Lucio Chiappetti a écrit :
> We have been very happily running spamassassin 3.0.4 under amavisd-new
> milter on Suse 9.2 since a couple of years, using the standard
> configuration recommended by the Italian GARR network.
>
> Please avoid comments on "old version" or so, we are planning an overall
> update following an OS update in the coming months. I am asking here a
> VERY SPECIFIC question.
>
> We are trying to debug a funny case of false positive (extremely rare
> otherwise) which occurred to us (the issue has been solved "by chance"
> but we do not understand why).
>
> A colleague of us working remotely has set up (on a machine outside of
> our domain) a system which requires a registration and then sends a
> confirmation e-mail.
>
> All such confirmation messages were blocked by our spamassassin with a
> score of about 8. This is an example of info in the header.
>
> X-Spam-Status: Yes, hits=8.087 tag=-999 tag2=4.5 kill=4.5 tests=AWL,
> BAYES_05,
> DNS_FROM_SECURITYSAGE, FORGED_RCVD_HELO, HTML_10_20, HTML_EXTRA_CLOSE,
> HTML_MESSAGE, HTML_SHORT_LENGTH, NO_REAL_NAME, UPPERCASE_25_50
>


- you should upgrade
- you should disable securitysage. it lists the universe.
- check why the message triggered FORGED_RCVD_HELO.
- it is recommended to ask for "first/lasy name" and use them in the To
header.
- Similarly, it is recommended to have a display name in the From header.
- it is not very polite to send html-centric mail. In confirmation
requests, you generally want to maximize your chances of reaching the
recipient, and minimize (bull****|blahblah) (however you name it).


> As far as I understand, none of the above rules has a score above 0.38
> (usually quite lower and marginal, 0.007 or 0.001). except AWL which has 1
> (in fact the address is recorded in awlst with a score of 8).
>


If AWL gives you bad results, disable it until you can be sure to make
it work reliably. I found it to bring more trouble than help.

> The message itself looked sort of funny to me :
> [snip]