After installing 2.60-cvs I've noticed a number of FPs resulting
from SA misinterpreting dial-up RBL data.

In particular, it does not seem to recognise the source IP address
as the originator of the message and so considers all the dial-up RBL
scores that it hits as a spam indication.

For example, in the attached message the source was an AOL
dialup "AC826956.ipt.aol.com [172.130.105.86]" which hit
6 RBLs ;() (with 'dnsbl.njabl.org' being added TWICE).

Also note the bayes score for this message, 90%,
but there's almost nothing "spammish" about it.


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
From [EMAIL PROTECTED] Wed Jul 16 22:58:18 2003
Return-Path: <[EMAIL PROTECTED]>
Received: from day.its.uiowa.edu (day.its.uiowa.edu [128.255.56.107])
        by server13.icaen.uiowa.edu (8.12.9/8.12.9) with ESMTP id h6H21pMo013336;
         sent by <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:51 -0500 (CDT)
Received: from localhost (webmail2-maint.its.uiowa.edu [128.255.56.154])
        by day.its.uiowa.edu (8.12.9/8.12.9/ns-mx-1.14) with ESMTP id h6H21naK015350;
        Wed, 16 Jul 2003 21:01:49 -0500
Received: from AC826956.ipt.aol.com (AC826956.ipt.aol.com [172.130.105.86]) 
        by webmail2.its.uiowa.edu (IMP) with HTTP 
        for <[EMAIL PROTECTED]>; Wed, 16 Jul 2003 21:01:49 -0500
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 16 Jul 2003 21:01:49 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], Mike Mackerel <[EMAIL PROTECTED]>,
   tjones <[EMAIL PROTECTED]>,
Subject: [** SPAM **] Re: Hi all
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Originating-IP: 172.130.105.86
X-Spam-Status: MEDIUM ; 118
X-Spam-Level: ***********++++++++
X-Spam-Report: Checker-Version SpamAssassin 2.60-cvs (1.195-2003-06-30-exp) on 
server13.icaen.uiowa.edu
        Content analysis details:   (11.8 points, 6.0 required)
         pts rule name              description
        ---- ---------------------- ------------------------------------------
         0.0 NO_REAL_NAME           From: does not include a real name
         3.0 BAYES_90               BODY: Bayesian spam probability is 90 to 99%
                                    [score: 0.9509]
         0.1 RCVD_IN_OSIRU_DIALUP   RBL: OSIRU: sender is dial-up IP address
                                    [172.130.105.86 listed in relays.osirusoft.com]
         3.7 RCVD_IN_NJABL_DIALUP   RBL: NJABL: dialup sender did non-local SMTP
                                    [172.130.105.86 listed in dnsbl.njabl.org]
         1.1 RCVD_IN_MAPS_DUL       RBL: Relay in DUL, http://www.mail-abuse.org/dul/
                                    [172.130.105.86 listed in rbl-plus.mail-abuse.org]
         0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                                    [172.130.105.86 listed in dnsbl.sorbs.net]
         0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org
                                    [172.130.105.86 listed in dnsbl.njabl.org]
         0.2 RCVD_IN_OSIRU          RBL: OSIRU: Sent via relay in relays.osirusoft.com
                                    [172.130.105.86 listed in relays.osirusoft.com]
         3.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                                    [Dynamic IP range listed by easynet.nl DynaBlock]
                                    [- <http://dynablock.easynet.nl/errors.html>]
        

Grrrrr!
  Bill!  I don't like the tone in  your first sentence!! You "typically ignore 
the muttering that is  uttered by the  mouth of Jane"?! Grrr. In my brain-dead 
state, thanks to work and class, i don't even know what to think about that. 
Could it be that this is truly what you feel? I'll cry myself to sleep tonight 
pondering this question. Or not. :)
  Dogs are smelly and high-maintainence. Cats clean themselves and do not ask 
for a walk, something only needy dogs require. if you  are that emotionally 
unstable that you need an animal to cuddle with constantly, then i guess dogs 
are for you. If you are a more mature individual, go for a cat.
                   Jane



Quoting [EMAIL PROTECTED]:

> Typically I ignore the muttering that is uttered by the mouth of Jane, but 
> this time I could not.  Alas, you wrote of the awesomeness of cats.  I
> believe 
> that you are gravely mistaken.  Bob was correct in attempting to suffocate 
> the feline with smoke.  This act is the only acceptable use of what is 
> referred 
> to as CAT.  These pesky animals are a very big problem.  My advice, get a 
> dog.  A very big dog with sharp teeth to eat the miniature ball of fur.  For
> 
> only then will the gods be satisfied.
> -Bill
> Quoting [EMAIL PROTECTED]:
> 
> > You know, Bob, if cats are your biggest problem, that's not so bad.
> > Appreciate 
> > their awesomeness! (And it should've been obvious that they wouldn't like
> > smoke 
> > bombs.)
> >                         Jane
> > 
> 
> 
>

Reply via email to