Thus spake Michael Parker ([EMAIL PROTECTED]):
> On Mon, Feb 07, 2005 at 05:44:00PM +0000, David N wrote:
> > As I understand, '[EMAIL PROTECTED]|ip=142.55' is supposed to be unique to
> > emails originating from 142.55.x.x, yet it shows 65 occurrences, and an
> > (apparently) incorrect score of -5.4.
>
> Possibly you got 64 mails where the IP could not be determined so it
> was placed in the database as "none." When you got one with an IP
> that AWL could make use of it upgraded the "none" entry to the one
> with the IP.
That makes some sense to me, but I do have an entry in the database
for '[EMAIL PROTECTED]|ip=none'... however the count is '1'!! I would
expect the 'ip=none' to have more than a count of 1 but have no empirical
evidence to prove it
The 'ip=none' also includes the case where all ip addresses known come
from private subnets too doesn't it? -- If that's the case, then 64 would
make a LOT of sense. [Additionally, since I received that bum spam message,
I've send exactly 1 email to an internal mailing list that returns the
mail from me, but all private IP's - once again, the shoe fits].
Now then, if this scenario is correct, I end up in a situation where
I send a buncha emails internally, accumulate a good -6.6 score in
the AWL, and along comes Mr. Spammer & forges a 'from' from me,
and the AWL code hijacks my good -6.6 score & passes the message?
Is that an accurate description? If so:
1) Can I turn off this 'upgrading', or is there something I can do
to say include private addresses 192.168.223.x?? Or do I just
need to disable AWL entirely?
2) How can I delete the bum record from my AWL database?
Thanks!
--
David N, dn7534 at-sign tditx com