> -----Original Message----- > From: Theo Van Dinter [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 12, 2007 12:56 PM > To: users@spamassassin.apache.org > Subject: Re: __ rules can't call multiple __ rules?
> FWIW, having a meta which is simply the result of another > rule (TEST2) is wasteful and inefficient. It is if you are trying to 'test' a rule and find out why it doesn't work. Ps, SA 3.2.1 on Freebsd 5.4, perl 5.8, nightly running sa-update. > Just change > __L_FROM_YAHOO to be a rule. Then nothing works ;-) The only way I could make it work was change __L_FROM_YAHOO TO ST__L_FROM_YAHOO This: (didn't work) meta __L_FROM_YAHOO __L_FROM_Y5 || __L_FROM_Y1 || __L_FROM_Y2 || __L_FROM_Y3 || __L_FROM_Y4 header __L_FROM_GMAIL From:addr =~ [EMAIL PROTECTED] meta L_UNVERIFIED_YAHOO !DKIM_VERIFIED && __L_FROM_YAHOO && !__L_VIA_ML Summary: X-Spam-Status: Yes, score=12.2 required=5.0 tests=AWL,BAYES_99,DCC_CHECK, DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,L_UNVERIFIED_YAH OO, MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS autolearn=no version=3.2.1 To this: (worked) summary: meta ST__L_FROM_YAHOO __L_FROM_Y5 || __L_FROM_Y1 || __L_FROM_Y2 || __L_FROM_Y3 || __L_FROM_Y4 score ST__L_FROM_YAHOO 0.001 header __L_FROM_GMAIL From:addr =~ [EMAIL PROTECTED] meta L_UNVERIFIED_YAHOO !DKIM_VERIFIED && ST__L_FROM_YAHOO && !__L_VIA_ML X-Spam-Status: Yes, score=11.0 required=5.0 tests=AWL,BAYES_99,DCC_CHECK, DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,MILLION_USD, SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS autolearn=no version=3.2.1 Running -D output with original rule: [93104] dbg: bayes: corpus size: nspam = 110423, nham = 73781 [93104] dbg: bayes: tok_get_all: token count: 377 [93104] dbg: bayes: score = 1 [93104] dbg: rules: ran eval rule BAYES_99 ======> got hit (1) [93104] dbg: rules: running rawbody tests; score so far=3.5 [93104] dbg: rules: compiled rawbody tests [93104] dbg: rules: running full tests; score so far=3.5 [93104] dbg: rules: compiled full tests [93104] dbg: rules: running meta tests; score so far=3.5 [93104] dbg: rules: compiled meta tests [93104] dbg: check: running tests for priority: 0 [93104] dbg: rules: running head tests; score so far=3.5 [93104] dbg: rules: compiled head tests [93104] dbg: rules: ran header rule __L_FROM_Y5 ======> got hit: "@yahoo.it" [93104] dbg: rules: ran header rule __CT_TEXT_PLAIN ======> got hit: "text/plain" [93104] dbg: rules: ran header rule __CT ======> got hit: "t" [93104] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [93104] dbg: message: Return-Path header found after 1 or more Received lines, cannot trust envelope-from [93104] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1" [93104] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<" [93104] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [93104] dbg: rules: Message-Id: " [93104] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "M" [93104] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "O" [93104] dbg: rules: ran header rule __DOS_RCVD_WED ======> got hit: " Wed, " [93104] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [93104] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@mail.bellsouth.net>" [93104] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "2007071114" [93104] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [93104] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<[EMAIL PROTECTED]> [93104] dbg: rules: " [93104] dbg: rules: ran header rule __CTE ======> got hit: "7" [93104] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "[" [93104] dbg: spf: checking to see if the message has a Received-SPF header that we can use [93104] dbg: spf: using Mail::SPF for SPF checks [93104] dbg: spf: checking HELO (helo=fl.us.spammertrap.net, ip=204.89.241.173) [93104] dbg: asn: asn.routeviews.org.: lookup result packet: '173.241.89.204.asn.routeviews.org. 600 IN TXT "1239" "204.89.241.0" "24"' [93104] dbg: spf: query for /204.89.241.173/fl.us.spammertrap.net: result: pass, comment: , text: Mechanism 'a' matched [93104] dbg: rules: ran eval rule SPF_HELO_PASS ======> got hit (1) [93104] dbg: dk: from: [EMAIL PROTECTED] [93104] dbg: dk: signing domain name: not found [93104] dbg: dk: fetched policy for domain bellsouth.net: o=~ [93104] dbg: dk: no signature [93104] dbg: dk: comment is 'no signature' [93104] dbg: dk: no signature [93104] dbg: dk: whitelist_from_dk: could not find signing domain name [93104] dbg: dkim: performing public key lookup and signature verification [93104] dbg: dkim: originator address: [EMAIL PROTECTED] [93104] dbg: dkim: signature verification result: none [93104] dbg: dkim: whitelist_from_dkim: could not find identity [93104] dbg: rules: ran eval rule DK_POLICY_SIGNSOME ======> got hit (1) [93104] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [93104] dbg: spf: cannot get Envelope-From, cannot use SPF [93104] dbg: rules: ran eval rule SUBJ_ALL_CAPS ======> got hit (1) [93104] dbg: dkim: def_whitelist_from_dkim: could not find identity [93104] dbg: dkim: policy: performing lookup [93104] dbg: dkim: policy result neutral: o=~ [93104] dbg: rules: ran eval rule DKIM_POLICY_SIGNSOME ======> got hit (1) [93104] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [93104] dbg: dk: def_whitelist_from_dk: could not find signing domain name [93104] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check [93104] dbg: rules: running body tests; score so far=5.576 [93104] dbg: rules: compiled body tests [93104] dbg: rules: ran body rule __SARE_LOTTO_CONGRAT ======> got hit: "congratulation" [93104] dbg: rules: ran body rule J_CHICKENPOX_41 ======> got hit: " year?s " [93104] dbg: rules: ran body rule __BIGDOLLARSFVGT ======> got hit: "$500,000" [93104] dbg: rules: ran body rule __KAM_LOTTO3 ======> got hit: "claim" [93104] dbg: rules: ran body rule __SARE_FRAUD_FUNWORDS ======> got hit: "Please endeavor" [93104] dbg: rules: ran body rule __YAHOO3 ======> got hit: "@yahoo.it" [93104] dbg: rules: ran body rule MILLION_USD ======> got hit: "Million United States Dollars" [93104] dbg: rules: ran body rule __FRAUD_LTX ======> got hit: "Million United States Dollars" [93104] dbg: rules: ran body rule __SARE_LOTTO_CATEGORY ======> got hit: "categories" [93104] dbg: rules: ran body rule __SARE_SPEC_PROLEO5 ======> got hit: "http://www." [93104] dbg: rules: ran body rule __SARE_FRAUD_FAMILY ======> got hit: "NEXT OF KIN" [93104] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit: "[EMAIL PROTECTED]" [93104] dbg: rules: ran body rule __FB_NUM_PERCNT ======> got hit: "5%" [93104] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "[" [93104] dbg: rules: ran body rule __WORD_SEX ======> got hit: "SEX" [93104] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "Dollars" [93104] dbg: rules: ran body rule SARE_MILLIONSOF ======> got hit: "millions of" [93104] dbg: rules: running uri tests; score so far=8.019 [93104] dbg: rules: compiled uri tests [93104] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "m" [93104] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit: "http://www.fondazionedivittorio.it" [93104] dbg: https_http_mismatch: anchors 0 [93104] dbg: eval: stock info hit: company [93104] dbg: eval: stock info total: 1 [93104] dbg: rules: ran eval rule __MY_SERVERS_FOUND ======> got hit (1) [93104] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1) [93104] dbg: rules: running rawbody tests; score so far=8.019 [93104] dbg: rules: compiled rawbody tests [93104] dbg: rules: running full tests; score so far=8.019 [93104] dbg: rules: compiled full tests [93104] dbg: info: entering helper-app run mode [93104] dbg: info: leaving helper-app run mode [93104] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [93104] dbg: razor2: part=0 engine=8 contested=0 confidence=0 [93104] dbg: razor2: results: spam? 0 [93104] dbg: razor2: results: engine 8, highest cf score: 0 [93104] dbg: razor2: results: engine 4, highest cf score: 0 [93104] dbg: dcc: dccifd is available: /usr/local/dcc/dccifd [93104] dbg: info: entering helper-app run mode [93104] dbg: dcc: dccifd got response: X-DCC--Metrics: fl.us.spammertrap.net 1113; Body=many Fuz1=many Fuz2=many [93104] dbg: info: leaving helper-app run mode [93104] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999 FUZ2=999999/999999 [93104] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) [93104] dbg: rules: running meta tests; score so far=10.189 [93104] dbg: rules: compiled meta tests [93104] dbg: check: running tests for priority: 500 [93104] dbg: async: select found 1 socks ready [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (multi.surbl.org.:fondazionedivittorio.it) [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (bl.open-whois.org.:fondazionedivittorio.it) [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (multi.uribl.com.:fondazionedivittorio.it) [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (dob.sibl.support-intelligence.net:fondazionedivittorio.it) [93104] dbg: async: queries completed: 31 started: 3 [93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: async: queries completed: 1 started: 1 [93104] dbg: async: queries active: TXT=1 URI-A=2 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: async: queries completed: 1 started: 1 [93104] dbg: async: queries active: TXT=1 URI-A=1 URI-DNSBL=1 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: async: queries completed: 1 started: 1 [93104] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (sbl.spamhaus.org.:4.5.204.193) [93104] dbg: async: queries completed: 1 started: 0 [93104] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (sbl.spamhaus.org.:200.226.242.194) [93104] dbg: async: queries completed: 1 started: 0 [93104] dbg: async: queries active: TXT=1 URI-DNSBL=1 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found 1 socks ready [93104] dbg: uridnsbl: query for fondazionedivittorio.it took 2 seconds to look up (sbl.spamhaus.org.:8.245.205.193) [93104] dbg: async: queries completed: 1 started: 0 [93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:36 2007 [93104] dbg: async: select found no socks ready [93104] dbg: async: queries completed: 0 started: 0 [93104] dbg: async: queries active: TXT=1 at Thu Jul 12 18:31:37 2007 [93104] dbg: dns: success for 31 of 32 queries [93104] dbg: dns: timeout for after 1 seconds [93104] dbg: async: aborting remaining lookups [93104] dbg: rules: running head tests; score so far=10.189 [93104] dbg: rules: compiled head tests [93104] dbg: rules: running body tests; score so far=10.189 [93104] dbg: rules: compiled body tests [93104] dbg: rules: running uri tests; score so far=10.189 [93104] dbg: rules: compiled uri tests [93104] dbg: rules: running rawbody tests; score so far=10.189 [93104] dbg: rules: compiled rawbody tests [93104] dbg: rules: running full tests; score so far=10.189 [93104] dbg: rules: compiled full tests [93104] dbg: rules: running meta tests; score so far=10.189 [93104] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'PYZOR_CHECK' [93104] info: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [93104] info: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [93104] dbg: rules: meta test BR_ADJUST_1C has undefined dependency 'BR_MAILTO' [93104] info: rules: meta test MULTI_FORGED has dependency 'FORGED_YAHOO_RCVD' with a zero score [93104] dbg: rules: meta test BODY_YAHOO has undefined dependency 'YAHOO3' [93104] dbg: rules: meta test BR_ADJUST_3B has undefined dependency 'BR_LINK_UNSAFE' [93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [93104] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'X_AUTH_WARN_FAKED' [93104] dbg: rules: meta test SARE_FROM_FREE has undefined dependency '__MR_LEGIT_FREE' [93104] dbg: rules: meta test SARE_FROM_FREE has undefined dependency 'ADDR_FREE' [93104] info: rules: meta test CONFIRMED_FORGED has dependency 'FORGED_YAHOO_RCVD' with a zero score [93104] dbg: rules: meta test BR_PRIORITY_SPAM has undefined dependency 'X_PRIORITY_HIGH' [93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [93104] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [93104] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' [93104] dbg: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' [93104] dbg: rules: meta test FP_MIXED_PORN3 has undefined dependency 'FP_PENETRATION' [93104] dbg: rules: compiled meta tests [93104] dbg: check: running tests for priority: 1000 [93104] dbg: rules: running head tests; score so far=10.189 [93104] dbg: rules: compiled head tests [93104] dbg: auto-whitelist: sql-based connected to DBI:mysql:mail:localhost [93104] dbg: auto-whitelist: sql-based using username: vscan [93104] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=205.152 [93104] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=205.152 scores 39/459.505 [93104] dbg: auto-whitelist: AWL active, pre-score: 10.189, autolearn score: 10.189, mean: 11.7821794871795, IP: 205.152.59.66 [93104] dbg: auto-whitelist: sql-based add_score: new count: 40, new totscore: 469.694 for [EMAIL PROTECTED]|ip=205.152 [93104] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:mail:localhost [93104] dbg: auto-whitelist: post auto-whitelist score: 10.9855897435897 [93104] dbg: rules: running body tests; score so far=10.9855897435897 [93104] dbg: rules: compiled body tests [93104] dbg: rules: running uri tests; score so far=10.9855897435897 [93104] dbg: rules: compiled uri tests [93104] dbg: rules: running rawbody tests; score so far=10.9855897435897 [93104] dbg: rules: compiled rawbody tests [93104] dbg: rules: running full tests; score so far=10.9855897435897 [93104] dbg: rules: compiled full tests [93104] dbg: rules: running meta tests; score so far=10.9855897435897 [93104] dbg: rules: compiled meta tests [93104] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8e11704) implements 'autolearn_discriminator', priority 0 [93104] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [93104] dbg: learn: auto-learn: message score: 10.9855897435897, computed score for autolearn: 5.868 [93104] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=5.868, head-points=5.868, learned-points=3.5 [93104] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam [93104] dbg: check: is spam? score=10.986 required=5 [93104] dbg: check: tests=AWL,BAYES_99,DCC_CHECK,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_C HICKENPOX_41,MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS [93104] dbg: check: subtests=__BIGDOLLARSFVGT,__CT,__CTE,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,_ _DOS_RCVD_WED,__FB_NUM_PERCNT,__FRAUD_DBI,__FRAUD_LTX,__HAS_ANY_EMAIL,__ HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HAVE_B OUNCE_RELAYS,__KAM_LOTTO3,__LOCAL_PP_NONPPURL,__L_FROM_Y5,__MIME_VERSION ,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,_ _MY_SERVERS_FOUND,__NONEMPTY_BODY,__SANE_MSGID,__SARE_FRAUD_FAMILY,__SAR E_FRAUD_FUNWORDS,__SARE_LOTTO_CATEGORY,__SARE_LOTTO_CONGRAT,__SARE_SPEC_ PROLEO5,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__SEX_WRDS,__TOCC_EXISTS,__ WORD_SEX,__YAHOO3 >From - Wed Jul 11 10:32:15 2007 X-Spam-ASN: AS1239 204.89.241.0/24 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on fl.us.spammertrap.net X-Spam-Level: ********** X-Spam-Status: Yes, score=11.0 required=5.0 tests=AWL,BAYES_99,DCC_CHECK, DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,MILLION_USD, SARE_MILLIONSOF,SPF_HELO_PASS,SUBJ_ALL_CAPS autolearn=no version=3.2.1 X-Spam-Relay-Country: US ** US ** ** X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails * 2.1 SUBJ_ALL_CAPS Subject is all capitals * 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain * signs some mails * 0.6 J_CHICKENPOX_41 BODY: 4alpha-pock-1alpha * 1.5 MILLION_USD BODY: Talks about millions of dollars * 0.3 SARE_MILLIONSOF BODY: Millions of something. * 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 0.8 AWL AWL: From: address is in the auto white-list Now, with ST__L_FROM_YAHOO: [94023] dbg: bayes: corpus size: nspam = 110426, nham = 73783 [94023] dbg: bayes: tok_get_all: token count: 377 [94023] dbg: bayes: score = 1 [94023] dbg: rules: ran eval rule BAYES_99 ======> got hit (1) [94023] dbg: rules: running rawbody tests; score so far=3.5 [94023] dbg: rules: compiled rawbody tests [94023] dbg: rules: running full tests; score so far=3.5 [94023] dbg: rules: compiled full tests [94023] dbg: rules: running meta tests; score so far=3.5 [94023] dbg: rules: compiled meta tests [94023] dbg: check: running tests for priority: 0 [94023] dbg: rules: running head tests; score so far=3.5 [94023] dbg: rules: compiled head tests [94023] dbg: rules: ran header rule __L_FROM_Y5 ======> got hit: "@yahoo.it" [94023] dbg: rules: ran header rule __CT_TEXT_PLAIN ======> got hit: "text/plain" [94023] dbg: rules: ran header rule __CT ======> got hit: "t" [94023] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [94023] dbg: message: Return-Path header found after 1 or more Received lines, cannot trust envelope-from [94023] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1" [94023] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<" [94023] dbg: rules: ran header rule __MSOE_MID_WRONG_CASE ======> got hit: " [94023] dbg: rules: Message-Id: " [94023] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got hit: "M" [94023] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "O" [94023] dbg: rules: ran header rule __DOS_RCVD_WED ======> got hit: " Wed, " [94023] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [94023] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@mail.bellsouth.net>" [94023] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "2007071114" [94023] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [94023] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<[EMAIL PROTECTED]> [94023] dbg: rules: " [94023] dbg: rules: ran header rule __CTE ======> got hit: "7" [94023] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "[" [94023] dbg: spf: checking to see if the message has a Received-SPF header that we can use [94023] dbg: spf: using Mail::SPF for SPF checks [94023] dbg: spf: checking HELO (helo=fl.us.spammertrap.net, ip=204.89.241.173) [94023] dbg: asn: asn.routeviews.org.: lookup result packet: '173.241.89.204.asn.routeviews.org. 192 IN TXT "1239" "204.89.241.0" "24"' [94023] dbg: spf: query for /204.89.241.173/fl.us.spammertrap.net: result: pass, comment: , text: Mechanism 'a' matched [94023] dbg: rules: ran eval rule SPF_HELO_PASS ======> got hit (1) [94023] dbg: dk: from: [EMAIL PROTECTED] [94023] dbg: dk: signing domain name: not found [94023] dbg: dk: fetched policy for domain bellsouth.net: o=~ [94023] dbg: dk: no signature [94023] dbg: dk: comment is 'no signature' [94023] dbg: dk: no signature [94023] dbg: dk: whitelist_from_dk: could not find signing domain name [94023] dbg: dkim: performing public key lookup and signature verification [94023] dbg: dkim: originator address: [EMAIL PROTECTED] [94023] dbg: dkim: signature verification result: none [94023] dbg: dkim: whitelist_from_dkim: could not find identity [94023] dbg: rules: ran eval rule DK_POLICY_SIGNSOME ======> got hit (1) [94023] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [94023] dbg: spf: cannot get Envelope-From, cannot use SPF [94023] dbg: rules: ran eval rule SUBJ_ALL_CAPS ======> got hit (1) [94023] dbg: dkim: def_whitelist_from_dkim: could not find identity [94023] dbg: dkim: policy: performing lookup [94023] dbg: dkim: policy result neutral: o=~ [94023] dbg: rules: ran eval rule DKIM_POLICY_SIGNSOME ======> got hit (1) [94023] dbg: spf: def_spf_whitelist_from: already checked spf and didn't get pass, skipping whitelist check [94023] dbg: dk: def_whitelist_from_dk: could not find signing domain name [94023] dbg: spf: whitelist_from_spf: already checked spf and didn't get pass, skipping whitelist check [94023] dbg: rules: running body tests; score so far=5.576 [94023] dbg: rules: compiled body tests [94023] dbg: rules: ran body rule __SARE_LOTTO_CONGRAT ======> got hit: "congratulation" [94023] dbg: rules: ran body rule J_CHICKENPOX_41 ======> got hit: " year?s " [94023] dbg: rules: ran body rule __BIGDOLLARSFVGT ======> got hit: "$500,000" [94023] dbg: rules: ran body rule __KAM_LOTTO3 ======> got hit: "claim" [94023] dbg: rules: ran body rule __SARE_FRAUD_FUNWORDS ======> got hit: "Please endeavor" [94023] dbg: rules: ran body rule __YAHOO3 ======> got hit: "@yahoo.it" [94023] dbg: rules: ran body rule MILLION_USD ======> got hit: "Million United States Dollars" [94023] dbg: rules: ran body rule __FRAUD_LTX ======> got hit: "Million United States Dollars" [94023] dbg: rules: ran body rule __SARE_LOTTO_CATEGORY ======> got hit: "categories" [94023] dbg: rules: ran body rule __SARE_SPEC_PROLEO5 ======> got hit: "http://www." [94023] dbg: rules: ran body rule __SARE_FRAUD_FAMILY ======> got hit: "NEXT OF KIN" [94023] dbg: rules: ran body rule __HAS_ANY_EMAIL ======> got hit: "[EMAIL PROTECTED]" [94023] dbg: rules: ran body rule __FB_NUM_PERCNT ======> got hit: "5%" [94023] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "[" [94023] dbg: rules: ran body rule __WORD_SEX ======> got hit: "SEX" [94023] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "Dollars" [94023] dbg: rules: ran body rule SARE_MILLIONSOF ======> got hit: "millions of" [94023] dbg: rules: running uri tests; score so far=8.019 [94023] dbg: rules: compiled uri tests [94023] dbg: rules: ran uri rule __DOS_HAS_ANY_URI ======> got hit: "m" [94023] dbg: rules: ran uri rule __LOCAL_PP_NONPPURL ======> got hit: "http://www.fondazionedivittorio.it" [94023] dbg: https_http_mismatch: anchors 0 [94023] dbg: eval: stock info hit: company [94023] dbg: eval: stock info total: 1 [94023] dbg: rules: ran eval rule __MY_SERVERS_FOUND ======> got hit (1) [94023] dbg: rules: ran eval rule __HAVE_BOUNCE_RELAYS ======> got hit (1) [94023] dbg: rules: running rawbody tests; score so far=8.019 [94023] dbg: rules: compiled rawbody tests [94023] dbg: rules: running full tests; score so far=8.019 [94023] dbg: rules: compiled full tests [94023] dbg: info: entering helper-app run mode [94023] dbg: info: leaving helper-app run mode [94023] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [94023] dbg: razor2: part=0 engine=8 contested=0 confidence=0 [94023] dbg: razor2: results: spam? 0 [94023] dbg: razor2: results: engine 8, highest cf score: 0 [94023] dbg: razor2: results: engine 4, highest cf score: 0 [94023] dbg: dcc: dccifd is available: /usr/local/dcc/dccifd [94023] dbg: info: entering helper-app run mode [94023] dbg: dcc: dccifd got response: X-DCC--Metrics: fl.us.spammertrap.net 1113; Body=many Fuz1=many Fuz2=many [94023] dbg: info: leaving helper-app run mode [94023] dbg: dcc: listed: BODY=999999/999999 FUZ1=999999/999999 FUZ2=999999/999999 [94023] dbg: rules: ran eval rule DCC_CHECK ======> got hit (1) [94023] dbg: rules: running meta tests; score so far=10.189 [94023] dbg: rules: compiled meta tests [94023] dbg: check: running tests for priority: 500 [94023] dbg: async: select found no socks ready [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (multi.surbl.org.:fondazionedivittorio.it) [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (bl.open-whois.org.:fondazionedivittorio.it) [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (multi.uribl.com.:fondazionedivittorio.it) [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (dob.sibl.support-intelligence.net:fondazionedivittorio.it) [94023] dbg: async: queries completed: 31 started: 3 [94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: async: queries completed: 1 started: 1 [94023] dbg: async: queries active: TXT=1 URI-A=2 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: async: queries completed: 1 started: 1 [94023] dbg: async: queries active: TXT=1 URI-A=1 URI-DNSBL=1 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: async: queries completed: 1 started: 1 [94023] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (sbl.spamhaus.org.:8.245.205.193) [94023] dbg: async: queries completed: 1 started: 0 [94023] dbg: async: queries active: TXT=1 URI-DNSBL=2 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (sbl.spamhaus.org.:4.5.204.193) [94023] dbg: async: queries completed: 1 started: 0 [94023] dbg: async: queries active: TXT=1 URI-DNSBL=1 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found 1 socks ready [94023] dbg: uridnsbl: query for fondazionedivittorio.it took 4 seconds to look up (sbl.spamhaus.org.:200.226.242.194) [94023] dbg: async: queries completed: 1 started: 0 [94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:26 2007 [94023] dbg: async: select found no socks ready [94023] dbg: async: queries completed: 0 started: 0 [94023] dbg: async: queries active: TXT=1 at Thu Jul 12 18:38:27 2007 [94023] dbg: dns: success for 31 of 32 queries [94023] dbg: dns: timeout for after 1 seconds [94023] dbg: async: aborting remaining lookups [94023] dbg: rules: running head tests; score so far=10.189 [94023] dbg: rules: compiled head tests [94023] dbg: rules: running body tests; score so far=10.189 [94023] dbg: rules: compiled body tests [94023] dbg: rules: running uri tests; score so far=10.189 [94023] dbg: rules: compiled uri tests [94023] dbg: rules: running rawbody tests; score so far=10.189 [94023] dbg: rules: compiled rawbody tests [94023] dbg: rules: running full tests; score so far=10.189 [94023] dbg: rules: compiled full tests [94023] dbg: rules: running meta tests; score so far=10.189 [94023] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'PYZOR_CHECK' [94023] info: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [94023] info: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [94023] dbg: rules: meta test BR_ADJUST_1C has undefined dependency 'BR_MAILTO' [94023] info: rules: meta test MULTI_FORGED has dependency 'FORGED_YAHOO_RCVD' with a zero score [94023] dbg: rules: meta test BODY_YAHOO has undefined dependency 'YAHOO3' [94023] dbg: rules: meta test BR_ADJUST_3B has undefined dependency 'BR_LINK_UNSAFE' [94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' [94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' [94023] dbg: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'X_AUTH_WARN_FAKED' [94023] dbg: rules: meta test SARE_FROM_FREE has undefined dependency '__MR_LEGIT_FREE' [94023] dbg: rules: meta test SARE_FROM_FREE has undefined dependency 'ADDR_FREE' [94023] info: rules: meta test CONFIRMED_FORGED has dependency 'FORGED_YAHOO_RCVD' with a zero score [94023] dbg: rules: meta test BR_PRIORITY_SPAM has undefined dependency 'X_PRIORITY_HIGH' [94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' [94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' [94023] dbg: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' [94023] dbg: rules: meta test VIRUS_WARNING_DOOM_BNC has undefined dependency 'VIRUS_WARNING_MYDOOM4' [94023] dbg: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' [94023] dbg: rules: meta test FP_MIXED_PORN3 has undefined dependency 'FP_PENETRATION' [94023] dbg: rules: compiled meta tests [94023] dbg: check: running tests for priority: 1000 [94023] dbg: rules: running head tests; score so far=12.69 [94023] dbg: rules: compiled head tests [94023] dbg: auto-whitelist: sql-based connected to DBI:mysql:mail:localhost [94023] dbg: auto-whitelist: sql-based using username: vscan [94023] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=205.152 [94023] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=205.152 scores 40/469.694 [94023] dbg: auto-whitelist: AWL active, pre-score: 12.69, autolearn score: 12.69, mean: 11.74235, IP: 205.152.59.66 [94023] dbg: auto-whitelist: sql-based add_score: new count: 41, new totscore: 482.384 for [EMAIL PROTECTED]|ip=205.152 [94023] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:mail:localhost [94023] dbg: auto-whitelist: post auto-whitelist score: 12.216175 [94023] dbg: rules: running body tests; score so far=12.216175 [94023] dbg: rules: compiled body tests [94023] dbg: rules: running uri tests; score so far=12.216175 [94023] dbg: rules: compiled uri tests [94023] dbg: rules: running rawbody tests; score so far=12.216175 [94023] dbg: rules: compiled rawbody tests [94023] dbg: rules: running full tests; score so far=12.216175 [94023] dbg: rules: compiled full tests [94023] dbg: rules: running meta tests; score so far=12.216175 [94023] dbg: rules: compiled meta tests [94023] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8e11704) implements 'autolearn_discriminator', priority 0 [94023] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [94023] dbg: learn: auto-learn: message score: 12.216175, computed score for autolearn: 8.369 [94023] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=8.369, head-points=8.369, learned-points=3.5 [94023] dbg: learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam [94023] dbg: check: is spam? score=12.216 required=5 [94023] dbg: check: tests=AWL,BAYES_99,DCC_CHECK,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_C HICKENPOX_41,L_UNVERIFIED_YAHOO,MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PAS S,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS [94023] dbg: check: subtests=__BIGDOLLARSFVGT,__CT,__CTE,__CT_TEXT_PLAIN,__DOS_HAS_ANY_URI,_ _DOS_RCVD_WED,__FB_NUM_PERCNT,__FRAUD_DBI,__FRAUD_LTX,__HAS_ANY_EMAIL,__ HAS_ANY_URI,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__HAVE_B OUNCE_RELAYS,__KAM_LOTTO3,__LOCAL_PP_NONPPURL,__L_FROM_Y5,__MIME_VERSION ,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,_ _MY_SERVERS_FOUND,__NONEMPTY_BODY,__SANE_MSGID,__SARE_FRAUD_FAMILY,__SAR E_FRAUD_FUNWORDS,__SARE_LOTTO_CATEGORY,__SARE_LOTTO_CONGRAT,__SARE_SPEC_ PROLEO5,__SARE_URI_ANY,__SARE_WHITELIST_FLAG,__SEX_WRDS,__TOCC_EXISTS,__ WORD_SEX,__YAHOO3 >From - Wed Jul 11 10:32:15 2007 X-Spam-ASN: AS1239 204.89.241.0/24 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on fl.us.spammertrap.net X-Spam-Level: ************ X-Spam-Status: Yes, score=12.2 required=5.0 tests=AWL,BAYES_99,DCC_CHECK, DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,J_CHICKENPOX_41,L_UNVERIFIED_YAH OO, MILLION_USD,SARE_MILLIONSOF,SPF_HELO_PASS,ST__L_FROM_YAHOO,SUBJ_ALL_CAPS autolearn=no version=3.2.1 X-Spam-Relay-Country: US ** US ** ** X-Spam-Report: * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * 0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails * 2.1 SUBJ_ALL_CAPS Subject is all capitals * 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain * signs some mails * 0.6 J_CHICKENPOX_41 BODY: 4alpha-pock-1alpha * 1.5 MILLION_USD BODY: Talks about millions of dollars * 0.3 SARE_MILLIONSOF BODY: Millions of something. * 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 0.0 ST__L_FROM_YAHOO ST__L_FROM_YAHOO * 2.5 L_UNVERIFIED_YAHOO L_UNVERIFIED_YAHOO * -0.5 AWL AWL: From: address is in the auto white-list _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________