Thank you, David.
Sorry I should have known to give you a more verbose listing of the
headers, I put one at the end for the "voicemail" spam.
I'm using a friend's MTA, which is perhaps the source of the recent
change - I'll have to check what they are doing. All my mail goes to a
spool directory in my home on "ofb.net" and then I have a script which
transfers the files and puts them into a maildir on my laptop. That
way I don't have to have an internet connection to search through old
email, mailing lists, and so on.
It looks like I have a lot of reading to do (or my admins). I had
thought that running spamassasin locally after I download my emails
would be sufficient - even preferable, since locally there is the
"Bayesian" database.
Thanks again,
Frederick
Return-Path: <voicemailand...@southcentralmachine.arcoxmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on thutmose
X-Spam-Level:
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no
version=3.4.1
X-Original-To: frede...@ofb.net
Delivered-To: frede...@ofb.net
Received: from [171.247.127.4] (unknown [171.247.127.4])
by ofb.net (Postfix) with ESMTP id 7BEB441DB1
for <frede...@ofb.net>; Thu, 15 Dec 2016 06:01:58 -0800 (PST)
Date: Thu, 15 Dec 2016 06:02:07 -0700
To: frede...@ofb.net
From: SureVoIP <voicemailand...@southcentralmachine.arcoxmail.com>
Subject: Voicemail from 08449381540 <08449381540> 00:03:15
Message-ID: <27d1c28da751b7dd3a731e04d7a620d4@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer 5.2.2
(http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="b1_27d1c28da751b7dd3a731e04d7a620d4"
On Thu, Dec 15, 2016 at 04:42:16PM +0000, David Jones wrote:
> >From: frede...@ofb.net <frede...@ofb.net>
> >Sent: Thursday, December 15, 2016 9:33 AM
> >To: users@spamassassin.apache.org
> >Subject: recent increase in spam getting through
>
> > X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,HTML_MESSAGE,
> > RDNS_NONE,T_SPF_TEMPERROR autolearn=no autolearn_force=no
> >version=3.4.1
>
> > Date: Thu, 15 Dec 2016 02:09:18 -0700
> > From: %GIRL_NAME Lyon <lyon_%girl_n...@feuz.com>
> > To: frede...@ofb.net
> > Subject: Re: Healthy soul in healthy body. Order Celexa now.
> > X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,BODY_URI_ONLY,
> > HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
> > MIME_HTML_ONLY,RDNS_NONE,T_SPF_HELO_TEMPERROR,T_SPF_TEMPERROR
> >autolearn=no
> > autolearn_force=no version=3.4.1
>
> Need to see the received headers to check RBLs. Make sure you are doing
> RBL checks at the MTA. If you are using Postfix, then enable Postscreen and
> use it's
> postscreen_dnsbl_sites for weighting reliable RBLs high and unreliable RBLs
> low. There
> is a long thread on this in the archives.
>
> http://marc.info/?l=spamassassin-users&m=146590518212907&w=2
>
> Start with a short list like zen.spamhaus.org and mailspike then add new ones
> slowly over time until the email that hits SpamAssassin is mostly clean. RBLs
> block 95% of the spam at the MTA level so my SpamAssassin only has to block
> a very small percentage of spam based on content (Subject, body, AV, etc.)
> and Bayes.
>
> I offset some of the RBLs with postwhite for major mail providers that are
> often
> listed on RBLs but can't be blocked due to their size like comcast.net. In
> this
> case, I have to let them on to SpamAssassin for scoring. As long as they
> update
> their SPF record, then these will be let through but spoofers could be
> blocked by
> RBLs:
>
> https://github.com/stevejenkins/postwhite
>
> Remember that it is very important to use you own recursive DNS server and not
> point to other DNS servers that will combine your DNS queries with others
> which
> can be over the free usages limits set by the RBLs and cause URIBL_BLOCKED
> hits.
>
> http://marc.info/?l=spamassassin-users&m=147498536120314&w=2
>
> Hope this helps,
> Dave
