On Fri, 30 Jan 2015, Lucio Chiappetti wrote:
I have just been reported a couple of false positives in our (old and stable)
spamassassin config. I reported them to our sysman, but it is better that I
enquire (I assisted him in the initial setup though I forgot most),
The false positives came from academic domains, an University here in Italy,
and the NRAO in the USA. We have been receiving from them without problem
until the false positive occurrred. The score goes above our rather
restrictive threshold because of rules like this
* 2.4 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org
for both of them. Is this a reliable source or too picky ?
It's defunct.
http://community.zimbra.com/collaboration/f/1884/t/1137276
* 3.4 RCVD_ILLEGAL_IP Received: contains illegal IP address
what is this about ? I see nothing strange
What's the IP?
Now that is not unexpected. The message was a mailman administration message.
The mailing list had received some spam attempt from non-subscribers, which
went "into moderation". I received them as moderator. In fact the offending
URLs were just the spammer's email address. So they are not a great loss,
but I would not like to miss legitimate messages from that mailman
installation !
So don't pass messages to the mailman moderator address through SA, or if
you do, don't discard them if they score high.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The first time I saw a bagpipe, I thought the player was torturing
an octopus. I was amazed they could scream so loudly.
-- cat_herder_5263 on Y! SCOX
-----------------------------------------------------------------------
2 days until the 12th anniversary of the loss of STS-107 Columbia
