Hello Forum

I believe we get more and more false positives.  Today I tracked an e-mail through SpamFilter and (an edited version of) the logfile reveals what happens.

02-03-10 15:54 -- (2684) Mail from: mailto:ZZ@somecompany.dk - ZZ@somecompany.dk

02-03-10 15:54 -- (2684) - MAPS search done...

02-03-10 15:54 -- (2684) RCPT TO: mailto:AA@othercompany.dk - AA@othercompany.dk accepted

02-03-10 15:54 -- (2684) Scanning PDF for spam:daglig_forward.pdf

02-03-10 15:54 -- (2684) Detected spam signature in attached PDF

02-03-10 15:54 -- (2684) Starting quarantine procedures

02-03-10 15:54 -- (2684) Created thread (3908) to add email to quarantine

02-03-10 15:54 -- (2684) Blacklist cache - Added 1xx.1xx.xxx.xxx to limbo

02-03-10 15:54 -- (2684) SFDB - Added 1xx.1xx.xxx.xxx - Response: Error=0

02-03-10 15:54 -- (2684) Disconnect

The attached document is not spam.  The sender ZZ can e-mail this attachment to all but our customer AA (which we host in our mail hotel). Further more the senders IP is added to SFDB and therefore blocked for 24 hours.  I asked ZZ to send an e-mail without attachment to AA and of course this came back to ZZ with an error.  Unfortunately I cannot get the "X-Rejection-Reason" from the header. 

Now that I have had time to look into SFDB I can see that our threshold was set to 3.  I have now increased it to 20.  At the same time i have marked the "Do not quarantine" checkbox and therefore I hope I can get less rejection.

The question is: is this a stupid setting?

Kind Regards