On Wednesday, August 4, 2004, 1:38:34 AM, Ron McKeating wrote:
> Hi all,
> I just got a complaint from a user because of a false positive that was
> filtered into their spam folder. A very small part of the score came
> from the rule
> 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
> * [81.136.151.191 listed in dnsbl.sorbs.net]
> Looking at the headers (see below) I do not understand why this rule
> comes into effect. The sender sent the email validly through her ISP
> (yahoo.com). I thought if you did that then that rule did not kick in.
> Am I missing something here?
> Ron
> Return-path: <[EMAIL PROTECTED]>
> Delivery-date: Tue, 03 Aug 2004 12:30:22 +0100
> Received: from [158.125.1.193] (helo=bill.lut.ac.uk)
> by dougal.lut.ac.uk with esmtp (Exim 4.30)
> id 1BrxUs-0007lc-Bh
> for [EMAIL PROTECTED]; Tue, 03 Aug 2004
> 12:30:22 +0100
> Received: from smtp810.mail.ukl.yahoo.com ([217.12.12.200])
> by bill.lut.ac.uk with smtp (Exim 4.41)
> id 1BrxUl-0002je-GP
> for [EMAIL PROTECTED]; Tue, 03 Aug 2004 12:30:22 +0100
> Received: from unknown (HELO HELEN01)
> ([EMAIL PROTECTED]@81.136.151.191 with poptime)
^^^^^^^^^^^^^^ !!!!!!!!!!!!!!!
> by smtp810.mail.ukl.yahoo.com with SMTP; 3 Aug 2004 11:29:44 -0000
> Message-ID: <[EMAIL PROTECTED]>
> Reply-To: "Helen Fairhead" <[EMAIL PROTECTED]>
> From: "Helen Fairhead" <[EMAIL PROTECTED]>
> To: "Bob Haskins" <[EMAIL PROTECTED]>
Her sending IP 81.136.151.191 *is* listed in SORBS, so the
detection code may be working correctly.
Assuming BT provides outbound mail servers, she should probably
relay through btopenworld.com servers instead of sending directly
to yahoo's mail servers.
That said, I'm not really familiar with how SpamAssassin's RBL
code parses headers, etc. so I can't tell if this behavior
is proper or not. But she should still use BT's outbound mail
servers.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
