You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Rocco Scappatura <Ro...@sttspa.it> on 2007/03/19 09:41:42 UTC

why I get it?

Hello,

I receiveid a spam message this morning in my mailbox. So I submit it to
spamassassin to calculate the score that spamassassin give it.

Here the result:

Content preview:  "Diable!" bird market light sort said Monte Cristo
compassionately,
   "it i Villefort pressed her plate earth hand to set long let her know
it
  was "Ah, true."theory skin "Oh, no, sir," she blade slope answered;
"but you
   know, things [...]

Content analysis details:   (6.2 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type=
entry
 0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.5 BAYES_99               BODY: Bayesian spam probability is 99 to
100%
                            [score: 0.9991]
 0.8 SARE_GIF_ATTACH        FULL: Email has a inline gif
 0.7 MY_CID_AND_STYLE       SARE cid and style

So it is clear at all why i have retreived the message in my mailbox..

If someone could give an explanation of this phaenomenon, I will
apreciate it,

BR,

rocsca

RE: why I get it?

Posted by Rocco Scappatura <Ro...@sttspa.it>.

> Well Rocco, without knowing a little bit more about your 
> setup its hard to say.  For instance, are you NEW to spamassassin?

Thanks John. No, I'm using spamassassin for two years. But, I'm going in
depth with the usage of spamassassin because I would like to reduce the
spam that arrives in my mailboxes.

I'm using a Postfix+MySQL+Amavisd-new setup.

> If so you might be under the mistaken impression that 
> Spamassassin deletes spam.  It doesn't.  It just marks it.
> 
> If you want it deleted you have to do that with some other 
> means, such as with filters in your mail reader, or procmail 
> or amavisd etc.

It is clear.

rocsca

Re: why I get it?

Posted by John Andersen <js...@pen.homeip.net>.

On Monday 19 March 2007, Rocco Scappatura wrote:
> Hello,
>
> I receiveid a spam message this morning in my mailbox. So I submit it to
> spamassassin to calculate the score that spamassassin give it.
>
> Here the result:
>
> Content preview:  "Diable!" bird market light sort said Monte Cristo
> compassionately,
>    "it i Villefort pressed her plate earth hand to set long let her know
> it
>   was "Ah, true."theory skin "Oh, no, sir," she blade slope answered;
> "but you
>    know, things [...]
>
> Content analysis details:   (6.2 points, 5.0 required)
>
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type=
> entry
>  0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  3.5 BAYES_99               BODY: Bayesian spam probability is 99 to
> 100%
>                             [score: 0.9991]
>  0.8 SARE_GIF_ATTACH        FULL: Email has a inline gif
>  0.7 MY_CID_AND_STYLE       SARE cid and style
>
> So it is clear at all why i have retreived the message in my mailbox..
>
> If someone could give an explanation of this phaenomenon, I will
> apreciate it,
>
> BR,
>
> rocsca

Well Rocco, without knowing a little bit more about your setup
its hard to say.  For instance, are you NEW to spamassassin?

If so you might be under the mistaken impression that Spamassassin
deletes spam.  It doesn't.  It just marks it.

If you want it deleted you have to do that with some other means,
such as with filters in your mail reader, or procmail or amavisd
etc.





-- 
_____________________________________
John Andersen

Re: why I get it?

Posted by maillist <ma...@emailacs.com>.

Rocco Scappatura wrote:
>> What version of SA are you running?  If not 3.1.8 then upgrade.
>>     
>
> # spamassassin -V
> SpamAssassin version 3.1.8
>   running on Perl version 5.8.8
>
> rocsca
>
>   

I was having the same problem with v 3.1.7, and when I upgraded to 
3.1.8, they stopped.

Do you get the same score if you run: "spamc -c < message"

Post the entire message, with headers and all.

-=Aubrey=-

RE: why I get it?

Posted by Rocco Scappatura <Ro...@sttspa.it>.

> What version of SA are you running?  If not 3.1.8 then upgrade.

# spamassassin -V
SpamAssassin version 3.1.8
  running on Perl version 5.8.8

rocsca

Re: why I get it?

Posted by maillist <ma...@emailacs.com>.

Rocco Scappatura wrote:
> Hello,
>
> I receiveid a spam message this morning in my mailbox. So I submit it to
> spamassassin to calculate the score that spamassassin give it.
>
> Here the result:
>
> Content preview:  "Diable!" bird market light sort said Monte Cristo
> compassionately,
>    "it i Villefort pressed her plate earth hand to set long let her know
> it
>   was "Ah, true."theory skin "Oh, no, sir," she blade slope answered;
> "but you
>    know, things [...]
>
> Content analysis details:   (6.2 points, 5.0 required)
>
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type=
> entry
>  0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  3.5 BAYES_99               BODY: Bayesian spam probability is 99 to
> 100%
>                             [score: 0.9991]
>  0.8 SARE_GIF_ATTACH        FULL: Email has a inline gif
>  0.7 MY_CID_AND_STYLE       SARE cid and style
>
> So it is clear at all why i have retreived the message in my mailbox..
>
> If someone could give an explanation of this phaenomenon, I will
> apreciate it,
>
> BR,
>
> rocsca
>
>   

What version of SA are you running?  If not 3.1.8 then upgrade.

-=Aubrey=-

Re: why I get it?

Posted by Henrik Krohns <he...@hege.li>.

On Tue, Mar 20, 2007 at 10:03:31AM +0100, Rocco Scappatura wrote:
> 
> But there is a strategy for preventing that this emails reaches the
> mailboxes before that spamassassin learns about them (maybe greylist?)?

Policyd-weight and Postgrey.

RE: why I get it?

Posted by Rocco Scappatura <Ro...@sttspa.it>.

> You really don't give enough information that we can guess 
> what could be done to help catch these.  All I can guess is 
> that you might not be runing network tests, since I don't see 
> any network test hits on the two examples.
> 
> Try posting a complete spam with the headers attached, and we 
> may be able to say more.

OK Loren. Thanks first of all. But I would like to test if the network
test is enabled.. Could you instruct me about?

rocsca

Re: why I get it?

Posted by Loren Wilton <lw...@earthlink.net>.

> Content preview:  "Yes, I exactly heard it spoken flight of, self

You really don't give enough information that we can guess what could be 
done to help catch these.  All I can guess is that you might not be runing 
network tests, since I don't see any network test hits on the two examples.

Try posting a complete spam with the headers attached, and we may be able to 
say more.

        Loren

RE: why I get it?

Posted by Rocco Scappatura <Ro...@sttspa.it>.

> Chances are that your Bayesian database changed between the 
> time you recieved this message and the time you rescanned it 
> from the command line.  Rescanning something is _not_ a 
> reliable way to figure out what score SA gave it on receipt.  
> You should use the _TESTSSCORES(,)_ macro in your add_header 
> line to figure that out.

I agree with you! Infact, today I get another spam and after seven hours
that it was received I analyse it and I get again a score greater that
5.0 points:

Content preview:  "Yes, I exactly heard it spoken flight of, self
decision but
   I did not know the scorch "And who man found brain this mark father
for you?"
   plead "Half-past six o'clock has strod cold purpose just struck, M.
Bertuccsucceed
   "The week Count receive shoe of Monte Cristo." [...]

Content analysis details:   (5.6 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 1.1 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type=
entry
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.0 BAYES_95               BODY: Bayesian spam probability is 95 to 99%
                            [score: 0.9680]
 0.8 SARE_GIF_ATTACH        FULL: Email has a inline gif
 0.7 MY_CID_AND_STYLE       SARE cid and style


But there is a strategy for preventing that this emails reaches the
mailboxes before that spamassassin learns about them (maybe greylist?)?

thanks,

rocsca

Re: why I get it?

Posted by "Chris St. Pierre" <st...@NebrWesleyan.edu>.

On Mon, 19 Mar 2007, Rocco Scappatura wrote:

> Hello,
>
> I receiveid a spam message this morning in my mailbox. So I submit it to
> spamassassin to calculate the score that spamassassin give it.
>
> Here the result:
...
> Content analysis details:   (6.2 points, 5.0 required)
...
> So it is clear at all why i have retreived the message in my mailbox..

Chances are that your Bayesian database changed between the time you
recieved this message and the time you rescanned it from the command
line.  Rescanning something is _not_ a reliable way to figure out what
score SA gave it on receipt.  You should use the _TESTSSCORES(,)_
macro in your add_header line to figure that out.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
Never send mail to thobrux@nebrwesleyan.edu