Upgrade to 4.79.11

Martin Hepworth maxsec at gmail.com
Thu Jul 22 08:42:54 IST 2010


On 21 July 2010 20:15, <derek.winkler at algorithmics.com> wrote:

>  I just upgraded from 4.69.9 to 4.79.11, SA from 3.2.5 to SA 3.3.1.
>
>
>
> Everything lints fine, can’t find any problems.
>
>
>
> I’m getting spam that when processed by MS scores quite low,
>
>
>
> X-Algo-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.5,
>
>                 required 4.5, autolearn=disabled, RCVD_IN_BRBL 0.50)
>
>
>
> but when tested with SA within minutes on the same server scores quite
> high,
>
>
>
> Content analysis details:   (23.7 points, 5.0 required)
>
>
>
>  pts rule name              description
>
> ---- ----------------------
> --------------------------------------------------
>
>  0.5 RCVD_IN_BRBL           RBL: Received via a relay in BRBL
>
>                             [198.7.242.169 listed in
> b.barracudacentral.org]
>
>  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
>
>                [Blocked - see <
> http://www.spamcop.net/bl.shtml?198.7.242.169>]
>
>  1.6 RCVD_IN_BRBL_LASTEXT   RBL: RCVD_IN_BRBL_LASTEXT
>
>                             [198.7.242.169 listed in
> bb.barracudacentral.org]
>
>  0.7 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
>
>                             [198.7.242.169 listed in zen.spamhaus.org]
>
>  2.7 RCVD_IN_PSBL           RBL: Received via a relay in PSBL
>
>                             [198.7.242.169 listed in psbl.surriel.com]
>
>  4.5 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL
> blocklist
>
>                             [URIs: erectgardiner81b.ru]
>
>  1.7 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
> blocklist
>
>                             [URIs: erectgardiner81b.ru]
>
>  1.9 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
> blocklist
>
>                             [URIs: erectgardiner81b.ru]
>
>  1.7 URIBL_DBL_SPAM         Contains an URL listed in the DBL blocklist
>
>                             [URIs: erectgardiner81b.ru]
>
> -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
>
>                             domain
>
>  0.9 SPF_HELO_SOFTFAIL      SPF: HELO does not match SPF record (softfail)
>
>  0.6 URIBL_SBL              Contains an URL listed in the SBL blocklist
>
>                             [URIs: erectgardiner81b.ru]
>
>  0.0 HTML_IMAGE_ONLY_32     BODY: HTML: images with 2800-3200 bytes of
> words
>
>  0.6 HTML_IMAGE_RATIO_04    BODY: HTML has a low ratio of text to image
> area
>
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>
>  1.7 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
>
>  2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
>
>                             above 50%
>
>                             [cf: 100]
>
>  0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>
>                             [cf: 100]
>
>  0.4 RDNS_DYNAMIC           Delivered to internal network by host with
>
>                             dynamic-looking rDNS
>
>  0.0 T_SURBL_MULTI2         T_SURBL_MULTI2
>
>  0.0 T_SURBL_MULTI1         T_SURBL_MULTI1
>
>
>
> Any ideas why?
>
>
>
> Using Sendmail on RHEL4.
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
Derek

I'd check your mailscanner is checking against the correct spamassassin and
not using cruft from the old version.


-- 
Martin Hepworth
Oxford, UK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20100722/ca06af92/attachment.html


More information about the MailScanner mailing list