Thank you, David. Sorry I should have known to give you a more verbose listing of the headers, I put one at the end for the "voicemail" spam.
I'm using a friend's MTA, which is perhaps the source of the recent change - I'll have to check what they are doing. All my mail goes to a spool directory in my home on "ofb.net" and then I have a script which transfers the files and puts them into a maildir on my laptop. That way I don't have to have an internet connection to search through old email, mailing lists, and so on. It looks like I have a lot of reading to do (or my admins). I had thought that running spamassasin locally after I download my emails would be sufficient - even preferable, since locally there is the "Bayesian" database. Thanks again, Frederick Return-Path: <voicemailand...@southcentralmachine.arcoxmail.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on thutmose X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE, RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no version=3.4.1 X-Original-To: frede...@ofb.net Delivered-To: frede...@ofb.net Received: from [171.247.127.4] (unknown [171.247.127.4]) by ofb.net (Postfix) with ESMTP id 7BEB441DB1 for <frede...@ofb.net>; Thu, 15 Dec 2016 06:01:58 -0800 (PST) Date: Thu, 15 Dec 2016 06:02:07 -0700 To: frede...@ofb.net From: SureVoIP <voicemailand...@southcentralmachine.arcoxmail.com> Subject: Voicemail from 08449381540 <08449381540> 00:03:15 Message-ID: <27d1c28da751b7dd3a731e04d7a620d4@localhost.localdomain> X-Priority: 3 X-Mailer: PHPMailer 5.2.2 (http://code.google.com/a/apache-extras.org/p/phpmailer/) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="b1_27d1c28da751b7dd3a731e04d7a620d4" On Thu, Dec 15, 2016 at 04:42:16PM +0000, David Jones wrote: > >From: frede...@ofb.net <frede...@ofb.net> > >Sent: Thursday, December 15, 2016 9:33 AM > >To: users@spamassassin.apache.org > >Subject: recent increase in spam getting through > > > X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE, > > RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no > >version=3.4.1 > > > Date: Thu, 15 Dec 2016 02:09:18 -0700 > > From: %GIRL_NAME Lyon <lyon_%girl_n...@feuz.com> > > To: frede...@ofb.net > > Subject: Re: Healthy soul in healthy body. Order Celexa now. > > X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,BODY_URI_ONLY, > > HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG, > > MIME_HTML_ONLY,RDNS_NONE,T_SPF_HELO_TEMPERROR,T_SPF_TEMPERROR > >autolearn=no > > autolearn_force=no version=3.4.1 > > Need to see the received headers to check RBLs. Make sure you are doing > RBL checks at the MTA. If you are using Postfix, then enable Postscreen and > use it's > postscreen_dnsbl_sites for weighting reliable RBLs high and unreliable RBLs > low. There > is a long thread on this in the archives. > > http://marc.info/?l=spamassassin-users&m=146590518212907&w=2 > > Start with a short list like zen.spamhaus.org and mailspike then add new ones > slowly over time until the email that hits SpamAssassin is mostly clean. RBLs > block 95% of the spam at the MTA level so my SpamAssassin only has to block > a very small percentage of spam based on content (Subject, body, AV, etc.) > and Bayes. > > I offset some of the RBLs with postwhite for major mail providers that are > often > listed on RBLs but can't be blocked due to their size like comcast.net. In > this > case, I have to let them on to SpamAssassin for scoring. As long as they > update > their SPF record, then these will be let through but spoofers could be > blocked by > RBLs: > > https://github.com/stevejenkins/postwhite > > Remember that it is very important to use you own recursive DNS server and not > point to other DNS servers that will combine your DNS queries with others > which > can be over the free usages limits set by the RBLs and cause URIBL_BLOCKED > hits. > > http://marc.info/?l=spamassassin-users&m=147498536120314&w=2 > > Hope this helps, > Dave