So what weight do you have your Routing and BadHeaders tests? And what is your hold/mark weight?
Chances are you need to reduce one or both of Routing and BadHeaders. We have Routing at 125% of our hold weight, but BadHeaders is only 35% of our hold weight. However, we have some negative weighting in place that compensates for most false positives from these tests. We do see occassional false positives with Routing, so that is probably the test for you to concentrate on. Darin. ----- Original Message ----- From: "Imail Admin" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, February 25, 2005 5:53 PM Subject: [IMail Forum] Unexpected spam filtering Hey Len, Every so often one of Len's messages comes through marked as spam. He's the only person on this list where this happens, and I really have more faith that he has his email setup correctly than I have that our spam filtering is correct. So I'm trying to figure out why this happens. Here is the source from a recent message. Ben Bednarz **************************************************************************** *************** Received: from list.ipswitch.com [156.21.1.21] by bcw6.bcwebhost.net with ESMTP (SMTPD32-7.15) id AB61A301CE; Fri, 25 Feb 2005 10:16:01 -0800 Received: from mgw1.MEIway.com [81.255.84.75] by list.ipswitch.com with ESMTP (SMTPD32-8.12) id AC41CECF017E; Fri, 25 Feb 2005 13:19:45 -0500 Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 9E1C2471908 for <[email protected]>; Fri, 25 Feb 2005 19:13:38 +0100 (CET) (envelope-from [EMAIL PROTECTED]) Received: from localhost (localhost.MEIWay.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 405D438669D for <[email protected]>; Fri, 25 Feb 2005 19:13:39 +0100 (CET) (envelope-from [EMAIL PROTECTED]) X-AV-Checked: Fri Feb 25 19:13:39 2005 virusgate.meiway.com Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 2355D386658 for <[email protected]>; Fri, 25 Feb 2005 19:13:39 +0100 (CET) (envelope-from [EMAIL PROTECTED]) Received: from tx2.Go2France.com [24.227.147.226] by mail.Go2France.com with ESMTP (SMTPD32-7.07) id A81F94103AC; Fri, 25 Feb 2005 19:02:07 +0100 Message-Id: <[EMAIL PROTECTED]> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Fri, 25 Feb 2005 12:13:28 -0600 To: [email protected] From: Len Conrad <[EMAIL PROTECTED]> Subject: SPAM [5]Re: [IMail Forum] Windows TCP/IP Filtering In-Reply-To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [email protected] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a004010f]. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a004010f]. X-Declude-Sender: [EMAIL PROTECTED] [156.21.1.21] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, ROUTING, WEIGHT5, WEIGHT5r [5] X-Note: This E-mail was sent from list.ipswitch.com ([156.21.1.21]). X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 401605649 >I agree with Scott with this caveat...some firewalls will lock down the >outbound >1024 to prevent application hijacking. So in these cases you have >to allow the apps outbound privileges. But "network-security" firewalls don't know about "applications", only protocols, ip's, ports. That's why I mentioned a "host-security" firewall, like Zone Alarm, which controls applications and OS services (and malicious stuff) that are attempting egress. SA also has per-block logging. Len _____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
