Whitelist problem
Pascal Maes
pascal.maes at elec.ucl.ac.be
Thu Jun 4 14:54:48 IST 2009
Hello again
It works better for the spam whitelist but since I have upgraded to
4.77.9, I have a lot of
The following e-mails were found to have: Other Bad Content Detected
Sender: n.peiffer at foretwallonne.be
IP Address: 130.104.130.103
Recipient: jacob at right-ink.com
Subject: demande de prix
MessageID: A6E81EB22E.00000
Quarantine: /var/spool/MailScanner/quarantine/20090604/A6E81EB22E.00000
Report: MailScanner: Message attempted to kill MailScanner
It's a mail with two attachments,
one tiff : filename=logo_fw.tif
and another pdf : filename="fw97_3-11[arboplant].pdf"
Le 04-juin-09 à 12:46, Julian Field a écrit :
> Upgrade to 4.77 and you should find it works rather better.
>
> On 04/06/2009 10:41, Pascal Maes wrote:
>>
>> Hello,
>>
>> We are using MailScanner version 4.76.25-1
>>
>> In MailScanner.conf, I have :
>>
>> Is Definitely Not Spam = %rules-dir%/spam_whitelist.rules
>>
>> and the file spam_whitelist.rules looks like :
>>
>> > more /opt/MailScanner/etc/rules/spam_whitelist.rules
>> #
>> # Addresses matching in here, with the value
>> # "yes" will never be marked as spam.
>> #
>> #
>>
>> From: 85.201.63.77 yes
>> From: 85.201.63.77/32 yes
>> From: user-85-201-63-77.static.tvcablenet.be yes
>> From: host-85-201-63-77.brutele.be yes
>> From: uclsbs.ucl.lan yes
>> From: macosx-tex-bounces at email.esm.psu.edu yes
>>
>> From: /opt/MailScanner/etc/rules/whitelist.domains yes
>>
>> FromOrTo: default no
>>
>>
>>
>> The file /opt/MailScanner/etc/rules/whitelist.domains contains
>> lines like
>>
>> *@example.com
>> *@*.example.net
>> user at some.domain.come
>>
>>
>> The following message is comming from the server 85.201.63.77 but
>> it is still tagged as spam.
>> Why ?
>>
>>
>> Received: from uclsbs.ucl.lan (host-85-201-63-77.brutele.be
>> [85.201.63.77])
>> by smtp1.sgsi.ucl.ac.be (Postfix) with ESMTP id CD3A2E8AE2 for
>> <responsable-mail at uclouvain.be>; Thu, 04 Jun 2009 11:06:51 +0200
>> (CEST)
>> Date: Thu, 04 Jun 2009 11:06:01 +0200
>> From: Veronique Maekelbergh <xxx at yyy.be>
>> Subject: {Spam?} Test mail
>> To: zzz at yyy.be
>> Message-id: <78AEBC3D06BBD9428F6FC4FAB44118A71776E4 at uclsbs.ucl.lan>
>> MIME-version: 1.0
>> X-MIMEOLE: Produced By Microsoft Exchange V6.5
>> Content-type: multipart/alternative;
>> boundary="Boundary_(ID_kDFY1PEdH5W0kqHpMhDt8A)"
>> Content-class: urn:content-classes:message
>> Thread-topic: Test mail
>> Thread-index: Acnk866wOLlTbHdkQg+C6WRoBjqwuA==
>> X-SGSI-DNSWL: No
>> X-MS-Has-Attach:
>> X-MS-TNEF-Correlator:
>> X-Virus-Scanned: clamav-milter 0.95.1
>> X-Virus-Status: Clean
>> X-SGSI-MailScanner-ID: CD3A2E8AE2.00000
>> X-SGSI-MailScanner: Found to be clean
>> X-SGSI-SpamCheck: polluriel, SpamAssassin (not cached, score=5.812,
>> requis 5,
>> BAYES_00 -1.60, BOTNET 3.00, HELO_LH_HOME 3.71, HTML_MESSAGE 0.00,
>> RDNS_DYNAMIC 0.10, SPF_SOFTFAIL 0.60)
>> X-SGSI-Spam-Score: sssss
>>
>>
>>
>> Thanks
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your boss?
> Contact me!
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
Pascal
More information about the MailScanner
mailing list