info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Low score on external received mail
28 views
Skip to first unread message
lamber...@gmail.com
Jul 18, 2018, 4:51:06 AM7/18/18
to
Hi,
In my rather basic setup I experience odd behavior of Amavis.
The current setup is postfix + Amavis + Spamassassin + bind on CentOS 7.
I configured postfix to use Amavis as content_filter, Amavis is being called runs Spamassassin checks and delivers the mail with score:
X-Spam-Score: 1.272
X-Spam-Level: *
X-Spam-Status: No, score=1.272 tagged_above=-100 required=2.5
tests=[RDNS_NONE=1.274, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
When I run spamc on the same mail I get the following report:
11.7/5.0
Spam detection software, running on the system "server.lambiek.eu",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: CBS MENS HEALTH REPORT July, 17th 2018 Morning Report - Healthy
Men If you arent waking up with or going to sleep with a stiff-erection,
then you need to see this shocking formula presented on Shark Tank today.
[...]
Content analysis details: (11.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[63.80.89.127 listed in psbl.surriel.com]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[63.80.89.127 listed in zen.spamhaus.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: jizzwars.date]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: jizzwars.date]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
When I submit the spam mail using msmtp locally, the mail is caught as spam with score:
Content analysis details: (6.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: baldshed.date]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URIs: baldshed.date]
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: baldshed.date]
I can't explain all the differences between these runs.
The main question is why the initial handling of the mail message does not trigger the spam score.
Best regards,
Lambert
In my rather basic setup I experience odd behavior of Amavis.
The current setup is postfix + Amavis + Spamassassin + bind on CentOS 7.
I configured postfix to use Amavis as content_filter, Amavis is being called runs Spamassassin checks and delivers the mail with score:
X-Spam-Score: 1.272
X-Spam-Level: *
X-Spam-Status: No, score=1.272 tagged_above=-100 required=2.5
tests=[RDNS_NONE=1.274, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=no autolearn_force=no
When I run spamc on the same mail I get the following report:
11.7/5.0
Spam detection software, running on the system "server.lambiek.eu",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: CBS MENS HEALTH REPORT July, 17th 2018 Morning Report - Healthy
Men If you arent waking up with or going to sleep with a stiff-erection,
then you need to see this shocking formula presented on Shark Tank today.
[...]
Content analysis details: (11.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[63.80.89.127 listed in psbl.surriel.com]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[63.80.89.127 listed in zen.spamhaus.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: jizzwars.date]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: jizzwars.date]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
When I submit the spam mail using msmtp locally, the mail is caught as spam with score:
Content analysis details: (6.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.8 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: baldshed.date]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URIs: baldshed.date]
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: baldshed.date]
I can't explain all the differences between these runs.
The main question is why the initial handling of the mail message does not trigger the spam score.
Best regards,
Lambert
0 new messages