Viagra spam mail autolearned as ham, tagged score -1.64

matt matt at
Fri Oct 19 06:56:32 CEST 2012

On 10/18/2012 02:03 PM, Tom Hendrikx wrote:
> On 18/10/12 22:05, Nick Rosier wrote:
>> matt wrote:
>>> Hello all.

I had to truncate my reply because mailman bounced the message as "spam", probably due to 
the subject nature of what was being discussed.

In reply to Tom Hendrikx and Nick Rosier:

That's so weird!  When I manually fed the message in with spamassassin -D <
/var/www/html/quack.eml, I get basically the same report as you guys do:

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.4 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,
	URIBL_DBL_SPAM,URIBL_WS_SURBL autolearn=no version=3.3.2
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at, no
	*      trust
	*      [ listed in]
	*  1.8 URIBL_BLACK Contains an URL listed in the URIBL blacklist
	*      [URIs:]
	*  1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
	*      [URIs:]
	*  1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
	*      [URIs:]
	*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	*      (jeffcola2[at]
	*  0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
	*      (jeffcola2[at]
	* -2.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
	*  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
	*      digit (jeffcola2[at]
	*  0.0 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  2.9 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
X-Original-To: matt at

But when the mail originally came to me and got sifted through amavisd-new, all that was
reported in the maillog was:

Oct 18 14:12:24 amavis[2072]: (02072-19) SPAM-TAG, <jeffcola2 at> ->
<matt at>, No, score=-1.64 tagged_above=-999 required=6.2
SPF_PASS=-0.001] autolearn=ham

What could explain the discrepancy between amavisd-new's handling of it and spamassassin's
manual invocation?  It looks like amavisd-new isn't consulting the dns blacklists for some
reason :/

More information about the amavis-users mailing list