One of my web sites sends me a minimal email to indicate its status.
There is no body, just a subject and the usual headers. It is sent
several times a day.
The sending domain is in the trusted_networks list so the SA report
includes ALL_TRUSTED - full X-Spam-Status is (and should be)...
No, score=-28.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,PFSA_OURSERVER_VALID
autolearn=ham version=3.3.2
BUT sometimes I get...
No, score=-25.5 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,PFSA_OURSERVER_VALID,TVD_SPACE_RATIO,
TVD_SPACE_RATIO_MINFP autolearn=ham version=3.3.2
PFSA_OURSERVER_VALID is my own addition and is set to -25 if it's from
the web site. DKIM is set by the mail receiver not the sender, which is
a very simple smtp service.
What puzzles me is why SA reports TVD_SPACE_RATIO and
TVD_SPACE_RATIO_MINFP when there is no body at all - just a single blank
line with not even a single space and no signature or MIME. And why it
does so only sometimes (about 1 in four or five times).
For reference the ENTIRE email (with obfuscations) for the TVD case, as
received by me is...
Delivered-To: <(me)@(recip)>
Received: from (my mail server)
by (my mail server) (Dovecot) with LMTP id KLhdFWzRRliENgAAu8yh1g
for <(me)@(recip)>; Tue, 06 Dec 2016 14:57:46 +0000
Received: from (my mail server) (localhost [127.0.0.1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by (my mail server) (Postfix) with ESMTPS id 6D8201E06F0
for <(me)@(recip)>; Tue, 6 Dec 2016 14:57:46 +0000 (GMT)
Received: by (my mail server) (Postfix, from userid 5001)
id 41C391E0668; Tue, 6 Dec 2016 14:57:46 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= (etc)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on MYPOSTFIX
X-Spam-Level:
X-Spam-Status: No, score=-25.5 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,PFSA_OURSERVER_VALID,TVD_SPACE_RATIO,
TVD_SPACE_RATIO_MINFP autolearn=ham version=3.3.2
X-Spam-RelaysUntrusted:
Received: from (webserver) ((webserver) [(webserver IP)])
by (my mail server (Postfix) with SMTP id DA6541E06F0
for <(me)@(recip)>; Tue, 6 Dec 2016 14:57:35 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= (etc)
From: "FormTest" <(form)@(webserver)>
To: "(me)" <(me)@(recip)>
Reply-To: (sender)@(webserver)
Subject: Form Check
Date: Tue, 06 Dec 2016 14:57:35 -0000
Message-ID: <20161206-14573592-10bc@(webserver)>
X-Envelope-From: (sender)@(webserver)
X-Original-IP: (web customer's IP) (SEE BELOW)
MIME-Version: 1.0
There is another oddity in this scenario. I have set up a tracing
header, shown above as...
X-Original-IP: (web visitor's IP)
This is recent. Previously I had...
X-Originating-IP: (web visitor's IP)
... but this resulted in losing ALL_TRUSTED (all other tags in
X-Spam-Status remained). Spamassassin seemed to think this was the
envelope-from or something of that kind and filled in...
X-Spam-RelaysUntrusted: [ ip=(visitor's IP) rdns= helo= by= ident= envfrom=
If anyone could help with either of these I would be grateful.
--
Dave Stiles
