Mailing List Archive

> From: Stefan Hornburg
> Sent: Monday, February 23, 2004 6:35 AM
[...]
>
> The subject of the email is:
> Output from your job 48
>
> The message id is (added by the MTA probably)
> Message-Id: <E1AvGiz-0005sY-00@ecoservice.de>
>
> How can I avoid these false positives ?

One idea is whitelist_from_recvd localhost mail:

# Trusted hosts
whitelist_from_rcvd * localhost
whitelist_from_revd * mydomain.com

where 'mydomain.com' is your domain name, or a trust one.

For the 'from Received' part of this to work, you have to
set up trusted_hosts properly.

### We can trust headers from these IP's:
trusted_networks 127.
trusted_networks 199.99.99.

where 199.99.99. is the /24 of your IP block.

That said, there are some problems in parsing certain Received lines in
2.63,
and in the interpretation of trusted_networks that will likely be resolved
in the next release, so the set up described above might not work completely
for you in this release. Still it will work on some/many installations, so
you should probably try this first.

Alternatively, you could lower the score of SUBJ_HAS_SPACES, to say, half of
what it is now:

score SUBJ_HAS_SPACES 2.0

but since this has more to do with the sender, you could whitelist the
sender. If the sender of 'at' mail is root:

whitelist_from root@mydomain.com

Above, you'd really like that to be whitelist_from_recvd, but this entry
can be used until the localhost and Received: parsing problems are fixed,
_if_ the whitelist_from_recvd suggestion above doesn't work for you.
You cuold remove this broad whitelist_from entry in after the next release
is installed.

On Mon, 23 Feb 2004 15:34:33 +0100, Stefan Hornburg wrote:

>Hello, list !
>
>On one of my servers at is frequently used and some of the emails
>generated are tagged as SPAM with the following scores:
>
>
>Content analysis details: (5.0 points, 5.0 required)
>
> pts rule name description
>---- ---------------------- --------------------------------------------------
> 4.1 SUBJ_HAS_SPACES Subject contains lots of white space
>-0.0 BAYES_44 BODY: Bayesian spam probability is 44 to 50%
> [score: 0.4531]
> 3.0 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
>-2.1 AWL AWL: Auto-whitelist adjustment
>
>The subject of the email is:
>Output from your job 48
>
>The message id is (added by the MTA probably)
>Message-Id: <E1AvGiz-0005sY-00@ecoservice.de>
>
>How can I avoid these false positives ?

I see three possible solutions:

(1) Alter the score for SUBJ_HAS_SPACES in local.cf:
score SUBJ_HAS_SPACES 3.5

(2) Alter the number of contiguous spaces required by that trigger in
20_head_tests.cf (default is 6 - you could change it to 8 to avoid
triggering on that subject):
header SUBJ_HAS_SPACES Subject =~
/(?:\s{8}|\t\s|\s\t)\S/

(3) Define your own test to give a positive score if the subject
contains "Output from your job."

Of course there are other solutions as well - SA is extremely flexible
in that respect - but one of those should suffice if you don't want to
get into it too deeply.

On Mon, 2004-02-23 at 06:34, Stefan Hornburg wrote:
> How can I avoid these false positives ?

Don't run spamassassin against locally-originated emails.

--
John Hardin KA7OHZ
Internal Systems Administrator/Guru voice: (425) 672-1304
Apropos Retail Management Systems, Inc. fax: (425) 672-0192
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute an
emergency on my part.
- David W. Barts in a.s.r
-----------------------------------------------------------------------
7 days until ICQ Corp goes away - have you installed Jabber yet?