On 20.02.17 08:58, David Niklas wrote:
I have had a wonderful experience filtering spam with spamassassin.
However, within the past few weeks (since feb 7th, I think), I have gotten
a number of messages that have been normal but marked as spam.
It may be those that I am speaking with and what they do to their mail,
then again, maybe not.
I'm attaching a message I got from firefly, a Chinese company. I have
more samples, but I'm not too clear on how to tell which message goes
with which record in my logs.
Ultimately, I aught to be able to figure out on my own which rule(s), if
any, are too harsh, but I've never done this before and could use a hand.
I have not altered the message at all. Here is the log record which I've
edited to remove identifying information:
Feb 18 04:24:46 [spamd] spamd: connection from ulgy_thing
[127.0.0.1]:38282 to port 783, fd 5_ Feb 18 04:24:46 [spamd] spamd:
setuid to me succeeded_ Feb 18 04:24:46 [spamd] spamd: checking message
<201702181220.d3d7dc515...@account.t-firefly.com> for me:1000_ Feb 18
04:24:53 [spamd] spamd: identified spam (6.9/5.0) for me:1000 in 6.7
seconds, 4240 bytes._ Feb 18 04:24:53 [spamd] spamd: result: Y 6 -
AWL,BAYES_00,CHARSET_FARAWAY_HEADER,FROM_EXCESS_BASE64,HTML_MESSAGE,MIME_CHARSET_FARAWAY,MIME_HTML_ONLY,RCVD_IN_MSPIKE_H2,RDN
S_NONE,URIBL_BLOCKED
scantime=6.7,size=4240,user=me,uid=1000,required_score=5.0,rhost=ulgy_thing,raddr=127.0.0.1,rport=38282,mid=<201702181220.d3d7dc515474@ac
count.t-firefly.com>,bayes=0.000000,autolearn=no autolearn_force=no_
Return-Path: <m...@t-firefly.com>
Received: from lucky1.263xmail.com ([211.157.147.135]) by mx.mail.com
(mxgmxus006 [74.208.5.22]) with ESMTPS (Nemesis) id 0Lsgwh-1cGI6L0p8j-012IBS
for <do...@mail.com>; Sat, 18 Feb 2017 05:24:24 +0100
Received: from mail?t-firefly.com (unknown [192.168.167.239])
by lucky1.263xmail.com (Postfix) with ESMTP id 925056C9
for <do...@mail.com>; Sat, 18 Feb 2017 12:24:19 +0800 (CST)
1. I don't see X-Spam-Status: here.
what's the score of AWL? (it's different with every mail).
This can be hidden culprit
2. confighure your MTA to recolve reverse DNS - 211.157.147.135 DOES have
valid fcrdns, but your MTA did not resolve it.
others said about MIME_CHARSET_FARAWAY amd URIBL_BLOCKED
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler
