On Mon, 2013-11-11 at 20:26 -0200, Sergio Durigan Junior wrote:
> Here is an example of a misclassified spam message:
>    <http://sergiodj.net/~sergio/sa/spam.txt>
> 
> (This spam message was sent to a mailing list, not directly to my
> address, as can be seen.  I still don't have spams that were sent
> directly to my e-mail address.).

None directly at all, or during the last 24 hours? Do you so far
exclusively receive spam via mailing-lists?

(Caveat: I am not a friend of scanning mailing-list traffic at the
recipient, and directly deliver them into dedicated folders. It's the
mailing-list operator's damn duty to keep spam out of the lists.)

That said, in order to scan list traffic properly, you need to "extend
your network" to include the list server IP(s). As a result, SA will
then not treat the handing-over (here list-server) SMTP as an untrusted
relay, but the actual omitter of the spam sending it to the list server.
This is important, because some header rules and most notably DNSBLs
need that last external host info for proper operation.

See the trusted_networks option, and
  http://wiki.apache.org/spamassassin/TrustPath


The X-Spam-Status header shows another problem: URIBL_BLOCKED.

  ADMINISTRATOR NOTICE: The query to URIBL was blocked.  See
  http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
  for more information.


UNPARSABLE_RELAY and SPF_FAIL are things to dig down, too. The above two
issues though are by far more important.


> - I run spamc directly from my .procmailrc:

# Mailing-list recipes belong here.

>      :0fw: spamassassin.lock
>      * < 256000
>      | spamc


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Reply via email to