[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Spam evading milter
From: |
J4K |
Subject: |
Spam evading milter |
Date: |
Mon, 11 Jul 2011 16:39:01 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10 |
Hi,
* Spamass-milter is set to reject on 10.
* Most email scoring >= 10 is correctly rejected.
* Test messages fed into the milter are correctly rejected.
* Some email is not rejected and passes through to the spamd
back-end. Spamd then scores is as (for example) 11 or higher.
* Bayes is enabled, yet high scoring spam has autolearn=no (see
example Spam headers below)
bayes_auto_learn_threshold_spam 13.0
(lets not focus on the Bayes, but the milter not rejecting)
* Tested with milter_watch and all is well
# /usr/local/bin/milter_watch local:/var/spool/postfix/spamass/spamass.sock
I Milter properly allowed clean mail through
I Milter blocked a spam/virus
How could a message that scored greater than 10 on the SA backend,
be scored lower on the milter, or perhaps not even processed?
I am a little confused by this. Has anyone some ideas?
Best regards, S.
------------------------------------ Spam headers follow
----------------------
System:
SpamAssassin 3.3.1
Spamass-milter 0.3.1-10
Here is an example:
X-Spam-Report
Yes, score=16.5 required=5.0 tests=BAYES_99,FH_FROMEML_NOTLD,
FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IPADDR,RDNS_DYNAMIC,TO_NO_BRKTS_DYNIP,
T_URIBL_BLACK_OVERLAP,UNPARSEABLE_RELAY,URIBL_BLACK,URIBL_DBL_SPAM,
URIBL_WS_SURBL shortcircuit=no autolearn=no version=3.3.1
X-Spam-Status
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs:
totaljoblists.net] * 1.6 URIBL_WS_SURBL Contains an URL listed in the WS
SURBL blocklist * [URIs: totaljoblists.net] * 1.7 URIBL_DBL_SPAM
Contains an URL listed in the DBL blocklist * [URIs: totaljoblists.net]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% * [score:
1.0000] * 3.2 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d * 1.1 FH_FROMEML_NOTLD
E-mail address doesn't have TLD (.com, etc.) * 0.0 UNPARSEABLE_RELAY
Informational: message has unparseable relay lines * 1.7 RDNS_DYNAMIC
Delivered to internal network by host with * dynamic-looking rDNS * 0.0
T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP * 2.0 HELO_DYNAMIC_IPADDR
Relay HELO'd using suspicious hostname (IP addr * 1) * 0.0
TO_NO_BRKTS_DYNIP To: misformatted and dynamic rDNS
Content-Type
text/plain; charset="iso-8859-1"
- Spam evading milter,
J4K <=