SA is correctly assigning a high score to an email (Content analysis details: (12.0 points, 3.5 required)) but the X-Spam-Status header reads: No, score=0.0 required=3.5 tests=HTML_MESSAGE,MIME_BASE64_TEXT, MIME_QP_LONG_LINE,NO_RELAYS,T_HTML_ATTACH autolearn=unavailable version=3.3.1... any hints?
---- Email ---- Subject: *****SPAM***** Reset your Twitter password From: Twitter <twitter-resetpw-daniel=mydomain....@postmaster.twitter.com> Date: Tue, 15 Jun 2010 01:54:12 +0200 To: m...@mydomain.com X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mydomain.com X-Spam-Status: No, score=0.0 required=3.5 tests=HTML_MESSAGE,MIME_BASE64_TEXT, MIME_QP_LONG_LINE,NO_RELAYS,T_HTML_ATTACH autolearn=unavailable version=3.3.1 Received: from localhost by mydomain.com with SpamAssassin (version 3.3.1); Mon, 14 Jun 2010 18:57:51 -0400 Message-ID: <4c069fc268b7d_3795925aa4308...@mx008.twitter.com.tmail> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_4C16B3EF.5B551AAE" Spam detection software, running on the system "mydomain.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hey there. Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Yours, Twitter= [...] Content analysis details: (12.0 points, 3.5 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?78.135.14.229>] 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server [78.135.14.229 listed in dnsbl.sorbs.net] 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [78.135.14.229 listed in zen.spamhaus.org] 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [78.135.14.229 listed in psbl.surriel.com] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [78.135.14.229 listed in bl.score.senderscore.com] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [78.135.14.229 listed in bb.barracudacentral.org] 1.1 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d 0.1 TVD_RCVD_IP TVD_RCVD_IP 0.0 T_HTML_ATTACH BODY: HTML attachment to bypass scanning? 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS -2.3 AWL AWL: From: address is in the auto white-list The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. Subject: Reset your Twitter password From: Twitter <twitter-resetpw-daniel=mydomain....@postmaster.twitter.com> Date: Tue, 15 Jun 2010 01:54:12 +0200 To: m...@mydomain.com Return-Path: <layoffsid...@rconsultinggroup.com> X-Original-To: m...@mydomain.com Delivered-To: m...@mydomain.com Received: from 78-135-14-229.extendbroadband.com (unknown [78.135.14.229]) by mail.zirkin.com (Postfix) with ESMTP id C55DB1E6068B for <m...@mydomain.com>; Mon, 14 Jun 2010 18:57:46 -0400 (EDT) Received: from mx008.twitter.com (mx008.twitter.com [128.121.146.144]) by mx.google.com with ESMTP id 5qn4711431qfu.10.20100614225412; Tue, 15 Jun 2010 01:54:12 +0200 Received: from twitter.com (localhost [127.0.0.1]) by mx008.twitter.com (Postfix) with ESMTP id 15H31341391 for <m...@mydomain.com>; Tue, 15 Jun 2010 01:54:12 +0200 Reply-To: nore...@postmaster.twitter.com Message-ID: <4c069fc268b7d_3795925aa4308...@mx008.twitter.com.tmail> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------9EC4821DA6B730" Hi, m...@mydomain.com Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. The Twitter Team Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. Reset your Twitter password.eml Content-Description: original message before SpamAssassin Content-Type: message/rfc822 Content-Encoding: 8bit index.html Content-Type: text/html Content-Encoding: base64 -- View this message in context: http://old.nabble.com/Incorrect-X-Spam-Status-header-tp28885710p28885710.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.