On 3/1/2005 11:21 AM, Stuart Johnston wrote: > I am seeing a lot of false positives on MSGID_FROM_MTA_ID. Anyone else > seeing similar results? Suggestions? (SA 3.0.2) > > Here is a sample header: > > Return-Path: <[EMAIL PROTECTED]> > Received: from [10.2.100.6] (HELO gateway.ebby.com) > by ebby.com (CommuniGate Pro SMTP 4.1.6) > with ESMTP id 10388631 for [EMAIL PROTECTED]; Tue, 01 Mar 2005
> From: "Neil Erbe" <[EMAIL PROTECTED]> > Message-Id: <[EMAIL PROTECTED]> It appears to be doing the right thing. The message originated off-net, but the Message-ID was added locally, which is pretty good spam-sign. Frankly I wish it worked here, because I've had to create my own rule to hit the same thing. You can set the score for MSGID_FROM_MTA_ID to zero in a local .cf file if you want to disable the rule check. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
