spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Marshall" <peter.marsh...@caris.com>
Subject spamassassin scoring message twice
Date Thu, 03 Feb 2005 13:36:18 GMT
I am not sure why it is doing this ... but everytime i get a spam, it looks
like it does the smap rateing twice.  And it gives different scores each
time.  Here is the new header from the last email I got.  Notice how it
looks like spamassassin ran twice.  Any Idea's ???  (yes, my threshhold is
low ... i am just testing what happens when  spam arrives).

------------------------------------------------------
Spam detection software, running on the system "mailtestlx.mydomain.com",
has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
postmaster@caris.com for details.

Content preview:  Spam detection software, running on the system
  "mailtestlx.mydomain.com", has identified this incoming email
  as possible spam. The original message has been attached to this so
  you can view it (if it isn't spam) or label similar future email. If
  you have any questions, see postmaster@caris.com for details. [...]

Content analysis details:   (8.6 points, 3.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 0.5 FROM_ENDS_IN_NUMS      From: ends in numbers
 0.9 PLING_QUERY            Subject has exclamation mark and question mark
-2.8 ALL_TRUSTED            Did not pass through any untrusted hosts
 1.1 FORGED_HOTMAIL_RCVD2   hotmail.com 'From' address, but no 'Received:'
 0.8 BODY_ENHANCEMENT2      BODY: Information on getting larger body parts
 0.2 HTML_TEXT_AFTER_HTML   BODY: HTML contains text after HTML close tag
 0.2 HTML_TEXT_AFTER_BODY   BODY: HTML contains text after BODY close tag
 0.3 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.5 HTML_OBFUSCATE_05_10   BODY: Message is 5% to 10% HTML obfuscation
 1.5 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.2 HTML_90_100            BODY: Message is 90% to 100% HTML
 0.0 HTML_TITLE_EMPTY       BODY: HTML title contains no text
 0.1 MIME_BASE64_TEXT       RAW: Message text disguised using base64
encoding
 0.8 MIME_BASE64_BLANKS     RAW: Extra blank lines in base64 encoding
 1.2 OBFUSCATING_COMMENT    HTML comments which obfuscate text
 3.1 PERCENT_RANDOM         PERCENT_RANDOM

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.




Subject:
???SPAM??? FW: Get it now!
From:
"Joe" <wizard1226@hotmail.com>
Date:
Wed, 02 Feb 2005 22:17:00 -0400
To:
pmarshall@mydomain.com

Spam detection software, running on the system "mailtestlx.mydomain.com",
has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
postmaster@mydomain.com for details.

Content preview:  >From: "Fastest Penis Growth Available" To:
  wizard10@hotmail.com Subject: >Get it now! >Date: Mon, 31 Jan 2005
  09:21:56 -0800 > Nah, it's not what i'm looking for. clickhere . .
  [...]

Content analysis details:   (9.6 points, 3.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 0.5 FROM_ENDS_IN_NUMS      From: ends in numbers
 0.8 BODY_ENHANCEMENT2      BODY: Information on getting larger body parts
 0.2 HTML_TEXT_AFTER_HTML   BODY: HTML contains text after HTML close tag
 0.2 HTML_TEXT_AFTER_BODY   BODY: HTML contains text after BODY close tag
 0.3 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.5 HTML_OBFUSCATE_05_10   BODY: Message is 5% to 10% HTML obfuscation
 1.5 MPART_ALT_DIFF         BODY: HTML and text parts are different
 0.2 HTML_90_100            BODY: Message is 90% to 100% HTML
 0.0 HTML_TITLE_EMPTY       BODY: HTML title contains no text
 0.1 MIME_BASE64_TEXT       RAW: Message text disguised using base64
encoding
 0.8 MIME_BASE64_BLANKS     RAW: Extra blank lines in base64 encoding
 1.2 OBFUSCATING_COMMENT    HTML comments which obfuscate text
 0.0 MSGID_FROM_MTA_HEADER  Message-Id was added by a relay
 3.1 PERCENT_RANDOM         PERCENT_RANDOM
 0.1 MIME_BOUND_NEXTPART    Spam tool pattern in MIME boundary

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

-------------------------------------


Mime
View raw message