On 2021-04-27 18:51, Steve Dondley wrote:
Got this: https://pastebin.com/Gfz951dh
Spam report:
Content analysis details: (-2.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.5 RCVD_IN_HOSTKARMA_W RBL: Sender listed in HOSTKARMA-WHITE
[185.41.28.7 listed in
hostkarma.junkemailfilter.com]
-1.0 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from
author\'s domain
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen
list
manager
2.0 LOCAL_SPAM_TLD Domain originates a lot of spam
Looks like it's coming from some kind of bulk mail service which is
whitelisted. Even after training with bayes, it will still be a false
negative.
Any ideas on the best way to tackle these kinds of fake order spam?
add 3 to local_spam_tld, so bayes does not learn it as ham
autolearnthreshold is -0.1, alternative set this lower to force lesss
ham larning in bayes
impressed that spamassassin still have it as ham
http://multirbl.valli.org/lookup/185.41.28.7.html
https://spamassassin.apache.org/full/3.3.x/doc/Mail_SpamAssassin_Plugin_AutoLearnThreshold.html
all the best
