thank you Jürg, now I found the catch:
This clever jerk managed to send his blackmailing spam *from and to* my server
administrator address. And since my server administrator address is in the
whitelist (sorry! now politically correct: in the welcomelist:-) because I
don't want to have my users to be blocklisted when I write them something, the
e-mail got presumably this high negative score of -61.5
You might have noticed this HackersBitcoinAddress rule in the X-Spam-Status,
it's a rule I created with this cool BO «SpamAssassin Rule Editor» in AV-Spam.
In this rule, I inserted the long bitcoin wallet address (as Expression) to be
searched in the message body. I gave it a score of 9. Now I increased the score
to 100, hope that works out.
Do you know where all those rules and their dedicated scores are listed? Can
they be edited?
Thank you and best regards
で⊃ Meaulnes Legler
Zurich, Switzerland
On 22.06.23 12:57, Juerg Sommer via Blueonyx wrote:
Hi Meaulnes
I'm confronted with a peculiar situation: spam slips untagged thru with a
*negative* score
X-Spam-Status: No, score=-61.5 required=5.0 tests=BITCOIN_DEADLINE,
BITCOIN_MALF_HTML,BITCOIN_SPAM_07,DCC_CHECK,DIGEST_MULTIPLE,
DOS_OUTLOOK_TO_MX,FSL_BULK_SIG,HTML_EXTRA_CLOSE,HTML_MESSAGE,
HackersBitcoinAddress,NO_FM_NAME_IP_HOSTN,PDS_BTC_ID,PYZOR_CHECK,
RATS_NOPTR,RATWARE_NO_RDNS,RCVD_IN_PBL,RCVD_IN_SBL_CSS,RCVD_IN_XBL,
RDNS_NONE,SBLXBL_SPAM,SPF_SOFTFAIL,TO_EQ_FM_DIRECT_MX,TXREP,
T_SCC_BODY_TEXT_LINE,USER_IN_WELCOMELIST,USER_IN_WHITELIST
autolearn=no autolearn_force=no version=3.4.2
X-Spam-Relay-Country: TN
what's wrong here? I set the Required Reject Hits to 9 instead of 10 and that
mail shouldn't have appeared at all if the score had been 61.5, but positive!
How does it turn negative?
That's normal. SpamAssasin gives positive and negative points based on rules.
There are some rules that indicates harmless mails (ex. BAYES score 1-10%), in
your case USER_IN_WELCOMELIST and USER_IN_WHITELIST. And some other rules, hat
indicates spam like BITCOIN_DEADLINE. If the sum of all affected rules is
greater than the defined score, the mail is marked as spam.
I don't know/use the BlueOnyx plugin for spam scanning. Perhaps you can define
your Welcome-List Addresses in the gui and should check if this sender address
is whitelisted. There's maybe a missconfiguration, but negative points are not
generally a problem.
BTW: SpamAssassin has changed their wording (like many other companies).
Whitelist is now welcomelist, blacklist is blocklist. So one of the rules above
would be an alias of the other and I don't know how it's named in the GUI.
Best regards,
Juerg
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
