Mail flagged as spam on command line getting passed through as ham

Thu, 18 Jan 2018 11:52:41 -0800 

I've been getting annoying spams for "Shark Tank". I added a simple rule in 
local.cf to check the subject line:

header SHARK_TANK       Subject =~ /\bshark tank\b/i
score SHARK_TANK 7 7 7 7

The mail still get through. In my inbox:

X-Spam-Flag: NO
X-Spam-Score: 4.148
X-Spam-Level: ****
X-Spam-Status: No, score=4.148 required=6.2 tests=[BAYES_80=2, DIET_1=0.001,
        HTML_IMAGE_RATIO_02=0.437, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001,
        T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01, T_SPF_TEMPERROR=0.01,
        URIBL_BLACK=1.7] autolearn=no autolearn_force=no

If I pass the mail through spamassasin on the command line, it gets flagged as 
spam:

spamassassin -D < spam-mail-shark-tank.txt >out.txt 2>&1

In  out.txt:

X-Spam-Flag: YES
X-Spam-Level: ********************
X-Spam-Status: Yes, score=20.5 required=5.0 tests=BAYES_60,DIET_1,
        HTML_IMAGE_RATIO_02,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,
        
RCVD_IN_SBL_CSS,SHARK_TANK,SPF_HELO_PASS,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,
        URIBL_BLACK,URIBL_DBL_SPAM autolearn=spam autolearn_force=no 
version=3.4.1
X-Spam-Report:
        *  7.0 SHARK_TANK No description available.
        *  1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
        *      blocklist
        *      [URIs: coloringkidsus.com]
        *  3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
        *      [107.175.23.4 listed in zen.spamhaus.org]
        *  2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
        *      [URIs: coloringkidsus.com]
        *  1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
        *      [URIs: coloringkidsus.com]
        * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
        *  0.0 DIET_1 BODY: Lose Weight Spam
        *  0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image 
area
        *  1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
        *      [score: 0.7650]
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  1.9 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
        *      [cf: 100]        *  0.9 RAZOR2_CHECK Listed in Razor2 
(http://razor.sf.net/
        *  0.0 T_REMOTE_IMAGE Message contains an external image
X-Spam-Bayes: bayes=0.7650, N=176(88-0+3), ham=(), spam=(shark, Pill, craze)

Any ideas what I'm doing wrong?

Thanks,

Andy

Reply via email to