I recently saw an email get bounced that was legitimately coming from Microsoft:
Nov 13 14:59:26 mail mimedefang.pl[19053]: helo: maila.microsoft.com (131.107.115.212) said "helo smtp.microsoft.com" Nov 13 14:59:26 mail sendmail[21067]: kADLxLLR021067: from=<[EMAIL PROTECTED]>, size=1207, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, bodytype=7BIT, proto=ESMTP, daemon=MTA-v4, relay=maila.microsoft.com [131.107.115.212] Nov 13 14:59:29 mail mimedefang.pl[20521]: kADLxLLR021067: hits=6.909, req=5, names=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,L_WIN_CHARSET Nov 13 14:59:29 mail mimedefang.pl[20521]: MDLOG,kADLxLLR021067,spam,6.909,131.107.115.212,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,Out of Office: Software Development with Microsoft Nov 13 14:59:29 mail mimedefang.pl[20521]: filter: kADLxLLR021067: bounce=1 discard=1 Nov 13 14:59:29 mail mimedefang[5737]: kADLxLLR021067: Bouncing because filter instructed us to Nov 13 14:59:29 mail sendmail[21067]: kADLxLLR021067: Milter: data, reject=554 5.7.1 Message rejected; scored too high on the Spam test. Nov 13 14:59:29 mail sendmail[21067]: kADLxLLR021067: to=<[EMAIL PROTECTED]>, delay=00:00:03, pri=31207, stat=Message rejected; scored too high on the Spam test. I've put into my spamassassin/sa-mimedefang.cf file: whitelist_from_rcvd [EMAIL PROTECTED] smtp.microsoft.com What am I missing at this point? Does the 2nd arg to the whitelist_from_rcvd need to be maila.microsoft.com instead? And what do DNS_FROM_RFC_ABUSE and DNS_FROM_RFC_POST correspond to? Where do I get the descriptions of these tests, why some sites get tagged with them, etc? -Philip