On 29.09.10 08:00, njjrdell wrote: > one of our users at a remote location is having her mail trashed by > spamassassin. > > Sep 28 12:48:43 nsmail spamd[199]: prefork: child states: II\n > Sep 28 12:49:28 nsmail spamd[268]: spamd: connection from localhost > [127.0.0.1] at port 50226\n > Sep 28 12:49:28 nsmail spamd[268]: spamd: checking message > <001101cb5f2d$1c3937b0$6629a...@traci> for (unknown):500\n > Sep 28 12:49:29 nsmail spamd[268]: spamd: identified spam (288.2/5.0) for > (unknown):500 in 1.2 seconds, 2345 bytes.\n > Sep 28 12:49:29 nsmail spamd[268]: spamd: result: Y 288 - > AWL,BAYES_40,DOS_OE_TO_MX,FAKE_REPLY_C > scantime=1.2,size=2345,user=(unknown),uid=500,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=50226,mid=<001101cb5f2d$1c3937b0$6629a...@traci>,bayes=0.297864,autolearn=no\n > > I'm trying to track down why this message is getting such a high score. I > have been trying to find were the DOS_OE_TO_MX rule is and what it's score > is set to, but can't find it anywhere.
DOS_OE_TO_MX triggers on mail send teom outlook express sdirectly to mail servers. This can happen when you use your MX servers for "outgoing" mail too and users don't use SMTP authentication. You can solve this by requiring the user to use SMTP auth, or work around it by adding the sending IP to trusted_networks. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
