Lucio Chiappetti wrote:
> We have been very happily running spamassassin 3.0.4 under amavisd-new
> milter on Suse 9.2 since a couple of years, using the standard
> configuration recommended by the Italian GARR network.
>
> Please avoid comments on "old version" or so, we are planning an
> overall update following an OS update in the coming months. I am
> asking here a VERY SPECIFIC question.
>
> We are trying to debug a funny case of false positive (extremely rare
> otherwise) which occurred to us (the issue has been solved "by chance"
> but we do not understand why).
>
> A colleague of us working remotely has set up (on a machine outside of
> our domain) a system which requires a registration and then sends a
> confirmation e-mail.
>
> All such confirmation messages were blocked by our spamassassin with a
> score of about 8. This is an example of info in the header.
>
> X-Spam-Status: Yes, hits=8.087 tag=-999 tag2=4.5 kill=4.5 tests=AWL,
> BAYES_05,
> DNS_FROM_SECURITYSAGE, FORGED_RCVD_HELO, HTML_10_20, HTML_EXTRA_CLOSE,
> HTML_MESSAGE, HTML_SHORT_LENGTH, NO_REAL_NAME, UPPERCASE_25_50


That looks like a mimedefang header. As best I can tell here, SA did its
job and generated a score of over 8 points, but mimedefang failed to
react to the fact that it was over the kill threshold.

(SA doesn't support a "kill" threshold anyway).