Below are the results from a Spamassassin -D test of a message that was
previously delivered this morning. How does something like this pass
through- when I run the checks on the email after it is delivered the
system clearly knows its spam.
Thanks
Craig
X-Spam-Status: Yes, score=20.3 required=4.0 tests=BAYES_99,BOTNET,
BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,
HTML_IMAGE_ONLY_12,HTML_MESSAGE,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,
RCVD_IN_XBL,SHORT_HELO_AND_INLINE_IMAGE autolearn=spam version=3.1.7
X-Spam-Report:
* 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings
* 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
* 1.9 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of
words
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [80.171.36.179 listed in dnsbl.sorbs.net]
* 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [80.171.36.179 listed in sbl-xbl.spamhaus.org]
* 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
* [80.171.36.179 listed in combined.njabl.org]
* 1.0 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline
image
* 0.0 BOTNET_CLIENT Hostname looks like a client hostname
* 5.0 BOTNET Any Botnet rule hit