I am running spamassassin 3.2.5. I found one of my own messages filed as spam. The message was not relayed - sent from gnus to postfix on the mail server.
Here is the header and AWL info (with the hostname and my domain name
query-replaced, but otherwise unmunged). I have adjusted NO_RELAYS to a
much lower score, which is fortunate in this case.
Return-Path: <g...@foo.example.org>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
gdt-server.example.com
X-Spam-Level: **
X-Spam-Status: Yes, score=2.5 required=1.0 tests=AWL,BAYES_00,HASHCASH_20,
NO_RELAYS autolearn=no version=3.2.5
X-Spam-Report:
* -0.5 HASHCASH_20 Contains valid Hashcash token (20 bits)
* -10 NO_RELAYS Informational: message was not relayed via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.0000]
* 16 AWL AWL: From: address is in the auto white-list
X-Original-To: g...@foo.example.org
Delivered-To: g...@gdt-server.example.com
Received: by gdt-server.example.com (Postfix, from userid 9545)
id 00B5516F3C; Mon, 2 Feb 2009 12:48:06 -0500 (EST)
X-Hashcash:
1:20:090202:g...@foo.example.org::5aeXQ1z3aUrCT7YF:00000000000000000\
00000000000000000000000002cBF
From: Greg Troxel <g...@foo.example.org>
To: Greg Troxel <g...@foo.example.org>
Subject: tgest
Date: Mon, 02 Feb 2009 12:48:05 -0500
Message-ID: <smupri0hgru....@gdt-server.example.com>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
This seems to be hitting this AWL entry:
15.7 (204.6/13) -- g...@foo.example.org|ip=none
I really doubt that such extremely spammy messages have been generated
on the machine with my username, especially since cron jobs that send
reports etc. are not configured with my example.org domain, but would
just pick up the server hostname. I looked at the logs and can't find
evidence of that but will look harder.
So:
Is there a way to exclude my own address from AWL processing, at least
for ip=none?
AWL uses only the first 2 bytes, and that mixes mail from my own
machine on FiOS and botnet machines on FiOS into the same bucket. I
am concerned that this will misattribute botnet spam to my own mail,
but this is currently theoretical.
Is there any easy way to turn on a log of each AWL update so I can
find out how these are getting added? I suspect it's not hard to
munge the code, but haven't looked yet.
Any clues as to how AWL processing could hit ip=none when the mail is
really delivered from off the machine? Perhaps in misparsing cases it
should be ip=unknown instead of ip=none.
I have removed my address from the whitelist and will keep an eye on how
it gets back in.
pgptqGJjARGRn.pgp
Description: PGP signature
