On Wednesday 04 August 2004 12:38 am, Ron McKeating wrote: > Hi all, > > I just got a complaint from a user because of a false positive that was > filtered into their spam folder. A very small part of the score came > from the rule > > 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS > * [81.136.151.191 listed in dnsbl.sorbs.net] > > Looking at the headers (see below) I do not understand why this rule > comes into effect. The sender sent the email validly through her ISP > (yahoo.com). I thought if you did that then that rule did not kick in. > Am I missing something here? > > Ron > > Return-path: <[EMAIL PROTECTED]> > Delivery-date: Tue, 03 Aug 2004 12:30:22 +0100 > Received: from [158.125.1.193] (helo=bill.lut.ac.uk) > by dougal.lut.ac.uk with esmtp (Exim 4.30) > id 1BrxUs-0007lc-Bh > for [EMAIL PROTECTED]; Tue, 03 Aug 2004 > 12:30:22 +0100 > Received: from smtp810.mail.ukl.yahoo.com ([217.12.12.200]) > by bill.lut.ac.uk with smtp (Exim 4.41) > id 1BrxUl-0002je-GP > for [EMAIL PROTECTED]; Tue, 03 Aug 2004 12:30:22 +0100 > Received: from unknown (HELO HELEN01) > ([EMAIL PROTECTED]@81.136.151.191 with poptime)
The rule says the SENDER was in SORBS, not the relays. The IP was reported to SORBS as a source of spam at one time or another (could be a dialup?). -- _____________________________________ John Andersen
pgpiZe3gOEBJq.pgp
Description: signature
