You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Tice <li...@johntice.com> on 2006/12/06 04:30:47 UTC
Email scoring way too high... what's wrong?
I have a new client whose mail is scoring way high... several others
on the same server, different domains, score in negative numbers.
Mail sent through a mail script on this domain scores -1.0. I believe
they're using verizon dsl, windows xp w/ outlook or outlook express.
This is just going from one domain to another on the same server
(cpane). I'll send headers if you need them. Do they have a
misconfigured router?
John
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
1.0 BAYES_40 BODY: Bayesian spam probability is 20 to
40%
[score: 0.3651]
0.7 HTML_MESSAGE BODY: HTML included in message
3.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
IP address
[71.254.35.168 listed in dnsbl.sorbs.net]
3.0 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local
SMTP
[71.254.35.168 listed in
combined.njabl.org]
0.0 BOTNET_CLIENT Hostname looks like a client hostname
5.0 BOTNET Any Botnet rule hit
Re: Email scoring way too high... what's wrong?
Posted by up...@3.am.
He's hitting on 2 different DUL rules, because he's sending directly from
his DSL IP to your S/A server. You need to whitelist his IP address, or
otherwise have it bypasss S/A scanning.
On Tue, 5 Dec 2006, John Tice wrote:
> I have a new client whose mail is scoring way high... several others
> on the same server, different domains, score in negative numbers.
> Mail sent through a mail script on this domain scores -1.0. I believe
> they're using verizon dsl, windows xp w/ outlook or outlook express.
> This is just going from one domain to another on the same server
> (cpane). I'll send headers if you need them. Do they have a
> misconfigured router?
> John
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
> 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
> 1.0 BAYES_40 BODY: Bayesian spam probability is 20 to
> 40%
> [score: 0.3651]
> 0.7 HTML_MESSAGE BODY: HTML included in message
> 3.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
> IP address
> [71.254.35.168 listed in dnsbl.sorbs.net]
> 3.0 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local
> SMTP
> [71.254.35.168 listed in
> combined.njabl.org]
> 0.0 BOTNET_CLIENT Hostname looks like a client hostname
> 5.0 BOTNET Any Botnet rule hit
>
>
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================