Spam with bogus spamassassin checks

Tiago Meireles tmeireles at electroind.com
Wed Nov 4 21:03:14 UTC 2015


The SARE rule sets caused me a lot of headaches. Removing them fixed a significant amount of false positives on my end.

-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin Miller
Sent: Wednesday, November 04, 2015 4:00 PM
To: 'MailScanner Discussion'
Subject: RE: Spam with bogus spamassassin checks

Are you running old SARE rule sets?  The VIRUS_WARNING62 is a bit suspect - I don't have that rule in my spamassassin (3.4).  Maybe it was added in 3.4.1 but 

All references I found to it dated to around 2005 or 2006.  SARE went away years ago.  

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500 Registered Linux User No: 307357

-----Original Message-----
From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of William D. Colburn
Sent: Wednesday, November 04, 2015 11:22 AM
To: mailscanner at lists.mailscanner.info
Subject: Spam with bogus spamassassin checks

We use MailScanner here, I'm at 4.85.2-3.  Spamassassin is at 3.4.1.
with razor agents 2.84.  We have spam leaking through that has bogus looking spamassassin results:

  X-MailScanner: Found to be clean
  X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.01, required 5, autolearn=disabled, T_RP_MATCHES_RCVD -0.01)
  X-Spam-Status: No

If I manually run the spam message through spamassassin it is flagged
correctly as spam.   The messages are small, 2k or so, with nothing
weird in the headers that I can spot.

I've scanned the maillogs.  I've tried turning on all the various debug options in MailScanner I could find.  Nothing has panned out.  These emails continue to leak through with no indication of why.

Does anyone have any suggestions of where I should look?

----------------------------------------------------------------------
Also, your listserve's confirmation email was considered to be spam by MailScanner.

X-MailScanner-Information: Please contact the postmaster at aoc.nrao.edu for more
        information
X-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (score=5.651, required 5,
        autolearn=disabled, DKIM_SIGNED 0.10, RCVD_IN_DNSWL_LOW -0.70,
        TVD_SPACE_RATIO 0.00, TVD_SPACE_RATIO_MINFP 2.75,
        T_DKIM_INVALID 0.01, T_RP_MATCHES_RCVD -0.01, VIRUS_WARNING62
	3.50)
X-MailScanner-SpamScore: sssss
X-MailScanner-From: mailscanner-bounces at lists.mailscanner.info
X-Spam-Status: Yes

--Schlake


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner



-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/listinfo/mailscanner




More information about the MailScanner mailing list