On 04.08.09 20:09, a...@exys.org wrote: > See the below message parts > (the complete message does not pass the MLs filter) > Notably both bayes and AWL are wrong. > while I understand why bayes might have done that, i dont understand > what AWL is doing here. > I have obviously never received any mail from that sender, so why does > it hit?
in later mail you mention that you run SA before greylisting. Do you use per-use config at that time? Isn't it possible that someone other at your system received mail from the same sender that didn't score much? Since most of those checks are RBLs that is collaborative checks, it's possible that similar message received in the past by early recipient scored very low, and if it was autolearned as ham, it could explain the BAYES_00 too. > Return-path: <virenwarndie...@virenschutz-downloaden.info> > Envelope-to: a...@exys.org > Received: from host231.dhms-domainmanagement.net ([91.199.51.231]) > Subject: Virenwarnung - Ihr PC ist=?UTF-8?Q?=20ungesch=C3=BCtzt?= > Content-Type: text/plain; charset="UTF-8" > Message-ID: <knuula.a6m...@localhost> > To: a...@exys.org > > X-Spam-Report: > Content analysis details: (6.0 points, 5.0 required) > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.1 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source > [91.199.51.231 listed in combined.njabl.org] > -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% > [score: 0.0000] > 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist > [URIs: virenschutz-downloadenDOTinfo] > 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL > blocklist > [URIs: virenschutz-downloadenDOTinfo] > 0.2 SARE_SUB_ENC_UTF8 Message uses character set often used in spam > -1.9 AWL AWL: From: address is in the auto white-list > X-Spam-Flag: YES -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.
