Email quarantined with low score

phil at philfixit.com.au phil at philfixit.com.au
Mon Dec 30 22:21:46 CET 2024 

>> Thanks, that looks likely but why doesn't it actually add the 5 
>> points or show the rule that it hit to make it quarantine the mail ? 
>> It would certainly help understand whats happening rather than having 
>> to whitelist it and hope for the best.
>
> You seem to be using the Debian/Ubuntu notification templates, so try 
> this:
>
>> --- /etc/amavis/en_US/template-spam-admin.txt.orig    2024-12-28 
>> 07:05:16.461210732 +0100
>> +++ /etc/amavis/en_US/template-spam-admin.txt    2024-12-28 
>> 07:05:31.245112073 +0100
>> @@ -34,6 +34,8 @@
>>  ]
>>  [? %#N |#|The message WAS NOT relayed to:[\n%N]
>>  ]
>> +Testscores: [:TESTSSCORES]
>> +
>>  Spam scanner report:
>>  [%A
>>  ]\
>
> It will potentially include spam hits not originating from SpamAssassin:
>
>> Testscores: ... AM.WBL=5 ...

For the sake of completeness, it does include the hit above, thanks Damian


Testscores: AM.WBL=5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_RATIO_04=0.001, HTML_MESSAGE=0.001, KAM_REALLYHUGEIMGSRC=0.5, KAM_ZWNS=2.5, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001


Content analysis details:   (2.9 points, 6.0 required)

  pts rule name              description
---- ---------------------- --------------------------------------------------
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
-0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                         [223.165.120.19 listed in sa-trusted.bondedsender.org]
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                            [223.165.120.19 listed in bl.score.senderscore.com]
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.0 HTML_IMAGE_RATIO_04    BODY: HTML has a low ratio of text to image
                             area
  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
                             identical to background
  0.5 KAM_REALLYHUGEIMGSRC   RAW: Spam with image tags with ridiculously
                              huge http urls
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
-0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  2.5 KAM_ZWNS               Use of zero width space characters indicates a goal to
                             elude scanners
  0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
                             lines

More information about the amavis-users mailing list