<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1">Interestingly, I have been getting a boatload of
these this morning.<br>
They are getting flagged as *****SPAM*****, but the headers show:<br>
<br>
</font>
<pre><font size="-2">X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-9999 required=5
tests=[HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
autolearn=ham autolearn_force=no</font></pre>
<div class="moz-cite-prefix"><br>
<font size="-1">In the content, it shows being caught by
spamassassin with:<br>
<br>
</font>
<pre>Content analysis details: (25.7 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4823]
1.7 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
5.0 KB_WAM_LONELY_WOMEN Lonely Women Scam of the Day
2.9 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
2.5 PHP_ORIG_SCRIPT Sent by bot & other signs
3.7 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
1.5 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
1.0 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
1.8 TO_NO_BRKTS_HTML_ONLY To: lacks brackets and HTML only
2.4 TO_NO_BRKTS_DYNIP To: lacks brackets and dynamic rDNS
</pre>
<font size="-1">Which is what I would expect.<br>
Could you enlighten me on where exactly the X-Spam- headers are
coming from ?<br>
</font><br>
On 1/29/18 10:26 AM, Dino Edwards wrote:<br>
</div>
<blockquote type="cite"
cite="mid:13937A461B5E0A40810939402AE476D6018A16F6BD@hdgexchange.deeztek.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Are
you running
</span><span style="font-size:10.0pt">cat {mailfile} |
spamassassin -D –t as root?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
amavis-users
[<a class="moz-txt-link-freetext" href="mailto:amavis-users-bounces+dino.edwards=mydirectmail.net@amavis.org">mailto:amavis-users-bounces+dino.edwards=mydirectmail.net@amavis.org</a>]
<b>On Behalf Of </b>Computer Bob<br>
<b>Sent:</b> Monday, January 29, 2018 11:22 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:amavis-users@amavis.org">amavis-users@amavis.org</a><br>
<b>Subject:</b> Scoring questions<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:10.0pt">Greetings to all,
<br>
<br>
I have an issue with my setup somehow and it seems to be in
amavis-new, most spam gets detected and delt with, some gets
through and the scoring seems odd.
<br>
This one came in this morning and is typical of those that
get through: </span><o:p></o:p></p>
<pre>Return-Path: <a href="mailto:rejuvalex@jodiariastrial.com" moz-do-not-send="true"><rejuvalex@jodiariastrial.com></a><o:p></o:p></pre>
<pre>Subject: Regrow your Hair in 3 Weeks.<o:p></o:p></pre>
<pre>X-Spam-Flag: NO<o:p></o:p></pre>
<pre>X-Spam-Score: 1.995<o:p></o:p></pre>
<pre>X-Spam-Level: *<o:p></o:p></pre>
<pre>X-Spam-Status: No, score=1.995 tagged_above=-9999 required=5<o:p></o:p></pre>
<pre> tests=[HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,<o:p></o:p></pre>
<pre> PYZOR_CHECK=1.985, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,<o:p></o:p></pre>
<pre> T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no<o:p></o:p></pre>
<p class="MsoNormal"><span style="font-size:10.0pt"><br>
If I run the email through on the command line with: <br>
cat {mailfile} | spamassassin -D -t <br>
The results are:<br>
</span><span style="font-size:7.5pt">Content analysis
details: (7.5 points, 4.0 required)<br>
pts rule name description<br>
---- ----------------------
--------------------------------------------------<br>
5.5 URIBL_DBL_SPAM Contains a spam URL listed in
the DBL blocklist<br>
[URIs: jodiariastrial.com]<br>
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record<br>
0.0 HTML_MESSAGE BODY: HTML included in message<br>
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
identical to<br>
background<br>
2.0 PYZOR_CHECK Listed in Pyzor (<a
href="http://pyzor.sf.net/" moz-do-not-send="true">http://pyzor.sf.net/</a>)<br>
0.0 T_REMOTE_IMAGE Message contains an external
image<br>
</span><span style="font-size:10.0pt"><br>
I am running: <br>
Ubuntu 14.04.5 <br>
Postfix mail_version = 2.11.0 milter_macro_v = $mail_name
$mail_version <br>
amavisd-new-2.7.1 (20120429) <br>
ClamAV 0.99.2/24255/Thu Jan 25 11:22:47 2018 <br>
Anti-Virus scanner version: 13.0.3114 <br>
SpamAssassin version 3.4.0 <br>
running on Perl version 5.18.2 </span><o:p></o:p></p>
</div>
</blockquote>
<br>
</body>
</html>