Different SA scan results

Peter Lemieux mailscanner at replies.cyways.com
Fri Feb 27 13:05:29 GMT 2015 

Most of the differences I see are the additional blacklist entries for 
the message.  If enough time has elapsed between the message's arrival 
and your testing, the message may have been reported to blacklists 
during the interval.  I see this happen all the time.  Messages that 
fail to trip my rules upon arrival later appear on blacklists if I run a 
command-line SpamAssassin check.

Peter


On 02/26/2015 09:12 PM, Jeremy McSpadden wrote:
> What would cause an cli scan (spamassassin -D < msg) to have different
> results than mailscanner scan ?
>
> via cli
>
> Content analysis details:   (26.1 points, 5.0 required)
>
>   pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>   3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
>                              [46.105.49.218 listed in zen.spamhaus.org
> <http://zen.spamhaus.org>]
>   5.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                              [URIs: karefon.eu <http://karefon.eu>]
>   5.0 URIBL_DBL_SPAM         Contains a spam URL listed in the DBL blocklist
>                              [URIs: karefon.eu <http://karefon.eu>]
> -2.0 SPF_HELO_PASS          SPF: HELO matches SPF record
> -0.0 SPF_PASS               SPF: sender matches SPF record
>   0.0 HTML_MESSAGE           BODY: HTML included in message
>   1.5 BAYES_50               BODY: Bayes spam probability is 40 to 60%
>                              [score: 0.4995]
>   0.5 KAM_EU                 RAW: Prevalent use of .eu in spam/malware
>   5.0 KAM_GRABBAG2           Grabbag of Spams hitting EU domains and
> other indicators
>   0.8 RDNS_NONE              Delivered to internal network by a host
> with no rDNS
>   2.0 HTML_OFF_PAGE          HTML element rendered well off the
> displayed page
>   0.0 UNPARSEABLE_RELAY      Informational: message has unparseable
> relay lines
>   5.0 KAM_VERY_BLACK_DBL     Email that hits both URIBL Black and
> Spamhaus DBL
>   0.0 T_REMOTE_IMAGE         Message contains an external image
>
>
> via ms
> 1.50
> BAYES_50
> Bayes spam probability is 40 to 60%
> 0.00
> HTML_MESSAGE
> HTML included in message
> 2.00
> HTML_OFF_PAGE
> HTML element rendered well off the displayed page
> 0.50
> KAM_EU
> Prevalent use of .eu in spam/malware
> 0.79
> RDNS_NONE
> Delivered to internal network by a host with no rDNS
> -2.00
> SPF_HELO_PASS
> SPF: HELO matches SPF record
> -0.00
> SPF_PASS
> SPF: sender matches SPF record
> 0.01
> T_REMOTE_IMAGE
> 0.00
> UNPARSEABLE_RELAY
> Informational: message has unparseable relay lines
> --
> Jeremy McSpadden
> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions
> *Office* : 850-250-5590 x 501 | *Cell* : 850-890-2543 | *Fax* : 850-254-2955
>
>
>

More information about the MailScanner mailing list