> -----Original Message-----
> From: Theo Van Dinter [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 12, 2007 12:56 PM
> To: users@spamassassin.apache.org
> Subject: Re: __ rules can't call multiple __ rules?
> FWIW, having a meta which is simply the result of another
> rule (TEST2) is wasteful and inefficient.
It is if you are trying to 'test' a rule and find out why it doesn't
work.
Ps, SA 3.2.1 on Freebsd 5.4, perl 5.8, nightly running sa-update.
> Just change
> __L_FROM_YAHOO to be a rule.
Then nothing works ;-)
The only way I could make it work was change __L_FROM_YAHOO TO
ST__L_FROM_YAHOO
This: (didn't work)
meta __L_FROM_YAHOO __L_FROM_Y5 || __L_FROM_Y1 || __L_FROM_Y2 ||
__L_FROM_Y3 || __L_FROM_Y4
header __L_FROM_GMAIL From:addr =~ [EMAIL PROTECTED]
meta L_UNVERIFIED_YAHOO !DKIM_VERIFIED && __L_FROM_YAHOO &&
!__L_VIA_ML
Summary: X-Spam-Status: Yes, score=12.2 required=5.0
tests=AWL,BAYES_99,DCC_CHECK,
DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,L_UNVERIFIED_YAH
OO,
MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS
autolearn=no version=3.2.1
To this: (worked)
summary:
meta ST__L_FROM_YAHOO __L_FROM_Y5 || __L_FROM_Y1 || __L_FROM_Y2 ||
__L_FROM_Y3 || __L_FROM_Y4
score ST__L_FROM_YAHOO 0.001
header __L_FROM_GMAIL From:addr =~ [EMAIL PROTECTED]
meta L_UNVERIFIED_YAHOO !DKIM_VERIFIED && ST__L_FROM_YAHOO &&
!__L_VIA_ML
X-Spam-Status: Yes, score=11.0 required=5.0
tests=AWL,BAYES_99,DCC_CHECK,
DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,MILLION_USD,
SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS autolearn=no
version=3.2.1
Running -D output with original rule:
[93104] dbg: bayes: corpus size: nspam = 110423, nham = 73781
[93104] dbg: bayes: tok_get_all: token count: 377
[93104] dbg: bayes: score = 1
[93104] dbg: rules: ran eval rule BAYES_99 ======> got hit (1)
[93104] dbg: rules: running rawbody tests; score so far=3.5
[93104] dbg: rules: compiled rawbody tests
[93104] dbg: rules: running full tests; score so far=3.5
[93104] dbg: rules: compiled full tests
[93104] dbg: rules: running meta tests; score so far=3.5
[93104] dbg: rules: compiled meta tests
[93104] dbg: check: running tests for priority: 0
[93104] dbg: rules: running head tests; score so far=3.5
[93104] dbg: rules: compiled head tests
[93104] dbg: rules: ran header rule __L_FROM_Y5 ======> got hit:
"@yahoo.it"
[93104] dbg: rules: ran header rule __CT_TEXT_PLAIN ======> got hit:
"text/plain"
[93104] dbg: rules: ran header rule __CT ======> got hit: "t"
[93104] dbg: rules: ran header rule __MISSING_REF ======> got hit:
"UNSET"
[93104] dbg: message: Return-Path header found after 1 or more Received
lines, cannot trust envelope-from
[93104] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[93104] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
[93104] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got
hit: "
[93104] dbg: rules: Message-Id: "
[93104] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got
hit: "M"
[93104] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "O"
[93104] dbg: rules: ran header rule __DOS_RCVD_WED ======> got hit: "
Wed, "
[93104] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[93104] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@mail.bellsouth.net>"
[93104] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"2007071114"
[93104] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[93104] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<[EMAIL PROTECTED]>
[93104] dbg: rules: "
[93104] dbg: rules: ran header rule __CTE ======> got hit: "7"
[93104] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "["
[93104] dbg: spf: checking to see if the message has a Received-SPF
header that we can use
[93104] dbg: spf: using Mail::SPF for SPF checks
[93104] dbg: spf: checking HELO (helo=fl.us.spammertrap.net,
ip=204.89.241.173)
[93104] dbg: asn: asn.routeviews.org.: lookup result packet:
'173.241.89.204.asn.routeviews.org. 600 IN TXT "1239" "204.89.241.0"
"24"'
[93104] dbg: spf: query for /204.89.241.173/fl.us.spammertrap.net:
result: pass, comment: , text: Mechanism 'a' matched
[93104] dbg: rules: ran eval rule SPF_HELO_PASS ======> got hit (1)
[93104] dbg: dk: from: [EMAIL PROTECTED]
[93104] dbg: dk: signing domain name: not found
[93104] dbg: dk: fetched policy for domain bellsouth.net: o=~
[93104] dbg: dk: no signature
[93104] dbg: dk: comment is 'no signature'
[93104] dbg: dk: no signature
[93104] dbg: dk: whitelist_from_dk: could not find signing domain name
[93104] dbg: dkim: performing public key lookup and signature
verification
[93104] dbg: dkim: originator address: [EMAIL PROTECTED]
[93104] dbg: dkim: signature verification result: none
[93104] dbg: dkim: whitelist_from_dkim: could not find identity
[93104] dbg: rules: ran eval rule DK_POLICY_SIGNSOME ======> got hit (1)
[93104] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[93104] dbg: spf: cannot get Envelope-From, cannot use SPF
[93104] dbg: rules: ran eval rule SUBJ_ALL_CAPS ======> got hit (1)
[93104] dbg: dkim: def_whitelist_from_dkim: could not find identity
[93104] dbg: dkim: policy: performing lookup
[93104] dbg: dkim: policy result neutral: o=~
[93104] dbg: rules: ran eval rule DKIM_POLICY_SIGNSOME ======> got hit
(1)
[93104] dbg: spf: def_spf_whitelist_from: already checked spf and didn't
get pass, skipping whitelist check
[93104] dbg: dk: def_whitelist_from_dk: could not find signing domain
name
[93104] dbg: spf: whitelist_from_spf: already checked spf and didn't get
pass, skipping whitelist check
[93104] dbg: rules: running body tests; score so far=5.576
[93104] dbg: rules: compiled body tests
[93104] dbg: rules: ran body rule __SARE_LOTTO_CONGRAT ======> got hit:
"congratulation"
[93104] dbg: rules: ran body rule J_CHICKENPOX_41 ======> got hit: "
year?s "
[93104] dbg: rules: ran body rule __BIGDOLLARSFVGT ======> got hit:
"$500,000"
[93104] dbg: rules: ran body rule __KAM_LOTTO3 ======> got hit: "claim"
[93104] dbg: rules: ran body rule __SARE_FRAUD_FUNWORDS ======> got hit:
"Please endeavor"
[93104] dbg: rules: ran body rule __YAHOO3 ======> got hit: "@yahoo.it"
[93104] dbg: rules: ran body rule MILLION_USD ======> got hit: "Million
United States Dollars"
[93104] dbg: rules: ran body rule __FRAUD_LTX ======> got hit: "Million
United States Dollars"
[93104] dbg: rules: ran body rule __SARE_LOTTO_CATEGORY ======> got hit:
"categories"
[93104] dbg: rules: ran body rule __SARE_SPEC_PROLEO5 ======> got hit:
"http://www.";
[93104] dbg: rules: ran body rule __SARE_FRAUD_FAMILY ======> got hit:
"NEXT OF KIN"
[93104] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit:
"[EMAIL PROTECTED]"
[93104] dbg: rules: ran body rule __FB_NUM_PERCNT ======> got hit: "5%"
[93104] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "["
[93104] dbg: rules: ran body rule __WORD_SEX ======> got hit: "SEX"
[93104] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "Dollars"
[93104] dbg: rules: ran body rule SARE_MILLIONSOF ======> got hit:
"millions of"
[93104] dbg: rules: running uri tests; score so far=8.019
[93104] dbg: rules: compiled uri tests
[93104] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "m"
[93104] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit:
"http://www.fondazionedivittorio.it";
[93104] dbg: https_http_mismatch: anchors 0
[93104] dbg: eval: stock info hit: company
[93104] dbg: eval: stock info total: 1
[93104] dbg: rules: ran eval rule __MY_SERVERS_FOUND ======> got hit (1)
[93104] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit
(1)
[93104] dbg: rules: running rawbody tests; score so far=8.019
[93104] dbg: rules: compiled rawbody tests
[93104] dbg: rules: running full tests; score so far=8.019
[93104] dbg: rules: compiled full tests
[93104] dbg: info: entering helper-app run mode
[93104] dbg: info: leaving helper-app run mode
[93104] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[93104] dbg: razor2: part=0 engine=8 contested=0 confidence=0
[93104] dbg: razor2: results: spam? 0
[93104] dbg: razor2: results: engine 8, highest cf score: 0
[93104] dbg: razor2: results: engine 4, highest cf score: 0
[93104] dbg: dcc: dccifd is available: /usr/local/dcc/dccifd
[93104] dbg: info: entering helper-app run mode
[93104] dbg: dcc: dccifd got response: X-DCC--Metrics:
fl.us.spammertrap.net 1113; Body=many Fuz1=many Fuz2=many
[93104] dbg: info: leaving helper-app run mode
[93104] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999
FUZ2=999999/999999
[93104] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1)
[93104] dbg: rules: running meta tests; score so far=10.189
[93104] dbg: rules: compiled meta tests
[93104] dbg: check: running tests for priority: 500
[93104] dbg: async: select found 1 socks ready
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (multi.surbl.org.:fondazionedivittorio.it)
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (bl.open-whois.org.:fondazionedivittorio.it)
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (multi.uribl.com.:fondazionedivittorio.it)
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (dob.sibl.support-intelligence.net:fondazionedivittorio.it)
[93104] dbg: async: queries completed: 31 started: 3
[93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:36 2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: async: queries completed: 1 started: 1
[93104] dbg: async: queries active: TXT=1 URI-A=2 at Thu Jul 12 18:31:36
2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: async: queries completed: 1 started: 1
[93104] dbg: async: queries active: TXT=1 URI-A=1 URI-DNSBL=1 at Thu Jul
12 18:31:36 2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: async: queries completed: 1 started: 1
[93104] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12
18:31:36 2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (sbl.spamhaus.org.:4.5.204.193)
[93104] dbg: async: queries completed: 1 started: 0
[93104] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12
18:31:36 2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (sbl.spamhaus.org.:200.226.242.194)
[93104] dbg: async: queries completed: 1 started: 0
[93104] dbg: async: queries active: TXT=1 URI-DNSBL=1 at Thu Jul 12
18:31:36 2007
[93104] dbg: async: select found 1 socks ready
[93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds
to look up (sbl.spamhaus.org.:8.245.205.193)
[93104] dbg: async: queries completed: 1 started: 0
[93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:36 2007
[93104] dbg: async: select found no socks ready
[93104] dbg: async: queries completed: 0 started: 0
[93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:37 2007
[93104] dbg: dns: success for 31 of 32 queries
[93104] dbg: dns: timeout for after 1 seconds
[93104] dbg: async: aborting remaining lookups
[93104] dbg: rules: running head tests; score so far=10.189
[93104] dbg: rules: compiled head tests
[93104] dbg: rules: running body tests; score so far=10.189
[93104] dbg: rules: compiled body tests
[93104] dbg: rules: running uri tests; score so far=10.189
[93104] dbg: rules: compiled uri tests
[93104] dbg: rules: running rawbody tests; score so far=10.189
[93104] dbg: rules: compiled rawbody tests
[93104] dbg: rules: running full tests; score so far=10.189
[93104] dbg: rules: compiled full tests
[93104] dbg: rules: running meta tests; score so far=10.189
[93104] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency
'PYZOR_CHECK'
[93104] info: rules: meta test FM_DDDD_TIMES_2 has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[93104] info: rules: meta test FM_SEX_HOSTDDDD has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[93104] dbg: rules: meta test BR_ADJUST_1C has undefined dependency
'BR_MAILTO'
[93104] info: rules: meta test MULTI_FORGED has dependency
'FORGED_YAHOO_RCVD' with a zero score
[93104] dbg: rules: meta test BODY_YAHOO has undefined dependency
'YAHOO3'
[93104] dbg: rules: meta test BR_ADJUST_3B has undefined dependency
'BR_LINK_UNSAFE'
[93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_XMAIL_SUSP2'
[93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_HEAD_XAUTH_WARN'
[93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'X_AUTH_WARN_FAKED'
[93104] dbg: rules: meta test SARE_FROM_FREE has undefined dependency
'__MR_LEGIT_FREE'
[93104] dbg: rules: meta test SARE_FROM_FREE has undefined dependency
'ADDR_FREE'
[93104] info: rules: meta test CONFIRMED_FORGED has dependency
'FORGED_YAHOO_RCVD' with a zero score
[93104] dbg: rules: meta test BR_PRIORITY_SPAM has undefined dependency
'X_PRIORITY_HIGH'
[93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_MKSHRT'
[93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_GT'
[93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_TINY'
[93104] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined
dependency 'VIRUS_WARNING_MYDOOM4'
[93104] dbg: rules: meta test SARE_OBFU_CIALIS has undefined dependency
'SARE_OBFU_CIALIS2'
[93104] dbg: rules: meta test FP_MIXED_PORN3 has undefined dependency
'FP_PENETRATION'
[93104] dbg: rules: compiled meta tests
[93104] dbg: check: running tests for priority: 1000
[93104] dbg: rules: running head tests; score so far=10.189
[93104] dbg: rules: compiled head tests
[93104] dbg: auto-whitelist: sql-based connected to
DBI:mysql:mail:localhost
[93104] dbg: auto-whitelist: sql-based using username: vscan
[93104] dbg: auto-whitelist: sql-based get_addr_entry: found existing
entry for [EMAIL PROTECTED]|ip=205.152
[93104] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=205.152
scores 39/459.505
[93104] dbg: auto-whitelist: AWL active, pre-score: 10.189, autolearn
score: 10.189, mean: 11.7821794871795, IP: 205.152.59.66
[93104] dbg: auto-whitelist: sql-based add_score: new count: 40, new
totscore: 469.694 for [EMAIL PROTECTED]|ip=205.152
[93104] dbg: auto-whitelist: sql-based finish: disconnected from
DBI:mysql:mail:localhost
[93104] dbg: auto-whitelist: post auto-whitelist score: 10.9855897435897
[93104] dbg: rules: running body tests; score so far=10.9855897435897
[93104] dbg: rules: compiled body tests
[93104] dbg: rules: running uri tests; score so far=10.9855897435897
[93104] dbg: rules: compiled uri tests
[93104] dbg: rules: running rawbody tests; score so far=10.9855897435897
[93104] dbg: rules: compiled rawbody tests
[93104] dbg: rules: running full tests; score so far=10.9855897435897
[93104] dbg: rules: compiled full tests
[93104] dbg: rules: running meta tests; score so far=10.9855897435897
[93104] dbg: rules: compiled meta tests
[93104] dbg: plugin:
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8e11704)
implements 'autolearn_discriminator', priority 0
[93104] dbg: learn: auto-learn: currently using scoreset 3, recomputing
score based on scoreset 1
[93104] dbg: learn: auto-learn: message score: 10.9855897435897,
computed score for autolearn: 5.868
[93104] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=5.868,
head-points=5.868, learned-points=3.5
[93104] dbg: learn: auto-learn? no: inside auto-learn thresholds, not
considered ham or spam
[93104] dbg: check: is spam? score=10.986 required=5
[93104] dbg: check:
tests=AWL,BAYES_99,DCC_CHECK,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_C
HICKENPOX_41,MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS
[93104] dbg: check:
subtests=__BIGDOLLARSFVGT,__CT,__CTE,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,_
_DOS_RCVD_WED,__FB_NUM_PERCNT,__FRAUD_DBI,__FRAUD_LTX,__HAS_ANY_EMAIL,__
HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HAVE_B
OUNCE_RELAYS,__KAM_LOTTO3,__LOCAL_PP_NONPPURL,__L_FROM_Y5,__MIME_VERSION
,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,_
_MY_SERVERS_FOUND,__NONEMPTY_BODY,__SANE_MSGID,__SARE_FRAUD_FAMILY,__SAR
E_FRAUD_FUNWORDS,__SARE_LOTTO_CATEGORY,__SARE_LOTTO_CONGRAT,__SARE_SPEC_
PROLEO5,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__SEX_WRDS,__TOCC_EXISTS,__
WORD_SEX,__YAHOO3
>From - Wed Jul 11 10:32:15 2007
X-Spam-ASN: AS1239 204.89.241.0/24
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
fl.us.spammertrap.net
X-Spam-Level: **********
X-Spam-Status: Yes, score=11.0 required=5.0
tests=AWL,BAYES_99,DCC_CHECK,
DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,MILLION_USD,
SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS autolearn=no
version=3.2.1
X-Spam-Relay-Country: US ** US ** **
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
some mails
* 2.1 SUBJ_ALL_CAPS Subject is all capitals
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy
says domain
* signs some mails
* 0.6 J_CHICKENPOX_41 BODY: 4alpha-pock-1alpha
* 1.5 MILLION_USD BODY: Talks about millions of dollars
* 0.3 SARE_MILLIONSOF BODY: Millions of something.
* 2.2 DCC_CHECK Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
* 0.8 AWL AWL: From: address is in the auto white-list
Now, with ST__L_FROM_YAHOO:
[94023] dbg: bayes: corpus size: nspam = 110426, nham = 73783
[94023] dbg: bayes: tok_get_all: token count: 377
[94023] dbg: bayes: score = 1
[94023] dbg: rules: ran eval rule BAYES_99 ======> got hit (1)
[94023] dbg: rules: running rawbody tests; score so far=3.5
[94023] dbg: rules: compiled rawbody tests
[94023] dbg: rules: running full tests; score so far=3.5
[94023] dbg: rules: compiled full tests
[94023] dbg: rules: running meta tests; score so far=3.5
[94023] dbg: rules: compiled meta tests
[94023] dbg: check: running tests for priority: 0
[94023] dbg: rules: running head tests; score so far=3.5
[94023] dbg: rules: compiled head tests
[94023] dbg: rules: ran header rule __L_FROM_Y5 ======> got hit:
"@yahoo.it"
[94023] dbg: rules: ran header rule __CT_TEXT_PLAIN ======> got hit:
"text/plain"
[94023] dbg: rules: ran header rule __CT ======> got hit: "t"
[94023] dbg: rules: ran header rule __MISSING_REF ======> got hit:
"UNSET"
[94023] dbg: message: Return-Path header found after 1 or more Received
lines, cannot trust envelope-from
[94023] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[94023] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
[94023] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got
hit: "
[94023] dbg: rules: Message-Id: "
[94023] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got
hit: "M"
[94023] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "O"
[94023] dbg: rules: ran header rule __DOS_RCVD_WED ======> got hit: "
Wed, "
[94023] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[94023] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@mail.bellsouth.net>"
[94023] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"2007071114"
[94023] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[94023] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<[EMAIL PROTECTED]>
[94023] dbg: rules: "
[94023] dbg: rules: ran header rule __CTE ======> got hit: "7"
[94023] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "["
[94023] dbg: spf: checking to see if the message has a Received-SPF
header that we can use
[94023] dbg: spf: using Mail::SPF for SPF checks
[94023] dbg: spf: checking HELO (helo=fl.us.spammertrap.net,
ip=204.89.241.173)
[94023] dbg: asn: asn.routeviews.org.: lookup result packet:
'173.241.89.204.asn.routeviews.org. 192 IN TXT "1239" "204.89.241.0"
"24"'
[94023] dbg: spf: query for /204.89.241.173/fl.us.spammertrap.net:
result: pass, comment: , text: Mechanism 'a' matched
[94023] dbg: rules: ran eval rule SPF_HELO_PASS ======> got hit (1)
[94023] dbg: dk: from: [EMAIL PROTECTED]
[94023] dbg: dk: signing domain name: not found
[94023] dbg: dk: fetched policy for domain bellsouth.net: o=~
[94023] dbg: dk: no signature
[94023] dbg: dk: comment is 'no signature'
[94023] dbg: dk: no signature
[94023] dbg: dk: whitelist_from_dk: could not find signing domain name
[94023] dbg: dkim: performing public key lookup and signature
verification
[94023] dbg: dkim: originator address: [EMAIL PROTECTED]
[94023] dbg: dkim: signature verification result: none
[94023] dbg: dkim: whitelist_from_dkim: could not find identity
[94023] dbg: rules: ran eval rule DK_POLICY_SIGNSOME ======> got hit (1)
[94023] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[94023] dbg: spf: cannot get Envelope-From, cannot use SPF
[94023] dbg: rules: ran eval rule SUBJ_ALL_CAPS ======> got hit (1)
[94023] dbg: dkim: def_whitelist_from_dkim: could not find identity
[94023] dbg: dkim: policy: performing lookup
[94023] dbg: dkim: policy result neutral: o=~
[94023] dbg: rules: ran eval rule DKIM_POLICY_SIGNSOME ======> got hit
(1)
[94023] dbg: spf: def_spf_whitelist_from: already checked spf and didn't
get pass, skipping whitelist check
[94023] dbg: dk: def_whitelist_from_dk: could not find signing domain
name
[94023] dbg: spf: whitelist_from_spf: already checked spf and didn't get
pass, skipping whitelist check
[94023] dbg: rules: running body tests; score so far=5.576
[94023] dbg: rules: compiled body tests
[94023] dbg: rules: ran body rule __SARE_LOTTO_CONGRAT ======> got hit:
"congratulation"
[94023] dbg: rules: ran body rule J_CHICKENPOX_41 ======> got hit: "
year?s "
[94023] dbg: rules: ran body rule __BIGDOLLARSFVGT ======> got hit:
"$500,000"
[94023] dbg: rules: ran body rule __KAM_LOTTO3 ======> got hit: "claim"
[94023] dbg: rules: ran body rule __SARE_FRAUD_FUNWORDS ======> got hit:
"Please endeavor"
[94023] dbg: rules: ran body rule __YAHOO3 ======> got hit: "@yahoo.it"
[94023] dbg: rules: ran body rule MILLION_USD ======> got hit: "Million
United States Dollars"
[94023] dbg: rules: ran body rule __FRAUD_LTX ======> got hit: "Million
United States Dollars"
[94023] dbg: rules: ran body rule __SARE_LOTTO_CATEGORY ======> got hit:
"categories"
[94023] dbg: rules: ran body rule __SARE_SPEC_PROLEO5 ======> got hit:
"http://www.";
[94023] dbg: rules: ran body rule __SARE_FRAUD_FAMILY ======> got hit:
"NEXT OF KIN"
[94023] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit:
"[EMAIL PROTECTED]"
[94023] dbg: rules: ran body rule __FB_NUM_PERCNT ======> got hit: "5%"
[94023] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "["
[94023] dbg: rules: ran body rule __WORD_SEX ======> got hit: "SEX"
[94023] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "Dollars"
[94023] dbg: rules: ran body rule SARE_MILLIONSOF ======> got hit:
"millions of"
[94023] dbg: rules: running uri tests; score so far=8.019
[94023] dbg: rules: compiled uri tests
[94023] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "m"
[94023] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit:
"http://www.fondazionedivittorio.it";
[94023] dbg: https_http_mismatch: anchors 0
[94023] dbg: eval: stock info hit: company
[94023] dbg: eval: stock info total: 1
[94023] dbg: rules: ran eval rule __MY_SERVERS_FOUND ======> got hit (1)
[94023] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit
(1)
[94023] dbg: rules: running rawbody tests; score so far=8.019
[94023] dbg: rules: compiled rawbody tests
[94023] dbg: rules: running full tests; score so far=8.019
[94023] dbg: rules: compiled full tests
[94023] dbg: info: entering helper-app run mode
[94023] dbg: info: leaving helper-app run mode
[94023] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[94023] dbg: razor2: part=0 engine=8 contested=0 confidence=0
[94023] dbg: razor2: results: spam? 0
[94023] dbg: razor2: results: engine 8, highest cf score: 0
[94023] dbg: razor2: results: engine 4, highest cf score: 0
[94023] dbg: dcc: dccifd is available: /usr/local/dcc/dccifd
[94023] dbg: info: entering helper-app run mode
[94023] dbg: dcc: dccifd got response: X-DCC--Metrics:
fl.us.spammertrap.net 1113; Body=many Fuz1=many Fuz2=many
[94023] dbg: info: leaving helper-app run mode
[94023] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999
FUZ2=999999/999999
[94023] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1)
[94023] dbg: rules: running meta tests; score so far=10.189
[94023] dbg: rules: compiled meta tests
[94023] dbg: check: running tests for priority: 500
[94023] dbg: async: select found no socks ready
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (multi.surbl.org.:fondazionedivittorio.it)
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (bl.open-whois.org.:fondazionedivittorio.it)
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (multi.uribl.com.:fondazionedivittorio.it)
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (dob.sibl.support-intelligence.net:fondazionedivittorio.it)
[94023] dbg: async: queries completed: 31 started: 3
[94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:26 2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: async: queries completed: 1 started: 1
[94023] dbg: async: queries active: TXT=1 URI-A=2 at Thu Jul 12 18:38:26
2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: async: queries completed: 1 started: 1
[94023] dbg: async: queries active: TXT=1 URI-A=1 URI-DNSBL=1 at Thu Jul
12 18:38:26 2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: async: queries completed: 1 started: 1
[94023] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12
18:38:26 2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (sbl.spamhaus.org.:8.245.205.193)
[94023] dbg: async: queries completed: 1 started: 0
[94023] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12
18:38:26 2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (sbl.spamhaus.org.:4.5.204.193)
[94023] dbg: async: queries completed: 1 started: 0
[94023] dbg: async: queries active: TXT=1 URI-DNSBL=1 at Thu Jul 12
18:38:26 2007
[94023] dbg: async: select found 1 socks ready
[94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds
to look up (sbl.spamhaus.org.:200.226.242.194)
[94023] dbg: async: queries completed: 1 started: 0
[94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:26 2007
[94023] dbg: async: select found no socks ready
[94023] dbg: async: queries completed: 0 started: 0
[94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:27 2007
[94023] dbg: dns: success for 31 of 32 queries
[94023] dbg: dns: timeout for after 1 seconds
[94023] dbg: async: aborting remaining lookups
[94023] dbg: rules: running head tests; score so far=10.189
[94023] dbg: rules: compiled head tests
[94023] dbg: rules: running body tests; score so far=10.189
[94023] dbg: rules: compiled body tests
[94023] dbg: rules: running uri tests; score so far=10.189
[94023] dbg: rules: compiled uri tests
[94023] dbg: rules: running rawbody tests; score so far=10.189
[94023] dbg: rules: compiled rawbody tests
[94023] dbg: rules: running full tests; score so far=10.189
[94023] dbg: rules: compiled full tests
[94023] dbg: rules: running meta tests; score so far=10.189
[94023] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency
'PYZOR_CHECK'
[94023] info: rules: meta test FM_DDDD_TIMES_2 has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[94023] info: rules: meta test FM_SEX_HOSTDDDD has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[94023] dbg: rules: meta test BR_ADJUST_1C has undefined dependency
'BR_MAILTO'
[94023] info: rules: meta test MULTI_FORGED has dependency
'FORGED_YAHOO_RCVD' with a zero score
[94023] dbg: rules: meta test BODY_YAHOO has undefined dependency
'YAHOO3'
[94023] dbg: rules: meta test BR_ADJUST_3B has undefined dependency
'BR_LINK_UNSAFE'
[94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_XMAIL_SUSP2'
[94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_HEAD_XAUTH_WARN'
[94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'X_AUTH_WARN_FAKED'
[94023] dbg: rules: meta test SARE_FROM_FREE has undefined dependency
'__MR_LEGIT_FREE'
[94023] dbg: rules: meta test SARE_FROM_FREE has undefined dependency
'ADDR_FREE'
[94023] info: rules: meta test CONFIRMED_FORGED has dependency
'FORGED_YAHOO_RCVD' with a zero score
[94023] dbg: rules: meta test BR_PRIORITY_SPAM has undefined dependency
'X_PRIORITY_HIGH'
[94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_MKSHRT'
[94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_GT'
[94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency
'SARE_RD_SAFE_TINY'
[94023] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined
dependency 'VIRUS_WARNING_MYDOOM4'
[94023] dbg: rules: meta test SARE_OBFU_CIALIS has undefined dependency
'SARE_OBFU_CIALIS2'
[94023] dbg: rules: meta test FP_MIXED_PORN3 has undefined dependency
'FP_PENETRATION'
[94023] dbg: rules: compiled meta tests
[94023] dbg: check: running tests for priority: 1000
[94023] dbg: rules: running head tests; score so far=12.69
[94023] dbg: rules: compiled head tests
[94023] dbg: auto-whitelist: sql-based connected to
DBI:mysql:mail:localhost
[94023] dbg: auto-whitelist: sql-based using username: vscan
[94023] dbg: auto-whitelist: sql-based get_addr_entry: found existing
entry for [EMAIL PROTECTED]|ip=205.152
[94023] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=205.152
scores 40/469.694
[94023] dbg: auto-whitelist: AWL active, pre-score: 12.69, autolearn
score: 12.69, mean: 11.74235, IP: 205.152.59.66
[94023] dbg: auto-whitelist: sql-based add_score: new count: 41, new
totscore: 482.384 for [EMAIL PROTECTED]|ip=205.152
[94023] dbg: auto-whitelist: sql-based finish: disconnected from
DBI:mysql:mail:localhost
[94023] dbg: auto-whitelist: post auto-whitelist score: 12.216175
[94023] dbg: rules: running body tests; score so far=12.216175
[94023] dbg: rules: compiled body tests
[94023] dbg: rules: running uri tests; score so far=12.216175
[94023] dbg: rules: compiled uri tests
[94023] dbg: rules: running rawbody tests; score so far=12.216175
[94023] dbg: rules: compiled rawbody tests
[94023] dbg: rules: running full tests; score so far=12.216175
[94023] dbg: rules: compiled full tests
[94023] dbg: rules: running meta tests; score so far=12.216175
[94023] dbg: rules: compiled meta tests
[94023] dbg: plugin:
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8e11704)
implements 'autolearn_discriminator', priority 0
[94023] dbg: learn: auto-learn: currently using scoreset 3, recomputing
score based on scoreset 1
[94023] dbg: learn: auto-learn: message score: 12.216175, computed score
for autolearn: 8.369
[94023] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=8.369,
head-points=8.369, learned-points=3.5
[94023] dbg: learn: auto-learn? no: inside auto-learn thresholds, not
considered ham or spam
[94023] dbg: check: is spam? score=12.216 required=5
[94023] dbg: check:
tests=AWL,BAYES_99,DCC_CHECK,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_C
HICKENPOX_41,L_UNVERIFIED_YAHOO,MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PAS
S,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS
[94023] dbg: check:
subtests=__BIGDOLLARSFVGT,__CT,__CTE,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,_
_DOS_RCVD_WED,__FB_NUM_PERCNT,__FRAUD_DBI,__FRAUD_LTX,__HAS_ANY_EMAIL,__
HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HAVE_B
OUNCE_RELAYS,__KAM_LOTTO3,__LOCAL_PP_NONPPURL,__L_FROM_Y5,__MIME_VERSION
,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,_
_MY_SERVERS_FOUND,__NONEMPTY_BODY,__SANE_MSGID,__SARE_FRAUD_FAMILY,__SAR
E_FRAUD_FUNWORDS,__SARE_LOTTO_CATEGORY,__SARE_LOTTO_CONGRAT,__SARE_SPEC_
PROLEO5,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__SEX_WRDS,__TOCC_EXISTS,__
WORD_SEX,__YAHOO3
>From - Wed Jul 11 10:32:15 2007
X-Spam-ASN: AS1239 204.89.241.0/24
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on
fl.us.spammertrap.net
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.2 required=5.0
tests=AWL,BAYES_99,DCC_CHECK,
DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,L_UNVERIFIED_YAH
OO,
MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS
autolearn=no version=3.2.1
X-Spam-Relay-Country: US ** US ** **
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs
some mails
* 2.1 SUBJ_ALL_CAPS Subject is all capitals
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy
says domain
* signs some mails
* 0.6 J_CHICKENPOX_41 BODY: 4alpha-pock-1alpha
* 1.5 MILLION_USD BODY: Talks about millions of dollars
* 0.3 SARE_MILLIONSOF BODY: Millions of something.
* 2.2 DCC_CHECK Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
* 0.0 ST__L_FROM_YAHOO ST__L_FROM_YAHOO
* 2.5 L_UNVERIFIED_YAHOO L_UNVERIFIED_YAHOO
* -0.5 AWL AWL: From: address is in the auto white-list
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
