problem with spam scoring not counted correctly
Hi,
i'm using Debian stable and recently i noticed a few spam mails getting
through although the combined scores are high enough. It's flagged as
not being spam, the score is set to 3.9 but is actually way higher.
I also encountered something similar when the result of a test was
"nan", anyway, the score was a string instead of a number and that also
resulted in a spam message getting flagged as no spam.
Here is the header report:
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on loki.x.y
X-Spam-Level:
X-Spam-Status: "No, score=3.9 required=4.0 tests=FORGED_MUA_OUTLOOK,
FROM_ILLEGAL_CHARS,MIME_BOUND_DD_DIGITS,MIME_QP_LONG_LINE,MISSING_MIMEOLE,
RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_PROXY,
RCVD_IN_SORBS_SOCKS,RCVD_IN_SORBS_WEB,RCVD_NUMERIC_HELO,
SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,TVD_SPACE_RATIO,UNPARSEABLE_RELAY
autolearn=no version=3.2.3
X-Spam-Report:
* 4.2 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 4.0 FROM_ILLEGAL_CHARS Van: bevat te veel 'raw' tekens
* 1.5 SUBJ_ILLEGAL_CHARS Onderwerp: bevat te veel 'raw' tekens
* 2.3 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 2.6 RCVD_NUMERIC_HELO Received: bevat een numerieke HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 1.8 MIME_QP_LONG_LINE RAW: Quoted-printable regel langer dan 76
* karakters
* 1.7 RCVD_IN_NJABL_PROXY RBL: NJABL: verzender is een open proxy
* [218.206.94.132 listed in combined.njabl.org]
* 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Ontvangen via een relay die gevonden is
* in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?218.206.94.132>]
* 2.0 RCVD_IN_SORBS_WEB RBL: SORBS: verzender is een misbruikbare web
* server
* [218.206.94.132 listed in dnsbl.sorbs.net]
* 0.2 RCVD_IN_SORBS_SOCKS RBL: SORBS: verzender is een open SOCKS proxy
* server
* 1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
* 0.0 MISSING_MIMEOLE Bericht heeft een X-MSMail-Priority, maar geen
* X-MimeOLE
* 4.2 FORGED_MUA_OUTLOOK Vals mailtje, pretendeert afkomstig te zijn van
* MS Outlook
I ran the message through spamassassin again with the -D flag and this
is what i got. Notice the nan score now. Maybe it's that score again
that is the reason why counting the scores didn't work?
* 1.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* nan FROM_ILLEGAL_CHARS Van: bevat te veel 'raw' tekens
* 1.6 SUBJ_ILLEGAL_CHARS Onderwerp: bevat te veel 'raw' tekens
* 2.8 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should
* 2.1 RCVD_NUMERIC_HELO Received: bevat een numerieke HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
* 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable regel langer dan 76
* karakters
* 1.6 RCVD_IN_NJABL_PROXY RBL: NJABL: verzender is een open proxy
* [218.206.94.132 listed in combined.njabl.org]
* 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Ontvangen via een relay die gevonden is
* in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?218.206.94.132>]
* 2.0 RCVD_IN_SORBS_WEB RBL: SORBS: verzender is een misbruikbare web
* server
* [218.206.94.132 listed in dnsbl.sorbs.net]
* 0.8 RCVD_IN_SORBS_SOCKS RBL: SORBS: verzender is een open SOCKS proxy
* server
* 0.0 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
* 0.0 MISSING_MIMEOLE Bericht heeft een X-MSMail-Priority, maar geen
* X-MimeOLE
* 3.1 FORGED_MUA_OUTLOOK Vals mailtje, pretendeert afkomstig te zijn van
* MS Outlook
Why is the score only at 3.9 and thus not flagged as spam?
Thanks,
Benedict
Reply to: