Mailing List Archive

"Charles Gregory" <cgregory@hwcn.org> wrote in message
news:Pine.GSO.4.05.10402231452400.14511-100000@james.hwcn.org...

> On Mon, 23 Feb 2004, Kurt Yoder wrote:

> > I got a message with these (censored) headers recently:

<snip>

> > Unfortunately, SA seems to think that this information is enough to
> > score this message heavily negative. I don't know how it is making
> > this decision, since the only reliable information is of course the
> > ip address of the connecting server; in this case
> > ANeuilly-105-1-3-194.w80-13.abo.wanadoo.fr [80.13.58.194]. I checked
> > the BSP list and this IP is definitely not in there. I'd guess the
> > same for the default whitelist.
> >
> > Is this a bug in the SA code or implementation? Or am I missing
> > something? Please let me know; I'm setting both of these scores to 0
> > for now.

> Please include the headers that SA inserted, so we can tell how it is
> scoring.....

I've seen this problem too [1] but when I tried running the e-mail
through spamassassin again, it did not trigger the BSP rule. I submitted
some of the first e-mails I saw with this problem, but BSP said none of
the hops had ever been in their list.

Regards,
John

[1] http://marc.theaimsgroup.com/?l=spamassassin-devel&m=107511078708166&w=2

I've attached the output of spamassassin -tD, which shows everything.

Charles Gregory said:
>
> Please include the headers that SA inserted, so we can tell how it is
> scoring.....
>
> On Mon, 23 Feb 2004, Kurt Yoder wrote:
>
>> Date: Mon, 23 Feb 2004 14:50:26 -0500 (EST)
>> From: Kurt Yoder <kylistsatalk@shcorp.com>
>> To: spamassassin-users@incubator.apache.org
>> Subject: [spa] false hits RCVD_IN_BSP_TRUSTED and USER_IN_DEF_WHITELIST
>>
>> Hi list
>>
>> I got a message with these (censored) headers recently:
>>
>> Delivered-To: me@shcorp.com
>> Return-Path: <service@paypal.com>
>> <internal Received header deleted>
>> Received: from ANeuilly-105-1-3-194.w80-13.abo.wanadoo.fr
>> (ANeuilly-105-1-3-194.w80-13.abo.wanadoo.fr [80.13.58.194])
>> by madagascar.shcorp.com (8.12.3/8.12.3/Debian-6.6) with SMTP id
>> <scrambled>
>> for <me@shcorp.com>; <date scrambled>
>> Received: from paypal.com (smtp1.nix.paypal.com [64.4.240.74])
>> by ANeuilly-105-1-3-194.w80-13.abo.wanadoo.fr (Postfix) with ESMTP
>> id
>> <scrambled>
>> for <me@shcorp.com>; <date scrambled>
>> From: service <service@paypal.com>
>> To: me <me@shcorp.com>
>> Subject: Confirm Your Information!
>> Date: <scrambled>
>> Message-ID: <scrambled@paypal.com>
>> Mime-Version: 1.0
>> Content-Type: multipart/alternative; boundary="=_scrambled"
>> X-Priority: 3 (Normal)
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook, Build 10.0.3416
>> Importance: Normal
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505.0000
>> X-Kaspersky-Antivirus: passed
>>
>> Unfortunately, SA seems to think that this information is enough to score
>> this
>> message heavily negative. I don't know how it is making this decision, since
>> the only reliable information is of course the ip address of the connecting
>> server; in this case ANeuilly-105-1-3-194.w80-13.abo.wanadoo.fr
>> [80.13.58.194]. I checked the BSP list and this IP is definitely not in
>> there.
>> I'd guess the same for the default whitelist.
>>
>> Is this a bug in the SA code or implementation? Or am I missing something?
>> Please let me know; I'm setting both of these scores to 0 for now.
>>
>> --
>> Kurt Yoder
>> Sport & Health network administrator
>>
>
>


--
Kurt Yoder
Sport & Health network administrator