I got the following spam, and am feeling that USER_IN_DEF_WHITELIST at
-15 is not really the right thing to be doing - but I know there are
often good reasons for the SA decisions.
spamassassin -t says:
-15 USER_IN_DEF_WHITELIST From: address is in the default white-list
and this is misleading, as it's really the envelope sender:
[7751] dbg: rules: address [EMAIL PROTECTED] matches (def_)whitelist_from_rcvd
[EMAIL PROTECTED] yahoo.com
[7751] dbg: rules: ran eval rule USER_IN_DEF_WHITELIST ======> got hit (1)
So, I wonder:
is the -15 really justified?
why is [EMAIL PROTECTED] in the default whitelist?
shouldn't addresses from senders known to use dkim/etc. only be
recognized if a dkim signature is present (assuming there is dkim
support).
All that said, this is my first spam that got through because of
USER_IN_DEF_WHITELIST, where got through means score < 1.0.
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fnord.ir.bbn.com
X-Spam-Level:
X-Spam-Status: No, score=-7.7 required=1.0 tests=AWL,BAYES_99,
SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,TVD_SPACE_RATIO,
USER_IN_DEF_WHITELIST autolearn=no version=3.2.5
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from n6.smail.tw1.yahoo.com (n6.smail.tw1.yahoo.com [119.160.244.173])
by fnord.ir.bbn.com (Postfix) with ESMTP id B13A252A5
for <[EMAIL PROTECTED]>; Wed, 3 Sep 2008 19:24:26 -0400 (EDT)
Received: from w1.mtf.tw1.yahoo.com (w1.mtf.tw1.yahoo.com [119.160.244.159])
by n6.smail.tw1.yahoo.com (Postfix) with ESMTP id 20EBA201FD7F;
Thu, 4 Sep 2008 06:06:46 +0800 (CST)
Received: (from [EMAIL PROTECTED])
by w1.mtf.tw1.yahoo.com (8.14.2/8.14.2) id m83M6j89036233;
Thu, 4 Sep 2008 06:06:45 +0800 (CST)
(envelope-from [EMAIL PROTECTED])
Date: Thu, 4 Sep 2008 06:06:45 +0800 (CST)
Message-Id: <[EMAIL PROTECTED]>
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Cc:
Reply-To: [EMAIL PROTECTED]
Subject: Yahoo!©_¼¯¥Í¬¡+ - ¤p¥i·R¤º·f¥un$9¤¸ Åwªï¦Û¨ú
Errors-To: [EMAIL PROTECTED]
X-Originating-IP: 218.172.243.237
X-Greylist: Delayed for 01:17:35 by milter-greylist-4.0 (fnord.ir.bbn.com
[0.0.0.0]); Wed, 03 Sep 2008 19:24:26 -0400 (EDT)
[EMAIL PROTECTED] [EMAIL PROTECTED]
------------------------------------------------------------
µ¹±zªº¯d¨¥¡G
¡¹¡¹¡¹¡¹´«©u ÅåÃz¶W§C»ù ¡¹¡¹¡¹¡¹
http://tw.f4.page.bid.yahoo.com/tw/auction/d34340110?u=may26tw
¤p¥i·R ®öº©©Ê·P¤º·f ¬y¦æ´Ú ¥un $ 9 ¤¸
¤p¥i·R¤º·f¥un$9¤¸ Åwªï¦Û¨ú
http://tw.lifestyle.yahoo.com/0229316c/080625/143/3urg1.html
------------------------------------------------------------
Yahoo!©_¼¯¥Í¬¡+
http://lifestyle.yahoo.com.tw/
ª©Åv©Ò¦³ Yahoo!©_¼¯
