[Fwd: Re: debianuser@brown.edu]
Jean-David Beyer
jdbeyer at exit109.com
Fri Jan 23 08:12:40 CET 2004
I sent an e-mail to the technical guru at my ISP and received the
following response. First, I sent him:
>> I am in a mailing list that suddenly started getting lots of the posts
>> caught by your SpamAssassin. Now these are not spams, but I am not sure
>> how to get them past the filtering. Here are a few that are still in my
>> SpamAssassin inbox:
>>
>> 6.2 01/22 09:08 AM debianuser at brown.edu Re: debianuser at brown.edu
>> 6.2 01/22 10:02 AM debianuser at brown.edu Re: debianuser at brown.edu
>> 7.5 01/22 11:18 AM mail at mark-kirchner.de Re: debianuser at brown.edu
>> 6.2 01/22 01:22 PM debianuser at brown.edu Re: [OT] Spamassassin marking
>> list messages as spam (was:
>>
>> Since they have many different From: addresses, I am not sure what I
>> should do. (This stuff is not secret, so if you want to look at these
>> emails, it is OK with me.)
To which he replied:
> I took the liberty of grabbing all three messages out of your spambox and doing
> some research on them. First, the RCVD_IN_MULTIPLE_RBL is a meta test that we
> created, and is not part of SpamAssassin. It was meant to penalize direct spammers
> that appear in more than one of the network lists. That being said, the major culprit here
> is not that test, nor the higher scores we give to the network blacklists. It's the way
> SA tests for dynamic and dial-up blocks.
>
> Residential and dial-up IP addresses should only be penalized if they connect directly to
> the recipient's mail server, not if they legally pass through their ISP's smtp server.
>
> The NJABL and DYNABLOCK tests were including all servers, AND the originating
> address, so your senders were showing up as dynamic or residential IPs, when they were
> in no way doing anything other than sending legitimate e-mail through their ISP.
>
> I modified the SA tests and all three emails scored less than 1.
>
So I will see today how things are going. I hope someone posts today. I
will (this one, for example), but since I have a static IP, it will get
through.
-------- Original Message --------
Subject: Re: debianuser at brown.edu
Date: Thu, 22 Jan 2004 09:08:17 -0500
From: debianuser <debianuser at brown.edu>
To: Jean-David Beyer <jdbeyer at exit109.com>
References: <400FCDC5.2090207 at exit109.com>
On Thu, Jan 22, 2004 at 08:19:01AM -0500, Jean-David Beyer wrote:
> My ISP runs SpamAssassin and it is catching a lot of emails allegedly
^^^^^^^^^
You're welcome to email me directly and confirm that I am who I claim to
be :)
I have no doubt you are posting valid e-mail to the mailing list. The
problem is that my ISP's SpamAssassin is calling it spam. And not just
you, but another poster as well.
> from debianuser at brown.edu with subject Encrypting messages truncates
> trailing whitespace. These get a spam rating of 6.2 (fairly high, but by
> no means a record).
Thanks for letting me know.
> Any idea what is the matter with these e-mails? I looked at one and it
> seems on the up-and-up. Here is part of the headers:
[snip]
> X-Spam-Status: Yes, hits=6.2 required=5.0 tests=RCVD_IN_MULTIPLE_RBL,
> RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no version=2.62
It looks like my new ISP is in a number of blacklists, which is not
uncommon for DSL and cable modem providers, unfortunately. As you've
discovered, these lists have a high (I would say unacceptably so) false
positive rate. I too run spamassassin, but use only the local
content-based filters and the bayesian filter, in order to stop
misfiling legitimate email like this.
What would the spam score have been based upon content-filters alone?
>From where I sit, it looks like 0.
Cheers,
Nick
--
Encrypted messages are encouraged.
Please use key BE291159, available at http://blug.brown.edu/ye-olde-key.asc
Primary key fingerprint: 4441 EEF7 F63D 8E2E AC83 CC25 7E61 4300 BE29 1159
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 8:05am up 16 days, 19:31, 2 users, load average: 2.20, 2.23, 2.12
More information about the Gnupg-users
mailing list