Probleme with testing (?)

Guillaume Gelle Sat, 29 Aug 2009 09:36:02 -0700

Hi there,


I'm new here, first message, which I won't messed up, please tell me if I am! :)

Ok, I -think- I have a problem with my configuration of spamassassin. I have a 
lot of messages passing through as "not spam" even if it's obvious spam.

The thing is I think somewhere, SA if skipping tests (?), or timing out (??) or 
something else (???)... I just have no idea what is going on.

 

So, spam messages are arriving with only a scoring of 0.101.

The two ONLY same tests done are : tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1]

 

Here's below the log of a message, containing obvious spam words. (viagra 
oriented.)

If you can figure out sonething, that'd awesome, I'm pretty out of idea.

 
Aug 27 03:39:49 SA-SERVER postfix/cleanup[14423]: 1E6D24F7B: 
message-id=<1251331665.0...@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER postfix/qmgr[15781]: 1E6D24F7B: 
from=<c_calista...@fulcrumproperty.com>, size=2981, nrcpt=1 (queue active)
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP< MAIL 
FROM:<c_calista...@fulcrumproperty.com> SIZE=2981 BODY=7BIT\r\n
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (debug_sender) => 
undef, "c_calista...@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP> 250 2.1.0 Sender 
<c_calista...@fulcrumproperty.com> OK
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP::10024 
/var/spool/amavis/tmp/amavis-20090827T003241-12820: 
<c_calista...@fulcrumproperty.com> -> <us...@cla.ch> SIZE=2981 BODY=7BIT 
Received: from SA-SERVER.cla.ch ([127.0.0.1]) by localhost (SA-SERVER.cla.ch 
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <us...@cla.ch>; Thu, 27 
Aug 2009 03:39:49 +0200 (CEST)
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) Checking: 7NNRjaw-XrHk 
[192.168.1.119] <c_calista...@fulcrumproperty.com> -> <us...@cla.ch>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 2822.From: 
<c_calista...@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 
lookup_acl(c_calista...@fulcrumproperty.com), no match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (snp1) => undef, 
"c_calista...@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) wbl: checking sender 
<c_calista...@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: 
c_calista...@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, 
.fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 
lookup_hash(c_calista...@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (blacklist_sender) 
=> undef, "c_calista...@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: 
c_calista...@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, 
.fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 
lookup_hash(c_calista...@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (whitelist_sender) 
=> undef, "c_calista...@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 
lookup_re("c_calista...@fulcrumproperty.com"), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: 
c_calista...@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, 
.fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 
lookup_hash(c_calista...@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup 
(score_sender<c_calista...@fulcrumproperty.com>) => undef, 
"c_calista...@fulcrumproperty.com" does not match
[b]Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) SPAM-TAG, 
<c_calista...@fulcrumproperty.com> -> <us...@cla.ch>, No, score=0.101 
tagged_above=-9999 required=2.2 tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1][/b]
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) (about to connect to 
[127.0.0.1]:10025) FWD via SMTP: <c_calista...@fulcrumproperty.com> -> 
<us...@cla.ch>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) smtp cmd> MAIL 
FROM:<c_calista...@fulcrumproperty.com> BODY=7BIT
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) rw_loop sent 120> MAIL 
FROM:<c_calista...@fulcrumproperty.com> BODY=7BIT\r\nRCPT TO:<us...@cla.ch> 
ORCPT=rfc822;us...@cla.ch\r\ndata\r\n
Aug 27 03:39:53 SA-SERVER postfix/cleanup[14423]: AD2FB4F7D: 
message-id=<1251331665.0...@fulcrumproperty.com>
Aug 27 03:39:53 SA-SERVER postfix/qmgr[15781]: AD2FB4F7D: 
from=<c_calista...@fulcrumproperty.com>, size=3533, nrcpt=1 (queue active)
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) FWD via SMTP: 
<c_calista...@fulcrumproperty.com> -> <us...@cla.ch>,BODY=7BIT 250 2.0.0 Ok, 
id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AD2FB4F7D
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) DSN: sender NOT credible 
<c_calista...@fulcrumproperty.com>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) lookup 
(spam_dsn_cutoff_level_bysender) => true,  "c_calista...@fulcrumproperty.com" 
matches, result="10", matching_key="(constant:10)"
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) dsn: from MTA 250 
NonBlocking:CleanTag <c_calista...@fulcrumproperty.com> -> <us...@cla.ch>: 
on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, 
mta_resp: "250 2.0.0 Ok, id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 
Ok: queued as AD2FB4F7D"
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) DSN: SUCC from MTA 250 
NonBlocking:CleanTag, no DSN requested: <c_calista...@fulcrumproperty.com> -> 
<us...@cla.ch>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) one_response_for_all 
<c_calista...@fulcrumproperty.com>: success, r=0,b=0,d=0, ndn_needed=0, '250 
2.0.0 Ok, id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 
AD2FB4F7D'
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) Passed CLEAN, 
[192.168.1.119] [190.175.166.169] <c_calista...@fulcrumproperty.com> -> 
<us...@cla.ch>, Message-ID: <1251331665.0...@fulcrumproperty.com>, mail_id: 
7NNRjaw-XrHk, Hits: 0.101, size: 2978, queued_as: AD2FB4F7D, 4599 ms The mail 
was containing that : Buy ViagraCialisLevitr from $1.20 
per pillSecure & Safe 
Canadian Pharmacy is offering all pills at discounted prices. Buy 
CialisViagraLevitr, Propecia, Acomplia, Xenica1, VPXL, Tamiflu....... Prices 
Starting from $1.20Buy Generic from $1.20 [LowPrice - 
Free Pills - Discount]

 

kinda explicit, no?
Thanks in advance for you help,Guillaume Plateform : opensuse 11.1, amavisd, 
spamassassin
_________________________________________________________________
Hot or Not? Le style des stars sur MSN Starlounge
http://starlounge.fr.ch.msn.com/index.cfm?category=fashion

Probleme with testing (?)

Reply via email to