Results 1 to 5 of 5
  1. #1
    Join Date
    Jul 2007
    Posts
    57

    Genuine mails getting detected as spam

    Hello,

    I am using Merak Mail server 8.0.3 (Windows). From past 2 - 3 days many of my users are complaining their genuine mails are going to spam. The value set for antispam is 5 i.e. if antispam value is above it is detected as spam else not spam.

    But from past few days which ever genuine mail is detected as spam I have found an very uncommon thing in it. It shows '10.4 FH_HAS_X Has X: header'

    The SpamAssassin table shows the following information:


    Content analysis details: (16.34 points, 5.00 required)

    pts rule name description
    ---- ---------------------- --------------------------------------------------
    0.1 HTML_MESSAGE HTML included in message
    0.1 HTML_TAG_EXISTS_TBODY HTML has "tbody" tag
    2.2 DEAR_SOMETHING Contains 'Dear (something)'
    2.4 BAYES_80 Bayesian spam probability is 80 to 90%
    0.0 NO_RDNS2 Sending MTA has no reverse DNS
    10.4 FH_HAS_X Has X: header
    1.1 SARE_HEAD_MIME_INVALID SARE_HEAD_MIME_INVALID Invalid mime version
    0.1 SARE_HEAD_HDR_XMS SARE_HEAD_HDR_XMS Message headers used whic



    Please help me in resolving this.

  2. #2
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,928
    I am not to familiar with windows spam protection but you may want to try lowering the acceptance level for spam.

  3. #3
    Join Date
    Aug 2007
    Posts
    57
    It's fairly obvious that they're using an implementation of SpamAssassin's engine.

    The engine is using a rule called "FH_HAS_X". What this is actually testing for is questionable, it may be testing for any header starting with "X", such as "X-Mailer-Version", "X-Spam-Status", etc.; it would match on a lot.

    Contact your vendor and tell them you're getting a lot of false positives from this rule, and ask them why it's there, and how to disable it. If it's a rule they included in a rules update, you should be very irritated with them. If it's a rule you accidentally loaded to improve spam filtering, then be more careful in the future.

  4. #4
    some of their rules are not that well thought out.

    for instance the word "analytics" in the domain name of the sender will be flagged as possible porn because of the first four letters. Hmmmm ..., pretty clever.

    Also a pain in the keester if your domain hosts an analytics site and you are delivering analytics reports.
    edgedirector.com
    managed dns global failover and load balance (gslb)
    exactstate.com
    uptime report for webhostingtalk.com

  5. #5
    Join Date
    Jul 2007
    Posts
    57
    Thanks for your help.

    The same thing had happened sa you said. An entry of FH_HAS_X was saved in the local SpamAssassin's file with value as 10.4. I have removed that entry which has resolved the problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •