Re: [Declude.JunkMail] What's wrong with this header?

[Matt]

Scott, False positives on this are rare, but not quite as rare on my systems as your stats suggest.  For instance, I have the following list of exceptions that I gathered in the course of about two weeks and there is definitely more: Header indications of mailer software that fail CMDSPACE: HEADERS        END    CONTAINS    eSafe HEADERS        END    CONTAINS    X-Mailer: Direct Mail for Mac OS X HEADERS        END    CONTAINS    X-BFI: HEADERS        END    CONTAINS    X-Mailer: eBizmailer3.6 HEADERS        END    CONTAINS    X-YAlerts-TracerId: HEADERS        END    CONTAINS    X-Mailer: DvISE by Tobit Software HEADERS        END    CONTAINS    MailID: KIN Reverse DNS entries of companies with mailer software that fails CMDSPACE: REVDNS        END    ENDSWITH    .bigfootinteractive.com REVDNS        END    ENDSWITH    .ezinedirector.net REVDNS        END    ENDSWITH    .postsnet.com REVDNS        END    ENDSWITH    .overture.com REVDNS        END    ENDSWITH    .expedia.com While the software/services that have this flaw might also be associated with some spam, I gathered this list exclusively from false positives that has reached our hold weight.  We weight this at 3 points, although we do use combo filters that enhance the punishment under certain conditions such as double hits with XBL. Matt R. Scott Perry wrote: We're still running Imail 7.15 -- I have yet to see any value in upgrading to 8.x -- so is there an easy way to do the whitelisting of local accounts for IMail 7.x? In that case, you may want to consider whitelisting them based on their IPs. Also, what would you think about lowering the weight for CMDSPACE from 8 to 4? That is up to you.  It is very rare to see a false positive on this test for mail that is not coming from your own users, so the best option is to either whitelist your own users or find some other method of reducing their weight.  If that is not possible, though, reducing the weight of the CMDSPACE test may be the best option.                                                    -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================