At 01:58 AM 8/31/2005, Beast wrote:
---
Received: from notes.trakindo.co.id (notes.trakindo.co.id [202.152.6.165])
by mail.indorama.com (Postfix) with ESMTP id 31F50E7932
for <[EMAIL PROTECTED]>; Wed, 31 Aug 2005 12:15:29 +0700 (WIT)
From: [EMAIL PROTECTED]
To: "My User" <[EMAIL PROTECTED]>
Subject: *[SPAM - score 6.1/5.2 ]* DELIVERY FAILURE: User xxx
([EMAIL PROTECTED]) not
listed in public Name & Address Book
Date: Wed, 31 Aug 2005 08:59:56 -0700
...
1. Why it triger DATE_IN_FUTURE_06_12?
Convert the Date: header and the timestamp in the Received: header to GMT.
If you do that, you'll realize both are dated August 31, but the Date:
header claims the message was written 15:59 GMT, but the message was
Received at 05:15 GMT.
Somebody has a screwed up clock and/or timezone. Was this really sent from
a timezone halfway around the world? Is your mailserver clock correct?
2. How do I pass all bounce email?
There's no generic feature in SA that detects bounce mail. If you scan on
the delivery MTA or post-delivery you might be able to write a rule to look
for a Return-Path header that contains <>.
3. I have train hundreds (or thousands) spam/ham mail to sa-learn but it
seems it still not quite good detecting non-english mail.
You might want to try running the message through spamassassin -D This will
show you all the tokens it found, and what bayes probability each token
has. That might give you some direction.
