You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jason Gauthier <jg...@lastar.com> on 2005/01/21 16:55:44 UTC

****SPAM(9.7)**** Help analyzing the determination of spam

SpamAssassin, running on "mail.dailyhills.com", has identified this incoming
email as possible spam.  The original message has been attached to this
email so you can view it (if it isn't spam).
If you have any questions, contact postmaster@dailyhills.com for details.

Content preview:  Nice subject! I attached a message to this email that 
  got an incredibly low spam score. When I run the message through 
  spamassassin -t it gets a spam score as I would expect. I know I don't 
  have much more details, but can anyone give me ideas why? [...] 

Content analysis details:   (9.7 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5000]
 2.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
                            [cf: 100]
 2.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: powerfulquotes2.com]
 3.2 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: powerfulquotes2.com imn6.cc]

---- ---------------------- --------------------------------------------------

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

Help analyzing the determination of spam

Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:55 AM 1/21/2005, Jason Gauthier wrote:
>Nice subject!
>
>I attached a message to this email that got an incredibly low spam
>score.
>When I run the message through spamassassin -t it gets a spam score as I
>would expect.
>
>I know I don't have much more details, but can anyone give me ideas why?
>
>
>
>Content analysis details:   (2.7 points, 5.0 required)
>
>  pts rule name              description
>---- ----------------------
>--------------------------------------------------
>-2.8 ALL_TRUSTED            Did not pass through any untrusted hosts

ALL_TRUSTED would be why. That REALLY should never hit for mail from the 
outside.

Usualy this is caused by having a NATed mailserver, or some other IP 
configuration that confuses the automatic trust path code.

Look into manually declaring trusted_networks in your config. Only add 
local mailservers that add Received: headers to the list of trusted hosts.

(Note: Don't try to use trusted networks as an IP based whitelist 
mechanism, it's not. Trusted here means trusted to generate non-forged 
Received: headers, and has subtle implications on a lot of rules.)