Dear fellow SA devotees,
Here's a couple of headers from a recent email:
Received: from web80213.mail.yahoo.com (web80213.mail.yahoo.com [66.218.79.48]) by MY.SERVER.RUNNING.SA;
Message-ID: <[EMAIL PROTECTED]>
Received: from [XX.XX.XX.XX] by web80213.mail.yahoo.com via HTTP; Tue, 23 Mar 2004 20:44:10 PST
And here is SA's test breakdown:
Spam analysis details: (9.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.4 BAYES_20 BODY: Bayesian spam probability is 20 to 30%
[score: 0.2441]
0.1 HTML_FONTCOLOR_BLUE BODY: HTML font color is blue
0.1 HTML_MESSAGE BODY: HTML included in message
3.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP
[XX.XX.XX.XX listed in dnsbl.njabl.org]
2.5 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[XX.XX.XX.XX listed in dnsbl.sorbs.net]
2.5 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org
[XX.XX.XX.XX listed in dnsbl.njabl.org]
2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[XX.XX.XX.XX listed in dnsbl.sorbs.net]
Now if understand the way the rules are supposed to work, SA should have checked the DNSBLs for web80213.mail.yahoo.com, not XX.XX.XX.XX. XX.XX.XX.XX used a valid smart host to send his mail right? so he shouldn't have gotten caught by SA on those tests.
Anybody else seen this happen?
Thanks,
Adam
--
------------------------------------------------------------ Adam Bayless | vi /etc/mail/aliases Fibernet System Janitor | complaints: /dev/null [EMAIL PROTECTED] | :wq baylessfamily.org/~abayless | newaliases ------------------------------------------------------------
