I've just seen a mail marked as spammy (amavisd-new) where the score header had
Score=x+5 where x was the sum of the SA tests.
X-Spam-Status: Yes, score=0.917+5 tagged_above=0 required=5
tests=[AWL=0.727,BAYES_00=-2.599, BOTNET_SERVERWORDS=-0.01,
FORGED_RCVD_HELO=0.135,HTML_MESSAGE=0.001, P0F_UNIX=-0.001,
SARE_HTML_MANY_BR05=0.5,SARE_HTML_TD_BR=0.934, SARE_UNA=1.231, SPF_PASS=-0.001]
I'm curious as to where the 5 came from as the the mail report does not look like spam:
Content analysis details: (0.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 P0F_UNIX OS fingerprint BSD/Solaris/HP-UX/Tru64
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 BOTNET_SERVERWORDS Hostname contains server-like substrings
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
1.2 SARE_UNA RAW: SARE_UNA
0.9 SARE_HTML_TD_BR FULL: Multiple line breaks in spammer pattern
0.5 SARE_HTML_MANY_BR05 Tooo many <br>'s!
0.7 AWL AWL: From: address is in the auto white-list
I've not seen this before (in over 4 years) and could not see and answer from a
quick search.
Thanks
Alan
