spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lawren Quigley-Jones <lquig...@athenium.com>
Subject injected headers are triggering dns whitelists
Date Fri, 17 Sep 2010 14:55:11 GMT
I've been repeatedly running into problems where dns white-lists have 
been causing false negatives in spam.  Valid looking headers are being 
injected at the beginning of emails which are tripping dns whitelists 
(see below).  As a result I've been slowly disabling dns whitelist rules:
score HABEAS_ACCREDITED_COI 0
score HABEAS_ACCREDITED_SOI 0
score RCVD_IN_DNSWL_MED 0
score RCVD_IN_BSP_TRUSTED 0
score RCVD_IN_DNSWL_HI 0

I'm running SpamAssassin on ubuntu hardy: spamassassin 3.2.4-1ubuntu1.2

   Has anyone else been seeing this?  Is this a mis-configuration on my 
part?  Is there anything I can do to get SpamAssassin to check only the 
last header and ignore anything below that?

===============================================

Return-Path: <alienatespbz86@robinsins.com>
Received: from murder ([unix socket])
	 (authenticated user=postmaster bits=0)
	 by myservername (Cyrus v2.2.13-Debian-2.2.13-13ubuntu3) with LMTPA;
	 Fri, 17 Sep 2010 10:15:14 -0400
X-Sieve: CMU Sieve 2.2
Received: from X98.bbn07-081.lipetsk.ru (unknown [178.234.81.98])
	by myservername.athenium.com (Postfix) with ESMTP id D53E41D40B0
	for <abuse@athenium.com>; Fri, 17 Sep 2010 10:15:12 -0400 (EDT)
Received: from svtmail04.prod.sabre.com (svtmail00.prod.sabre.com 
[151.193.64.1])
	by server42.appriver.com with esmtp
	id 3651BD-000812-22
	for abuse@athenium.com; Fri, 17 Sep 2010 18:15:01 +0300
Received: from microsof56e61a (10.208.60.9:76737) by 
svtmail09.prod.sabre.com (LSMTP for Windows NT v1.1b) with SMTP id 
<9.649BF50B@svtmail08.prod.sabre.com>; Fri, 17 Sep 2010 18:15:01 +0300
Date: Fri, 17 Sep 2010 18:15:01 +0300
From: "Jerry Burton" <alienatespbz86@robinsins.com>
To: abuse@athenium.com
Message-ID: <94685159.45679744792947233404.JavaMail.ita@microsof56e61a>
Subject: Re: Vacation
MIME-Version: 1.0
Content-Type: multipart/mixed;
   boundary="----=_Part_7403571_82314638.3159918817094"
X-Virus-Scanned: clamav-milter 0.95.3 at myservername
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_99,HTML_MESSAGE,
	RCVD_IN_DNSWL_HI,SPF_SOFTFAIL,UNPARSEABLE_RELAY autolearn=no version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
	myservername.xxx.athenium.com

====================================================

Mime
View raw message