You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Simone Vassili <si...@simonevassili.it> on 2015/06/20 09:39:19 UTC

Problem with Spamassassin

Hi,
one of my customer had a trouble with spamassassin on my server.
He sent me a mail but this mail was recognized by sa as spam!

X-Spam-Status: Yes, score=5.417 tagged_above=4 required=4.5
	tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX_IMAGE=0.001,
	DYN_RDNS_AND_INLINE_IMAGE=1.168, DYN_RDNS_SHORT_HELO_HTML=0.001,
	DYN_RDNS_SHORT_HELO_IMAGE=1.013, FSL_HELO_NON_FQDN_1=0.001,
	HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982,
	SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no

Can anyone explain me what does this mean?
Thank you.

Linux 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u1 i686 GNU/Linux
Spamassassin 3.3.2-5

-- 
Simone Vassili
System Administrator
simone@simonevassili.it

Re: Problem with Spamassassin

Posted by Reindl Harald <h....@thelounge.net>.

Am 20.06.2015 um 09:39 schrieb Simone Vassili:
> Hi,
> one of my customer had a trouble with spamassassin on my server.
> He sent me a mail but this mail was recognized by sa as spam!
>
> X-Spam-Status: Yes, score=5.417 tagged_above=4 required=4.5
>      tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX_IMAGE=0.001,
>      DYN_RDNS_AND_INLINE_IMAGE=1.168, DYN_RDNS_SHORT_HELO_HTML=0.001,
>      DYN_RDNS_SHORT_HELO_IMAGE=1.013, FSL_HELO_NON_FQDN_1=0.001,
>      HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
>      RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982,
>      SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
>
> Can anyone explain me what does this mean?

tell him he should do his homework and ask his ISP to set a PTR record 
matching his servername http://www.emailtalk.org/ptr.aspx and the same 
goes for his helo name, a dynamic PTR and a non-full-qualified HELO 
would make it here not so far to touch SpamAssassin and get rejected before

Re: Problem with Spamassassin

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 20.06.15 09:39, Simone Vassili wrote:
>one of my customer had a trouble with spamassassin on my server.
>He sent me a mail but this mail was recognized by sa as spam!
>
>X-Spam-Status: Yes, score=5.417 tagged_above=4 required=4.5
>	tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX_IMAGE=0.001,
>	DYN_RDNS_AND_INLINE_IMAGE=1.168, DYN_RDNS_SHORT_HELO_HTML=0.001,
>	DYN_RDNS_SHORT_HELO_IMAGE=1.013, FSL_HELO_NON_FQDN_1=0.001,
>	HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
>	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982,
>	SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no

this looks like our customer is using your server as mail relay, without
using SMTP autehntication.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #99999: Out of error messages.

Re: Problem with Spamassassin

Posted by "Kevin A. McGrail" <KM...@PCCC.com>.

On 6/20/2015 4:08 AM, Antony Stone wrote:
> RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
> >	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982,
> >	SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
> >
> >Can anyone explain me what does this mean?

These are the most important:

The IP address of the person sending to you is on a Barracuda blacklist 
and is also reported to SORBS as a Dial-up, non static IP address, and 
it has a reverse DNS record that corroborates the dynamic nature of the IP.

Finally, it sounds like the HELO string is also not a fully qualified 
domain name (FQDN).

All in all, a poor setup for a mail server.  Get a Static IP address, 
get a reverse pointer, set the name of the server to a FQDN and that 
will likely be a very good start.

Regards,
KAM

Re: Problem with Spamassassin

Posted by Antony Stone <An...@spamassassin.open.source.it>.

On Saturday 20 June 2015 at 09:39:19 (EU time), Simone Vassili wrote:

> Hi,
> one of my customer had a trouble with spamassassin on my server.
> He sent me a mail but this mail was recognized by sa as spam!
> 
> X-Spam-Status: Yes, score=5.417 tagged_above=4 required=4.5
> 	tests=[BAYES_00=-1.9, DOS_OUTLOOK_TO_MX_IMAGE=0.001,
> 	DYN_RDNS_AND_INLINE_IMAGE=1.168, DYN_RDNS_SHORT_HELO_HTML=0.001,
> 	DYN_RDNS_SHORT_HELO_IMAGE=1.013, FSL_HELO_NON_FQDN_1=0.001,
> 	HTML_MESSAGE=0.001, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31,
> 	RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982,
> 	SHORT_HELO_AND_INLINE_IMAGE=1.39] autolearn=no
> 
> Can anyone explain me what does this mean?

Are you asking us to tell you the definition of each of the tests listed above?

Or maybe you're asking us to see if we can guess why each of them was 
triggered by the email you refer to?

Or perhaps you're wondering what sort of trouble your customer had?

Please re-phrase your question so that we know what you're asking for.

Regards,

Antony.

-- 
Most people are aware that the Universe is big.

 - Paul Davies, Professor of Theoretical Physics

                                                   Please reply to the list;
                                                         please *don't* CC me.