Scott, I have been experimenting with some spam headers that our gateway servers (Linux/Postfix/RAV AntiVirus) can add to potential spam messages. One of the following four message headers can be added to a message based on spam accuracy (or no header if the messages in not suspected of being spam):
X-RAV-Bulk: RAV AntiVirus classifies this e-mail as possible spam (accuracy low) X-RAV-Signature: FD532815A6484045B6E0C394EE0A9E8B X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy medium) X-RAV-Signature: C07E06C3C9571C319503D70D526AE502 X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy high) X-RAV-Signature: 5F08B13CA5FD57F97700E6B5EC7ABDDE X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy very high) X-RAV-Signature: 0ED9D76FF782A37454E6F49CB13E25E5 I have the following entries in my filter file: HEADERS 2 CONTAINS (accuracy low) HEADERS 3 CONTAINS (accuracy medium) HEADERS 4 CONTAINS (accuracy high) HEADERS 5 CONTAINS (accuracy very high) However, I have noticed that whenever these headers are added to an e-mail message and tagged by the filter file, that none of the ip4r tests get run on these messages--at least no ip4r tests get logged in the log file nor do any show up in the headers. All other tests get run (rhsbl, BADHEADERS, BASE64,HELOBOGUS, HEUR7, IPNOTINMX, MAILFROM, PERCENT, REVDNS, ROUTING, SPAMHEADERS), e.g.: X-RAV-Bulk: RAV AntiVirus classifies this e-mail as spam (accuracy very high) X-RAV-Signature: 6F81A20DA97F60839E0F6A4E494A49C5 X-CYBERsitter-NoXMail: FAILED - Score Adult: 0 (Req: 17) Spam: 50 (Req: 17) Tot: 50 (Req: 20) X-CYBERsitter-SpoolFile: D8d50009c03c8a23d.SMD X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: HELOBOGUS: Domain userid has no MX or A records. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (2409) X-RBL-Warning: CYBERSITTER: Message failed CYBERSITTER: 50. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 63. X-Declude-Sender: [EMAIL PROTECTED] [] X-Note: This e-mail was filtered for spam by HealthKnowledge's JunkMail Service X-Spam-Tests-Failed: NOPOSTMASTER, HELOBOGUS, IPNOTINMX, WORDFILTER, CYBERSITTER, SNIFFER, WEIGHT10 X-Note: Total spam test weight: 36 I am trying to figure out what it is about these headers that would prevent Declude from running the ip4r tests. It does not appear that other entries in the filter file prevent the ip4r tests from running. I can send you message samples and log files if you would like. Thanks for looking into this. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
