You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Motty Cruz <mo...@gmail.com> on 2016/11/01 15:43:07 UTC
RE: local.cf example
If I disable AWL:
X-Virus-Scanned: amavisd-new at fqdn.com
X-Spam-Flag: NO
X-Spam-Score: 5.5
X-Spam-Level: *****
X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
Received: from HOST1.fqdn.com ([127.0.0.1])
This-election is the craziest in our country's history so far but
in-spite of all the press-surrounding it, there is something that
NO ONE seems to have the-guts to talk about...
Totally spam E-mail, should have score higher, but there was only one score?
Any idea?
Thanks,
Motty
-----Original Message-----
From: RW [mailto:rwmaillists@googlemail.com]
Sent: Saturday, October 29, 2016 5:35 AM
To: users@spamassassin.apache.org
Subject: Re: local.cf example
On Fri, 28 Oct 2016 22:25:54 -0700
motty cruz wrote:
> AWL is allowing spam email through,
It will do, it's a score averager, it moves the score towards the average
score for the sender.
AWL is vulnerable to spoofing so you check the from address on the spam. If
that's happening you should consider switching to TxRep. TxRep also excludes
Bayes from the score averaging which make it less resistant to learning.
> X-Spam-Status: ..., DKIM_VALID=-0.1, ... DKIM_VERIFIED=0.99,
Why do you have DKIM_VERIFIED=0.99? It's just an old name for DKIM_VALID and
not a spam indicator anyway.
RE: local.cf example
Posted by John Hardin <jh...@impsec.org>.
On Tue, 1 Nov 2016, Motty Cruz wrote:
> If I disable AWL:
>
> X-Virus-Scanned: amavisd-new at fqdn.com
> X-Spam-Flag: NO
> X-Spam-Score: 5.5
> X-Spam-Level: *****
> X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
> tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
> Received: from HOST1.fqdn.com ([127.0.0.1])
>
> This-election is the craziest in our country's history so far but
> in-spite of all the press-surrounding it, there is something that
> NO ONE seems to have the-guts to talk about...
>
> Totally spam E-mail, should have score higher, but there was only one score?
No BAYES?
There aren't any URLs so I don't expect URIBL hits, and there aren't any
commonly spammy phrases there that rules look for (at least in the portion
you quoted).
If it was received from a MTA that doesn't appear on any DNSBLs and had
clean headers, that might be all you get for something like that.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
5 days until Daylight Saving Time ends in U.S. - Fall Back
RE: local.cf example
Posted by Motty Cruz <mo...@gmail.com>.
Thanks for your help!
I discovered AWL enable in init.pre which short-circuit all other plugins. I
disabled AWL and spamassassin is working fine now.
Thanks for your help!
_Motty
-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
Sent: Wednesday, November 02, 2016 10:16 AM
To: users@spamassassin.apache.org
Subject: Re: local.cf example
On 01.11.16 11:24, Motty Cruz wrote:
>Very strange, missed configuration, here is another header and I have
>not change any configuration and yet this one was scanned:
>X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6
> tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99,
> HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001,
>RCVD_IN_DNSWL_NONE=2.3,
> RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
> RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001,
> SPF_PASS=-0.001] autolearn=no autolearn_force=no
the former was scanned too, but it only hit RDNS_NONE with extremely
increased score.
...I have increased score for RCVD_IN_RP_CERTIFIED to -0.03 and
RCVD_IN_RP_SAFE to -0.02 to avoid spam from "certified" spammers.
Note that you have enabled network tests but I see no sign of RAZOR, PYROZ
and DCC (they all need extra SW installed).
Also, still no BAYES (maybe manual training would help)
>On 01.11.16 08:43, Motty Cruz wrote:
>>X-Virus-Scanned: amavisd-new at fqdn.com
>>X-Spam-Flag: NO
>>X-Spam-Score: 5.5
>>X-Spam-Level: *****
>>X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
>> tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
>>Received: from HOST1.fqdn.com ([127.0.0.1])
>>
>>This-election is the craziest in our country's history so far but
>>in-spite of all the press-surrounding it, there is something that NO
>>ONE seems to have the-guts to talk about...
>>
>>Totally spam E-mail, should have score higher, but there was only one
>score?
>
>RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5?
>
>You apparently miss modules, network checks, BAYES (database apparently
>under "amavis" user) ...
>
>yes, even in such cases you may only get only one rule hit (e.g.
>BAYES_99) but it's quite rare case
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email
to 100 your friends - let them see what an idiot you are
Re: local.cf example
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 01.11.16 11:24, Motty Cruz wrote:
>Very strange, missed configuration, here is another header and I have not
>change any configuration and yet this one was scanned:
>X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6
> tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99,
> DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99,
> HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001,
>RCVD_IN_DNSWL_NONE=2.3,
> RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
> RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001,
> SPF_PASS=-0.001] autolearn=no autolearn_force=no
the former was scanned too, but it only hit RDNS_NONE with extremely
increased score.
...I have increased score for RCVD_IN_RP_CERTIFIED to -0.03 and RCVD_IN_RP_SAFE
to -0.02 to avoid spam from "certified" spammers.
Note that you have enabled network tests but I see no sign of RAZOR, PYROZ
and DCC (they all need extra SW installed).
Also, still no BAYES (maybe manual training would help)
>On 01.11.16 08:43, Motty Cruz wrote:
>>X-Virus-Scanned: amavisd-new at fqdn.com
>>X-Spam-Flag: NO
>>X-Spam-Score: 5.5
>>X-Spam-Level: *****
>>X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
>> tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
>>Received: from HOST1.fqdn.com ([127.0.0.1])
>>
>>This-election is the craziest in our country's history so far but
>>in-spite of all the press-surrounding it, there is something that NO
>>ONE seems to have the-guts to talk about...
>>
>>Totally spam E-mail, should have score higher, but there was only one
>score?
>
>RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5?
>
>You apparently miss modules, network checks, BAYES (database apparently
>under "amavis" user) ...
>
>yes, even in such cases you may only get only one rule hit (e.g. BAYES_99)
>but it's quite rare case
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
RE: local.cf example
Posted by Motty Cruz <mo...@gmail.com>.
Very strange, missed configuration, here is another header and I have not
change any configuration and yet this one was scanned:
X-Virus-Scanned: amavisd-new at fqdn.com
X-Spam-Flag: NO
X-Spam-Score: 2.604
X-Spam-Level: **
X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6
tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99,
HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=2.3,
RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: HOST1.fqdn.com (amavisd-new);
dkim=pass (1536-bit key) header.d=kevineikenberry.com;
domainkeys=pass (1536-bit key)
header.from=replies@kevineikenberry.com
header.d=kevineikenberry.com
I'm very confused.
Thanks,
Motty
-----Original Message-----
From: Matus UHLAR - fantomas [mailto:uhlar@fantomas.sk]
Sent: Tuesday, November 01, 2016 9:41 AM
To: users@spamassassin.apache.org
Subject: Re: local.cf example
On 01.11.16 08:43, Motty Cruz wrote:
>X-Virus-Scanned: amavisd-new at fqdn.com
>X-Spam-Flag: NO
>X-Spam-Score: 5.5
>X-Spam-Level: *****
>X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
> tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
>Received: from HOST1.fqdn.com ([127.0.0.1])
>
>This-election is the craziest in our country's history so far but
>in-spite of all the press-surrounding it, there is something that NO
>ONE seems to have the-guts to talk about...
>
>Totally spam E-mail, should have score higher, but there was only one
score?
RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5?
You apparently miss modules, network checks, BAYES (database apparently
under "amavis" user) ...
yes, even in such cases you may only get only one rule hit (e.g. BAYES_99)
but it's quite rare case
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety. -- Benjamin Franklin, 1759
Re: local.cf example
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 01.11.16 08:43, Motty Cruz wrote:
>X-Virus-Scanned: amavisd-new at fqdn.com
>X-Spam-Flag: NO
>X-Spam-Score: 5.5
>X-Spam-Level: *****
>X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6
> tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no
>Received: from HOST1.fqdn.com ([127.0.0.1])
>
>This-election is the craziest in our country's history so far but
>in-spite of all the press-surrounding it, there is something that
>NO ONE seems to have the-guts to talk about...
>
>Totally spam E-mail, should have score higher, but there was only one score?
RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5?
You apparently miss modules, network checks, BAYES (database apparently
under "amavis" user) ...
yes, even in such cases you may only get only one rule hit (e.g. BAYES_99)
but it's quite rare case
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759