efa-project.org

Posted: **02 Apr 2014 20:25**

Here is my story.

I notice a message been marked as spam. i clicked on it to see why it was marked as spam. this is what it showed:
Score Matching Rule Description
2.02 HELO_NO_DOMAIN
0.00 HTML_MESSAGE
1.00 ImageCerberusPLG1
1.27 RDNS_NONE
0.16 SHORT_HELO_AND_INLINE_IMAGE
3.00 SPOOF_COM2OTH

anyway to see the logs on why SPOOF_COM2OTH score was high for this particular message?

NOTE: Life would be a lot easier if the Matching Rule would have its Description

BTW To the EFA guys. Thanks for all the help you guys have giving me on this FORUM...

Posted: **22 Mar 2015 09:05**

You'll need to examine the Spamassassin rule sets, find the rule and then work out yourself why it was triggered

(in 3.0.0.7, built from scratch)

Code: Select all

cd /var/lib/spamassassin/3.004000/updates.spamassassin_org
[root@efa updates_spamassassin_org]# grep SPOOF_COM2OTH *
20_uri_tests.cf:uri SPOOF_COM2OTH	m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?s3\.amazonaws\.com)(?:\w+\.){2}}i
20_uri_tests.cf:describe SPOOF_COM2OTH	URI contains ".com" in middle
50_scores.cf:score SPOOF_COM2OTH 2.999 2.999 2.877 2.723

Without me trying to parse the regex, it looks like there's a funny url in the message trying to disguise itself as coming from somewhere else.

Posted: **23 Mar 2015 20:39**

You can run "Update Spammassassin Rule Descriptions" under tools to update the descriptions on the SA rules, if they have them.

Posted: **25 Mar 2015 04:53**

And that's much easier.

You only need to look at the spam assassin rules if you want to find out exactly what that condition is, assuming you can parse the regexes that is.

efa-project.org

How to view logs for a particular SpamAssassin Rule

How to view logs for a particular SpamAssassin Rule

Re: How to view logs for a particular SpamAssassin Rule

Re: How to view logs for a particular SpamAssassin Rule

Re: How to view logs for a particular SpamAssassin Rule