MailScanner permits mail with score higher than allowed score
Jerry Benton
jerry.benton at mailborder.com
Wed Dec 9 14:51:46 UTC 2015
And I am still sitting here blinking …. trying to remember what would cause a “is not spam” marking when the score exceeds the threshold. (Besides whitelisting)
Any whitelists for say … the server it came from?
-
Jerry Benton
www.mailborder.com
> On Dec 9, 2015, at 9:26 AM, Oliver Kutscher <ok at addix.net> wrote:
>
> Hi,
>
> we are experiencing a lot of spam mails since some days and some of the mails are allowed and passed to the recepient. Let's have a look into a log entry I found in my logs:
>
> Dec 9 11:22:50 mailscan1.mydomain.campus MailScanner[30235]: Message 1a6btR-0008Ty-Mo from 10.0.0.2 (spammer at spam.com) to mydomain.net is not spam, SpamAssassin (score=7.768, required=3.5, HTML_MESSAGE 0.00, KAM_LAZY_DOMAIN_SECURITY 1.00, RCVD_IN_BRBL_LASTEXT 1.45, RCVD_IN_SBL_CSS 3.33, RCVD_IN_XBL 0.38, URIBL_WS_SURBL 1.61)
>
> This mail passes the mail system an reached the recepient. I'm curious about two things:
>
> Why was the mail ranked as "is not spam" (score > required score)?
>
> Why has the required score a value of 3.5? I set per domain scores within /etc/MailScanner/rules/spam.score.rules:
>
> To: *@mycompany.com 4
> To: *@mycompany.net 8
> FromOrTo: default 3.5
>
> To make it more complicated: Most time the required score for mycompany.net is shown as 8 which is the required score that I'm expecting.
>
> I would be very appreciated for any suggestions.
>
> ==============
> Versions / OS
> ==============
> Running on
> Linux mailscan1.addix.campus 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
> This is CentOS Linux release 7.1.1503 (Core)
> This is Perl version 5.016003 (5.16.3)
>
> This is MailScanner version 4.85.2
> Module versions are:
> 1.01 AnyDBM_File
> 1.30 Archive::Zip
> 0.29 bignum
> 1.26 Carp
> 2.061 Compress::Zlib
> 1.119 Convert::BinHex
> 0.18 Convert::TNEF
> 2.145 Data::Dumper
> 2.30 Date::Parse
> 1.04 DirHandle
> 1.11 Fcntl
> 2.84 File::Basename
> 2.23 File::Copy
> 2.02 FileHandle
> 2.09 File::Path
> 0.2301 File::Temp
> 0.92 Filesys::Df
> 3.69 HTML::Entities
> 3.71 HTML::Parser
> 3.69 HTML::TokeParser
> 1.25_06 IO
> 1.16 IO::File
> 1.15 IO::Pipe
> 2.12 Mail::Header
> 1.998 Math::BigInt
> 0.2603 Math::BigRat
> 3.13 MIME::Base64
> 5.505 MIME::Decoder
> 5.505 MIME::Decoder::UU
> 5.505 MIME::Head
> 5.505 MIME::Parser
> 3.13 MIME::QuotedPrint
> 5.505 MIME::Tools
> 0.17 Net::CIDR
> 1.26 Net::IP
> 0.19 OLE::Storage_Lite
> 1.04 Pod::Escapes
> 3.28 Pod::Simple
> 1.30 POSIX
> 1.27 Scalar::Util
> 2.010 Socket
> 2.45 Storable
> 1.5 Sys::Hostname::Long
> 0.33 Sys::Syslog
> 1.48 Test::Pod
> 0.98 Test::Simple
> 1.9725 Time::HiRes
> 1.02 Time::localtime
>
> Optional module versions are:
> 1.92 Archive::Tar
> 0.29 bignum
> 2.06 Business::ISBN
> 20120719.001 Business::ISBN::Data
> missing Data::Dump
> 1.83 DB_File
> 1.39 DBD::SQLite
> 1.627 DBI
> 1.17 Digest
> 1.03 Digest::HMAC
> 2.52 Digest::MD5
> missing Digest::SHA1
> 1.01 Encode::Detect
> 0.17020 Error
> missing ExtUtils::CBuilder
> 3.18 ExtUtils::ParseXS
> 2.4 Getopt::Long
> missing Inline
> missing IO::String
> 1.10 IO::Zlib
> 2.28 IP::Country
> missing Mail::ClamAV
> 3.004000 Mail::SpamAssassin
> v2.008 Mail::SPF
> missing Mail::SPF::Query
> missing Module::Build
> missing Net::CIDR::Lite
> 0.72 Net::DNS
> missing Net::DNS::Resolver::Programmable
> missing Net::LDAP
> 4.069 NetAddr::IP
> missing Parse::RecDescent
> missing SAVI
> 3.28 Test::Harness
> missing Test::Manifest
> 2.02 Text::Balanced
> 1.60 URI
> 0.9907 version
> missing YAML
>
>
> Kind Regards,
> i.A.
> Oliver Kutscher
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
More information about the MailScanner
mailing list