Hi Folks,
We're seeing some false positives with SA/MailScanner.
It looks like SA thinks the headers below are forged, even though these are legitimate emails generated by Yahoo's store system.
Any thoughts?
TIA,
Lance
[removed exchange headers etc]
Received: from unknown (HELO antispam.ware.net) (66.252.132.190)
by mail7 with SMTP; 16 Jul 2003 21:38:22 -0000
Received: from st130.store.yahoo.com (st130.store.yahoo.com [216.136.225.130])
by antispam.ware.net (8.12.5/8.12.5) with ESMTP id h6GLa6gi003787
for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 14:36:06 -0700
Received: from localhost.localdomain (localhost [127.0.0.1])
by st130.store.yahoo.com (8.11.3/8.11.2) with ESMTP id h6GLb6o92562
for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 14:37:06 -0700 (PDT)
Date: Wed, 16 Jul 2003 14:37:06 -0700 (PDT)
Message-Id: <[EMAIL PROTECTED]>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Subject: {Spam?} Order 695 from catalog webcamdotcom
From: "Some Customer"
<[EMAIL PROTECTED]> (through Yahoo! Store Order System)
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
X-MailScanner-Information: Please contact the ISP for more information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (score=5, required 5,
BAYES_70 2.31, FORGED_YAHOO_RCVD 2.70)
I don't know about the issue with FORGED_YAHOO_RCVD (if there is one) but notice that Bayes has given a score of BAYES_70 which is 2.31 points. Without that it would not have been triggering as spam.
Are you sure the messages aren't very spammy in nature ? If not, it seems you have a bit of training of ham to do with your bayes database, as Bayes is identifying the message as probable spam...
Regards,
Simon
