Hi,
I'm currently getting FPs from users sending themselves mail from personal
accounts with blank message bodies. Many times these messages are presumably
reminders, and as such have valid subject lines. Often these messages
contain attachments with the same filename as the subject, such as I believe
is sent by Windows 'Mail to Recipient' function. The problem is that these
messages seem to be triggering digest checks:
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
1.1 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.7 DNS_FROM_RFC_POST RBL: Envelope sender in
postmaster.rfc-ignorant.org
0.8 DIGEST_MULTIPLE Message hits more than one network digest check
I can only assume that digest checks are matching the hashes of other blank
messages, and that Razor et al ignore certain headers and mime types? Is
this behavior typical? I find it hard to believe I have screwed up my DCC,
Pyzor *and* Razor installations.
Can anyone think of any strategies for dealing with this? I've tried
educating my users, but it is like herding cats! :-(
Thanks,
Iain
