I've been using SA for a few weeks and like it pretty well. It gives me
some occasional false +ives, but not a huge number.
I got a false -ive today that has me scratching my head though. Here are
the headers:
Return-Path: <[EMAIL PROTECTED]>
Received: from cali-2.pobox.com (cali-2.pobox.com [64.71.166.115])
by manatee.mojam.com (8.12.1/8.12.1) with ESMTP id g4E7jSlq013015
for <[EMAIL PROTECTED]>; Tue, 14 May 2002 02:45:28 -0500
Received: from cali-2.pobox.com (localhost.localdomain [127.0.0.1])
by cali-2.pobox.com (Postfix) with ESMTP id 0BBCB3EA83
for <[EMAIL PROTECTED]>; Tue, 14 May 2002 03:45:28 -0400 (EDT)
Delivered-To: [EMAIL PROTECTED]
Received: from mail.python.org (mail.python.org [63.102.49.29])
by cali-2.pobox.com (Postfix) with ESMTP id 9996F3EA79
for <[EMAIL PROTECTED]>; Tue, 14 May 2002 03:45:27 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=mail.python.org)
by mail.python.org with esmtp (Exim 4.02)
id 177Wzu-00060w-00; Tue, 14 May 2002 03:45:26 -0400
Received: from exim by mail.python.org with spamc (Exim 4.02)
id 177WzL-0005s6-00
for [EMAIL PROTECTED]; Tue, 14 May 2002 03:44:51 -0400
Received: from [210.22.158.90] (helo=yahoo.com)
by mail.python.org with smtp (Exim 4.02)
id 177WzH-0005p5-00
for [EMAIL PROTECTED]; Tue, 14 May 2002 03:44:48 -0400
Received: from [16.62.36.206] by rly-xr02.mx.aol.com with local; Sun, 12 May 2002
13:37:47 +1200
Received: from mail.gmx.net ([63.56.48.59])
by a231242.upc-a.chello.nl with esmtp; Sat, 11 May 2002 02:35:23 +0900
Received: from 111.50.61.166 ([111.50.61.166]) by ssymail.ssy.co.kr with asmtp;
Thu, 9 May 2002 15:32:59 +1000
Received: from 158.45.73.20 ([158.45.73.20]) by f64.law4.hotmail.com with QMQP;
Wed, 8 May 2002 04:30:35 -0000
Received: from unknown (206.39.85.127)
by q4.quik.com with esmtp; Mon, 6 May 2002 17:28:11 -0700
Message-ID: <563845EE-3858-4F79-B033-9380BE290BB4@Z8OIEIRJ>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00X9_71A11C1E.E1232J43"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: AOL 7.0 for Windows US sub 118
Importance: Normal
Errors-To: [EMAIL PROTECTED]
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.0.10 (101270)
Precedence: bulk
List-Help: <mailto:[EMAIL PROTECTED]?subject=help>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-help>,
<mailto:[EMAIL PROTECTED]?subject=subscribe>
List-Id: Expert volunteers answer Python-related questions <python-help.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/listinfo/python-help>,
<mailto:[EMAIL PROTECTED]?subject=unsubscribe>
List-Archive: <http://mail.python.org/mailman/private/python-help/>
X-Spam-Status: No, hits=-96.2 required=4.8
tests=NO_REAL_NAME,BASE64_ENC_TEXT,USER_IN_WHITELIST version=2.11
From: <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: [Python-Help] ebay users list products.. 7g8Kwze5GxgcJ1
Date: Tue, 14 May 2002 03:44:48 -0400
Reply-To: <[EMAIL PROTECTED]>
Using the -t flag I'm told the USER_IN_WHITELIST test contributed a -100 to
the hits. Unfortunately, I don't have any ebay.com addresses (or glob
patterns involving ebay.com) in my user_prefs file. I am running SA in the
usual way from .procmailrc:
:0fw
| spamassassin -P
:0:
* ^X-Spam-Status: Yes
$SPAM
My list of whitelist_from patterns is short:
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
whitelist_from *@autox.team.net
What gives?
Corollary question: The message was BASE64 encoded, adding 3.2 to the score,
but seems to have deterred SA from digging into the actual content. I
decoded it and saw it was HTML from a web site promotion/marketing company.
A casual scan of the text suggested to me that had SA looked, it would have
significantly raised the score ("We Create Massive Traffic For Your Web
Site", etc).
Seems like a "single point of failure", if all a bad guy has to do is mime
encode their junk.
--
Skip Montanaro ([EMAIL PROTECTED] - http://www.mojam.com/)
"Excellant Written and Communications Skills required" - seen on chi.jobs
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
