Two spam score in mail headers?

ozgurerdogan

Verified User
Joined
Apr 20, 2008
Messages
293
Som pretty spammy mails pass spam test. When I check their header I see two spam score. Why is this:
Code:
    Return-Path: <SRS0=e/hJ9L=P3=xl.me=ug@somedomain.com>
    Delivered-To: someuser@somedomain.com
    Received: from ns34.somedomainn.com
    	by ns34.somedomainn.com (Dovecot) with LMTP id zCK5Ar8y/VY8bwAAieRJUw
    	for <someuser@somedomain.com>; Thu, 31 Mar 2016 17:22:55 +0300
    Return-path: <SRS0=e/hJ9L=P3=xl.me=ug@somedomain.com>
    Received: from mail by ns34.somedomainn.com with spam-scanned (Exim 4.86.2)
    	(envelope-from <ug@xl.me>)
    	id 1aldUn-0007P8-97
    	for info@somedomain.com; Thu, 31 Mar 2016 17:22:54 +0300
    X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ns34.somedomainn.com
    X-Spam-Level: ****
    X-Spam-Status: No, score=4.6 required=5.0 tests=FORGED_OUTLOOK_HTML,
    	HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_SORBS_WEB,RDNS_NONE
    	autolearn=no autolearn_force=no version=3.4.1
    Received: from [58.54.35.27] (helo=xl.me)
    	by ns34.somedomainn.com with esmtp (Exim 4.86.2)
    	(envelope-from <ug@xl.me>)
    	id 1aldUl-0007P2-3r
    	for info@somedomain.com; Thu, 31 Mar 2016 17:22:49 +0300
    Received: from mgm (unknown [150.228.57.32])
    	by xl.me with SMTP id OAVNKowSzPSj0GXF.1
    	for <info@somedomain.com>; Thu, 31 Mar 2016 22:22:58 +0800
    Message-ID: <A3822CB2B4B0F6953B1B9E943CA8FC9D@mgm>
    From: =?utf-8?B?5p+P6JqQ5Z+w?= <ug@xl.me>
    To: <info@somedomain.com>
    Subject: =?utf-8?B?5aaC5L2V5a+556CU5Y+R5bel5L2c6L+b6KGM5YiG6Kej77yf?=
    Date: Thu, 31 Mar 2016 22:22:46 +0800
    Mime-Version: 1.0
    Content-Type: multipart/mixed;
    	boundary="----=_NextPart_000_0D2D_01003431.1B5BE960"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.5512
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
    ReverseDNS: No reverse DNS for mailserver at 58.54.35.27, +100 Spam score
    SpamTally: Final spam score: 100
    X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
Please note:
Code:
    X-Spam-Status: No, score=4.6 required=5.0 tests=FORGED_OUTLOOK_HTML,
     ReverseDNS: No reverse DNS for mailserver at 58.54.35.27, +100 Spam score
    SpamTally: Final spam score: 100
 

harro

Verified User
Joined
Oct 15, 2005
Messages
165
The second score is from Easy Spam Fighter (ESF), if I am not mistaken. At score 100 it should be default be deleted by ESF, but since you received this email that clearly did not happen.
Default: "EASY_HIGH_SCORE_DROP = 100 - very high scoring spam is dropped at this score, and not allowed to enter"
ESF is not working correctly for me either and I fear that there is a problem between the interaction Spamassassin-ESF. Perhaps because ESF calls Spamassassin at score 55 and then just stops working:

Default: EASY_LIMIT = 55 - max score before an email is considered spam before SA is rung (main purpose is just to decide if SpamAssassin run is needed)"
I wonder whether there are admins that have a confirmed working ESF according to how it should work?
 
Top