Hi all,
I'm a bit new to all this. I am currently administrating a server for which the owner is away for a while. At certain moments we seem to be getting quite some spam though.
I tried optimizing the spamassissin configuraturation, but it does not seem to work. When I ran spamassassin manually on a message in the inbox I got the following output. What I noticed in the output is the spam score appears twice. The first scoring is 26.4 and the second score (inside the message?) is 1.5.
In the end the message ends up in the mailbox and not in the spam folder like configured.
I'm a bit new to all this. I am currently administrating a server for which the owner is away for a while. At certain moments we seem to be getting quite some spam though.
I tried optimizing the spamassissin configuraturation, but it does not seem to work. When I ran spamassassin manually on a message in the inbox I got the following output. What I noticed in the output is the spam score appears twice. The first scoring is 26.4 and the second score (inside the message?) is 1.5.
In the end the message ends up in the mailbox and not in the spam folder like configured.
Code:
Jun 5 20:56:17.098 [2264] dbg: plugin: Mail::SpamAssassin::Plugin::DCC=HASH(0x2bd48f8) implements 'check_post_learn', priority 0
Jun 5 20:56:17.098 [2264] dbg: dcc: DCC learning not enabled by dcc_learn_score
Jun 5 20:56:17.099 [2264] dbg: check: is spam? score=26.393 required=5
Jun 5 20:56:17.099 [2264] dbg: check: tests=BAYES_99,BAYES_999,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOTS_OF_MONEY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RDNS_NONE,T_REMOTE_IMAGE,T_SPF_HELO_PERMERROR,T_SPF_PERMERROR,URIBL_ABUSE_SURBL,URIBL_BLACK,URIBL_DBL_SPAM
Jun 5 20:56:17.099 [2264] dbg: check: subtests=__ANY_TEXT_ATTACH,__ANY_TEXT_ATTACH_DOC,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__BODY_TEXT_LINE,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__CTYPE_MULTIPART_ANY,__DKIM_DEPENDABLE,__DOS_DIRECT_TO_MX,__DOS_HAS_ANY_URI,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__FB_TOUR,__FRAUD_DBI,__HAS_ANY_URI,__HAS_DATE,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_TO,__HAS_URI,__HDR_CASE_REVERSED,__HTML_LINK_IMAGE,__KHOP_NO_FULL_NAME,__LAST_EXTERNAL_RELAY_NO_AUTH,__LAST_UNTRUSTED_RELAY_NO_AUTH,__LOCAL_PP_NONPPURL,__LONGLINE,__LOTSA_MONEY_03,__MIME_HTML,__MIME_VERSION,__MISSING_REF,__MISSING_REPLY,__MSGID_OK_HOST,__NONEMPTY_BODY,__RCVD_IN_ZEN,__RDNS_NONE,__REMOTE_IMAGE,__SANE_MSGID,__SINGLE_WORD_LINE,__SINGLE_WORD_LINE,__TAG_EXISTS_BODY,__TAG_EXISTS_CENTER,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS,__TVD_MIME_ATT_TP,__YOU_WON,__YOU_WON_01,__hk_bigmoney
Jun 5 20:56:17.100 [2264] dbg: timing: total 8001 ms - init: 1008 (12.6%), parse: 1.21 (0.0%), extract_message_metadata: 45 (0.6%), get_uri_detail_list: 6 (0.1%), tests_pri_-1000: 22 (0.3%), compile_gen: 141 (1.8%), compile_eval: 21 (0.3%), tests_pri_-950: 6 (0.1%), tests_pri_-900: 6 (0.1%), tests_pri_-400: 131 (1.6%), check_bayes: 112 (1.4%), b_tokenize: 9 (0.1%), b_tok_get_all: 78 (1.0%), b_comp_prob: 4.2 (0.1%), b_tok_touch_all: 0.28 (0.0%), b_finish: 1.44 (0.0%), tests_pri_0: 6700 (83.7%), dkim_load_modules: 20 (0.3%), check_dkim_signature: 0.66 (0.0%), check_dkim_adsp: 8 (0.1%), check_spf: 82 (1.0%), poll_dns_idle: 0.32 (0.0%), check_dcc: 4482 (56.0%), check_razor2: 1370 (17.1%), check_pyzor: 331 (4.1%), tests_pri_500: 54 (0.7%)
Received: from localhost by ***********************
with SpamAssassin (version 3.4.1);
Mon, 05 Jun 2017 20:56:17 +0200
From: " Gerard Woods" <[email protected]>
To: <misja@****************>
Subject: You'll never need another pedicure, ever again!
Date: Mon, 05 Jun 2017 13:12:14 -0500
Message-Id: <DSi9BcShsMpIXws22UXerk6UBfaQeLwjsDXg53WC-JA.a5WawogcKTDH-IIxIxJ98cSVk1glBkhe06_yi0pIpko@zooita.info>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
*************************
X-Spam-Flag: YES
X-Spam-Level: **************************
X-Spam-Status: Yes, score=26.4 required=5.0 tests=BAYES_99,BAYES_999,DCC_CHECK,
DIGEST_MULTIPLE,HTML_MESSAGE,LOTS_OF_MONEY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PSBL,RCVD_IN_SBL_CSS,RDNS_NONE,
T_REMOTE_IMAGE,T_SPF_HELO_PERMERROR,T_SPF_PERMERROR,URIBL_ABUSE_SURBL,
URIBL_BLACK,URIBL_DBL_SPAM autolearn=no autolearn_force=no version=3.4.1
X-Spam-DCC: wuwien: ***************** 1290; Body=1 Fuz1=many Fuz2=2368
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5935A951.882C286D"
This is a multi-part message in MIME format.
------------=_5935A951.882C286D
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "*****************",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: FREEHOLD BOROUGH, N.J. At an elementary glaze school in Freehold,
over 500 students share dictator a vast, open space where bookshelves, whiteboards,
tacoma storage cubbies and other pieces of furniture unexpectedly are the
only boundaries between classrooms. There enabling are no walls because the
building was goth originally designed in the 1970s to be pullover a smaller
Montessori school, Rocco Tomazic, the imported superintendent of the Freehold
Borough School District, funny explained during a recent tour. But now adhere
it is noisy and crowded, and the mohawk district does not have the money
to consensus move students into traditional closed classrooms wind the kind
with walls and fewer distractions. shredder The issue for Freehold Borough
and apparently about two-thirds of New Jerseys 586 school sorority districts
is the states nine-year-old formula stun for paying for public schools. Adopted
by animal the State Legislature in 2008, it calculates lined how much each
district needs to ensure phone that students receive a thorough and efficient
soulful , regardless of income, as New Jersey familial law requires. The
formula directs extra dollars united to districts with children who are learning
crocus English, students with disabilities and those living welding in poverty.
But hundreds of towns, including blistering Freehold Borough, where 75 percent
of the autonomous schoolchildren are Latino, have not gotten their gripe
full share of funding under the formula techie since 2010. This year, for
instance, the cosmetic district was due $23 million, Mr. Tomazic luther said.
It got million. State aid mood has been flat-funded since at least 2010,
manipulate with no adjustments for [...]
Content analysis details: (26.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URIs: zooita.info]
3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[104.237.202.80 listed in zen.spamhaus.org]
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URIs: zooita.info]
0.1 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
3.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: zooita.info]
0.0 HTML_MESSAGE BODY: HTML included in message
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
4.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[104.237.202.80 listed in psbl.surriel.com]
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.3 DIGEST_MULTIPLE Message hits more than one network digest check
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_REMOTE_IMAGE Message contains an external image
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_5935A951.882C286D
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Return-Path: <[email protected]>
Delivered-To: misja@******************
Received: from *****************
by ******************** (Dovecot) with LMTP id lFpYBfCjNVmEeQAATmVXog
for <misja@*****************>; Mon, 05 Jun 2017 20:33:20 +0200
Return-path: <[email protected]>
Received: from [104.237.202.80] (helo=zooita.info)
by ***************** with esmtp (Exim 4.86.2)
(envelope-from <[email protected]>)
id 1dHwoT-0000Hi-Nt
for misja@**************; Mon, 05 Jun 2017 20:33:20 +0200
From: " Gerard Woods" <[email protected]>
Date: Mon, 05 Jun 2017 13:12:14 -0500
MIME-Version: 1.0
Subject: You'll never need another pedicure, ever again!
To: <misja@*****************>
Message-ID: <DSi9BcShsMpIXws22UXerk6UBfaQeLwjsDXg53WC-JA.a5WawogcKTDH-IIxIxJ98cSVk1glBkhe06_yi0pIpko@zooita.info>
Content-Type: multipart/alternative;
boundary="------------876410803547432665809643"
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "******************",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: FREEHOLD BOROUGH, N.J. At an elementary glaze school in Freehold,
over 500 students share dictator a vast, open space where bookshelves, whiteboards,
tacoma storage cubbies and other pieces of furniture unexpectedly are the
only boundaries between classrooms. There enabling are no walls because the
building was goth originally designed in the 1970s to be pullover a smaller
Montessori school, Rocco Tomazic, the imported superintendent of the Freehold
Borough School District, funny explained during a recent tour. But now adhere
it is noisy and crowded, and the mohawk district does not have the money
to consensus move students into traditional closed classrooms wind the kind
with walls and fewer distractions. shredder The issue for Freehold Borough
and apparently about two-thirds of New Jerseys 586 school sorority districts
is the states nine-year-old formula stun for paying for public schools. Adopted
by animal the State Legislature in 2008, it calculates lined how much each
district needs to ensure phone that students receive a thorough and efficient
soulful , regardless of income, as New Jersey familial law requires. The
formula directs extra dollars united to districts with children who are learning
crocus English, students with disabilities and those living welding in poverty.
But hundreds of towns, including blistering Freehold Borough, where 75 percent
of the autonomous schoolchildren are Latino, have not gotten their gripe
full share of funding under the formula techie since 2010. This year, for
instance, the cosmetic district was due $23 million, Mr. Tomazic luther said.
It got million. State aid mood has been flat-funded since at least 2010,
manipulate with no adjustments for [...]
Content analysis details: (1.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: zooita.info]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[104.237.202.80 listed in list.dnswl.org]
0.2 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_REMOTE_IMAGE Message contains an external image
SpamTally: Final spam score: 15
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
This is a multi-part message in MIME format.
--------------876410803547432665809643
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
FREEHOLD BOROUGH, N.J. At an elementary glaze school in Freehold, over 500 students share dictator a vast, open space where bookshelves, whiteboards, tacoma storage cubbies and other pieces of furniture unexpectedly are the only boundaries between classrooms. There enabling are no walls because the building was goth originally designed in the 1970s to be pullover a smaller Montessori school, Rocco Tomazic, the imported superintendent of the Freehold Borough School District, funny explained during a recent tour. But now adhere it is noisy and crowded, and the mohawk district does not have the money to consensus move students into traditional closed classrooms wind the kind with walls and fewer distractions. shredder The issue for Freehold Borough and apparently about two-thirds of New Jerseys 586 school sorority districts is the states nine-year-old formula stun for paying for public schools. Adopted by animal the State Legislature in 2008, it calculates lined how much each district needs to ensure phone that students receive a thorough and efficient soulful , regardless of income, as New Jersey familial law requires. The formula directs extra dollars united to districts with children who are learning crocus English, students with disabilities and those living welding in poverty. But hundreds of towns, including blistering Freehold Borough, where 75 percent of the autonomous schoolchildren are Latino, have not gotten their gripe full share of funding under the formula techie since 2010. This year, for instance, the cosmetic district was due $23 million, Mr. Tomazic luther said. It got million. State aid mood has been flat-funded since at least 2010, manipulate with no adjustments for