Re: RFE? Or is there an easy way to do this?
On Sun, 2009-02-01 at 16:02 -0800, Linda Walsh wrote: > I have some email accounts that I use with particular vendors or lists. I > have > a few email accounts only known to a single person or company. > > What I'd like to do is someway of white-listing a "to-addr" if it is from a > list > of "from-addrs"else add something (constant?) to its spam score. You can do both easily with header and meta rules. Depends on your amount of specialized addresses, and how frequently you're changing them. The header rules should check for certain To and From addresses, using the non-scoring double-underscore sub-rules. You can then create meta rules to assign a negative score for known good combinations, or add a point for a non-match. References: http://spamassassin.apache.org/full/3.2.x/doc/Mail_SpamAssassin_Conf.html http://wiki.apache.org/spamassassin/WritingRules Looking at your sender address and having in mind you mentioned lists to apply this to... You should be careful with the score. If I would Cc you on this reply, is it spam? Also, with mailing lists, you'd need to check different headers than From. > An even more advanced but non-trivial check would be "if to addr(X), and not > in > my contacts(addr-book), then SPAM, else ok Sounds like the third-party "Addressbook" plugin. http://wiki.apache.org/spamassassin/CustomPlugins Highly depends on the format of your address-book. Also, you'd need to have your address-book stored on the server... Oh, yeah, and spammers *do* kind of abuse this. In the sense of the recent "From and To are identical" threads, I frequently see them forging user A to send a message to A, B and C at the same domain. That effectively means that a dumb know-From check doesn't cut it... AWL is your friend. guenther -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: country in africa
On Sun, Feb 01, 2009 at 01:45:50PM +0100, mouss wrote: > Henrik K a écrit : > > On Sat, Jan 31, 2009 at 12:40:24PM +0100, mouss wrote: > >> if you use the RelayCountry plugin, you can add rules for a few countries: > > > > If you are lazy, here is about all of africa.. > > > > header RELAYED_419 X-Relay-Countries =~ > > /\b(?:AO|B[IJW]|C[DFGIMV]|DJ|E[RT]|G[AHMNQW]|K[EM]|L[RS]|M[WZ]|N[AEG]|RW|S[LNOTZ]|T[DGNZ]|UG|Z[AMW])\b/ > > > > Works fine for me. YMMV. ;) > > > > This would be too aggressive by here. we do get mail from north africa > (you include TN) and South Africa (you include ZA). So do we. But for such marginal cases, bayes and other whitelisting negates it easily.
RFE? Or is there an easy way to do this?
I have some email accounts that I use with particular vendors or lists. I have a few email accounts only known to a single person or company. What I'd like to do is someway of white-listing a "to-addr" if it is from a list of "from-addrs"else add something (constant?) to its spam score. An even more advanced but non-trivial check would be "if to addr(X), and not in my contacts(addr-book), then SPAM, else ok Anyone else have their ways to do these checks? thanks, -linda
Re: html experts: empty
Michael Scheidell wrote on Sun, 01 Feb 2009 11:27:50 -0500: > which is why I think it should be in one of those html_eval plugins, I agree, it would be more helpful and less ressource-hungry there. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: vbounce and out of office messages
From: Kai Schaetzl Date: Sun, 01 Feb 2009 17:40:00 +0100 Jeff Mincy wrote on Sun, 1 Feb 2009 10:01:49 -0500: > I use vbounce rules to detect bounce messages that were missed by > various procmail filtering rules. Any message identified as a bounce > is processed and delivered differently in procmail rules. So, any > vbounce FP is rather painful. No, it is not, unless you score these rules too high or unless you use the single rules for triggering other actions. That's what SA is all about: scoring. ... Huh? You don't want bounces to be processed as regular spam. If you train bayes on bounces then you are training bayes to detect bounces and pretty soon SpamAssassin will detect all bounces, including valid bounces as spam. This comment is taken from the 20_vbounce.cf file: # If you use this, set up procmail or your mail app to spot the # "ANY_BOUNCE_MESSAGE" rule hits in the X-Spam-Status line, and move # messages that match that to a 'vbounce' folder. ... If you try to (mis-)use it in other ways problems are to be expected. That's not the fault of the vbounce rules. The purpose of 20_vbounce is to detect and identify bounces so that you may process bounce messages differently. So I disagree, any FP in the vbounce rules is the fault of vbounce rules and prevents these rules from being used as designed. AFAIK, the default score for the all BOUNCE rules is 0.1 Right. If you aren't going to use the vbounce rules for extra processing then there really isn't any point in running the rules. The low default score pretty much guarantees that message classification will not change one way or the other. -jeff
Re: vbounce and out of office messages
Jeff Mincy wrote on Sun, 1 Feb 2009 10:01:49 -0500: > I use vbounce rules to detect bounce messages that were missed by > various procmail filtering rules. Any message identified as a bounce > is processed and delivered differently in procmail rules. So, any > vbounce FP is rather painful. No, it is not, unless you score these rules too high or unless you use the single rules for triggering other actions. That's what SA is all about: scoring. If you try to (mis-)use it in other ways problems are to be expected. That's not the fault of the vbounce rules. AFAIK, the default score for the all BOUNCE rules is 0.1 Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: html experts: empty
Kai Schaetzl wrote: As I understand even those clients that produce empty style tags do this in the header and not in the body. There's a chance that you FP on body/style sections that appear in text/plain parts (e.g. samples) - AFAIK there is no test that matches only in text/html parts, so you can't avoid that. And the rule might be a heavy one as the expression may need to "gulp" a lot of non-matching text between body and style tag. which is why I think it should be in one of those html_eval plugins, like ones that check for ratio of html/txt, check extra close, etc. easy way to check body/vs head: rawbody __IN_BODY // rawbody __RULES_THAT_SHOULD_NOT_BE_IN_BODY /
once again problems with sa-learn
I think I solved this a year or so ago, but didn't post enough of my solution to figure it out again (all I said was that I had to run the entire directory through spamc before I was able to get sa-learn working) sa-learn -D --showdots --spam .kde4.2/share/apps/kmail/dimap/.1734756527.directory/. \[Gmail\].directory/Spam/ cur/ [30633] dbg: logger: adding facilities: all [30633] dbg: logger: logging level is DBG [30633] dbg: generic: SpamAssassin version 3.2.5 [30633] dbg: config: score set 0 chosen. [30633] dbg: util: running in taint mode? no [30633] dbg: dns: no ipv6 [30633] dbg: dns: is Net::DNS::Resolver available? yes [30633] dbg: dns: Net::DNS version: 0.63 [30633] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [30633] dbg: config: read file /etc/mail/spamassassin/init.pre [30633] dbg: config: read file /etc/mail/spamassassin/v310.pre [30633] dbg: config: read file /etc/mail/spamassassin/v312.pre [30633] dbg: config: read file /etc/mail/spamassassin/v320.pre [30633] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files [30633] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir [30633] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf [30633] dbg: config: using "/etc/mail/spamassassin" for site rules dir [30633] dbg: config: read file /etc/mail/spamassassin/local.cf [30633] dbg: config: using "/home/xenoterracide/.spamassassin/user_prefs" for user prefs file [30633] dbg: config: read file /home/xenoterracide/.spamassassin/user_prefs [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [30633] dbg: pyzor: network tests on, attempting Pyzor [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [30633] dbg: razor2: razor2 is not available [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [30633] dbg: reporter: network tests on, attempting SpamCop [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [30633] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [30633] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf [30633] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" for included file [30633] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
Re: vbounce and out of office messages
From: Kai Schaetzl Date: Sun, 01 Feb 2009 14:31:17 +0100 Karsten Bräckelmann wrote on Fri, 30 Jan 2009 19:42:16 +0100: > FWIW, and to make Michael happy, I just caught one today -- hit another > rule, __BOUNCE_OOO_3. Sadly, it also hit __BOUNCE_AUTO_REPLY. So there's > more to disable... why? Why disable a rule because of a few FPs? If that rule isn't scored in any way that makes it a threat that is perfectly acceptable. It's the overall behavior of a rule that makes it worth or not worth using it, not a few FPs. Nobody, at least not me, expects these rules to be free of FPs. I use vbounce rules to detect bounce messages that were missed by various procmail filtering rules. Any message identified as a bounce is processed and delivered differently in procmail rules. So, any vbounce FP is rather painful. If you aren't doing anything special delivering bounce messages then a FP in this rule wouldn't matter very much. -jeff
Re: open of auto-whitelist failed: Out of memory
On Sun, 01 Feb 2009 12:20:06 +0100 mouss wrote: > Nicolas Letellier a écrit : > > Hello. > > > > I use FreeBSD 7.0 and p5-Mail-SpamAssassin-3.2.5. In my logs, sometimes, I > > see this message: > > > > Jan 31 22:36:09 * spamd[17781]: auto-whitelist: open of auto-whitelist > > file failed: Out of memory during ridiculously large request at > > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm > > line 169. > > Jan 31 22:36:09 ** spamd[17781]: spamd: identified spam (26.8/6.0) for > > spamd:58 in 2.6 seconds, 3377 bytes. > > Jan 31 22:36:09 ** spamd[17781]: spamd: result: Y 26 - > > BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB > > > > scantime=2.6,size=3377,user=spamd,uid=58,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=53197,mid=<20090131213558.40c4a3227...@trinite.amoks-hebergement.com>,bayes=1.00,autolearn=spam > > > > > > Why have I this message? What it signify? Is it dangerous to have it? > > > > probably that the AWL db is too large. > > > Thanks for all your advices. > > > > consider using sql instead of a "file" db. > > The sizes: 8256 -rw--- 1 spamd spamd 10485760 1 fév 15:57 auto-whitelist 2 -rw--- 1 spamd spamd 6 1 fév 15:57 auto-whitelist.mutex 2 -rw--- 1 spamd spamd 1260 1 fév 15:57 bayes.mutex 56 -rw--- 1 spamd wheel 56496 1 fév 15:57 bayes_journal 8208 -rw--- 1 spamd spamd 10371072 1 fév 15:57 bayes_seen 4128 -rw--- 1 spamd wheel 5488640 1 fév 15:57 bayes_toks 2 -rw-r--r-- 1 spamd spamd 1487 10 mar 2008 user_prefs is it too big? If it's the case, why have I this message 'sometimes'? Regards, -- -Nicolas.
Re: country in africa
RobertH wrote: > matt > > i hear ya. > > ill be using it and scoring low (or whatever i desire) and using meta's it > appears. > > i wasnt asking for it to be some major contention in SA core scoring... > > i just honestly cannot belive that there are still people out there sending > these emails pretending to be someone from that country > > wouldnt it be a joke in those circles by now? > There's a new sucker born every minute. http://news.softpedia.com/news/Houston-Lawyer-Falls-Victim-to-E-mail-Scam-103354.shtml
Re: country in africa
RobertH wrote: looking hard? of course i did. You did say you didn't see Nigeria anywhere. I took this to mean that you dodn't see it anywhere in the SA default rules, which you would have done using a quick grep. Now I don't know what you meant when you said you didn't see it anywhere. wasn't mentioned, wich it obviously was. how many legitimate emails a day do you people get with the work Nigeria in it? I get one every now and then. Those usually have to do with spam, but not allways. Sometimes we get quite a few from TT (a swedish news agency). At those times it's likely to also be mentioned in our own specialized newspaper (made for deafblind people) as well as in several newsletters people subscribe to. We have had correspondance with non-profits in Nigeraia as well, but I've no idea how common that is. In contrast, I can't even remember the last time a 419-type mail mentioning Nigeria slipped through our filter. As an aside: We once got a legitimate mail from a Nigerian NGO seeking financial help for the work with disabled people. We're a swedish NGO for deafblind people with a few projects in Africa, so it's not a spammy thing for them to do. It got stuck in our quarantine (wich is reviewed most workdays), so we actually received it. I do feel sorry for them since it was most likely stopped almost everywhere. Their mail mentioned money, transfers of money, the government of Nigeria and banks and was sent form Nigeria. yeah, that is what i thought. :-) It was? when i get an nigerian email scam email that hits squat, well you get the idea. Yeah. You get mail that I don't. I don't get Nigerian scam email myself, and our users don't report any to me. We reject and quarantine at 9 points, and reject without quarantine at 18 points. So Nigerian scams get at least 9 points here. So most nigerian mail are either stopped by our greylist or get 18 points or more, and virtually none get lower than 9 points here. Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
Re: vbounce and out of office messages
Karsten Bräckelmann wrote on Fri, 30 Jan 2009 19:42:16 +0100: > FWIW, and to make Michael happy, I just caught one today -- hit another > rule, __BOUNCE_OOO_3. Sadly, it also hit __BOUNCE_AUTO_REPLY. So there's > more to disable... why? Why disable a rule because of a few FPs? If that rule isn't scored in any way that makes it a threat that is perfectly acceptable. It's the overall behavior of a rule that makes it worth or not worth using it, not a few FPs. Nobody, at least not me, expects these rules to be free of FPs. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: please help, getting hammered with snowshoe spam
Karsten Bräckelmann wrote on Fri, 30 Jan 2009 20:25:52 +0100: > Dennis clearly stated a *week* ago that the "domains change too > quickly" (actual quote). Getting them listed will not help him. Oh, and > don't you think he would have created a trivial uri rule already, if > that would get them caught? Obviously they are caught for others ;-) Either by Bayes, rules, network checks or other measure. It's never a "one hits them all" solution, so adding a spam domain to uribl is always good. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: html experts: empty
Kenneth Porter wrote on Sat, 31 Jan 2009 13:59:54 -0800: > A simple-minded autodetect system would just look at the first tokens to > spot HTML tags, like , , > , or . An initial paragraph > of > plain text would be enough to prevent it from interpreting later HTML > examples as making the whole message part HTML. Yeah, "would" ;-) I just wrote that reply as a general reminder why it wouldn't work well. You can come up with a lot of "woulds" that complicate this process. Anyway, there isn't even a Microsoft client doing this, for good reasons. And it's absolutely not standards compatible, anyway. So, just forget this path. And now back to Michael's first posting. iihdpuvikzxwdivdidulauqqgbjwkpgxfsufxkmnjkcn There wasn't confirmation, but this sequence was obviously found in a text/html MIME part and not in a text/plain part. So, if I understand SA's processing correctly a body rule would "see" exactly "" of the above for content checks, or in the other example it would "see" "Va" . > The 'body' in this case is the textual parts of the message body; > any non-text MIME parts are stripped, and the message decoded from > Quoted-Printable or Base-64-encoded format if necessary. The message > Subject header is considered part of the body and becomes the first > paragraph when running the rules. All HTML tags and line breaks will > be removed before matching. (this doesn't clarify if it removes *all* HTML tags or only the ones in the text/html part. It's also not clear, if it removes the content of style tags in the body or just the tag itself. It may remove the head completely which would eliminate any style tags and content in the normal location as well. So, it might just remove the style tag if it encounters one in the body but keep the content. In this case an SA body rule would be able to match against it.) About display in the client: non of the major client's will display this as part of a text/html part. With the exception of maybe the very latest Outlook as this moved from IE to Office for the HTML rendering engine and I don't know how this behaves. If this is used in spam messages, it's misguided and won't fulfill what they want. For spam testing: you could indeed try to match against style tags of all kinds (empty or not, garbage or not) that appear in a body section with a rawbody rule. As I understand even those clients that produce empty style tags do this in the header and not in the body. There's a chance that you FP on body/style sections that appear in text/plain parts (e.g. samples) - AFAIK there is no test that matches only in text/html parts, so you can't avoid that. And the rule might be a heavy one as the expression may need to "gulp" a lot of non-matching text between body and style tag. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: country in africa
RobertH wrote on Fri, 30 Jan 2009 08:53:47 -0800: > i hear you, yet lets get real... > > and, we do use jm_sought stuff. > > the word nigeria alone is worth a point is all i was saying. Wrong. It is worth a point for *you* and maybe for others. Not for everyone. So, please add a custom rule and all is well for you. There's absoluetely no reason to start a thread about scoring some countries here. First try to understand how SA works. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: country in africa
Henrik K a écrit : > On Sat, Jan 31, 2009 at 12:40:24PM +0100, mouss wrote: >> if you use the RelayCountry plugin, you can add rules for a few countries: > > If you are lazy, here is about all of africa.. > > header RELAYED_419 X-Relay-Countries =~ > /\b(?:AO|B[IJW]|C[DFGIMV]|DJ|E[RT]|G[AHMNQW]|K[EM]|L[RS]|M[WZ]|N[AEG]|RW|S[LNOTZ]|T[DGNZ]|UG|Z[AMW])\b/ > > Works fine for me. YMMV. ;) > This would be too aggressive by here. we do get mail from north africa (you include TN) and South Africa (you include ZA).
Re: open of auto-whitelist failed: Out of memory
Nicolas Letellier a écrit : > Hello. > > I use FreeBSD 7.0 and p5-Mail-SpamAssassin-3.2.5. In my logs, sometimes, I > see this message: > > Jan 31 22:36:09 * spamd[17781]: auto-whitelist: open of auto-whitelist > file failed: Out of memory during ridiculously large request at > /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm > line 169. > Jan 31 22:36:09 ** spamd[17781]: spamd: identified spam (26.8/6.0) for > spamd:58 in 2.6 seconds, 3377 bytes. > Jan 31 22:36:09 ** spamd[17781]: spamd: result: Y 26 - > BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB > > scantime=2.6,size=3377,user=spamd,uid=58,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=53197,mid=<20090131213558.40c4a3227...@trinite.amoks-hebergement.com>,bayes=1.00,autolearn=spam > > > Why have I this message? What it signify? Is it dangerous to have it? > probably that the AWL db is too large. > Thanks for all your advices. > consider using sql instead of a "file" db.
Re: country in africa
RobertH a écrit : > thanks mouss > > u the reason i made the subject, "country in africa" was that i didnt > want to use the exact word > you can if you try :) > i can see my mistake it that now. > > as always, i sincerely appreciate the vast programming and SA application > wisdom & knowledge on this list. > > thank you all for you help. > > and again, this is like probably the only word that in small quantities > regularly slips through untouched. > > may i ask, in writing this non standard rule for a single word, and you > wanted to capture the most possibilities of that single word coming through > so that you could flag it with very small score / hit > > how should that be written? > > something like this two word one? > > body LOCAL_JASONHART /\bJason Hart\b/ > score LOCAL_JASONHART 10.1 > > yes. when you add/change rules, run 'spamassassin --lint' to see if you have a syntax error. you can test your rules with spamassassin -t < sample.eml to see debug output, use the '-D' flag. consider using JM Sought channel (which includes JM_SOUGHT_FRAUD rules).
open of auto-whitelist failed: Out of memory
Hello. I use FreeBSD 7.0 and p5-Mail-SpamAssassin-3.2.5. In my logs, sometimes, I see this message: Jan 31 22:36:09 * spamd[17781]: auto-whitelist: open of auto-whitelist file failed: Out of memory during ridiculously large request at /usr/local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/DBBasedAddrList.pm line 169. Jan 31 22:36:09 ** spamd[17781]: spamd: identified spam (26.8/6.0) for spamd:58 in 2.6 seconds, 3377 bytes. Jan 31 22:36:09 ** spamd[17781]: spamd: result: Y 26 - BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_IMAGE_ONLY_32,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_PBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB scantime=2.6,size=3377,user=spamd,uid=58,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=53197,mid=<20090131213558.40c4a3227...@trinite.amoks-hebergement.com>,bayes=1.00,autolearn=spam Why have I this message? What it signify? Is it dangerous to have it? Thanks for all your advices. Regards, -- -Nicolas.