I'm running version 2, 5.15.
A scam email came through and I was wondering if anyone can tell me why.
Log output:
Aug-27-08 06:09:46 id-81383-15461 [Worker_1] 72.14.246.249 <[EMAIL PROTECTED]
> to: [EMAIL PROTECTED] DKIM-signature found
Aug-27-08 06:09:50 id-81383-15461 [Worker_1] [NoProcessing]
72.14.246.249 <[EMAIL PROTECTED]> to: [EMAIL PROTECTED]
message proxied without processing - (attachments unchecked) [Re
Assalam to you Kindly Get Back To Me for more details]
If I copy the body of the email into the mail Analyzer section it
correctly says that it is spam:
Feature Matching:
• is in CountryCache: status=
• has a Griplist value of 0.896764: (adds 0.896764 0.896764)
Bayesian Analysis:
Bad Words Bad Prob Good Words Good Prob
of nigeria 1.0000
this funds 1.0000
government of 1.0000
of finance 0.9999
the former 0.9998
will ever 0.9997
and deposited 0.9997
your compensation 0.9996
foreigner who 0.9995
in various 0.9995
the nigerian 0.9994
confiscated all 0.9993
nigeria has 0.9993
assist him 0.9990
general of 0.9989
the republic 0.9988
invest the 0.9988
nigeria for 0.9986
the federation 0.9985
of contacting 0.9984
nigerian government 0.9977
funds he 0.9975
Totals: 1.0000 1.0000 1.0000 1.0000 0.9999 0.9998 0.9997 0.9997 0.9996
0.9995 0.9995 0.9994 0.9993 0.9993 0.9990 0.9989 0.9988 0.9988 0.9988
0.9986 0.9985 0.9984 0.9977 0.9975 0.9975 0.9966 0.9956 0.9949 0.9942
0.9942 0.9942
Spam Probability:
probability: 1.0000
If I forward the email to [EMAIL PROTECTED] (complete with
headers) it comes back saying it is OK:
Subject: Re;Assalam to you ........Kindly Get Back To Me for more
details!!
Connecting IP: 127.0.0.1
Connecting HELO: ag-out-0708.google.com
Feature Matching:
Not a Valid Format of HELO: 'ag-out-0708.google.com
IP 127.0.0.1 is in PB White
IP 127.0.0.1 is in Accept All Mail (127.0.0.1)
127.0.0 has a Griplist value of 0.961119: (adds 0.961119 0.961119)
Bayesian Analysis:
Bad Words:Bad Prob Good Words:Good Prob
47 am:0.0004
assp-nospam 27:0.0018
com mail.bordo.com.au:0.0026
subject re:0.0029
est received:0.0032
date from:0.0032
26 aug:0.0041
localhost 127.0.0.1:0.0041
10 26:0.0046
09 50:0.0061
mime-version content-type:0.0072
27 august:0.0072
54 1000:0.0072
delivered-to href:0.0085
am to:0.0090
09 47:0.9902
09 43:0.0126
au received:0.0126
com date:0.0129
live.fr rcpt:0.9848
1000 received:0.0159
09 41:0.0159
Totals: 0.0004 0.0018 0.0026 0.0029 0.0032 0.0032 0.0032 0.0041 0.0041
0.0041 0.0041 0.0046 0.0061 0.0072 0.0072 0.0072 0.0085 0.0090 0.9902
0.9902 0.0126 0.0126 0.0129 0.9848 0.0159 0.0159 0.0159 0.0159 0.0162
0.0206 0.0276
Spam/Ham Probabilities:
Spam Probability:
probability 0.0000
X-Assp-Spf: pass ip=72.14.246.249 [EMAIL PROTECTED]
helo=ag-out-0708.google.com
Notice that it has only looked the header section!
If I forward the email to [EMAIL PROTECTED] without the headers,
then it returns the same as when I pasted the body into the web
interface's Mail Analyzer. (ie Spam Probability of 1.0000).
Thanks,
James.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
