On 3/30/2015 10:12 AM, grhoderick wrote:
First, apologies in advance, I know this list is for seasoned users. I'm a
consumer—not an administrator by any means—but posting here in hopes that
the SA focus of the list will provide a clear answer.
It's not just for seasoned users but not sure we can really help you
unless you can configure or at least tweak your implementation of SA.
Whether you can or cannot is still unclear.
If I paste these same Spam mails into an online check service, they trigger
a handful of tests that my web host's SA install seems to ignore or miss.
The difference is steep, with messages scoring a range of 4 to 14 points
higher, which correctly equates to the majority of the spam. These tests are
comprised mostly of checks against trustworthy blocklists.
RBLs are reactive so this could be a sign that the RBL has caught up in
the time between the tests.
Where I'm confused: Is this an obvious sign that the web host isn't updating
SA appropriately, or is it normal the test reports don't match? Am I
misunderstanding the scoring system?
We need more headers to see. What version of SpamAssassin does the
headers show? What rules does it show it hits when it does hit?
From what you did post, the most important issue I see is that
URIBL_BLOCKED is triggered which implies setups that are exceeding free
volume limits on RBLs and/or not using a local caching nameserver.
After months of back and forth with the web host, their recommendation has
been to add rules and do more intensive SA learning. But the way I
understand it, no amount of tweaking symbolic test scores or adding rules
can make up for not running the tests to begin with. Without having root
access to the SA install, can I even influence which tests are applied?
If not, my only option is to leave my host for a service that keeps their SA
install updated. Your insight here will help me confidently make that
decision.
That is a significant recommendation to consider. What ISP are you using?
regards,
KAM