Re: How to report SPAM?

Tue, 28 May 2024 02:28:52 -0700 

On 27.05.24 23:10, Thomas Barth via users wrote:
for months I have been waiting for the type of SPAM I receive to be captured by the DNS block lists. But nothing is happening. I have long since fed Spamassassin with these SPAMs. What else can I do? I have even activated HOSTKARMA-black/brown. Doesn't help either. Do I perhaps have to report the SPAM myself? Is this reporting still up to date https://cwiki.apache.org/confluence/display/SPAMASSASSIN/Report+spam 



The scoring of this type of SPAM is
X-Spam-Status: No, score=3.502 tagged_above=2 required=6.31

   tests=[BAYES_99=3.5, BAYES_999=0.2, DKIM_SIGNED=0.1, 
DKIM_VALID=-0.1,

   DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001,

   HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_BL=0.001, 
RCVD_IN_MSPIKE_L3=0.001,
   SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no 
autolearn_force=no


From the score itself it's very hard to find out the issue.

Maybe you are blocked on DNS blocklist (perhaps you use public DNS 
servers)? Perhaps the spam came from hosts that are not blocked?


If you posted Received: headers (here or on e.g. pastebin), it could help us.



Here the checks of a higher rated SPAM mail. A lot more working checks 
available.


X-Spam-Status: Yes, score=15.037 tagged_above=2 required=6.31
   tests=[BAYES_20=-0.001, DMARC_MISSING=0.001, EXTRA_SCORE=1,
   FROM_SUSPICIOUS_NTLD=0.499, FROM_SUSPICIOUS_NTLD_FP=1.999,

   FSL_BULK_SIG=0.001, HTML_FONT_LOW_CONTRAST=0.001, 
HTML_IMAGE_RATIO_04=0.001,

   HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MISSING_MID=0.497,

   NORDNS_LOW_CONTRAST=0.001, RAZOR2_CF_RANGE_51_100=1.886, 
RAZOR2_CHECK=0.922,
   RCVD_IN_HOSTKARMA_BL=2, RCVD_IN_MSPIKE_BL=0.001, 
RCVD_IN_MSPIKE_ZBI=0.001,

   RCVD_IN_SBL_CSS=3.335, RDNS_NONE=0.793, RELAYCOUNTRY_BAD=2,

   SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, 
TO_NO_BRKTS_NORDNS_HTML=0.001]

   autolearn=no autolearn_force=no


So, at least dnsbls work well for you.


What can I do? With these SPAMS, I have the impression that the 
senders know exactly how to trick Spamassassin.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you.






















					Reply via email to