Might be because of this header:
Received: from IBM-707AC13EF89 (unknown [82.166.48.182])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mydomain.ac.il (Postfix) with ESMTP id D17F019F2C
for <[EMAIL PROTECTED]>; Mon, 27 Nov 2006 09:56:13 +0200 (IST)
[EMAIL PROTECTED] root]# nslookup
> 82.166.48.182
Server: 10.10.21.4
Address: 10.10.21.4#53
Non-authoritative answer:
182.48.166.82.in-addr.arpa name = 82-166-48-182.barak-online.net.
Seems to be a DYN IP. That probably hits the SORBS and other black lists.
If this IP is one of your users, you'll probably need to add their networks to
the all_trusted list.
-Sietse
PS: Please set your text mark-up from lef to right. Reading English is very
inconvenient in the Arabic right to left. The scroll bar on the left is kind of
handy though. :-)
From: Leon Kolchinsky
Sent: Mon 27-Nov-06 16:19
To: users@spamassassin.apache.org
Subject: False positives with RCVD_IN_NJABL_DUL, RCVD_IN_DSBL and
RCVD_IN_SORBS_DUL
Hello All,
I see a lot of FP with RCVD_IN_NJABL_DUL, RCVD_IN_DSBL and RCVD_IN_SORBS_DUL
from particulars users.
This is very strange because a lot of those are coming from users on my server
(server with static IP and not a relay server).
I've seen this user sending to himself and getting RCVD_IN_DSBL=2.6,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046
Why is this happening?
Is it recommended to lower score for these tests?
What scores are recommended?
Anyone have similar problems?
Here is one such example:
-------------------------
Return-Path: <[EMAIL PROTECTED]>
Received: from mydomain.ac.il ([unix socket])
by mydomain.ac.il (Cyrus v2.2.3) with LMTP; Mon, 27 Nov 2006 09:56:21
+0200
X-Sieve: CMU Sieve 2.2
Received: from localhost (localhost [127.0.0.1])
by mydomain.ac.il (Postfix) with ESMTP id 87CA6129288
for <[EMAIL PROTECTED]>; Mon, 27 Nov 2006 09:56:21 +0200 (IST)
X-Envelope-From: <[EMAIL PROTECTED]>
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-ID: <3zezHgDJGyFg>
X-Spam-Flag: YES
X-Spam-Score: 5.317
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.317 tag=-999 tag2=5 kill=5 tests=[AWL=0.119,
BAYES_00=-2.599, EXTRA_MPART_TYPE=1.091, HTML_90_100=0.113,
HTML_MESSAGE=0.001, RCVD_IN_DSBL=2.6, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
Received: from mydomain.ac.il ([127.0.0.1])
by localhost (mydomain.ac.il [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 3zezHgDJGyFg for <[EMAIL PROTECTED]>;
Mon, 27 Nov 2006 09:56:17 +0200 (IST)
Received: from IBM-707AC13EF89 (unknown [82.166.48.182])
(using TLSv1 with cipher RC4-MD5 (128/128 bits))
(No client certificate requested)
by mydomain.ac.il (Postfix) with ESMTP id D17F019F2C
for <[EMAIL PROTECTED]>; Mon, 27 Nov 2006 09:56:13 +0200 (IST)
MIME-Version: 1.0
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 27 Nov 2006 09:51:23 +0200 (Jerusalem Daylight Time)
Content-Type: Multipart/related;
type="multipart/alternative";
boundary="------------Boundary-00=_NTPDBHK0000000000000"
X-Mailer: IncrediMail (5002253)
From: "Billie Eilam" <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
X-FID: EAF615C8-5C8C-11D4-AF90-0050DAC67E11
X-Priority: 3
To: "Vidergor" <[EMAIL PROTECTED]>
Subject: RE:
Leon Kolchinsky
