> > > > There's been an lot of discussion lately about detection of > > forgeries ... however I wonder why the existing mechanisms > > don't work! In > > the e-mail below this message apparently was "whitelisted" by > > the default "whitelist_from_rcvd" rules for amazon.com. I do not > > have "amazon.com", nor "sun.com" in my personal whitelist. > > Yet from the 2nd line of the message it is apparent that this message > > did not come "amazon.com" at all. It came from > > "va-hopewell2-15.adelphia.net". Why was this message given > > a -100 score? > > > > Ragnar > > > > > > version=2.54-sentinet > > X-Spam-Level: > > X-Spam-Checker-Version: SpamAssassin 2.54-sentinet > *snip* > > It is a built in WL for that version of SA. SA 2.54 was considered a poor > release when it came to negative scores. They have been, and continue to be, > abused like a redheaded stepchild. Many people prefered to go back to 2.4x > instead of the 2.5x series. >
Do you mean built-in as in 60_whitelist.cf? Or built-in as in the perlscript that analyzes this. Before I willy-nilly upgrade with all the inherit development/test/QA cycle I like to know I'm actually fixing a problem. :-) Because the 60_whitelist.cf file clearly specifies a "whitelist_from_rcvd" rule which to my mind should not have been triggerred by the e-mail in question (note first two lines below). This e-mail did not come from "amazon.com". Return-Path: <[EMAIL PROTECTED]> Received: from amazon.com (va-hopewell2-15.adelphia.net [67.20.36.15] (may be forged)) Thanks and regards, Ragnar
