> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:assp-test-
> [EMAIL PROTECTED] On Behalf Of Fritz Borgstedt
> Sent: Tuesday, May 20, 2008 1:30 PM
> To: ASSP development mailing list
> Subject: Re: [Assp-test] noProcessing/noBayesian addresses still tagged
> with [Bayesian] -
>
> ASSP development mailing list <[email protected]>
> schreibt:
> >
> >Looking at the message header email address above shows up as
> >Return-Path.
> >
> >
> >
> >Note that the [ mailto:[EMAIL PROTECTED] ]mailto:[EMAIL PROTECTED] is in
> >both noProcessing AND noBayesian. Am I missing something?
>
> The Return-Path is not a trusted source for the sender-address. We
> trust only the envelope address.
> The real sender address is
> <[EMAIL PROTECTED]>
>
>
> It can be found in the ASSP log and in the header X-Assp-Envelope-From:
>
> So put the full address or " @response.sde.com" into noprocessing.
> It may be even ok to put ".sde.com" into noprocessing.
Thanks Fritz. Along similar lines, this confuses me a bit also: I have a
message that was caught as Bayesian (message id-78619-08902). The analyzer
shows:
Feature Matching:
* Red RE: 'X-Assp-Spam: YES'
* Valid Format of HELO: 'mail.gmx.net'
* 213.165.64.20 is in PTRCache: status=ok-
* 213.165.64 has a Griplist value of 0.062147: (adds 0.062147 0.062147)
--------------------------------------------------------------------------------
Bayesian Analysis:
Bad Words Bad Prob Good Words Good Prob
ssub bayesian 0.0000
bayesian ssub 0.0000
project ssub 0.0785
ssub project 0.0785
<our user> 0.0972
rcpt kim.klein 0.1790
<my domain> rcpt 0.2314
gmx.net rcpt 0.2894
3rd ssub 0.3766
ssub 3rd 0.3766
environmental ssub 0.3928
ssub environmental 0.3928
Totals: 0.0000 0.0000 0.0621 0.0621 0.0785 0.0785 0.0972 0.0972 0.1790 0.1790
0.2314 0.2314 0.2894 0.2894 0.3766 0.3766 0.3928 0.3928
--------------------------------------------------------------------------------
Spam Probability:
probability: 0.0000
But the log shows:
May-21-08 07:03:40 id-78619-08902 213.165.64.20 <[EMAIL PROTECTED]> to: <our
user>
PB-Message-Score is -20, added -20 (213.165.64 in griplist <
0,1)
May-21-08 07:03:40 Commencing RBL checks on 213.165.64.20
May-21-08 07:03:40 Completed RBL checks on 213.165.64.20
May-21-08 07:03:40 id-78608-13227 24.232.60.35 <[EMAIL PROTECTED]
com> to: <another user> recipient delayed: <another user>
May-21-08 07:03:44 Disconnected: 24.232.60.35
May-21-08 07:03:57 Connected: 69.51.29.19:64946 -> My ASSP IP:25 -> My Exchange
IP:25
May-21-08 07:03:58 Connected: 206.222.20.19:52264 -> My ASSP IP:25 -> My
Exchange IP:25
May-21-08 07:04:02 id-78642-08488 [DNSBL] 69.51.29.19 <[EMAIL PROTECTED]> spam
found
(69.51.29.19 listed in DNSBLcache by bl.spamcop.net,
blackholes.five-ten-sg.
com) []
May-21-08 07:04:02 Disconnected: 69.51.29.19
May-21-08 07:04:08 id-78648-06799 206.222.20.19 <[EMAIL PROTECTED]>
PB-Message-Score is 20, added 20
(206.222.20.19 listed in DNSBLcache by bl.spamcop.net,
blackholes.five-ten-
sg.com)
May-21-08 07:04:08 id-78648-06799 206.222.20.19 <[EMAIL PROTECTED]> PB-IP-Score
for '206.222.20.0'
is 80, added 20 for DNSBLcache
May-21-08 07:04:08 id-78648-06799 [DNSBL] 206.222.20.19 <[EMAIL PROTECTED]>
spam found
(206.222.20.19 listed in DNSBLcache by bl.spamcop.net,
blackholes.five-ten-sg.
com) []
May-21-08 07:04:08 Disconnected: 206.222.20.19
May-21-08 07:04:10 id-78619-08902 213.165.64.20 <[EMAIL PROTECTED]> to: <our
user>
ClamAV: scanned 100012 bytes in message - OK
May-21-08 07:04:26 id-78619-08902 213.165.64.20 <[EMAIL PROTECTED]> to: <our
user>
Bayesian Check - Prob: 1.00000 => spam
May-21-08 07:04:26 id-78619-08902 [Bayesian] 213.165.64.20 <[EMAIL PROTECTED]>
to: <our user> spam found (Bayesian) [Environmental project 3rd periode] ->
nocollect:freq
There are 3 other connections between the start of this message deliver and the
end. Maybe this all makes sense, but I don't see it.
Thanks,
Geoff
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
