After installing 2.60-cvs I've noticed a number of FPs resulting
from SA misinterpreting dial-up RBL data.
In particular, it does not seem to recognise the source IP address
as the originator of the message and so considers all the dial-up RBL
scores that it hits as a spam indication.
For example, in the attached message the source was an AOL
dialup "AC826956.ipt.aol.com [172.130.105.86]" which hit
6 RBLs ;() (with 'dnsbl.njabl.org' being added TWICE).
Also note the bayes score for this message, 90%,
but there's almost nothing "spammish" about it.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
From [EMAIL PROTECTED] Wed Jul 16 22:58:18 2003
Return-Path: <[EMAIL PROTECTED]>
Received: from day.its.uiowa.edu (day.its.uiowa.edu [128.255.56.107])
by server13.icaen.uiowa.edu (8.12.9/8.12.9) with ESMTP id h6H21pMo013336;
sent by <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:51 -0500 (CDT)
Received: from localhost (webmail2-maint.its.uiowa.edu [128.255.56.154])
by day.its.uiowa.edu (8.12.9/8.12.9/ns-mx-1.14) with ESMTP id h6H21naK015350;
Wed, 16 Jul 2003 21:01:49 -0500
Received: from AC826956.ipt.aol.com (AC826956.ipt.aol.com [172.130.105.86])
by webmail2.its.uiowa.edu (IMP) with HTTP
for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:49 -0500
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 16 Jul 2003 21:01:49 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], Mike Mackerel <[EMAIL PROTECTED]>,
tjones <[EMAIL PROTECTED]>,
Subject: [** SPAM **] Re: Hi all
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Originating-IP: 172.130.105.86
X-Spam-Status: MEDIUM ; 118
X-Spam-Level: ***********++++++++
X-Spam-Report: Checker-Version SpamAssassin 2.60-cvs (1.195-2003-06-30-exp) on
server13.icaen.uiowa.edu
Content analysis details: (11.8 points, 6.0 required)
pts rule name description
---- ---------------------- ------------------------------------------
0.0 NO_REAL_NAME From: does not include a real name
3.0 BAYES_90 BODY: Bayesian spam probability is 90 to 99%
[score: 0.9509]
0.1 RCVD_IN_OSIRU_DIALUP RBL: OSIRU: sender is dial-up IP address
[172.130.105.86 listed in relays.osirusoft.com]
3.7 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[172.130.105.86 listed in dnsbl.njabl.org]
1.1 RCVD_IN_MAPS_DUL RBL: Relay in DUL, http://www.mail-abuse.org/dul/
[172.130.105.86 listed in rbl-plus.mail-abuse.org]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[172.130.105.86 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[172.130.105.86 listed in dnsbl.njabl.org]
0.2 RCVD_IN_OSIRU RBL: OSIRU: Sent via relay in relays.osirusoft.com
[172.130.105.86 listed in relays.osirusoft.com]
3.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[Dynamic IP range listed by easynet.nl DynaBlock]
[- <http://dynablock.easynet.nl/errors.html>]
Grrrrr!
Bill! I don't like the tone in your first sentence!! You "typically ignore
the muttering that is uttered by the mouth of Jane"?! Grrr. In my brain-dead
state, thanks to work and class, i don't even know what to think about that.
Could it be that this is truly what you feel? I'll cry myself to sleep tonight
pondering this question. Or not. :)
Dogs are smelly and high-maintainence. Cats clean themselves and do not ask
for a walk, something only needy dogs require. if you are that emotionally
unstable that you need an animal to cuddle with constantly, then i guess dogs
are for you. If you are a more mature individual, go for a cat.
Jane
Quoting [EMAIL PROTECTED]:
> Typically I ignore the muttering that is uttered by the mouth of Jane, but
> this time I could not. Alas, you wrote of the awesomeness of cats. I
> believe
> that you are gravely mistaken. Bob was correct in attempting to suffocate
> the feline with smoke. This act is the only acceptable use of what is
> referred
> to as CAT. These pesky animals are a very big problem. My advice, get a
> dog. A very big dog with sharp teeth to eat the miniature ball of fur. For
>
> only then will the gods be satisfied.
> -Bill
> Quoting [EMAIL PROTECTED]:
>
> > You know, Bob, if cats are your biggest problem, that's not so bad.
> > Appreciate
> > their awesomeness! (And it should've been obvious that they wouldn't like
> > smoke
> > bombs.)
> > Jane
> >
>
>
>
