High SpamAssassin scores but Subject not modified

Sun Apr 13 18:52:28 IST 2003

On Sun, 2003-04-13 at 07:44, Raymond Dijkxhoorn wrote:
> Hi!
>
> > After some further digging, it turns out that only messages from a
> > particular ISP are ignored by MailScanner/Spamassassin. That ISP happens
> > to use Spamassassin and hence the header entry in the message. The more
> > interesting part is why IS my setup not calling Spamassassin if the
> > message already has a Spamassassin header in it? Is there a switch in
> > MailScanner.conf I can set so ALL messages get scanned?
>
> Exactly, since it would be easy for spammers to bypass your spam checks,
> simply by adding a header :)

OTOH, here's an example of where both the ISP and my MS/Spamassassin
combo worked together (note that "**SPAM**" was added by the ISP prior
to my server receiving it):

Subject: {Spam?} **SPAM** Use the internet to make money nqah
Date: Sun, 13 Apr 03 07:43:03 GMT
X-Priority:  3
X-MSMail-Priority:  Normal
X-Mailer:  Microsoft Outlook Express 6.00.2600.0000
MIME-Version:  1.0
Content-Type:  multipart/alternative; boundary="A857D59C_CCD5F5A0FF3B"
X-Virus-Scanned:  by ebola.sfu.ca running antivirus scanner
X-Spam-Level:  Spam-Level SSSSSSSSSSSSSSSSSSSSSSSSSS
X-Spam-Checker-Version:  SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp)
X-Spam-Report:  ---- Start SpamAssassin results 26.00 points, 5
required; *  2.9 -- From address is webmail, but starts with a number *
4.3 -- BODY: Claims compliance with spam regulations *  0.4 -- BODY:
Information on how to work at home (1) *  3.2 -- BODY: Claims compliance
with spam regulations *  0.1 -- BODY: Claims you can be removed from the
list *  2.9 -- BODY: Not intended for residents of somewhere or other *
1.4 -- BODY: "one time mailing" doesn't mean it isn't spam *  0.1 --
BODY: HTML has "tbody" tag *  0.2 -- BODY: HTML font color has unusual
name *  0.1 -- BODY: HTML font color is red *  0.7 -- BODY: HTML font
color is green *  0.2 -- BODY: Message is 50% to 60% HTML *  0.1 --
BODY: HTML included in message *  0.1 -- BODY: FONT Size +2 and up or 3
and up *  0.6 -- BODY: HTML has unbalanced "body" tags *  0.1 -- BODY:
HTML font color is blue *  0.7 -- RAW: Message text in HTML without
specified charset *  2.0 -- Listed in Razor2, see http://razor.sf.net/
*  0.9 -- Date: is 3 to 6 hours after Received: date *  3.3 -- Forged
mail pretending to be from MS Outlook *  0.1 -- Message only has
text/html MIME parts *  0.5 -- Message has X-MSMail-Priority, but no
X-MimeOLE *  1.1 -- message body is 25-50% uppercase ---- End of
SpamAssassin results
X-Spam-Flag:  YES
X-MailScanner-Information:  Please contact the ISP for more information
X-MailScanner:  Found to be clean
X-MailScanner-SpamCheck:  spam, SpamAssassin (score=15.5, required 5,
BIG_FONT, DATE_IN_FUTURE_03_06, EXCUSE_3, EXCUSE_7, FROM_HAS_MIXED_NUMS,
HTML_50_70, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GREEN,
HTML_FONT_COLOR_NAME, HTML_FONT_COLOR_RED, HTML_FONT_FACE_ODD,
LINES_OF_YELLING, MIME_HTML_NO_CHARSET, MISSING_MIMEOLE, NOT_INTENDED,
ONE_TIME_MAILING, PARA_A_2_C_OF_1618, SECTION_301, SENT_IN_COMPLIANCE,
SPAM_PHRASE_21_34, UPPERCASE_25_50, USER_AGENT_OE, WORK_AT_HOME)
X-MailScanner-SpamScore:  sssssssssssssss

Stephen