You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by John Tice <li...@johntice.com> on 2006/12/06 04:30:47 UTC

Email scoring way too high... what's wrong?

I have a new client whose mail is scoring way high... several others  
on the same server, different domains, score in negative numbers.  
Mail sent through a mail script on this domain scores -1.0. I believe  
they're using verizon dsl, windows xp w/ outlook or outlook express.  
This is just going from one domain to another on the same server  
(cpane). I'll send headers if you need them. Do they have a  
misconfigured router?
John

pts rule name              description
---- ----------------------  
--------------------------------------------------
  0.0 BOTNET_CLIENTWORDS     Hostname contains client-like substrings
  0.0 BOTNET_IPINHOSTNAME    Hostname contains its own IP address
  1.0 BAYES_40               BODY: Bayesian spam probability is 20 to  
40%
                             [score: 0.3651]
  0.7 HTML_MESSAGE           BODY: HTML included in message
  3.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic  
IP address
                             [71.254.35.168 listed in dnsbl.sorbs.net]
  3.0 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local  
SMTP
                             [71.254.35.168 listed in  
combined.njabl.org]
  0.0 BOTNET_CLIENT          Hostname looks like a client hostname
  5.0 BOTNET                 Any Botnet rule hit

Re: Email scoring way too high... what's wrong?

Posted by up...@3.am.

He's hitting on 2 different DUL rules, because he's sending directly from
his DSL IP to your S/A server.  You need to whitelist his IP address, or
otherwise have it bypasss S/A scanning.

On Tue, 5 Dec 2006, John Tice wrote:

> I have a new client whose mail is scoring way high... several others
> on the same server, different domains, score in negative numbers.
> Mail sent through a mail script on this domain scores -1.0. I believe
> they're using verizon dsl, windows xp w/ outlook or outlook express.
> This is just going from one domain to another on the same server
> (cpane). I'll send headers if you need them. Do they have a
> misconfigured router?
> John
>
> pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>   0.0 BOTNET_CLIENTWORDS     Hostname contains client-like substrings
>   0.0 BOTNET_IPINHOSTNAME    Hostname contains its own IP address
>   1.0 BAYES_40               BODY: Bayesian spam probability is 20 to
> 40%
>                              [score: 0.3651]
>   0.7 HTML_MESSAGE           BODY: HTML included in message
>   3.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic
> IP address
>                              [71.254.35.168 listed in dnsbl.sorbs.net]
>   3.0 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local
> SMTP
>                              [71.254.35.168 listed in
> combined.njabl.org]
>   0.0 BOTNET_CLIENT          Hostname looks like a client hostname
>   5.0 BOTNET                 Any Botnet rule hit
>
>

James Smallacombe		      PlantageNet, Inc. CEO and Janitor
up@3.am							    http://3.am
=========================================================================