https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7087
--- Comment #4 from Rafal Ramocki <[email protected]> --- I'm searching this kind of messages but since there are hits from online tests now there are different results. But please find an attachments with sample messages. Attachment "Message1" whitch includes message I've received in one of systems. This message has DKIM signature with domain communicationfresh.com whitch is processed by URIBL. Today this hits following rules in 3.3.2 that are not hit on trunk conde: 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: communicationfresh.com] 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: communicationfresh.com] 1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: communicationfresh.com] 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: communicationfresh.com] 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: communicationfresh.com] --- Total: 7.8. Generaly in my SA 3.3.2 got hit by 12.0 points and trunk SA rated it as 4.3. Full reports are as follows 3.3.2: ---- ---------------------- ------------------------------------------- 2.6 RCVD_IN_SBL RBL: Otrzymano przez relay listowany w Spamhaus Block List [96.45.22.83 listed in zen.spamhaus.org] 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [96.45.22.83 listed in bb.barracudacentral.org] 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist [URIs: communicationfresh.com] 1.8 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: communicationfresh.com] 1.7 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: communicationfresh.com] 1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: communicationfresh.com] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: communicationfresh.com] 0.0 HTML_MESSAGE BODY: Wiadomo�� zawiera kod HTML 0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP 0.0 T_SURBL_MULTI1 T_SURBL_MULTI1 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid Trunk: ---- ---------------------- ------------------------------------------- 2.6 RCVD_IN_SBL RBL: Otrzymano przez relay listowany w Spamhaus Block List [96.45.22.83 listed in zen.spamhaus.org] 1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available. [96.45.22.83 listed in bb.barracudacentral.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_BACN_URI_001 URI: Bulk fingerprint 0.0 HTML_MESSAGE BODY: Wiadomo�� zawiera kod HTML 0.0 T_KHOP_DYNAMIC Relay looks like a dynamic address 0.0 T_KHOP_BOTNET_UNCLEAN Relay looks like a dynamic address 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid -0.0 T_NOT_A_PERSON List, replier, bot, etc. Filters: skip auto-reply Message "Message2" at the time of passing was processsed by two SA's. This email got hit 12 points by in 3.3.2 and only 4.922 in 3.4 Sep 18 12:04:42 xen165 spamd[18350]: spamd: result: Y 12 - BAYES_80,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_DYNAMIC,SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM And 4.922 in 3.4: BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31, RCVD_IN_SORBS_DUL=0.001, RCVD_IN_XBL=0.375, SPF_FAIL=0.001 As You see there are 7 points of difference in this example email. Differences are in BAYES (40 vs 80) + 2.5 points but it's just training not difference. Still remains 4,2 point hit by URIBL. The from following tests: 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: mailrugate1.ru] 2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist [URIs: mailrugate1.ru] As You see from my point of view this blacklists are usefull. -- You are receiving this mail because: You are the assignee for the bug.
