Philip Prindeville wrote: > Matt Kettler wrote: > > >> Philip Prindeville wrote: >> >> >> >>> I recently saw an email get bounced that was legitimately coming >>> >> >from Microsoft: >> >>> Nov 13 14:59:26 mail mimedefang.pl[19053]: helo: maila.microsoft.com >>> (131.107.115.212) said "helo smtp.microsoft.com" >>> Nov 13 14:59:26 mail sendmail[21067]: kADLxLLR021067: from=<[EMAIL >>> PROTECTED]>, size=1207, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, >>> bodytype=7BIT, proto=ESMTP, daemon=MTA-v4, relay=maila.microsoft.com >>> [131.107.115.212] >>> Nov 13 14:59:29 mail mimedefang.pl[20521]: kADLxLLR021067: hits=6.909, >>> req=5, names=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,L_WIN_CHARSET >>> Nov 13 14:59:29 mail mimedefang.pl[20521]: >>> MDLOG,kADLxLLR021067,spam,6.909,131.107.115.212,<[EMAIL PROTECTED]>,<[EMAIL >>> PROTECTED]>,Out of Office: Software Development with Microsoft >>> Nov 13 14:59:29 mail mimedefang.pl[20521]: filter: kADLxLLR021067: >>> bounce=1 discard=1 >>> Nov 13 14:59:29 mail mimedefang[5737]: kADLxLLR021067: Bouncing because >>> filter instructed us to >>> Nov 13 14:59:29 mail sendmail[21067]: kADLxLLR021067: Milter: data, >>> reject=554 5.7.1 Message rejected; scored too high on the Spam test. >>> Nov 13 14:59:29 mail sendmail[21067]: kADLxLLR021067: to=<[EMAIL >>> PROTECTED]>, delay=00:00:03, pri=31207, stat=Message rejected; scored too >>> high on the Spam test. >>> >>> I've put into my spamassassin/sa-mimedefang.cf file: >>> >>> whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com >>> >>> >>> What am I missing at this point? >>> >>> Does the 2nd arg to the whitelist_from_rcvd need to be >>> maila.microsoft.com instead? >>> >>> And what do DNS_FROM_RFC_ABUSE and DNS_FROM_RFC_POST correspond to? >>> >>> >>> >>> >> postmaster and abuse lists at rfc-ignorant.org. Both are wildly prone to >> false positives and have been removed from the 3.2 devel branch. They >> effectively list sites that violate the RFCs for mail hosts and refuse >> mail sent to postmaster or abuse. >> >> That said, neither scores very high.. Assuming set3 (bayes and network) >> the combined score in SA 3.1.x is only 1.908 points.. >> >> What's L_WIN_CHARSET.. that's not a stock rule I'm aware of. Looks like >> an add-on to me, and probably the real culprit here. I found some >> references to it from list conversations, and looks like it's trying to >> match email with a windows-specific character set (windows-1252). But >> it's not in any ruleset I can find anywhere. >> >> >> Actually, it looks like a rule you yourself were developing back in >> April.. What did you set the score to? >> http://www.gossamer-threads.com/lists/spamassassin/users/72328 >> >> >> >> > > > Yes, it's local. > > I set it to 4.85. Or maybe 4.99. > > But why isn't the whitelisting kick in?
Because your whitelist requires the mail to have been delivered from a server named smtp.microsoft.com. This one was delivered from maila.microsoft.com. >> > > >
