You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@embarqmail.com> on 2007/04/29 06:11:33 UTC
[Possible SPAM] Possibly [OT] - Embarq Mail
On April 9th Embarq, my DSL provider, dropped Earthlink as their mail provider
and switched over to Synacor while giving everyone an address of
@embarqmail.com. Since then every post that is sent from my system to me is
tagged as [Possible Spam] whether its the output of a cronjob or just a test
message to myself. Its not my box that is doing the tagging, rather its
Synacor thats doing it. A typical spam markup looks like this:
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.337
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.337 tagged_above=-10 required=6.6
tests=[AWL=3.209, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
The above is from the output of the cronjob I run to download the MSRBL
updates. Even a test message I send to myself is tagged as spam:
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 8.767
Old-X-Spam-Level: ********
Old-X-Spam-Status: Yes, score=8.767 tagged_above=-10 required=6.6
tests=[AWL=1.775, BAYES_95=3, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
While my markup for the above message looks like this:
X-Spam-Remote: Host localhost.localdomain
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.339,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
As another test I sent a message to my old earthlink address since they are
forwarding mail until Oct 31st, the Synacor markup is even more confusing, at
least to me. The subject was changed to reflect [Possible Spam], however that
markup was:
Old-X-Spam-Score: -0.185
Old-X-Spam-Level:
Old-X-Spam-Status: No, score=-0.185 tagged_above=-10 required=6.6
tests=[BAYES_40=-0.185]
How/why is the subject being re-written with a score of -0.185?
I've been in discussion with a Q&A guy from Embarq about this and other
issues, but I don't believe much headway is being made between Embarq and
Synacor. A message to Synacor Tech Support didn't even rate a reply. What, to
me, is seemingly odd is that replies to spam reports that I send to various
abuse addresses, if the reply contains the original spam, the message subject
is changed to [Possible Spam] however the markup shows:
Old-X-Spam-Score: 1.322
Old-X-Spam-Level: *
Old-X-Spam-Status: No, score=1.322 tagged_above=-10 required=6.6
tests=[ADVANCE_FEE_1=0, BAYES_00=-2.599, DEAR_SOMETHING=2.1,
HTML_10_20=1.351, HTML_MESSAGE=0.001, HTML_NONELEMENT_40_50=0.126,
PLING_PLING=0.343]
My question is, what is Embarq/Synacor doing? Why is my ISP marking mail I
send to myself as spam? I know where the RCVD_IN_NJABL_DUL and
RCVD_IN_SORBS_DUL markups are coming from according to SORBS:
Netblock: 71.48.168.0/21 (71.48.168.0-71.48.175.255)
Record Created: Mon Apr 9 02:39:48 2007 GMT
Record Updated: Mon Apr 9 02:39:48 2007 GMT
Additional Information: [#149634 (Embarq Supplied Update - 09/04/2007)]
Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to
indicate static assignment.
Currently active and flagged to be published in DNS
Any words of wisdom I can send to Synacor would be appreciated if they are in
fact necessary. Any help on understanding why a message that has a score that
says its not spam but has the subject changed to state it is would be
appreciated also.
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Matt Kettler <mk...@verizon.net>.
Chris wrote:
>
> My question then is what good would it do me to adjust my trusted_networks
> setting, if in fact I have it incorrect. The [possible spam] markups are
> being made by Embarq/Synacor not me.
Ahh, I get it.. Well, whoever is tagging that has a broken
trusted_networks. Their winding up with verizon's mailserver being
considered internal, and thus SA is seeing the message as if my home PC
was direct-delivering to your network.
Having the _DUL tests fire off on properly relayed mail is a sure-fire
sign that SA's trust-path is over-trusting.
My guess is they've got their inbound mailservers static NATed, and SA
by default assumes (guesses) that all private-range IP's are internal,
plus the first non-private. This guess breaks down when the inbound MX
is private-IP'ed due to static NATing, and here SA winds up thinking
verizon's smarthost is part of the local network when it isn't.
[Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Chris <cp...@embarqmail.com>.
On Saturday 28 April 2007 11:22 pm, Matt Kettler wrote:
> From the looks of it, you need to adjust your trusted_networks.
>
> Right now it looks like it is mis-judging the network boundaries, and
> tagging all mail with the DUL lists.
>
> http://wiki.apache.org/spamassassin/TrustPath
>
Matt, here are the markups from your reply, mine first then Embarqs/Synacors:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00=-6.4
autolearn=disabled version=3.1.8
Old-X-Spam-Status: No, score=-2.545 tagged_above=-10 required=6.6
tests=[ALL_TRUSTED=-1.8, AWL=-0.054, BAYES_00=-2.599,
DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708]
Yet your reply is marked as [possible spam].
Here is my trust paths in my local.cf:
trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24 208.47.184/24
71.48.160.0/20
internal_networks 71.48.160.0/20
Looking at my post to the mailing list here are the markups:
This one I'll have to guess is Synacor's
X-Virus-Scanned: amavisd-new at
Old-X-Spam-Score: -2.599
Old-X-Spam-Level:
Old-X-Spam-Status: No, score=-2.599 tagged_above=-10 required=6.6
tests=[BAYES_00=-2.599]
Then there is this one:
X-ASF-Spam-Status: No, hits=0.0 required=10.0
tests=
Old-X-Spam-Check-By: apache.org
Then there is this one:
Message-Id: <20...@embarqmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Flag: YES
X-Old-Spam-Status: Yes, score=9.068 tagged_above=-10 required=6.6
tests=[AWL=1.576, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
Now I'm confused as to which Old-X-Spam markup is from Embarq/Synacor and
which is from Apache.org. The last one 'looks' like the markups that have
been showing up from Embarq/Synacor on my cronjob output posts:
X-Spam-Remote: Host localhost.localdomain
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.209,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
The one above is the markup from my box on a cronjob output, the one below is
the same cronjob output but marked up by Embarq/Synacor:
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.384
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.384 tagged_above=-10 required=6.6
tests=[AWL=3.256, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
My question then is what good would it do me to adjust my trusted_networks
setting, if in fact I have it incorrect. The [possible spam] markups are
being made by Embarq/Synacor not me.
BTW Matt, here is how your reply to me scored, on my box and by
Embarq/Synacor:
X-Spam-Remote: Host localhost.localdomain
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-4.0 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.209,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.384
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.384 tagged_above=-10 required=6.6
tests=[AWL=3.256, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
Chris
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Matt Kettler <mk...@verizon.net>.
>From the looks of it, you need to adjust your trusted_networks.
Right now it looks like it is mis-judging the network boundaries, and
tagging all mail with the DUL lists.
http://wiki.apache.org/spamassassin/TrustPath
Chris wrote:
> On April 9th Embarq, my DSL provider, dropped Earthlink as their mail provider
> and switched over to Synacor while giving everyone an address of
> @embarqmail.com. Since then every post that is sent from my system to me is
> tagged as [Possible Spam] whether its the output of a cronjob or just a test
> message to myself. Its not my box that is doing the tagging, rather its
> Synacor thats doing it. A typical spam markup looks like this:
>
> Old-X-Spam-Flag: YES
> Old-X-Spam-Score: 7.337
> Old-X-Spam-Level: *******
> Old-X-Spam-Status: Yes, score=7.337 tagged_above=-10 required=6.6
> tests=[AWL=3.209, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
> RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
>
> The above is from the output of the cronjob I run to download the MSRBL
> updates. Even a test message I send to myself is tagged as spam:
>
> Old-X-Spam-Flag: YES
> Old-X-Spam-Score: 8.767
> Old-X-Spam-Level: ********
> Old-X-Spam-Status: Yes, score=8.767 tagged_above=-10 required=6.6
> tests=[AWL=1.775, BAYES_95=3, RCVD_IN_NJABL_DUL=1.946,
> RCVD_IN_SORBS_DUL=2.046]
>
> While my markup for the above message looks like this:
>
> X-Spam-Remote: Host localhost.localdomain
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
> cpollock.localdomain
> X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.339,
> BAYES_00=-6.4 autolearn=disabled version=3.1.8
>
> As another test I sent a message to my old earthlink address since they are
> forwarding mail until Oct 31st, the Synacor markup is even more confusing, at
> least to me. The subject was changed to reflect [Possible Spam], however that
> markup was:
>
> Old-X-Spam-Score: -0.185
> Old-X-Spam-Level:
> Old-X-Spam-Status: No, score=-0.185 tagged_above=-10 required=6.6
> tests=[BAYES_40=-0.185]
>
> How/why is the subject being re-written with a score of -0.185?
>
> I've been in discussion with a Q&A guy from Embarq about this and other
> issues, but I don't believe much headway is being made between Embarq and
> Synacor. A message to Synacor Tech Support didn't even rate a reply. What, to
> me, is seemingly odd is that replies to spam reports that I send to various
> abuse addresses, if the reply contains the original spam, the message subject
> is changed to [Possible Spam] however the markup shows:
>
> Old-X-Spam-Score: 1.322
> Old-X-Spam-Level: *
> Old-X-Spam-Status: No, score=1.322 tagged_above=-10 required=6.6
> tests=[ADVANCE_FEE_1=0, BAYES_00=-2.599, DEAR_SOMETHING=2.1,
> HTML_10_20=1.351, HTML_MESSAGE=0.001, HTML_NONELEMENT_40_50=0.126,
> PLING_PLING=0.343]
>
> My question is, what is Embarq/Synacor doing? Why is my ISP marking mail I
> send to myself as spam? I know where the RCVD_IN_NJABL_DUL and
> RCVD_IN_SORBS_DUL markups are coming from according to SORBS:
>
> Netblock: 71.48.168.0/21 (71.48.168.0-71.48.175.255)
> Record Created: Mon Apr 9 02:39:48 2007 GMT
> Record Updated: Mon Apr 9 02:39:48 2007 GMT
> Additional Information: [#149634 (Embarq Supplied Update - 09/04/2007)]
> Dynamic/Generic IP/rDNS address, use your ISPs mail server or get rDNS set to
> indicate static assignment.
> Currently active and flagged to be published in DNS
>
> Any words of wisdom I can send to Synacor would be appreciated if they are in
> fact necessary. Any help on understanding why a message that has a score that
> says its not spam but has the subject changed to state it is would be
> appreciated also.
>
> Chris
>
>
[Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Chris <cp...@embarqmail.com>.
On Sunday 29 April 2007 11:45 am, Loren Wilton wrote:
> They seem to have a rather confused SA setup on their systems, indicating
> perhaps that they don't really have a clue about what they are doing.
>
> Some fairly obvious questions:
>
> 1 Why are they tagging your mail through their server as DUL? You are
> persumably THEIR CUSTOMER and using THEIR ASSIGNED SERVER. They shouldn't
> be tagging their OWN CUSTOMERS as DUL!
>
> 2 Why are they tagging you with an AWL of 3.2? This indicates that they
> think that you are very likely to send spam. Of course the answer to that
> is probably the 4 points they are assigning you for being one of their
> dialup customers.
>
> 3 Why FORGED_RCVD_HELO? This might be some sort of mis-setup onl your
> end, I suppose.
The FORGED_RCVD_HELO comes up on cron output messages, only certain ones
though. Here are the complete headers of one that is marked:
Received: from localhost (localhost.localdomain [127.0.0.1])
by mailrelay.embarq.synacor.com (Postfix) with ESMTP id A98DE22B7E7
for <cp...@embarqmail.com>; Sun, 29 Apr 2007 09:09:06 -0400 (EDT)
X-Virus-Scanned: amavisd-new at
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 7.389
Old-X-Spam-Level: *******
Old-X-Spam-Status: Yes, score=7.389 tagged_above=-10 required=6.6
tests=[AWL=3.261, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
Received: from mailrelay.embarq.synacor.com ([127.0.0.1])
by localhost (smtp01.embarq.synacor.com [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id TaXXaKHayC-z for <cp...@embarqmail.com>;
Sun, 29 Apr 2007 09:09:06 -0400 (EDT)
Received: from cpollock.localdomain (tx-71-48-168-13.dhcp.embarqhsd.net
[71.48.168.13])
by mailrelay.embarq.synacor.com (Postfix) with ESMTP id 3264622B7DA
for <cp...@embarqmail.com>; Sun, 29 Apr 2007 09:09:06 -0400 (EDT)
Received: by cpollock.localdomain (Postfix, from userid 0)
id C6761434095; Sun, 29 Apr 2007 08:09:05 -0500 (CDT)
From: cpollock@embarqmail.com (Cron Daemon)
To: cpollock@embarqmail.com
Subject: [Possible SPAM] Cron <ro...@cpollock> /usr/local/bin/ss-msrbl.sh
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin>
X-Cron-Env: <MA...@embarqmail.com>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
Message-Id: <20...@cpollock.localdomain>
Date: Sun, 29 Apr 2007 08:09:05 -0500 (CDT)
Status: RO
Content-Type:
X-UID: 5430
X-Length: 2017
Notice 'my' SA never touches it since its processed by procmail into the
correct folder. The output of the cronjob doesn't contain any spam that I can
see:
receiving file list ... done
sent 82 bytes received 85 bytes 334.00 bytes/sec
total size is 227044 speedup is 1359.54
receiving file list ... done
/var/tmp/rsync/MSRBL-Images.hdb
sent 4316 bytes received 4025 bytes 5560.67 bytes/sec
total size is 479987 speedup is 57.55
>
> 4 Why did your test message get bayes_95? Did it contain a test spam?
No, all it contained was the word 'test' and my gpg signature. Another odd
thing, if I send a 'test' message to myself at my embarqmail address its
marked-up as such - my markup and embarqs/synacors, the first set is to my
embarqmail.com address, then 2nd is to my old earthlink address which
earthlink forwards to my embarqmail address:
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-4.1 required=5.0 tests=ALL_TRUSTED=-1.8,AWL=4.140,
BAYES_00=-6.4 autolearn=disabled version=3.1.8
Old-X-Spam-Score: 9.048
Old-X-Spam-Level: *********
Old-X-Spam-Status: Yes, score=9.048 tagged_above=-10 required=6.6
tests=[AWL=1.556, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
cpollock.localdomain
X-Spam-Status: No, score=-3.2 required=5.0 tests=AWL=3.173,BAYES_00=-6.4
autolearn=disabled version=3.1.8
Old-X-Spam-Score: -1.42
Old-X-Spam-Level:
Old-X-Spam-Status: No, score=-1.42 tagged_above=-10 required=6.6
tests=[AWL=-0.680, BAYES_20=-0.74]
So, why is a message that is marked-up with -1.42 have the subject changed to
have [Possible Spam] added?
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Loren Wilton <lw...@earthlink.net>.
They seem to have a rather confused SA setup on their systems, indicating
perhaps that they don't really have a clue about what they are doing.
Some fairly obvious questions:
1 Why are they tagging your mail through their server as DUL? You are
persumably THEIR CUSTOMER and using THEIR ASSIGNED SERVER. They shouldn't
be tagging their OWN CUSTOMERS as DUL!
2 Why are they tagging you with an AWL of 3.2? This indicates that they
think that you are very likely to send spam. Of course the answer to that
is probably the 4 points they are assigning you for being one of their
dialup customers.
3 Why FORGED_RCVD_HELO? This might be some sort of mis-setup onl your
end, I suppose.
4 Why did your test message get bayes_95? Did it contain a test spam?
Loren
Re: Possibly [OT] - Embarq Mail
Posted by SM <sm...@resistor.net>.
At 18:06 29-04-2007, Chris wrote:
>I've checked, authentication was set to 'plain', I've just changed it to
>'login' and sent myself another test message. The results are below, first
>markup with authentication set to 'plain' 2nd set to 'login', I see no
>difference:
>
>Old-X-Spam-Flag: YES
> Old-X-Spam-Score: 9.035
> Old-X-Spam-Level: *********
> Old-X-Spam-Status: Yes, score=9.035 tagged_above=-10 required=6.6
> tests=[AWL=1.543, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
> RCVD_IN_SORBS_DUL=2.046]
The mail server did not add a header to indicate that the sender was
authenticated. This points to more problems with the antispam setup
for Embarq mail.
Regards,
-sm
[Possible SPAM] Re: [Possible SPAM] Re: [Possible SPAM] Possibly [OT]
- Embarq Mail
Posted by Chris <cp...@embarqmail.com>.
On Sunday 29 April 2007 4:04 pm, SM wrote:
> Earthlink may have used smtpauth in the hostname to specify that the
> SMTP server only supports authenticated SMTP sessions. SMTP
> authentication is not restricted to port 587 only. It can also be
> used on port 25 if the mail server supports that.
>
> Configure your mail client to use SMTP AUTH (PLAIN or LOGIN). You
> should also configure the system sending the Cron messages to use SMTP
> AUTH.
>
> Regards,
> -sm
I've checked, authentication was set to 'plain', I've just changed it to
'login' and sent myself another test message. The results are below, first
markup with authentication set to 'plain' 2nd set to 'login', I see no
difference:
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 9.035
Old-X-Spam-Level: *********
Old-X-Spam-Status: Yes, score=9.035 tagged_above=-10 required=6.6
tests=[AWL=1.543, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
Old-X-Spam-Flag: YES
Old-X-Spam-Score: 9.015
Old-X-Spam-Level: *********
Old-X-Spam-Status: Yes, score=9.015 tagged_above=-10 required=6.6
tests=[AWL=1.523, BAYES_99=3.5, RCVD_IN_NJABL_DUL=1.946,
RCVD_IN_SORBS_DUL=2.046]
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq
Mail
Posted by SM <sm...@resistor.net>.
At 13:47 29-04-2007, Chris wrote:
> From an email I received from a Q&A guy at Embarq when I was asking
> questions
>about the switch over:
>
>The smtp server will be smtp.embarqmail.com and it will be
>authenticated but the port will be 25 rather than 587.
They said that smtp.embarqmail.com supports SMTP AUTH.
>How can you have an authenticated smtp session without 1)Sending to a server
>such as earthlinks used to be (smtpauth.earthlink.net) and 2)Using port 25
>vice port 587?
Earthlink may have used smtpauth in the hostname to specify that the
SMTP server only supports authenticated SMTP sessions. SMTP
authentication is not restricted to port 587 only. It can also be
used on port 25 if the mail server supports that.
Configure your mail client to use SMTP AUTH (PLAIN or LOGIN). You
should also configure the system sending the Cron messages to use SMTP AUTH.
Regards,
-sm
[Possible SPAM] Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by Chris <cp...@embarqmail.com>.
On Sunday 29 April 2007 3:06 pm, SM wrote:
> >Any words of wisdom I can send to Synacor would be appreciated if they are
> > in fact necessary. Any help on understanding why a message that has a
> > score that says its not spam but has the subject changed to state it is
> > would be appreciated also.
>
> It may be better to contact Embarq which is your ISP and complain
> about valid mail being tagged as spam. Ask them whether you can use
> SMTP authentication to solve the problem. If all your mail is being
> tagged as possible spam, then the antispam filtering for
> embarqmail.com is misconfigured. Forward several examples of
> incorrectly tagged messages (without your markups) sent to your email
> address to Embarq technical support to show the problem.
>
> Regards,
> -sm
From an email I received from a Q&A guy at Embarq when I was asking questions
about the switch over:
The smtp server will be smtp.embarqmail.com and it will be
authenticated but the port will be 25 rather than 587.
How can you have an authenticated smtp session without 1)Sending to a server
such as earthlinks used to be (smtpauth.earthlink.net) and 2)Using port 25
vice port 587?
--
Chris
KeyID 0xE372A7DA98E6705C
Re: [Possible SPAM] Possibly [OT] - Embarq Mail
Posted by SM <sm...@resistor.net>.
At 21:11 28-04-2007, Chris wrote:
>On April 9th Embarq, my DSL provider, dropped Earthlink as their
>mail provider
>and switched over to Synacor while giving everyone an address of
>@embarqmail.com. Since then every post that is sent from my system to me is
>tagged as [Possible Spam] whether its the output of a cronjob or just a test
>message to myself. Its not my box that is doing the tagging, rather its
>Synacor thats doing it. A typical spam markup looks like this:
>
>Old-X-Spam-Flag: YES
> Old-X-Spam-Score: 7.337
> Old-X-Spam-Level: *******
> Old-X-Spam-Status: Yes, score=7.337 tagged_above=-10 required=6.6
> tests=[AWL=3.209, BAYES_50=0.001, FORGED_RCVD_HELO=0.135,
> RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046]
Synacor sees your system as one from a dynamic user list
(RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL) which score 3.992. The AWL
addition is enough to get the message over the required score of 6.6.
>The above is from the output of the cronjob I run to download the MSRBL
>updates. Even a test message I send to myself is tagged as spam:
See whether Synacor supports any form of SMTP authentication (SMTP
AUTH). That should get you around their dynamic user list (DUL) tests.
>As another test I sent a message to my old earthlink address since they are
>forwarding mail until Oct 31st, the Synacor markup is even more confusing, at
>least to me. The subject was changed to reflect [Possible Spam], however that
>markup was:
>
>Old-X-Spam-Score: -0.185
> Old-X-Spam-Level:
> Old-X-Spam-Status: No, score=-0.185 tagged_above=-10 required=6.6
> tests=[BAYES_40=-0.185]
>
>How/why is the subject being re-written with a score of -0.185?
If I read these headers correctly, they are tagging when the score is
above -10.
>I've been in discussion with a Q&A guy from Embarq about this and other
>issues, but I don't believe much headway is being made between Embarq and
>Synacor. A message to Synacor Tech Support didn't even rate a reply. What, to
>me, is seemingly odd is that replies to spam reports that I send to various
>abuse addresses, if the reply contains the original spam, the message subject
>is changed to [Possible Spam] however the markup shows:
>
>Old-X-Spam-Score: 1.322
> Old-X-Spam-Level: *
> Old-X-Spam-Status: No, score=1.322 tagged_above=-10 required=6.6
> tests=[ADVANCE_FEE_1=0, BAYES_00=-2.599, DEAR_SOMETHING=2.1,
> HTML_10_20=1.351, HTML_MESSAGE=0.001, HTML_NONELEMENT_40_50=0.126,
> PLING_PLING=0.343]
See my previous comment about tagged_above.
>My question is, what is Embarq/Synacor doing? Why is my ISP marking mail I
>send to myself as spam? I know where the RCVD_IN_NJABL_DUL and
>RCVD_IN_SORBS_DUL markups are coming from according to SORBS:
Your ISP should not be doing such tests for mail from their users.
>Any words of wisdom I can send to Synacor would be appreciated if they are in
>fact necessary. Any help on understanding why a message that has a score that
>says its not spam but has the subject changed to state it is would be
>appreciated also.
It may be better to contact Embarq which is your ISP and complain
about valid mail being tagged as spam. Ask them whether you can use
SMTP authentication to solve the problem. If all your mail is being
tagged as possible spam, then the antispam filtering for
embarqmail.com is misconfigured. Forward several examples of
incorrectly tagged messages (without your markups) sent to your email
address to Embarq technical support to show the problem.
Regards,
-sm