On Friday 22 February 2008 17:52:13 Rosenbaum, Larry M. wrote: > > From: Andreas Ntaflos [mailto:[EMAIL PROTECTED] > > To spamassassin this spam appears to come from myself. It scored a low > > AWL but > > over 16 points all in all so the next message received from > > [EMAIL PROTECTED] would certainly get high AWL score. > > > > My questions are these: did I get this right? Is that really what seems > > to be > > happening? If so, how do I handle such a scenario? When it is so easy > > to > > forge header fields does it even make sense to have an AWL that assigns > > scores based on where the mail *appears* to be coming from? > > The AWL classifies its history by both return address and IP. It sounds > like in your case it is using the wrong IP, which may indicate problems > with your trust path. Please see > > http://wiki.apache.org/spamassassin/TrustPath
Thank you for your reply! Unfortunately I'm not sure how setting trusted_networks will help me, or how to test if it does. As far as I understand none of the symptoms described in the wikipage you linked are observed in my problematic scenario? Are there any other reasons why AWL would continuously score in the wrong direction (i.e. positive)? Maybe I should explain my setup a little further. I, as many others nowadays, have several email addresses and use a single mailserver (under my control) to retrieve mails (with getmail, and getmail putting retrieved mail through external filters such as spamc and clamscan) from several other mailservers (not under my control). I use my mailserver to send out mails for these addresses, using postfix (with SASL auth) and amavisd (amavisd is configured to bypass spam and virus checks for users who have authenticated successfully through SASL). So I added my mailserver to the trusted_networks but after removing that particularly troublesome address from the whitelist (spamassassin --remove-addr-from-whitelist) and a few tests it seems that AWL again scores in the wrong direction. Should I also add the remote mailserver that is final destination for that troublesome address to trusted_networks? What else can I check to solve that problem? What else can I read to understand the problem better? Because now I am not sure anymore that I *do* really understand. Please forgive my ignorance. Andreas -- Andreas Ntaflos Vienna, Austria GPG Fingerprint: 6234 2E8E 5C81 C6CB E5EC 7E65 397C E2A8 090C A9B4
signature.asc
Description: This is a digitally signed message part.
