Results 1 to 2 of 2

Thread: Seemingly invalid spam triggers

  1. #1
    halfgaar's Avatar
    halfgaar is offline Active Member
    Join Date
    Dec 2009
    Location
    Netherlands
    Posts
    47
    Rep Power
    5

    Default Seemingly invalid spam triggers

    Hi,

    I've been noticing some extra false positives in my and others' spam box. It seems that a lot of the spamassassin triggers are invalid. When I send a mail to myself using the webinterface, it triggers 6.066 out 6.6 required (!):


    • BAYES_50=0.8; can live with that.
    • HELO_NO_DOMAIN=0.001; can live with that.
    • HTML_MESSAGE=0.001; can live with that.
    • RCVD_IN_PBL=3.335; for clarity, this is the spamhaus policy blocklist, the list that defines IP's that are not allowed to relay mail. Below are all the headers. The only IP address is my home IP, in the X-Originating-IP header. Is that the one spamassassin uses? That seems very weird, because a great deal of internet providers put their networks on that list. Also, the rule is called RCVD_IN_PBL, not X-Originating-IP_IN_PBL... And the IP's in the received headers are not in PBL (I checked).
    • RDNS_NONE=0.793; This is not true. The IP of the server (83.137.146.229) resolves to meel.halfgaar.net. And the X-Originating-IP header, if that is looked at, resolves to ip4da4239a.direct-adsl.nl.
    • TO_EQ_FM_DIRECT_MX=1.136; Can't really find what that is.


    Code:
    Return-Path: wiebe@halfgaar.net
    Received: from meel.halfgaar.net (LHLO meel.halfgaar.net) (83.137.146.229)
     by meel.halfgaar.net with LMTP; Mon, 9 May 2011 22:23:13 +0200 (CEST)
    Received: from localhost (localhost [127.0.0.1])
    	by meel.halfgaar.net (Postfix) with ESMTP id CE1681820DF
    	for <wiebe@halfgaar.net>; Mon,  9 May 2011 22:23:13 +0200 (CEST)
    X-Virus-Scanned: amavisd-new at halfgaar.net
    X-Spam-Flag: NO
    X-Spam-Score: 6.066
    X-Spam-Level: ******
    X-Spam-Status: No, score=6.066 tagged_above=-10 required=6.6
    	tests=[BAYES_50=0.8, HELO_NO_DOMAIN=0.001, HTML_MESSAGE=0.001,
    	RCVD_IN_PBL=3.335, RDNS_NONE=0.793, TO_EQ_FM_DIRECT_MX=1.136]
    	autolearn=no
    Received: from meel.halfgaar.net ([127.0.0.1])
    	by localhost (meel.halfgaar.net [127.0.0.1]) (amavisd-new, port 10024)
    	with ESMTP id IK7ILKP5zu0s for <wiebe@halfgaar.net>;
    	Mon,  9 May 2011 22:23:13 +0200 (CEST)
    Received: from meel.halfgaar.net (meel.halfgaar.net [83.137.146.229])
    	by meel.halfgaar.net (Postfix) with ESMTP id 5A2121820DD
    	for <wiebe@halfgaar.net>; Mon,  9 May 2011 22:23:13 +0200 (CEST)
    Date: Mon, 09 May 2011 22:23:13 +0200 (CEST)
    From: Wiebe Cazemier <wiebe@halfgaar.net>
    To: wiebe@halfgaar.net
    Subject: asdf
    Message-ID: <e89a0798-23e6-4a5e-b394-4993d53fd33b@meel>
    Content-Type: multipart/alternative;
     boundary="=_e95f2139-b2c5-455c-8872-4b327f4e7c5e"
    MIME-Version: 1.0
    X-Originating-IP: [77.164.35.154]
    X-Mailer: Zimbra 7.1.0_GA_3140 (ZimbraWebClient - FF3.0 (Linux)/7.1.0_GA_3140)
    What's up with this?

    (edit: I even found a daily mail report in my spam...)

    edit2: I disabled the "Add x-originating-ip" in the admin settings, and now my mails get a nice score of -2.899. But I don't get it. This score is when I send mail from my mobile, over port 465. My mobile IP is in the received header now, and that IP is on the PBL, but it is not triggered... It's kind of weird that it is not triggered now, but it is when it's in x-originating-ip... Is this a bug in spamassassin?
    Last edited by halfgaar; 05-09-2011 at 02:11 PM.

  2. #2
    ewilen's Avatar
    ewilen is offline Moderator
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    8

    Default

    Bug 44384 &ndash; Bypass SA for emails sent from internal ZWC users (or provide a way to score them) answers some of your questions. For the others, you should check the spamassassin documention, or look for some SA-specific forum/mailing list, or try parsing the rules yourself.

    There are some rules that tend to generate false positives--see spamassassin bugzilla for that.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Spam/Not Spam seemingly does nothing
    By amnesia in forum Users
    Replies: 6
    Last Post: 02-23-2011, 09:03 AM
  2. Help mail server broadcast spam
    By sh1n_b3 in forum Administrators
    Replies: 0
    Last Post: 01-19-2011, 07:44 PM
  3. Problem receiving spam with invalid "FROM"
    By mickier in forum Administrators
    Replies: 1
    Last Post: 01-12-2011, 01:20 AM
  4. Problem with Mail Server - Need help!
    By joeleo in forum Installation
    Replies: 2
    Last Post: 03-04-2008, 12:03 PM
  5. Inconsistent Zimbra install behaviour
    By mkolbjor in forum Installation
    Replies: 2
    Last Post: 02-07-2008, 03:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •