I have just been reported a couple of false positives in our (old and
stable) spamassassin config. I reported them to our sysman, but it is
better that I enquire (I assisted him in the initial setup though I forgot
most),
The false positives came from academic domains, an University here in
Italy, and the NRAO in the USA. We have been receiving from them without
problem until the false positive occurrred. The score goes above our
rather restrictive threshold because of rules like this
* 2.4 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
for both of them. Is this a reliable source or too picky ?
* 3.4 RCVD_ILLEGAL_IP Received: contains illegal IP address
what is this about ? I see nothing strange
* 1.8 URIBL_BLACK Contains an URL listed in the URIBL blacklist
in one case this was triggered by freeiz.com in the signature of
the message being replied to (which in turn was by the mantainer of
Alpine which stores his code there !)
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
* 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
in the other case these too were triggered with URIBL_BLACK.
Now that is not unexpected. The message was a mailman administration
message. The mailing list had received some spam attempt from
non-subscribers, which went "into moderation". I received them as
moderator. In fact the offending URLs were just the spammer's email
address. So they are not a great loss, but I would not like to miss
legitimate messages from that mailman installation !
I am just wondering if the BL site have suddently become too rigorous.
--
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------
Do not like Firefox >=29 ? Get Pale Moon ! http://www.palemoon.org
