Lucio Chiappetti a écrit : > We have been very happily running spamassassin 3.0.4 under amavisd-new > milter on Suse 9.2 since a couple of years, using the standard > configuration recommended by the Italian GARR network. > > Please avoid comments on "old version" or so, we are planning an overall > update following an OS update in the coming months. I am asking here a > VERY SPECIFIC question. > > We are trying to debug a funny case of false positive (extremely rare > otherwise) which occurred to us (the issue has been solved "by chance" > but we do not understand why). > > A colleague of us working remotely has set up (on a machine outside of > our domain) a system which requires a registration and then sends a > confirmation e-mail. > > All such confirmation messages were blocked by our spamassassin with a > score of about 8. This is an example of info in the header. > > X-Spam-Status: Yes, hits=8.087 tag=-999 tag2=4.5 kill=4.5 tests=AWL, > BAYES_05, > DNS_FROM_SECURITYSAGE, FORGED_RCVD_HELO, HTML_10_20, HTML_EXTRA_CLOSE, > HTML_MESSAGE, HTML_SHORT_LENGTH, NO_REAL_NAME, UPPERCASE_25_50 >
- you should upgrade :) - you should disable securitysage. it lists the universe. - check why the message triggered FORGED_RCVD_HELO. - it is recommended to ask for "first/lasy name" and use them in the To header. - Similarly, it is recommended to have a display name in the From header. - it is not very polite to send html-centric mail. In confirmation requests, you generally want to maximize your chances of reaching the recipient, and minimize (bullshit|blahblah) (however you name it). > As far as I understand, none of the above rules has a score above 0.38 > (usually quite lower and marginal, 0.007 or 0.001). except AWL which has 1 > (in fact the address is recorded in awlst with a score of 8). > If AWL gives you bad results, disable it until you can be sure to make it work reliably. I found it to bring more trouble than help. > The message itself looked sort of funny to me : > [snip]
