injected headers are triggering dns whitelists

Fri, 17 Sep 2010 07:56:05 -0700

I've been repeatedly running into problems where dns white-lists have been causing false negatives in spam. Valid looking headers are being injected at the beginning of emails which are tripping dns whitelists (see below). As a result I've been slowly disabling dns whitelist rules: 
score HABEAS_ACCREDITED_COI 0
score HABEAS_ACCREDITED_SOI 0
score RCVD_IN_DNSWL_MED 0
score RCVD_IN_BSP_TRUSTED 0
score RCVD_IN_DNSWL_HI 0

I'm running SpamAssassin on ubuntu hardy: spamassassin 3.2.4-1ubuntu1.2
Has anyone else been seeing this? Is this a mis-configuration on my part? Is there anything I can do to get SpamAssassin to check only the last header and ignore anything below that? 

===============================================

Return-Path: <alienatespb...@robinsins.com>
Received: from murder ([unix socket])
         (authenticated user=postmaster bits=0)
         by myservername (Cyrus v2.2.13-Debian-2.2.13-13ubuntu3) with LMTPA;
         Fri, 17 Sep 2010 10:15:14 -0400
X-Sieve: CMU Sieve 2.2
Received: from X98.bbn07-081.lipetsk.ru (unknown [178.234.81.98])
        by myservername.athenium.com (Postfix) with ESMTP id D53E41D40B0
        for <ab...@athenium.com>; Fri, 17 Sep 2010 10:15:12 -0400 (EDT)
Received: from svtmail04.prod.sabre.com (svtmail00.prod.sabre.com [151.193.64.1]) 
        by server42.appriver.com with esmtp
        id 3651BD-000812-22
        for ab...@athenium.com; Fri, 17 Sep 2010 18:15:01 +0300
Received: from microsof56e61a (10.208.60.9:76737) by svtmail09.prod.sabre.com (LSMTP for Windows NT v1.1b) with SMTP id <9.649bf...@svtmail08.prod.sabre.com>; Fri, 17 Sep 2010 18:15:01 +0300 
Date: Fri, 17 Sep 2010 18:15:01 +0300
From: "Jerry Burton" <alienatespb...@robinsins.com>
To: ab...@athenium.com
Message-ID: <94685159.45679744792947233404.javamail....@microsof56e61a>
Subject: Re: Vacation
MIME-Version: 1.0
Content-Type: multipart/mixed;
  boundary="----=_Part_7403571_82314638.3159918817094"
X-Virus-Scanned: clamav-milter 0.95.3 at myservername
X-Virus-Status: Clean
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_99,HTML_MESSAGE,
        RCVD_IN_DNSWL_HI,SPF_SOFTFAIL,UNPARSEABLE_RELAY autolearn=no 
version=3.2.4
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
        myservername.xxx.athenium.com

====================================================

Reply via email to