Any advice with score would be great.
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Wed May 4 08:57:29 IST 2005
David
you've got alot of the SARE rules etc that I run. Good.
Doing the RBL's in MailScanner I find can produce alot of false
positives, I'd move them to SpamAssassin.
Can you put the email (headers included) to a url so I can see what
scores I ge on my system. I've got mine reasonably well tuned so I may
get a few more hits.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
David Curtis wrote:
> [root at sbschools dns]# spamassassin --lint -D -p
> /etc/MailScanner/spam.assassin.prefs.conf
> debug: SpamAssassin version 3.0.2
> debug: Score set 0 chosen.
> debug: running in taint mode? yes
> debug: Running in taint mode, removing unsafe env vars, and resetting PATH
> debug: PATH included '/usr/kerberos/sbin', keeping.
> debug: PATH included '/usr/kerberos/bin', keeping.
> debug: PATH included '/usr/local/sbin', keeping.
> debug: PATH included '/usr/sbin', keeping.
> debug: PATH included '/sbin', keeping.
> debug: PATH included '/usr/local/bin', keeping.
> debug: PATH included '/bin', keeping.
> debug: PATH included '/usr/bin', keeping.
> debug: PATH included '/usr/X11R6/bin', keeping.
> debug: PATH included '/home/dns/bin', which doesn't exist, dropping.
> debug: Final PATH set to:
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
> debug: diag: module not installed: DBI ('require' failed)
> debug: diag: module installed: DB_File, version 1.809
> debug: diag: module installed: Digest::SHA1, version 2.10
> debug: diag: module installed: IO::Socket::UNIX, version 1.21
> debug: diag: module installed: MIME::Base64, version 3.01
> debug: diag: module installed: Net::DNS, version 0.48
> debug: diag: module installed: Net::LDAP, version 0.31
> debug: diag: module installed: Razor2::Client::Agent, version 2.67
> debug: diag: module installed: Storable, version 2.13
> debug: diag: module installed: URI, version 1.35
> debug: ignore: using a test message to lint rules
> debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
> debug: config: read file /etc/mail/spamassassin/init.pre
> debug: using "/usr/share/spamassassin" for default rules dir
> debug: config: read file /usr/share/spamassassin/10_misc.cf
> debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
> debug: config: read file /usr/share/spamassassin/20_body_tests.cf
> debug: config: read file /usr/share/spamassassin/20_compensate.cf
> debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
> debug: config: read file /usr/share/spamassassin/20_drugs.cf
> debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
> debug: config: read file /usr/share/spamassassin/20_head_tests.cf
> debug: config: read file /usr/share/spamassassin/20_html_tests.cf
> debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
> debug: config: read file /usr/share/spamassassin/20_phrases.cf
> debug: config: read file /usr/share/spamassassin/20_porn.cf
> debug: config: read file /usr/share/spamassassin/20_ratware.cf
> debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
> debug: config: read file /usr/share/spamassassin/23_bayes.cf
> debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
> debug: config: read file /usr/share/spamassassin/25_hashcash.cf
> debug: config: read file /usr/share/spamassassin/25_spf.cf
> debug: config: read file /usr/share/spamassassin/25_uribl.cf
> debug: config: read file /usr/share/spamassassin/30_text_de.cf
> debug: config: read file /usr/share/spamassassin/30_text_fr.cf
> debug: config: read file /usr/share/spamassassin/30_text_nl.cf
> debug: config: read file /usr/share/spamassassin/30_text_pl.cf
> debug: config: read file /usr/share/spamassassin/50_scores.cf
> debug: config: read file /usr/share/spamassassin/60_whitelist.cf
> debug: using "/etc/mail/spamassassin" for site rules dir
> debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_arc.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_html.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_random.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf
> debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf
> debug: config: read file
> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
> debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf
> debug: config: read file /etc/mail/spamassassin/evilnumbers.cf
> debug: config: read file /etc/mail/spamassassin/local.cf
> debug: config: read file /etc/mail/spamassassin/tripwire.cf
> debug: using "/root/.spamassassin" for user state dir
> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
> debug: config: read file /etc/MailScanner/spam.assassin.prefs.conf
> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> debug: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)
> debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
> debug: plugin: registered
> Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)
> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0)
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)
> implements 'parse_config'
> debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c)
> implements 'parse_config'
> debug: using "/root/.spamassassin" for user state dir
> debug: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> debug: Score set 1 chosen.
> debug: ---- MIME PARSER START ----
> debug: main message type: text/plain
> debug: parsing normal part
> debug: added part, type: text/plain
> debug: ---- MIME PARSER END ----
> debug: bayes: no dbs present, cannot tie DB R/O:
> /root/.spamassassin/bayes_toks
> debug: metadata: X-Spam-Relays-Trusted:
> debug: metadata: X-Spam-Relays-Untrusted:
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)
> implements 'parsed_metadata'
> debug: is Net::DNS::Resolver available? yes
> debug: Net::DNS version: 0.48
> debug: trying (3) gmx.net...
> debug: looking up NS for 'gmx.net'
> debug: NS lookup of gmx.net succeeded => Dns available (set
> dns_available to hardcode)
> debug: is DNS available? 1
> debug: decoding: no encoding detected
> debug: URIDNSBL: domains to query:
> debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
> <mailto:ignore at compiling.spamassassin.taint.org>
> debug: Running tests for priority: 0
> debug: running header regexp tests; score so far=0
> debug: registering glue method for check_hashcash_double_spend
> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c))
> debug: registering glue method for check_for_spf_helo_pass
> (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0))
> debug: SPF: message was delivered entirely via trusted relays, not required
> debug: registering glue method for check_hashcash_value
> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0xa8d338c))
> debug: all '*To' addrs:
> debug: registering glue method for check_for_spf_softfail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0))
> debug: SPF: message was delivered entirely via trusted relays, not required
> debug: registering glue method for check_for_spf_pass
> (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0))
> debug: registering glue method for check_for_spf_helo_softfail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0))
> debug: registering glue method for check_for_spf_helo_fail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0xa9242a0))
> debug: running body-text per-line regexp tests; score so far=0.197
> debug: running uri tests; score so far=0.197
> debug: registering glue method for check_uridnsbl
> (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8))
> debug: Razor2 is available
> debug: entering helper-app run mode
> Razor-Log: Computed razorhome from env: /root/.razor
> Razor-Log: Found razorhome: /root/.razor
> Razor-Log: read_file: 16 items read from /root/.razor/razor-agent.conf
> May 02 16:12:35.520784 check[19071]: [ 2] [bootup] Logging initiated
> LogDebugLevel=9 to stdout
> May 02 16:12:35.522031 check[19071]: [ 5] computed
> razorhome=/root/.razor, conf=/root/.razor/razor-agent.conf,
> ident=/root/.razor/identity
> May 02 16:12:35.522771 check[19071]: [ 8] Client supported_engines: 4 8
> May 02 16:12:35.524043 check[19071]: [ 8] prep_mail done: mail 1
> headers=93, mime0=1376
> May 02 16:12:35.525327 check[19071]: [ 5] read_file: 1 items read from
> /root/.razor/servers.discovery.lst
> May 02 16:12:35.526589 check[19071]: [ 5] read_file: 2 items read from
> /root/.razor/servers.nomination.lst
> May 02 16:12:35.527742 check[19071]: [ 5] read_file: 1 items read from
> /root/.razor/servers.catalogue.lst
> May 02 16:12:35.528892 check[19071]: [ 9] Assigning defaults to
> folly.cloudmark.com
> May 02 16:12:35.529748 check[19071]: [ 9] Assigning defaults to
> joy.cloudmark.com
> May 02 16:12:35.530434 check[19071]: [ 9] Assigning defaults to
> shock.cloudmark.com
> May 02 16:12:35.532874 check[19071]: [ 5] read_file: 16 items read from
> /root/.razor/server.shock.cloudmark.com.conf
> May 02 16:12:35.534658 check[19071]: [ 5] read_file: 16 items read from
> /root/.razor/server.shock.cloudmark.com.conf
> May 02 16:12:35.536506 check[19071]: [ 5] read_file: 16 items read from
> /root/.razor/server.tension.cloudmark.com.conf
> May 02 16:12:35.538282 check[19071]: [ 5] read_file: 16 items read from
> /root/.razor/server.tension.cloudmark.com.conf
> May 02 16:12:35.539897 check[19071]: [ 5] read_file: 12 items read from
> /root/.razor/server.folly.cloudmark.com.conf
> May 02 16:12:35.541446 check[19071]: [ 5] read_file: 12 items read from
> /root/.razor/server.folly.cloudmark.com.conf
> May 02 16:12:35.542380 check[19071]: [ 5] 150874 seconds before closest
> server discovery
> May 02 16:12:35.543088 check[19071]: [ 6] shock.cloudmark.com is a
> Catalogue Server srl 5078; computed min_cf=6, Server se: C8
> May 02 16:12:35.543922 check[19071]: [ 8] Computed supported_engines: 4 8
> May 02 16:12:35.544544 check[19071]: [ 8] Using next closest server
> shock.cloudmark.com:2703, cached info srl 5078
> May 02 16:12:35.545261 check[19071]: [ 8] mail 1 has no subject
> May 02 16:12:35.546631 check[19071]: [ 6] preproc: mail 1.0 went from
> 1376 bytes to 1339
> May 02 16:12:35.547235 check[19071]: [ 6] computing sigs for mail 1.0,
> len 1339
> May 02 16:12:35.552407 check[19071]: [ 6] Engine (8) didn't produce a
> signature for mail 1.0
> May 02 16:12:35.553497 check[19071]: [ 6] skipping whitelist file
> (empty?): /root/.razor/razor-whitelist
> May 02 16:12:35.554079 check[19071]: [ 5] Connecting to
> shock.cloudmark.com ...
> May 02 16:12:35.853955 check[19071]: [ 8] Connection established
> May 02 16:12:35.854726 check[19071]: [ 4] shock.cloudmark.com >> 36
> server greeting: sn=C&srl=5078&a=l&a=cg&ep4=7542-10
> May 02 16:12:35.856062 check[19071]: [ 4] shock.cloudmark.com << 25
> May 02 16:12:35.856675 check[19071]: [ 6] cn=razor-agents&cv=2.67
> May 02 16:12:35.857464 check[19071]: [ 6] shock.cloudmark.com is a
> Catalogue Server srl 5078; computed min_cf=6, Server se: C8
> May 02 16:12:35.858584 check[19071]: [ 8] Computed supported_engines: 4 8
> May 02 16:12:35.859462 check[19071]: [ 8] mail 1.0 e4 sig:
> xFaZIZUVHk90OQfARnenjx5BZTMA
> May 02 16:12:35.860075 check[19071]: [ 5] mail 1.0 e8 got no sig
> May 02 16:12:35.860660 check[19071]: [ 8] preparing 1 queries
> May 02 16:12:35.861471 check[19071]: [ 8] sending 1 batches
> May 02 16:12:35.862166 check[19071]: [ 4] shock.cloudmark.com << 52
> May 02 16:12:35.862770 check[19071]: [ 6]
> a=c&e=4&ep4=7542-10&s=xFaZIZUVHk90OQfARnenjx5BZTMA
> May 02 16:12:36.188044 check[19071]: [ 4] shock.cloudmark.com >> 5
> May 02 16:12:36.188660 check[19071]: [ 6] response to sent.2
> p=0
> May 02 16:12:36.190016 check[19071]: [ 6] mail 1.0 e=4
> sig=xFaZIZUVHk90OQfARnenjx5BZTMA: sig not found.
> May 02 16:12:36.190632 check[19071]: [ 7] method 4: mail 1.0:
> no-contention part, spam=0
> May 02 16:12:36.191180 check[19071]: [ 7] method 4: mail 1: all
> non-contention parts not spam, mail not spam
> May 02 16:12:36.191600 check[19071]: [ 3] mail 1 is not known spam.
> May 02 16:12:36.192094 check[19071]: [ 5] disconnecting from server
> shock.cloudmark.com
> May 02 16:12:36.192972 check[19071]: [ 4] shock.cloudmark.com << 5
> May 02 16:12:36.193393 check[19071]: [ 6] a=q
> debug: Using results from Razor v2.67
> debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0
> debug: leaving helper-app run mode
> debug: Razor2 results: spam? 0 highest cf score: 0
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)
> implements 'check_tick'
> debug: running raw-body-text per-line regexp tests; score so far=0.197
> debug: running full-text regexp tests; score so far=0.197
> debug: Razor2 is available
> debug: Current PATH is:
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
> debug: executable for pyzor was found at /usr/bin/pyzor
> debug: Pyzor is available: /usr/bin/pyzor
> debug: entering helper-app run mode
> debug: setuid: helper proc 19075: ruid=0 euid=0
> debug: Pyzor: got response: 66.250.40.33:24441 (200, 'OK') 0 0
> debug: leaving helper-app run mode
> debug: DCCifd is not available: no r/w dccifd socket found.
> debug: DCC is available: /usr/local/bin/dccproc
> debug: entering helper-app run mode
> debug: setuid: helper proc 19076: ruid=0 euid=0
> debug: DCC: got response: X-DCC--Metrics: sbschools.net 1074; Body=13333
> Fuz1=3415356 Fuz2=3415350
> debug: leaving helper-app run mode
> debug: DCC: Listed! BODY: 13333 of 999999 FUZ1: 3415356 of 999999 FUZ2:
> 3415350 of 999999
> debug: Running tests for priority: 500
> debug: RBL: success for 1 of 1 queries
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0xa8ea0d8)
> implements 'check_post_dnsbl'
> debug: running meta tests; score so far=1.57
> debug: running header regexp tests; score so far=1.86
> debug: running body-text per-line regexp tests; score so far=1.86
> debug: running uri tests; score so far=1.86
> debug: running raw-body-text per-line regexp tests; score so far=1.86
> debug: running full-text regexp tests; score so far=1.86
> debug: Running tests for priority: 1000
> debug: running meta tests; score so far=1.86
> debug: running header regexp tests; score so far=1.86
> debug: using "/root/.spamassassin" for user state dir
> debug: lock: 19071 created /root/.spamassassin/auto-whitelist.mutex
> debug: lock: 19071 trying to get lock on
> /root/.spamassassin/auto-whitelist with 30 timeout
> debug: lock: 19071 link to /root/.spamassassin/auto-whitelist.mutex: link ok
> debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
> debug: auto-whitelist (db-based):
> ignore at compiling.spamassassin.taint.org|ip=none
> <mailto:ignore at compiling.spamassassin.taint.org|ip=none> scores 0/0
> debug: AWL active, pre-score: 1.86, autolearn score: 1.86, mean: undef,
> IP: undef
> debug: DB addr list: untie-ing and unlocking.
> debug: DB addr list: file locked, breaking lock.
> debug: unlock: 19071 unlocked /root/.spamassassin/auto-whitelist.mutex
> debug: Post AWL score: 1.86
> debug: running body-text per-line regexp tests; score so far=1.86
> debug: running uri tests; score so far=1.86
> debug: running raw-body-text per-line regexp tests; score so far=1.86
> debug: running full-text regexp tests; score so far=1.86
> debug: is spam? score=1.86 required=5
> debug: tests=DCC_CHECK,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME
> debug:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__SANE_MSGID,__SARE_HTML_HAS_MSG,__UNUSABLE_MSGID
>
>
> >>> ssilva at SGVWATER.COM 05/02 3:26 PM >>>
> David Curtis wrote:
> > I am getting spam with a very low score. Can any one tell me why this
> > e-mail was scored so low. I use rulesdujour and spamassassin 3.03 and
> > MailScanner-4.40.11-1. My spam list is Spam List = ORDB-RBL SBL+XBL. In
> > postfix I am using maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org,
> > opm.blitzed.org, dun.dnsrbl.net, spam.dnsrbl.net.
> >
> > I know I can change scores but I wonder why it is so low.
> >
> >
> > The score was from these:
> > SpamAssassin (score=1.597,required 3.75)
> > (BAYES_50 0.00, DNS_FROM_RFC_WHOIS 0.30, SARE_RECV_INFOSAT 0.64,
> > SUBJ_ALL_CAPS 0.67, SUBJ_ALL_CAPS 0.67)
> >
> >
> > OFFICE OF THE ACCOUNTANT GENERAL OF FEDERATION
> > PROBE VERIFICATION PANEL ON FOREIGN CONTRACT PAYMENT
> > FEDERAL COMPLEX TINUBU SQUARE,
> > Lagos- Nigeria.
> > Tel/Fax:
> > Our Ref: ACG/FGN/543WS 234-1803-7127318
> > Email: moha_ibru at yahoo.com <mailto:moha_ibru at yahoo.com>
>
> This is the old Nigerian scam. Are you sure your rules are up to date
> and in the proper path?
> Is your rules_du_joir script up to date?
>
> What does
> spamassassin --lint -D -p /etc/MailScanner/spam.assassin.prefs.conf
> show?
>
> --
> "If you have ever eaten crow,
> It don't taste like chicken!!"
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>
> This email may contain information protected under the Family
> Educational Rights and Privacy Act (FERPA) or the Health Insurance
> Portability and Accountability Act (HIPAA). If this email contains
> confidential and/or privileged health or student information and you
> are not entitled to access such information under FERPA or HIPAA,
> federal regulations require that you destroy this email without
> reviewing it and you may not forward it to anyone.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list