I get various posts from US-CERT none so far have been tagged as spam until today. The raw message with the SA tags is here - https://pastebi n.com/f71A2FfW What it hit on was:
pts rule name description ---- ---------------------- ----------------------------------------- --------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/ , no trust [208.42.190.173 listed in list.dnswl.org] 5.0 BOTNET Relay might be a spambot or virusbot [botnet0.8,ip=208.42.190.173,maildomain=ncas.us- cert.gov,nordns] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DCC_CHECK_NEGATIVE Not listed in DCC 2.2 DCC_CHECK listed in DCC (http://rhyolite.com/anti-spa m/dcc/) 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 5.5 KAM_STOCKTIP Email Contains Pump & Dump Stock Tip 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS -4.3 AWL AWL: Adjusted score from AWL reputation of From: address I've added the address us-c...@ncas.us-cert.gov to the AWL and reran the message through SA which helped Content analysis details: (-47.7 points, 5.0 required) pts rule name description ---- ---------------------- ----------------------------------------- --------- -0.0 NO_RELAYS Informational: message was not relayed via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 HTML_MESSAGE BODY: HTML included in message 5.5 KAM_STOCKTIP Email Contains Pump & Dump Stock Tip 1.0 STOCK_TIP Stock tips -52 AWL AWL: Adjusted score from AWL reputation of From: address -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 17:41:40 up 7 days, 24 min, 1 user, load average: 0.08, 0.22, 0.26 Description: Ubuntu 16.04.2 LTS, kernel 4.4.0-77-generic
signature.asc
Description: This is a digitally signed message part
