You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Robert Boyl <ro...@gmail.com> on 2016/04/08 15:13:45 UTC
Very low score for spam from b2blistappenders.com
Hi, everyone
Pls, do you get a good spam score on this? For us, no hits for
spamassassin, etc.
I checked in test sites such as http://spamcheck.postmarkapp.com/ and also
very low score.
Strange, as it does seem to have spammy words, etc... no?
See:
http://pastebin.com/EJH1eddN
Thanks!
Robert
Re: Very low score for spam from b2blistappenders.com
Posted by RW <rw...@googlemail.com>.
On Fri, 08 Apr 2016 18:04:48 +0300
Jari Fredriksson wrote:
> Robert Boyl kirjoitti 8.4.2016 16:13:
>
> > Hi, everyone
> >
> > Pls, do you get a good spam score on this? For us, no hits for
> > spamassassin, etc.
> >
> > I checked in test sites such as http://spamcheck.postmarkapp.com/
> > and also very low score.
> >
> > Strange, as it does seem to have spammy words, etc... no?
> >
> > See:
> >
> > http://pastebin.com/EJH1eddN
>
> The old plugin botnet still rocks on me, while most just can't and
> won't use it... My bayes was clueless, as expected. But not 00
> either..
> ...
> 1.5 BOTNET Relay might be a spambot or virusbot
>
>
> [botnet0.8,ip=MTkyLjE2OC4xLjY2,maildomain=b2blistappenders.com,nordns]
Unfortunately that's caused by Botnet picking up an incorrectly parsed
internal header.
Re: Very low score for spam from b2blistappenders.com
Posted by Jari Fredriksson <ja...@iki.fi>.
Robert Boyl kirjoitti 8.4.2016 16:13:
> Hi, everyone
>
> Pls, do you get a good spam score on this? For us, no hits for spamassassin, etc.
>
> I checked in test sites such as http://spamcheck.postmarkapp.com/ and also very low score.
>
> Strange, as it does seem to have spammy words, etc... no?
>
> See:
>
> http://pastebin.com/EJH1eddN
The old plugin botnet still rocks on me, while most just can't and won't
use it... My bayes was clueless, as expected. But not 00 either..
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?106.51.133.155>]
1.5 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=MTkyLjE2OC4xLjY2,maildomain=b2blistappenders.com,nordns]
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4918]
1.0 HTML_MESSAGE BODY: HTML included in message
0.8 RDNS_NONE Delivered to internal network by a host with
no rDNS
--
jarif.bit
Re: Very low score for spam from b2blistappenders.com
Posted by RW <rw...@googlemail.com>.
On Fri, 8 Apr 2016 10:13:45 -0300
Robert Boyl wrote:
> Hi, everyone
>
> Pls, do you get a good spam score on this? For us, no hits for
> spamassassin, etc.
>
> I checked in test sites such as http://spamcheck.postmarkapp.com/ and
> also very low score.
>
> Strange, as it does seem to have spammy words, etc... no?
SpamAssassin tends not to have many rules that target types of content
because they could be legitimate. Finding which words are spammy for
you is what Bayes is for.
> See:
>
> http://pastebin.com/EJH1eddN
There are three blocks of headers here DSPAM, X-myisp.com, and
Barracuda headers. It's not clear whether any are yours, but I see
that DSPAM did catch this and Barracuda doesn't have Bayes turned-on.
Re: Very low score for spam from b2blistappenders.com
Posted by RW <rw...@googlemail.com>.
On Fri, 8 Apr 2016 10:13:45 -0300
Robert Boyl wrote:
> Hi, everyone
>
> Pls, do you get a good spam score on this? For us, no hits for
> spamassassin, etc.
>
> I checked in test sites such as http://spamcheck.postmarkapp.com/ and
> also very low score.
>
> Strange, as it does seem to have spammy words, etc... no?
>
> See:
>
> http://pastebin.com/EJH1eddN
>
In this header
Received: from unknown (HELO mx25.myisp.com) (MTkyLjE2OC4xLjY2)
by mx12.myisp.com with SMTP; 7 Apr 2016 18:14:25 -0000
Did you edit anything other than the myisp.com domain? In particular
the contents of the brackets that contain MTkyLjE2OC4xLjY2.
The parser is expecting something like this example:
Received: from customer254-217.iplannetworks.net (HELO AGAMENON)
(baldusi@200.69.254.217 with plain) by smtp.mail.vip.sc5.yahoo.com
with SMTP; 11 Mar 2003 21:03:28 -0000
Re: Very low score for spam from b2blistappenders.com
Posted by Reindl Harald <h....@thelounge.net>.
Am 08.04.2016 um 15:13 schrieb Robert Boyl:
> Hi, everyone
>
> Pls, do you get a good spam score on this? For us, no hits for
> spamassassin, etc.
>
> I checked in test sites such as http://spamcheck.postmarkapp.com/ and
> also very low score.
>
> Strange, as it does seem to have spammy words, etc... no?
>
> See:
>
> http://pastebin.com/EJH1eddN
besdies that your ISP is a fool (URIBL_BLOCKED - just google it) even a
high score don't help much with "TAG_LEVEL=3.5 QUARANTINE_LEVEL=400.0
KILL_LEVEL=100.0 tests=HTML_MESSAGE"
why is your ISP's spamfilter at all in front?
that way you can't reject anything without harm your ISP by make it a
backscatter - inbound filters have to run dfirectly on the MX to make
rejects possible and let RBL's do their job proper
Content analysis details: (6.0 points, 5.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
3.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
[score: 0.7551]
0.0 HTML_MESSAGE BODY: HTML included in message
2.5 RDNS_NONE Delivered to internal network by a host
with no rDNS
___________________________________________
after train it and add custom rules
Content analysis details: (14.9 points, 5.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
7.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
2.5 CUST_BODY_18 BODY: Contains Medium
1.5 CUST_BODY_17 BODY: Contains Low
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.5 RDNS_NONE Delivered to internal network by a host
with no rDNS
0.5 CUST_SUBJ_16 Contains Very Low