Spam sneaking in.

Bob D bob at inter-control.com
Tue Aug 6 00:14:29 CEST 2019


Well, I am still getting some sneaking in and it still seems funny, here 
is one from today.
This is the header as it came in:

X-Spam-Flag: NO
X-Spam-Score: 1.304
X-Spam-Level: *
X-Spam-Status: No, score=1.304 required=4 tests=[BAYES_99=3.5, BAYES_999=0.2,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, DKIM_VERIFIED=-3, HTML_MESSAGE=0.001,
	RDNS_NONE=0.793, T_REMOTE_IMAGE=0.01] autolearn=no autolearn_force=no

So I fed the message at the command line with:

$ su amavis -c "spamassassin -D < test"

This results in:

X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
         M1-2.dettenwanger.inter-control.com
X-Spam-Flag: YES
X-Spam-Level: *****************
X-Spam-Status: Yes, score=17.1 required=4.0 tests=BAYES_99,BAYES_999,DCC_CHECK,
         DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
         DKIM_VERIFIED,FSL_BULK_SIG,HTML_MESSAGE,PYZOR_CHECK,
         RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,
         RDNS_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLACK autolearn=no
         autolearn_force=no version=3.4.2
......
and
......
Content preview:  [syn2]] STAND MORE. WORK BETTER. If you sit for long hours
    day after day, it can destroy your health. Stand up more at work with a Height
    Adjustable Desk.

Content analysis details:   (17.1 points, 4.0 required)

  pts rule name              description
---- ---------------------- --------------------------------------------------
  3.5 BAYES_99               BODY: Bayes spam probability is 99 to 100%
                             [score: 1.0000]
  0.2 BAYES_999              BODY: Bayes spam probability is 99.9 to 100%
                             [score: 1.0000]
  1.7 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                             [URIs: tcduparc.com]
  1.2 URIBL_ABUSE_SURBL      Contains an URL listed in the ABUSE SURBL
                             blocklist
                             [URIs: tcduparc.com]
  2.7 RCVD_IN_PSBL           RBL: Received via a relay in PSBL
                             [78.142.25.168 listed in psbl.surriel.com]
  3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                             [78.142.25.168 listed in zen.spamhaus.org]
  0.0 HTML_MESSAGE           BODY: HTML included in message
-3.0 DKIM_VERIFIED          No description available.
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
-0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
  1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
  0.9 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
  1.9 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                             [cf: 100]
  1.4 PYZOR_CHECK            Listed in Pyzor
                             (https://pyzor.readthedocs.io/en/latest/)
  0.3 DIGEST_MULTIPLE        Message hits more than one network digest check
  0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
  1.2 FSL_BULK_SIG           Bulk signature with no Unsubscribe
  0.0 T_REMOTE_IMAGE         Message contains an external image
--------------------------------------------------------------------------------------

There was some time difference between the message in and the command line run, but still big difference.
Also I am wondering why the preceding "Content analysis details:" are not included in the original amavis header ?
Is there a way to get amavis to include this detail ?
I wonder if I still have a config issue ?
Am I performing an equivilent SA call via the command line ?
  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20190805/9e771f3d/attachment.html>


More information about the amavis-users mailing list