spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <>
Subject What Rules Am I Missing
Date Thu, 21 Nov 2019 18:02:37 GMT
I recently migrated SA to a new environment with a clean install.  I 
added the KAM rules and a short rules file of my own. But I'm obviously 
missing some pretty basic rules that I believe I had in the old 
environment.   Just as an example (one of hundreds...), today I received 
an email about Asian women that had little doubt about it's spam 
characteristics.  Yet I got the rating below from SA.   The content had 
more than enough keywords that I would think 'some' rules would have 
been hit.  Yet the only thing SA tells me is it suspects the TLD and it 
has too many break characters.  Something is wrong.  Just off the top of 
your head, can you tell me a few rules that likely should have flagged 
this message?  If I know a couple of rules to look for, I can try to see 
why none of them are flagging this email.  Any advice will be greatly 
appreciated.  (BTW, if it matters, I'm running on AWS EC2, Linux2 
instance).  Thx

X-SpamAssassin_109: Content preview:  Just to Say Hello
X-SpamAssassin_110:    Unsubscribe Here [...]
X-SpamAssassin_112: Content analysis details:   (3.8 points, 4.0 required)
X-SpamAssassin_114:  pts rule name              description
X-SpamAssassin_115: ---- ---------------------- --------------------------------------------------
X-SpamAssassin_116:  0.0 TVD_RCVD_IP            Message was received from an IP address
X-SpamAssassin_117:  0.0 TVD_RCVD_IP4           Message was received from an IPv4 address
X-SpamAssassin_118:  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
X-SpamAssassin_119:  0.0 HTML_IMAGE_RATIO_04    BODY: HTML has a low ratio of text to image
X-SpamAssassin_120:  0.0 HTML_MESSAGE           BODY: HTML included in message
X-SpamAssassin_121:  1.8 CBJ_GiveMeABreak       Messages with consecutive break characters
X-SpamAssassin_122:  2.0 KAM_ICU_BAD_TLD        .icu TLD Abuse

View raw message