Re: Whitelist isn't working
QUICK FIX!
borked FH_DATE_PAST_20XX is your problem.
set in local.cf
score FH_DATE_PAST_20XX 0
and then read up about this rule in the list archive
On 2010-03-16 12:26, Phill Edwards wrote:
I'm running Spamassassin 3.2.5. I'm getting masses and masses of false
positives. I trashed my Bayes DB the other day and rebuilt it from
scratch with sa-learn but I'm still getting false positives. One
particularly troublesome one is a Freecycle mailing list that I
subscribe to. I have put this in the config file but it still keeps
getting marked as spam:
def_whitelist_from_rcvd *...@posts.freecycle.org posts.freecycle.org
The message headers of one of these emails that got falsely tagged as
spam look like this:
Return-path: post-1601702-2890...@bounces.freecycle.org
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ash.edwards.home
X-Spam-Level: RR
X-Spam-Status: Yes, score=6.6 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_06_12,
DKIM_SIGNED,DKIM_VERIFIED,FH_DATE_PAST_20XX,FROM_STARTS_WITH_NUMS,SPF_FAIL,
TVD_RCVD_IP autolearn=no version=3.2.5
X-Spam-Report:
* 1.9 TVD_RCVD_IP TVD_RCVD_IP
* 3.2 FH_DATE_PAST_20XX The date is grossly in the future.
* 1.5 FROM_STARTS_WITH_NUMS From: starts with many numbers
* 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
* 0.7 SPF_FAIL SPF: sender does not match SPF record (fail)
* [SPF failed: Please see
http://www.openspf.org/Why?s=mfrom;id=post-1601702-2890135%40bounces.freecycle.org;ip=220.233.2.146;r=ash.edwards.home]
* -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
* verification
* 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a signature
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.]
Envelope-to: myn...@exemail.com.au
Delivery-date: Tue, 16 Mar 2010 17:51:22 +1100
Received: from 146.2.233.220.static.exetel.com.au ([220.233.2.146]
helo=mscip02.mailsentry.net.au)
by chestnut2.exetel.com.au with esmtp (Exim 4.68)
(envelope-from post-1601702-2890...@bounces.freecycle.org)
id 1NrQcc-PC-Us
for myn...@exemail.com.au; Tue, 16 Mar 2010 17:51:22 +1100
Received: from bulkmail2.freecycle.org ([95.172.20.170])
by mscip02.mailsentry.net.au with ESMTP; 16 Mar 2010 17:51:21 +1100
Received: from localhost ([127.0.0.1] helo=freecycle.org)
by bulkmail2.freecycle.org with esmtp (Exim 4.69)
(envelope-from post-1601702-2890...@bounces.freecycle.org)
id 1NrQcZ-0001Df-Ct
for myn...@exemail.com.au; Tue, 16 Mar 2010 06:51:19 +
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=freecycle.org; h=
content-type:content-transfer-encoding:mime-version:list-id
:list-archive:list-unsubscribe:sender:subject:list-help
:list-post:date:list-owner:list-subscribe:from:to; s=dkim; bh=LS
8YK/tV+qiYlNx3atLWbnpUECc=; b=UQ3qhcXpAOSfz4+PHNWPKGKVNxumuqWq7f
E0ChhlyH0km2Yr6oca4q+jPMXbkVoKKE41IV309Z7nedXeXsUMorRSm5Bz0+PmJt
WI+riErLsOK+/8r5wi5P1ZCjYBrHn4Ozm4NiEkL/OrOVNlnSBMayjgZBbE1nZ6z0
Um2MxdIXU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=freecycle.org; h=content-type
:content-transfer-encoding:mime-version:list-id:list-archive
:list-unsubscribe:sender:subject:list-help:list-post:date
:list-owner:list-subscribe:from:to; q=dns; s=dkim; b=GLdug+LLz4R
ZmFtMl21GJB+VmyTaecD6N63kWNZnTDEvugWXEBNktE8h2Q4x2FidlH2Ioklhckw
xeR2PoqD4knlbQjNjDfVu6th+vA9CgqZ5cKK5VHd3lR/RS0GGQxPa1HuMyKhMXP5
Fd5LZ8mx39XxQq46VovNYomEPQFTHNvo=
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: My Freecycle (http://my.freecycle.org)
List-ID: WilloughbyFreecycle.groups.freecycle.org
X-TFN-Group: WilloughbyFreecycle
X-TFN-Postid: 2890135
List-Archive:
http://www.freecycle.orghttp://groups.freecycle.org/WilloughbyFreecycle
List-Unsubscribe: http://my.freecycle.org/home/groups/,
mailto:willoughbyfreecy...@mods.freecycle.org?subject=please unsubscribe
me
Sender: My Freecycle rw_boun...@freecycle.org
Subject: {SPAM 06.6} [WilloughbyFreecycle] OFFER: 'Bycol Clear' (Longueville)
List-Help:
http://www.freecycle.orghttp://groups.freecycle.org/WilloughbyFreecycle,
mailto:willoughbyfreecy...@mods.freecycle.org?subject=help (Group
ModTeam)
List-Post: mailto:willoughbyfreecy...@groups.freecycle.org
Date: Tue, 16 Mar 2010 17:51:13 -
List-Owner: mailto:willoughbyfreecy...@mods.freecycle.org (Group ModTeam)
List-Subscribe: http://my.freecycle.org/home/groups/,
mailto:willoughbyfreecy...@mods.freecycle.org
From: frances.dejong 2890...@posts.freecycle.org
To: myname myn...@exemail.com.au
Message-Id: e1nrqcz-0001df...@bulkmail2.freecycle.org
X-Spam-Prev-Subject: [WilloughbyFreecycle] OFFER: 'Bycol Clear' (Longueville)
Can anyone explain why the whitelist entry isn't
Re: Whitelist isn't working
On 16.03.10 22:26, Phill Edwards wrote: I'm running Spamassassin 3.2.5. I'm getting masses and masses of false positives. I trashed my Bayes DB the other day and rebuilt it from scratch with sa-learn but I'm still getting false positives. One particularly troublesome one is a Freecycle mailing list that I subscribe to. I have put this in the config file but it still keeps getting marked as spam: def_whitelist_from_rcvd *...@posts.freecycle.org posts.freecycle.org The message headers of one of these emails that got falsely tagged as spam look like this: * 3.2 FH_DATE_PAST_20XX The date is grossly in the future. This was fixed 2.5 months ago. You apparently didn't sa-update for months, do it now (and restart spamd if running) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.
Re: Whitelist isn't working
Phill, def_whitelist_from_rcvd *...@posts.freecycle.org posts.freecycle.org Received: from bulkmail2.freecycle.org ([95.172.20.170]) by mscip02.mailsentry.net.au with ESMTP; 16 Mar 2010 17:51:21 +1100 From: frances.dejong 2890...@posts.freecycle.org Can anyone explain why the whitelist entry isn't preventing this from being tagged as spam? posts.freecycle.org != bulkmail2.freecycle.org Mark
Re: Whitelist isn't working
On 3/16/2010 8:14 AM, Mark Martinec wrote: Phill, def_whitelist_from_rcvd *...@posts.freecycle.org posts.freecycle.org Received: from bulkmail2.freecycle.org ([95.172.20.170]) by mscip02.mailsentry.net.au with ESMTP; 16 Mar 2010 17:51:21 +1100 From: frances.dejong 2890...@posts.freecycle.org Can anyone explain why the whitelist entry isn't preventing this from being tagged as spam? posts.freecycle.org != bulkmail2.freecycle.org Mark They also need to set [220.233.2.146] as a part of trusted_networks (and internal_networks, if that has been declared at all), Currently all SPF and whitelist_from_rcvd's are going to be checked against a host of 146.2.233.220.static.exetel.com.au, which looks to be an upstream relay that all mail comes in through. You can tell this from the SPF line: * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=post-1601702-2890135%40bounces.freecycle.org;ip=220.233.2.146;r=ash.edwards.home]
Re: Whitelist isn't working
Curious that SPF_FAIL is reported... X-Spam-Report: * 1.9 TVD_RCVD_IP TVD_RCVD_IP * 3.2 FH_DATE_PAST_20XX The date is grossly in the future. * 1.5 FROM_STARTS_WITH_NUMS From: starts with many numbers * 1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date * 0.7 SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see $ host -t TXT freecycle.org freecycle.org descriptive text v=spf1 mx ip4:66.249.5.32 a:mailers.freecycle.org ~all so mx records, 66.249.5.32 and mailers.freecycle.org are permitted. $ host -t MX freecycle.org freecycle.org mail is handled by 10 mail.freecycle.org. $ host mail.freecycle.org mail.freecycle.org has address 209.208.102.2 $ host mailers.freecycle.org mailers.freecycle.org has address 94.102.151.10 mailers.freecycle.org has address 94.102.157.234 mailers.freecycle.org has address 95.172.20.138 mailers.freecycle.org has address 95.172.20.170 mailers.freecycle.org has address 209.40.195.67 mailers.freecycle.org has address 209.208.102.2 mailers.freecycle.org has address 66.249.5.27 mailers.freecycle.org has address 66.249.5.32 mailers.freecycle.org has address 66.249.5.33 mailers.freecycle.org has address 66.249.23.110 mailers.freecycle.org has address 67.223.226.47 mailers.freecycle.org has address 67.223.248.208 mailers.freecycle.org has address 67.223.252.100 mailers.freecycle.org has address 77.92.68.91 mailers.freecycle.org has address 77.92.72.179 mailers.freecycle.org has address 77.92.72.180 mailers.freecycle.org has address 83.170.113.10 $ host bulkmail2.freecycle.org bulkmail2.freecycle.org has address 95.172.20.170 bulkmail2.freecycle.org is a permitted sender, it's listed under mailers.freecycle.org. however, this email was from bounces.freecycle.org and it needs an SPF record as well. $ host -t TXT bounces.freecycle.org bounces.freecycle.org descriptive text v=spf1 include:freecycle.org -all bounces.freecycle.org does not have an A record but it's ip address, 95.172.20.170, is listed above in mailers.freecycle.org and also as bulkmail2.freecycle.org. Wonder why it failed? oh wait a minute.. Envelope-to: myn...@exemail.com.au Delivery-date: Tue, 16 Mar 2010 17:51:22 +1100 Received: from 146.2.233.220.static.exetel.com.au ([220.233.2.146] helo=mscip02.mailsentry.net.au) by chestnut2.exetel.com.au with esmtp (Exim 4.68) (envelope-from post-1601702-2890...@bounces.freecycle.org) id 1NrQcc-PC-Us for myn...@exemail.com.au; Tue, 16 Mar 2010 17:51:22 +1100 Received: from bulkmail2.freecycle.org ([95.172.20.170]) by mscip02.mailsentry.net.au with ESMTP; 16 Mar 2010 17:51:21 +1100 Received: from localhost ([127.0.0.1] helo=freecycle.org) by bulkmail2.freecycle.org with esmtp (Exim 4.69) was this a forwarded email? from mscip02.mailsentry.net.au to chestnut2.exetel.com.au? I don't think you can apply an SPF check after it's been forwarded. -lee Mark Martinec wrote: Phill, def_whitelist_from_rcvd *...@posts.freecycle.org posts.freecycle.org Received: from bulkmail2.freecycle.org ([95.172.20.170]) by mscip02.mailsentry.net.au with ESMTP; 16 Mar 2010 17:51:21 +1100 From: frances.dejong 2890...@posts.freecycle.org Can anyone explain why the whitelist entry isn't preventing this from being tagged as spam? posts.freecycle.org != bulkmail2.freecycle.org Mark
