reading/troubleshooting spam scores
Question asked by Robbie Wright - September 8, 2014 at 1:58 PM
We're relatively new to SM and trying to figure out all of its secrets. We're trying to tune the spam settings a bit and have a question about spam assassin scoring. 
Here's the delivery log for a sample email that was (mistakenly) marked as spam. Note that bayesian and uribl were the only ones that came back as failed.
[2014.09.08] 13:24:38 [19155] Spam check results: [_SPF: Pass], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [RHSBL: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: failed], [_INTERNALSPAMASSASSIN: 0:0], [_DK: Pass], [_DKIM: Pass], [SURBL: passed], [URIBL: failed]
We have bayesian and uribl both set to their default of three. However, in the message header of the email in question, we have this:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass, URIBL:6
X-SmarterMail-SpamDetail: 0.5 FRT_TODAY2
X-SmarterMail-TotalSpamWeight: 10
Note the score of ten. In my mind, this should have only been scored as a 6 (3 from bayesian, 3 from uribl) but clearly it is not. Additionally, the domain in question is not listed on the uribl site, but still returned failed.
Are we missing something when reviewing the logs? Any other way besides setting smtp logs to detailed to get more info on where that 10 score came from?

1 Reply

Reply to Thread
Steve Reid Replied
September 9, 2014 at 5:49 AM
Maybe your DNS IP is being blocked from the RBL checks... You should find out why it's a false positive.

Reply to Thread