Closed DerekWilliamsMusic closed 7 years ago
jcbenton
commented
7 years ago It is not a function of MailScanner not working. Obviously, it is working. MailScanner does not detect spam email. Spamassasin detects spam. MailScanner is the engine that runs it between the different programs such as ClamAV and Spamassassin along with some content checks. If there is a problem with spam detection, it has to do with Spamassassin.
msapiro
commented
7 years ago It looks to me like your issue is with SpamAssassin, not with MailScanner. SpamAssassin is scoring this message as -1.7 points with the following:
-3.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100]
SpamAssassin on my server reports for this message:
Content analysis details: (8.5 points, 5.0 required)
pts rule name description
0.0 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be ASCII but isn't 0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.0 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any anti-forgery methods 1.2 INVALID_MSGID Message-Id is not valid, according to RFC 2822 1.8 MIME_NO_TEXT No (properly identified) text body parts
I get some hits that you don't and have differing scores for others. I don't hit RP_MATCHES_RCVD because of the way I scanned the message, but even if I did, the score would be either -1.05 or -1.5 depending on whether or not networing tests were enabled. As Jerry suggests, you have to ensure your SpamAssassin is up to date and perhaps look into adding some 3rd party rules.
Example below:
On 27/12/2016 19:19, Daniel Montoya wrote:
-------- Forwarded Message -------- Return-path: nenad.colovic@mercata.co.rs Envelope-to: derek@derekwilliams.net Delivery-date: Tue, 27 Dec 2016 19:20:14 +0000 Received: from mail.mercata.co.rs ([217.169.210.229]:40925 helo=vmail.mercata.co.rs) by expresscoach.servers.eqx.misp.co.uk with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from nenad.colovic@mercata.co.rs) id 1cLxIB-0000Uj-CW for derek@derekwilliams.net; Tue, 27 Dec 2016 19:20:14 +0000 Received: from agprn.com (unknown [187.17.106.117]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vmail.mercata.co.rs (Postfix) with ESMTP id A87BF15CAE48 for derek@derekwilliams.net; Tue, 27 Dec 2016 20:19:27 +0100 (CET) Date: Tue, 27 Dec 2016 17:19:25 -0200 To: derek@derekwilliams.net From: Daniel Montoya nenad.colovic@mercata.co.rs Reply-To: Daniel Montoya nenad.colovic@mercata.co.rs Subject: The secret of earning REAL money is finally revealed! Message-ID: cbcf69f4ae11f5f284246eae29a403d4@agprn.com X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_cbcf69f4ae11f5f284246eae29a403d4" Content-Transfer-Encoding: 8bit X-mercatamail-MailScanner-Information: Please contact the ISP for more information X-mercatamail-MailScanner-ID: A87BF15CAE48.A4699 X-mercatamail-MailScanner: Found to be clean X-mercatamail-MailScanner-From: nenad.colovic@mercata.co.rs X-Spam-Status: No X-Spam-Status: No, score=-1.7 X-Spam-Score: -16 X-Spam-Bar: - X-Ham-Report: Spam detection software, running on the system "expresscoach.servers.eqx.misp.co.uk", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: I've never had a notorious materialist and did not pride of place goes to money, but it so happened that fate had chosen me. I was one of few who found the dream job of any lazybones, who dreams about riches like a charm. [...] Content analysis details: (-1.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -3.1 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] X-Spam-Flag: NO
I've never had a notorious materialist and did not pride of place goes to money, but it so happened that fate had chosen me. I was one of few who found the dream job of any lazybones, who dreams about riches like a charm.
Today my mean income is $5,000 per week and I stopped blame myself, I just live as I like and I help nearest and dearest.
For me works BankBot, itâs an amazing program which doesn't need sleep and rest, which does not make mistakes on the background of fatigue, and the main thing â it is only a plus!
I think you are very lucky man, as you just found today this link [ http://bigmoosecompany.com/proxy.php?e=158&ZfetXuGBhVDX1QUmE2Q6=tuM5ymg&HEr=JRG&5i=6t1v ] ! Be of good cheer!
-- This message has been scanned for viruses and dangerous content by MailScanner [ http://www.mailscanner.info/ ] , and is believed to be clean.