Scoring questions
Computer Bob
bob at inter-control.com
Mon Jan 29 18:00:48 CET 2018
Interestingly, I have been getting a boatload of these this morning.
They are getting flagged as *****SPAM*****, but the headers show:
X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0
tagged_above=-9999 required=5 tests=[HTML_MESSAGE=0.001,
NO_RELAYS=-0.001] autolearn=ham autolearn_force=no
In the content, it shows being caught by spamassassin with:
Content analysis details: (25.7 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4823]
1.7 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
5.0 KB_WAM_LONELY_WOMEN Lonely Women Scam of the Day
2.9 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)
2.5 PHP_ORIG_SCRIPT Sent by bot & other signs
3.7 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
1.5 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP)
1.0 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
1.8 TO_NO_BRKTS_HTML_ONLY To: lacks brackets and HTML only
2.4 TO_NO_BRKTS_DYNIP To: lacks brackets and dynamic rDNS
Which is what I would expect.
Could you enlighten me on where exactly the X-Spam- headers are coming
from ?
On 1/29/18 10:26 AM, Dino Edwards wrote:
>
> Are you running cat {mailfile} | spamassassin -D –t as root?
>
> *From:*amavis-users
> [mailto:amavis-users-bounces+dino.edwards=mydirectmail.net at amavis.org]
> *On Behalf Of *Computer Bob
> *Sent:* Monday, January 29, 2018 11:22 AM
> *To:* amavis-users at amavis.org
> *Subject:* Scoring questions
>
> Greetings to all,
>
> I have an issue with my setup somehow and it seems to be in
> amavis-new, most spam gets detected and delt with, some gets through
> and the scoring seems odd.
> This one came in this morning and is typical of those that get through:
>
> Return-Path:<rejuvalex at jodiariastrial.com> <mailto:rejuvalex at jodiariastrial.com>
> Subject: Regrow your Hair in 3 Weeks.
> X-Spam-Flag: NO
> X-Spam-Score: 1.995
> X-Spam-Level: *
> X-Spam-Status: No, score=1.995 tagged_above=-9999 required=5
> tests=[HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001,
> PYZOR_CHECK=1.985, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
> T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
>
>
> If I run the email through on the command line with:
> cat {mailfile} | spamassassin -D -t
> The results are:
> Content analysis details: (7.5 points, 4.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 5.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL
> blocklist
> [URIs: jodiariastrial.com]
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
> background
> 2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
> 0.0 T_REMOTE_IMAGE Message contains an external image
>
> I am running:
> Ubuntu 14.04.5
> Postfix mail_version = 2.11.0 milter_macro_v = $mail_name $mail_version
> amavisd-new-2.7.1 (20120429)
> ClamAV 0.99.2/24255/Thu Jan 25 11:22:47 2018
> Anti-Virus scanner version: 13.0.3114
> SpamAssassin version 3.4.0
> running on Perl version 5.18.2
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20180129/a755bc03/attachment.html>
More information about the amavis-users
mailing list