Spamassassin stats

54.46% of all emails received on akrin so far got flagged as spam by the excellent Spamassassin. This is actually not too bad compared to high profile mail service providers.

1 email that takes the cake is with a spam score of 42.2 (anything above 4 is not relayed):

Return-Path: <comicalbp@sosmoteurs.com>
Received: from 201-93-229-84.dsl.telesp.net.br (201-93-229-84.dsl.telesp.net.br [201.93.229.84])
From: "Chase bank" <mailserver.id3373332193ib@chase.com>
To: <XXXXXX@akrin.com>
Subject: urgent security notification for client!
X-Spam-Level: ******************************************
X-Spam-Status: Yes, score=42.2 required=5.0

Content analysis details:

pts rule name              description
---- ---------------------- --------------------------------------------------
2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see <http://www.spamcop.net/bl.shtml?201.93.229.84>]
3.0 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL [201.93.229.84 listed in zen.spamhaus.org]
0.9 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
0.6 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is a abuseable web server [201.93.229.84 listed in dnsbl.sorbs.net]
1.8 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL blocklist [URIs: nilvert.com]
1.9 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist [URIs: nilvert.com]
1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist [URIs: nilvert.com]
1.5 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist [URIs: nilvert.com]
2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist [URIs: nilvert.com]
3.5 BAYES_99               BODY: Bayesian spam probability is 99 to 100% [score: 1.0000]
4.3 HELO_DYNAMIC_HCC       Relay HELO'd using suspicious hostname (HCC)
4.4 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr 2)
0.0 FH_HELO_EQ_D_D_D_D     Helo is d-d-d-d
1.4 FROM_LOCAL_HEX         From: localpart has long hexadecimal sequence
1.9 TVD_RCVD_IP            TVD_RCVD_IP
2.8 TVD_PH_SUBJ_URGENT     TVD_PH_SUBJ_URGENT
0.7 SPF_NEUTRAL            SPF: sender does not match SPF record (neutral)
2.3 SPOOF_COM2COM          URI: URI contains ".com" in middle and end
1.6 HTML_IMAGE_ONLY_24     BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE           BODY: HTML included in message
1.4 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76 chars
0.1 RDNS_DYNAMIC           Delivered to trusted network by host with dynamic-looking rDNS
2.8 DOS_OE_TO_MX           Delivered direct to MX with OE headers

Leave a Reply

Your email address will not be published. Required fields are marked *