efa-project.org

Posted: **10 Jan 2017 18:13**

I have a user - unfortunately, he's my boss - his email accounts are full of spam. I've just installed EFA today - I'm really not a linux person either, but do have about 25 years in various IT roles, so I kind of know my way around a bit.

One specific email he got through had the following spam report

0.10 DKIM_SIGNED
-0.10 DKIM_VALID
-0.10 DKIM_VALID_AU
1.28 HTML_IMAGE_ONLY_24
0.61 HTML_IMAGE_RATIO_04
0.00 HTML_MESSAGE
0.33 HTML_SHORT_LINK_IMG_3
1.25 RCVD_IN_BL_SPAMCOP_NET
-3.20 RP_MATCHES_RCVD
-0.00 SPF_HELO_PASS
-0.00 SPF_PASS
0.00 URIBL_BLOCKED

but this email was definitely spam

This is in the headers

X-Greylist: delayed 00:07:01 by SQLgrey-1.8.0
Received: from creativetherefore.com (creativetherefore.com [185.167.160.113])
by EFAMailFilter.Contentyspublic.local (Postfix) with ESMTP id 56951100067
for <stuartforrest@contentys.com>; Tue, 10 Jan 2017 17:21:10 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=creativetherefore.com;
h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
bh=JNxu6RBogYlmWXo8RlmWDBmxdP8=;
b=H5acAqWhlQJxrHqXqOHbMyoI/iQmzKDNiEziKKlU/eayvKdQ05DSLFSJeDEIvlJCJQ77BmvhB6J6
VjX4iu5jLwg77Ri+aCuOh3NUf1kqUwtSQ+cjbUf+brYYCkCLzjBN3KuC6/cCV6eCoxevGDs8Yqa9
OXY9WqX/UC7f7u0nlPQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=creativetherefore.com;
b=r8+1G6WWH18K5v0DQtN7uNfa84lr4hK+Xhkj6WnhH74IGuflVophJ5yM+KMPertX1A9fK8GktIkg
re4a4fsx2/8Kn1gIE4f+6wjPzj4jDdmsjSJqA1yiCv1wx4rw1W1NKGSulJhZd44pfma63IkP4GCk
RsRxpo6VcSCuUXH8eN4=;
To: stuartforrest@contentys.com
Subject: The single BIGGEST way to turn a woman on and give her an orgasm
Message-ID: <9007d03c1947f065e70e9e3166e4e44a@winning99power.com>
Date: Tue, 10 Jan 2017 17:14:20 +0000
From: "Enjoy vaginal sex" <active@creativetherefore.com>
Reply-To: active@creativetherefore.com
MIME-Version: 1.0
X-Mailer-LID: 24,25,1,13,14,27,15,16,17,18,19,20,21,22,23,26,2,3,4,5,6,7,8,9,10,11,12
List-Unsubscribe: <http://winning99power.com/unsubscribe.p ... L=21&N=593>
X-Mailer-RecptId: 237965
X-Mailer-SID: 593
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_8f1d5a49c129e414a7f949c5a7839097"
Content-Transfer-Encoding: 8bit
From:
active-stuartforrest=contentys.com@creativetherefore.com [Add to Whitelist | Add to Blacklist]
To: stuartforrest@contentys.com
Subject: The single BIGGEST way to turn a woman on and give her an orgasm
Size: 5.7Kb

and the body text is

5 Se-x Secre-ts To Give Women
Earth-Shattering Orgasmsâ�¦
In my research I can acro-ss this study that said that less
than 25% of women actually reach orgasm from vaginal
se-x. And 40% of women don't even enjoy vaginal se-x AT ALL.

Unusual techniques that give any woman multiple
spi-ne-tingling, electrifying, scream-your-name orgasms
http://winning99power.com/link.php?M=23 ... 3&L=92&F=T

I was SHOCKED at the number of tips, ideas
and deeply personal
(and sometimes quite eroti-c) stories that flooded in.

http://winning99power.com/link.php?M=23 ... 3&L=92&F=T

and the other fields had

Virus: N
Blocked File: N
Other Infection: N
SpamAssassin
Spam: N Action(s): store, deliver, header, "X-Spam-Status:No", custom(nonspam)
High Score Spam: N
SpamAssassin Spam: N
Listed in RBL: N
SPAM Whitelisted: N
SPAM Blacklisted: N
Spamassassin Autolearn: N
Spamassassin Score: 0.17

Is there anyway I can investigate why this isn't picked up as he gets hundreds a day

I also looked at and have turned on MCP within EFA, and I can see those scores now showing. I think I have followed the example on the web about creating one match for a subject and body, but as I'm really very new to this, I have no idea if they are working.

Any help (and please be patient with me) would be really quite appreciated.

Thanks

Stuart

Posted: **11 Jan 2017 13:28**

Hi CPhillips - thanks for the PM
Unfortunately, due to restrictions set to new users (and I guess that it's despite of the exhaustive anti robot measures it's to stop mass mailings by new users) I cannot reply to you directly.

I followed this post
viewtopic.php?t=444

I have just done a new install (first time) of EFA.

Sadly the documentation on it is pretty poor, so I am going out and about seeing the individual elements documentations and hoping that there's nothing too wrong in doing it.

Specifically, what I did do, was hash out (#) the First Check = spam entry and put the 4 lines above this.

I also built the other file using the two examples with sexy in the subject and body. But that didn't work
What did work, was the MCP number of 0 appeared in the main Recent Messages screen.

Posted: **12 Jan 2017 00:51**

MCP bug is present that should be fixed in 3.0.1.6. HTH

Posted: **12 Jan 2017 09:27**

OK - thanks for letting me know.

efa-project.org

How do I find out why SpamAssassin has not recognised an email as spam?

How do I find out why SpamAssassin has not recognised an email as spam?

Re: How do I find out why SpamAssassin has not recognised an email as spam?

Re: How do I find out why SpamAssassin has not recognised an email as spam?

Re: How do I find out why SpamAssassin has not recognised an email as spam?