On Sunday 21 May 2006 1:52 pm, Matt Kettler wrote: > Chris wrote: > > I've got an FN that showed up in my inbox, the above tag with -15 for a > > score is keeping it from being tagged as spam. I've ran spamassassin -R > > and spamassassin --remove-addr-from-whitelist= > > That command only affects the AWL. It does not affect the real > whitelists. > > > however the its still got the > > tag. Where is the default whitelist and how can I remove this address? > > it's in /usr/share/spamassassin/60_whitelist.cf. > > Also, if your false-positive is a forged email, make sure your > trusted_networks is set properly. If SA is mis-trusting headers, it may > cause whitelist_from_rcvd type rules to match for forgeries. > > http://wiki.apache.org/spamassassin/TrustPath > > Note: that page mentions whitelist_from_rcvd not matching as a symptom.. > this is true, but trust path problems can also go the other way and > cause it to match more than it should. > > > I would also suggest that if there is an entry there that's causing you > problems, and it's not caused by mis-parsing, let us know about it.
Matt, here are the headers of the message: X-Spam-Virus: No X-Spam-Seen: Tokens 102 X-Spam-New: Tokens 265 X-Spam-Remote: Host localhost.localdomain X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on cpollock.localdomain X-Spam-Hammy: Tokens 4 X-Spam-Status: No, score=2.4 required=5.0 tests=BAYES_99,DCC_CHECK, RCVD_IN_XBL,RM_t_bobbf,SORTED_RECIPS,SPF_FAIL,SUSPICIOUS_RECIPS, UNPARSEABLE_RELAY,USER_IN_DEF_WHITELIST autolearn=disabled version=3.1.0 X-Spam-Spammy: Tokens 34 X-Spam-Pyzor: Reported 0 times. X-Spam-Token: Summary Tokens: new, 163; hammy, 4; neutral, 64; spammy, 34. X-Spam-DCC: dcc.uncw.edu cpollock 1201; Body=1 Fuz1=1 Fuz2=many X-Spam-Untrusted: Relays [ ip=200.8.7.99 rdns=mailer.whitehat.com helo=mailer.whitehat.com by=mx-roseate.atl.sa.earthlink.net ident= envfrom= intl=0 id=1fHL0V28i3Nl34f0 auth= ] X-Spam-Level: ** X-Spam-RBL: Results <dns:99.7.8.200.sbl-xbl.spamhaus.org> [127.0.0.4] <dns:mailer.whitehat.com?type=MX> [5 mailer.whitehat.com.] <dns:mailer.whitehat.com> [204.74.75.15] Status: U Return-Path: <[EMAIL PROTECTED]> Received: from pop.earthlink.net [209.86.93.201] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Sun, 21 May 2006 05:20:08 -0500 (CDT) Received: from mailer.whitehat.com ([200.8.7.99]) by mx-roseate.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1fHL0V28i3Nl34f0; Sun, 21 May 2006 06:18:24 -0400 (EDT) Received: from smtp.endend.nl ([Mon, 22 May 2006 06:02:50 +0200]) by relay.2yahoo.com with NNFMP; Mon, 22 May 2006 06:02:50 +0200 Received: from Mon, 22 May 2006 05:48:33 +0200 ([Mon, 22 May 2006 05:48:33 +0200]) by relay-x.misswldrs.com with SMTP; Mon, 22 May 2006 05:48:33 +0200 Received: from external.newsubdomain.com ([Mon, 22 May 2006 05:34:14 +0200]) by qrx.quickslick.com with NNFMP; Mon, 22 May 2006 05:34:14 +0200 Message-ID: <[EMAIL PROTECTED]> Reply-To: "Blythe Gordon" <[EMAIL PROTECTED]> From: "Bethann Ryan" <[EMAIL PROTECTED]> To: "Ashlyn J Johnson" <[EMAIL PROTECTED]>, "Annalee" <[EMAIL PROTECTED]>, "Alline Barber" <[EMAIL PROTECTED]>, "Yuko N Parker" <[EMAIL PROTECTED]>, "Vella" <[EMAIL PROTECTED]>, "Trang Gray" <[EMAIL PROTECTED]>, "Towanda B Brown" <[EMAIL PROTECTED]> Subject: loads of players online, win big Date: Mon, 22 May 2006 05:24:09 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-ELNK-Info: spv=1; X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SenderIP: 200.8.7.99 X-ASN: ASN-21826 X-CIDR: 200.8.6.0/23 X-UID: 1 X-Length: 3728 As you can see "Received: from mailer.whitehat.com" matches the entry in 60_whitelist.cf: def_whitelist_from_rcvd [EMAIL PROTECTED] whitehat.com I suppose thats where that tag came from. I have raised the score on the RM_t_bobbf from 3.0 to 10.0 for now which raised the score on this message to above the 5.0 threshold. -- Chris Registered Linux User 283774 http://counter.li.org 21:17:11 up 7 days, 9:17, 2 users, load average: 1.48, 0.80, 0.58 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
pgpMDkxzeiGYY.pgp
Description: PGP signature
