You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jacek Osuchowski <ja...@osuchowski.net> on 2017/08/07 22:56:58 UTC
Sender needs help with false positive
We use emails to allow users to reset their passwords to our website. We
send very brief emails containing the reset password. Example between >>>>:
>>>>>
Your password to access your account is:
S]U3bC7k
Upon successful login you may change your password by going to Modify
Account / Change Your Password.
>>>>>
The emails are marked as spam. Sample report from IsnotSpam.com:
SpamAssassin check details:
---- ---------------------- -------------------------------
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 0.9995]
* -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
* [50.31.63.50 listed in wl.mailspike.net]
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 0.9995]
* 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
* 0.1 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
* domain
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
X-Spam-Status: Yes, hits=5.7 required=-20.0 tests=BAYES_99,BAYES_999,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=no autolearn_force=no
version=3.4.0
X-Spam-Score: 5.7
I understand you trying to provide great software to fight email spam but
you are making my live miserable. I am having more problems with our emails
marked as spam then from the spam itself. Any help on how avoid being marked
as spam would help. Is there a way to be whitelisted by SpamAssasin
globally. Most emails are blocked by internet providers like Cablevision or
comcast and getting them to help is IMPOSSIBLE. They just install the
software and let it run as it is.
Thank You
Re: Sender needs help with false positive
Posted by Rupert Gallagher <ru...@protonmail.com>.
Avoid marketing mass-mailers when sending administrative messages.
Sent from ProtonMail Mobile
On Tue, Aug 8, 2017 at 12:56 AM, Jacek Osuchowski <ja...@osuchowski.net> wrote:
> We use emails to allow users to reset their passwords to our website. We send very brief emails containing the reset password. Example between >>>>:
>
>>>>>>
>
> Your password to access your account is:
>
> S]U3bC7k
>
> Upon successful login you may change your password by going to Modify Account / Change Your Password.
>
>>>>>>
>
> The emails are marked as spam. Sample report from IsnotSpam.com:
>
> SpamAssassin check details:
>
> ---- ---------------------- -------------------------------
>
> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
>
> * [score: 0.9995]
>
> * -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
>
> * [50.31.63.50 listed in wl.mailspike.net]
>
> * -0.0 SPF_PASS SPF: sender matches SPF record
>
> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
>
> * [score: 0.9995]
>
> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
>
> * 0.1 HTML_MESSAGE BODY: HTML included in message
>
> * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
>
> * domain
>
> * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
>
> * valid
>
> * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
>
> * -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
>
> X-Spam-Status: Yes, hits=5.7 required=-20.0 tests=BAYES_99,BAYES_999,
>
> DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
>
> RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=no autolearn_force=no
>
> version=3.4.0
>
> X-Spam-Score: 5.7
>
> I understand you trying to provide great software to fight email spam but you are making my live miserable. I am having more problems with our emails marked as spam then from the spam itself. Any help on how avoid being marked as spam would help. Is there a way to be whitelisted by SpamAssasin globally. Most emails are blocked by internet providers like Cablevision or comcast and getting them to help is IMPOSSIBLE. They just install the software and let it run as it is.
>
> Thank You
RE: Sender needs help with false positive
Posted by Jacek Osuchowski <ja...@osuchowski.net>.
It did. At first I couldn't figure out why it was HTML because the software
was sending plain text message. When I realized it was sendgrid tracing
method that was converting the messages to HTML in order to embed the img
tag so I turned off the tracing.
-----Original Message-----
From: Dianne Skoll [mailto:dfs@roaringpenguin.com]
Sent: Tuesday, August 08, 2017 8:43 AM
To: users@spamassassin.apache.org
Subject: Re: Sender needs help with false positive
On Tue, 8 Aug 2017 07:36:01 -0500
David Jones <dj...@ena.com> wrote:
> The origin of the email and the path it takes makes a big difference
> in how it's filtered.
Sure, but doing a plain-text message with no HTML will immediately knock
2.2 points off the score. That's a pretty cheap and easy win.
Regards,
Dianne.
Re: HTML (was Re: Sender needs help with false positive)
Posted by Benny Pedersen <me...@junc.eu>.
Dianne Skoll skrev den 2017-08-08 20:09:
> On Tue, 08 Aug 2017 20:01:52 +0200
> Benny Pedersen <me...@junc.eu> wrote:
>
>> why does the OP need to tell sendgrid his users passwords ?
>
> That is indeed a very good question. :)
+1
> It's not as if this is some sort of mass-mailing or marketing-oriented
> email that needs to be tracked.
even if dkim was whitelisted for this mails its still sending passwords
in there emails to sendgrid, stupid
back to learning android studio here
Re: HTML (was Re: Sender needs help with false positive)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 08 Aug 2017 20:01:52 +0200
Benny Pedersen <me...@junc.eu> wrote:
> why does the OP need to tell sendgrid his users passwords ?
That is indeed a very good question. :)
It's not as if this is some sort of mass-mailing or marketing-oriented
email that needs to be tracked.
Regards,
Dianne.
Re: HTML (was Re: Sender needs help with false positive)
Posted by Benny Pedersen <me...@junc.eu>.
Dianne Skoll skrev den 2017-08-08 15:05:
> On Tue, 8 Aug 2017 08:00:04 -0500
> David Jones <dj...@ena.com> wrote:
>
>> I absolutely agree but it's possible that this part is out of his
>> control. Sendgrid might be receiving a plain text email from the
>> normal source and adding HTML to get that image in there for
>> tracking.
>
> If you can't determine the content of your own messages, time to find
> another provider, I think. Surely Sendgrid lets you control this sort
> of thing?
let me hold your pocket ?
why does the OP need to tell sendgrid his users passwords ?
HTML (was Re: Sender needs help with false positive)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 8 Aug 2017 08:00:04 -0500
David Jones <dj...@ena.com> wrote:
> I absolutely agree but it's possible that this part is out of his
> control. Sendgrid might be receiving a plain text email from the
> normal source and adding HTML to get that image in there for
> tracking.
If you can't determine the content of your own messages, time to find
another provider, I think. Surely Sendgrid lets you control this sort
of thing?
Regards,
Dianne.
Re: Sender needs help with false positive
Posted by David Jones <dj...@ena.com>.
On 08/08/2017 07:43 AM, Dianne Skoll wrote:
> On Tue, 8 Aug 2017 07:36:01 -0500
> David Jones <dj...@ena.com> wrote:
>
>> The origin of the email and the path it takes makes a big difference
>> in how it's filtered.
>
> Sure, but doing a plain-text message with no HTML will immediately knock
> 2.2 points off the score. That's a pretty cheap and easy win.
>
> Regards,
>
> Dianne.
>
I absolutely agree but it's possible that this part is out of his
control. Sendgrid might be receiving a plain text email from the normal
source and adding HTML to get that image in there for tracking. We
(this list) have no way to know for sure without seeing the original
unaltered message from the normal source.
My point was copy/pasting the same email body and sending it from a
different source like a desktop/laptop is not going to be valid for
troubleshooting rule hits. I know that you know this but I am just
saying it "out loud" for the OP.
--
David Jones
Re: Sender needs help with false positive
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 8 Aug 2017 07:36:01 -0500
David Jones <dj...@ena.com> wrote:
> The origin of the email and the path it takes makes a big difference
> in how it's filtered.
Sure, but doing a plain-text message with no HTML will immediately knock
2.2 points off the score. That's a pretty cheap and easy win.
Regards,
Dianne.
Re: Sender needs help with false positive
Posted by David Jones <dj...@ena.com>.
On 08/07/2017 07:36 PM, Jacek Osuchowski wrote:
> David,
>
> Thanks a lot. I will try to modify the email text to have more 'meat on the
> bone'. I am just surprised email with no links, no adds, no attempts to sell
> anything can be interpreted as a spam.
> That img in the email is a tag from SendGrid email services used to trace
> the emails. I don't know if I can get rid of it.
>
The folks at Sendgrid know how to properly send out mass emails without
getting blocked by spam filters. They should have some resources to
help with your email delivery. Check with them since you are paying for
that service.
> That's his PC which is the MSA. As it's the first hop, it's not surprising
> it hits Zen PBL (it should, given a host name like
> ool-44c047bf.dyn.optonline.net).
>
About those headers you put in pastebin, is that an actual mail from the
same source that normally generates these password reset emails or was
that a test of the same message body from your desktop? We need to see
the headers from an exact message sent from the same source as it
normally would be.
The origin of the email and the path it takes makes a big difference in
how it's filtered.
--
David Jones
RE: Sender needs help with false positive
Posted by Jacek Osuchowski <ja...@osuchowski.net>.
David,
Thanks a lot. I will try to modify the email text to have more 'meat on the
bone'. I am just surprised email with no links, no adds, no attempts to sell
anything can be interpreted as a spam.
That img in the email is a tag from SendGrid email services used to trace
the emails. I don't know if I can get rid of it.
Dianne,
I have the same concerns with links in the email. We do train our people how
to spot 'funny' emails and to avoid clicking links in the emails unless they
are absolutely sure of what they are doing and they still do stupid things.
Thank you all.
-----Original Message-----
From: David B Funk [mailto:dbfunk@engineering.uiowa.edu]
Sent: Monday, August 07, 2017 7:54 PM
To: users@spamassassin.apache.org
Subject: Re: Sender needs help with false positive
On Mon, 7 Aug 2017, David Jones wrote:
[snip..]
> This IP is listed on SORBS and Spamhaus ZEN which are going to cause
> problems with delivery to many receiving mail filters, not just
SpamAssassin.
>
> http://multirbl.valli.org/lookup/68.192.71.191.html
>
That's his PC which is the MSA. As it's the first hop, it's not surprising
it hits Zen PBL (it should, given a host name like
ool-44c047bf.dyn.optonline.net).
That shouldn't score against him except in broken SA installations.
His problem is the small amount of text that looks like a phish spam and the
embedded image.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Sender needs help with false positive
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 7 Aug 2017, David Jones wrote:
[snip..]
> This IP is listed on SORBS and Spamhaus ZEN which are going to cause problems
> with delivery to many receiving mail filters, not just SpamAssassin.
>
> http://multirbl.valli.org/lookup/68.192.71.191.html
>
That's his PC which is the MSA. As it's the first hop, it's not surprising it
hits Zen PBL (it should, given a host name like ool-44c047bf.dyn.optonline.net).
That shouldn't score against him except in broken SA installations.
His problem is the small amount of text that looks like a phish spam and the
embedded image.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Sender needs help with false positive
Posted by David Jones <dj...@ena.com>.
On 08/07/2017 06:28 PM, Jacek Osuchowski wrote:
> This is an email I sent to IsNotSpam.com. They list the whole thing when testing for spam. I am getting a lot of complains from our customers that our emails are not received. Our domain is not blacklisted anywhere so I suspect it is the spam filtering (as IsNotSpam tool indicates). Is there anything in the email we send that could trigger flagging as a spam. THANK YOU
>
> https://pastebin.com/J1cdCHAe
>
>
> -----Original Message-----
> From: Alex [mailto:mysqlstudent@gmail.com]
> Sent: Monday, August 07, 2017 7:16 PM
> To: jacek@osuchowski.net; SA Mailing list
> Subject: Re: Sender needs help with false positive
>
> Hi,
>
> On Mon, Aug 7, 2017 at 6:56 PM, Jacek Osuchowski <ja...@osuchowski.net> wrote:
>> We use emails to allow users to reset their passwords to our website.
>> We send very brief emails containing the reset password. Example between >>>>:
>>
>>>>>>>
>> Your password to access your account is:
>>
>> S]U3bC7k
>>
>> Upon successful login you may change your password by going to Modify
>> Account / Change Your Password.
>>>>>>>
>>
>
>> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
>> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
>
> You can't control their bayes training so there's nothing you can do here.
>
>> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of
>> words
>
> Are you sending these emails as an image or text?
>
> Do you have a text component to your message as well?
>
> Are you able to post an entire message that includes the headers to pastebin.com, as it appears when it leaves your network then forward the resulting link to the list?
>
>> version=3.4.0
>
> Version 3.4.0 is like ten years old. I also don't recall BAYES_999 being available in that version, so one thing or the other is not correct.
>
This IP is listed on SORBS and Spamhaus ZEN which are going to cause
problems with delivery to many receiving mail filters, not just
SpamAssassin.
http://multirbl.valli.org/lookup/68.192.71.191.html
--
David Jones
Re: Sender needs help with false positive
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Mon, 7 Aug 2017 19:28:04 -0400
"Jacek Osuchowski" <ja...@osuchowski.net> wrote:
> This is an email I sent to IsNotSpam.com. They list the whole thing
> when testing for spam. I am getting a lot of complains from our
> customers that our emails are not received. Our domain is not
> blacklisted anywhere so I suspect it is the spam filtering (as
> IsNotSpam tool indicates). Is there anything in the email we send
> that could trigger flagging as a spam. THANK YOU
Don't send HTML. Just send a plain-text message.
That'll knock 2.2 points off the score and bring it to 3.6.
Simple fix, no?
Regards,
Dianne.
RE: Sender needs help with false positive
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 7 Aug 2017, Jacek Osuchowski wrote:
> This is an email I sent to IsNotSpam.com. They list the whole thing when testing for spam. I am getting a lot of complains from our customers that our emails are not received. Our domain is not blacklisted anywhere so I suspect it is the spam filtering (as IsNotSpam tool indicates). Is there anything in the email we send that could trigger flagging as a spam. THANK YOU
>
> https://pastebin.com/J1cdCHAe
>
Try this experiment.
Take that same message, add two paragraphs of text describing your
business/organization to the end and DELETE that embedded image.
Re-test and I'll bet that you get a passing score.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
RE: Sender needs help with false positive
Posted by Jacek Osuchowski <ja...@osuchowski.net>.
This is an email I sent to IsNotSpam.com. They list the whole thing when testing for spam. I am getting a lot of complains from our customers that our emails are not received. Our domain is not blacklisted anywhere so I suspect it is the spam filtering (as IsNotSpam tool indicates). Is there anything in the email we send that could trigger flagging as a spam. THANK YOU
https://pastebin.com/J1cdCHAe
-----Original Message-----
From: Alex [mailto:mysqlstudent@gmail.com]
Sent: Monday, August 07, 2017 7:16 PM
To: jacek@osuchowski.net; SA Mailing list
Subject: Re: Sender needs help with false positive
Hi,
On Mon, Aug 7, 2017 at 6:56 PM, Jacek Osuchowski <ja...@osuchowski.net> wrote:
> We use emails to allow users to reset their passwords to our website.
> We send very brief emails containing the reset password. Example between >>>>:
>
>>>>>>
> Your password to access your account is:
>
> S]U3bC7k
>
> Upon successful login you may change your password by going to Modify
> Account / Change Your Password.
>>>>>>
>
> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
You can't control their bayes training so there's nothing you can do here.
> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of
> words
Are you sending these emails as an image or text?
Do you have a text component to your message as well?
Are you able to post an entire message that includes the headers to pastebin.com, as it appears when it leaves your network then forward the resulting link to the list?
> version=3.4.0
Version 3.4.0 is like ten years old. I also don't recall BAYES_999 being available in that version, so one thing or the other is not correct.
Re: Sender needs help with false positive
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2017-08-07 at 19:15 -0400, Alex wrote:
> > version=3.4.0
>
> Version 3.4.0 is like ten years old. I also don't recall BAYES_999
> being available in that version, so one thing or the other is not
> correct.
Minor nitpick: 3.4.0 was released in Feb 2014, slightly less than 10
years ago. ;) But that's code only anyway, with sa-update rules'
version and age are kept up-to-date independently.
Similarly the BAYES_999 test indeed is not part of the original 3.4.0
release. It has been published via sa-update though, and even older
3.3.x installations with sa-update have that rule today.
The check_bayes() eval rule always supported the 99.9% variant, it's
just a float number less than 1.0...
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Sender needs help with false positive
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 7 Aug 2017, Alex wrote:
> Hi,
>
> On Mon, Aug 7, 2017 at 6:56 PM, Jacek Osuchowski <ja...@osuchowski.net> wrote:
>> We use emails to allow users to reset their passwords to our website. We
>> send very brief emails containing the reset password. Example between >>>>:
>>
>>>>>>>
>> Your password to access your account is:
>>
>> S]U3bC7k
>>
>> Upon successful login you may change your password by going to Modify
>> Account / Change Your Password.
>>>>>>>
>>
>
>> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
>> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
>
> You can't control their bayes training so there's nothing you can do here.
You -can- control the content of your message. I'm guessing that short
password reset message doesn't have very many tokens, and the ones that it does
have may be too close a match to things like password phish spams. (something
that we train heavily on).
Put more text in there that is related to your business/organization which will
be unique and thus unlike other spammy message.
>
>> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
>
> Are you sending these emails as an image or text?
>
> Do you have a text component to your message as well?
More to the point do you have an image attached/embedded in your message?
If so, either drop it altogether or add a few Kbytes of text to balance it out.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Sender needs help with false positive
Posted by Alex <my...@gmail.com>.
Hi,
On Mon, Aug 7, 2017 at 6:56 PM, Jacek Osuchowski <ja...@osuchowski.net> wrote:
> We use emails to allow users to reset their passwords to our website. We
> send very brief emails containing the reset password. Example between >>>>:
>
>>>>>>
> Your password to access your account is:
>
> S]U3bC7k
>
> Upon successful login you may change your password by going to Modify
> Account / Change Your Password.
>>>>>>
>
> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
You can't control their bayes training so there's nothing you can do here.
> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
Are you sending these emails as an image or text?
Do you have a text component to your message as well?
Are you able to post an entire message that includes the headers to
pastebin.com, as it appears when it leaves your network then forward
the resulting link to the list?
> version=3.4.0
Version 3.4.0 is like ten years old. I also don't recall BAYES_999
being available in that version, so one thing or the other is not
correct.
Re: Sender needs help with false positive
Posted by Benny Pedersen <me...@junc.eu>.
Required score -20 on inbound scanning to protect outbound spam?
Op MSG was dkim signed and valid au, why was it not ADD to whitelist auth,
maybe i was sleeping :(
Re: Sender needs help with false positive
Posted by John Hardin <jh...@impsec.org>.
On Tue, 8 Aug 2017, Benny Pedersen wrote:
> Jacek Osuchowski skrev den 2017-08-08 00:56:
>
>> I understand you trying to provide great software to fight email spam
>
> stop using bad amavisd.conf, ask for help on amavisd maillist since your
> issue is not spamassassin
>
> if you like to get a better life use spampd instaed of amavisd, amavisd is so
> simple to configure to bad results, where spampd is following spamassassin
> rule on tag only and do nothing more
...none of which helps him get his messages through **other people's**
MTAs...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...we talk about creating "millions of shovel-ready jobs" for a
society that doesn't really encourage people to pick up a shovel.
-- Mike Rowe, testifying before Congress
-----------------------------------------------------------------------
8 days until the 72nd anniversary of the end of World War II
Re: Sender needs help with false positive
Posted by Benny Pedersen <me...@junc.eu>.
Jacek Osuchowski skrev den 2017-08-08 00:56:
> I understand you trying to provide great software to fight email spam
stop using bad amavisd.conf, ask for help on amavisd maillist since your
issue is not spamassassin
if you like to get a better life use spampd instaed of amavisd, amavisd
is so simple to configure to bad results, where spampd is following
spamassassin rule on tag only and do nothing more
Password reset strategies (was Re: Sender needs help with false
positive)
Posted by Dianne Skoll <df...@roaringpenguin.com>.
[Just replying to one aspect of the original message.]
On Mon, 7 Aug 2017 18:26:00 -0500
David Jones <dj...@ena.com> wrote:
> First, it's a bad idea for a number of reasons to send passwords via
> email. Most modern "lost password" mail loops use a unique URL that
> expires after a short period of time.
As long as both methods expire, both methods require answering a
prearranged question (or some out-of-band method of authentication),
and both methods require immediate changing of the password, a link is
no more secure than sending the temporary password. In fact, a link may
eventually lead to *less* security as it's easier to phish people if
legitimate messages include a link rather than not including a link.
Encouraging people not to click links in messages like legitimate
password recovery emails is a Good Thing, IMO, as it'll make them less
likely to click links in fake ones.
I realize I'm tilting at windmills.
Regards,
Dianne.
Re: Sender needs help with false positive
Posted by David Jones <dj...@ena.com>.
On 08/07/2017 05:56 PM, Jacek Osuchowski wrote:
> We use emails to allow users to reset their passwords to our website. We
> send very brief emails containing the reset password. Example between >>>>:
>
>>>>>>
>
> Your password to access your account is:
>
> S]U3bC7k
>
> Upon successful login you may change your password by going to Modify
> Account / Change Your Password.
>
>>>>>>
>
> The emails are marked as spam. Sample report from IsnotSpam.com:
>
> SpamAssassin check details:
>
> ---- ---------------------- -------------------------------
>
> * 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
>
> * [score: 0.9995]
>
> * -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
>
> * [50.31.63.50 listed in wl.mailspike.net]
>
> * -0.0 SPF_PASS SPF: sender matches SPF record
>
> * 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
>
> * [score: 0.9995]
>
> * 2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words
>
> * 0.1 HTML_MESSAGE BODY: HTML included in message
>
> * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
>
> * domain
>
> * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
>
> * valid
>
> * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
>
> * -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
>
> X-Spam-Status: Yes, hits=5.7 required=-20.0 tests=BAYES_99,BAYES_999,
>
> DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
>
> RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_PASS autolearn=no autolearn_force=no
>
> version=3.4.0
>
> X-Spam-Score: 5.7
>
> I understand you trying to provide great software to fight email spam
> but you are making my live miserable. I am having more problems with our
> emails marked as spam then from the spam itself. Any help on how avoid
> being marked as spam would help. Is there a way to be whitelisted by
> SpamAssasin globally. Most emails are blocked by internet providers like
> Cablevision or comcast and getting them to help is IMPOSSIBLE. They just
> install the software and let it run as it is.
>
> Thank You
>
Perhaps you should take a little time to figure out what should be
changed in that message body to make those emails not score so high.
First, it's a bad idea for a number of reasons to send passwords via
email. Most modern "lost password" mail loops use a unique URL that
expires after a short period of time.
Secondly, that text in the body is very commonly used by bad actors
trying to phish passwords. Why not change the text a bit and run it
through the isnotspam.com site until it doesn't hit such a high Bayesian
rule. This won't guarantee the Bayesian score of other SpamAssassin
platforms but should give a good hint as to what wording is not good to use.
Third, if you could send us complete headers, then we may be able to
provide more help. The SPF and DKIM look good and you seem to be doing
all of the reputation stuff properly. It comes down to content checks
(BAYES) then.
--
David Jones