spamass-milt-list
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spam evading milter

From: J4K
Subject: Spam evading milter
Date: Mon, 11 Jul 2011 16:39:01 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10 
Hi,

    * Spamass-milter is set to reject on 10.

    * Most email scoring >= 10 is correctly rejected.

    * Test messages fed into the milter are correctly rejected.

    * Some email is not rejected and passes through to the spamd
back-end.  Spamd then scores is as (for example) 11 or higher.

    * Bayes is enabled, yet high scoring spam has autolearn=no (see
example Spam headers below)
    bayes_auto_learn_threshold_spam       13.0
    (lets not focus on the Bayes, but the milter not rejecting)

* Tested with milter_watch and all is well
 # /usr/local/bin/milter_watch local:/var/spool/postfix/spamass/spamass.sock
I Milter properly allowed clean mail through
I Milter blocked a spam/virus


    How could a message that scored greater than 10 on the SA backend,
be scored lower on the milter, or perhaps not even processed?

I am a little confused by this.  Has anyone some ideas?

Best regards, S.

------------------------------------  Spam headers follow
----------------------

System:
SpamAssassin 3.3.1
Spamass-milter 0.3.1-10


Here is an example:
X-Spam-Report
Yes, score=16.5 required=5.0 tests=BAYES_99,FH_FROMEML_NOTLD,
FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR,RDNS_DYNAMIC,TO_NO_BRKTS_DYNIP,
T_URIBL_BLACK_OVERLAP,UNPARSEABLE_RELAY,URIBL_BLACK,URIBL_DBL_SPAM,
URIBL_WS_SURBL shortcircuit=no autolearn=no version=3.3.1

X-Spam-Status
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs:
totaljoblists.net] * 1.6 URIBL_WS_SURBL Contains an URL listed in the WS
SURBL blocklist * [URIs: totaljoblists.net] * 1.7 URIBL_DBL_SPAM
Contains an URL listed in the DBL blocklist * [URIs: totaljoblists.net]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score:
1.0000] * 3.2 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d * 1.1 FH_FROMEML_NOTLD
E-mail address doesn't have TLD (.com, etc.) * 0.0 UNPARSEABLE_RELAY
Informational: message has unparseable relay lines * 1.7 RDNS_DYNAMIC
Delivered to internal network by host with * dynamic-looking rDNS * 0.0
T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP * 2.0 HELO_DYNAMIC_IPADDR
Relay HELO'd using suspicious hostname (IP addr * 1) * 0.0
TO_NO_BRKTS_DYNIP To: misformatted and dynamic rDNS
   
Content-Type
text/plain;    charset="iso-8859-1"
reply via email to
[Prev in Thread] Current Thread [Next in Thread]