Hello,
I've got an odd situation where I've received spam from a (forged) valid
address in my own domain. Problem is that the headers are clearly forged as
the IP for my mailserver is incorrect, but the whitelist rule for my domain
is being applied.
Is there a setting where I can tell spamassassin which IP is the MTA for my
domain? It would make sense to me that spamassassin should know what my
proper MTA is, and if the header is forged, it shouldn't apply the whitelist
rule.
SpamAssassin 2.55
Qmail-scanner 1.60
qmail 1.03
Any ideas?
James
Received: from mail.quarry.com (HELO quarry.com) (PROPER IP)
by cygnus.quarry.com with SMTP; 18 Oct 2003 09:34:42 -0400
Received: from quarry.com (FORGED IP) by quarry.com with ESMTP (Eudora
Internet Mail Server 3.2.1) for <[EMAIL PROTECTED]>;
Sat, 18 Oct 2003 09:34:40 -0400
Received: from theressa [FORGED IP] by quarry.com with eSMTP;
Sat, 18 Oct 2003 08:34:36 -0500
Message-ID: <[EMAIL PROTECTED]>
From: "robert" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Lower your payments today!
Date: Sat, 18 Oct 2003 08:34:36 -0500
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
X-Priority: 3
X-Mailer: mailer
Return-Path: [EMAIL PROTECTED]
ABC-Tracking: <d2F0ZXJsb29AcXVhcnJ5LmNvbQ==>
X-Spam-Status: No, hits=-87.7 required=5.0
tests=BAYES_80,COMPLETELY_FREE,HTML_30_40,HTML_FONT_BIG,
HTML_FONT_COLOR_RED,LOW_PAYMENT,MIME_HTML_ONLY,
RAZOR2_CF_RANGE_91_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
USER_IN_WHITELIST
version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Spam-Report: ---- Start SpamAssassin results
-87.70 points, 5 required;
* 2.2 -- BODY: Lower Monthly Payment
* 1.1 -- BODY: No such thing as a free lunch (2)
* 0.6 -- BODY: Message is 30% to 40% HTML
* 0.1 -- BODY: HTML font color is red
* 2.9 -- BODY: Bayesian classifier says spam probability is 80 to 90%
[score: 0.8569]
* 1.2 -- BODY: Razor2 gives a spam confidence level between 91 and 100
[cf: 97]
* 0.2 -- BODY: FONT Size +2 and up or 3 and up
* 0.9 -- Listed in Razor2, see http://razor.sf.net/
* -100.0 -- From: address is in the user's white-list
* 3.0 -- RBL: Received via a relay in bl.spamcop.net
[RBL check: found 178.187.62.68.bl.spamcop.net.]
* 0.1 -- Message only has text/html MIME parts
---- End of SpamAssassin results
-------------------------------------------------------
This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo
The Event For Linux Datacenter Solutions & Strategies in The Enterprise
Linux in the Boardroom; in the Front Office; & in the Server Room
http://www.enterpriselinuxforum.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
