I've been getting a lot of spam lately ever since I moved my mail server to a new system. Here's one of the false negatives that slipped through, for example:
X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,BAYES_50, NO_REAL_NAME,RCVD_BY_IP,YOUR_INCOME autolearn=ham version=3.0.3 X-Spam-Summary: 0.0 NO_REAL_NAME From: does not include a real name 0.1 RCVD_BY_IP Received by mail server with no name -3.3 ALL_TRUSTED Did not pass through any untrusted hosts 1.1 YOUR_INCOME BODY: Doing something with my income 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] Why does ALL_TRUSTED have a score of -3.3? Doesn't this mean that any spammer who connects directly to my mail server has a good chance of getting past SpamAssassin? I did not define any trusted/internal networks when I installed SpamAssassin. SpamAssassin version 3.0.3 running on Perl version 5.8.4 Linux naga.aaanime.net 2.6.8-11-amd64-k8 #1 Sun Oct 2 21:26:54 UTC 2005 x86_64 GNU/Linux Running Debian Sarge