SA is correctly assigning a high score to an email (Content analysis details:
(12.0 points, 3.5 required)) but the X-Spam-Status header reads: No,
score=0.0 required=3.5 tests=HTML_MESSAGE,MIME_BASE64_TEXT,
MIME_QP_LONG_LINE,NO_RELAYS,T_HTML_ATTACH autolearn=unavailable
version=3.3.1... any hints?
---- Email ----
Subject:
*****SPAM***** Reset your Twitter password
From:
Twitter <twitter-resetpw-daniel=mydomain....@postmaster.twitter.com>
Date:
Tue, 15 Jun 2010 01:54:12 +0200
To:
m...@mydomain.com
X-Spam-Checker-Version:
SpamAssassin 3.3.1 (2010-03-16) on mydomain.com
X-Spam-Status:
No, score=0.0 required=3.5 tests=HTML_MESSAGE,MIME_BASE64_TEXT,
MIME_QP_LONG_LINE,NO_RELAYS,T_HTML_ATTACH autolearn=unavailable
version=3.3.1
Received:
from localhost by mydomain.com with SpamAssassin (version 3.3.1); Mon, 14
Jun 2010 18:57:51 -0400
Message-ID:
<4c069fc268b7d_3795925aa4308...@mx008.twitter.com.tmail>
MIME-Version:
1.0
Content-Type:
multipart/mixed; boundary="----------=_4C16B3EF.5B551AAE"
Spam detection software, running on the system "mydomain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hey there. Because of the measures taken to provide safety
to our clients, your password has been changed. You can find your new
password
in attached document. Yours, Twitter= [...]
Content analysis details: (12.0 points, 3.5 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?78.135.14.229>]
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[78.135.14.229 listed in dnsbl.sorbs.net]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[78.135.14.229 listed in zen.spamhaus.org]
0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[78.135.14.229 listed in psbl.surriel.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[78.135.14.229 listed in
bl.score.senderscore.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[78.135.14.229 listed in
bb.barracudacentral.org]
1.1 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
0.1 TVD_RCVD_IP TVD_RCVD_IP
0.0 T_HTML_ATTACH BODY: HTML attachment to bypass scanning?
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64
encoding
1.3 RDNS_NONE Delivered to internal network by a host with no
rDNS
-2.3 AWL AWL: From: address is in the auto white-list
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Subject:
Reset your Twitter password
From:
Twitter <twitter-resetpw-daniel=mydomain....@postmaster.twitter.com>
Date:
Tue, 15 Jun 2010 01:54:12 +0200
To:
m...@mydomain.com
Return-Path:
<layoffsid...@rconsultinggroup.com>
X-Original-To:
m...@mydomain.com
Delivered-To:
m...@mydomain.com
Received:
from 78-135-14-229.extendbroadband.com (unknown [78.135.14.229]) by
mail.zirkin.com (Postfix) with ESMTP id C55DB1E6068B for <m...@mydomain.com>;
Mon, 14 Jun 2010 18:57:46 -0400 (EDT)
Received:
from mx008.twitter.com (mx008.twitter.com [128.121.146.144]) by
mx.google.com with ESMTP id 5qn4711431qfu.10.20100614225412; Tue, 15 Jun
2010 01:54:12 +0200
Received:
from twitter.com (localhost [127.0.0.1]) by mx008.twitter.com (Postfix) with
ESMTP id 15H31341391 for <m...@mydomain.com>; Tue, 15 Jun 2010 01:54:12 +0200
Reply-To:
nore...@postmaster.twitter.com
Message-ID:
<4c069fc268b7d_3795925aa4308...@mx008.twitter.com.tmail>
MIME-Version:
1.0
Content-Type:
multipart/mixed; boundary="----------9EC4821DA6B730"
Hi, m...@mydomain.com
Because of the measures taken to provide safety to our clients, your
password has been changed.
You can find your new password in attached document.
The Twitter Team
Please do not reply to this message; it was sent from an unmonitored email
address. This message is a service email related to your use of Twitter.
Reset your Twitter password.eml
Content-Description:
original message before SpamAssassin
Content-Type:
message/rfc822
Content-Encoding:
8bit
index.html
Content-Type:
text/html
Content-Encoding:
base64
--
View this message in context:
http://old.nabble.com/Incorrect-X-Spam-Status-header-tp28885710p28885710.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
