Return-Path: X-Original-To: apmail-spamassassin-users-archive@www.apache.org Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EA87CD6FE for ; Fri, 25 Jan 2013 01:22:17 +0000 (UTC) Received: (qmail 46758 invoked by uid 500); 25 Jan 2013 01:22:15 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 46709 invoked by uid 500); 25 Jan 2013 01:22:15 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 46696 invoked by uid 99); 25 Jan 2013 01:22:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jan 2013 01:22:15 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=10.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [192.1.100.210] (HELO fnord.ir.bbn.com) (192.1.100.210) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jan 2013 01:22:11 +0000 Received: by fnord.ir.bbn.com (Postfix, from userid 10853) id 9A4A8A5A8; Thu, 24 Jan 2013 20:21:49 -0500 (EST) From: Greg Troxel To: users@spamassassin.apache.org Subject: whitelist rules should specify the IP address/domain/etc. OpenPGP: id=32611E25 Date: Thu, 24 Jan 2013 20:21:49 -0500 Message-ID: User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Virus-Checked: Checked by ClamAV on apache.org --=-=-= Content-Type: text/plain I recently got a spam that appears to be certified by returnpath (again, but that's not the point of this mail). The results, from running spamassassin -t, are appended. The DNSWL_NONE hit has the IP address that hit, but the RP_ rules do not. I think it should be policy that any dnsbl hit, positive or negative, but especially negative, should specify the matching data (IP, domain name, etc.). Content analysis details: (-3.5 points, 1.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [167.216.129.184 listed in list.dnswl.org] -3.0 RCVD_IN_RP_CERTIFIED RBL: Sender is in Return Path Certified (trusted relay) [Return Path SenderScore Certified {formerly] [Bonded Sender} - ] -2.0 RCVD_IN_RP_SAFE RBL: Sender is in Return Path Safe (trusted relay) [Return Path SenderScore Safe List (formerly] [Habeas Safelist) - ] 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 RCVD_NOT_IN_IPREPDNS Sender not listed at http://www.chaosreigns.com/iprep/ 0.2 DKIM_FORGED DKIM_FORGED 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.1 KHOP_RCVD_UNTRUST DNS-whitelisted sender is not verified --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (NetBSD) iEYEARECAAYFAlEB3i0ACgkQ+vesoDJhHiWi9wCZAYAWPrcJRVSDhrNv3w2t84n1 DNMAoIV2oMeFmB0f1idZmgxYtXi1iejI =Q58s -----END PGP SIGNATURE----- --=-=-=--