On Sun, 1 Jul 2012, server wrote:
On 7/1/2012 7:29 PM, John Hardin wrote:
On Sun, 1 Jul 2012, server wrote:
I am getting this
-39.4 points, 5.2 required
and it is tagging as spam.
Why?
We can't possibly do more than guess without seeing the actual headers on
such a message, as well as having some information about what your MTA is
and how you have SA glued onto it.
Sorry I thought it was something simple that I have over looked.
Exim 4.77
spamd_address = 127.0.0.1 783
# put headers in all messages (no matter if spam or not)
warn message = X-Spam-Score: $spam_score ($spam_bar)
spam = BOGUS:true
warn message = X-Spam-Report: $spam_report
spam = BOGUS:true
# add second subject line with *SPAM* marker when message
# is over threshold
warn message = Subject: *THIS IS SPAM* $h_Subject:
spam = BOGUS
# reject spam at high scores (> 5.2)
deny message = This message scored $spam_score spam points.
spam = BOGUS:true
condition = ${if >{$spam_score_int}{52}{1}{0}}
What part of the header should I post?
This is a C/P from my log (exact with a couple of edits where you see blah
blah blah and my tld info)
****************************
X-HELO-Warning: Remote host xx.xx.xx.xx incorrectly presented itself as
[192.168.1.100]
X-Spam-Score: -39.4 (---------------------------------------)
X-Spam-Report: Spam detection software, running on the system "my tld", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: -------- Original Message -------- Subject: Maxine's
Memorial
Date: Sat, 30 Jun 2012 16:49:59 -0400 (EDT) From: blah blah blah
Content analysis details: (-39.4 points, 5.2 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-48 ALL_TRUSTED Passed through trusted hosts only via SMTP
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.4309]
2.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
2.5 LOTS_OF_MONEY Huge... sums of money
X-Spam-Score: 8.7 (++++++++)
X-Spam-Report: Spam detection software, running on the system
"server.edschooler.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: -------- Original Message -------- Subject: Maxine's
Memorial
Date: Sat, 30 Jun 2012 16:49:59 -0400 (EDT) From: same blah blah blah
Content analysis details: (8.7 points, 5.2 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.8 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
2.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
2.5 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
Subject: *THIS IS SPAM* Fwd: Maxine's Memorial
*****************************************************
There are at least a couple of things wrong here.
1) where did that -48 points score for ALL_TRUSTED come from? That's not a
standard SA score for that rule.
2) it appears that this message has been passed thru SA at least twice.
That's tricky to do correctly and get valid scores, even with the best of
configurations. Given this message has two different spam-score headers
with wildly differing values, your setup is broken.
3) a proper SA installation should always add a Checker-Version header,
regardless of whether the message is spam or ham. In what you've posted
it's missing, so either you've left out that part or your kit is broken
in a way that it doesn't get added.
As I've never used Exim, I cannot comment on your mail server config.
Can you capture a copy of a message as it enters your system -before-
you feed it to SA to see what headers the message already has?
There may be some up-stream system that is doing SA processing on your
mail. If so, you either need to get them to not do that, not run your own
SA & be willing to accept their scoring, or find some other way to get
unfiltered mail service.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
