spamassassin record score?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Folks,

But I've got a question: what's the highest spam score anybody has seen
spamassassin assign any particular email (without local fudging for
"I never wanna hear from this guy again")?

I only keep a month's worth of spam in my just-in-case-it-isn't-spam
folders and so far, the highest score I've seen is 69.0.  Can anybody
top that, and if so, could you post the X-spam-* headers?

In part, [email protected] spammed:
   > From [email protected]  Tue Jan 30 09:39:55 2007
   > Return-Path: <[email protected]>
   > X-Spam-Flag: YES
   > X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on sos
   > X-Spam-Level: **************************************************
   > X-Spam-Status: Yes, score=69.0 required=5.0 tests=BAYES_99,DIGEST_MULTIPLE,
   >         DNS_FROM_SECURITYSAGE,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,
   >         FORGED_OUTLOOK_TAGS,FROM_ILLEGAL_CHARS,HEAD_ILLEGAL_CHARS,HTML_90_100,
   >         HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
   >         HTML_SHORT_LINK_IMG_1,KOREAN_UCE_SUBJECT,MIME_HTML_ONLY,
   >         MIME_HTML_ONLY_MULTI,MSGID_RANDY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,
   >         RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_DOUBLE_IP_SPAM,
   >         RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_WHOIS_BOGONS,
   >         RCVD_IN_XBL,RCVD_NUMERIC_HELO,SPF_FAIL,SUBJ_ILLEGAL_CHARS,
   >         URIBL_AB_SURBL,URIBL_SC_SURBL autolearn=spam version=3.1.7
   > X-Spam-Report: 
   >         *  3.1 KOREAN_UCE_SUBJECT Subject: contains Korean unsolicited email tag
   >         *  4.1 FROM_ILLEGAL_CHARS From: has too many raw illegal characters
   >         *  4.3 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters
   >         *  4.0 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but
   >         *      should
   >         *  1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
   >         *  1.1 SPF_FAIL SPF: sender does not match SPF record (fail)
   >         *      [SPF failed: Please see http://www.openspf.org/why.html?sender=view111%40empas.com&ip=211.222.236.197&receiver=sos]
   >         *  1.6 HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters
   >         *  0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
   >         *  0.0 HTML_MESSAGE BODY: HTML included in message
   >         *  3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
   >         *  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
   >         *      [score: 1.0000]
   >         *  0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
   >         *  1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
   >         *      above 50%
   >         *      [cf: 100]
   >         *  0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
   >         *  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
   >         *      [cf: 100]
   >         *  3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
   >         *  2.4 RCVD_IN_WHOIS_BOGONS RBL: CompleteWhois: sender on bogons IP block
   >         *      [185.197.134.152 listed in combined-HIB.dnsiplists.completewhois.com]
   >         *  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
   >         *      [Blocked - see <http://www.spamcop.net/bl.shtml?211.222.236.197>]
   >         *  3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
   >         *      [211.222.236.197 listed in sbl-xbl.spamhaus.org]
   >         *  1.5 DNS_FROM_SECURITYSAGE RBL: Envelope sender in
   >         *      blackholes.securitysage.com
   >         *  3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
   >         *      [URIs: mireene.com]
   >         *  4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
   >         *      [URIs: mireene.com]
   >         *  2.9 MSGID_RANDY Message-Id has pattern used in spam
   >         *  3.7 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP) found
   >         *  0.8 DIGEST_MULTIPLE Message hits more than one network digest check
   >         *  2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
   >         *  1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
   >         *  2.5 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
   >         *  0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
   >         *      parts
   >         *  0.9 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
   >         *  4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

Thanks,

-S


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux