Is there a way besides the log file to check and see what spam checks an email either passed or failed? The reason why I ask is because an email that got delivered here to our office is definitely spam. It has been reported previously but I have a hunch that the spammer just spoofed a different address or IP and Sm scores it low and allows it through anyways.
Here's a part of the header where SM scored it:
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DKIM_Pass, Custom Rules , URIBL:4
Now, the email failed all 4 URIBL's I have setup in the anti-spam list. Our setting for low level spam is 10, medium is 20 and high level is 30. Now the log file tells me [URIBL: 4 results failed] but never mentions which ones. I am guessing that it's all of them and the rest of the spam checks pass with flying colors. So why is it that when a user submits something to the spam filter that it just gets through anyways? Is my scoring too low for the URIBL checks? They are all set to a score of 4. I didn't want to make them too high in fear that if a legit email did fail the test that it would still go through, but it seems the filtering process right now is too light on the scoring method.
Thoughts? I did start looking through Bruce's document for spam filtering and will tweak what I need to from that. Just wanted to make sure I am not missing anything else. What score is everyone else using with URIBL?