Spam Assassin settings issue

General discussions and other topics.
8 posts Page 1 of 1
by bobrk » Thu Dec 10, 2020 12:14 pm
I have my Spam Assassin settings at 1.5 "hits", but I see email going into my Greymail with a 1.9 score. It seems to be primarily from a google groups list that has been fine for quite some time. But a 1.9 should go through to my mail box, right?

What's up with that?
by bobrk » Wed Dec 16, 2020 9:26 am
By the silence, I'm guessing I'm the only one with this issue. Anywho, it seems to have cleared up, with my spam filtering working normally.
by briancw » Wed Dec 16, 2020 11:23 am
Hi bobrk,

We really apologize for the delay in response here. It is correct that there was no outage or known issue with the spamfiltering in the past few days. That being said, if the emails are getting placed in Greymail might have triggered a blacklist entry. I'd like to try and nail down what happened here. That'll need to be by checking the logs. Could you do me a favor and get me the details of some of these emails that were incorrectly flagged. Just direct message me the following for one or more of the problem emails:
The sender of the email
The email it got sent to
The time it got sent

With those I should be able to nail down how they got flagged as Greymail. It might be a bit of a bug we have on our hands here.

Until then,
Brian W
Community & Escalations Specialist
Sonic
by bobrk » Wed Dec 16, 2020 1:13 pm
Those emails are long gone. When I see the problem again, I'll post the email...
by bobrk » Mon Dec 21, 2020 1:52 pm
Looks like I got one that should have gone through. Here is the raw source showing the score of 2.1, which is way more than the 1.5 required to go through...

Code: Select all

Received: from localhost by f.spam.sonic.net
   with SpamAssassin (version 3.4.3);
   Mon, 21 Dec 2020 10:17:50 -0800
From: =?utf-8?Q?Internet=20Archive?= <info@archive.org>
To: <bob@bobrk.com>
Subject: =?utf-8?Q?The=20Library=20Is=20Open?=
Date: Mon, 21 Dec 2020 18:17:39 +0000
Message-Id: <38bd6154386f64fcd92204a25.ceebb69cbd.20201221181725.5cf13e29d4.32a5906e@mail63.wdc01.mcdlv.net>
X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on f.spam.sonic.net
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Status: Yes, score=2.1 required=1.5 tests=DCC_CHECK,DKIMWL_WL_MED,
   DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,
   LOTS_OF_MONEY,MIME_QP_LONG_LINE,SNF4SA,SONIC_CA,SPF_HELO_NONE,
   T_KAM_HTML_FONT_INVALID,URIBL_GREY autolearn=disabled version=3.4.3
X-Spam-SNF-Result: 0 (Standard White Rules)
X-Spam-MessageSniffer-Scan-Result:
X-Spam-MessageSniffer-Rules:
   0-0-0-32767-c
X-Spam-GBUdb-Analysis:  1, 205.201.129.63, Ugly c=0.291963 p=-0.176471 Source
   Normal
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5FE0E6CE.66B622C9"

This is a multi-part message in MIME format.

------------=_5FE0E6CE.66B622C9
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Sonic's AntiSpam detection systems have identified this email as
possible spam.  The original message has been attached to this report
so you can view it (if it isn't spam.)  If this is a false positive,
you may want to whitelist the sender or messages subject using our
member tools.

For more information see
https://help.sonic.com/hc/en-us/articles/236079227-Spam-FAQ

To access messages in your Graymail see
https://members.sonic.net/email/graymail/

To manage your E-Mail filter and delivery options see
http://members.sonic.net/email/

If you have any questions, see support@sonic.net for details.

Content preview:  Plus, more works added to the public domain, a star-studded
   new collection, and why memory is more important than ever. https://archive.org
   ** December 2020 ** Browsing the Archive

Content analysis details:   (2.1 points, 1.5 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.1 URIBL_GREY             Contains an URL listed in the URIBL greylist
                            [URIs: forward-to-friend.com]
 0.1 SONIC_CA               BODY: No description available.
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                            mail domains are different
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or
                            Formatted Colors in HTML
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76
                            chars
-0.5 SNF4SA                 Message Sniffer
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                            valid
-0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 1.1 DCC_CHECK              Detected as bulk mail by DCC (dcc-servers.net)
 0.0 LOTS_OF_MONEY          Huge... sums of money
-0.0 DKIMWL_WL_MED          DKIMwl.org - Medium trust sender

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_5FE0E6CE.66B622C9
by briancw » Mon Dec 21, 2020 3:05 pm
Hi Bobrk,

After rereading all this, I think we might have gotten our wires crossed. Spamassassin will send something to Greymail if it has a score above the threshold. That means, if you have your score set to 1.5 anything with a score of lower than 1.5 will get passed to the regular inbox and everything 1.5 and above goes into Greymail. In this case that email should have gone to Greymail based on it's score.

I apologize I misunderstood the initial question.
Brian W
Community & Escalations Specialist
Sonic
by bobrk » Mon Dec 21, 2020 3:25 pm
Ok, I wasn't sure if I got that turned around or not. And I run my so I have to whitelist most senders, so this is fine. Thanks, sorry for the confusion.
by evelyn » Fri Jan 29, 2021 2:21 pm
Hey, I know I need to get a life but Spam Assassin is letting spam come in to my regular inbox with a score of 79.0 or 65.0 or similar, way above what the supposed spam limit is. When spams come in to my regular inbox, I do a "show source", find the return email address, copy it, and put it in my blacklist (with asterisks, etc) so that this doesn't happen again.

Still, I'm just very annoyed and wanted to let Sonic know that this has been happening a lot in the past few months.
8 posts Page 1 of 1

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 2 guests