Spamassasin bribed?

Matt Morgan minxmertzmomo at gmail.com
Mon Aug 22 13:42:06 UTC 2005


On 8/22/05, Andy Pieters <mailings at vlaamse-kern.com> wrote:
> Hi all
> 
> I'm just wondering how come that when I get email I'm subscribed to, that
> occasionally contains a publicity à la "get rich quick", it is promptly
> junked by spam assasin, but each and every message containing some biblic
> passages accompagnied by a very dirty photo, gets delivered to my inbox, even
> though the subject of the message frequently contains "dirty" "slut" "wet
> pussy" and the likes of that.
> 
> Anybody know what's going on?

What are the SpamAssassin scores on those messages? SA ranks spam
according to a lot of different factors, both plus and minus, and
calls spam spam only if the score passes a threshold you've set. For
example, here are the SA headers from a really very spammy message I
got lately:

X-Spam-Level: ******************
X-Spam-Status: Yes, score=18.4 required=5.0 tests=FROM_HAS_MIXED_NUMS,
     INVALID_MSGID,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,
     RCVD_IN_XBL,SAVE_THOUSANDS,URIBL_AB_SURBL,URIBL_JP_SURBL,
     URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL autolearn=spam version=3.0.4
X-Spam-Report:
     * 0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
     * 1.9 SAVE_THOUSANDS BODY: Save big money
     * 1.0 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
     * [66.63.236.238 listed in combined.njabl.org]
     * 2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
     * [66.63.236.238 listed in sbl-xbl.spamhaus.org]
     * 2.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
     * [<http://dsbl.org/listing?66.63.236.238>]
     * 1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
     * [Blocked - see <http://www.spamcop.net/bl.shtml?66.63.236.238>]
     * 0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
     * [URIs: swissreplicasrwonderful.com]
     * 2.0 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
     * [URIs: swissreplicasrwonderful.com]
     * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
     * [URIs: swissreplicasrwonderful.com]
     * 0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
     * [URIs: swissreplicasrwonderful.com]
     * 2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
     * [URIs: swissreplicasrwonderful.com]
     * 1.4 INVALID_MSGID Message-Id is not valid, according to RFC 2822

I don't know how SA scores stuff, except by reading the above scoring
messages. Maybe biblical text counts as a negative (ie, non-spammy)
toward the threshold. But if you have your threshold set low enough
(you can see from the above, I set mine to 5.0, and the message above
scored 18+) you'll catch them anyway.

--Matt




More information about the fedora-list mailing list