I am watching the log file of a new 2.60 upgrade go past my log file
viewer and I'm seeing some messages get caught as spam because they are
from AOL. These are known accounts with my company and we have received
many messages in the past that were not flagged as spam. Since the 2.6
install they are.
Here's the /var/log/messages output from one of the messages...
Sep 30 13:49:46 web-2 postfix/smtpd[3460]: connect from
unknown[152.163.225.103]
Sep 30 13:49:46 web-2 postfix/smtpd[3460]: C896BBBEF:
client=unknown[152.163.225.103]
Sep 30 13:49:55 web-2 postfix/cleanup[3480]: C896BBBEF:
message-id=<[EMAIL PROTECTED]>
Sep 30 13:49:55 web-2 postfix/nqmgr[5509]: C896BBBEF:
from=<[EMAIL PROTECTED]>, size=1116, nrcpt=1 (queue active)
Sep 30 13:49:55 web-2 spamd[3371]: connection from
localhost.localdomain [127.0.0.1] at port 41283
Sep 30 13:49:55 web-2 spamd[3676]: processing message
<[EMAIL PROTECTED]> for filter:504.
Sep 30 13:49:55 web-2 postfix/smtpd[3460]: disconnect from
unknown[152.163.225.103]
Sep 30 13:49:55 web-2 spamd[3676]: identified spam (6.8/5.0) for
filter:504 in 0.1 seconds, 1117 bytes.
Sep 30 13:49:55 web-2 sendmail[3675]: h8UIntw03675:
Authentication-Warning: web-2.alliednational.com: filter set sender to
[EMAIL PROTECTED] using -f
Sep 30 13:49:55 web-2 sendmail[3675]: h8UIntw03675:
[EMAIL PROTECTED], size=1714, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Sep 30 13:49:55 web-2 postfix/pipe[3451]: C896BBBEF:
to=<[EMAIL PROTECTED]>, relay=postfixfilter, delay=9,
status=sent (web-2.alliednational.com)
Sep 30 13:49:55 web-2 sendmail[3679]: h8UIntw03675:
[EMAIL PROTECTED], [EMAIL PROTECTED] (504/504),
delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31714,
relay=mail-relay.alliednational.com. [10.1.40.1], dsn=2.0.0, stat=Sent
(Ok)
Here's what I get from a host (rdns) lookup...
host 152.163.225.103
103.225.163.152.in-addr.arpa domain name pointer imo-r07.mx.aol.com.
Here's the header info:
Received: from web-2.alliednational.com
([172.16.30.32])
by alliednational.com; Tue, 30 Sep 2003 13:50:07 -0500
Received: (from [EMAIL PROTECTED])
by web-2.alliednational.com (8.11.6/8.11.6) id h8UIntw03675
for [EMAIL PROTECTED]; Tue, 30 Sep 2003 13:49:55 -0500
X-Authentication-Warning: web-2.alliednational.com: filter set sender
to [EMAIL PROTECTED] using -f
Received: from imo-r07.mx.aol.com (unknown [152.163.225.103])
by web-2.alliednational.com (Postfix) with ESMTP id C896BBBEF
for <[EMAIL PROTECTED]>; Tue, 30 Sep 2003 13:49:46 -0500
(CDT)
Received: from [EMAIL PROTECTED]
by imo-r07.mx.aol.com (mail_out_v36_r1.1.) id b.b8.487b647d
(17079)
for <[EMAIL PROTECTED]>; Tue, 30 Sep 2003 14:49:44 -0400
(EDT)
From: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 30 Sep 2003 14:49:44 EDT
Subject: %%SPAM%% Re: %%SPAM%% terri grove
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="part1_b8.487b647d.2cab2a48_boundary"
X-Mailer: 8.0 for Windows sub 6803
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
web-2.alliednational.com
X-Spam-Report:
* 0.2 NO_REAL_NAME From: does not include a real name
* 0.1 HTML_60_70 BODY: Message is 60% to 70% HTML
* 0.1 HTML_MESSAGE BODY: HTML included in message
* 4.1 NO_RDNS_DOTCOM_HELO Host HELO'd as a big ISP, but had no
rDNS
* 2.4 FAKE_HELO_AOL Host HELO did not match rDNS: aol.com
X-Spam-Status: Yes, hits=6.8 required=5.0
tests=FAKE_HELO_AOL,HTML_60_70,
HTML_MESSAGE,NO_RDNS_DOTCOM_HELO,NO_REAL_NAME autolearn=no
version=2.60
X-Spam-Level: ******
I haven't changed any of the stock tests or scores.
Is this a bug or a wierdness in my setup?
Thanx!
-Michael
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
