So after initial learning it looks better now. (BAYES_50)
When sendmail sends email to procmail and procmail passes it to spam
assassin, does spam assassin runs as root user or as the user the email
is destined to?
I run the sa-learn as root user and it seems like this is the data based
that is being used so it would be global data base used for all mail
users?
X-Spam-Flag: YES
X-Spam-Level: ************
X-Spam-Status: Yes, score=12.9 required=5.0 tests=BAYES_50,FROM_12LTRDOM,
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_BL,
RCVD_IN_MSPIKE_L5,RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,
URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.4.0
X-Spam-Report:
* 1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: curingaidtrade.com]
* 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: curingaidtrade.com]
* 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
* [95.128.19.6 listed in bb.barracudacentral.org]
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
* [URIs: curingaidtrade.com]
* 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [95.128.19.6 listed in zen.spamhaus.org]
* 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: curingaidtrade.com]
* 2.4 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
* [95.128.19.6 listed in bl.mailspike.net]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5000]
* 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
* 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
* 0.1 FROM_12LTRDOM From a 12-letter domain
> On Fri, 30 Oct 2015, [email protected] wrote:
>
>> thx, that explains the issue.
>> I setup a dns server outside the amazon server.
>> Now, i can finally do the lookup:
>> root@aws:~# host -tTXT 2.0.0.127.multi.uribl.com
>> 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
>>
>> X-Spam-Flag: YES
>> X-Spam-Level: *******
>> X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_00,
>>
>> HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,
>>
>> RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,SPF_HELO_PASS,
>> SPF_PASS,URIBL_BLACK,URIBL_DBL_SPAM autolearn=disabled version=3.4.0
>> X-Spam-Report:
>> * 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
>> * [URIs: yokooo.com]
>> * 1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
>> * [208.80.12.43 listed in bb.barracudacentral.org]
>> * -0.0 SPF_PASS SPF: sender matches SPF record
>> * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
>> * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
>> * [score: 0.0000]
>> * 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
>> * 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
>> identical to
>> * background
>> * 0.0 HTML_MESSAGE BODY: HTML included in message
>> * 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
>> * [cf: 100]
>> * 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
>> level
>> * above 50%
>> * [cf: 100]
>> * 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
>> * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
>> * [URIs: yokooo.com]
>
> Bravo! Now all you need to do is wipe and retrain your Bayes database with
> known-good corpora to get rid of that BAYES_00.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> [email protected] FALaholic #11174 pgpk -a [email protected]
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> ...the Fates notice those who buy chainsaws...
> -- www.darwinawards.com
> -----------------------------------------------------------------------
> Tomorrow: Halloween
>
