On Mon, 14 Mar 2016 09:23:00 -0600 @lbutlr wrote: > > Unless you actually saw email.amctheatres.com in X-Spam-Report, or > > in debug, it's probably not what you are looking. > > > > It slipped my mind, but HEADER_HOST_IN_BLACKLIST is misleading > > > > https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7256 > > That explains it. Since it is checking both the body and the headers
I don't believe it does check the headers. It's a straightforward URI check and HEADER_HOST_IN_BLACKLIST is duplicate of URI_HOST_IN_BLACKLIST. > I have to check the source of the message and see what it?s hitting. > The blacklist setting I have, I thought, were pretty straight forward: > > blacklist_from *.119 > blacklist_from *.administrator > blacklist_from *.admin No, you are looking for enlist_uri_host or blacklist_uri_host
