Hello, A spam just came through my server, and it got -100 from the rule USER_IN_WHITELIST. But that is NOT in my white-list!
[EMAIL PROTECTED] spamassassin]# pwd /etc/mail/spamassassin [EMAIL PROTECTED] spamassassin]# grep -v "^#" *|grep -i white local.cf:whitelist_to [EMAIL PROTECTED], [EMAIL PROTECTED] local.cf:whitelist_from_rcvd * xxxx.com.br local.cf:whitelist_from_rcvd * yyyy.com.br local.cf:whitelist_from_rcvd [EMAIL PROTECTED] sourceforge.net local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:whitelist_from [EMAIL PROTECTED] local.cf:score USER_IN_WHITELIST -100.000 local.cf:score USER_IN_WHITELIST_TO -6.000 [EMAIL PROTECTED] spamassassin]# The headers as from spamassassin -t < spam.eml: X-UIDL: AAQoJ0/AAAwMQpjA/q4KWuUb7xhXNtYr X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Received: from mx01.xxxx.com.br ([200.xxx.xxx.xxx]) by exchange.xxxx.com.br with Microsoft SMTPSVC(5.0.2195.6713); Thu, 20 Nov 2003 16:48:48 -0200 Received: from localhost (localhost.localdomain [127.0.0.1]) by mx01.xxxx.com.br (Postfix) with ESMTP id BC109A65DE; Thu, 20 Nov 2003 16:47:14 -0200 (EDT) Received: from mx01.xxxx.com.br ([127.0.0.1]) by localhost (mx01.xxxx.com.br [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 17784-01-17; Thu, 20 Nov 2003 16:47:14 -0200 (EDT) Received: from xxxx.com.br (KH218-187-175-184.adsl.pl.apol.com.tw [218.187.175.184]) by mx01.xxxx.com.br (Postfix) with SMTP id 351ADA65D5; Thu, 20 Nov 2003 16:47:10 -0200 (EDT) From: "airbus2003" <""> Subject: =?Big5?B?uvS49KTAqlI=?= Content-Type: text/html Date: Fri, 21 Nov 2003 00:05:21 +0800 X-Priority: 3 X-Library: Indy 9.0.3-B Message-Id: <[EMAIL PROTECTED]> To: undisclosed-recipients: ; X-Virus-Scanned: by ClamAV at xxxx.com.br Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 20 Nov 2003 18:48:48.0080 (UTC) FILETIME=[EEAD5D00:01C3AF96] X-Spam-Checker-Version: SpamAssassin 2.60-spambr_20030926a (1.212-2003-09-23-exp) on bat.xxxx.com.br X-Spam-Level: X-Spam-Status: No, hits=-84.9 required=8.2 tests=CHARSET_FARAWAY_HEADER, FRONTPAGE,HTML_60_70,HTML_CHARSET_FARAWAY,HTML_FONTCOLOR_BLUE, HTML_FONTCOLOR_GREEN,HTML_FONTCOLOR_RED,HTML_FONT_BIG, HTML_FONT_FACE_BAD,HTML_FONT_FACE_ODD,HTML_MESSAGE, MAILTO_TO_SPAM_ADDR,MAILTO_WITH_SUBJ,MIME_HEADER_CTYPE_ONLY, MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,PRIORITY_NO_NAME,UNDISC_RECIPS, UNWANTED_LANGUAGE_BODY,USER_IN_WHITELIST,X_LIBRARY autolearn=no version=2.60-spambr_20030926a Content analysis details: (-84.9 points, 8.2 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.6 X_LIBRARY Message has X-Library header 1.2 UNDISC_RECIPS Valid-looking To "undisclosed-recipients" 0.1 HTML_60_70 BODY: Message is 60% to 70% HTML 0.3 HTML_FONT_FACE_ODD BODY: HTML font face is not a commonly used face 0.1 HTML_FONTCOLOR_GREEN BODY: HTML font color is green 0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue 0.1 HTML_MESSAGE BODY: HTML included in message 0.4 HTML_FONT_FACE_BAD BODY: HTML font face is not a word 0.3 HTML_FONT_BIG BODY: HTML has a big font 2.8 UNWANTED_LANGUAGE_BODY BODY: Message written in an undesired language 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red 0.7 FRONTPAGE BODY: Frontpage used to create the message 0.8 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset 0.0 MAILTO_WITH_SUBJ URI: Includes a link to send a mail with a subject 0.4 MAILTO_TO_SPAM_ADDR URI: Includes a link to a likely spammer email -100 USER_IN_WHITELIST From: address is in the user's white-list 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers 1.9 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers 0.5 HTML_CHARSET_FARAWAY A foreign language charset used in HTML markup 0.5 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer mmmm.... Would the rule local.cf:whitelist_from_rcvd * xxxx.com.br be white-listing everything? Thanks for any input. Regards, -- Marcio Merlone [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ UIN #13746928 - Linux user #104911 [ "$error" -eq "0" ] && eval [ "\${$servidor}" -gt "$lim" ] || error=2 PII350 128MB RAM Voodoo4500 32MB Samsumg 510s Quantum 6GB M6x1,5 - 2pçs W3/16"x1.1/4" - 1 pç + 2N3055 - 4 pçs '95 Fiat Tipo 1.6 gasolina '98 Suzuki Intruder 250 idem "Qualquer besteira ou código escrito embaixo de uma assinatura de email parece coisa séria." ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk