hey greg:
you got me there
i was looking at :
Received: from myserver ([127.0.0.1])
by localhost (myserver [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id TnlkYt9U0aRr for ;
Wed, 29 Nov 2006 06:09:20 -0500 (EST)
Received: from 218-171-61-71.dynamic.hinet.net
(218-171-61-71.dynamic.hinet.net [218.171.61.71])
by myserver (Postfix) with ESMTP id 76A9DC97AC
for ; Wed, 29 Nov 2006 06:09:06 -0500 (EST)
Received: from insersudamerica.com (port=2457 helo=hhdyayyfbpavq)
by 218-171-61-71.dynamic.hinet.net with smtp
id 666-jMbg-4o
for myuser; Wed, 29 Nov 2006 19:08:40 +0800
and i don't see the envelope-from field at all in the header
i can post the full header if that would help
Original Message
Subject: Re:spam is marked as "user_in_whitelist"
From: Greg Skouby <[EMAIL PROTECTED]>
To: users@spamassassin.apache.org
Date: 11/29/2006 10:27 AM
On Wed, Nov 29, 2006 at 10:22:11AM -0500, Stas Khromoy wrote:
*keep getting the following spam
which spamassassin for some reason
give a scrore of -100 or - 70
keeps saying the user is in whitelist
Subject:* both of those that is of the people, of the Lord your words of
subject :me: a certain man that hear O house of man from among the land
of our
or other of similar context .. they look like quotes from the bible :)
with offers to buy some crap from
s a b a n z e n dot com
X-Spam-Status: No, score=-74.498 tagged_above=-150 required=3
tests=[BAYES_80=2, EXTRA_MPART_TYPE=1.091, HELO_DYNAMIC_IPADDR2=3.818,
HTML_IMAGE_ONLY_08=3.126, HTML_MESSAGE=0.001, RCVD_IN_DYNABLOCK=1,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SBL_XBL=1.5, RCVD_IN_SORBS=1,
RCVD_IN_SORBS_DUL=2.046, RCVD_IN_XBL=3.897, SARE_GIF_ATTACH=0.75,
SARE_GIF_STOX=1.66, SARE_RECV_SPAM_DOMN0b=1.666,
UNPARSEABLE_RELAY=0.001, USER_IN_WHITELIST=-100]
i can't think of anything at this point aside from getting rid of the
old whitelist and starting a new one.
Hi Stas,
I am betting that the "envelope-sender" is the user that is in the whitelist and you are looking at the "from" address and thinking that the "from" address is not in the whitelist.
We have run into a fair amount of the above situation on our system. I think it might be a good idea to make USER_IN_WHITELIST have a score of ~ -15 instead of ~100.
--Greg