(reposting the same message without attachments) Hi
After reading this thread and have seen 3 spam messages in my inbox who has final results-lines in the header with more then 200% of my hold weight I've made some research: Exactly the same is happening here with Declude 3.1.0 and Imail 8.15 from 2006-06-04 20:00:00 GMT+1 on. I have the same actions for in- and outgoing messages in my config files. Normaly a message in v3+ is (MID) logged with 6 lines. Each message with the final action "NO ACTIONS WERE TAKEN" has only 2 lines in the logfile 06/04/2006 20:00:37.719 q1fa255d9003021bd.smd CBL:10 SPAMCOP:20 ... . Total weight = 360. 06/04/2006 20:00:37.719 q1fa255d9003021bd.smd Cumulative action(s) taken on this email = NO ACTIONS WERE TAKEN With this final weight the defined action is HOLD. I've noted also that this two lines are looking nearly like a whitelisted message: 06/04/2006 19:31:27.015 q18de1b3b00b21c63.smd Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=WHITELISTED] 06/04/2006 19:31:27.015 q18de1b3b00b21c63.smd Cumulative action(s) taken on this email = NO ACTIONS WERE TAKEN So it seems to me that something is whitelisting this type of message but I don't know what. Following my logfiles arround 400 spam each one with a final result between 200 and 400% of the defined hold weight has passed the filter instead of being HOLD. Markus > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im Auftrag von > John Shacklett > Gesendet: Montag, 5. Juni 2006 13:37 > An: [email protected] > Betreff: RE: [Declude.JunkMail] No action taken > > This morning I'm seeing a flood of stock spam with scores > that are more than double my delete weight getting through > with "no action taken". I'm looking at one right now with a > score of 67, and in my scheme we delete at 30. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matt > Sent: Sunday, 04 June 2006 8:21 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] No action taken > > I was noticing the other day on some version of 4.x that > bounce messages for a domain that should have been using the > settings in my $Default$.JunkMail failed to take those > actions. Typically I do per-domain configs, but a few I just > have using my $Default$.JunkMail. I noticed this as soon as I > upgraded to 4.x, and I'm pretty sure it is a bug. I am not > sure if it only affects bounce messages or all messages for > those domains (note that all of my domains are gatewayed from > the Declude box so they may be treated differently from > locally hosted E-mail. > > I believe that putting the actions in your Global.cfg would > take action on this stuff. Global.cfg is meant for outgoing > E-mail actions. While this was clearly incoming E-mail and > not the way things used to work with 2.x and before, I'm > pretty sure that this will take care of the issue. > > When I get some time to look into this further I'll probably > report the bug to Declude. I'm pretty sure that I have seen > several other such posts that might have been caused by this > change in behavior. > > Matt > > > > Heimir Eidskrem wrote: > > > > > Why would no action been taken on this email. > > We hold on 100. > > > > > > From Declude log: > > > > 06/04/2006 17:38:44.987 q60eb01820000d92b.smd Triggered COUNTRIES > > CONTAINS filter COUNTRYFILTER on ES [weight->10]. > > 06/04/2006 17:38:45.003 q60eb01820000d92b.smd Filter: Set > max weight > > to 60. > > 06/04/2006 17:38:45.112 q60eb01820000d92b.smd Filter: Set > max weight > > to 70. > > 06/04/2006 17:38:45.159 q60eb01820000d92b.smd Filter > REVDNSBLACKLIST: > > Skipping E-mail with a current weight of 245 (>=80) > > 06/04/2006 17:38:45.159 q60eb01820000d92b.smd Filter BADWORDFILTER: > > Skipping E-mail with a current weight of 245 (>=30) > > 06/04/2006 17:38:45.159 q60eb01820000d92b.smd SPAMCOP:70 > FIVETENSRC:30 > > SORBS-DUL:35 COUNTRYFILTER:10 SNIFFERGETRICH:100 . Total > weight = 245. > > 06/04/2006 17:38:45.159 q60eb01820000d92b.smd Cumulative action(s) > > taken on this email = NO ACTIONS WERE TAKEN > > > > > > > > Received: from jose-mih7wjftkx [62.42.134.246] by xxxxxxxxxxx with > > ESMTP > > (SMTPD-8.22) id A0EC1404; Sun, 04 Jun 2006 17:38:36 -0500 > > Date: Sun, 4 Jun 2006 22:38:39 -0060 > > From: "Rene Benjamin" [EMAIL PROTECTED] > > X-Mailer: The Bat! (3.69.9) Personal > > Reply-To: [EMAIL PROTECTED] > > X-Priority: 3 (Normal) > > Message-ID: <[EMAIL PROTECTED]> > > To: xxxxxxxx > > Subject: Under The Radar Equity Alert > > MIME-Version: 1.0 > > Content-Type: text/plain; charset=us-ascii > > Content-Transfer-Encoding: 7bit > > X-Declude-Sender: <> [62.42.134.246] > > X-Declude-Spoolname: D60eb01820000d92b.smd > > X-Spam-Tests-Failed: SPAMCOP, FIVETENSRC, SORBS-DUL, > NOLEGITCONTENT, > > IPNOTINMX, COUNTRYFILTER, SNIFFERGETRICH, WEIGHT75, WEIGHT100, > > CATCHALLMAILS [245] > > X-Note: This E-mail was scanned by Declude JunkMail > (www.declude.com) > > for spam. > > X-RCPT-TO: <[EMAIL PROTECTED]> > > Status: U > > X-UIDL: 440029386 > > > > > > X-IMail-ThreadID: 60eb01820000d92b > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
