You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Monnerie <mi...@it-management.at> on 2006/04/20 14:09:31 UTC
HAM with 0.55 gets marked as SPAM?
Hello, I just received some ham from my bank, with information about new
stocks - trustful, I would say (as far as you can trust your bank,
though).
Now here are the headers:
X-Virus-Scanned: amavisd-new at zmi.at
X-Spam-Status: Yes, hits=5.55 tagged_above=-999 required=5
tests=NO_REAL_NAME=0.55
X-Spam-Level: *****
X-Spam-Flag: YES
I've put the full message here:
http://zmi.at/x/ham1.txt
Now, how can 0.55 points become 5.55?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: HAM with 0.55 gets marked as SPAM?
Posted by Michael Monnerie <mi...@it-management.at>.
On Donnerstag, 20. April 2006 16:12 Gary V wrote:
> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
> 5.0],
> sender 'bulkmail' will add 5 points
Yak, that's ugly. I never saw that amavis makes this. And it must be my
bank changed the server, as they occasionally send me that stock info.
> You can set:
> $remove_existing_spam_headers = 0;
> but I don't recommend it because it can confuse procmail or MUAs that
> trigger an action based on the contents of the header.
Super, thank you, I'll use it because I control both servers, and if any
of them says it's SPAM, so it be. Amen.
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: HAM with 0.55 gets marked as SPAM?
Posted by Gary V <mr...@hotmail.com>.
I know this is not SpamAssassin related but it used to be that mail
quarantined by amavis would not reflect any of the @score_sender_maps score
changes.
http://marc.theaimsgroup.com/?l=amavis-user&m=112145822701374&w=2
A change was made in version 2.3.3:
- in quarantined mail the reported spam score in X-Spam-Status header field
now includes maximum of all by-recipient score boosts (less surprising
when soft-whitelisting through @score_sender_maps is in use); suggested
by Mike Cappella and Gary V;
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfeeŽ
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: HAM with 0.55 gets marked as SPAM?
Posted by Gary V <mr...@hotmail.com>.
>
>Interesting trick. It's a shame amavis doesn't identify when it doctors the
>score in the X-Spam-Status header. It would be nice if it reported
>something like:
>
>
>X-Spam-Status: Yes, hits=5.55 amavisd=5.00 tagged_above=-999 required=5
> tests=NO_REAL_NAME=0.55
>
>so you could tell how much of the score was directly added by amavis and
>not a
>part of SA... That said, those who know amavis does this can subtract off
>and
>figure it out, but it's always nice to be clear about where the score came
>from.
>
Newer versions at least give you a hint:
X-Spam-Score: 3.906
X-Spam-Level: ***
X-Spam-Status: No, score=-1.094+5 tagged_above=-999 required=5
tests=[ALL_TRUSTED=-1.8, BAYES_05=-1.11, MISSING_SUBJECT=1.816]
Gary V
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: HAM with 0.55 gets marked as SPAM?
Posted by Matt Kettler <mk...@evi-inc.com>.
Gary V wrote:
>
> In amavisd.conf:
>
> [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
>
> sender 'bulkmail' will add 5 points
>
> You can set:
>
> $remove_existing_spam_headers = 0;
Interesting trick. It's a shame amavis doesn't identify when it doctors the
score in the X-Spam-Status header. It would be nice if it reported something like:
X-Spam-Status: Yes, hits=5.55 amavisd=5.00 tagged_above=-999 required=5
tests=NO_REAL_NAME=0.55
so you could tell how much of the score was directly added by amavis and not a
part of SA... That said, those who know amavis does this can subtract off and
figure it out, but it's always nice to be clear about where the score came from.
Re: HAM with 0.55 gets marked as SPAM?
Posted by Gary V <mr...@hotmail.com>.
>
>On Donnerstag, 20. April 2006 15:50 Matt Kettler wrote:
> > I don't know.. but another question would be does amavisd-new
> > correctly handle AWL hits?
>
>I didn't see a mistake those last years, and yes, I have correct AWL
>mails. This is in the header from your mail:
>
>X-Spam-Status: No, hits=0.102 tagged_above=-999 required=5
>tests=AWL=0.102
>
>mfg zmi
In amavisd.conf:
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0],
sender 'bulkmail' will add 5 points
You can set:
$remove_existing_spam_headers = 0;
but I don't recommend it because it can confuse procmail or MUAs that
trigger an action based on the contents of the header.
Gary V
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Re: HAM with 0.55 gets marked as SPAM?
Posted by Michael Monnerie <mi...@it-management.at>.
On Donnerstag, 20. April 2006 15:50 Matt Kettler wrote:
> I don't know.. but another question would be does amavisd-new
> correctly handle AWL hits?
I didn't see a mistake those last years, and yes, I have correct AWL
mails. This is in the header from your mail:
X-Spam-Status: No, hits=0.102 tagged_above=-999 required=5
tests=AWL=0.102
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE
Re: HAM with 0.55 gets marked as SPAM?
Posted by Matt Kettler <mk...@comcast.net>.
Michael Monnerie wrote:
> Hello, I just received some ham from my bank, with information about new
> stocks - trustful, I would say (as far as you can trust your bank,
> though).
>
> Now here are the headers:
>
> X-Virus-Scanned: amavisd-new at zmi.at
> X-Spam-Status: Yes, hits=5.55 tagged_above=-999 required=5
> tests=NO_REAL_NAME=0.55
> X-Spam-Level: *****
> X-Spam-Flag: YES
>
> I've put the full message here:
> http://zmi.at/x/ham1.txt
>
> Now, how can 0.55 points become 5.55?
>
I don't know.. but another question would be does amavisd-new correctly
handle AWL hits?
note: because you're using amavisd-new, that X-Spam-Status was not
written by SA. It was written by amavis.
Re: HAM with 0.55 gets marked as SPAM?
Posted by Michael Monnerie <mi...@it-management.at>.
On Donnerstag, 20. April 2006 14:09 Michael Monnerie wrote:
> Now here are the headers:
I've checked the logs on the "outer" mailgate, there it was ham:
CLEAN, [193.164.224.209] <bu...@msg.ecetra.com> ->
<MY...@zmi.at>, Message-ID:
<20...@curacao.island.ecetra.com>, Hits: 3.372,
10101 ms
Mails are rechecked on the internal gate, which obviously came to other
conclusions. Is there a way to tell amavis not to remove the SA headers
from the previous scanner?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660/4156531 .network.your.ideas.
// PGP Key: "lynx -source http://zmi.at/zmi3.asc | gpg --import"
// Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE
// Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE