You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Gauthier <jg...@lastar.com> on 2005/01/21 16:55:44 UTC
Help analyzing the determination of spam
Nice subject!
I attached a message to this email that got an incredibly low spam
score.
When I run the message through spamassassin -t it gets a spam score as I
would expect.
I know I don't have much more details, but can anyone give me ideas why?
Content analysis details: (2.7 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
0.2 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
50%
[cf: 100]
1.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: powerfulquotes2.com]
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
[URIs: powerfulquotes2.com imn6.cc]
Help analyzing the determination of spam
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:55 AM 1/21/2005, Jason Gauthier wrote:
>Nice subject!
>
>I attached a message to this email that got an incredibly low spam
>score.
>When I run the message through spamassassin -t it gets a spam score as I
>would expect.
>
>I know I don't have much more details, but can anyone give me ideas why?
>
>
>
>Content analysis details: (2.7 points, 5.0 required)
>
> pts rule name description
>---- ----------------------
>--------------------------------------------------
>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
ALL_TRUSTED would be why. That REALLY should never hit for mail from the
outside.
Usualy this is caused by having a NATed mailserver, or some other IP
configuration that confuses the automatic trust path code.
Look into manually declaring trusted_networks in your config. Only add
local mailservers that add Received: headers to the list of trusted hosts.
(Note: Don't try to use trusted networks as an IP based whitelist
mechanism, it's not. Trusted here means trusted to generate non-forged
Received: headers, and has subtle implications on a lot of rules.)