You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Thoene <ma...@remedyx.com> on 2004/07/22 07:56:36 UTC
SURBL issue
Not sure if this is an amavisd-new or SA question but will try here
first...
E-mail that should be hitting on the URIBL_WS_SURBL checks are not.
Below is the header of one I just received a few minutes ago:
From: weston_waltersca@student.hro.nl
To: matt@thoene.net
Subject: $17168
Date: Thu, 22 Jul 2004 12:47:35 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by amavisd-new at comcierge.com
X-Spam-Status: No, hits=2.4 tagged_above=-100.0 required=3.0 tests=BAD_CREDIT,
BAYES_44, MSGID_DOLLARS, NO_REAL_NAME, SUBJ_DOLLARS
X-Spam-Level: **
I took the same email and ran it through a test on the mail server
directly and it hit fine...
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.6 NO_REAL_NAME From: does not include a real name
0.2 SUBJ_DOLLARS Subject starts with dollar amount
0.4 BAD_CREDIT BODY: Eliminate Bad Credit
1.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=218.234.88.108>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?218.234.88.108>]
1.3 URIBL_SBL Contains a URL listed in the SBL blocklist
[URIs: lending-home.com]
1.0 URIBL_AB_SURBL Contains a URL listed in the AB SURBL blocklist
[URIs: lending-home.com]
3.0 URIBL_WS_SURBL Contains a URL listed in sa-blacklist
[URIs: lending-home.com]
1.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL blocklist
[URIs: lending-home.com]
4.0 URIBL_SC_SURBL URL listed in the sc.surbl.org blocklist
[URIs: lending-home.com]
1.6 MSGID_DOLLARS Message-Id has pattern used in spam
Why would it be working on a direct test but not during normal use?
--
Regards,
Matt
Re: SURBL issue
Posted by Bill Landry <bi...@pointshare.com>.
----- Original Message -----
From: "Matt Thoene" <ma...@remedyx.com>
> Not sure if this is an amavisd-new or SA question but will try here
> first...
>
> E-mail that should be hitting on the URIBL_WS_SURBL checks are not.
> Below is the header of one I just received a few minutes ago:
>
> From: weston_waltersca@student.hro.nl
> To: matt@thoene.net
> Subject: $17168
> Date: Thu, 22 Jul 2004 12:47:35 +0800
> MIME-Version: 1.0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: 8bit
> X-Virus-Scanned: by amavisd-new at comcierge.com
> X-Spam-Status: No, hits=2.4 tagged_above=-100.0 required=3.0
tests=BAD_CREDIT,
> BAYES_44, MSGID_DOLLARS, NO_REAL_NAME, SUBJ_DOLLARS
> X-Spam-Level: **
>
>
> I took the same email and ran it through a test on the mail server
> directly and it hit fine...
>
> Content analysis details: (16.4 points, 5.0 required)
>
> pts rule name description
> ---- ---------------------- ----------------------------------------------
----
> 0.6 NO_REAL_NAME From: does not include a real name
> 0.2 SUBJ_DOLLARS Subject starts with dollar amount
> 0.4 BAD_CREDIT BODY: Eliminate Bad Credit
> 1.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
> [<http://dsbl.org/listing?ip=218.234.88.108>]
> 1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> [Blocked - see
<http://www.spamcop.net/bl.shtml?218.234.88.108>]
> 1.3 URIBL_SBL Contains a URL listed in the SBL blocklist
> [URIs: lending-home.com]
> 1.0 URIBL_AB_SURBL Contains a URL listed in the AB SURBL
blocklist
> [URIs: lending-home.com]
> 3.0 URIBL_WS_SURBL Contains a URL listed in sa-blacklist
> [URIs: lending-home.com]
> 1.0 URIBL_OB_SURBL Contains a URL listed in the OB SURBL
blocklist
> [URIs: lending-home.com]
> 4.0 URIBL_SC_SURBL URL listed in the sc.surbl.org blocklist
> [URIs: lending-home.com]
> 1.6 MSGID_DOLLARS Message-Id has pattern used in spam
>
> Why would it be working on a direct test but not during normal use?
Doesn't look like any external SA tests were run. Have you configured
amavisd-new to run external SA tests? Check the SA settings in your
amavisd.conf file and make sure that the line below is set to false "0":
$sa_local_tests_only = 0;
Bill