Flashlight spam (and others)

Dino Edwards dino.edwards at mydirectmail.net
Sat Dec 17 18:40:09 CET 2016 

Am I looking at this right? Does BAYES_00 assign a score of -4 on these messages?



-----Original Message-----
From: amavis-users [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org] On Behalf Of @lbutlr
Sent: Saturday, December 17, 2016 12:12 PM
To: amavis-users at amavis.org
Subject: Flashlight spam (and others)

I keep getting a rash of multiples of flashlight spam and gift card spam, all of which go sailing right through amavisd/postfix. Has anyone figured out a way to have amavis be more aggressive in tagging spam like this? Obviously BAYES_00 doesn't help, but even without that this spam would not have gotten tagged. There are hundreds of these hitting the server every day. and dozens just to me.

I run these through sa-learn but the bayes score never changes.

Return-Path: <nighthawk_gear-kreme=kreme.com at webmasterbond.com>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail.covisp.net
X-Spam-Level: 
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,DCC_CHECK,DKIM_SIGNED,
	HTML_IMAGE_ONLY_24,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,RDNS_NONE,
	T_DKIM_INVALID,T_REMOTE_IMAGE autolearn=no autolearn_force=no version=3.4.1
X-Spam-Report: 
	* -4.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
	*      [score: 0.0005]
	*  1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
	*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
	*      valid
	*  0.7 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
	*      headers
	*  0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
	*  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
	*  0.0 T_REMOTE_IMAGE Message contains an external image
X-Original-To: kreme at covisp.net
Delivered-To: kreme at covisp.net
Received: from mail.covisp.net (localhost [127.0.0.1])
	by mail.covisp.net (Postfix) with ESMTP id 3tdYyT1XkSzv9rl
	for <kreme at covisp.net>; Tue, 13 Dec 2016 15:18:57 -0700 (MST)
X-Virus-Scanned: amavisd-new at covisp.net
Authentication-Results: mail.covisp.net (amavisd-new);
	dkim=fail (1024-bit key) reason="fail (message has been altered)"
	header.d=webmasterbond.com; domainkeys=fail (1024-bit key)
	reason="fail (message has been altered)"
	header.from=nighthawk_gear at webmasterbond.com
	header.d=webmasterbond.com
Received: from mail.covisp.net ([127.0.0.1])
	by mail.covisp.net (mail.covisp.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id r-XqbA5JCtTg; Tue, 13 Dec 2016 15:18:56 -0700 (MST)
Received: from mail.webmasterbond.com (unknown [198.8.81.152])
	by mail.covisp.net (Postfix) with ESMTP id 3tdYyS2Ml3zv9nS
	for <kreme at kreme.com>; Tue, 13 Dec 2016 15:18:56 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=webmasterbond.com;  h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=nighthawk_gear at webmasterbond.com;
 bh=Nfvn/X9O8Y5jCQWPbZvyxy5pEJs=;
 b=08U1qR944mcwcnBaCEjkN1b8iN4XtgEfXueH4gFGbi0qj9w/JjTSYcZPFCYLdbEVqvGEDFEC6g62
   5q6vcIw7XmAay+1m/fDVL2FI92BknfLIqfzkz8d0fOjMoaV1S7QzK/MrOvMk6EPdKAag/vpGlJl1
   bNoPkwyDMhgF/lXublE=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=webmasterbond.com;  b=r8P3mRUN7wdwD7vtnsIBOjXmsHlvX3P0+vEKGYk5ps4fCy6wG6EIO3tNDMnl++qDIFoNfkuC1eiT
   CqFTK97eGEjVLqLP8CA9fKmPL/3Cc+bO4Y0vUmZj8CzDxWieatvHhpHyTN6oIb0RYqtnEjfmsngo
   czhaTSi1tu24k+xFKK4=;
Received: by mail.webmasterbond.com id ha1pt00001gf for <kreme at kreme.com>; Tue, 13 Dec 2016 16:17:04 -0600 (envelope-from <nighthawk_gear-kreme=kreme.com at webmasterbond.com>)
Date: Tue, 13 Dec 2016 16:17:04 -0600
From: "NightHawk Gear" <nighthawk_gear at webmasterbond.com>
To:   <kreme at kreme.com>
Subject: New LED flashlight technology released
Content-Type: multipart/alternative; 
	boundary="----=_Part_463_1589181058.1481667409330"
X-SMTPAPI: {"category": "20161213-161042-880-4573"}
List-Unsubscribe: <http://www.webmasterbond.com/green/6488G9C11BKT1163qwlOgOFwlOgOzMig964/call>
Feedback-ID: 201612131610428804573
Message-ID: <0.0.0.4C.1D2558EA2A0749A.6C0649 at mail.webmasterbond.com>

More information about the amavis-users mailing list