You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Thomas Seilund <tp...@netmaster.dk> on 2021/10/08 11:24:56 UTC
Difference is score when mail is received by Postfix and when tested
from the command line
Dear all
If I look at the score reported from within my mail client Thunderbird I
see this section:
X-Spam-Status: No, score=2.9 required=3.0 tests=BAYES_50,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK
autolearn=no autolearn_force=no version=3.4.2
If I run the same mail through spamc from the command line on the mail
server I see an output with a difference score. Why is that:
cat
/srv/vmail/..../tps/mail/cur/1633659838.M893539P31027......,S=5912,W=6108:2,Sc
| spamc -r
Spam detection software, running on the system "..............",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: The coolest and comfiest sandals to wear around the house,
or even at the office Everyone is talking about these colorful rubber shoes,
designed to ensure maximum comfort and stability. They are non- [...]
Content analysis details: (11.6 points, 2.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: jokepray.bar]
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[2.56.57.67 listed in bl.mailspike.net]
3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[2.56.57.67 listed in zen.spamhaus.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: jokepray.bar]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: jokepray.bar]
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
Please note that I have lowered the required score from 3.0 to 2.0
Regards
Thomas S
Re: Difference is score when mail is received by Postfix and when
tested from the command line
Posted by Benny Pedersen <me...@junc.eu>.
On 2021-10-08 13:32, Kevin A. McGrail wrote:
> Hi Thomas, needing to lower your score to two or three implies To me
> that your system could use some tweaking. In particular I would guess
> that your Bayesian tokens need to be cleared.
X-Spam-Status: Yes, score=7.0 required=5.0 tests=HTML_MESSAGE,
MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,
RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,URIBL_ABUSE_SURBL,
URIBL_AMI_DBLACK,URIBL_BLACK,URIBL_CSS_A,URIBL_DBL_SPAM,URIBL_ZRD,
USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no
you send spam to spamassassin maillist ?
i think Thomas have unstable dns results
Re: Difference is score when mail is received by Postfix and when
tested from the command line
Posted by "Kevin A. McGrail" <km...@apache.org>.
Hi Thomas, needing to lower your score to two or three implies To me that
your system could use some tweaking. In particular I would guess that your
Bayesian tokens need to be cleared.
As for the different scores, you would have to know the way that
spamassassin is being used on your system.
For example, you might be using postfix and amavis to check your mail flow
which can us a different configuration file then the command line
spamassassin program. If you're running the spamd, You could look to see
what configuration file it's using.
It also could be a case where you have changed the correct file and need to
reboot the service that is damonized to take effect with the new setting.
Regards, KAM
On Fri, Oct 8, 2021, 07:25 Thomas Seilund <tp...@netmaster.dk> wrote:
> Dear all
>
> If I look at the score reported from within my mail client Thunderbird I
> see this section:
>
> X-Spam-Status: No, score=2.9 required=3.0 tests=BAYES_50,HTML_MESSAGE,
>
> HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,SPF_HELO_PASS,URIBL_BLACK
>
> autolearn=no autolearn_force=no version=3.4.2
>
> If I run the same mail through spamc from the command line on the mail
> server I see an output with a difference score. Why is that:
>
> cat
> /srv/vmail/..../tps/mail/cur/1633659838.M893539P31027......,S=5912,W=6108:2,Sc
> | spamc -r
>
> Spam detection software, running on the system "..............",
>
> has identified this incoming email as possible spam. The original
>
> message has been attached to this so you can view it or label
>
> similar future email. If you have any questions, see
>
> the administrator of that system for details.
>
> Content preview: The coolest and comfiest sandals to wear around the house,
>
> or even at the office Everyone is talking about these colorful rubber
> shoes,
>
> designed to ensure maximum comfort and stability. They are non- [...]
>
> Content analysis details: (11.6 points, 2.0 required)
>
> pts rule name description
>
> ---- ----------------------
> --------------------------------------------------
>
> 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
>
> blocklist
>
> [URIs: jokepray.bar]
>
> 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
>
> [score: 0.5000]
>
> 0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
>
> [2.56.57.67 listed in bl.mailspike.net]
>
> 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
>
> [2.56.57.67 listed in zen.spamhaus.org]
>
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
>
> 0.0 HTML_MESSAGE BODY: HTML included in message
>
> 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>
> 1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
>
> blocklist
>
> [URIs: jokepray.bar]
>
> 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>
> [URIs: jokepray.bar]
>
> 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
>
> 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
>
> tag
>
> 1.5 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
>
> Please note that I have lowered the required score from 3.0 to 2.0
>
> Regards
>
> Thomas S
>
Re: Difference is score when mail is received by Postfix and when
tested from the command line
Posted by Benny Pedersen <me...@junc.eu>.
On 2021-10-08 13:24, Thomas Seilund wrote:
> X-Spam-Status: No, score=2.9 required=3.0 tests=BAYES_50,HTML_MESSAGE,
....
> autolearn=no autolearn_force=no version=3.4.2
X-Spam-Status: Yes, score=7.4 required=5.0
tests=DKIM_INVALID,DKIM_SIGNED,
HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,
SPF_PASS,TXREP,URIBL_ABUSE_SURBL,URIBL_AMI_DBLACK,URIBL_BLACK,
URIBL_CSS_A,URIBL_DBL_SPAM,URIBL_ZRD,USER_IN_DEF_SPF_WL autolearn=no
autolearn_force=no
your mail on spamassassin is spam :=)