Page 1 of 1

default spam score

Posted: 10 Feb 2019 08:49
by stefandewal
Hi,

This is the situation in my current efa 4 setup:

1 admin user
2 normal users which are domain administrators

one of the domain administrator also has filters defined in his user account so he can see e-mail send to two of his other domains.
E-mails send to the domains which are in the filter have a default spamscore of 999 instead of ther spamcore which is set by the domain administrator

Is there a workaround or fix for this? The alternative is to a domain administrator for every domain which goes through this mailscanner

Re: filter question

Posted: 10 Feb 2019 15:09
by shawniverson
Do you have the detailed report you could share of the email being sent to the filter/alias domain?

Re: filter question

Posted: 11 Feb 2019 07:49
by stefandewal
but ofcourse, here is the complete source:



Received on: 10/02/2019 16:34:36
Received by: mailscanner.computel.nl
Received from:
94.152.193.102 [Add to Whitelist | Add to Blacklist]
Received Via:
IP Address Hostname Country RBL Spam Virus All
94.152.193.102 5202.niebieski.net Poland [ ] [ ] [ ] [ ]
ID: 43yCdT705NzRjHM
Message Headers: Received: from smtp.5202.v.tld.pl (5202.niebieski.net [94.152.193.102])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(no client certificate requested)
by mailscanner.computel.nl (MailScanner Milter) with SMTP id 43yCdT705NzRjHM
for <dakota@dakota-ruiters.nl>; Sun, 10 Feb 2019 16:34:22 +0100 (CET)
Received: (qmail 4686 invoked by uid 102007); 10 Feb 2019 15:34:21 -0000
Received: from 94.152.193.177 (HELO john.net.pl) (kontosmtp@c3.promo-centrum.com@94.152.193.177)
by 94.152.193.102 with ESMTPA; 10 Feb 2019 15:34:21 -0000
To: dakota@dakota-ruiters.nl
Subject: €300
Message-ID: <3e17f02bab238ab18be8f6f981ac5290@john.net.pl>
Date: Sun, 10 Feb 2019 16:19:08 +0100
From: "Bram Hoffman" <info@promo-centrum.com>
Reply-To: info@promo-centrum.com
MIME-Version: 1.0
X-Mailer-LID: 138
List-Unsubscribe: <https://john.net.pl/unsubscribe.php?M=1 ... 138&N=5771>
X-Mailer-RecptId: 14374263
X-Mailer-SID: 5771
X-Mailer-Sent-By: 13
Content-Type: multipart/related;
type="multipart/alternative"; charset="UTF-8"; boundary="b1_1e3f4e0544931365ddd88d38928513f3"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
From:
odbicia@promo-centrum.com [Add to Whitelist | Add to Blacklist]
To: dakota@dakota-ruiters.nl
Subject: €300
Size: 236.49kB
Anti-Virus/Dangerous Content Protection
Virus: N
Blocked File: N
Other Infection: N
SpamAssassin
Spam: N Action(s): store, deliver, header, "X-Spam-Status:No",
High Score Spam: N
SpamAssassin Spam: N
Listed in RBL: N
SPAM Whitelisted: N
SPAM Blacklisted: N
SpamAssassin Autolearn: Y (Spam)
SpamAssassin Score: 18.00
Spam Report:
Score Matching Rule Description
1.00 CTYPE_NULL Malformed Content-Type header
1.10 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
0.00 DIGEST_MULTIPLE Message hits more than one network digest check
0.61 HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area
0.00 HTML_MESSAGE HTML included in message
0.00 MIME_BASE64_TEXT Message text disguised using base64 encoding
0.00 MIME_HTML_MOSTLY Multipart message mostly text/html MIME
2.43 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
1.73 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.00 RCVD_IN_IVMSIP_SIP24 listed on ivmSIP and/or ivmSIP24 found at invaluement.com
2.00 RCVD_IN_RP_RNBL Relay in RNBL, https://senderscore.org/blacklistlookup/
2.32 RDNS_NUM_TLD_ATCHNX Relay rDNS has numeric TLD + suspicious attachment
1.22 RDNS_NUM_TLD_XM Relay rDNS has numeric TLD + suspicious headers
-0.00 SPF_PASS SPF: sender matches SPF record
0.59 TXREP Score normalizing based on sender's reputation
1.00 URIBL_BLACK Contains an URL listed in the URIBL blacklist
2.00 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL blocklist
Relay Information:
Date/Time Relayed by Relayed to Delay Status
10/02/2019 16:34:36 mailscanner webserver.stahp.nl 00:00:00 bounced (host mail.stahp.nl[78.41.77.208] said: 550 No such recipient here (in reply to RCPT TO command))

Re: default spam score

Posted: 12 Feb 2019 11:04
by stefandewal
Hi,

I discovered that in custom/SQLSpamSettings.pm the scores are looked up and that the scripts dont look into the user_filters table.

That is why domains which are only present in user_filters get the score of 999

Does anyone know whether someone has made a hack for this?