spam being delivered with high score
Martin Hepworth
maxsec at gmail.com
Tue Jun 9 11:33:52 IST 2009
2009/6/9 Alessandro Dentella <sandro at e-den.it>:
> On Tue, Jun 09, 2009 at 10:17:24AM +0100, Martin Hepworth wrote:
>> 2009/6/9 Alessandro Dentella <sandro at e-den.it>:
>> > Hi,
>> >
>> > i recenlty started receiving spam messages with high score (> 12) and
>> > [SPAM] subject and 'X-Spam-Status: No' even if the configuration of my
>> > mailscanner is:
>> >
>> > Required SpamAssassin Score = 5
>> > High SpamAssassin Score = 6
>> > Spam Actions = header "X-Spam-Status: Yes" store
>> > High Scoring Spam Actions = header "X-Spam-Status: Yes" store
>> > Non Spam Actions = deliver header "X-Spam-Status: No"
>> >
>> > is there some other directive that may confuse mailscanner?
>> >
>> > thanks in advance
>> > sandro
>> > *:-)
>> >
>> >
>> > --
>> > Sandro Dentella *:-)
>> > http://sqlkit.argolinux.org SQLkit home page - PyGTK/python/sqlalchemy
>> > --
>> > MailScanner mailing list
>> > mailscanner at lists.mailscanner.info
>> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>> >
>> > Before posting, read http://wiki.mailscanner.info/posting
>> >
>> > Support MailScanner development - buy the book off the website!
>> >
>>
>>
>> Sandro
>>
>> Full headers for an example email would be useful.
>
> here it is:
>
> Content-Type: text/html; charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
> MIME-Version: 1.0
> X-Spam-Score: 12.7 (++++++++++++)
> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
> See http://spamassassin.org/tag/ for more details.
> 0.0 MISSING_DATE Missing Date: header
> 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> above 50%
> [cf: 100]
> 2.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> [cf: 100]
> 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
> [89.33.169.107 listed in zen.spamhaus.org]
> 1.1 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
> [89.33.169.107 listed in dnsbl.sorbs.net]
> 2.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see <http://www.spamcop.net/bl.shtml?89.33.169.107>]
> X-VA-Spam-Flag: YES
> X-Spam-Flag: YES
> X-Headers-End: 1MDNHN-0007fQ-4s
> Subject: {Disarmed} [SPAM] Books you need
> Date: Sun, 7 Jun 2009 20:39:31 +0200 (CEST)
> X-MailScanner-ID: 957E45C74E.955AD
> X-thundersystems-MailScanner: Found to be clean
> X-thundersystems-MailScanner-SpamScore: ssss
> X-thundersystems-MailScanner-From: sdtcl at users.sourceforge.net
> X-Spam-Status: No
> Status: O
> Content-Length: 5344
>
> sandro
> *:-)
>
>
> --
> Sandro Dentella *:-)
> http://sqlkit.argolinux.org SQLkit home page - PyGTK/python/sqlalchemy
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
Sandro
MailScanner only scored it as 4 (4 s's in the
X-thundersystems-MailScanner-SpamScore: ssss line) Something else must
be spamassassin scoring this as well.
--
Martin Hepworth
Oxford, UK
More information about the MailScanner
mailing list