You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Gauthier <jg...@lastar.com> on 2005/01/21 16:55:44 UTC
****SPAM(9.7)**** Help analyzing the determination of spam
SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
email as possible spam. The original message has been attached to this
email so you can view it (if it isn't spam).
If you have any questions, contact postmaster@dailyhills.com for details.
Content preview: Nice subject! I attached a message to this email that
got an incredibly low spam score. When I run the message through
spamassassin -t it gets a spam score as I would expect. I know I don't
have much more details, but can anyone give me ideas why? [...]
Content analysis details: (9.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
[cf: 100]
2.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: powerfulquotes2.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
[URIs: powerfulquotes2.com imn6.cc]
---- ---------------------- --------------------------------------------------
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Help analyzing the determination of spam
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:55 AM 1/21/2005, Jason Gauthier wrote:
>Nice subject!
>
>I attached a message to this email that got an incredibly low spam
>score.
>When I run the message through spamassassin -t it gets a spam score as I
>would expect.
>
>I know I don't have much more details, but can anyone give me ideas why?
>
>
>
>Content analysis details: (2.7 points, 5.0 required)
>
> pts rule name description
>---- ----------------------
>--------------------------------------------------
>-2.8 ALL_TRUSTED Did not pass through any untrusted hosts
ALL_TRUSTED would be why. That REALLY should never hit for mail from the
outside.
Usualy this is caused by having a NATed mailserver, or some other IP
configuration that confuses the automatic trust path code.
Look into manually declaring trusted_networks in your config. Only add
local mailservers that add Received: headers to the list of trusted hosts.
(Note: Don't try to use trusted networks as an IP based whitelist
mechanism, it's not. Trusted here means trusted to generate non-forged
Received: headers, and has subtle implications on a lot of rules.)