On Friday 16 September 2005 04:56 pm, Whitehead, Brian wrote: > I just inherited a couple of SMTP gateways running postfix and > spamassassin. We are seeing a huge increase in these emails with 'Re:[]' > over the last couple of weeks. One thing I've noticed is that in the > headers of these emails they contain the line 'X-SA-Do-Not-Rej: Yes'. From > everything I've read this is a string that is used with Exim/SpamAssassin > configurations. Can anyone tell me if this might be causing these spam > messages to get through on our Postfix/SpamAssassin servers. It appears > that these messages are completely bypassing the spamassassin scans because > no additional spamassassin tags are being added to the headers. From the > content these should easily be scoring a 20+ from the standard SA rules. > > -- > Brian
Brian, as I replied to Ron yesterday, I'm running SA 3.0.4 w/network and SURBL tests and the Re:[] are getting tagged every time no matter that 'X-SA-Do-Not-Rej: Yes' is in the header. This is on a single user, home system. Content analysis details: (27.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.5 MY_SEXLIFE BODY: Sex is great. Thnx for asking! 2.4 MORE_SEX BODY: Talks about a bigger drive for sex 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50% [cf: 100] 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 3.5 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?200.137.6.2>] 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: rehire.net] 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: rehire.net] 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: rehire.net] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: rehire.net] 3.0 URIBL_SC2_SURBL Has URI in SC2 at http://www.surbl.org/lists.html [URIs: rehire.net] 0.1 DIGEST_MULTIPLE Message hits more than one network digest check 1.0 SAGREY Adds 1.0 to spam from first-time senders -- Chris Registered Linux User 283774 http://counter.li.org 18:34:07 up 6 days, 6:46, 1 user, load average: 0.26, 0.20, 0.18 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
