Spam sneaking in.
Bob D
bob at inter-control.com
Tue Aug 6 00:14:29 CEST 2019
Well, I am still getting some sneaking in and it still seems funny, here
is one from today.
This is the header as it came in:
X-Spam-Flag: NO
X-Spam-Score: 1.304
X-Spam-Level: *
X-Spam-Status: No, score=1.304 required=4 tests=[BAYES_99=3.5, BAYES_999=0.2,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, DKIM_VERIFIED=-3, HTML_MESSAGE=0.001,
RDNS_NONE=0.793, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no
So I fed the message at the command line with:
$ su amavis -c "spamassassin -D < test"
This results in:
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
M1-2.dettenwanger.inter-control.com
X-Spam-Flag: YES
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.1 required=4.0 tests=BAYES_99,BAYES_999,DCC_CHECK,
DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
DKIM_VERIFIED,FSL_BULK_SIG,HTML_MESSAGE,PYZOR_CHECK,
RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,
RDNS_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLACK autolearn=no
autolearn_force=no version=3.4.2
......
and
......
Content preview: [syn2]] STAND MORE. WORK BETTER. If you sit for long hours
day after day, it can destroy your health. Stand up more at work with a Height
Adjustable Desk.
Content analysis details: (17.1 points, 4.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: tcduparc.com]
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: tcduparc.com]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[78.142.25.168 listed in psbl.surriel.com]
3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[78.142.25.168 listed in zen.spamhaus.org]
0.0 HTML_MESSAGE BODY: HTML included in message
-3.0 DKIM_VERIFIED No description available.
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.9 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.4 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
0.3 DIGEST_MULTIPLE Message hits more than one network digest check
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
1.2 FSL_BULK_SIG Bulk signature with no Unsubscribe
0.0 T_REMOTE_IMAGE Message contains an external image
--------------------------------------------------------------------------------------
There was some time difference between the message in and the command line run, but still big difference.
Also I am wondering why the preceding "Content analysis details:" are not included in the original amavis header ?
Is there a way to get amavis to include this detail ?
I wonder if I still have a config issue ?
Am I performing an equivilent SA call via the command line ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20190805/9e771f3d/attachment.html>
More information about the amavis-users
mailing list