Spamassasin bribed?
Matt Morgan
minxmertzmomo at gmail.com
Mon Aug 22 13:42:06 UTC 2005
On 8/22/05, Andy Pieters <mailings at vlaamse-kern.com> wrote:
> Hi all
>
> I'm just wondering how come that when I get email I'm subscribed to, that
> occasionally contains a publicity à la "get rich quick", it is promptly
> junked by spam assasin, but each and every message containing some biblic
> passages accompagnied by a very dirty photo, gets delivered to my inbox, even
> though the subject of the message frequently contains "dirty" "slut" "wet
> pussy" and the likes of that.
>
> Anybody know what's going on?
What are the SpamAssassin scores on those messages? SA ranks spam
according to a lot of different factors, both plus and minus, and
calls spam spam only if the score passes a threshold you've set. For
example, here are the SA headers from a really very spammy message I
got lately:
X-Spam-Level: ******************
X-Spam-Status: Yes, score=18.4 required=5.0 tests=FROM_HAS_MIXED_NUMS,
INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,
RCVD_IN_XBL,SAVE_THOUSANDS,URIBL_AB_SURBL,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL autolearn=spam version=3.0.4
X-Spam-Report:
* 0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
* 1.9 SAVE_THOUSANDS BODY: Save big money
* 1.0 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
* [66.63.236.238 listed in combined.njabl.org]
* 2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [66.63.236.238 listed in sbl-xbl.spamhaus.org]
* 2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [<http://dsbl.org/listing?66.63.236.238>]
* 1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?66.63.236.238>]
* 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: swissreplicasrwonderful.com]
* 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
* [URIs: swissreplicasrwonderful.com]
* 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: swissreplicasrwonderful.com]
* 0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: swissreplicasrwonderful.com]
* 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: swissreplicasrwonderful.com]
* 1.4 INVALID_MSGID Message-Id is not valid, according to RFC 2822
I don't know how SA scores stuff, except by reading the above scoring
messages. Maybe biblical text counts as a negative (ie, non-spammy)
toward the threshold. But if you have your threshold set low enough
(you can see from the above, I set mine to 5.0, and the message above
scored 18+) you'll catch them anyway.
--Matt
More information about the users
mailing list