Whitelist Issue

Jules Field MailScanner at ecs.soton.ac.uk
Tue Sep 22 20:02:59 IST 2009 

Looks like it is exceeding the "High SpamAssassin Score" and therefore 
getting handled by the "High-Scoring Spam Actions" instead of the "Spam 
Actions". There are by default 3 states a message can get into: normal, 
spam and "high-spam". Check the path through your config actions for 
high-scoring spam messages.

On 22/09/2009 18:06, Phil Udel wrote:
>   -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Scott Silva
> Sent: Tuesday, September 22, 2009 12:26 PM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Whitelist Issue
>
> on 9-22-2009 6:15 AM Phil Udel spake the following:
>    
>> Hi. I am running Sendmail with MailScanner 4.65.3. I use the
>> spam.whitelist.rules table to store my entries.
>> Every once and awhile I will get a Mail that has a high SA score and
>> should be blocked but it is white listed instead.
>> There are no entries for the IP or the domain in the table that would
>> allow this email to be whitelisted but it gets white listed anyway.
>> Any ideas Why?
>>
>>
>> Show a complete set of log entries for one of these and we will try to
>>      
> explain it.
>
> Here is the Maillog
> Sep 21 10:06:35 mail MailScanner[30006]: Message n8LE6QRn025223 from
> 200.159.85.
> 82 (soliditytj4 at researchtalk.com) to salemcorp.com is not spam
> (whitelisted), Sp
> amAssassin (not cached, score=34.648, required 2, autolearn=spam, BAYES_99
> 3.50,
>   FH_HELO_EQ_D_D_D_D 0.00, HELO_DYNAMIC_IPADDR2 4.39, HTML_MESSAGE 0.50,
> RAZOR2_C
> F_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK 0.50,
> RCVD_IN_
> BL_SPAMCOP_NET 5.00, RCVD_IN_SORBS_WEB 2.00, RCVD_IN_XBL 3.03, RDNS_DYNAMIC
> 2.00
> , TVD_RCVD_IP 1.93, URIBL_BLACK 5.00, URIBL_JP_SURBL 1.50, URIBL_PH_SURBL
> 1.79,
> URIBL_WS_SURBL 1.50)
> Sep 21 10:06:35 mail MailScanner[30006]: Virus and Content Scanning:
> Starting
> Sep 21 10:07:23 mail sendmail[25485]: n8LE6QRn025223:
> to=XXXXXXXXXX at Salemcorp.com,
>   delay=00:00:55, xdelay=00:00:01, mailer=local, pri=122627, dsn=2.0.0,
> stat=Sent
> Sep 21 10:07:23 mail sendmail[25485]: n8LE6QRn025223:
> to=XXXXXXX at att.blackberr
> y.net, delay=00:00:55, xdelay=00:00:00, mailer=esmtp, pri=122627,
> relay=mx04.bis
> .na.blackberry.com. [216.9.248.35], dsn=2.0.0, stat=Sent (ok:  Message
> 118378703
>   accepted)
>
> Neather the IP 200.159.85.82 or Domain name researchtalk.com are in the
> whitelist table.
>
>
>
>    

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list