[Fwd: Re: debianuser@brown.edu]

Jean-David Beyer jdbeyer at exit109.com
Fri Jan 23 08:12:40 CET 2004

I sent an e-mail to the technical guru at my ISP and received the 
following response. First, I sent him:

>> I am in a mailing list that suddenly started getting lots of the posts 
>> caught by your SpamAssassin. Now these are not spams, but I am not sure 
>> how to get them past the filtering. Here are a few that are still in my
>> SpamAssassin inbox:
>> 6.2 01/22 09:08 AM debianuser at brown.edu Re: debianuser at brown.edu
>> 6.2 01/22 10:02 AM debianuser at brown.edu Re: debianuser at brown.edu
>> 7.5 01/22 11:18 AM mail at mark-kirchner.de Re: debianuser at brown.edu
>> 6.2 01/22 01:22 PM debianuser at brown.edu Re: [OT] Spamassassin marking 
>> list messages as spam (was:
>> Since they have many different From: addresses, I am not sure what I 
>> should do. (This stuff is not secret, so if you want to look at these 
>> emails, it is OK with me.)

To which he replied:

> I took the liberty of grabbing all three messages out of your spambox and doing
> some research on them. First, the RCVD_IN_MULTIPLE_RBL is a meta test that we
> created, and is not part of SpamAssassin.  It was meant to penalize direct spammers
> that appear in more than one of the network lists. That being said, the major culprit here
> is not that test, nor the higher scores we give to the network blacklists.  It's the way
> SA tests for dynamic and dial-up blocks.
> Residential and dial-up IP addresses should only be penalized if they connect directly to
> the recipient's mail server, not if they legally pass through their ISP's smtp server.
> The NJABL and DYNABLOCK tests were including all servers, AND the originating
> address, so your senders were showing up as dynamic or residential IPs, when they were
> in no way doing anything other than sending legitimate e-mail through their ISP.
> I modified the SA tests and all three emails scored less than 1.
So I will see today how things are going. I hope someone posts today. I 
will (this one, for example), but since I have a static IP, it will get 

-------- Original Message --------
Subject: Re: debianuser at brown.edu
Date: Thu, 22 Jan 2004 09:08:17 -0500
From: debianuser <debianuser at brown.edu>
To: Jean-David Beyer <jdbeyer at exit109.com>
References: <400FCDC5.2090207 at exit109.com>

On Thu, Jan 22, 2004 at 08:19:01AM -0500, Jean-David Beyer wrote:
 > My ISP runs SpamAssassin and it is catching a lot of emails allegedly
You're welcome to email me directly and confirm that I am who I claim to
be :)

I have no doubt you are posting valid e-mail to the mailing list. The 
problem is that my ISP's SpamAssassin is calling it spam. And not just 
you, but another poster as well.

 > from debianuser at brown.edu with subject Encrypting messages truncates
 > trailing whitespace. These get a spam rating of 6.2 (fairly high, but by
 > no means a record).

Thanks for letting me know.

 > Any idea what is the matter with these e-mails? I looked at one and it
 > seems on the up-and-up. Here is part of the headers:
 > X-Spam-Status: Yes, hits=6.2 required=5.0 tests=RCVD_IN_MULTIPLE_RBL,
 > 	RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no version=2.62

It looks like my new ISP is in a number of blacklists, which is not
uncommon for DSL and cable modem providers, unfortunately.  As you've
discovered, these lists have a high (I would say unacceptably so) false
positive rate.  I too run spamassassin, but use only the local
content-based filters and the bayesian filter, in order to stop
misfiling legitimate email like this.

What would the spam score have been based upon content-filters alone?
 >From where I sit, it looks like 0.



Encrypted messages are encouraged.
Please use key BE291159, available at http://blug.brown.edu/ye-olde-key.asc
Primary key fingerprint: 4441 EEF7 F63D 8E2E AC83  CC25 7E61 4300 BE29 1159

   .~.  Jean-David Beyer           Registered Linux User 85642.
   /V\                             Registered Machine    73926.
  /( )\ Shrewsbury, New Jersey     http://counter.li.org
  ^^-^^ 8:05am up 16 days, 19:31, 2 users, load average: 2.20, 2.23, 2.12

More information about the Gnupg-users mailing list