I'm having trouble with intracompany e-mail. When a Windows/Outlook user
sends mail to a local user, there is exactly one MX in the path.
Which is the office mail server.
Everything is wonderful until Spamassassin sees the short delivery path
and assigns 2.8 points because of it, and a few other minor scores push
it over 5.0.
Should I just manually stomp on that score, or is there are more
subtle way to prevent this false positive? (I could, for example,
add a compensating negative score for sender IP addresses in our range.)
Thank you!
OS: Linux (Debian/unstable) amd64
Version: Spamassassin 3.3.1-1 (Debian binary package)
Invocation: spamc/spamd
Example message (redactions hopefully obvious):
>From sen...@horizon.com Tue Jan 04 21:13:48 2011
Return-Path: <sen...@horizon.com>
Delivered-To: recipient-s...@horizon.com
Received: (qmail 27320 invoked by uid xxxx); 4 Jan 2011 16:13:47 -0500
Delivered-To: recipi...@horizon.com
Received: from localhost by science.horizon.com
with SpamAssassin (version 3.3.1);
Tue, 04 Jan 2011 16:13:47 -0500
From: "Sender" <sen...@horizon.com>
To: "Recipient" <recipi...@horizon.com>
Subject: ***SPAM*** $SUBJECT
Date: Tue, 4 Jan 2011 16:12:31 -0500
Message-Id:
<!&!AAAAAAAAAAAYAAAAAAAAAJwEbt/soljortflpabkkkrcgaaaeaaaacbkaafjtybkl2k8kkdi+h8baaaaa...@horizon.com>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on science.horizon.com
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.4 required=5.0 tests=BAYES_50,DOS_OUTLOOK_TO_MX,
FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,HTML_MESSAGE,RDNS_NONE autolearn=no
version=3.3.1
X-Spam-ASN:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_4D238D8B.A2071086"
Status: R
This is a multi-part message in MIME format.
------------=_4D238D8B.A2071086
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "science.horizon.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: [snip]
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
1.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4996]
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
2.8 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_4D238D8B.A2071086
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: (qmail 27302 invoked from network); 4 Jan 2011 16:13:46 -0500
Received: from unknown (HELO $MACHINE) (aaa.bbb.ccc.ddd)
by science.horizon.com with SMTP; 4 Jan 2011 16:13:46 -0500
Return-Receipt-To: "Sender" <sen...@horizon.com>
From: "Sender" <sen...@horizon.com>
To: "Recipient" <recipi...@horizon.com>
Subject: $SUBJECT
Date: Tue, 4 Jan 2011 16:12:31 -0500
Message-ID:
<!&!AAAAAAAAAAAYAAAAAAAAAJwEbt/soljortflpabkkkrcgaaaeaaaacbkaafjtybkl2k8kkdi+h8baaaaa...@horizon.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_002D_01CBAC2A.30E3F200"
X-Mailer: Microsoft Office Outlook 12.0
thread-index: AcusVBl369Pl5TClQfmgzP7+YFpFaQ==
Content-Language: en-us
This is a multipart message in MIME format.
------=_NextPart_000_002D_01CBAC2A.30E3F200
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_002E_01CBAC2A.30E3F200"
------=_NextPart_001_002E_01CBAC2A.30E3F200
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
[snip]
------=_NextPart_001_002E_01CBAC2A.30E3F200
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"; =
xmlns=3D"http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
[snip]
</body>
</html>
------=_NextPart_001_002E_01CBAC2A.30E3F200--
------=_NextPart_000_002D_01CBAC2A.30E3F200
Content-Type:
application/vnd.openxmlformats-officedocument.wordprocessingml.document;
name="File.docx"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="File.docx"
[snip]
------=_NextPart_000_002D_01CBAC2A.30E3F200--
------------=_4D238D8B.A2071086--
