On Mon, 1 Jun 2009, Rich Shepard wrote:
I'm running SA-3.2.5 on Slackware-12.2 and encountering false positives on messages that have not before been seen as spam by SA. Specifically, the daily postfix mail log summary report and the daily logwatch report are marked at spam; they are sent by root to me as a user.
That sort of thing shouldn't even be hitting SA. If you're using procmail to glue in SA, you might want to add some exclusionary clauses to the stanza that calls SA.
Over the past few months I've also had problems with messages from three specific domains that were never delivered to my inbox. However, when a procmail recipe directed all messages to me at my business domain to a different mail file, they were delivered.
It can be a bad idea, particularly if you're an administrator or delegate for the postmaster@ or abuse@ aliases, to discard mail that SA has marked as spam. Quarantine it and periodically review the quarantine.
How can I determine what causes SA to mark the log summary reports as spam? This is the first issue I want to resolve.
First, capture the messages rather than discarding them. The FPs should have the list of rules that hit in the headers.
For historical messages you should be able to look in your mail log (typically /var/log/maillog or rotated to /var/log/maillog.1.gz etc.) for the SA log entry for the messages in question, which also list the rules hit.
If you post the list of rules hit, or better a complete FP message with all headers intact, we may be able to suggest more precisely. Please don't post messages to the list; post them on pastebin or a webserver you control, and send the URL to the list.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [email protected] FALaholic #11174 pgpk -a [email protected] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- It is not the business of government to make men virtuous or religious, or to preserve the fool from the consequences of his own folly. -- Henry George ----------------------------------------------------------------------- 5 days until the 65th anniversary of D-Day
