You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by theTree <To...@gmail.com> on 2010/05/28 10:25:44 UTC

SPF_HELO_PASS on a spam message?

Hi,

I received a spam email that scored zero on the SpamAssassin score. I think
it may be to do with the SPF_HELO_PASS that it scored - would someone be
able to give me some pointers?

Many thanks! I've swapped out my domain for @mydomain.com, and our mail
server for my.mail.server. Below is the message code:


Return-Path: <sh...@regentfinancial.com>
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on my.mail.server
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=7.0 tests=BAYES_50,RCVD_IN_PBL,
	SPF_HELO_PASS autolearn=ham version=3.1.9
X-Original-To: me@mydomain.com
Delivered-To: me@mydomain.com
Received: from our.mail.server (unknown [127.0.0.1])
	by our.mail.server (Postfix) with ESMTP id E07B86B39D7
	for <me...@mydomain.com>; Thu, 27 May 2010 15:57:59 +0000 (UTC)
Received: by our.mail.server (Postfix, from userid 110)
	id BC2176B39D8; Thu, 27 May 2010 15:57:59 +0000 (UTC)
X-Original-To: enquiries@mydomain.com
Delivered-To: enquiries@mydomain.com
Received: from my.mail.server (unknown [127.0.0.1])
	by my.mail.server (Postfix) with ESMTP id 4ACCB6B3928;
	Thu, 27 May 2010 15:57:54 +0000 (UTC)
Received-SPF: none (no valid SPF record)
Received: from LOEENVFADW (unknown [123.23.171.177])
	by my.mail.server (Postfix) with ESMTP;
	Thu, 27 May 2010 15:57:54 +0000 (UTC)
Message-ID: <00...@shammedt67>
From: "Gail Shafer" <sh...@regentfinancial.com>
To: <en...@mydomain.com>
Subject: Shiny Posh Slut
Date: Thu, 27 May 2010 23:13:49 +0700
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Spam: Not detected

Hardcore Blonde MILF Video

http://griverzad.110mb.com/setup.zip


Thanks again for your time,
-- 
View this message in context: http://old.nabble.com/SPF_HELO_PASS-on-a-spam-message--tp28704112p28704112.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: SPF_HELO_PASS on a spam message?

Posted by RW <rw...@googlemail.com>.

On Fri, 28 May 2010 01:25:44 -0700 (PDT)
theTree <To...@gmail.com> wrote:

> 
> Hi,
> 
> I received a spam email that scored zero on the SpamAssassin score. I
> think it may be to do with the SPF_HELO_PASS 

That only has a nominal score.

> that it scored - would
> someone be able to give me some pointers?
> 
> X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on


Consider updating

Re: SPF_HELO_PASS on a spam message?

Posted by Charles Gregory <cg...@hwcn.org>.

On Fri, 28 May 2010, theTree wrote:
> I received a spam email that scored zero on the SpamAssassin score. I think
> it may be to do with the SPF_HELO_PASS that it scored - would someone be
> able to give me some pointers?

I can't be certain with the munged headers, but it looks like
you are FORWARDING your mail internally from one server to another, and 
then doing an SPF check on the 'helo' between your two servers.

You might want to see if you can put SA on your gateway mail server. 
Otherwise, be sure that 'trusted_networks' is set properly, so that SA has 
a better chance of examining the received header from the first external 
connection.

- Charles

Re: SPF_HELO_PASS on a spam message?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 28.05.10 02:18, theTree wrote:
> Thanks for the swift reply, I'll take your advice. I do find it peculiar
> though that a message with a subject of 'Shiny Posh Slut' and body text of
> 'Hardcore Blonde MILF Video' has to reply on blacklists etc. I thought
> systems such as the Bayesian filter would take notice of such a message
> based on keywords, context etc...

of course, BAYES with proper training helps a lot, but we want even
untrained spam to be catched, don't we?
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".

Re: SPF_HELO_PASS on a spam message?

Posted by theTree <To...@gmail.com>.

Matus,

Thanks for the swift reply, I'll take your advice. I do find it peculiar
though that a message with a subject of 'Shiny Posh Slut' and body text of
'Hardcore Blonde MILF Video' has to reply on blacklists etc. I thought
systems such as the Bayesian filter would take notice of such a message
based on keywords, context etc...

Many thanks, 

-- 
View this message in context: http://old.nabble.com/SPF_HELO_PASS-on-a-spam-message--tp28704112p28704558.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: SPF_HELO_PASS on a spam message?

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 28.05.10 01:25, theTree wrote:
> I received a spam email that scored zero on the SpamAssassin score. I think
> it may be to do with the SPF_HELO_PASS that it scored

no.

> - would someone be able to give me some pointers?

you may be an early recipient, that received spam before it got to
blacklists and other lists.

> Return-Path: <sh...@regentfinancial.com>
> X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on my.mail.server
> X-Spam-Level: 
> X-Spam-Status: No, score=0.0 required=7.0 tests=BAYES_50,RCVD_IN_PBL,
> 	SPF_HELO_PASS autolearn=ham version=3.1.9

upgrade your SA installation and turn on network checks like razor, pyzor,
dcc and others, if possible.
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
REALITY.SYS corrupted. Press any key to reboot Universe.