You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rocco Scappatura <Ro...@sttspa.it> on 2007/03/14 11:04:18 UTC
Another false negative
Hello,
SA have not blocked an email with this headers:
Microsoft Mail Internet Headers Version 2.0
Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
Microsoft SMTPSVC(6.0.3790.1830);
Wed, 14 Mar 2007 07:14:08 +0100
Received: by posta.sttspa.it (Postfix, from userid 7011)
id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at stt.vir
Received: from av6.stt.vir ([127.0.0.1])
by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
(CET)
Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
[203.118.114.113])
by av6.stt.vir (Postfix) with SMTP id 362367500A2;
Wed, 14 Mar 2007 07:13:14 +0100 (CET)
Message-ID: <02...@kbra3qsxm9mslhj>
Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
To: <ro...@sttspa.it>, <ry...@sttspa.it>
Subject: transmitting wolf
Date: Wed, 14 Mar 2007 13:13:02 +0700
MIME-Version: 1.0
Content-Type: text/html
Return-Path: niagarahi@tristan.trl.mei.co.jp
X-OriginalArrivalTime: 14 Mar 2007 06:14:08.0281 (UTC)
FILETIME=[F9A5D890:01C765FF]
which have in the body:
Our Next Winner for March 14th
and other contents..
Why SA doesn't block this email? Do I miss some important ruleset?
I'have already configured Postfix to use some DNSBL.
Here my SA configuration:
[19689] dbg: logger: adding facilities: all
[19689] dbg: logger: logging level is DBG
[19689] dbg: generic: SpamAssassin version 3.1.8
[19689] dbg: config: score set 0 chosen.
[19689] dbg: util: running in taint mode? yes
[19689] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[19689] dbg: util: PATH included '/sbin', keeping
[19689] dbg: util: PATH included '/usr/sbin', keeping
[19689] dbg: util: PATH included '/usr/local/sbin', keeping
[19689] dbg: util: PATH included '/opt/gnome/sbin', keeping
[19689] dbg: util: PATH included '/root/bin', keeping
[19689] dbg: util: PATH included '/usr/local/bin', keeping
[19689] dbg: util: PATH included '/usr/bin', keeping
[19689] dbg: util: PATH included '/usr/X11R6/bin', keeping
[19689] dbg: util: PATH included '/bin', keeping
[19689] dbg: util: PATH included '/usr/games', keeping
[19689] dbg: util: PATH included '/opt/gnome/bin', keeping
[19689] dbg: util: PATH included '/usr/lib/mit/bin', which doesn't
exist, dropping
[19689] dbg: util: PATH included '/usr/lib/mit/sbin', which doesn't
exist, dropping
[19689] dbg: util: final PATH set to:
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin
:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin
[19689] dbg: message: ---- MIME PARSER START ----
[19689] dbg: message: main message type: text/plain
[19689] dbg: message: parsing normal part
[19689] dbg: message: added part, type: text/plain
[19689] dbg: message: ---- MIME PARSER END ----
[19689] dbg: dns: is Net::DNS::Resolver available? yes
[19689] dbg: dns: Net::DNS version: 0.59
[19689] dbg: config: using "/etc/mail/spamassassin" for site rules pre
files
[19689] dbg: config: read file /etc/mail/spamassassin/init.pre
[19689] dbg: config: read file /etc/mail/spamassassin/v310.pre
[19689] dbg: config: read file /etc/mail/spamassassin/v312.pre
[19689] dbg: config: using "/var/lib/spamassassin/3.001008" for sys
rules pre files
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org.pre
[19689] dbg: config: using "/var/lib/spamassassin/3.001008" for default
rules dir
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org.cf
[19689] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[19689] dbg: config: read file
/etc/mail/spamassassin/70_sare_evilnum0.cf
[19689] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf
[19689] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf
[19689] dbg: config: read file /etc/mail/spamassassin/70_sare_stocks.cf
[19689] dbg: config: read file /etc/mail/spamassassin/FuzzyOcr.cf
[19689] dbg: config: read file
/etc/mail/spamassassin/bogus-virus-warnings.cf
[19689] dbg: config: read file /etc/mail/spamassassin/local.cf
[19689] dbg: config: read file /etc/mail/spamassassin/random.cf
[19689] dbg: config: read file /etc/mail/spamassassin/tripwire.cf
[19689] dbg: config: using "/root/.spamassassin" for user state dir
[19689] dbg: config: using "/root/.spamassassin/user_prefs" for user
prefs file
[19689] dbg: config: read file /root/.spamassassin/user_prefs
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from
@INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from
@INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8edcc3c)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SPF=HASH(0x8f3b5fc)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[19689] dbg: pyzor: network tests on, attempting Pyzor
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8f586a0)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from
@INC
[19689] dbg: razor2: razor2 is not available
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Razor2=HASH(0x8ec021c)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from
@INC
[19689] dbg: reporter: network tests on, attempting SpamCop
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8fd7280)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AWL=HASH(0x8ee3708)
[19689] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ee1840)
[19689] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x91b1c18)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
@INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x91bdf40)
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags
from @INC
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91cc3f0)
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/empty.pre
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/empty.pre" for
included file
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.c
f
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.
cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.c
f
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware.
cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware
.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware.
cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.c
f
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.
cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.c
f
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_tes
ts.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_te
sts.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_tes
ts.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
[19689] dbg: config: adding redirector regex:
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[19689] dbg: config: adding redirector regex:
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[19689] dbg: config: adding redirector regex:
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[19689] dbg: config: adding redirector regex:
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[19689] dbg: config: adding redirector regex:
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[19689] dbg: config: adding redirector regex:
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[19689] dbg: config: adding redirector regex:
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[19689] dbg: config: adding redirector regex:
m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
[19689] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:
$|[&#])'i
[19689] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*
?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
[19689] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*
?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[19689] dbg: config: adding redirector regex:
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.
*?)(?:$|[&#])'i
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_es
.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_e
s.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_es
.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_pl
.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_p
l.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_pl
.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf"
for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk.
cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk
.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk.
cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dki
m.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk
im.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dki
m.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_spf
.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sp
f.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_spf
.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sub
ject.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_su
bject.cf" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sub
ject.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf" for
included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf
[19689] dbg: plugin: fixed relative path:
/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.cf
[19689] dbg: config: using
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.c
f" for included file
[19689] dbg: config: read file
/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.cf
[19689] dbg: plugin: fixed relative path:
/etc/mail/spamassassin/FuzzyOcr.pm
[19689] dbg: plugin: loading FuzzyOcr from
/etc/mail/spamassassin/FuzzyOcr.pm
Subroutine FuzzyOcr::O_CREAT redefined at
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
Subroutine FuzzyOcr::O_EXCL redefined at
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
Subroutine FuzzyOcr::O_RDWR redefined at
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
[19689] dbg: plugin: registered FuzzyOcr=HASH(0x95439dc)
[19689] dbg: plugin: FuzzyOcr=HASH(0x95439dc) implements 'parse_config'
[19689] dbg: FuzzyOcr: focr_bin_helper:
'pnmnorm,pnminvert,ppmtopgm,pamtopnm'
[19689] info: FuzzyOcr: Adding <4> new helper apps
[19689] dbg: FuzzyOcr: focr_bin_helper: 'tesseract'
[19689] info: FuzzyOcr: Adding <1> new helper apps
[19689] info: FuzzyOcr: Starting preprocessor parser for file
"/etc/mail/spamassassin/FuzzyOcr.preps"...
[19689] dbg: FuzzyOcr: line: preprocessor normalize {
[19689] dbg: FuzzyOcr: line: command = pnmnorm
[19689] dbg: FuzzyOcr: line: }
[19689] dbg: FuzzyOcr: line: preprocessor invert {
[19689] dbg: FuzzyOcr: line: command = pnminvert
[19689] dbg: FuzzyOcr: line: }
[19689] dbg: FuzzyOcr: line: preprocessor ppmtopgm {
[19689] dbg: FuzzyOcr: line: command = ppmtopgm
[19689] dbg: FuzzyOcr: line: }
[19689] dbg: FuzzyOcr: line: preprocessor pamtopnm {
[19689] dbg: FuzzyOcr: line: command = pamtopnm
[19689] dbg: FuzzyOcr: line: }
[19689] dbg: FuzzyOcr: line: preprocessor pamthreshold {
[19689] dbg: FuzzyOcr: line: command = pamthreshold
[19689] dbg: FuzzyOcr: line: args = -simple -threshold 0.5
[19689] dbg: FuzzyOcr: line: }
[19689] dbg: FuzzyOcr: line: preprocessor maketiff {
[19689] dbg: FuzzyOcr: line: command = pnmtotiff
[19689] dbg: FuzzyOcr: line: args = -color -truecolor
[19689] dbg: FuzzyOcr: line: }
[19689] info: FuzzyOcr: Starting scanset parser for file
"/etc/mail/spamassassin/FuzzyOcr.scansets"...
[19689] dbg: FuzzyOcr: line scanset ocrad {
[19689] dbg: FuzzyOcr: line command = $ocrad
[19689] dbg: FuzzyOcr: line args = -s5 $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: FuzzyOcr: line scanset ocrad-invert {
[19689] dbg: FuzzyOcr: line command = $ocrad
[19689] dbg: FuzzyOcr: line args = -s5 -i $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: FuzzyOcr: line scanset ocrad-decolorize-invert {
[19689] dbg: FuzzyOcr: line preprocessors = ppmtopgm, pamthreshold,
pamtopnm
[19689] dbg: FuzzyOcr: line command = $ocrad
[19689] dbg: FuzzyOcr: line args = -s5 -i $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: FuzzyOcr: line scanset ocrad-decolorize {
[19689] dbg: FuzzyOcr: line preprocessors = ppmtopgm, pamthreshold,
pamtopnm
[19689] dbg: FuzzyOcr: line command = $ocrad
[19689] dbg: FuzzyOcr: line args = -s5 $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: FuzzyOcr: line scanset gocr {
[19689] dbg: FuzzyOcr: line command = $gocr
[19689] dbg: FuzzyOcr: line args = -i $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: FuzzyOcr: line scanset gocr-180 {
[19689] dbg: FuzzyOcr: line command = $gocr
[19689] dbg: FuzzyOcr: line args = -l 180 -d 2 -i $input
[19689] dbg: FuzzyOcr: line }
[19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::DBI from
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/DBI.pm
[19689] dbg: plugin: registered
Mail::SpamAssassin::Plugin::DBI=HASH(0x959e374)
[19689] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91cc3f0) implements
'finish_parsing_end'
[19689] dbg: plugin: FuzzyOcr=HASH(0x95439dc) implements
'finish_parsing_end'
[19689] dbg: replacetags: replacing tags
[19689] dbg: replacetags: done replacing tags
[19689] info: FuzzyOcr: Searching in: /usr/local/netpbm/bin
[19689] info: FuzzyOcr: Searching in: /usr/local/bin
[19689] info: FuzzyOcr: Searching in: /usr/bin
[19689] dbg: FuzzyOcr: Using gifsicle => /usr/local/bin/gifsicle
[19689] dbg: FuzzyOcr: Using giffix => /usr/local/bin/giffix
[19689] dbg: FuzzyOcr: Using giftext => /usr/local/bin/giftext
[19689] dbg: FuzzyOcr: Using gifinter => /usr/local/bin/gifinter
[19689] dbg: FuzzyOcr: Using giftopnm => /usr/local/netpbm/bin/giftopnm
[19689] dbg: FuzzyOcr: Using jpegtopnm =>
/usr/local/netpbm/bin/jpegtopnm
[19689] dbg: FuzzyOcr: Using pngtopnm => /usr/local/netpbm/bin/pngtopnm
[19689] info: FuzzyOcr: Using bmptopnm => /usr/local/netpbm/bin/bmptopnm
[19689] info: FuzzyOcr: Using tifftopnm =>
/usr/local/netpbm/bin/tifftopnm
[19689] dbg: FuzzyOcr: Using ppmhist => /usr/local/netpbm/bin/ppmhist
[19689] info: FuzzyOcr: Using pamfile => /usr/local/netpbm/bin/pamfile
[19689] info: FuzzyOcr: Using ocrad => /usr/local/bin/ocrad
[19689] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr
[19689] dbg: FuzzyOcr: Using pnmnorm => /usr/local/netpbm/bin/pnmnorm
[19689] dbg: FuzzyOcr: Using pnminvert =>
/usr/local/netpbm/bin/pnminvert
[19689] info: FuzzyOcr: Using ppmtopgm => /usr/local/netpbm/bin/ppmtopgm
[19689] info: FuzzyOcr: Using pamtopnm => /usr/local/netpbm/bin/pamtopnm
[19689] info: FuzzyOcr: Using tesseract => /usr/local/bin/tesseract
[19689] dbg: FuzzyOcr: Threshold[max_hash] => 5
[19689] dbg: FuzzyOcr: Threshold[c] => 5
[19689] dbg: FuzzyOcr: Threshold[s] => 0.01
[19689] dbg: FuzzyOcr: Threshold[w] => 0.01
[19689] dbg: FuzzyOcr: Threshold[h] => 0.01
[19689] dbg: FuzzyOcr: Threshold[cn] => 0.01
[19689] dbg: FuzzyOcr: focr_add_score => 1
[19689] dbg: FuzzyOcr: focr_autodisable_negative_score => -5
[19689] dbg: FuzzyOcr: focr_autodisable_score => 1000
[19689] dbg: FuzzyOcr: focr_autosort_buffer => 10
[19689] dbg: FuzzyOcr: focr_autosort_scanset => 1
[19689] dbg: FuzzyOcr: focr_base_score => 5
[19689] dbg: FuzzyOcr: focr_corrupt_score => 2.5
[19689] dbg: FuzzyOcr: focr_corrupt_unfixable_score => 5
[19689] dbg: FuzzyOcr: focr_counts_required => 2
[19689] dbg: FuzzyOcr: focr_db_hash =>
/etc/mail/spamassassin/FuzzyOcr.db
[19689] dbg: FuzzyOcr: focr_db_max_days => 35
[19689] dbg: FuzzyOcr: focr_db_safe =>
/etc/mail/spamassassin/FuzzyOcr.safe.db
[19689] dbg: FuzzyOcr: focr_digest_db =>
/etc/mail/spamassassin/FuzzyOcr.hashdb
[19689] dbg: FuzzyOcr: focr_enable_image_hashing => 0
[19689] dbg: FuzzyOcr: focr_global_timeout => 0
[19689] dbg: FuzzyOcr: focr_global_wordlist =>
/etc/mail/spamassassin/FuzzyOcr.words
[19689] dbg: FuzzyOcr: focr_hashing_learn_scanned => 1
[19689] dbg: FuzzyOcr: focr_keep_bad_images => 0
[19689] dbg: FuzzyOcr: focr_log_pmsinfo => 1
[19689] dbg: FuzzyOcr: focr_log_stderr => 1
[19689] dbg: FuzzyOcr: focr_logfile => /var/amavis/log/FuzzyOcr.log
[19689] dbg: FuzzyOcr: focr_max_height => 800
[19689] dbg: FuzzyOcr: focr_max_width => 800
[19689] dbg: FuzzyOcr: focr_min_height => 4
[19689] dbg: FuzzyOcr: focr_min_width => 4
[19689] dbg: FuzzyOcr: focr_minimal_scanset => 1
[19689] dbg: FuzzyOcr: focr_mysql_db => FuzzyOcr
[19689] dbg: FuzzyOcr: focr_mysql_hash => Hash
[19689] dbg: FuzzyOcr: focr_mysql_host => localhost
[19689] dbg: FuzzyOcr: focr_mysql_port => 3306
[19689] dbg: FuzzyOcr: focr_mysql_safe => Safe
[19689] dbg: FuzzyOcr: focr_mysql_update_hash => 0
[19689] dbg: FuzzyOcr: focr_mysql_user => fuzzyocr
[19689] dbg: FuzzyOcr: focr_no_homedirs => 0
[19689] dbg: FuzzyOcr: focr_path_bin =>
/usr/local/netpbm/bin:/usr/local/bin:/usr/bin
[19689] dbg: FuzzyOcr: focr_personal_wordlist =>
__userstate__/FuzzyOcr.words
[19689] dbg: FuzzyOcr: focr_preprocessor_file =>
/etc/mail/spamassassin/FuzzyOcr.preps
[19689] dbg: FuzzyOcr: focr_scanset_file =>
/etc/mail/spamassassin/FuzzyOcr.scansets
[19689] dbg: FuzzyOcr: focr_score_ham => 0
[19689] dbg: FuzzyOcr: focr_skip_bmp => 0
[19689] dbg: FuzzyOcr: focr_skip_gif => 0
[19689] dbg: FuzzyOcr: focr_skip_jpeg => 0
[19689] dbg: FuzzyOcr: focr_skip_png => 0
[19689] dbg: FuzzyOcr: focr_skip_tiff => 0
[19689] dbg: FuzzyOcr: focr_skip_updates => 0
[19689] dbg: FuzzyOcr: focr_strip_numbers => 1
[19689] dbg: FuzzyOcr: focr_threshold => 0.25
[19689] dbg: FuzzyOcr: focr_timeout => 10
[19689] dbg: FuzzyOcr: focr_twopass_scoring_factor => 1.5
[19689] dbg: FuzzyOcr: focr_unique_matches => 0
[19689] dbg: FuzzyOcr: focr_verbose => 3
[19689] dbg: FuzzyOcr: focr_wrongctype_score => 1.5
[19689] dbg: FuzzyOcr: focr_wrongext_score => 1.5
[19689] info: FuzzyOcr: Loaded preprocessor normalize:
/usr/local/netpbm/bin/pnmnorm
[19689] info: FuzzyOcr: Loaded preprocessor invert:
/usr/local/netpbm/bin/pnminvert
[19689] info: FuzzyOcr: Loaded preprocessor ppmtopgm:
/usr/local/netpbm/bin/ppmtopgm
[19689] info: FuzzyOcr: Loaded preprocessor pamtopnm:
/usr/local/netpbm/bin/pamtopnm
[19689] info: FuzzyOcr: Loaded preprocessor pamthreshold: pamthreshold
-simple -threshold 0.5
[19689] info: FuzzyOcr: Loaded preprocessor maketiff: pnmtotiff -color
-truecolor
[19689] info: FuzzyOcr: Using scan ocrad: /usr/local/bin/ocrad -s5
$input
[19689] info: FuzzyOcr: Using scan ocrad-invert: /usr/local/bin/ocrad
-s5 -i $input
[19689] info: FuzzyOcr: Using scan ocrad-decolorize-invert:
/usr/local/bin/ocrad -s5 -i $input
[19689] info: FuzzyOcr: Using scan ocrad-decolorize:
/usr/local/bin/ocrad -s5 $input
[19689] info: FuzzyOcr: Using scan gocr: /usr/bin/gocr -i $input
[19689] info: FuzzyOcr: Using scan gocr-180: /usr/bin/gocr -l 180 -d 2
-i $input
[19689] dbg: bayes: using username: amavis
[19689] dbg: dbiplugin: Creating uncached database handle to
'bayes:127.0.0.1_bayes_bayes_AutoCommit=0_PrintError=0_Username=bayes'
[19689] dbg: bayes: database connection established
[19689] dbg: bayes: found bayes db version 3
[19689] dbg: bayes: Using userid: 1
[19689] dbg: config: score set 3 chosen.
[19689] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0
[19689] dbg: dns: testing resolver nameservers: 127.0.0.1,
80.74.176.132, 80.74.180.132
[19689] dbg: dns: trying (3) kernel.org...
[19689] dbg: dns: looking up NS for 'kernel.org'
[19689] dbg: dns: NS lookup of kernel.org using 127.0.0.1 succeeded =>
DNS available (set dns_available to override)
[19689] dbg: dns: is DNS available? 1
[19689] dbg: dns: looking up PTR record for '80.74.176.144'
[19689] dbg: dns: PTR for '80.74.176.144': 'mail4.sttspa.it'
[19689] dbg: received-header: parsed as [ ip=80.74.176.144
rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
envfrom= intl=0 id= auth= ]
[19689] dbg: dns: looking up A records for 'srv5.stt.loc'
[19689] dbg: dns: A records for 'srv5.stt.loc': 10.3.253.16
[19689] dbg: dns: looking up A records for 'srv5.stt.loc'
[19689] dbg: dns: A records for 'srv5.stt.loc': 10.3.253.16
[19689] dbg: received-header: 'by' srv5.stt.loc has private IP
10.3.253.16
[19689] dbg: received-header: 'by' srv5.stt.loc has no public IPs
[19689] dbg: received-header: relay 80.74.176.144 trusted? yes internal?
no
[19689] dbg: received-header: parsed as [ ip=80.74.176.141
rdns=smtp02.sttspa.it helo=av6.stt.vir by=posta.sttspa.it ident=
envfrom= intl=0 id=6858B1098004 auth= ]
[19689] dbg: dns: looking up A records for 'posta.sttspa.it'
[19689] dbg: dns: A records for 'posta.sttspa.it': 80.74.176.144
[19689] dbg: received-header: 'by' posta.sttspa.it has public IP
80.74.176.144
[19689] dbg: received-header: relay 80.74.176.141 trusted? no internal?
no
[19689] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost
helo=localhost by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7
auth= ]
[19689] dbg: received-header: relay 127.0.0.1 trusted? no internal? no
[19689] dbg: dns: IP is private, not looking up PTR: 127.0.0.1
[19689] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=
helo=av6.stt.vir by=localhost ident= envfrom= intl=0 id=I3LCVzlxLfiv
auth= ]
[19689] dbg: received-header: relay 127.0.0.1 trusted? no internal? no
[19689] dbg: received-header: parsed as [ ip=203.118.114.113
rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
[19689] dbg: received-header: relay 203.118.114.113 trusted? no
internal? no
[19689] dbg: metadata: X-Spam-Relays-Trusted: [ ip=80.74.176.144
rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
envfrom= intl=0 id= auth= ]
[19689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=80.74.176.141
rdns=smtp02.sttspa.it helo=av6.stt.vir by=posta.sttspa.it ident=
envfrom= intl=0 id=6858B1098004 auth= ] [ ip=127.0.0.1 rdns=localhost
helo=localhost by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7
auth= ] [ ip=127.0.0.1 rdns= helo=av6.stt.vir by=localhost ident=
envfrom= intl=0 id=I3LCVzlxLfiv auth= ] [ ip=203.118.114.113
rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
[19689] dbg: metadata: X-Spam-Relays-Internal:
[19689] dbg: metadata: X-Spam-Relays-External: [ ip=80.74.176.144
rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
envfrom= intl=0 id= auth= ] [ ip=80.74.176.141 rdns=smtp02.sttspa.it
helo=av6.stt.vir by=posta.sttspa.it ident= envfrom= intl=0
id=6858B1098004 auth= ] [ ip=127.0.0.1 rdns=localhost helo=localhost
by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7 auth= ] [
ip=127.0.0.1 rdns= helo=av6.stt.vir by=localhost ident= envfrom= intl=0
id=I3LCVzlxLfiv auth= ] [ ip=203.118.114.113
rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
[19689] dbg: message: ---- MIME PARSER START ----
[19689] dbg: message: main message type: text/html
[19689] dbg: message: parsing normal part
[19689] dbg: message: added part, type: text/html
[19689] dbg: message: ---- MIME PARSER END ----
[19689] dbg: message: no encoding detected
[19689] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
'parsed_metadata'
[19689] dbg: uridnsbl: domains to query:
[19689] dbg: dns: checking RBL sa-other.bondedsender.org., set
bsp-untrusted
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113
[19689] dbg: dns: launching DNS TXT query for
113.114.118.203.sa-other.bondedsender.org. in background
[19689] dbg: dns: checking RBL combined.njabl.org., set
njabl-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: launching DNS A query for
144.176.74.80.combined.njabl.org. in background
[19689] dbg: dns: checking RBL combined.njabl.org., set njabl
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
80.74.176.141
[19689] dbg: dns: launching DNS A query for
113.114.118.203.combined.njabl.org. in background
[19689] dbg: dns: launching DNS A query for
141.176.74.80.combined.njabl.org. in background
[19689] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
80.74.176.141
[19689] dbg: dns: launching DNS TXT query for
113.114.118.203.bl.spamcop.net. in background
[19689] dbg: dns: launching DNS TXT query for
141.176.74.80.bl.spamcop.net. in background
[19689] dbg: message: Return-Path header found after 1 or more Received
lines, cannot trust envelope-from
[19689] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: launching DNS A query for
144.176.74.80.zen.spamhaus.org. in background
[19689] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: launching DNS A query for
144.176.74.80.dnsbl.sorbs.net. in background
[19689] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
80.74.176.141
[19689] dbg: dns: launching DNS A query for
113.114.118.203.dnsbl.sorbs.net. in background
[19689] dbg: dns: launching DNS A query for
141.176.74.80.dnsbl.sorbs.net. in background
[19689] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
[19689] dbg: dns: launching DNS A query for
141.176.74.80.sa-accredit.habeas.com. in background
[19689] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
80.74.176.141
[19689] dbg: dns: launching DNS A query for
113.114.118.203.combined-HIB.dnsiplists.completewhois.com. in background
[19689] dbg: dns: launching DNS A query for
141.176.74.80.combined-HIB.dnsiplists.completewhois.com. in background
[19689] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: launching DNS TXT query for
144.176.74.80.list.dsbl.org. in background
[19689] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
[19689] dbg: dns: launching DNS TXT query for
141.176.74.80.sa-trusted.bondedsender.org. in background
[19689] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
[19689] dbg: dns: launching DNS A query for
144.176.74.80.combined-HIB.dnsiplists.completewhois.com. in background
[19689] dbg: dns: checking RBL zen.spamhaus.org., set zen
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
80.74.176.141
[19689] dbg: dns: launching DNS A query for
113.114.118.203.zen.spamhaus.org. in background
[19689] dbg: dns: launching DNS A query for
141.176.74.80.zen.spamhaus.org. in background
[19689] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[19689] dbg: dns: IPs found: full-external: 80.74.176.144,
80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
80.74.176.141, 203.118.114.113 originating:
[19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
[19689] dbg: dns: launching DNS A query for
141.176.74.80.iadb.isipp.com. in background
[19689] dbg: check: running tests for priority: 0
[19689] dbg: rules: running header regexp tests; score so far=0
[19689] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[19689] dbg: rules: ran header rule __CTYPE_HTML ======> got hit:
"text/html"
[19689] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[19689] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<02...@kbra3qsxm9mslhj>
[19689] dbg: rules: "
[19689] dbg: message: Return-Path header found after 1 or more Received
lines, cannot trust envelope-from
[19689] dbg: rules: ran header rule __REPTO_QUOTE ======> got hit:
""IParker NDickey" <"
[19689] dbg: rules: ran header rule __CT ======> got hit: "t"
[19689] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[19689] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
[19689] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "t"
[19689] dbg: rules: ran header rule __REPTO_OVERQUOTE ======> got hit:
""IParker NDickey" <"
[19689] dbg: spf: checking HELO (helo=posta.sttspa.it, ip=80.74.176.144)
[19689] dbg: spf: cannot load or create Mail::SPF::Query module: Can't
locate Mail/SPF/Query.pm in @INC (@INC contains: ..
/etc/mail/spamassassin
/usr/lib/perl5/site_perl/5.8.8/i586-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/5.8.8/i586-linux-thread-multi /usr/lib/perl5/5.8.8
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.8/i586-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl) at
/usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/SPF.pm line 287.
[19689] dbg: eval: all '*From' addrs: niagarahi@tristan.trl.mei.co.jp
[19689] dbg: eval: forged-HELO: from=smtp02.sttspa.it helo=stt.vir
by=posta.sttspa.it
[19689] dbg: eval: forged-HELO: mismatch on HELO: 'stt.vir' !=
'smtp02.sttspa.it'
[19689] dbg: eval: forged-HELO: from=(undef) helo=localhost by=stt.vir
[19689] dbg: eval: forged-HELO: mismatch on from: 'smtp02.sttspa.it' !=
'stt.vir'
[19689] dbg: eval: forged-HELO: from=asianet.co.th helo=kbra3qsxm9mslhj
by=stt.vir
[19689] dbg: rules: ran eval rule FORGED_RCVD_HELO ======> got hit
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:14:08 +0100
[19689] dbg: eval: time_t from date=1173852848, rcvd= 14 Mar 2007
07:14:08 +0100
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:14:06 +0100
[19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
07:14:06 +0100
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:14:06 +0100
[19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
07:14:06 +0100
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:14:06 +0100
[19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
07:14:06 +0100
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:14:03 +0100
[19689] dbg: eval: time_t from date=1173852843, rcvd= 14 Mar 2007
07:14:03 +0100
[19689] dbg: eval: trying Received header date for real time: 14 Mar
2007 07:13:14 +0100
[19689] dbg: eval: time_t from date=1173852794, rcvd= 14 Mar 2007
07:13:14 +0100
[19689] dbg: eval: all '*To' addrs: rocsca@sttspa.it ryan@sttspa.it
[19689] dbg: spf: relayed through one or more trusted relays, cannot use
header-based Envelope-From, skipping
[19689] dbg: spf: def_spf_whitelist_from: could not find useable
envelope sender
[19689] dbg: eval: date chosen from message: Wed Mar 14 07:13:14 2007
[19689] dbg: spf: spf_whitelist_from: could not find useable envelope
sender
[19689] dbg: rules: running body-text per-line regexp tests; score so
far=0.135
[19689] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "t"
[19689] dbg: uri: running uri tests; score so far=0.135
[19689] dbg: rules: ran eval rule __HTML_LENGTH_512 ======> got hit
[19689] dbg: bayes: corpus size: nspam = 7753573, nham = 5656042
[19689] dbg: bayes: tok_get_all: token count: 98
[19689] dbg: bayes: score = 0.490918784057474
[19689] dbg: rules: ran eval rule __HTML_LENGTH_0000_1024 ======> got
hit
[19689] dbg: rules: ran eval rule HTML_SHORT_LENGTH ======> got hit
[19689] dbg: rules: ran eval rule __MIME_HTML ======> got hit
[19689] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit
[19689] dbg: rules: ran eval rule __HTML_LENGTH_384 ======> got hit
[19689] dbg: rules: ran eval rule BAYES_50 ======> got hit
[19689] dbg: rules: ran eval rule MIME_HTML_ONLY ======> got hit
[19689] dbg: rules: running raw-body-text per-line regexp tests; score
so far=1.712
[19689] dbg: rules: running full-text regexp tests; score so far=1.712
[19689] dbg: util: current PATH is:
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin
:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin
[19689] dbg: pyzor: pyzor is not available: no pyzor executable found
[19689] dbg: pyzor: no pyzor found, disabling Pyzor
[19689] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
'check_tick'
[19689] dbg: check: running tests for priority: 500
[19689] dbg: dns: success for 16 of 19 queries
[19689] dbg: dns: timeout for whois-lastexternal after 4 seconds
[19689] dbg: dns: timeout for whois after 4 seconds
[19689] dbg: dns: timeout for whois after 4 seconds
[19689] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
'check_post_dnsbl'
[19689] dbg: rules: running meta tests; score so far=1.712
[19689] info: rules: meta test DIGEST_MULTIPLE has undefined dependency
'DCC_CHECK'
[19689] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined
dependency 'VIRUS_WARNING_MYDOOM4'
[19689] info: rules: meta test SARE_OBFU_CIALIS has undefined dependency
'SARE_OBFU_CIALIS2'
[19689] dbg: rules: running header regexp tests; score so far=2.794
[19689] dbg: rules: running body-text per-line regexp tests; score so
far=2.794
[19689] dbg: uri: running uri tests; score so far=2.794
[19689] dbg: rules: running raw-body-text per-line regexp tests; score
so far=2.794
[19689] dbg: rules: running full-text regexp tests; score so far=2.794
[19689] dbg: check: running tests for priority: 900
[19689] dbg: rules: running meta tests; score so far=2.794
[19689] dbg: rules: running header regexp tests; score so far=2.794
[19689] dbg: rules: running body-text per-line regexp tests; score so
far=2.794
[19689] dbg: uri: running uri tests; score so far=2.794
[19689] dbg: FuzzyOcr: Starting FuzzyOcr...
[19689] info: FuzzyOcr: Processing Message with ID
"<02...@kbra3qsxm9mslhj>" ("IParker NDickey"
<ni...@tristan.trl.mei.co.jp> -> <ro...@sttspa.it>,
<ry...@sttspa.it>)
[19689] dbg: FuzzyOcr: Skipping OCR, no image files found...
[19689] dbg: FuzzyOcr: Processed in 0.000590 sec.
[19689] dbg: rules: running raw-body-text per-line regexp tests; score
so far=2.794
[19689] dbg: rules: running full-text regexp tests; score so far=2.794
[19689] dbg: check: running tests for priority: 1000
[19689] dbg: rules: running meta tests; score so far=2.794
[19689] dbg: rules: running header regexp tests; score so far=2.794
[19689] dbg: dbiplugin: Creating uncached database handle to
'bayes:127.0.0.1_bayes_bayes_AutoCommit=1_PrintError=0_Username=bayes'
[19689] dbg: auto-whitelist: sql-based connected to
DBI:mysql:bayes:127.0.0.1
[19689] dbg: auto-whitelist: sql-based using username: root
[19689] dbg: auto-whitelist: sql-based get_addr_entry: found existing
entry for niagarahi@tristan.trl.mei.co.jp|ip=203.118
[19689] dbg: auto-whitelist: sql-based
niagarahi@tristan.trl.mei.co.jp|ip=203.118 scores 1/2.794
[19689] dbg: auto-whitelist: AWL active, pre-score: 2.794, autolearn
score: 2.794, mean: 2.794, IP: 203.118.114.113
[19689] dbg: auto-whitelist: sql-based add_score: new count: 2, new
totscore: 5.588 for niagarahi@tristan.trl.mei.co.jp|ip=203.118
[19689] dbg: auto-whitelist: sql-based finish: disconnected from
DBI:mysql:bayes:127.0.0.1
[19689] dbg: auto-whitelist: post auto-whitelist score: 2.794
[19689] dbg: rules: running body-text per-line regexp tests; score so
far=2.794
[19689] dbg: uri: running uri tests; score so far=2.794
[19689] dbg: rules: running raw-body-text per-line regexp tests; score
so far=2.794
[19689] dbg: rules: running full-text regexp tests; score so far=2.794
[19689] dbg: plugin:
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ee1840)
implements 'autolearn_discriminator'
[19689] dbg: learn: auto-learn: currently using scoreset 3, recomputing
score based on scoreset 1
[19689] dbg: learn: auto-learn: message score: 2.794, computed score for
autolearn: 1.143
[19689] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.631,
head-points=0, learned-points=0.001
[19689] dbg: learn: auto-learn? no: inside auto-learn thresholds, not
considered ham or spam
[19689] dbg: check: is spam? score=2.794 required=5
[19689] dbg: check:
tests=BAYES_50,FORGED_RCVD_HELO,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_
SHORT_LENGTH,MIME_HTML_ONLY
[19689] dbg: check:
subtests=__CT,__CTYPE_HTML,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_L
ENGTH_0000_1024,__HTML_LENGTH_384,__HTML_LENGTH_512,__MIME_HTML,__MIME_V
ERSION,__NONEMPTY_BODY,__REPTO_OVERQUOTE,__REPTO_QUOTE,__SANE_MSGID,__TO
CC_EXISTS
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on av6.stt.vir
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0
tests=BAYES_50,FORGED_RCVD_HELO,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_SHORT_LENGTH,MIME_HTML_ONLY
autolearn=no version=3.1.8
Microsoft Mail Internet Headers Version 2.0
Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
Microsoft SMTPSVC(6.0.3790.1830);
Wed, 14 Mar 2007 07:14:08 +0100
Received: by posta.sttspa.it (Postfix, from userid 7011)
id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at stt.vir
Received: from av6.stt.vir ([127.0.0.1])
by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
(CET)
Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
[203.118.114.113])
by av6.stt.vir (Postfix) with SMTP id 362367500A2;
Wed, 14 Mar 2007 07:13:14 +0100 (CET)
Message-ID: <02...@kbra3qsxm9mslhj>
Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
To: <ro...@sttspa.it>, <ry...@sttspa.it>
Subject: transmitting wolf
Date: Wed, 14 Mar 2007 13:13:02 +0700
MIME-Version: 1.0
Content-Type: text/html
Return-Path: niagarahi@tristan.trl.mei.co.jp
X-OriginalArrivalTime: 14 Mar 2007 06:14:08.0281 (UTC)
FILETIME=[F9A5D890:01C765FF]
Spam detection software, running on the system "av6.stt.vir", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: [...]
Content analysis details: (2.8 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.6 HTML_SHORT_LENGTH BODY: HTML is extremely short
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4909]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
BR,
rocsca
Re: Another false negative
Posted by Chris <cp...@earthlink.net>.
On Wednesday 14 March 2007 5:49 am, Rocco Scappatura wrote:
> > If you can post the full email (headers and body), I'll run it over my
> > system which has lots and lots of third party add on rules from
> > www.rulesemporium.com and others and see if I can make SA
> > score it high
> > enough for Amavisd-new to block the email..
>
> Thanks.
>
> http://www.rocsca.it/INBOX
>
> I get the following score:
>
>
> Content analysis details: (2.5 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
> tag
> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5547]
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 0.3 AWL AWL: From: address is in the auto white-list
Your message scored like this here:
X-Spam-Status: Yes, score=7.4 required=5.0 tests=BAYES_80=4.1,
FORGED_RCVD_HELO=0.135,HTML_30_40=0.374,HTML_MESSAGE=0.001,
HTML_TEXT_AFTER_BODY=0.115,MIME_HTML_ONLY=0.001,SAGREY=1,
SARE_PROLOSTOCK_SYM3=1.66 autolearn=disabled version=3.1.8
Content analysis details: (7.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
4.1 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
[score: 0.9413]
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.0 SAGREY Adds 1.0 to spam from first-time senders
--
Chris
KeyID 0xE372A7DA98E6705C
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> > Content analysis details: (5.7 points, 5.0 required)
> >
> > pts rule name description
> > ---- ----------------------
> > --------------------------------------------------
> > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> > 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> > 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> > 0.0 HTML_MESSAGE BODY: HTML included in message
> > 3.5 BAYES_99 BODY: Bayesian spam probability
> > is 99 to 100%
> > [score: 1.0000]
> > 0.0 MIME_HTML_ONLY BODY: Message only has text/html
> > MIME parts
>
> Please, could you tell me what do I miss?
>
Maybe I have to update the list of ruleset? What I have to installa
other that the default set of ruleset delivered with SA 3.1.8?
TIA,
rocsca
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> > Do I have to set it to 0?
>
> No, but that may explain why the two servers have different
> Bayes scores for similar messages. If they receive different
> message streams they will be learning a different view of the
> email world.
OK. Thanks all clear for me!!
> > But Then how I have to instruct Spamassassin? What is the
> best way? Do
> > I have a spam folder to instruct SA?
>
> I don't think you need to turn off autolearn, you may want to
> adjust your threshholds, mine are set to this:
>
> bayes_auto_learn_threshold_nonspam -0.1
> bayes_auto_learn_threshold_spam 12.0
>
> I have autolearn switched on, but I also manually train with
> false negatives, and I occasionally train a bunch of recent
> ham as ham.
OK. I will do that to!
rocsca
Re: Another false negative
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Hi,
Rocco Scappatura wrote:
>>> what it can be the reason of the different score assigned?
>>> why the second system doesn't assign an AWL score?
>> They give different Bayes scores so the Bayes databases have
>> been trained with different messages. Do you have autolearn
>> switched on?
>
> # Bayesian classifier auto-learning (default: 1)
> #
> # bayes_auto_learn 1
>
> Do I have to set it to 0?
No, but that may explain why the two servers have different Bayes scores
for similar messages. If they receive different message streams they
will be learning a different view of the email world.
> But Then how I have to instruct Spamassassin? What is the best way? Do I
> have a spam folder to instruct SA?
I don't think you need to turn off autolearn, you may want to adjust
your threshholds, mine are set to this:
bayes_auto_learn_threshold_nonspam -0.1
bayes_auto_learn_threshold_spam 12.0
I have autolearn switched on, but I also manually train with false
negatives, and I occasionally train a bunch of recent ham as ham.
>
>> And you must understand that the Bayes system is not a one
>> shot and you have if fixed kind of system. Just training a
>> single message will alter the scoring, but you may also need
>> to train it with a few similar messages for it to
>> significantly change its scoring.
>
> You're saying right. Now I understand.
>
> Thank you,
>
> rocsca
>
>
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> > what it can be the reason of the different score assigned?
> > why the second system doesn't assign an AWL score?
>
> They give different Bayes scores so the Bayes databases have
> been trained with different messages. Do you have autolearn
> switched on?
# Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1
Do I have to set it to 0?
But Then how I have to instruct Spamassassin? What is the best way? Do I
have a spam folder to instruct SA?
> And you must understand that the Bayes system is not a one
> shot and you have if fixed kind of system. Just training a
> single message will alter the scoring, but you may also need
> to train it with a few similar messages for it to
> significantly change its scoring.
You're saying right. Now I understand.
Thank you,
rocsca
Re: Another false negative
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Rocco Scappatura wrote:
>>> So you are saying that I have to train SA?
>> That would be how you would improve your Bayes accuracy, yes.
>
> I have trained SA on my server but I still get a score lower than 5.0..
>
> Content analysis details: (4.3 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
> tag
> 2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
> [score: 0.8738]
> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> 0.2 AWL AWL: From: address is in the auto white-list
>
> while on another server (that I have instructed with the same messages)
> I get:
>
> Content analysis details: (5.7 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
> tag
> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to
> 100%
> [score: 0.9996]
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>
> what it can be the reason of the different score assigned?
> why the second system doesn't assign an AWL score?
They give different Bayes scores so the Bayes databases have been
trained with different messages. Do you have autolearn switched on?
And you must understand that the Bayes system is not a one shot and you
have if fixed kind of system. Just training a single message will alter
the scoring, but you may also need to train it with a few similar
messages for it to significantly change its scoring.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> > So you are saying that I have to train SA?
>
> That would be how you would improve your Bayes accuracy, yes.
I have trained SA on my server but I still get a score lower than 5.0..
Content analysis details: (4.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
tag
2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
[score: 0.8738]
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.2 AWL AWL: From: address is in the auto white-list
while on another server (that I have instructed with the same messages)
I get:
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
tag
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to
100%
[score: 0.9996]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
what it can be the reason of the different score assigned?
why the second system doesn't assign an AWL score?
rocsca
Re: Another false negative
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Rocco Scappatura wrote:
>> Assuming this is your score line:
>>
>> > X-Spam-Status: No, score=2.5 required=5.0 >
>> tests=AWL,BAYES_50,HTML_30_40, >
>> HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
>> > autolearn=no version=3.1.8
>>
>> Then the biggest difference is that my Bayesian scoring gives it a
>> BAYES_99 score and your's gives it a BAYES_50 score.
>
> So you are saying that I have to train SA?
That would be how you would improve your Bayes accuracy, yes.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> Assuming this is your score line:
>
> > X-Spam-Status: No, score=2.5 required=5.0 >
> tests=AWL,BAYES_50,HTML_30_40, >
> HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
> > autolearn=no version=3.1.8
>
> Then the biggest difference is that my Bayesian scoring gives it a
> BAYES_99 score and your's gives it a BAYES_50 score.
So you are saying that I have to train SA?
rocsca
Re: Another false negative
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Hi,
Rocco Scappatura wrote:
>> I get the following:
>>
>> Content analysis details: (5.7 points, 5.0 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
>> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
>> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
>> 0.0 HTML_MESSAGE BODY: HTML included in message
>> 3.5 BAYES_99 BODY: Bayesian spam probability
>> is 99 to 100%
>> [score: 1.0000]
>> 0.0 MIME_HTML_ONLY BODY: Message only has text/html
>> MIME parts
Assuming this is your score line:
> X-Spam-Status: No, score=2.5 required=5.0
> tests=AWL,BAYES_50,HTML_30_40,
> HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
> autolearn=no version=3.1.8
Then the biggest difference is that my Bayesian scoring gives it a
BAYES_99 score and your's gives it a BAYES_50 score.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> I get the following:
>
> Content analysis details: (5.7 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 3.5 BAYES_99 BODY: Bayesian spam probability
> is 99 to 100%
> [score: 1.0000]
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html
> MIME parts
Please, could you tell me what do I miss?
TIA,
rocsca
Re: Another false negative
Posted by Anthony Peacock <a....@chime.ucl.ac.uk>.
Hi,
Rocco Scappatura wrote:
>> http://www.rocsca.it/INBOX
>
> Could someone give me an hint on how to block email like the one above?
>
> Thanks,
>
> rocsca
>
I get the following:
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> http://www.rocsca.it/INBOX
Could someone give me an hint on how to block email like the one above?
Thanks,
rocsca
> I get the following score:
>
> From niagarahi@tristan.trl.mei.co.jp Wed Mar 14 07:13:02 2007
> Return-Path: <ni...@tristan.trl.mei.co.jp>
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on av6.stt.vir
> X-Spam-Level: **
> X-Spam-Status: No, score=2.5 required=5.0
> tests=AWL,BAYES_50,HTML_30_40,
>
> HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
> autolearn=no version=3.1.8
> X-Original-To: rocsca@sttspa.it
> Delivered-To: rocco.scappatura@sttspa.it
> Received: by posta.sttspa.it (Postfix, from userid 7011)
> id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
> by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from localhost (localhost [127.0.0.1])
> by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> X-Virus-Scanned: amavisd-new at stt.vir
> Received: from av6.stt.vir ([127.0.0.1])
> by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new,
> port 10024)
> with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
> (CET)
> Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
> [203.118.114.113])
> by av6.stt.vir (Postfix) with SMTP id 362367500A2;
> Wed, 14 Mar 2007 07:13:14 +0100 (CET)
> Message-ID: <02...@kbra3qsxm9mslhj>
> Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> To: <ro...@sttspa.it>, <ry...@sttspa.it>
> Subject: transmitting wolf
> Date: Wed, 14 Mar 2007 13:13:02 +0700
> MIME-Version: 1.0
> Content-Type: text/html
>
> <html>
> <head>
> </head>
> <body>
>
>
> <p align="center"><b>Our Next Winner for<font
> color="#FF0000"> March 14th</font><br> <font
> color="#FF0000">CEO AMERICA INC </font><br> Tick : CEOA<br>
> <font color="#008080">Priced : $0.07</font><br> Won't last
> long at this stage, This one is going to<font
> color="#008080"> $1.00</font><br> Grab yourself some<font
> color="#0000FF"> tomorrow </font>avoid the rush<br> And
> experience a <font color="#008080">10 bagger.</font></p> <p
> align="center"><br> <font size="2">FAA said the rule change
> -- a temporary one -- was made for safety reasons. The
> NTSB's<br> of starting that fire with murder. A light wind
> was cited by federal investigators = San Benardino National
> Forest to its very core and shocked the entire world."<br>
> October 26 in Southern California's San Jacinto
> Mountains.=ttempted a U-turn with only 1,300 feet of room for
> the turn. To make a successful turn, </font></b></p>
>
> </body>
>
> </html>
>
>
> )
> Spam detection software, running on the system "av6.stt.vir",
> has identified this incoming email as possible spam. The
> original message has been attached to this so you can view it
> (if it isn't spam) or label similar future email. If you
> have any questions, see the administrator of that system for details.
>
> Content preview: Our Next Winner for March 14th CEO AMERICA
> INC Tick :
> CEOA
> Priced : $0.07 Won't last long at this stage, This one is
> going to $1.00
> Grab yourself some tomorrow avoid the rush And experience a
> 10 bagger.
> [...]
>
>
> Content analysis details: (2.5 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
> 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
> tag
> 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability
> is 40 to 60%
> [score: 0.5547]
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html
> MIME parts
> 0.3 AWL AWL: From: address is in the auto
> white-list
>
RE: Another false negative
Posted by Rocco Scappatura <Ro...@sttspa.it>.
> If you can post the full email (headers and body), I'll run it over my
> system which has lots and lots of third party add on rules from
> www.rulesemporium.com and others and see if I can make SA
> score it high
> enough for Amavisd-new to block the email..
Thanks.
http://www.rocsca.it/INBOX
I get the following score:
>From niagarahi@tristan.trl.mei.co.jp Wed Mar 14 07:13:02 2007
Return-Path: <ni...@tristan.trl.mei.co.jp>
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on av6.stt.vir
X-Spam-Level: **
X-Spam-Status: No, score=2.5 required=5.0 tests=AWL,BAYES_50,HTML_30_40,
HTML_MESSAGE,HTML_TEXT_AFTER_BODY,MIME_HTML_ONLY,SARE_PROLOSTOCK_SYM3
autolearn=no version=3.1.8
X-Original-To: rocsca@sttspa.it
Delivered-To: rocco.scappatura@sttspa.it
Received: by posta.sttspa.it (Postfix, from userid 7011)
id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
Wed, 14 Mar 2007 07:14:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at stt.vir
Received: from av6.stt.vir ([127.0.0.1])
by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
(CET)
Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
[203.118.114.113])
by av6.stt.vir (Postfix) with SMTP id 362367500A2;
Wed, 14 Mar 2007 07:13:14 +0100 (CET)
Message-ID: <02...@kbra3qsxm9mslhj>
Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
To: <ro...@sttspa.it>, <ry...@sttspa.it>
Subject: transmitting wolf
Date: Wed, 14 Mar 2007 13:13:02 +0700
MIME-Version: 1.0
Content-Type: text/html
<html>
<head>
</head>
<body>
<p align="center"><b>Our Next Winner for<font color="#FF0000"> March
14th</font><br>
<font color="#FF0000">CEO AMERICA INC </font><br>
Tick : CEOA<br>
<font color="#008080">Priced : $0.07</font><br>
Won't last long at this stage, This one is going to<font
color="#008080">
$1.00</font><br>
Grab yourself some<font color="#0000FF"> tomorrow </font>avoid the
rush<br>
And experience a <font color="#008080">10 bagger.</font></p>
<p align="center"><br>
<font size="2">FAA said the rule change -- a temporary one -- was made
for safety reasons. The NTSB's<br>
of starting that fire with murder. A light wind was cited by federal
investigators = San Benardino National Forest to its very core and
shocked the entire world."<br>
October 26 in Southern California's San Jacinto Mountains.=ttempted a
U-turn with only 1,300 feet of room for the turn. To make a successful
turn,
</font></b></p>
</body>
</html>
)
Spam detection software, running on the system "av6.stt.vir", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Our Next Winner for March 14th CEO AMERICA INC Tick :
CEOA
Priced : $0.07 Won't last long at this stage, This one is going to
$1.00
Grab yourself some tomorrow avoid the rush And experience a 10 bagger.
[...]
Content analysis details: (2.5 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam
0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close
tag
0.4 HTML_30_40 BODY: Message is 30% to 40% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5547]
0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.3 AWL AWL: From: address is in the auto white-list
RE: Another false negative
Posted by "Martin.Hepworth" <ma...@solidstatelogic.com>.
Hi
If you can post the full email (headers and body), I'll run it over my
system which has lots and lots of third party add on rules from
www.rulesemporium.com and others and see if I can make SA score it high
enough for Amavisd-new to block the email..
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: Rocco Scappatura [mailto:Rocco.Scappatura@sttspa.it]
> Sent: 14 March 2007 10:04
> To: SpamAssassin Users
> Subject: Another false negative
>
> Hello,
>
> SA have not blocked an email with this headers:
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
> Microsoft SMTPSVC(6.0.3790.1830);
> Wed, 14 Mar 2007 07:14:08 +0100
> Received: by posta.sttspa.it (Postfix, from userid 7011)
> id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
> by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from localhost (localhost [127.0.0.1])
> by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> X-Virus-Scanned: amavisd-new at stt.vir
> Received: from av6.stt.vir ([127.0.0.1])
> by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
> (CET)
> Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
> [203.118.114.113])
> by av6.stt.vir (Postfix) with SMTP id 362367500A2;
> Wed, 14 Mar 2007 07:13:14 +0100 (CET)
> Message-ID: <02...@kbra3qsxm9mslhj>
> Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> To: <ro...@sttspa.it>, <ry...@sttspa.it>
> Subject: transmitting wolf
> Date: Wed, 14 Mar 2007 13:13:02 +0700
> MIME-Version: 1.0
> Content-Type: text/html
> Return-Path: niagarahi@tristan.trl.mei.co.jp
> X-OriginalArrivalTime: 14 Mar 2007 06:14:08.0281 (UTC)
> FILETIME=[F9A5D890:01C765FF]
>
>
> which have in the body:
>
> Our Next Winner for March 14th
>
> and other contents..
>
> Why SA doesn't block this email? Do I miss some important ruleset?
> I'have already configured Postfix to use some DNSBL.
>
> Here my SA configuration:
>
> [19689] dbg: logger: adding facilities: all
> [19689] dbg: logger: logging level is DBG
> [19689] dbg: generic: SpamAssassin version 3.1.8
> [19689] dbg: config: score set 0 chosen.
> [19689] dbg: util: running in taint mode? yes
> [19689] dbg: util: taint mode: deleting unsafe environment variables,
> resetting PATH
> [19689] dbg: util: PATH included '/sbin', keeping
> [19689] dbg: util: PATH included '/usr/sbin', keeping
> [19689] dbg: util: PATH included '/usr/local/sbin', keeping
> [19689] dbg: util: PATH included '/opt/gnome/sbin', keeping
> [19689] dbg: util: PATH included '/root/bin', keeping
> [19689] dbg: util: PATH included '/usr/local/bin', keeping
> [19689] dbg: util: PATH included '/usr/bin', keeping
> [19689] dbg: util: PATH included '/usr/X11R6/bin', keeping
> [19689] dbg: util: PATH included '/bin', keeping
> [19689] dbg: util: PATH included '/usr/games', keeping
> [19689] dbg: util: PATH included '/opt/gnome/bin', keeping
> [19689] dbg: util: PATH included '/usr/lib/mit/bin', which doesn't
> exist, dropping
> [19689] dbg: util: PATH included '/usr/lib/mit/sbin', which doesn't
> exist, dropping
> [19689] dbg: util: final PATH set to:
>
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin
> :/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin
> [19689] dbg: message: ---- MIME PARSER START ----
> [19689] dbg: message: main message type: text/plain
> [19689] dbg: message: parsing normal part
> [19689] dbg: message: added part, type: text/plain
> [19689] dbg: message: ---- MIME PARSER END ----
> [19689] dbg: dns: is Net::DNS::Resolver available? yes
> [19689] dbg: dns: Net::DNS version: 0.59
> [19689] dbg: config: using "/etc/mail/spamassassin" for site rules pre
> files
> [19689] dbg: config: read file /etc/mail/spamassassin/init.pre
> [19689] dbg: config: read file /etc/mail/spamassassin/v310.pre
> [19689] dbg: config: read file /etc/mail/spamassassin/v312.pre
> [19689] dbg: config: using "/var/lib/spamassassin/3.001008" for sys
> rules pre files
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org.pre
> [19689] dbg: config: using "/var/lib/spamassassin/3.001008" for
default
> rules dir
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org.cf
> [19689] dbg: config: using "/etc/mail/spamassassin" for site rules dir
> [19689] dbg: config: read file
> /etc/mail/spamassassin/70_sare_evilnum0.cf
> [19689] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu.cf
> [19689] dbg: config: read file
/etc/mail/spamassassin/70_sare_random.cf
> [19689] dbg: config: read file
/etc/mail/spamassassin/70_sare_stocks.cf
> [19689] dbg: config: read file /etc/mail/spamassassin/FuzzyOcr.cf
> [19689] dbg: config: read file
> /etc/mail/spamassassin/bogus-virus-warnings.cf
> [19689] dbg: config: read file /etc/mail/spamassassin/local.cf
> [19689] dbg: config: read file /etc/mail/spamassassin/random.cf
> [19689] dbg: config: read file /etc/mail/spamassassin/tripwire.cf
> [19689] dbg: config: using "/root/.spamassassin" for user state dir
> [19689] dbg: config: using "/root/.spamassassin/user_prefs" for user
> prefs file
> [19689] dbg: config: read file /root/.spamassassin/user_prefs
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from
> @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from
> @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8edcc3c)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::SPF=HASH(0x8f3b5fc)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from
@INC
> [19689] dbg: pyzor: network tests on, attempting Pyzor
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Pyzor=HASH(0x8f586a0)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from
> @INC
> [19689] dbg: razor2: razor2 is not available
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::Razor2=HASH(0x8ec021c)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from
> @INC
> [19689] dbg: reporter: network tests on, attempting SpamCop
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::SpamCop=HASH(0x8fd7280)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::AWL=HASH(0x8ee3708)
> [19689] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ee1840)
> [19689] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x91b1c18)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader
from
> @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x91bdf40)
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags
> from @INC
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91cc3f0)
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/empty.pre
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/empty.pre"
for
> included file
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/10_misc.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.c
> f
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.
> cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_advance_fee.c
> f
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware.
> cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware
> .cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_anti_ratware.
> cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_body_tests.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_compensate.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.c
> f
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.
> cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_dnsbl_tests.c
> f
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_drugs.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_tes
> ts.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_te
> sts.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_fake_helo_tes
> ts.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_head_tests.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_html_tests.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_meta_tests.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
> " for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_net_tests.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_phrases.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_porn.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/20_ratware.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
> " for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/20_uri_tests.cf
> [19689] dbg: config: adding redirector regex:
> /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
> [19689] dbg: config: adding redirector regex:
> /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
> [19689] dbg: config: adding redirector regex:
>
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
> [19689] dbg: config: adding redirector regex:
> /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
> [19689] dbg: config: adding redirector regex:
> /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
> [19689] dbg: config: adding redirector regex:
> m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
> [19689] dbg: config: adding redirector regex:
> m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
> [19689] dbg: config: adding redirector regex:
> m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&#])'i
> [19689] dbg: config: adding redirector regex:
>
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:
> $|[&#])'i
> [19689] dbg: config: adding redirector regex:
>
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*
> ?(?<=%20|..[=+\s])site:(.*?)(?:$|%20|[\s+&#])'i
> [19689] dbg: config: adding redirector regex:
>
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*
> ?(?<=%20|..[=+\s])(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
> [19689] dbg: config: adding redirector regex:
>
m'^http:/*(?:\w+\.)?google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.
> *?)(?:$|[&#])'i
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/23_bayes.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_accessdb.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
> " for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_antivirus.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_es
> .cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_e
> s.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_es
> .cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_pl
> .cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_p
> l.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_body_tests_pl
> .cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dcc.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_dkim.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_domainkeys.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_hashcash.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_pyzor.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_razor2.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_replace.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_spf.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_textcat.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/25_uribl.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_de.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_fr.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_nl.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pl.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/30_text_pt_br.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf"
> for included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/50_scores.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/60_awl.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
> " for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk.
> cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk
> .cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk.
> cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dki
> m.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dk
> im.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_dki
> m.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_spf
> .cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sp
> f.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_spf
> .cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sub
> ject.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_su
> bject.cf" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/60_whitelist_sub
> ject.cf
> [19689] dbg: plugin: fixed relative path:
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf
> [19689] dbg: config: using
> "/var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf"
for
> included file
> [19689] dbg: config: read file
> /var/lib/spamassassin/3.001008/updates_spamassassin_org/70_iadb.cf
> [19689] dbg: plugin: fixed relative path:
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.cf
> [19689] dbg: config: using
>
"/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.c
> f" for included file
> [19689] dbg: config: read file
>
/var/lib/spamassassin/3.001008/updates_spamassassin_org/80_additional.cf
> [19689] dbg: plugin: fixed relative path:
> /etc/mail/spamassassin/FuzzyOcr.pm
> [19689] dbg: plugin: loading FuzzyOcr from
> /etc/mail/spamassassin/FuzzyOcr.pm
> Subroutine FuzzyOcr::O_CREAT redefined at
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
> at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
> Subroutine FuzzyOcr::O_EXCL redefined at
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
> at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
> Subroutine FuzzyOcr::O_RDWR redefined at
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
> at /usr/lib/perl5/5.8.8/i586-linux-thread-multi/POSIX.pm line 19
> [19689] dbg: plugin: registered FuzzyOcr=HASH(0x95439dc)
> [19689] dbg: plugin: FuzzyOcr=HASH(0x95439dc) implements
'parse_config'
> [19689] dbg: FuzzyOcr: focr_bin_helper:
> 'pnmnorm,pnminvert,ppmtopgm,pamtopnm'
> [19689] info: FuzzyOcr: Adding <4> new helper apps
> [19689] dbg: FuzzyOcr: focr_bin_helper: 'tesseract'
> [19689] info: FuzzyOcr: Adding <1> new helper apps
> [19689] info: FuzzyOcr: Starting preprocessor parser for file
> "/etc/mail/spamassassin/FuzzyOcr.preps"...
> [19689] dbg: FuzzyOcr: line: preprocessor normalize {
> [19689] dbg: FuzzyOcr: line: command = pnmnorm
> [19689] dbg: FuzzyOcr: line: }
> [19689] dbg: FuzzyOcr: line: preprocessor invert {
> [19689] dbg: FuzzyOcr: line: command = pnminvert
> [19689] dbg: FuzzyOcr: line: }
> [19689] dbg: FuzzyOcr: line: preprocessor ppmtopgm {
> [19689] dbg: FuzzyOcr: line: command = ppmtopgm
> [19689] dbg: FuzzyOcr: line: }
> [19689] dbg: FuzzyOcr: line: preprocessor pamtopnm {
> [19689] dbg: FuzzyOcr: line: command = pamtopnm
> [19689] dbg: FuzzyOcr: line: }
> [19689] dbg: FuzzyOcr: line: preprocessor pamthreshold {
> [19689] dbg: FuzzyOcr: line: command = pamthreshold
> [19689] dbg: FuzzyOcr: line: args = -simple -threshold 0.5
> [19689] dbg: FuzzyOcr: line: }
> [19689] dbg: FuzzyOcr: line: preprocessor maketiff {
> [19689] dbg: FuzzyOcr: line: command = pnmtotiff
> [19689] dbg: FuzzyOcr: line: args = -color -truecolor
> [19689] dbg: FuzzyOcr: line: }
> [19689] info: FuzzyOcr: Starting scanset parser for file
> "/etc/mail/spamassassin/FuzzyOcr.scansets"...
> [19689] dbg: FuzzyOcr: line scanset ocrad {
> [19689] dbg: FuzzyOcr: line command = $ocrad
> [19689] dbg: FuzzyOcr: line args = -s5 $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: FuzzyOcr: line scanset ocrad-invert {
> [19689] dbg: FuzzyOcr: line command = $ocrad
> [19689] dbg: FuzzyOcr: line args = -s5 -i $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: FuzzyOcr: line scanset ocrad-decolorize-invert {
> [19689] dbg: FuzzyOcr: line preprocessors = ppmtopgm, pamthreshold,
> pamtopnm
> [19689] dbg: FuzzyOcr: line command = $ocrad
> [19689] dbg: FuzzyOcr: line args = -s5 -i $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: FuzzyOcr: line scanset ocrad-decolorize {
> [19689] dbg: FuzzyOcr: line preprocessors = ppmtopgm, pamthreshold,
> pamtopnm
> [19689] dbg: FuzzyOcr: line command = $ocrad
> [19689] dbg: FuzzyOcr: line args = -s5 $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: FuzzyOcr: line scanset gocr {
> [19689] dbg: FuzzyOcr: line command = $gocr
> [19689] dbg: FuzzyOcr: line args = -i $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: FuzzyOcr: line scanset gocr-180 {
> [19689] dbg: FuzzyOcr: line command = $gocr
> [19689] dbg: FuzzyOcr: line args = -l 180 -d 2 -i $input
> [19689] dbg: FuzzyOcr: line }
> [19689] dbg: plugin: loading Mail::SpamAssassin::Plugin::DBI from
> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/DBI.pm
> [19689] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::DBI=HASH(0x959e374)
> [19689] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91cc3f0) implements
> 'finish_parsing_end'
> [19689] dbg: plugin: FuzzyOcr=HASH(0x95439dc) implements
> 'finish_parsing_end'
> [19689] dbg: replacetags: replacing tags
> [19689] dbg: replacetags: done replacing tags
> [19689] info: FuzzyOcr: Searching in: /usr/local/netpbm/bin
> [19689] info: FuzzyOcr: Searching in: /usr/local/bin
> [19689] info: FuzzyOcr: Searching in: /usr/bin
> [19689] dbg: FuzzyOcr: Using gifsicle => /usr/local/bin/gifsicle
> [19689] dbg: FuzzyOcr: Using giffix => /usr/local/bin/giffix
> [19689] dbg: FuzzyOcr: Using giftext => /usr/local/bin/giftext
> [19689] dbg: FuzzyOcr: Using gifinter => /usr/local/bin/gifinter
> [19689] dbg: FuzzyOcr: Using giftopnm =>
/usr/local/netpbm/bin/giftopnm
> [19689] dbg: FuzzyOcr: Using jpegtopnm =>
> /usr/local/netpbm/bin/jpegtopnm
> [19689] dbg: FuzzyOcr: Using pngtopnm =>
/usr/local/netpbm/bin/pngtopnm
> [19689] info: FuzzyOcr: Using bmptopnm =>
/usr/local/netpbm/bin/bmptopnm
> [19689] info: FuzzyOcr: Using tifftopnm =>
> /usr/local/netpbm/bin/tifftopnm
> [19689] dbg: FuzzyOcr: Using ppmhist => /usr/local/netpbm/bin/ppmhist
> [19689] info: FuzzyOcr: Using pamfile => /usr/local/netpbm/bin/pamfile
> [19689] info: FuzzyOcr: Using ocrad => /usr/local/bin/ocrad
> [19689] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr
> [19689] dbg: FuzzyOcr: Using pnmnorm => /usr/local/netpbm/bin/pnmnorm
> [19689] dbg: FuzzyOcr: Using pnminvert =>
> /usr/local/netpbm/bin/pnminvert
> [19689] info: FuzzyOcr: Using ppmtopgm =>
/usr/local/netpbm/bin/ppmtopgm
> [19689] info: FuzzyOcr: Using pamtopnm =>
/usr/local/netpbm/bin/pamtopnm
> [19689] info: FuzzyOcr: Using tesseract => /usr/local/bin/tesseract
> [19689] dbg: FuzzyOcr: Threshold[max_hash] => 5
> [19689] dbg: FuzzyOcr: Threshold[c] => 5
> [19689] dbg: FuzzyOcr: Threshold[s] => 0.01
> [19689] dbg: FuzzyOcr: Threshold[w] => 0.01
> [19689] dbg: FuzzyOcr: Threshold[h] => 0.01
> [19689] dbg: FuzzyOcr: Threshold[cn] => 0.01
> [19689] dbg: FuzzyOcr: focr_add_score => 1
> [19689] dbg: FuzzyOcr: focr_autodisable_negative_score => -5
> [19689] dbg: FuzzyOcr: focr_autodisable_score => 1000
> [19689] dbg: FuzzyOcr: focr_autosort_buffer => 10
> [19689] dbg: FuzzyOcr: focr_autosort_scanset => 1
> [19689] dbg: FuzzyOcr: focr_base_score => 5
> [19689] dbg: FuzzyOcr: focr_corrupt_score => 2.5
> [19689] dbg: FuzzyOcr: focr_corrupt_unfixable_score => 5
> [19689] dbg: FuzzyOcr: focr_counts_required => 2
> [19689] dbg: FuzzyOcr: focr_db_hash =>
> /etc/mail/spamassassin/FuzzyOcr.db
> [19689] dbg: FuzzyOcr: focr_db_max_days => 35
> [19689] dbg: FuzzyOcr: focr_db_safe =>
> /etc/mail/spamassassin/FuzzyOcr.safe.db
> [19689] dbg: FuzzyOcr: focr_digest_db =>
> /etc/mail/spamassassin/FuzzyOcr.hashdb
> [19689] dbg: FuzzyOcr: focr_enable_image_hashing => 0
> [19689] dbg: FuzzyOcr: focr_global_timeout => 0
> [19689] dbg: FuzzyOcr: focr_global_wordlist =>
> /etc/mail/spamassassin/FuzzyOcr.words
> [19689] dbg: FuzzyOcr: focr_hashing_learn_scanned => 1
> [19689] dbg: FuzzyOcr: focr_keep_bad_images => 0
> [19689] dbg: FuzzyOcr: focr_log_pmsinfo => 1
> [19689] dbg: FuzzyOcr: focr_log_stderr => 1
> [19689] dbg: FuzzyOcr: focr_logfile => /var/amavis/log/FuzzyOcr.log
> [19689] dbg: FuzzyOcr: focr_max_height => 800
> [19689] dbg: FuzzyOcr: focr_max_width => 800
> [19689] dbg: FuzzyOcr: focr_min_height => 4
> [19689] dbg: FuzzyOcr: focr_min_width => 4
> [19689] dbg: FuzzyOcr: focr_minimal_scanset => 1
> [19689] dbg: FuzzyOcr: focr_mysql_db => FuzzyOcr
> [19689] dbg: FuzzyOcr: focr_mysql_hash => Hash
> [19689] dbg: FuzzyOcr: focr_mysql_host => localhost
> [19689] dbg: FuzzyOcr: focr_mysql_port => 3306
> [19689] dbg: FuzzyOcr: focr_mysql_safe => Safe
> [19689] dbg: FuzzyOcr: focr_mysql_update_hash => 0
> [19689] dbg: FuzzyOcr: focr_mysql_user => fuzzyocr
> [19689] dbg: FuzzyOcr: focr_no_homedirs => 0
> [19689] dbg: FuzzyOcr: focr_path_bin =>
> /usr/local/netpbm/bin:/usr/local/bin:/usr/bin
> [19689] dbg: FuzzyOcr: focr_personal_wordlist =>
> __userstate__/FuzzyOcr.words
> [19689] dbg: FuzzyOcr: focr_preprocessor_file =>
> /etc/mail/spamassassin/FuzzyOcr.preps
> [19689] dbg: FuzzyOcr: focr_scanset_file =>
> /etc/mail/spamassassin/FuzzyOcr.scansets
> [19689] dbg: FuzzyOcr: focr_score_ham => 0
> [19689] dbg: FuzzyOcr: focr_skip_bmp => 0
> [19689] dbg: FuzzyOcr: focr_skip_gif => 0
> [19689] dbg: FuzzyOcr: focr_skip_jpeg => 0
> [19689] dbg: FuzzyOcr: focr_skip_png => 0
> [19689] dbg: FuzzyOcr: focr_skip_tiff => 0
> [19689] dbg: FuzzyOcr: focr_skip_updates => 0
> [19689] dbg: FuzzyOcr: focr_strip_numbers => 1
> [19689] dbg: FuzzyOcr: focr_threshold => 0.25
> [19689] dbg: FuzzyOcr: focr_timeout => 10
> [19689] dbg: FuzzyOcr: focr_twopass_scoring_factor => 1.5
> [19689] dbg: FuzzyOcr: focr_unique_matches => 0
> [19689] dbg: FuzzyOcr: focr_verbose => 3
> [19689] dbg: FuzzyOcr: focr_wrongctype_score => 1.5
> [19689] dbg: FuzzyOcr: focr_wrongext_score => 1.5
> [19689] info: FuzzyOcr: Loaded preprocessor normalize:
> /usr/local/netpbm/bin/pnmnorm
> [19689] info: FuzzyOcr: Loaded preprocessor invert:
> /usr/local/netpbm/bin/pnminvert
> [19689] info: FuzzyOcr: Loaded preprocessor ppmtopgm:
> /usr/local/netpbm/bin/ppmtopgm
> [19689] info: FuzzyOcr: Loaded preprocessor pamtopnm:
> /usr/local/netpbm/bin/pamtopnm
> [19689] info: FuzzyOcr: Loaded preprocessor pamthreshold: pamthreshold
> -simple -threshold 0.5
> [19689] info: FuzzyOcr: Loaded preprocessor maketiff: pnmtotiff -color
> -truecolor
> [19689] info: FuzzyOcr: Using scan ocrad: /usr/local/bin/ocrad -s5
> $input
> [19689] info: FuzzyOcr: Using scan ocrad-invert: /usr/local/bin/ocrad
> -s5 -i $input
> [19689] info: FuzzyOcr: Using scan ocrad-decolorize-invert:
> /usr/local/bin/ocrad -s5 -i $input
> [19689] info: FuzzyOcr: Using scan ocrad-decolorize:
> /usr/local/bin/ocrad -s5 $input
> [19689] info: FuzzyOcr: Using scan gocr: /usr/bin/gocr -i $input
> [19689] info: FuzzyOcr: Using scan gocr-180: /usr/bin/gocr -l 180 -d 2
> -i $input
> [19689] dbg: bayes: using username: amavis
> [19689] dbg: dbiplugin: Creating uncached database handle to
> 'bayes:127.0.0.1_bayes_bayes_AutoCommit=0_PrintError=0_Username=bayes'
> [19689] dbg: bayes: database connection established
> [19689] dbg: bayes: found bayes db version 3
> [19689] dbg: bayes: Using userid: 1
> [19689] dbg: config: score set 3 chosen.
> [19689] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0
> [19689] dbg: dns: testing resolver nameservers: 127.0.0.1,
> 80.74.176.132, 80.74.180.132
> [19689] dbg: dns: trying (3) kernel.org...
> [19689] dbg: dns: looking up NS for 'kernel.org'
> [19689] dbg: dns: NS lookup of kernel.org using 127.0.0.1 succeeded =>
> DNS available (set dns_available to override)
> [19689] dbg: dns: is DNS available? 1
> [19689] dbg: dns: looking up PTR record for '80.74.176.144'
> [19689] dbg: dns: PTR for '80.74.176.144': 'mail4.sttspa.it'
> [19689] dbg: received-header: parsed as [ ip=80.74.176.144
> rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
> envfrom= intl=0 id= auth= ]
> [19689] dbg: dns: looking up A records for 'srv5.stt.loc'
> [19689] dbg: dns: A records for 'srv5.stt.loc': 10.3.253.16
> [19689] dbg: dns: looking up A records for 'srv5.stt.loc'
> [19689] dbg: dns: A records for 'srv5.stt.loc': 10.3.253.16
> [19689] dbg: received-header: 'by' srv5.stt.loc has private IP
> 10.3.253.16
> [19689] dbg: received-header: 'by' srv5.stt.loc has no public IPs
> [19689] dbg: received-header: relay 80.74.176.144 trusted? yes
internal?
> no
> [19689] dbg: received-header: parsed as [ ip=80.74.176.141
> rdns=smtp02.sttspa.it helo=av6.stt.vir by=posta.sttspa.it ident=
> envfrom= intl=0 id=6858B1098004 auth= ]
> [19689] dbg: dns: looking up A records for 'posta.sttspa.it'
> [19689] dbg: dns: A records for 'posta.sttspa.it': 80.74.176.144
> [19689] dbg: received-header: 'by' posta.sttspa.it has public IP
> 80.74.176.144
> [19689] dbg: received-header: relay 80.74.176.141 trusted? no
internal?
> no
> [19689] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost
> helo=localhost by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7
> auth= ]
> [19689] dbg: received-header: relay 127.0.0.1 trusted? no internal? no
> [19689] dbg: dns: IP is private, not looking up PTR: 127.0.0.1
> [19689] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=
> helo=av6.stt.vir by=localhost ident= envfrom= intl=0 id=I3LCVzlxLfiv
> auth= ]
> [19689] dbg: received-header: relay 127.0.0.1 trusted? no internal? no
> [19689] dbg: received-header: parsed as [ ip=203.118.114.113
> rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
> by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
> [19689] dbg: received-header: relay 203.118.114.113 trusted? no
> internal? no
> [19689] dbg: metadata: X-Spam-Relays-Trusted: [ ip=80.74.176.144
> rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
> envfrom= intl=0 id= auth= ]
> [19689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=80.74.176.141
> rdns=smtp02.sttspa.it helo=av6.stt.vir by=posta.sttspa.it ident=
> envfrom= intl=0 id=6858B1098004 auth= ] [ ip=127.0.0.1 rdns=localhost
> helo=localhost by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7
> auth= ] [ ip=127.0.0.1 rdns= helo=av6.stt.vir by=localhost ident=
> envfrom= intl=0 id=I3LCVzlxLfiv auth= ] [ ip=203.118.114.113
> rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
> by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
> [19689] dbg: metadata: X-Spam-Relays-Internal:
> [19689] dbg: metadata: X-Spam-Relays-External: [ ip=80.74.176.144
> rdns=mail4.sttspa.it helo=posta.sttspa.it by=srv5.stt.loc ident=
> envfrom= intl=0 id= auth= ] [ ip=80.74.176.141 rdns=smtp02.sttspa.it
> helo=av6.stt.vir by=posta.sttspa.it ident= envfrom= intl=0
> id=6858B1098004 auth= ] [ ip=127.0.0.1 rdns=localhost helo=localhost
> by=av6.stt.vir ident= envfrom= intl=0 id=7777F7500A7 auth= ] [
> ip=127.0.0.1 rdns= helo=av6.stt.vir by=localhost ident= envfrom=
intl=0
> id=I3LCVzlxLfiv auth= ] [ ip=203.118.114.113
> rdns=203-118-114-113.static.asianet.co.th helo=kbra3qsxm9mslhj
> by=av6.stt.vir ident= envfrom= intl=0 id=362367500A2 auth= ]
> [19689] dbg: message: ---- MIME PARSER START ----
> [19689] dbg: message: main message type: text/html
> [19689] dbg: message: parsing normal part
> [19689] dbg: message: added part, type: text/html
> [19689] dbg: message: ---- MIME PARSER END ----
> [19689] dbg: message: no encoding detected
> [19689] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
> 'parsed_metadata'
> [19689] dbg: uridnsbl: domains to query:
> [19689] dbg: dns: checking RBL sa-other.bondedsender.org., set
> bsp-untrusted
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113
> [19689] dbg: dns: launching DNS TXT query for
> 113.114.118.203.sa-other.bondedsender.org. in background
> [19689] dbg: dns: checking RBL combined.njabl.org., set
> njabl-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: launching DNS A query for
> 144.176.74.80.combined.njabl.org. in background
> [19689] dbg: dns: checking RBL combined.njabl.org., set njabl
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
> 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 113.114.118.203.combined.njabl.org. in background
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.combined.njabl.org. in background
> [19689] dbg: dns: checking RBL bl.spamcop.net., set spamcop
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
> 80.74.176.141
> [19689] dbg: dns: launching DNS TXT query for
> 113.114.118.203.bl.spamcop.net. in background
> [19689] dbg: dns: launching DNS TXT query for
> 141.176.74.80.bl.spamcop.net. in background
> [19689] dbg: message: Return-Path header found after 1 or more
Received
> lines, cannot trust envelope-from
> [19689] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: launching DNS A query for
> 144.176.74.80.zen.spamhaus.org. in background
> [19689] dbg: dns: checking RBL dnsbl.sorbs.net., set
sorbs-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: launching DNS A query for
> 144.176.74.80.dnsbl.sorbs.net. in background
> [19689] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
> 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 113.114.118.203.dnsbl.sorbs.net. in background
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.dnsbl.sorbs.net. in background
> [19689] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: checking RBL sa-accredit.habeas.com., set
> habeas-firsttrusted
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.sa-accredit.habeas.com. in background
> [19689] dbg: dns: checking RBL
> combined-HIB.dnsiplists.completewhois.com., set whois
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
> 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 113.114.118.203.combined-HIB.dnsiplists.completewhois.com. in
background
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.combined-HIB.dnsiplists.completewhois.com. in background
> [19689] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: launching DNS TXT query for
> 144.176.74.80.list.dsbl.org. in background
> [19689] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
> bsp-firsttrusted
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
> [19689] dbg: dns: launching DNS TXT query for
> 141.176.74.80.sa-trusted.bondedsender.org. in background
> [19689] dbg: dns: checking RBL
> combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.144
> [19689] dbg: dns: launching DNS A query for
> 144.176.74.80.combined-HIB.dnsiplists.completewhois.com. in background
> [19689] dbg: dns: checking RBL zen.spamhaus.org., set zen
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 203.118.114.113,
> 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 113.114.118.203.zen.spamhaus.org. in background
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.zen.spamhaus.org. in background
> [19689] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
> [19689] dbg: dns: IPs found: full-external: 80.74.176.144,
> 80.74.176.141, 127.0.0.1, 127.0.0.1, 203.118.114.113 untrusted:
> 80.74.176.141, 203.118.114.113 originating:
> [19689] dbg: dns: only inspecting the following IPs: 80.74.176.141
> [19689] dbg: dns: launching DNS A query for
> 141.176.74.80.iadb.isipp.com. in background
> [19689] dbg: check: running tests for priority: 0
> [19689] dbg: rules: running header regexp tests; score so far=0
> [19689] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
> [19689] dbg: rules: ran header rule __CTYPE_HTML ======> got hit:
> "text/html"
> [19689] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
> [19689] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
> "<02...@kbra3qsxm9mslhj>
> [19689] dbg: rules: "
> [19689] dbg: message: Return-Path header found after 1 or more
Received
> lines, cannot trust envelope-from
> [19689] dbg: rules: ran header rule __REPTO_QUOTE ======> got hit:
> ""IParker NDickey" <"
> [19689] dbg: rules: ran header rule __CT ======> got hit: "t"
> [19689] dbg: rules: ran header rule __MIME_VERSION ======> got hit:
"1"
> [19689] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
> [19689] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "t"
> [19689] dbg: rules: ran header rule __REPTO_OVERQUOTE ======> got hit:
> ""IParker NDickey" <"
> [19689] dbg: spf: checking HELO (helo=posta.sttspa.it,
ip=80.74.176.144)
> [19689] dbg: spf: cannot load or create Mail::SPF::Query module: Can't
> locate Mail/SPF/Query.pm in @INC (@INC contains: ..
> /etc/mail/spamassassin
> /usr/lib/perl5/site_perl/5.8.8/i586-linux-thread-multi
> /usr/lib/perl5/site_perl/5.8.8
> /usr/lib/perl5/5.8.8/i586-linux-thread-multi /usr/lib/perl5/5.8.8
> /usr/lib/perl5/site_perl
> /usr/lib/perl5/vendor_perl/5.8.8/i586-linux-thread-multi
> /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl) at
> /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/SPF.pm line
287.
> [19689] dbg: eval: all '*From' addrs: niagarahi@tristan.trl.mei.co.jp
> [19689] dbg: eval: forged-HELO: from=smtp02.sttspa.it helo=stt.vir
> by=posta.sttspa.it
> [19689] dbg: eval: forged-HELO: mismatch on HELO: 'stt.vir' !=
> 'smtp02.sttspa.it'
> [19689] dbg: eval: forged-HELO: from=(undef) helo=localhost by=stt.vir
> [19689] dbg: eval: forged-HELO: mismatch on from: 'smtp02.sttspa.it'
!=
> 'stt.vir'
> [19689] dbg: eval: forged-HELO: from=asianet.co.th
helo=kbra3qsxm9mslhj
> by=stt.vir
> [19689] dbg: rules: ran eval rule FORGED_RCVD_HELO ======> got hit
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:14:08 +0100
> [19689] dbg: eval: time_t from date=1173852848, rcvd= 14 Mar 2007
> 07:14:08 +0100
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:14:06 +0100
> [19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
> 07:14:06 +0100
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:14:06 +0100
> [19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
> 07:14:06 +0100
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:14:06 +0100
> [19689] dbg: eval: time_t from date=1173852846, rcvd= 14 Mar 2007
> 07:14:06 +0100
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:14:03 +0100
> [19689] dbg: eval: time_t from date=1173852843, rcvd= 14 Mar 2007
> 07:14:03 +0100
> [19689] dbg: eval: trying Received header date for real time: 14 Mar
> 2007 07:13:14 +0100
> [19689] dbg: eval: time_t from date=1173852794, rcvd= 14 Mar 2007
> 07:13:14 +0100
> [19689] dbg: eval: all '*To' addrs: rocsca@sttspa.it ryan@sttspa.it
> [19689] dbg: spf: relayed through one or more trusted relays, cannot
use
> header-based Envelope-From, skipping
> [19689] dbg: spf: def_spf_whitelist_from: could not find useable
> envelope sender
> [19689] dbg: eval: date chosen from message: Wed Mar 14 07:13:14 2007
> [19689] dbg: spf: spf_whitelist_from: could not find useable envelope
> sender
> [19689] dbg: rules: running body-text per-line regexp tests; score so
> far=0.135
> [19689] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "t"
> [19689] dbg: uri: running uri tests; score so far=0.135
> [19689] dbg: rules: ran eval rule __HTML_LENGTH_512 ======> got hit
> [19689] dbg: bayes: corpus size: nspam = 7753573, nham = 5656042
> [19689] dbg: bayes: tok_get_all: token count: 98
> [19689] dbg: bayes: score = 0.490918784057474
> [19689] dbg: rules: ran eval rule __HTML_LENGTH_0000_1024 ======> got
> hit
> [19689] dbg: rules: ran eval rule HTML_SHORT_LENGTH ======> got hit
> [19689] dbg: rules: ran eval rule __MIME_HTML ======> got hit
> [19689] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit
> [19689] dbg: rules: ran eval rule __HTML_LENGTH_384 ======> got hit
> [19689] dbg: rules: ran eval rule BAYES_50 ======> got hit
> [19689] dbg: rules: ran eval rule MIME_HTML_ONLY ======> got hit
> [19689] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=1.712
> [19689] dbg: rules: running full-text regexp tests; score so far=1.712
> [19689] dbg: util: current PATH is:
>
/sbin:/usr/sbin:/usr/local/sbin:/opt/gnome/sbin:/root/bin:/usr/local/bin
> :/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome/bin
> [19689] dbg: pyzor: pyzor is not available: no pyzor executable found
> [19689] dbg: pyzor: no pyzor found, disabling Pyzor
> [19689] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
> 'check_tick'
> [19689] dbg: check: running tests for priority: 500
> [19689] dbg: dns: success for 16 of 19 queries
> [19689] dbg: dns: timeout for whois-lastexternal after 4 seconds
> [19689] dbg: dns: timeout for whois after 4 seconds
> [19689] dbg: dns: timeout for whois after 4 seconds
> [19689] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x835e338) implements
> 'check_post_dnsbl'
> [19689] dbg: rules: running meta tests; score so far=1.712
> [19689] info: rules: meta test DIGEST_MULTIPLE has undefined
dependency
> 'DCC_CHECK'
> [19689] info: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined
> dependency 'VIRUS_WARNING_MYDOOM4'
> [19689] info: rules: meta test SARE_OBFU_CIALIS has undefined
dependency
> 'SARE_OBFU_CIALIS2'
> [19689] dbg: rules: running header regexp tests; score so far=2.794
> [19689] dbg: rules: running body-text per-line regexp tests; score so
> far=2.794
> [19689] dbg: uri: running uri tests; score so far=2.794
> [19689] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=2.794
> [19689] dbg: rules: running full-text regexp tests; score so far=2.794
> [19689] dbg: check: running tests for priority: 900
> [19689] dbg: rules: running meta tests; score so far=2.794
> [19689] dbg: rules: running header regexp tests; score so far=2.794
> [19689] dbg: rules: running body-text per-line regexp tests; score so
> far=2.794
> [19689] dbg: uri: running uri tests; score so far=2.794
> [19689] dbg: FuzzyOcr: Starting FuzzyOcr...
> [19689] info: FuzzyOcr: Processing Message with ID
> "<02...@kbra3qsxm9mslhj>" ("IParker NDickey"
> <ni...@tristan.trl.mei.co.jp> -> <ro...@sttspa.it>,
> <ry...@sttspa.it>)
> [19689] dbg: FuzzyOcr: Skipping OCR, no image files found...
> [19689] dbg: FuzzyOcr: Processed in 0.000590 sec.
> [19689] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=2.794
> [19689] dbg: rules: running full-text regexp tests; score so far=2.794
> [19689] dbg: check: running tests for priority: 1000
> [19689] dbg: rules: running meta tests; score so far=2.794
> [19689] dbg: rules: running header regexp tests; score so far=2.794
> [19689] dbg: dbiplugin: Creating uncached database handle to
> 'bayes:127.0.0.1_bayes_bayes_AutoCommit=1_PrintError=0_Username=bayes'
> [19689] dbg: auto-whitelist: sql-based connected to
> DBI:mysql:bayes:127.0.0.1
> [19689] dbg: auto-whitelist: sql-based using username: root
> [19689] dbg: auto-whitelist: sql-based get_addr_entry: found existing
> entry for niagarahi@tristan.trl.mei.co.jp|ip=203.118
> [19689] dbg: auto-whitelist: sql-based
> niagarahi@tristan.trl.mei.co.jp|ip=203.118 scores 1/2.794
> [19689] dbg: auto-whitelist: AWL active, pre-score: 2.794, autolearn
> score: 2.794, mean: 2.794, IP: 203.118.114.113
> [19689] dbg: auto-whitelist: sql-based add_score: new count: 2, new
> totscore: 5.588 for niagarahi@tristan.trl.mei.co.jp|ip=203.118
> [19689] dbg: auto-whitelist: sql-based finish: disconnected from
> DBI:mysql:bayes:127.0.0.1
> [19689] dbg: auto-whitelist: post auto-whitelist score: 2.794
> [19689] dbg: rules: running body-text per-line regexp tests; score so
> far=2.794
> [19689] dbg: uri: running uri tests; score so far=2.794
> [19689] dbg: rules: running raw-body-text per-line regexp tests; score
> so far=2.794
> [19689] dbg: rules: running full-text regexp tests; score so far=2.794
> [19689] dbg: plugin:
> Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ee1840)
> implements 'autolearn_discriminator'
> [19689] dbg: learn: auto-learn: currently using scoreset 3,
recomputing
> score based on scoreset 1
> [19689] dbg: learn: auto-learn: message score: 2.794, computed score
for
> autolearn: 1.143
> [19689] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=0.631,
> head-points=0, learned-points=0.001
> [19689] dbg: learn: auto-learn? no: inside auto-learn thresholds, not
> considered ham or spam
> [19689] dbg: check: is spam? score=2.794 required=5
> [19689] dbg: check:
>
tests=BAYES_50,FORGED_RCVD_HELO,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_
> SHORT_LENGTH,MIME_HTML_ONLY
> [19689] dbg: check:
>
subtests=__CT,__CTYPE_HTML,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HTML_L
>
ENGTH_0000_1024,__HTML_LENGTH_384,__HTML_LENGTH_512,__MIME_HTML,__MIME_V
>
ERSION,__NONEMPTY_BODY,__REPTO_OVERQUOTE,__REPTO_QUOTE,__SANE_MSGID,__TO
> CC_EXISTS
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on av6.stt.vir
> X-Spam-Level: **
> X-Spam-Status: No, score=2.8 required=5.0
> tests=BAYES_50,FORGED_RCVD_HELO,
>
> HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,HTML_SHORT_LENGTH,MIME_HTML_ONLY
> autolearn=no version=3.1.8
> Microsoft Mail Internet Headers Version 2.0
> Received: from posta.sttspa.it ([80.74.176.144]) by srv5.stt.loc with
> Microsoft SMTPSVC(6.0.3790.1830);
> Wed, 14 Mar 2007 07:14:08 +0100
> Received: by posta.sttspa.it (Postfix, from userid 7011)
> id 8F9A51098056; Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from av6.stt.vir (smtp02.sttspa.it [80.74.176.141])
> by posta.sttspa.it (Postfix) with ESMTP id 6858B1098004;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> Received: from localhost (localhost [127.0.0.1])
> by av6.stt.vir (Postfix) with ESMTP id 7777F7500A7;
> Wed, 14 Mar 2007 07:14:06 +0100 (CET)
> X-Virus-Scanned: amavisd-new at stt.vir
> Received: from av6.stt.vir ([127.0.0.1])
> by localhost (av6.stt.vir [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id I3LCVzlxLfiv; Wed, 14 Mar 2007 07:14:03 +0100
> (CET)
> Received: from kbra3qsxm9mslhj (203-118-114-113.static.asianet.co.th
> [203.118.114.113])
> by av6.stt.vir (Postfix) with SMTP id 362367500A2;
> Wed, 14 Mar 2007 07:13:14 +0100 (CET)
> Message-ID: <02...@kbra3qsxm9mslhj>
> Reply-To: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> From: "IParker NDickey" <ni...@tristan.trl.mei.co.jp>
> To: <ro...@sttspa.it>, <ry...@sttspa.it>
> Subject: transmitting wolf
> Date: Wed, 14 Mar 2007 13:13:02 +0700
> MIME-Version: 1.0
> Content-Type: text/html
> Return-Path: niagarahi@tristan.trl.mei.co.jp
> X-OriginalArrivalTime: 14 Mar 2007 06:14:08.0281 (UTC)
> FILETIME=[F9A5D890:01C765FF]
>
>
> Spam detection software, running on the system "av6.stt.vir", has
> identified this incoming email as possible spam. The original message
> has been attached to this so you can view it (if it isn't spam) or
label
> similar future email. If you have any questions, see
> the administrator of that system for details.
>
> Content preview: [...]
>
> Content analysis details: (2.8 points, 5.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
> 1.6 HTML_SHORT_LENGTH BODY: HTML is extremely short
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to
60%
> [score: 0.4909]
> 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME
parts
> 1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
>
>
>
> BR,
>
> rocsca
**********************************************************************
Confidentiality : This e-mail and any attachments are intended for the
addressee only and may be confidential. If they come to you in error
you must take no action based on them, nor must you copy or show them
to anyone. Please advise the sender by replying to this e-mail
immediately and then delete the original from your computer.
Opinion : Any opinions expressed in this e-mail are entirely those of
the author and unless specifically stated to the contrary, are not
necessarily those of the author's employer.
Security Warning : Internet e-mail is not necessarily a secure
communications medium and can be subject to data corruption. We advise
that you consider this fact when e-mailing us.
Viruses : We have taken steps to ensure that this e-mail and any
attachments are free from known viruses but in keeping with good
computing practice, you should ensure that they are virus free.
Red Lion 49 Ltd T/A Solid State Logic
Registered as a limited company in England and Wales
(Company No:5362730)
Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
United Kingdom
**********************************************************************