Package: spamassassin
Version: 3.0.2-1
Severity: normal
The ALL_TRUSTED rule is firing on much of the spam coming in to my
server. This has a -3.3 score assigned by default.
Here's an example set of headers (including the spamassassin report) for
a spam message:
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED],
[EMAIL PROTECTED]
Received: from [61.52.78.187] (helo=64.26.176.14)
by pyloric.projectile.ca with smtp (Exim 4.34)
id 1CqZBF-0001JN-Hv; Mon, 17 Jan 2005 10:52:57 -0500
from: "Jeffry Thornton" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Chaep n sceure
Date: Mon, 17 Jan 2005 18:50:27 +0300
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----81278193136110956"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcTvBtvuTKhRDcWvRGOd7oYCKcKsmg==
X-Broken-Reverse-DNS: no host name found for IP address 61.52.78.187
X-Spam-Projectile: (************) 12.9, autolearn=no
1.7 SARE_RECV_IP_061052 Spam passed through possible spammer
relay
1.7 SARE_MSGID_EMPTY Message ID is empty, or just spaces
-3.3 ALL_TRUSTED Did not pass through any untrusted hosts
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
1.9 BAYES_99 BODY: Bayesian spam probability is 99 to
100%
[score: 1.0000]
0.0 HTML_90_100 BODY: Message is 90% to 100% HTML
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[61.52.78.187 listed in dnsbl.sorbs.net]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: amuralokastu.com]
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
[URIs: amuralokastu.com]
4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
[URIs: amuralokastu.com]
It looks like this is related to spamassassin bug #3949:
http://bugzilla.spamassassin.org/show_bug.cgi?id=3949
If it is, that implies that spamassassin isn't parsing the Received
header correctly -- I'm running exim4-daemon-heavy 4.34-10 from Sarge.
Anyway, at the very least, I think you should maybe score ALL_TRUSTED
down to 0 until upstream fixees 3949.
- Marc
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages spamassassin depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libdigest-sha1-perl 2.10-1 NIST SHA-1 message digest algorith
ii libhtml-parser-perl 3.36-1 A collection of modules that parse
ii perl [libstorable-perl] 5.8.4-5 Larry Wall's Practical Extraction
ii spamc 3.0.2-1 Client for SpamAssassin spam filte
-- debconf information:
spamassassin/upgrade/2.40:
spamassassin/upgrade/2.40w:
spamassassin/upgrade/cancel: Continue
spamassassin/upgrade/2.42m: No
spamassassin/upgrade/2.42u: No
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
