Firstly, I can bring up the list of tests, but is there any way that I can find out more explanation of the tests? There are really two aspects to this question - the brief descriptions of the tests often refer to technical details about mail delivery that I (as a user, not administrator) have never needed to know about - for example FAKE_HELO_AOL refers to "Host HELO did not match rDNS". Is there anywhere that gives a basic explanation of what this means with respect to SpamAssassin?
Unfortunately most of SA is written by people who are system administrators and mail system experts by trade. This means that their natural writing style is a bit technical. I've been trying to help populate the wiki with some FAQ material of a low-tech sort, as have others, but it's a work in progress at best.
http://wiki.spamassassin.org/w/
In specific about your question, programs delivering mail to a mailserver normally "greet" the server prior to delivering mail with a HELO command (or EHLO). Following the command is a text string to identify the machine making the delivery, and normally this is the full domain name of the machine delivering mail.
The server receiving the mail makes a note of this HELO, but also makes a note of the IP address of the machine delivering mail. It also uses a reverse-DNS lookup to try to find out what the DNS system thinks the name of the machine delivering mail is.
In a normal exchange, these match. For example, look at this exchange of mail noted by one of sourceforge.net's mailserver's one of your ISP's servers dropped your message off:
Received: from cumulus.netspace.net.au ([203.10.110.72] helo=mail.netspace.net.au)
by sc8-sf-mx1.sourceforge.net with esmtp (Exim 4.24)
In this case, a netspace server connected to c8-sf-mx1.sourceforge.net. It then stated it's name with: "HELO mail.netspace.net.au".
Sourceforge's mailserver noted the source IP address of the server that connected, 203.10.110.72. It then ran a reverse DNS lookup on it, and got cumulus.netspace.net.au. Since many servers have multiple names, this minor discrepancy isn't surprising.. the reverse DNS can only map to one of the many names it has.
On the otherhand, discrepancies like HELO mail.aol.com, coming from an IP address that reverses to something like "chello080108078056.15.11.vie.surfer.at" is quite suspicious. An AOL mailserver should resolve as being part of AOL, and certainly not some ISP in austria.
In addition, there are some things that I can understand, but cannot figure out any reason for the points assigned to them - for example why is HTML_00_10 worth a point, while HTML_20_30 worth only 0.69 points?
How scores are assigned is in the FAQ:
http://wiki.spamassassin.org/w/HowScoresAreAssigned
Some more "conceptual" discussion of the mass-check/GA system is also mentioned in this one:
http://wiki.spamassassin.org/w/VirusScannerTypeUpdates
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
