RE: local.cf example
Thanks for your help! I discovered AWL enable in init.pre which short-circuit all other plugins. I disabled AWL and spamassassin is working fine now. Thanks for your help! _Motty -Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Wednesday, November 02, 2016 10:16 AM To: users@spamassassin.apache.org Subject: Re: local.cf example On 01.11.16 11:24, Motty Cruz wrote: >Very strange, missed configuration, here is another header and I have >not change any configuration and yet this one was scanned: >X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6 >tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99, >DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99, >HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, >RCVD_IN_DNSWL_NONE=2.3, >RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, >RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001, >SPF_PASS=-0.001] autolearn=no autolearn_force=no the former was scanned too, but it only hit RDNS_NONE with extremely increased score. ...I have increased score for RCVD_IN_RP_CERTIFIED to -0.03 and RCVD_IN_RP_SAFE to -0.02 to avoid spam from "certified" spammers. Note that you have enabled network tests but I see no sign of RAZOR, PYROZ and DCC (they all need extra SW installed). Also, still no BAYES (maybe manual training would help) >On 01.11.16 08:43, Motty Cruz wrote: >>X-Virus-Scanned: amavisd-new at fqdn.com >>X-Spam-Flag: NO >>X-Spam-Score: 5.5 >>X-Spam-Level: * >>X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 >>tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no >>Received: from HOST1.fqdn.com ([127.0.0.1]) >> >>This-election is the craziest in our country's history so far but >>in-spite of all the press-surrounding it, there is something that NO >>ONE seems to have the-guts to talk about... >> >>Totally spam E-mail, should have score higher, but there was only one >score? > >RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5? > >You apparently miss modules, network checks, BAYES (database apparently >under "amavis" user) ... > >yes, even in such cases you may only get only one rule hit (e.g. >BAYES_99) but it's quite rare case -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: local.cf example
On 01.11.16 11:24, Motty Cruz wrote: Very strange, missed configuration, here is another header and I have not change any configuration and yet this one was scanned: X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6 tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no the former was scanned too, but it only hit RDNS_NONE with extremely increased score. ...I have increased score for RCVD_IN_RP_CERTIFIED to -0.03 and RCVD_IN_RP_SAFE to -0.02 to avoid spam from "certified" spammers. Note that you have enabled network tests but I see no sign of RAZOR, PYROZ and DCC (they all need extra SW installed). Also, still no BAYES (maybe manual training would help) On 01.11.16 08:43, Motty Cruz wrote: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 5.5 X-Spam-Level: * X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no Received: from HOST1.fqdn.com ([127.0.0.1]) This-election is the craziest in our country's history so far but in-spite of all the press-surrounding it, there is something that NO ONE seems to have the-guts to talk about... Totally spam E-mail, should have score higher, but there was only one score? RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5? You apparently miss modules, network checks, BAYES (database apparently under "amavis" user) ... yes, even in such cases you may only get only one rule hit (e.g. BAYES_99) but it's quite rare case -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
RE: local.cf example
Very strange, missed configuration, here is another header and I have not change any configuration and yet this one was scanned: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 2.604 X-Spam-Level: ** X-Spam-Status: No, score=2.604 tagged_above=-999.9 required=5.6 tests=[AWL=2.468, DATE_IN_PAST_03_06=1.076, DKIM_SIGNED=0.99, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VERIFIED=0.99, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_RP_CERTIFIED=-3, RCVD_IN_RP_SAFE=-2, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Authentication-Results: HOST1.fqdn.com (amavisd-new); dkim=pass (1536-bit key) header.d=kevineikenberry.com; domainkeys=pass (1536-bit key) header.from=repl...@kevineikenberry.com header.d=kevineikenberry.com I'm very confused. Thanks, Motty -Original Message- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Tuesday, November 01, 2016 9:41 AM To: users@spamassassin.apache.org Subject: Re: local.cf example On 01.11.16 08:43, Motty Cruz wrote: >X-Virus-Scanned: amavisd-new at fqdn.com >X-Spam-Flag: NO >X-Spam-Score: 5.5 >X-Spam-Level: * >X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 >tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no >Received: from HOST1.fqdn.com ([127.0.0.1]) > >This-election is the craziest in our country's history so far but >in-spite of all the press-surrounding it, there is something that NO >ONE seems to have the-guts to talk about... > >Totally spam E-mail, should have score higher, but there was only one score? RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5? You apparently miss modules, network checks, BAYES (database apparently under "amavis" user) ... yes, even in such cases you may only get only one rule hit (e.g. BAYES_99) but it's quite rare case -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
Re: local.cf example
On 01.11.16 08:43, Motty Cruz wrote: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 5.5 X-Spam-Level: * X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no Received: from HOST1.fqdn.com ([127.0.0.1]) This-election is the craziest in our country's history so far but in-spite of all the press-surrounding it, there is something that NO ONE seems to have the-guts to talk about... Totally spam E-mail, should have score higher, but there was only one score? RDNS_NONE does only score 1.1/0.7, why did you bump it to 5.5? You apparently miss modules, network checks, BAYES (database apparently under "amavis" user) ... yes, even in such cases you may only get only one rule hit (e.g. BAYES_99) but it's quite rare case -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
RE: local.cf example
On Tue, 1 Nov 2016, Motty Cruz wrote: If I disable AWL: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 5.5 X-Spam-Level: * X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no Received: from HOST1.fqdn.com ([127.0.0.1]) This-election is the craziest in our country's history so far but in-spite of all the press-surrounding it, there is something that NO ONE seems to have the-guts to talk about... Totally spam E-mail, should have score higher, but there was only one score? No BAYES? There aren't any URLs so I don't expect URIBL hits, and there aren't any commonly spammy phrases there that rules look for (at least in the portion you quoted). If it was received from a MTA that doesn't appear on any DNSBLs and had clean headers, that might be all you get for something like that. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never does quite what I want. I wish Christopher Robin was here." -- Peter da Silva in a.s.r --- 5 days until Daylight Saving Time ends in U.S. - Fall Back
RE: local.cf example
If I disable AWL: X-Virus-Scanned: amavisd-new at fqdn.com X-Spam-Flag: NO X-Spam-Score: 5.5 X-Spam-Level: * X-Spam-Status: No, score=5.5 tagged_above=-999.9 required=5.6 tests=[RDNS_NONE=5.5] autolearn=no autolearn_force=no Received: from HOST1.fqdn.com ([127.0.0.1]) This-election is the craziest in our country's history so far but in-spite of all the press-surrounding it, there is something that NO ONE seems to have the-guts to talk about... Totally spam E-mail, should have score higher, but there was only one score? Any idea? Thanks, Motty -Original Message- From: RW [mailto:rwmailli...@googlemail.com] Sent: Saturday, October 29, 2016 5:35 AM To: users@spamassassin.apache.org Subject: Re: local.cf example On Fri, 28 Oct 2016 22:25:54 -0700 motty cruz wrote: > AWL is allowing spam email through, It will do, it's a score averager, it moves the score towards the average score for the sender. AWL is vulnerable to spoofing so you check the from address on the spam. If that's happening you should consider switching to TxRep. TxRep also excludes Bayes from the score averaging which make it less resistant to learning. > X-Spam-Status: ..., DKIM_VALID=-0.1, ... DKIM_VERIFIED=0.99, Why do you have DKIM_VERIFIED=0.99? It's just an old name for DKIM_VALID and not a spam indicator anyway.
Re: local.cf example
On Fri, 28 Oct 2016 22:25:54 -0700 motty cruz wrote: > AWL is allowing spam email through, It will do, it's a score averager, it moves the score towards the average score for the sender. AWL is vulnerable to spoofing so you check the from address on the spam. If that's happening you should consider switching to TxRep. TxRep also excludes Bayes from the score averaging which make it less resistant to learning. > X-Spam-Status: ..., DKIM_VALID=-0.1, ... DKIM_VERIFIED=0.99, Why do you have DKIM_VERIFIED=0.99? It's just an old name for DKIM_VALID and not a spam indicator anyway.
