[({Spam?})] FH_DATE_PAST_20XX 3.38

dcurtis at sbschools.net dcurtis at sbschools.net
Thu Jan 7 20:04:24 GMT 2010 

I did that from and mailarchiva message it still triggers the 3.38
score.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Broens
Sent: Thursday, January 07, 2010 2:55 PM
To: MailScanner discussion
Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38

On 01/07/10 07:10, dcurtis at sbschools.net wrote:
> I just grabbed a message out of the postfix incoming and ran it and
> (below) this is the output. I am assuming I need a real message that
> breaks the FH_DATE_PAST rule?

A Postfix Q file won't work.

> We just pass all out mail through postfix/mailscanner to Exchange. How
> do I grab a message from Exchange and send it back in?

Save a msg from Outlook, or whatever you use as a MUA.
(not ideal, but better to parse that than a Pfix Q file :-)

save msg as .eml file

run it against spamassassin.

> [root at sbmail downloads]# cat 822C56E6566 |spamassassin
> Received: from localhost by sbmail.sbschools.net
> 	with SpamAssassin (version 3.2.5);
> 	Thu, 07 Jan 2010 13:05:24 -0500
> Subject: [SPAM] 
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
> sbmail.sbschools.net
> X-Spam-Level: *******************
> X-Spam-Status: Yes, score=19.3 required=5.0
> tests=HEAD_ILLEGAL_CHARS,HEAD_LONG,
> 	
>
MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,
> 	
> NO_HEADERS_MESSAGE,NO_RECEIVED,NO_RELAYS,NULL_IN_BODY,TVD_SPACE_RATIO,
> 	UNRESOLVED_TEMPLATE autolearn=disabled version=3.2.5
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
boundary="----------=_4B462264.B7ED9CC2"
> 
> This is a multi-part message in MIME format.
> 
> ------------=_4B462264.B7ED9CC2
> Content-Type: text/plain; charset=iso-8859-1
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
> 
> Spam detection software, running on the system "sbmail.sbschools.net",
> has
> identified this incoming email as possible spam.  The original message
> has been attached to this so you can view it (if it isn't spam) or
label
> similar future email.  If you have any questions, see
> the administrator of that system for details.
> 
> Content preview:  .style36 {Nfont-size: 14px;N6font-family: Georgia,
> "Times
>    New Roman", Times, serif;Nfont-weight: bold;N}N .style58
> {Nfont-size:
>   8pt;N3font-family: Verdana, Arial, Helvetica, sans-serif;Ncolor:
> #CC0000;Nfont-weight:
>    normal;N}N .bstextlink {N3font-family: Verdana, Arial, Helvetica,
> sans-serif;Nfont-size:
>    14px;Nfont-weight: bold;N}a:link {Ncolor: #990000;N}N a:visited
> {Ncolor:
>    #990000;N}N a:hover {Ncolor: #990000;N}N a:active {Ncolor:
> #990000;N}N
>    [...] 
> 
> Content analysis details:   (19.3 points, 5.0 required)
> 
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  0.0 MISSING_MID            Missing Message-Id: header
>  0.0 MISSING_DATE           Missing Date: header
>  3.3 UNRESOLVED_TEMPLATE    Headers contain an unresolved template
> -0.0 NO_RELAYS              Informational: message was not relayed via
> SMTP
>  2.5 MISSING_HB_SEP         Missing blank line between message header
> and body
>  2.5 HEAD_LONG              Message headers are very long
>  3.7 HEAD_ILLEGAL_CHARS     Headers have too many raw illegal
characters
>  1.6 MISSING_HEADERS        Missing To: header
>  2.9 TVD_SPACE_RATIO        BODY: TVD_SPACE_RATIO
>  1.5 NULL_IN_BODY           FULL: Message has NUL (ASCII 0) byte in
> message
>  1.3 MISSING_SUBJECT        Missing Subject: header
> -0.0 NO_RECEIVED            Informational: message has no Received
> headers
>  0.0 NO_HEADERS_MESSAGE     Message appears to be missing most RFC-822
> headers
> 
> 
> 
> ------------=_4B462264.B7ED9CC2
> Content-Type: message/rfc822; x-spam-type=original
> Content-Description: original message before SpamAssassin
> Content-Disposition: inline
> Content-Transfer-Encoding: 8bit
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
> Broens
> Sent: Thursday, January 07, 2010 12:32 PM
> To: MailScanner discussion
> Subject: Re: [({Spam?})] FH_DATE_PAST_20XX 3.38
> 
> On 01/07/10 06:23, dcurtis at sbschools.net wrote:
>> Deleted the cache file and still getting the 3.38 score.
> 
> 2nd time:
> 
> get hold of a msg and pipe it manually thru SA:
> 
> cat msg |spamassassin
> 
> what does that report look like? is the rule still active?
> 
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 

______________________________________________________________
______________________________________________________________
This email may contain information protected under the Family 
Educational Rights and Privacy Act (FERPA) or the Health Insurance 
Portability and Accountability Act (HIPAA).  If this email contains 
confidential and/or privileged health or student information and you 
are not entitled to access such information under FERPA or HIPAA, 
federal regulations require that you destroy this email without 
reviewing it and you may not forward it to anyone.


--
This message has been scanned for viruses and
dangerous content by MailScanner, ClamAV and Bitdefender  and is
believed to be clean.

More information about the MailScanner mailing list