> On Mon, 24 May 2010, Jason Bertoch wrote:
> At a guess I would say the bulk of your score is attributed to the
> URI in the body that has been flagged as being on the SURBL blocklist.
>
> Beyond that, the issue seems to be that they have used a body 'type' of
> text/html without actually using HTML. So spamasassin is complaining
> about
> various aspects of the improper use of HTML... Though I can't see how
> it
> decided that a large font was in use....
>
> The solution here seems to be a combination of getting rid of the 'bad'
> URI from the text and gettin ghte sender to fix their (web based?) mail
> client so that all those HTML problems don't occur....
Jason was speaking about a FN, not an FP. Am I missing something?
These are the findings with one of my setup (SA 3.3.1, all locales allowed):
Content analysis details: (11.8 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: rohiana.com]
4.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: rohiana.com]
0.0 HTML_MESSAGE BODY: HTML included in message
3.0 BAYES_95 BODY: Bayes spam probability is 95 to 99%
[score: 0.9631]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.4 ZMIde_GENERICSPAM1 3+ generic spam signs
0.7 SARE_HTML_EMPTY Email is HTML format, but common tags not found
5.6 points are from BLs, but the remainder (6.2) is enough to trigger SA in
a standard setup).
Please note ZMIde_GENERICSPAM1 (1.4). It is from 70_zmi_german.cf
(70_zmi_german.cf.zmi.sa-update.dostech.net channel in sa-update).
Giampaolo
