Re: Very strange SA result!

Thu, 03 Dec 2015 06:13:33 -0800 

You are using KAM.cf which isn't a project ruleset.
Please report the issue and a spample at https://raptor.pccc.com/raptor.cgim?template=report_problem 


We can likely look at it quickly and adjust.  However, the fact that SPF 
failed makes me lean towards the fact that the rule fired correctly...


Regards,
KAM

On 12/3/2015 9:07 AM, Jari Fredriksson wrote:


KAM_PAYPAL1 rampant paypal phishing scams

Aarghs!

I found out a mail from paypal as follows:

X-Spam-Status: Yes, score=7.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,

    DKIM_VALID,DKIM_VALID_AU,DKIM_VERIFIED,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE, 


    KAM_PAYPAL1,MIME_HTML_ONLY,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,

    RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_FAIL,T_FILL_THIS_FORM_SHORT,URG_BIZ, 

    URIBL_GREY,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no 
version=3.4.1

X-Spam-Orig-To: <ja...@dise.fi>
X-Spam-Report:

    * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at 
http://www.dnswl.org/, no

    *      trust
    *      [96.47.30.215 listed in list.dnswl.org]
    *  0.4 URIBL_GREY Contains an URL listed in the URIBL greylist
    *      [URIs: ed4.net]
    * -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
    *      [96.47.30.215 listed in wl.mailspike.net]
    *  0.6 URG_BIZ BODY: Contains urgent matter

    * -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM 
white-list
    * -1.4 RP_MATCHES_RCVD Envelope sender domain matches handover 
relay domain

    *  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)

    *      [SPF failed: Please see 
http://www.openspf.net/Why?s=mfrom;id=fdybuw6-6w2q86-ll1e2s-7aamagp-b95mhd-h-m2-20151203-1d62cdfd8632d%40emea.e.paypal.com;ip=212.16.98.57;r=gamecock.fredriksson.dy.fi]

    * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
    *      [score: 0.0000]
    *  1.0 HTML_MESSAGE BODY: HTML included in message

    *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or 
identical to

    *       background
    *  0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

    * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from 
author's

    *       domain
    * -0.0 DKIM_VERIFIED No description available.
    * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

    *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not 
necessarily

    *      valid
    * -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
    *   16 KAM_PAYPAL1 rampant paypal phishing scams
    *  0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
    *      information
X-Spam-Level: *******
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
    gamecock.fredriksson.dy.fi




--
*Kevin A. McGrail*
CEO

Peregrine Computer Consultants Corporation
3927 Old Lee Highway, Suite 102-C
Fairfax, VA 22030-2422

http://www.pccc.com/

703-359-9700 x50 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
kmcgr...@pccc.com <mailto:kmcgr...@pccc.com>























					Reply via email to