Re: low score on very spammy email

On 10 Apr 2018, at 18:28, Motty Cruz wrote: reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, That is redundant. The Zen list includes the CBL and Spamhaus has taken over operation of the CBL so there's no lag time between them any more.

Re: low score on very spammy email

On 04/11/2018 11:14 AM, Matus UHLAR - fantomas wrote: On 04/10/2018 03:49 PM, Motty Cruz wrote: I apologize here is the email headers and body https://pastebin.com/bgXrfKaQ On 10.04.18 16:28, David Jones wrote: Content analysis details:   (16.0 points, 5.0 required) pts rule name   

Re: low score on very spammy email

Thank you all for your help, suggestions. per your suggestions MTA and SA tweaked and already seen a huge difference. Thanks again! On 04/11/2018 09:14 AM, Matus UHLAR - fantomas wrote: On 04/10/2018 03:49 PM, Motty Cruz wrote: I apologize here is the email headers and body https://pastebin.

Re: low score on very spammy email

On 04/10/2018 03:49 PM, Motty Cruz wrote: I apologize here is the email headers and body https://pastebin.com/bgXrfKaQ On 10.04.18 16:28, David Jones wrote: Content analysis details: (16.0 points, 5.0 required) pts rule name description -- ---

Re: low score on very spammy email

> Motty Cruz kirjoitti 10.4.2018 kello 23.49: > > I apologize here is the email headers and body > > https://pastebin.com/bgXrfKaQ > > Thanks, > > Oh my. X-Spam-Report: * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.] I’ll be damned :( s

Re: low score on very spammy email

On 04/10/2018 05:28 PM, Motty Cruz wrote: Thank you very much for your suggestions David. MTA is configured to use RBLs, reject_rbl_client b.barracudacentral.org worked really well for me at one point. Also, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org,  

Re: low score on very spammy email

Thank you very much for your suggestions David. MTA is configured to use RBLs, reject_rbl_client b.barracudacentral.org worked really well for me at one point. Also, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, rej

Re: low score on very spammy email

On 04/10/2018 05:04 PM, Leandro wrote: 2018-04-10 18:52 GMT-03:00 David Jones >: On 04/10/2018 04:47 PM, Leandro wrote: 2018-04-10 17:49 GMT-03:00 Motty Cruz mailto:motty.c...@gmail.com> >>:

Re: low score on very spammy email

2018-04-10 18:52 GMT-03:00 David Jones : > On 04/10/2018 04:47 PM, Leandro wrote: > >> 2018-04-10 17:49 GMT-03:00 Motty Cruz > motty.c...@gmail.com>>: >> >> I apologize here is the email headers and body >> >> https://pastebin.com/bgXrfKaQ >> >> >> >> You should not take this domain mrface

Re: low score on very spammy email

On 04/10/2018 04:47 PM, Leandro wrote: 2018-04-10 17:49 GMT-03:00 Motty Cruz >: I apologize here is the email headers and body https://pastebin.com/bgXrfKaQ You should not take this domain mrface.com seriously because it is a TLD used

Re: low score on very spammy email

2018-04-10 17:49 GMT-03:00 Motty Cruz : > I apologize here is the email headers and body > > https://pastebin.com/bgXrfKaQ You should not take this domain mrface.com seriously because it is a TLD used for free dynamic IP service (changeip.com). There is even a fake Windows Update domain in thi

Re: low score on very spammy email

Message-ID: <1747601d3d0fc$dc189190$9449b4b0$@spontaneous-search-level.com>, mail_id: G71jMeOxz-Ha, Hits: 3.501, size: 16883, 1972 ms root@vm1 On 04/10/2018 12:34 PM, David Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy

Re: low score on very spammy email

4b0$@spontaneous-search-level.com>, mail_id: G71jMeOxz-Ha, Hits: 3.501, size: 16883, 1972 ms root@vm1 On 04/10/2018 12:34 PM, David Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71

Re: low score on very spammy email

id Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71jMeOxz-Ha.gz | less Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: X-Envelope-To: X-Envelope-To-Blocked:

Re: low score on very spammy email

ontaneous-search-level.com>, mail_id: G71jMeOxz-Ha, Hits: 3.501, size: 16883, 1972 ms root@vm1 On 04/10/2018 12:34 PM, David Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71

Re: low score on very spammy email

Thanks for you help! I'm trying to figure out why this email "get very low" score. Yes, Amavisd didn't stop it. I understand that, it is not part of the question here. I fed a lot of similar emails "learn spam" and still get very low score. It too thought it wa

Re: low score on very spammy email

018 12:34 PM, David Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71jMeOxz-Ha.gz | less Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: X-Envelope-To: X-Envelope-

Re: low score on very spammy email

-ID: <1747601d3d0fc$dc189190$9449b4b0$@spontaneous-search-level.com>, mail_id: G71jMeOxz-Ha, Hits: 3.501, size: 16883, 1972 ms root@vm1 On 04/10/2018 12:34 PM, David Jones wrote: On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score.

Re: low score on very spammy email

On 04/10/2018 02:13 PM, Motty Cruz wrote: tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71jMeOxz-Ha.gz | less Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: X-Envelope-To: X-Envelope-To-Blocked: X-Quarantine-

low score on very spammy email

tons of spam fed to my spam-filter and yet very spammy emails get low score. zcat /var/virusmails/spam-G71jMeOxz-Ha.gz | less Return-Path: <> Delivered-To: spam-quarantine X-Envelope-From: X-Envelope-To: X-Envelope-To-Blocked: X-Quarantine-ID: X-Spam-Flag: YES X-Spam-Score: 3.501

Re: Very low score for spam from b2blistappenders.com

http://spamcheck.postmarkapp.com/ > > and also very low score. > > > > Strange, as it does seem to have spammy words, etc... no? > > > > See: > > > > http://pastebin.com/EJH1eddN > > The old plugin botnet still rocks on me, while mos

Re: Very low score for spam from b2blistappenders.com

On Fri, 8 Apr 2016 10:13:45 -0300 Robert Boyl wrote: > Hi, everyone > > Pls, do you get a good spam score on this? For us, no hits for > spamassassin, etc. > > I checked in test sites such as http://spamcheck.postmarkapp.com/ and > also very low score. > > Stran

Re: Very low score for spam from b2blistappenders.com

Robert Boyl kirjoitti 8.4.2016 16:13: > Hi, everyone > > Pls, do you get a good spam score on this? For us, no hits for spamassassin, > etc. > > I checked in test sites such as http://spamcheck.postmarkapp.com/ and also > very low score. > > Strange, as it does see

Re: Very low score for spam from b2blistappenders.com

On Fri, 8 Apr 2016 10:13:45 -0300 Robert Boyl wrote: > Hi, everyone > > Pls, do you get a good spam score on this? For us, no hits for > spamassassin, etc. > > I checked in test sites such as http://spamcheck.postmarkapp.com/ and > also very low score. > > Stran

Re: Very low score for spam from b2blistappenders.com

Am 08.04.2016 um 15:13 schrieb Robert Boyl: Hi, everyone Pls, do you get a good spam score on this? For us, no hits for spamassassin, etc. I checked in test sites such as http://spamcheck.postmarkapp.com/ and also very low score. Strange, as it does seem to have spammy words, etc... no

Very low score for spam from b2blistappenders.com

Hi, everyone Pls, do you get a good spam score on this? For us, no hits for spamassassin, etc. I checked in test sites such as http://spamcheck.postmarkapp.com/ and also very low score. Strange, as it does seem to have spammy words, etc... no? See: http://pastebin.com/EJH1eddN Thanks! Robert

Re: spamassassin low score

Am 09.04.2015 um 23:09 schrieb Motty Cruz: Hello, I get a spam with very low score. AWL=1.350 but that address in not in the whitelist. local.cf required_score 5.0 X-Virus-Scanned: amavisd-new at sscsinc.com X-Spam-Flag: NO X-Spam-Score: -0.559 X-Spam-Level: X-Spam-Status: No, score=-0.559

spamassassin low score

Hello, I get a spam with very low score. AWL=1.350 but that address in not in the whitelist. local.cf required_score 5.0 X-Virus-Scanned: amavisd-new at sscsinc.com X-Spam-Flag: NO X-Spam-Score: -0.559 X-Spam-Level: X-Spam-Status: No, score=-0.559 tagged_above=-999 required=5.3 tests

Re: Low Score for @localhost domain

On Fri, 25 Jul 2014 13:39:46 -0300 Andre Luiz Paiz wrote: From: val...@iqm.unicamp.br There is no whitelist setting for @localhost, unless this is a default setting. On 26.07.14 01:54, RW wrote: But it's not from an address @localhost, it's from val...@iqm.unicamp.br you said it was loc

Re: Low Score for @localhost domain

On Fri, 25 Jul 2014 13:39:46 -0300 Andre Luiz Paiz wrote: > > From: val...@iqm.unicamp.br >There is no whitelist setting for @localhost, unless this is a default >setting. But it's not from an address @localhost, it's from val...@iqm.unicamp.br

Re: Low Score for @localhost domain

On Fri, 2014-07-25 at 13:39 -0300, Andre Luiz Paiz wrote: > Quoting Adi : > > W dniu 2014-07-25 14:07, Andre Luiz Paiz pisze: > > > I received a SPAM that Spamassassing gave a high negative score > > > (-86.0) to a e-mail message. I believe that is because the spammer > > > > Maybe you get -100 f

Re: Low Score for @localhost domain

On 25.07.14 09:07, Andre Luiz Paiz wrote: I received a SPAM that Spamassassing gave a high negative score (-86.0) to a e-mail message. I believe that is because the spammer altered the "From:" header field to: querercrer@localhost why did you whitelist localhost? This is exactly what happens w

Re: Low Score for @localhost domain

Quoting "Kevin A. McGrail" : On 7/25/2014 8:07 AM, Andre Luiz Paiz wrote: I tried to use the following rule (from Spamassassing guide), but it did not worked: header LOCAL_HEADER from =~ /@localhost/ [if-unset: @localhost] score LOCAL_HEADER -3.0 - Sample of the email on pastebin.com - Wha

Re: Low Score for @localhost domain

Quoting Adi : W dniu 2014-07-25 14:07, Andre Luiz Paiz pisze: Hi everybody, I received a SPAM that Spamassassing gave a high negative score (-86.0) to a e-mail message. I believe that is because the spammer Maybe you get -100 for whitelist ? Please check (or pastebin) mail headers (X-Spam*

Re: Low Score for @localhost domain

W dniu 2014-07-25 14:07, Andre Luiz Paiz pisze: > Hi everybody, > > I received a SPAM that Spamassassing gave a high negative score > (-86.0) to a e-mail message. I believe that is because the spammer Maybe you get -100 for whitelist ? Please check (or pastebin) mail headers (X-Spam*) or look in

Re: Low Score for @localhost domain

On 7/25/2014 8:07 AM, Andre Luiz Paiz wrote: I tried to use the following rule (from Spamassassing guide), but it did not worked: header LOCAL_HEADER from =~ /@localhost/ [if-unset: @localhost] score LOCAL_HEADER -3.0 - Sample of the email on pastebin.com - What rules hit already? Seriously,

Low Score for @localhost domain

Hi everybody, I received a SPAM that Spamassassing gave a high negative score (-86.0) to a e-mail message. I believe that is because the spammer altered the "From:" header field to: querercrer@localhost. The source domain is: web3.host-services.com and the message is a SPAM. Even messages sent fr

Re: SPF failure very low score

Quanah Gibson-Mount skrev den 2013-08-15 21:43: well, so far, all 200 or so of these I've seen all use the same Return-Path. The From: varies, but Return-Path doesn't. then dont test other facebook domains, there is alot of other facebook real domains that is owned by same payers, make rules

Re: SPF failure very low score

John Hardin skrev den 2013-08-15 21:36: header __FROM_FACEBOOK Return-Path:addr =~ /\@facebook(?:mail)?\.com$/ https://dmarcian.com/dmarc-inspector/facebookmail.com https://dmarcian.com/spf-survey/facebookapp.com

Re: SPF failure very low score

--On Thursday, August 15, 2013 12:36 PM -0700 John Hardin wrote: On Thu, 15 Aug 2013, Quanah Gibson-Mount wrote: header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook\.com/ Any reason you're limiting it to just the no-reply address? You might also want to broaden the domain a bit.

Re: SPF failure very low score

On Thu, 15 Aug 2013, Quanah Gibson-Mount wrote: header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook\.com/ Any reason you're limiting it to just the no-reply address? You might also want to broaden the domain a bit. How about: header __FROM_FACEBOOK Return-Path:addr =~ /\@face

Re: SPF failure very low score

--On Thursday, August 15, 2013 3:06 PM -0400 Bowie Bailey wrote: On 8/15/2013 2:53 PM, Quanah Gibson-Mount wrote: Yeah, I'm not complaining about people discussing facebook, but pretending to be facebook. Example: Return-Path: no-re...@facebook.com Received: from edge02-zcs.vmware.com (LHLO

Re: SPF failure very low score

On 8/15/2013 2:53 PM, Quanah Gibson-Mount wrote: Yeah, I'm not complaining about people discussing facebook, but pretending to be facebook. Example: Return-Path: no-re...@facebook.com Received: from edge02-zcs.vmware.com (LHLO edge02-zcs.vmware.com) (10.113.208.52) by mbs01-zcs.vmware.com wit

Re: SPF failure very low score

Quanah Gibson-Mount skrev den 2013-08-15 20:53: header __FROM_FACEBOOK Return-Path:addr =~ /no-reply\@facebook.com/ meta __FORGED_SENDER (!SPF_PASS && !DKIM_VALID_AU) meta FORGED_FACEBOOK_FROM (__FROM_FACEBOOK && __FORGED_SENDER) score FORGED_FACEBOOK 1.5 Does that look correct? yes, add and

Re: SPF failure very low score

--On Monday, August 12, 2013 2:02 PM -0700 John Hardin wrote: On Mon, 12 Aug 2013, Bowie Bailey wrote: On 8/12/2013 2:48 PM, John Hardin wrote: On Mon, 12 Aug 2013, Quanah Gibson-Mount wrote: > --On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote: > > > > >body __BODY_FAC

Re: SPF failure very low score

On Mon, 12 Aug 2013, Bowie Bailey wrote: On 8/12/2013 2:48 PM, John Hardin wrote: On Mon, 12 Aug 2013, Quanah Gibson-Mount wrote: > --On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote: > > > > >body __BODY_FACEBOOK /Facebook/ > >meta __FORGED_SENDER (!SPF_PASS && !DKI

Re: SPF failure very low score

On 8/12/2013 2:48 PM, John Hardin wrote: On Mon, 12 Aug 2013, Quanah Gibson-Mount wrote: --On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote: body __BODY_FACEBOOK /Facebook/ meta __FORGED_SENDER (!SPF_PASS && !DKIM_VALID_AU) meta FORGED_FACEBOOK_BODY (__BODY_FACEBOOK &&

Re: SPF failure very low score

On Mon, 12 Aug 2013, Quanah Gibson-Mount wrote: --On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-08 23:22: > I would love to see your rules here so I can see how you did it. I > don't see if/and in the SA docs on rules. body __BODY_

Re: SPF failure very low score

--On Friday, August 09, 2013 12:42 AM +0200 Benny Pedersen wrote: Quanah Gibson-Mount skrev den 2013-08-08 23:22: I would love to see your rules here so I can see how you did it. I don't see if/and in the SA docs on rules. body __BODY_FACEBOOK /Facebook/ meta __FORGED_SENDER (!SPF_PASS && !

Re: SPF failure very low score

On 8/8/2013 4:49 PM, John Hardin wrote: On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote: SPF is _by itself_ not useful as a spam sign. If you're seeing a lot of facebook spam that fails SPF because it's being forged, then a rule that checks SPF_FAIL *IF* the mail claims to be from Facebook, and a

Re: SPF failure very low score (DKIM whitelisting and ADSP rules)

On Friday 09 August 2013 00:26:09 Quanah Gibson-Mount wrote: > Ok, so I imagine I want to do something like: > > header DKIM_ADSP_DISCARD eval:check_dkim_adsp('D') > > but only for facebook.com... I don't see exactly how I tie those two > together? == To add POSITIVE spam score

Re: SPF failure very low score

David F. Skoll skrev den 2013-08-08 23:33: meta MY_SPF_FAIL SPF_FAIL && __MY_SENSITIVE_DOMAIN score MY_SPF_FAIL 5.0 describe MY_SPF_FAIL SPF failure on a sensitive domain This is all completely untested, you understand. ;) make meta on !SPF_PASS is same as all versions of SPF_FAIL

Re: SPF failure very low score

Quanah Gibson-Mount skrev den 2013-08-08 23:22: I would love to see your rules here so I can see how you did it. I don't see if/and in the SA docs on rules. body __BODY_FACEBOOK /Facebook/ meta __FORGED_SENDER (!SPF_PASS && !DKIM_VALID_AU) meta FORGED_FACEBOOK_BODY (__BODY_FACEBOOK && __FORGE

Re: SPF failure very low score

David F. Skoll skrev den 2013-08-08 23:14: +1 to John's comments about domain-specific SPF scores. For certain domains, an SPF fail is a strong indicator of spam or phishing. These are the domains I score strongly for SPF fail: yes spf pass does not default get -100 : maybe change it f

Re: SPF failure very low score

RW skrev den 2013-08-09 00:01: dkim is generally the better way to go since legitimate emails can fail SPF due to forwarding. and dkim never fails on forwards ?, well it does if forwards mangle bódy and removes or changes headers in a way that dkim breaks, i have seen it since i begin using

Re: SPF failure very low score

--On August 8, 2013 11:01:43 PM +0100 RW wrote: Facebook dkim signs all their emails with the domain facebookmail.com, so you may have better luck using the ADSP rules... dkim is generally the better way to go since legitimate emails can fail SPF due to forwarding. Ok, so I imagine I want

Re: SPF failure very low score

John Hardin skrev den 2013-08-08 22:49: SPF is _by itself_ not useful as a spam sign. -1 If you're seeing a lot of facebook spam that fails SPF because it's being forged, then a rule that checks SPF_FAIL *IF* the mail claims to be from Facebook, and adds a point or two, would be more reaso

Re: SPF failure very low score

Quanah Gibson-Mount skrev den 2013-08-08 22:34: How is .001 in any way considered a "large" penalty? meta SPF_FAIL (3) (3) (3) (3) in local.cf fixes it or use pypolicyd-spf on mta stage

Re: SPF failure very low score

--On August 8, 2013 5:33:26 PM -0400 "David F. Skoll" wrote: On Thu, 08 Aug 2013 14:22:53 -0700 Quanah Gibson-Mount wrote: I would love to see your rules here so I can see how you did it. I don't see if/and in the SA docs on rules. Emm... actually, I did it outside of the SA infrastru

Re: SPF failure very low score

On Thu, 8 Aug 2013 21:31:59 + Franck Martin wrote: > > On Aug 8, 2013, at 10:49 PM, John Hardin wrote: > > > On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote: > >> How is .001 in any way considered a "large" penalty? Comments can be useful when they agree with reality, but all too often they

Re: SPF failure very low score

--On August 8, 2013 5:38:52 PM -0400 dar...@chaosreigns.com wrote: The explanation for the quote is, quite simply, that it is out of date, and you should fix it. I don't have commit access to SA's SVN. ;) I suppose I can file a bug. ;) --Quanah -- Quanah Gibson-Mount Principal Software Eng

Re: SPF failure very low score

On 08/08, Quanah Gibson-Mount wrote: > For SA 3.4.0, it says in 50_scores.cf: > > # SPF > # Note that the benefit for a valid SPF record is deliberately minimal; it's > # likely that more spammers would quickly move to setting valid SPF records > # otherwise. The penalties for an *incorrect* reco

Re: SPF failure very low score

On Thu, 08 Aug 2013 14:22:53 -0700 Quanah Gibson-Mount wrote: > I would love to see your rules here so I can see how you did it. I > don't see if/and in the SA docs on rules. Emm... actually, I did it outside of the SA infrastructure. I imagine you could do something like: header__MY_SENS

Re: SPF failure very low score

On Aug 8, 2013, at 10:49 PM, John Hardin wrote: > On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote: > >> For SA 3.4.0, it says in 50_scores.cf: >> >> # SPF >> # Note that the benefit for a valid SPF record is deliberately minimal; it's >> # likely that more spammers would quickly move to setti

Re: SPF failure very low score

--On August 8, 2013 5:14:12 PM -0400 "David F. Skoll" wrote: On Thu, 8 Aug 2013 13:49:18 -0700 (PDT) John Hardin wrote: SPF is _by itself_ not useful as a spam sign. Indeed. In my experience, most SPF "softfail" results and a fairly large fraction of SPF "fail" results are from miscon

Re: SPF failure very low score

On Thu, 8 Aug 2013 13:49:18 -0700 (PDT) John Hardin wrote: > SPF is _by itself_ not useful as a spam sign. Indeed. In my experience, most SPF "softfail" results and a fairly large fraction of SPF "fail" results are from misconfigured domains whose administrators don't bother making correct SPF

Re: SPF failure very low score

--On August 8, 2013 1:49:18 PM -0700 John Hardin wrote: How is .001 in any way considered a "large" penalty? SPF is _by itself_ not useful as a spam sign. If you're seeing a lot of facebook spam that fails SPF because it's being forged, then a rule that checks SPF_FAIL *IF* the mail claim

Re: SPF failure very low score

On Thu, 8 Aug 2013, Quanah Gibson-Mount wrote: For SA 3.4.0, it says in 50_scores.cf: # SPF # Note that the benefit for a valid SPF record is deliberately minimal; it's # likely that more spammers would quickly move to setting valid SPF records # otherwise. The penalties for an *incorrect*

SPF failure very low score

For SA 3.4.0, it says in 50_scores.cf: # SPF # Note that the benefit for a valid SPF record is deliberately minimal; it's # likely that more spammers would quickly move to setting valid SPF records # otherwise. The penalties for an *incorrect* record, however, are large. ;) However, ".001" do

Re: Low score on mail with typical spam content

On Tue, 26 Jul 2011 01:49:50 -0700 (PDT) Daniel Lemke wrote: > Ummh, thanks for the hint, copied the wrong sample :) (removed some > header information by myself to test something…) > This is the right one: http://pastebin.com/Cmu15YY2 BTW your local rule JAM_REPLACED_I_BD doesn't seem to be w

Re: Low score on mail with typical spam content

On Tue, 2011-07-26 at 01:49 -0700, Daniel Lemke wrote: > Ummh, thanks for the hint, copied the wrong sample :) (removed some header > information by myself to test something…) > This is the right one: http://pastebin.com/Cmu15YY2 > Exactly the same remarks (and identical score!) apply to this one

Re: Low score on mail with typical spam content

On Tue, 2011-07-26 at 00:21 -0700, Daniel Lemke wrote: > Hi there, > > A few days ago a mail passed our SpamAssassin and I was a bit surprised when > I looked at the mail content. > It does contain typical spam words like ‘drug’ etc. > Actually, it contains very little that might not appear in an

Re: Low score on mail with typical spam content

On Tue, 26 Jul 2011 00:21:16 -0700 (PDT) Daniel Lemke wrote: > > Hi there, > > A few days ago a mail passed our SpamAssassin and I was a bit > surprised when I looked at the mail content. > It does contain typical spam words like ‘drug’ etc. > Mail content can be found on pastebin: http://pasteb

Re: Low score on mail with typical spam content

pied the wrong sample :) (removed some header information by myself to test something…) This is the right one: http://pastebin.com/Cmu15YY2 Thanks! Daniel -- View this message in context: http://old.nabble.com/Low-score-on-mail-with-typical-spam-content-tp32137871p32138336.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Low score on mail with typical spam content

On 2011-07-26 9:21, Daniel Lemke wrote: Hi there, A few days ago a mail passed our SpamAssassin and I was a bit surprised when I looked at the mail content. It does contain typical spam words like ‘drug’ etc. Mail content can be found on pastebin: http://pastebin.com/k8xptZbd If blacklist and B

Low score on mail with typical spam content

calculation, score is even zero. Why are there no regexes triggering this typical spam words? Best regards, Daniel -- View this message in context: http://old.nabble.com/Low-score-on-mail-with-typical-spam-content-tp32137871p32137871.html Sent from the SpamAssassin - Users mailing list archive

Re: low score for ($1.5Million)

On 03/04/2011 04:11 PM, jdow wrote: > We, it IS a small number by Nigerian scam standards. So why not > a small score? > > - She ran that way FAST{O,o} Likewise, I also enjoy weekends: http://i.imgur.com/cxX6t.jpg (mildly NSFW, though it's on my cube)

Re: low score for ($1.5Million)

We, it IS a small number by Nigerian scam standards. So why not a small score? ->>>> She ran that way FAST {O,o} On 2011/03/03 16:40, Dennis German wrote: Can someone comment on the low score assigned to the email located at http:/

Re: low score for ($1.5Million)

On Fri, 2011-03-04 at 11:19 -0500, Dennis German wrote: > "while the OP uses" OP means ? Original Poster, he who started the thread. Depending on context, it also can mean Original Post. > Please direct me to info on FreeMail plugin. > Is it expected that I will be able to implement it given I

Re: low score for ($1.5Million)

"while the OP uses" OP means ? Original Poster.

Re: low score for ($1.5Million)

On 3/3/11 8:06 PM, Karsten Bräckelmann wrote: On Fri, 2011-03-04 at 01:53 +0100, Mikael Syska wrote: I get the following hits: Content analysis details: (19.1 points, 5.0 required) Note though, that your score is on SA 3.3.x, while the OP uses SA 3.2.x. Yes, I can tell this from the scores. :)

Supporting 3.3 and 3.2? (was: Re: low score for ($1.5Million))

On Thu, 2011-03-03 at 15:52 -1000, Warren Togami Jr. wrote: > On 3/3/2011 3:06 PM, Karsten Bräckelmann wrote: > > Note though, that your score is on SA 3.3.x, while the OP uses SA 3.2.x. > > Yes, I can tell this from the scores. :) > > > > Major changes between these version are clearly reflected

Re: low score for ($1.5Million)

On 3/3/2011 3:06 PM, Karsten Bräckelmann wrote: On Fri, 2011-03-04 at 01:53 +0100, Mikael Syska wrote: I get the following hits: Content analysis details: (19.1 points, 5.0 required) Note though, that your score is on SA 3.3.x, while the OP uses SA 3.2.x. Yes, I can tell this from the scores

Re: low score for ($1.5Million)

On Fri, 2011-03-04 at 01:53 +0100, Mikael Syska wrote: > I get the following hits: > Content analysis details: (19.1 points, 5.0 required) Note though, that your score is on SA 3.3.x, while the OP uses SA 3.2.x. Yes, I can tell this from the scores. :) Major changes between these version are cl

Re: low score for ($1.5Million)

On Thu, 2011-03-03 at 19:40 -0500, Dennis German wrote: > Can someone comment on the low score assigned to the email located at > > http://www.cccu.us/hundredThousand.txt > > X-Spam-testscores: AWL=1.086,BAYES_00=-2.599,HTML_MESSAGE=0.001, > MILLION_USD=1.528 > > Is

Re: low score for ($1.5Million)

On 03/03/2011 04:40 PM, Dennis German wrote: > Can someone comment on the low score assigned to the email located at > > http://www.cccu.us/hundredThousand.txt > > X-Spam-testscores: AWL=1.086,BAYES_00=-2.599,HTML_MESSAGE=0.001, > MILLION_USD=1.528 > > Is my bayes &q

Re: low score for ($1.5Million)

ts of money 0.8 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form 0.0 MONEY_FORM Lots of money if you fill out a form 0.3 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s) On Fri, Mar 4, 2011 at 1:40 AM, Dennis German wrote: > Can someone comment on the low score assigne

low score for ($1.5Million)

Can someone comment on the low score assigned to the email located at http://www.cccu.us/hundredThousand.txt X-Spam-testscores: AWL=1.086,BAYES_00=-2.599,HTML_MESSAGE=0.001, MILLION_USD=1.528 Is my bayes "broken"?

Re: Low Score - {Brazillian Host} Lottery Spam

On tir 27 okt 2009 18:27:24 CET, John Hardin wrote Contact me offlist if you want to install the sandbox rules for them, I'll give you instructions. undisclosed recipient with a freemail body hit if i won why would i not be in the to: :) -- xpoint

Re: Low Score - {Brazillian Host} Lottery Spam

On Tue, 27 Oct 2009, Adam Katz wrote: rich...@buzzhost.co.uk wrote: You Won £750,000.00 GBP {surprised this did not bite} Interesting. I'm also surprised that doesn't hit one of the many large-sum money checks. The existing ones are weak w/r/t non-USD currencies. That's one reason I star

Re: Low Score - {Brazillian Host} Lottery Spam

On Tue, 27 Oct 2009, rich...@buzzhost.co.uk wrote: Anyone else seeing these today? Or seen them recently? http://pastebin.com/m4e25954f I get lots like them. I'm working on updating the Advance Fee rules, but they won't be released until 3.3.1 In my testbed with sandbox rules, that got:

Re: Low Score - {Brazillian Host} Lottery Spam

rich...@buzzhost.co.uk wrote: > Anyone else seeing these today? Or seen them recently? > > http://pastebin.com/m4e25954f > > score=0.1 > > Subject was real neat: > Subject: =?ISO-8859-1?B?WW91IFdvbiCjMQ==?=,750,000.00 GBP > > You Won £750,000.00 GBP {surprised this did not bite} > > > End of

Low Score - {Brazillian Host} Lottery Spam

Anyone else seeing these today? Or seen them recently? http://pastebin.com/m4e25954f score=0.1 Subject was real neat: Subject: =?ISO-8859-1?B?WW91IFdvbiCjMQ==?=,750,000.00 GBP You Won £750,000.00 GBP {surprised this did not bite} End of the message is missing on the five of them that I've ha

Sought Fraud Rule-Set (was: Low score? Recommendations?)

On Mon, 2009-10-05 at 13:30 -0500, McDonald, Dan wrote: > On Mon, 2009-10-05 at 20:17 +0200, Karsten Bräckelmann wrote: > > Just a minor nit, in case it isn't just different terminology. Installed > > sounds like a one-time operation -- the Sought rule-set needs to be > > updated using sa-update f

Re: Low score? Recommendations?

On man 05 okt 2009 20:30:09 CEST, "McDonald, Dan" wrote How often should I be running sa-update to pick up SOUGHT. I currently run it automatically once a day, and ad-hoc whenever I tweak any other rules. Should I run 4 times/day? 6? Inquiring minds want to know. first one would need to kno

Re: Low score? Recommendations?

On Mon, 2009-10-05 at 20:17 +0200, Karsten Bräckelmann wrote: > On Mon, 2009-10-05 at 11:01 -0700, Jefferson Davis wrote: > > Thanks for the tips and low-grade knuck-wrap. Investigating - > > installed 20_sought, tweaked local.cf back to 5.0 per list > > recommendation. > Just a minor nit, in c

Re: Low score? Recommendations?

On Mon, 5 Oct 2009, Jefferson Davis wrote: installed 20_sought There are actually two sought rulesets, one generated from a general spamtrap and one generated from hand-classified fraud corpora. You likely want both. If you set up sought in sa-update (which is what you should do as they ar

Re: Low score? Recommendations?

On Mon, 2009-10-05 at 11:01 -0700, Jefferson Davis wrote: > Thanks for the tips and low-grade knuck-wrap. Investigating - > installed 20_sought, tweaked local.cf back to 5.0 per list > recommendation. > > Appears that perhaps bayes_db is jacked up. re-training. All good. :) Just a minor nit,

Re: Low score? Recommendations?

- Message from jda...@standard.k12.ca.us - Date: Mon, 05 Oct 2009 09:32:39 -0700 From: Jefferson Davis Subject: Low score? Recommendations? To: users > Keep getting similar obvious (to me) spam - tuning recommendations? My > threshold is torqued down

Re: +++Spam+++: Low score? Recommendations?

On Mon, 2009-10-05 at 09:32 -0700, Jefferson Davis wrote: > Keep getting similar obvious (to me) spam - tuning recommendations? > My threshold is torqued down to 3.5 AV:Sanesecurity.Junk.14595.UNOFFICIAL=6.1, AE_DETAILS_WITH_EMAIL=2.5, AE_DETAILS_WITH_MONEY=2, BOTNET_SOHO=-0.1, HTML_MESSAGE=0.00

  1   2   >