It's always safer to give negative weights based on reverse DNS instead of the From address. In this case it would look something like this:
REVDNS -5 ENDSWITH .grp.scd.yahoo.com
I also noted that your SPAMDOMAINS_H test got tripped. I would check the configuration there and either adjust or provide a negative weight test to resolve the problem.
Matt
Markus Gufler wrote:
Today we've had some FP's comming from a Yahoo mailing list.
Is it a possible solution to give a litle negative weight for mails comming from @yahoogroups.com or is there any other/bether method to resolve such false positives? (IP-ranges, Spamdomains...?)
Below the mail header of such a FP:
Received: from mx0.gmx.net [213.165.64.100] by mail.zcom.it (SMTPD32-7.15) id A9F343600D8; Sun, 19 Oct 2003 18:21:07 +0200 Received: (qmail 2815 invoked by alias); 19 Oct 2003 16:21:07 -0000 Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: (qmail 2767 invoked by uid 65534); 19 Oct 2003 16:21:07 -0000 Received: from n17.grp.scd.yahoo.com (HELO n17.grp.scd.yahoo.com) (66.218.66.72) by mx0.gmx.net (mx035-rz3) with SMTP; 19 Oct 2003 18:21:07 +0200 X-eGroups-Return: [EMAIL PROTECTED] Received: from [66.218.67.200] by n17.grp.scd.yahoo.com with NNFMP; 19 Oct 2003 16:21:01 -0000 X-Sender: [EMAIL PROTECTED] X-Apparently-To: [EMAIL PROTECTED] Received: (qmail 7332 invoked from network); 19 Oct 2003 16:21:00 -0000 Received: from unknown (66.218.66.172) by m8.grp.scd.yahoo.com with QMQP; 19 Oct 2003 16:21:00 -0000 Received: from unknown (HELO mxsf15.cluster1.charter.net) (209.225.28.215) by mta4.grp.scd.yahoo.com with SMTP; 19 Oct 2003 16:21:00 -0000 Received: from tuscolahnjiiu5 (24.231.210.135.bay.mi.chartermi.net [24.231.210.135] (may be forged)) by mxsf15.cluster1.charter.net (8.12.9/8.12.8) with ESMTP id h9JGKnMp046823 for <[EMAIL PROTECTED]>; Sun, 19 Oct 2003 12:20:57 -0400 (EDT) (envelope-from [EMAIL PROTECTED]) To: <[EMAIL PROTECTED]> Organization: Tuscola Co. ARPSC/Skywarn Message-ID: <[EMAIL PROTECTED]> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <[EMAIL PROTECTED]> Importance: Normal From: "Mike" <[EMAIL PROTECTED]> X-Yahoo-Profile: sender MIME-Version: 1.0 Mailing-List: list [EMAIL PROTECTED]; Delivered-To: mailing list [EMAIL PROTECTED] Precedence: bulk Date: Sun, 19 Oct 2003 12:20:51 -0400 Subject: [s109] RE: [TinyTrak] TT3 Configuration: DIGI PATH Reply-To: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-GMX-Antispam: 0 (Mail was not recognized as spam) X-RBL-Warning: FIVETEN-SRC: 72.66.218.66.blackholes.five-ten-sg.com. X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [2000010f]. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 17. X-RBL-Warning: SPAMDOMAINS_H: Spamdomain 'yahoo.' found: Address of [EMAIL PROTECTED] sent from invalid mx0.gmx.de. X-Spam-Tests-Failed: FIVETEN-SRC, NOABUSE, ROUTING, SPAMCHK, SPAMDOMAINS_H, WEIGHT75, WEIGHT100 [109] X-Country-Chain: [ARIN Unlisted]->UNITED STATES->GERMANY->destination
Thanks in advance
Markus
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
