We're relatively new to SM and trying to figure out all of its secrets. We're trying to tune the spam settings a bit and have a question about spam assassin scoring.
Here's the delivery log for a sample email that was (mistakenly) marked as spam. Note that bayesian and uribl were the only ones that came back as failed.
[2014.09.08] 13:24:38  Spam check results: [_SPF: Pass], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [RHSBL: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: failed], [_INTERNALSPAMASSASSIN: 0:0], [_DK: Pass], [_DKIM: Pass], [SURBL: passed], [URIBL: failed]
We have bayesian and uribl both set to their default of three. However, in the message header of the email in question, we have this:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass, URIBL:6
X-SmarterMail-SpamDetail: 0.5 FRT_TODAY2
Note the score of ten. In my mind, this should have only been scored as a 6 (3 from bayesian, 3 from uribl) but clearly it is not. Additionally, the domain in question is not listed on the uribl site, but still returned failed.
Are we missing something when reviewing the logs? Any other way besides setting smtp logs to detailed to get more info on where that 10 score came from?