spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From geoff.sa_users_161...@alphaworks.co.uk
Subject Re: Spam with attachments and UNPARSEABLE_RELAY
Date Mon, 05 Dec 2016 22:23:04 GMT
On 24/11/2016 13:09, RW wrote:
> On Thu, 24 Nov 2016 11:33:19 +0100
> Axb wrote:
>
>> On 11/24/2016 11:23 AM, Geoff Soper wrote:
>>> For a few weeks I've been suffering spam messages with attachments
>>> getting through with a suspicious score of 0.0. Upon inspection,
>>> they all had the following lines in the header:
>>>
>>> ...
>>> X-Spam-Status: No, score=0.0 required=3.0 tests=UNPARSEABLE_RELAY
>>>      autolearn=unavailable version=3.3.2
> Do you normally have a BAYES_* result in  X-Spam-Status? I think that
> autolearn=unavailable implies that Bayes is configured to be on.
>
> Try running one of these through spamassassin -D bayes
>
> If you haven't already done it, set "bayes_auto_expire 0" and instead
> run "sa-learn --force-expire" from cron (as the correct user).
>
>
OK, blindly following your suggestion yielded the following; does it 
tell you anything?

Thanks!

-bash-3.2$ spamassassin -D bayes "Important Information.eml"
Dec  5 22:20:11.796 [30090] dbg: bayes: learner_new 
self=Mail::SpamAssassin::Plugin::Bayes=HASH(0xaa859f0), 
bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
Dec  5 22:20:11.803 [30090] dbg: bayes: learner_new: got 
store=Mail::SpamAssassin::BayesStore::DBM=HASH(0xacfea30)
Dec  5 22:20:11.804 [30090] dbg: bayes: tie-ing to DB file R/O 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_toks
Dec  5 22:20:11.804 [30090] dbg: bayes: tie-ing to DB file R/O 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_seen
Dec  5 22:20:11.804 [30090] dbg: bayes: found bayes db version 3
Dec  5 22:20:11.804 [30090] dbg: bayes: DB journal sync: last sync: 0
Dec  5 22:20:11.805 [30090] dbg: bayes: not available for scanning, only 
0 spam(s) in bayes DB < 200
Dec  5 22:20:11.805 [30090] dbg: bayes: untie-ing
Dec  5 22:20:11.807 [30090] dbg: bayes: tie-ing to DB file R/O 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_toks
Dec  5 22:20:11.807 [30090] dbg: bayes: tie-ing to DB file R/O 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_seen
Dec  5 22:20:11.808 [30090] dbg: bayes: found bayes db version 3
Dec  5 22:20:11.808 [30090] dbg: bayes: DB journal sync: last sync: 0
Dec  5 22:20:11.808 [30090] dbg: bayes: not available for scanning, only 
0 spam(s) in bayes DB < 200
Dec  5 22:20:11.808 [30090] dbg: bayes: untie-ing
Dec  5 22:20:12.710 [30090] dbg: bayes: tie-ing to DB file R/W 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_toks
Dec  5 22:20:12.710 [30090] dbg: bayes: tie-ing to DB file R/W 
/var/www/vhosts/alphaworks.co.uk/.spamassassin/bayes_seen
Dec  5 22:20:12.711 [30090] dbg: bayes: found bayes db version 3
Dec  5 22:20:12.711 [30090] dbg: bayes: 
38b0ea13de18c1493d348447e5778b92e3bb542b@sa_generated already learnt 
correctly, not learning twice
Dec  5 22:20:12.711 [30090] dbg: bayes: untie-ing
Dec  5 22:20:12.711 [30090] dbg: bayes: files locked, now unlocking lock
Return-Path: <Mendez.Derrick@cncvacation.com>
X-Spam-Relays-External:
X-Spam-Relays-Untrusted:
X-Spam-Flag: NO
X-Spam-Status: No, Score=0.0
X-Spam-Report:
         *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable 
relay lines
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
         server.alphaworks.co.uk
X-Spam-Score: 0.0
X-Original-To: <removed>@alphaworks.co.uk
Delivered-To: <removed>@alphaworks.co.uk
X-No-Auth: unauthenticated sender
Received: (nullmailer pid 84240 invoked by uid 0334909);
         Fri, 25 Nov 2016 18:15:24 +0700
X-No-Auth: unauthenticated sender
Received: from internal (unknown [x.x.x.x])
Received: (nullmailer pid 84240 invoked by uid 0334909);
         Fri, 25 Nov 2016 18:15:24 +0700
To: <<removed>@alphaworks.co.uk>
Subject: *** VIRUS ***Important Information
X-PHP-Originating-Script: 0334909:SendMail.class.php
From: "Derrick Mendez" <Mendez.Derrick@cncvacation.com>
Date: Fri, 25 Nov 2016 18:15:24 +0700
MIME-Version: 1.0
Content-Type: multipart/related; boundary="e161521dd66255192e4d83eb2e8a112f"
Message-Id: <7009914603.543683.47189.SendMail@alphaworks.co.uk>
X-Procmail-Alphaworks-Geoff: 27/01/2014
X-Procmail-HeaderInclude: 27/01/2014
X-Procmail-Alphaworks-Whitelist: 27/01/2014
X-Procmail-DomainInclude: 27/01/2014
X-Procmail-Alphaworks-Blacklist: 27/01/2014
X-Procmail-BounceInclude: 27/01/2014
X-Procmail-DotInclude: 25/12/2009
X-Procmail-SpamAssassinInclude: 25/12/2009
X-Procmail-FooterInclude: 25/12/2009
X-Antivirus: avast! (VPS 161124-7, 24/11/2016), Inbound message
X-Antivirus-Status: Infected
X-Attachment: payment_<removed>.zip#2742364094|>HQ9eug679i3l.js Virus: 
JS:LockyDownloader [Trj] Deleted

--e161521dd66255192e4d83eb2e8a112f
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Dear <removed>, your payment was not processed due to the =
problem with credentials.
Payment details are in the attached document.

Please check it out as soon as possible.
--e161521dd66255192e4d83eb2e8a112f--

-bash-3.2$


Mime
View raw message