John, just to confirm: do you have received my mail with attachement ? BTW I've upgraded to 4.0.1 but no results in rules catching these mails.
Thx Pierluigi Il giorno ven 27 dic 2024 alle ore 02:09 John Hardin <jhar...@impsec.org> ha scritto: > On Thu, 26 Dec 2024, Pierluigi Frullani wrote: > > > Here's the output ( the relevant part I think ): > > > > X-Spam-Status: No, score=4.2 required=4.4 tests=FREEMAIL_FROM, > > HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,HTTP_EXCESSIVE_ESCAPES, > > PDS_OTHER_BAD_TLD,T_REMOTE_IMAGE,URI_NOVOWEL shortcircuit=no > > autolearn=no autolearn_force=no version=3.4.6 > > X-Spam-Report: > > * 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail > > * provider > > * [mauneypals[at]gmail.com] > > * 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs > > * [URI: haligr.click (click)] > > * 0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence > > * 1.0 HTTP_EXCESSIVE_ESCAPES URI: Completely unnecessary > %-escapes > > * inside a URL > > * 0.7 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or > > * identical to background > > * 0.0 HTML_MESSAGE BODY: HTML included in message > > * 0.0 T_REMOTE_IMAGE Message contains an external image > > > I can trap those because of the HTTP_EXCESSIVE_ESCAPES which I can give a > > bit more aggressive score, but no "GOOG*" in report. > > You wouldn't see the rule hits from debugging in the message anywhere, you > need to look in the SpamAssassin log or the output from running > SpamAssassin against the message interactively. > > It would look something like this: > > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > __NAME_EQ_EMAIL > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > T_FROM_WSP_TRAIL > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > __FROM_ENCODED_B64 > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule __RAW_FROM > Dec 13 17:22:52.299 [10120] dbg: rules: ran header rule __RAW_FROM ======> > got hit: " "Roland Smith" <partne...@388yh.com>" > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > __COMMENT_IN_FROM_ADDR > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > __NESTED_ANGLE_FROM > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule > __NAME_IS_EMAIL > Dec 13 17:22:52.299 [10120] dbg: rules-all: running header rule FROM_UNBAL2 > > The command would look something like this: > > spamassassin -t --debug area=rules,rules-all < message.txt > > > For info I'm running SpamAssassin version 3.4.6 running on Perl version > > 5.22.2 just sa-updated few minutes ago. > > 3.4.6 is rather old. You should consider updating to 4.0.1 if possible. > > > I'm preparing the zip file woth some the > > Do you want me to send the zip file ( I have 46 mails that have failed ) > ? > > Yes, that would be fine. It would be easiest for me if each message was in > a separate file (vs. a single mailbox file containing multiple messages - > that's 46 individual email files in one zip or gz archive), but that's > not a requirement. > > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > ----------------------------------------------------------------------- > The police of a state should never be stronger or better armed > than the citizenry. An armed citizenry, willing to fight, is the > foundation of civil freedom. -- Robert A. Heinlein, 1942 > ----------------------------------------------------------------------- > 73 days since SpaceX caught the SuperHeavy booster on the first try >
