False Positive Spam Checks
Question asked by Scarab - 1/16/2015 at 2:57 PM
Just a friendly reminder to all you SmarterMail Admins...
The Abusive Hosts Blocking Lists (including rhsbl.ahbl.org and dnsbl.ahbl.org) discontinued public service on January 1st 2015 and is now returning positive responses to all queries. Be sure to disable any AHBL RBL or AHBL URIBL anti-spam checks you may have enabled in SmarterMail.
Also, all queries to RFC-Ignorant (which has been down since 2013 but generously operated by RFC-Clueless since) are now returning positive responses to all queries as of January 1st 2015. Any RBLs, URIBL/RHSBLs (such as whois.rfc-ignorant.org, dns.rfc-ignorant.org, abuse.rfc-ignorant.org, postmaster.rfc-ignorant.org, or bogusmx.rfc-ignorant.org) should be updated to the appropriate RFC-Clueless.org list.
(Note: even if you don't have these above mentioned checks enabled in SmarterMail, if you are using an external SpamAssassin server, or Declude for SmarterMail, they may be enabled there.)
Likewise, if you are using Declude with SmarterMail, be sure to update the PCRE in your "FILTER-SPAM.txt" that checks the Header Date to reflect the current year. The line should now read:
HEADERS    5    PCRE    (?im:Date:.{5,20}(201[012346-9]|19[0-9]{2}|200[0-9]))
I was so busy with Year-End audits that it took me 15 days to notice that all of these were providing false-positives to all of our incoming email, resulting in all HAM to be flagged as Low-Level Spam! (*FACEPALM*)
Let this be a cautionary tale to always regularly check or audit your detailed Delivery Logs in SmarterMail to make sure that anti-spam checks are behaving properly and not giving false-positives.

Reply to Thread