam = %rules-dir%/spam_whitelist.rules
>>>
>>> the file spam_whitelist.rules doesn't contain anything about that
>>> domain or IP or the recipient
>>>
>>>
>>> Then, I wonder why the following mail was not tagged as SPAM
>>>
>>> Received: from smtp4.sgsi.ucl.ac.be ([10.1.5.4])
>>> by mmp.sipr-dc.ucl.ac.be (Sun Java(tm) System Messaging Server
>>> 6.3-4.01 (built
>>> Aug  3 2007; 32bit)) with ESMTP id
>>> <0JVI00FQIWFSZ240 at mmp.sipr-dc.ucl.ac.be>
>>> for <email_address> (ORCPT email_address); Thu,
>>> 31 Jan 2008 20:21:28 +0100 (CET)
>>> Received: from smtp4.sgsi.ucl.ac.be (localhost.localdomain [127.0.0.1])
>>> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP id 4C027EFA3D    for
>>> <email_address>; Thu, 31 Jan 2008 20:21:38 +0100 (CET)
>>> Received: from rssl2.mytravfolks.com (unknown [66.63.168.38])
>>> by smtp4.sgsi.ucl.ac.be (Postfix) with ESMTP    for <email_address>; 
>>> Thu,
>>> 31 Jan 2008 20:21:38 +0100 (CET)
>>> Received: by rssl2.mytravfolks.com (qmail 412 by uid 77) id
>>> hk8fra01g741; Thu,
>>> 31 Jan 2008 14:19:07 -0500
>>> Date: Thu, 31 Jan 2008 14:18:49 -0500
>>> Date: Thu, 31 Jan 2008 14:18:48 -0500 (EST)
>>> From: Travel Offers <Travel-Offers at mytravfolks.com>
>>> X-SGSI-MailScanner: Found to be clean
>>> X-SGSI-SpamCheck: NotSpam, SpamAssassin (not cached,    score=3.5,
>>> requis 5, BOTNET_BADDNS 3.00, BOTNET_SOHO 0.50)
>> Because it scored 3.5 where the required score is 5.
>>>
>>> X-SGSI-Spam-Score: sss
>>> X-SGSI-From: travel-offers at mytravfolks.com
>>> X-SGSI-Spam-Status: No
>>>
>>> -- 
>>> Pascal
>>>
>>>
>>>
>>
>> Jules
>>
> 
> yes but as we have the header
> 
> Received: from rssl2.mytravfolks.com (unknown [66.63.168.38])
> 
> which matches the rule in spam_blacklist.rules
> 
> From:           66.63.168.                              yes
> 
> The message should have been tagged Spam
> 
> 
> -- 
> Pascal
> 
> 
> 
Do those rules check all received headers, or just the last one received from?
Julian would know for sure.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080201/4e532a36/signature.bin

More information about the MailScanner mailing list