Good evening everyone. I have a unique issue that I'm noticing and wanted to get feedback from everyone. Back in January I upgraded our primary hosting server to a new CentOS version and migrated all data across. The hosting for my own business website is stored on there as well and I'm noticing that Outlook is collecting a ton of spam in my junk folder. None of it has the modified subject of ** SPAM** so I did some investigating.
It appears in the headers that all spam (and I have verified, it's clearly spam from the phishing links to porn), are showing a negative score after being processed. Here is a sample header where an email of nothing but URL links indicates it has a -26 SpamAssassin score. Am I missing something here, or can I do something to solve this issue? None of my customers have complained about it, so I want to get ahead of the curve with this one.
I appreciate any help anyone can give.
It appears in the headers that all spam (and I have verified, it's clearly spam from the phishing links to porn), are showing a negative score after being processed. Here is a sample header where an email of nothing but URL links indicates it has a -26 SpamAssassin score. Am I missing something here, or can I do something to solve this issue? None of my customers have complained about it, so I want to get ahead of the curve with this one.
I appreciate any help anyone can give.
Code:
X-Eon-Alias-Sig: AQEEGuRetveUsFBlZQEAAAAB,5f8634377a72fad91a1c2f6b653f63bc
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216,18.0.676
definitions=2020-05-09_07:2020-05-08,2020-05-09 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0
suspectscore=68 phishscore=0 bulkscore=0 spamscore=0 clxscore=1034
lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=626 adultscore=0
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000
definitions=main-2005090161
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 216.200.145.37, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 1.4 (+)
X-Spam-Report: Spam detection software, running on the system "XXXXXXX.XXXXXXXX-hosting.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview:
Content analysis details: (1.4 points, 7.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: succeedforevercommunity.org]
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[216.200.145.37 listed in list.dnswl.org]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.1 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of
words
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: succeedforevercommunity.org]
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[216.200.145.37 listed in wl.mailspike.net]
0.0 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
SpamTally: Final spam score: -26