Results 1 to 5 of 5
-
08-27-2007, 11:55 AM #1Junior Guru Wannabe
- Join Date
- Jul 2007
- Posts
- 57
Genuine mails getting detected as spam
Hello,
I am using Merak Mail server 8.0.3 (Windows). From past 2 - 3 days many of my users are complaining their genuine mails are going to spam. The value set for antispam is 5 i.e. if antispam value is above it is detected as spam else not spam.
But from past few days which ever genuine mail is detected as spam I have found an very uncommon thing in it. It shows '10.4 FH_HAS_X Has X: header'
The SpamAssassin table shows the following information:
Content analysis details: (16.34 points, 5.00 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 HTML_MESSAGE HTML included in message
0.1 HTML_TAG_EXISTS_TBODY HTML has "tbody" tag
2.2 DEAR_SOMETHING Contains 'Dear (something)'
2.4 BAYES_80 Bayesian spam probability is 80 to 90%
0.0 NO_RDNS2 Sending MTA has no reverse DNS
10.4 FH_HAS_X Has X: header
1.1 SARE_HEAD_MIME_INVALID SARE_HEAD_MIME_INVALID Invalid mime version
0.1 SARE_HEAD_HDR_XMS SARE_HEAD_HDR_XMS Message headers used whic
Please help me in resolving this.
-
08-27-2007, 12:04 PM #2Web Hosting Master
- Join Date
- Jan 2003
- Location
- U.S.A.
- Posts
- 3,928
I am not to familiar with windows spam protection but you may want to try lowering the acceptance level for spam.
-
08-27-2007, 05:52 PM #3Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 57
It's fairly obvious that they're using an implementation of SpamAssassin's engine.
The engine is using a rule called "FH_HAS_X". What this is actually testing for is questionable, it may be testing for any header starting with "X", such as "X-Mailer-Version", "X-Spam-Status", etc.; it would match on a lot.
Contact your vendor and tell them you're getting a lot of false positives from this rule, and ask them why it's there, and how to disable it. If it's a rule they included in a rules update, you should be very irritated with them. If it's a rule you accidentally loaded to improve spam filtering, then be more careful in the future.
-
08-27-2007, 10:38 PM #4******* Unleaded
- Join Date
- Feb 2004
- Posts
- 3,849
some of their rules are not that well thought out.
for instance the word "analytics" in the domain name of the sender will be flagged as possible porn because of the first four letters. Hmmmm ..., pretty clever.
Also a pain in the keester if your domain hosts an analytics site and you are delivering analytics reports.edgedirector.com
managed dns global failover and load balance (gslb)
exactstate.com
uptime report for webhostingtalk.com
-
08-29-2007, 12:31 PM #5Junior Guru Wannabe
- Join Date
- Jul 2007
- Posts
- 57
Thanks for your help.
The same thing had happened sa you said. An entry of FH_HAS_X was saved in the local SpamAssassin's file with value as 10.4. I have removed that entry which has resolved the problem.