spamassassin not blocking

ReN

Verified User
Joined
Jul 2, 2005
Messages
202
starting to get these all of a sudden , allowed through to inbox, anyone got any ideas?

X-Spam-Score: 8.0 (++++++++)
X-Spam-Report: Spam detection software, running on the system "server.example.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: This is More Effective then Viagra <http://bars.techronadvanatgecard.com/Lzyjbv/gbhgin17618blzcfrs/ni8NIDP_vwqDrAFjSJ52Nw8GFMOt3O9rGXpftFwfGVA/yjowR3p9PxB47FSHFT7Deym17ElYHko6g6BNwYJyjsjrqxAQMVO2eMIGuoQ3yZMCSeXzdRwAYJNYDKpSirTgYf3lePYUJJA7ZNSrmOypAas>
[...]

Content analysis details: (8.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.0 HTML_MESSAGE BODY: HTML included in message
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
2.2 DRUGS_ERECTILE Refers to an erectile drug
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
SpamTally: Final spam score: 80
X-Antivirus: AVG (VPS 170422-0, 04/22/2017), Inbound message
 
there is a corresponding spamd entry, with the same score , no errors in the logs to be found. i did notice the extra headers for

X-Spam-Flag:
X-Spam-Checker-Version:
X-Spam-Level:

are missing, however the latest /etc/exim.spamassassin.conf has

headers_remove = X-Spam-Flag:X-Spam-Report:X-Spam-Status:X-Spam-Level:X-Spam-Checker-Version

so i'm assuming they are removed....

any thoughts guys. ???

ReN
 
Hello,

At what score emails are configured to be blocked and/or removed?

8.0 points, 5.0 required

It shows that emails scored higher than 5.0 are treated as SPAM, the email under question took 8 points. Probably it's not sufficient to be removed.

What action is to be taken depend on your personal settings for a corresponding user. So check it out.
 
Hello,

At what score emails are configured to be blocked and/or removed?

8.0 points, 5.0 required

It shows that emails scored higher than 5.0 are treated as SPAM, the email under question took 8 points. Probably it's not sufficient to be removed.

What action is to be taken depend on your personal settings for a corresponding user. So check it out.


You're correct zEitEr, the block is set to 15, after some investigation , i found these emails seem to be specifically made to avoid detection by the default settings,

although they are above the 55 default limit for spamassassin to be called by ESF, spamassassin determined they are not spam for a couple of reason , namely adding a minus score for a couple of things , hence dropping them below the threshold of being marked as spam .... was very interesting to investigate this. maybe something to look out for in the future :)
 
Back
Top