Lucio Chiappetti wrote: > We have been very happily running spamassassin 3.0.4 under amavisd-new > milter on Suse 9.2 since a couple of years, using the standard > configuration recommended by the Italian GARR network. > > Please avoid comments on "old version" or so, we are planning an > overall update following an OS update in the coming months. I am > asking here a VERY SPECIFIC question. > > We are trying to debug a funny case of false positive (extremely rare > otherwise) which occurred to us (the issue has been solved "by chance" > but we do not understand why). > > A colleague of us working remotely has set up (on a machine outside of > our domain) a system which requires a registration and then sends a > confirmation e-mail. > > All such confirmation messages were blocked by our spamassassin with a > score of about 8. This is an example of info in the header. > > X-Spam-Status: Yes, hits=8.087 tag=-999 tag2=4.5 kill=4.5 tests=AWL, > BAYES_05, > DNS_FROM_SECURITYSAGE, FORGED_RCVD_HELO, HTML_10_20, HTML_EXTRA_CLOSE, > HTML_MESSAGE, HTML_SHORT_LENGTH, NO_REAL_NAME, UPPERCASE_25_50
That looks like a mimedefang header. As best I can tell here, SA did its job and generated a score of over 8 points, but mimedefang failed to react to the fact that it was over the kill threshold. (SA doesn't support a "kill" threshold anyway).
