>I had several false positives today based on the BAD_X_HEADERS rule. I'm >using the rules from Chris' site (Nov02). The legitimate emails had an >"X-URL" header. All of the FPs where from a single mailing list. For what >ever reason, they are providing a valid link to some content within this >header. > It is possible there may be false positives; I would suggest removing the X-URL portion from the rule if that causes problems at your site. Chris, if you don't mind removing that clause, thanks!
X-URL does sound like it could be used legitimately; it is not "as bogus" as the X-Campaign header, for example. Another thing to think about is writing a rule specifically for X-URL that scans for either a) malformations or b) "bad" or spam friendly URLs. I will try to work on an example, but others are welcome to contribute. (Upon further examination, X-URL is fairly rare in my corpus so I will simply remove it without much effect on the spam scores, hopefully). As another example, I had originally scored the X-UID: header until I discovered it was "legitimate" as well; in fact, one of my own sendmail MTAs was adding it to outbound mail! :) ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
