On Wed, 29 Sep 2010, njjrdell wrote:
Hello,
one of our users at a remote location is having her mail trashed by
spamassassin.
Sep 28 12:48:43 nsmail spamd[199]: prefork: child states: II\n
Sep 28 12:49:28 nsmail spamd[268]: spamd: connection from localhost
[127.0.0.1] at port 50226\n
Sep 28 12:49:28 nsmail spamd[268]: spamd: checking message
<001101cb5f2d$1c3937b0$6629a...@traci> for (unknown):500\n
Sep 28 12:49:29 nsmail spamd[268]: spamd: identified spam (288.2/5.0) for
(unknown):500 in 1.2 seconds, 2345 bytes.\n
Sep 28 12:49:29 nsmail spamd[268]: spamd: result: Y 288 -
AWL,BAYES_40,DOS_OE_TO_MX,FAKE_REPLY_C
scantime=1.2,size=2345,user=(unknown),uid=500,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50226,mid=<001101cb5f2d$1c3937b0$6629a...@traci>,bayes=0.297864,autolearn=no\n
I'm trying to track down why this message is getting such a high score. I
have been trying to find were the DOS_OE_TO_MX rule is and what it's score
is set to, but can't find it anywhere.
288 points? I'd look to AWL rather than any of the other rules. Did she
perhaps send a GTUBE at some point?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The yardstick you should use when considering whether to support a
given piece of legislation is "what if my worst enemy is chosen to
administer this law?"
-----------------------------------------------------------------------
79 days until TRON Legacy
