The header: x-originating-ip: [86.129.191.88] is being put in by office 365.. it is already in when our exim (FreeBSD Port Exim-sa-exim) receives the mail from Office 365..
IS there a way to make SpamAssassin ignore this x- header? Jonathan > On 25 Nov 2020, at 14:13, Kevin A. McGrail <kmcgr...@apache.org> wrote: > > Behavior referring to is known as deep header parsing and refers usually to > checking the received headers farther than the most recent relay. > > As you mentioned it causes false positives with people using normal ISPs to > connect and getting marked despite a proper relay. > > But yeah I don't know where that x originating IP header is coming from. > What are you using as your glued implement spam assassin? > > > > > On Wed, Nov 25, 2020, 09:05 Jonathan Gilpin <jonat...@fluent.ltd.uk > <mailto:jonat...@fluent.ltd.uk>> wrote: > > I was always of the understanding that a senders IP address was irrelevant > when sending using authenticated SMTP or say Office 365.. > > However, today I noticed a mail from someone using BT, whose broadband IP is > blacklisted, was marked as spam even though it was sent through office 365, > authenticated: > > * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > * blocked. See > * http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block> > * for more information. > * [URIs: blah.com <http://blah.com/>] > * 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org > <http://cbl.abuseat.org/> > * [Blocked - see > <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88 > <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88>>] > * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) > * [40.107.8.121 listed in wl.mailspike.net > <http://wl.mailspike.net/>] > * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at > * https://www.dnswl.org/ <https://www.dnswl.org/>, no trust > * [40.107.8.121 listed in list.dnswl.org <http://list.dnswl.org/>] > * 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL > * [86.129.191.88 listed in sbl-xbl.spamhaus.org > <http://sbl-xbl.spamhaus.org/>] > * 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS > * [86.129.191.88 listed in zen.spamhaus.org > <http://zen.spamhaus.org/>] > * 0.7 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in > * headers > * -0.7 SPF_HELO_PASS SPF: HELO matches SPF record > * -0.6 SPF_PASS SPF: sender matches SPF record > * 0.1 LONGWORD BODY: Uses overlong words > * 0.1 TW_VB BODY: Odd Letter Triples with VB > * -0.1 MD5_CONTENT BODY: Contains MD5 hash. > * 0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word > * 0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image > * area > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or > * identical to background > * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from > * author's domain > * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from > * envelope-from domain > * -1.5 DKIM_VALID Message has at least one valid DKIM or DK signature > * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily > * valid > * 0.5 RDNS_NONE Delivered to internal network by a host with no rDNS > * 0.0 LOTS_OF_MONEY Huge... sums of money > * 0.1 RCVD_IN_SORBS No description available. > > Looking at the headers below it seems the IP is only shown in one place: > > x-originating-ip: [86.129.191.88] > > not in the actual headers.. so is this a setup error on my part or a > spam-assassin change? or a mistake? > > Obviously I need to resolve/stop this to reduce false positives.. > > Kind Regards, > > Jonathan Gilpin > > > > > Full headers are: > > > > Return-path: <Michas@*************> > Envelope-to: jonat...@fluent.ltd.uk <mailto:jonat...@fluent.ltd.uk> > Received: from [40.107.8.121] (port=28758 > helo=EUR04-VI1-obe.outbound.protection.outlook.com > <http://eur04-vi1-obe.outbound.protection.outlook.com/>) > by mail.fluent.ltd.uk <http://mail.fluent.ltd.uk/> with esmtps > (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) > (Exim 4.92.3 (FreeBSD)) > (envelope-from <mic...@blah.com <mailto:mic...@blah.com>>) > id 1khtN9-000MY4-Sb > for jonat...@fluent.ltd.uk <mailto:jonat...@fluent.ltd.uk>; Wed, 25 Nov > 2020 11:54:11 +0000 > ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com > <http://microsoft.com/>; cv=none; > > b=W28N/723guQOuCSXW1Naa+37KEO6bHZx26TLYZrztvBdCeaPxCdDFBIl+3XogEQ02FI6sgs8jyyEpdOu5r6pzv5VYaSLeSK3bKpVUBXJd81rrBOD6CP2v51wbJiZPqWtyjKitI1C4VspnqYd3MaT2P5zcxvMlFXoFwJ1zfBB+0KJ2+0VvmyKySB8QwiSPzoRmYbIWYSfx0kjBkkcXPlicxBsWp7Acnrejf7tOFMoG/G2MYjVyYlKgdr+eBYN3X/x8KBerjMoxKnko5Ifbr8C048UCIm8t4DwYW0edA+SCyoubaaA90Wb025nZ1m3Hw+DgUeH10Ry5meaUASxLaX0rw== > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com > <http://microsoft.com/>; > s=arcselector9901; > > h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; > bh=uG0lvf0QC6HBaYnHSOFl85l4r9bpThL5UiE/bSuehSU=; > > b=aNFxANvz/1NKpFB4auemXGsVzoT9ZTmatvS6EE3J2/ixLDR/UVALA/aPOeYuKvh7N2c/yVeMFFRsTn36OyxIus6yh1k6yeVEfmxLCB4lbhANKWhDTJX89dINn90TArp6TIfBfqAw3JQP8LsvWFUFGqrwyfdUmcBmChwyFEKBjAkx5OpKnwKkkgcqkOu2tf2XuZ6byZ/CZB0COTWwlzb4PcRQIhb68OMHvhC7g4UZZm0HsS3WJQpLoOncQMPaYUEMKwjIReBXAGLq8AAR2DdCWTS/K9mGcV5kkYfcGj8tMnA3HHQ0hoHHJWhuoeMcpY50dYYG3XpUOPyj69ec/phlSA== > ARC-Authentication-Results: i=1; mx.microsoft.com <http://mx.microsoft.com/> > 1; spf=pass (sender ip is > 104.40.229.156) smtp.rcpttodomain=fluent.ltd.uk <http://fluent.ltd.uk/> > smtp.mailfrom=blah.com <http://blah.com/>; > dmarc=bestguesspass action=none header.from=blah.com <http://blah.com/>; > dkim=none (message > not signed); arc=none > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blah.com > <http://blah.com/>; > s=selector2; > > h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; > bh=uG0lvf0QC6HBaYnHSOFl85l4r9bpThL5UiE/bSuehSU=; > > b=FrGoYe/6s3IKRB11KHYxB6lNtvb0bao75MycN+7aKBfDXpV1CEpblk80zn0+vg408wVgeH5EQhcMU05dhlJhnAUrCWcdUfWFpnkC9ytfhbppq0MkT/buDDT4iQVEdg6dpwhD/zSuo0hR7QFQr4yI3bNGs/h5KtSkYEkZT8j3FmI= > Received: from MR2P264CA0080.FRAP264.PROD.OUTLOOK.COM > <http://mr2p264ca0080.frap264.prod.outlook.com/> (2603:10a6:500:32::20) > by AS8PR10MB4533.EURPRD10.PROD.OUTLOOK.COM > <http://as8pr10mb4533.eurprd10.prod.outlook.com/> (2603:10a6:20b:2b5::23) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Wed, 25 Nov > 2020 11:54:07 +0000 > Received: from VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com > <http://eop-eur03.prod.protection.outlook.com/> > (2603:10a6:500:32:cafe::94) by MR2P264CA0080.outlook.office365.com > <http://mr2p264ca0080.outlook.office365.com/> > (2603:10a6:500:32::20) with Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via Frontend > Transport; Wed, 25 Nov 2020 11:54:07 +0000 > X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 104.40.229.156) > smtp.mailfrom=blah.com <http://blah.com/>; fluent.ltd.uk > <http://fluent.ltd.uk/>; dkim=none (message not signed) > header.d=none;fluent.ltd.uk <http://fluent.ltd.uk/>; dmarc=bestguesspass > action=none > header.from=blah.com <http://blah.com/>; > Received-SPF: Pass (protection.outlook.com <http://protection.outlook.com/>: > domain of blah.com <http://blah.com/> designates > 104.40.229.156 as permitted sender) receiver=protection.outlook.com > <http://protection.outlook.com/>; > client-ip=104.40.229.156; helo=eu1.smtp.exclaimer.net > <http://eu1.smtp.exclaimer.net/>; > Received: from eu1.smtp.exclaimer.net <http://eu1.smtp.exclaimer.net/> > (104.40.229.156) by > VE1EUR03FT009.mail.protection.outlook.com > <http://ve1eur03ft009.mail.protection.outlook.com/> (10.152.18.92) with > Microsoft SMTP > Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id > 15.20.3589.20 via Frontend Transport; Wed, 25 Nov 2020 11:54:06 +0000 > Received: from EUR05-AM6-obe.outbound.protection.outlook.com > <http://eur05-am6-obe.outbound.protection.outlook.com/> (104.47.18.113) > by eu1.smtp.exclaimer.net <http://eu1.smtp.exclaimer.net/> > (104.40.229.156) with Exclaimer Signature Manager > ESMTP Proxy eu1.smtp.exclaimer.net <http://eu1.smtp.exclaimer.net/> > (tlsversion=TLS12, > tlscipher=TLS_ECDHE_WITH_AES256_SHA384); Wed, 25 Nov 2020 11:54:06 > +0000 > X-ExclaimerHostedSignatures-MessageProcessed: true > X-ExclaimerProxyLatency: 23783642 > X-ExclaimerImprintLatency: 3521053 > X-ExclaimerImprintAction: c8cf8f81e33e4173b5019c0de3b7dbfa > Content-Type: multipart/related; > boundary="----_=_NextPart_45edd4ec-206f-41a5-909b-f03baaa1763d" > Received: from AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM > <http://am6pr10mb2216.eurprd10.prod.outlook.com/> (2603:10a6:20b:51::18) > by AS8PR10MB4598.EURPRD10.PROD.OUTLOOK.COM > <http://as8pr10mb4598.eurprd10.prod.outlook.com/> (2603:10a6:20b:2b5::22) with > Microsoft SMTP Server (version=TLS1_2, > cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.28; Wed, 25 Nov > 2020 11:54:01 +0000 > Received: from AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM > <http://am6pr10mb2216.eurprd10.prod.outlook.com/> > ([fe80::ad9b:7ad7:d894:265d]) by AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM > <http://am6pr10mb2216.eurprd10.prod.outlook.com/> > ([fe80::ad9b:7ad7:d894:265d%5]) with mapi id 15.20.3589.025; Wed, 25 Nov 2020 > 11:54:01 +0000 > From: Michas Rapf <mic...@blah.com <mailto:mic...@blah.com>> > To: Jonathan Gilpin <jonat...@fluent.ltd.uk <mailto:jonat...@fluent.ltd.uk>> > Thread-Topic: Comcast Abuse Report > Thread-Index: AQHWwyDbVkxJnu70vkWSP/mbjQ9CC6nYvQ04 > Date: Wed, 25 Nov 2020 11:54:00 +0000 > Message-ID: > > <am6pr10mb22161c3d102dea421f6e65cac6...@am6pr10mb2216.eurprd10.prod.outlook.com > > <mailto:am6pr10mb22161c3d102dea421f6e65cac6...@am6pr10mb2216.eurprd10.prod.outlook.com>> > References: > <01eqxdvy8qwx916f51r51e718w....@bounce.mailstream.senderscore.net > <mailto:01eqxdvy8qwx916f51r51e718w....@bounce.mailstream.senderscore.net>>,<dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk > <mailto:dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk>> > In-Reply-To: <dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk > <mailto:dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk>> > Accept-Language: en-GB, en-US > X-MS-Has-Attach: > X-MS-TNEF-Correlator: > Authentication-Results-Original: fluent.ltd.uk <http://fluent.ltd.uk/>; > dkim=none (message not signed) > header.d=none;fluent.ltd.uk <http://fluent.ltd.uk/>; dmarc=none action=none > header.from=blah.com <http://blah.com/>; > x-originating-ip: [86.129.191.88] > x-ms-publictraffictype: Email > X-MS-Office365-Filtering-Correlation-Id: 39551bfc-0a24-4f5e-b8cb-08d89138d010 > x-ms-traffictypediagnostic: AS8PR10MB4598:|AS8PR10MB4533: > X-Microsoft-Antispam-PRVS: > > <as8pr10mb4533cf58c4eb3d16f4bae770c6...@as8pr10mb4533.eurprd10.prod.outlook.com > > <mailto:as8pr10mb4533cf58c4eb3d16f4bae770c6...@as8pr10mb4533.eurprd10.prod.outlook.com>> > x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882; > X-MS-Exchange-SenderADCheck: 1 > X-Microsoft-Antispam-Untrusted: BCL:0; > X-Microsoft-Antispam-Message-Info-Original: > > AodMuHq3ZaW61ibAVvYcyN9wUHXbjrFo8MiITzhydRNYfsyi7cMhZxyFqdgd/K2c5VtKno6pQZPLEGjSCsLtxhAWLVHiFKL0Jy1E+d2XWWUUDGRnZp7/6qjsUWO27QqTkEX/6lEW4DVfdgxQYr614LtwC6jIkm3tSy1kufFeO9dbnzbiurarULDk6adMtFEeNwjVt6iIaX0fZvQbh/HBHF+dbztkwpNgYOirKV7NjzyQSAz1leOGTcbpfIFjT7P1BPerQ8oV4pAXYQf1O3N7bPjoZ5SBs/j451diWmOjFGn+ijRTCThpTte7KRXBswry1FnHUSPKF2Ca7kn2EemxVZL4vzToiS5dedYuDuFHu+uhzdS2SL77qg3LyxH3vC8QSSr6tZ48K/f8KFj6Whgykw== > X-Forefront-Antispam-Report-Untrusted: > > CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM > > <http://am6pr10mb2216.eurprd10.prod.outlook.com/>;PTR:;CAT:NONE;SFS:(376002)(366004)(396003)(346002)(39840400004)(136003)(76236003)(478600001)(186003)(66946007)(3480700007)(8936002)(33656002)(9686003)(55016002)(83380400001)(26005)(52536014)(86362001)(7066003)(71200400001)(5660300002)(7116003)(16799955002)(6506007)(53546011)(2906002)(8676002)(316002)(7696005)(76116006)(19627405001)(66446008)(64756008)(6916009)(66476007)(166002)(66556008)(559001)(579004);DIR:OUT;SFP:1102; > x-ms-exchange-antispam-messagedata: > > WWu2hxeCT4Zw57X3TzB0gTtaW2of+K6thAjvcc+d9cP5KF6AXsMViHfBiBmrjVTE/t2/N7/XqVIxniLVnzpGjQCjTlRIb2QAf9F5GqWgcjf+FRxMtVhm+mPDMFAhRhATl6I6B7sipSwCCK4eSSjxZjvNqVxYogxSvfyV3CW027V6sP/jz+owjqybM5ARTehxq5TL+b2RXshTtLk/yw4HXoATS9AeXvZLPhq0MCifToikthz0lpDqLCvg6dzH9AOXtd//YDbOipzK3OQPfx8P9EgRb4wTj7dqxIfdTAr0EQUAAYKco/sN7ZXbxbpCIex2Xl1GsaA3aQXgFzWFkl0BbeIr6fi2/5hGouH+ahMxZQxpC+sYS04aC1FEoNeKU9BNwIdOHGV0aGuBBMjeALGmUm4TXzkZxqvswlHbROQFeEyX0E4UNfPEQgohkUGjQgdlMVR5zu9oNcx4zDSYrSlMp1qtZgp2vMs7H1rjirnNzHDGOF4V9BRA+ItrfkH3w92jIFkX7u3nZ1tzaNTxpXG2Ue8cDD0U0mAHCxW7RDH5ZD+vArXb7NO4WwKqD6ph2E57QtkteF/BnJ8rHqzy5op2kiDYzShinxuEjSS7l4vKIoSf1A7vv7EyIKoAuCJAwKDFSdeofgpvZCIRkNwSHNfobop0LpHcBTN2VRxC95eB5rGXhXWOsfQd3SXQfw0EaCnwgX9Jf1zdGqXTwJycKttbmpsDiBMhNcAuzyeEQY9DzIcNbMf7U2UKDHcvu1Qx8ce0NUXhxnfrQ+DqzSPpUO3R/GWKkVWcno1WcM8LpHwDxPmrM/54T5rvaWzGXKMsPnp7ZUpXClVqHLWx8zLoRC9ulJ89hiR6vDYffwOQgr26Igo0+v8xjX+fB8nZoO7eIZLyn6Rd2o22f00qjZ/fMnLYEg== > x-ms-exchange-transport-forked: True > MIME-Version: 1.0 > X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB4598 > X-EOPAttributedMessage: 0 > X-MS-Exchange-Transport-CrossTenantHeadersStripped: > VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com > <http://eop-eur03.prod.protection.outlook.com/> > X-MS-Office365-Filtering-Correlation-Id-Prvs: > 925da4d8-d491-4078-39c2-08d89138cd03 > X-Microsoft-Antispam: BCL:0; > X-Microsoft-Antispam-Message-Info: > > 6JGPEgxe1fCJmQ7o0AAKLaXanBxDlA5RQICgs6kWctg3o5mE56buF1tXj3bkqkSz2hoZeZHmXPNCexFQTLdH3W4F1w8UI3qCmz5lSsIu3ejDphcZRKyPS4gV68k4zlRPQAN30fqoBHrEZJMFupuUJtYeiuMqITRPlpPeMAwdSfkVGnKhQcia5Opou5saowCp3hyYyh58t4w0v0jKt578VsFWByEmFfuV0k9zvGbhzdFTjQKGf8UnEcWQklqQ6TbfSwsTffep37ZNimAAPxUNE+N7/3LdlRRda9Aus7WaPIodOklPyrgsJVartF69xQU5XAIQFpbIKFzqWrWBtT4q63kGgc7c8pqKR+o7Yc4u4KCoIUp1RXUU6AwJjL3EHv4Sjt9HVnPonQ7ftM82XfXwxJYVwO6vwSR40HPElcQktpTk1mEBmsUV1uHgB+meoULhmzy6TcQDUSXgIoWlLpnQ0uNFUtKgZv4dKsCDg6gCC4yNUK4I+cOCmAG/sOSBbRgn > X-Forefront-Antispam-Report: > > CIP:104.40.229.156;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:eu1.smtp.exclaimer.net > <http://eu1.smtp.exclaimer.net/>;PTR:eu1.smtp.exclaimer.net > <http://eu1.smtp.exclaimer.net/>;CAT:NONE;SFS:(346002)(376002)(396003)(136003)(39840400004)(46966005)(8676002)(52536014)(33964004)(30864003)(7116003)(16799955002)(336012)(7696005)(6916009)(70206006)(47076004)(82310400003)(478600001)(76236003)(6506007)(8936002)(2906002)(53546011)(7636003)(7596003)(83380400001)(33656002)(356005)(26005)(186003)(19627405001)(166002)(66576008)(5660300002)(9686003)(55016002)(15974865002)(86362001)(316002)(7066003)(70586007)(3480700007)(130860200001)(579004)(559001);DIR:OUT;SFP:1102; > X-OriginatorOrg: blah.com <http://blah.com/> > X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Nov 2020 11:54:06.3270 > (UTC) > X-MS-Exchange-CrossTenant-Network-Message-Id: > 39551bfc-0a24-4f5e-b8cb-08d89138d010 > X-MS-Exchange-CrossTenant-Id: 29330ce7-8bee-4b7f-96d8-1066707d22b5 > X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: > TenantId=29330ce7-8bee-4b7f-96d8-1066707d22b5;Ip=[104.40.229.156];Helo=[eu1.smtp.exclaimer.net > <http://eu1.smtp.exclaimer.net/>] > X-MS-Exchange-CrossTenant-AuthSource: > VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com > <http://eop-eur03.prod.protection.outlook.com/> > X-MS-Exchange-CrossTenant-AuthAs: Anonymous > X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem > X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB4533 > X-SA-Exim-Connect-IP: 40.107.8.121 > X-SA-Exim-Mail-From: mic...@blah.com <mailto:mic...@blah.com> > Subject: Re: Comcast Abuse Report > X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on > as001.fluent.ltd.uk <http://as001.fluent.ltd.uk/> > X-Spam-Flag: YES > X-Spam-Level: ***** > X-Spam-Status: Yes, score=5.0 required=4.4 tests=DKIM_SIGNED,DKIM_VALID, > DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_FACE_BAD,HTML_FONT_LOW_CONTRAST, > HTML_IMAGE_RATIO_08,HTML_MESSAGE,LONGWORD,LOTS_OF_MONEY,MD5_CONTENT, > MR_NOT_ATTRIBUTED_IP,RCVD_IN_CBL,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, > RCVD_IN_SBL_CSS,RCVD_IN_SBL_XBL,RCVD_IN_SORBS,RDNS_NONE,SPF_HELO_PASS, > SPF_PASS,TW_VB,URIBL_BLOCKED autolearn=disabled version=3.4.4 > X-Spam-Report: > * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > * blocked. See > * http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > <http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block> > * for more information. > * [URIs: blah.com <http://blah.com/>] > * 1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org > <http://cbl.abuseat.org/> > * [Blocked - see > <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88 > <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88>>] > * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) > * [40.107.8.121 listed in wl.mailspike.net > <http://wl.mailspike.net/>] > * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at > * https://www.dnswl.org/ <https://www.dnswl.org/>, no trust > * [40.107.8.121 listed in list.dnswl.org <http://list.dnswl.org/>] > * 1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL > * [86.129.191.88 listed in sbl-xbl.spamhaus.org > <http://sbl-xbl.spamhaus.org/>] > * 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS > * [86.129.191.88 listed in zen.spamhaus.org > <http://zen.spamhaus.org/>] > * 0.7 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in > * headers > * -0.7 SPF_HELO_PASS SPF: HELO matches SPF record > * -0.6 SPF_PASS SPF: sender matches SPF record > * 0.1 LONGWORD BODY: Uses overlong words > * 0.1 TW_VB BODY: Odd Letter Triples with VB > * -0.1 MD5_CONTENT BODY: Contains MD5 hash. > * 0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word > * 0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image > * area > * 0.0 HTML_MESSAGE BODY: HTML included in message > * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or > * identical to background > * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from > * author's domain > * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from > * envelope-from domain > * -1.5 DKIM_VALID Message has at least one valid DKIM or DK signature > * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily > * valid > * 0.5 RDNS_NONE Delivered to internal network by a host with no rDNS > * 0.0 LOTS_OF_MONEY Huge... sums of money > * 0.1 RCVD_IN_SORBS No description available. > X-SA-Exim-Version: 4.2 > X-SA-Exim-Scanned: Yes (on mail.fluent.ltd.uk <http://mail.fluent.ltd.uk/>) >
