On Tue, 2009-08-04 at 21:18 +0200, a...@exys.org wrote: > > (missing in your paste) > > the received header was not missing. just stripped.
Please do not quote me out of context. I said "From: header address (missing in your paste)". Inserted in the quote below where you ripped it out. > > This assumption is wrong. You did receive a message from the From: > > header address (missing in your paste) and the same originating > > net-block in the past. > > True I did, due to greylisting. Which SA doesn't know about. Unless, of course, the message or already received parts has been fed to SA anyway, despite greylisting. > r...@samir:~$grep 91.199.51.231 /var/log/exim/ -r > ... > F=<virenwarndie...@virenschutz-downloaden.info> temporarily rejected after > DATA: greylisted for 60 seconds > F=<virenwarndie...@virenschutz-downloaden.info> temporarily rejected after > DATA: greylisted for 60 seconds > <= virenwarndie...@virenschutz-downloaden.info > H=host231.dhms-domainmanagement.net [91.199.51.231] P=esmtp S=3223 > id=knuula.a6m...@localhost I guess that's the Envelope-From? AWL looks at the From: header. Also, SA doesn't necessarily have seen that From / net-block address recently. Any time in the past would do. > Greylisting is rather pointless when SA is going to remove the scoring > gained through later listing again. Should I disable AWL, or can i > unlearn it? That's the *exact* point of AWL. It is a historical score averager. [2] (The name is an artifact due to the fact that humans tend to frequently send using the same From address, and mostly the same sending net-block. Whereas spammers forge the sender, and usually distribute the origin widely. Hence the "white", to protect humans occasionally sending spammy mail. However, since it really is just an averaging system, it actually works both ways.) Again, the greylisting prior to receiving this spam is not the reason. SA, or more specifically AWL, does not know about that. As for unlearning: Sure! :) See the spamassassin-run [1] man-page, in particular for the --remove-addr-from-whitelist option. Or maybe the --add-addr-to-blacklist option, which fakes an entry with a score of 50. guenther [1] http://spamassassin.apache.org/full/3.2.x/doc/spamassassin-run.html [2] http://wiki.apache.org/spamassassin/AutoWhitelist and http://wiki.apache.org/spamassassin/AwlWrongWay -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
