<div dir="ltr"><div>(and here is the post that was supposed to go to the mailinglist, but didn't, because of bloody gmail not replying-all by default. grr.)</div><div><br></div><div><br></div><div>On Sat, Dec 17, 2016 at 10:40 AM, Dino Edwards <<a href="mailto:dino.edwards@mydirectmail.net">dino.edwards@mydirectmail.net</a>> wrote:</div><div>Am I looking at this right? Does BAYES_00 assign a score of -4 on these messages?</div><div><br></div><div>I believe you are; and I do not believe this is how a bayes score should be set..</div><div><br></div><div><br></div><div>-----Original Message-----</div><div> * 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid</div><div> * 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS</div><div><br></div><div>These 2 tests are not doing anything useful IMHO: if DKIM exists, and _is_ invalid, it should be an immediate spam flag. </div><div>No RDNS is a huge flag for an illegitamite mail spam server. </div><div><br></div><div>These should both be adding _way_ more points than the bayes_00 is dropping...and bayes should not be dropping so much if at all.</div><div></div><div><br></div><div>Mike</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 17, 2016 at 10:40 AM, Dino Edwards <span dir="ltr"><<a href="mailto:dino.edwards@mydirectmail.net" target="_blank">dino.edwards@mydirectmail.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Am I looking at this right? Does BAYES_00 assign a score of -4 on these messages?<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
-----Original Message-----<br>
From: amavis-users [mailto:<a href="mailto:amavis-users-bounces%2Bdino.edwards">amavis-users-bounces+<wbr>dino.edwards</a>=<a href="mailto:mydirectmail.net@amavis.org">mydirectmail.net@<wbr>amavis.org</a>] On Behalf Of @lbutlr<br>
Sent: Saturday, December 17, 2016 12:12 PM<br>
To: <a href="mailto:amavis-users@amavis.org">amavis-users@amavis.org</a><br>
Subject: Flashlight spam (and others)<br>
<br>
I keep getting a rash of multiples of flashlight spam and gift card spam, all of which go sailing right through amavisd/postfix. Has anyone figured out a way to have amavis be more aggressive in tagging spam like this? Obviously BAYES_00 doesn't help, but even without that this spam would not have gotten tagged. There are hundreds of these hitting the server every day. and dozens just to me.<br>
<br>
I run these through sa-learn but the bayes score never changes.<br>
<br>
Return-Path: <nighthawk_gear-kreme=<a href="mailto:kreme.com@webmasterbond.com">kreme.<wbr>com@webmasterbond.com</a>><br>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a><br>
X-Spam-Level:<br>
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,DCC_CHECK,DKIM_<wbr>SIGNED,<br>
HTML_IMAGE_ONLY_24,HTML_<wbr>MESSAGE,MIME_HEADER_CTYPE_<wbr>ONLY,RDNS_NONE,<br>
T_DKIM_INVALID,T_REMOTE_IMAGE autolearn=no autolearn_force=no version=3.4.1<br>
X-Spam-Report:<br>
* -4.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%<br>
* [score: 0.0005]<br>
* 1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words<br>
* 0.0 HTML_MESSAGE BODY: HTML included in message<br>
* 1.1 DCC_CHECK Detected as bulk mail by DCC (<a href="http://dcc-servers.net" rel="noreferrer" target="_blank">dcc-servers.net</a>)<br>
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily<br>
* valid<br>
* 0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME<br>
* headers<br>
* 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid<br>
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS<br>
* 0.0 T_REMOTE_IMAGE Message contains an external image<br>
X-Original-To: <a href="mailto:kreme@covisp.net">kreme@covisp.net</a><br>
Delivered-To: <a href="mailto:kreme@covisp.net">kreme@covisp.net</a><br>
Received: from <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> (localhost [127.0.0.1])<br>
by <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> (Postfix) with ESMTP id 3tdYyT1XkSzv9rl<br>
for <<a href="mailto:kreme@covisp.net">kreme@covisp.net</a>>; Tue, 13 Dec 2016 15:18:57 -0700 (MST)<br>
X-Virus-Scanned: amavisd-new at <a href="http://covisp.net" rel="noreferrer" target="_blank">covisp.net</a><br>
Authentication-Results: <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> (amavisd-new);<br>
dkim=fail (1024-bit key) reason="fail (message has been altered)"<br>
header.d=<a href="http://webmasterbond.com" rel="noreferrer" target="_blank">webmasterbond.com</a>; domainkeys=fail (1024-bit key)<br>
reason="fail (message has been altered)"<br>
header.from=<a href="mailto:nighthawk_gear@webmasterbond.com">nighthawk_gear@<wbr>webmasterbond.com</a><br>
header.d=<a href="http://webmasterbond.com" rel="noreferrer" target="_blank">webmasterbond.com</a><br>
Received: from <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> ([127.0.0.1])<br>
by <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> (<a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> [127.0.0.1]) (amavisd-new, port 10024)<br>
with ESMTP id r-XqbA5JCtTg; Tue, 13 Dec 2016 15:18:56 -0700 (MST)<br>
Received: from <a href="http://mail.webmasterbond.com" rel="noreferrer" target="_blank">mail.webmasterbond.com</a> (unknown [198.8.81.152])<br>
by <a href="http://mail.covisp.net" rel="noreferrer" target="_blank">mail.covisp.net</a> (Postfix) with ESMTP id 3tdYyS2Ml3zv9nS<br>
for <<a href="mailto:kreme@kreme.com">kreme@kreme.com</a>>; Tue, 13 Dec 2016 15:18:56 -0700 (MST)<br>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=<a href="http://webmasterbond.com" rel="noreferrer" target="_blank">webmasterbond.com</a>; h=Date:From:To:Subject:MIME-<wbr>Version:Content-Type:List-<wbr>Unsubscribe:Message-ID; i=<a href="mailto:nighthawk_gear@webmasterbond.com">nighthawk_gear@<wbr>webmasterbond.com</a>;<br>
bh=Nfvn/<wbr>X9O8Y5jCQWPbZvyxy5pEJs=;<br>
b=<wbr>08U1qR944mcwcnBaCEjkN1b8iN4Xtg<wbr>EfXueH4gFGbi0qj9w/<wbr>JjTSYcZPFCYLdbEVqvGEDFEC6g62<br>
5q6vcIw7XmAay+1m/<wbr>fDVL2FI92BknfLIqfzkz8d0fOjMoaV<wbr>1S7QzK/MrOvMk6EPdKAag/vpGlJl1<br>
bNoPkwyDMhgF/lXublE=<br>
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=<a href="http://webmasterbond.com" rel="noreferrer" target="_blank">webmasterbond.com</a>; b=<wbr>r8P3mRUN7wdwD7vtnsIBOjXmsHlvX3<wbr>P0+<wbr>vEKGYk5ps4fCy6wG6EIO3tNDMnl++<wbr>qDIFoNfkuC1eiT<br>
CqFTK97eGEjVLqLP8CA9fKmPL/3Cc+<wbr>bO4Y0vUmZj8CzDxWieatvHhpHyTN6o<wbr>Ib0RYqtnEjfmsngo<br>
czhaTSi1tu24k+xFKK4=;<br>
Received: by <a href="http://mail.webmasterbond.com" rel="noreferrer" target="_blank">mail.webmasterbond.com</a> id ha1pt00001gf for <<a href="mailto:kreme@kreme.com">kreme@kreme.com</a>>; Tue, 13 Dec 2016 16:17:04 -0600 (envelope-from <nighthawk_gear-kreme=<a href="mailto:kreme.com@webmasterbond.com">kreme.<wbr>com@webmasterbond.com</a>>)<br>
Date: Tue, 13 Dec 2016 16:17:04 -0600<br>
From: "NightHawk Gear" <<a href="mailto:nighthawk_gear@webmasterbond.com">nighthawk_gear@webmasterbond.<wbr>com</a>><br>
To: <<a href="mailto:kreme@kreme.com">kreme@kreme.com</a>><br>
Subject: New LED flashlight technology released<br>
Content-Type: multipart/alternative;<br>
boundary="----=_Part_463_<wbr>1589181058.1481667409330"<br>
X-SMTPAPI: {"category": "20161213-161042-880-4573"}<br>
List-Unsubscribe: <<a href="http://www.webmasterbond.com/green/6488G9C11BKT1163qwlOgOFwlOgOzMig964/call" rel="noreferrer" target="_blank">http://www.webmasterbond.com/<wbr>green/<wbr>6488G9C11BKT1163qwlOgOFwlOgOzM<wbr>ig964/call</a>><br>
Feedback-ID: 201612131610428804573<br>
Message-ID: <<a href="mailto:0.0.0.4C.1D2558EA2A0749A.6C0649@mail.webmasterbond.com">0.0.0.4C.1D2558EA2A0749A.<wbr>6C0649@mail.webmasterbond.com</a>><br>
<br>
</div></div></blockquote></div><br></div>