[169199] in North American Network Operators' Group
Re: spamassassin
daemon@ATHENA.MIT.EDU (Private Sender)
Tue Feb 18 21:23:35 2014
Date: Tue, 18 Feb 2014 18:10:25 -0800
From: Private Sender <nobody@snovc.com>
To: nanog@nanog.org
In-Reply-To: <m2zjlnrhqe.wl%randy@psg.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Randy Bush wrote:
> in the last 3-4 days, a *massive* amount of spam is making it past
> spamassassin to my users and to me. see appended for example. not
> all has dkim.
>
> clue?
>
> randy
>
> From: "SmallCapStockPlays" <info@SmallCapStockPlays.com>
> Subject: Could VIIC be our biggest play in 2014? Check the stock today
> To: <randy@psg.com>
> Date: Tue, 18 Feb 2014 20:48:02 -0500
> Return-path: <bounces+796782.50654126.285374@icpbounce.com>
> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ran.psg.com
> X-Spam-Level:
> X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE,MIME_QP_LONG_LINE,T_DKIM_INVALID autolearn=ham version=3.3.2
> Received: from psg.com ([2001:418:1::62])
> by ran.psg.com with esmtp (Exim 4.76)
> (envelope-from <bounces+796782.50654126.285374@icpbounce.com>)
> id 1WFwGl-0006al-Bu
> for randy@ran.psg.com; Wed, 19 Feb 2014 01:48:16 +0000
> Received: from [207.254.213.223] (helo=drone166.ral.icpbounce.com)
> by psg.com with esmtp (Exim 4.82 (FreeBSD))
> (envelope-from <bounces+796782.50654126.285374@icpbounce.com>)
> id 1WFwGZ-000Lp8-0W
> for randy@psg.com; Wed, 19 Feb 2014 01:48:04 +0000
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=icontactmail3.com; h=Mime-Version:From:To:Date:Subject:List-Unsubscribe:X-Feedback-ID:Content-Type:Message-ID; bh=iihwvTJA/ZrrgzXpk+9Muk0Sqlfk5BqD+aI+mL91kn8=; b=wKHIYdl1BdMRK0Kak5Z/2CwsfFh5Byoe9ZlHaqQz3VK4ltYtLfCI3tg6y8Wq3HuULY+ere7Fzz9Q camnKSvqcSx3u8LQWQGQSZoYkOmzcIemCHNNrsBD+WZhVA9R3W10V2NM6OTuJKFURxtmCNME29kH 5bYunRCoGolocQ5HmAw=
> Mime-Version: 1.0
> Errors-To: bounces+796782.50654126.285374@icpbounce.com
> List-Unsubscribe: <https://app.icontact.com/icp/listunsubscribe.php?r=50654126&l=4084&s=FSMC&m=285374&c=796782>, <mailto:bounces+796782.50654126.285374@icpbounce.com>
> X-List-Unsubscribe: <https://app.icontact.com/icp/listunsubscribe.php?r=50654126&l=4084&s=FSMC&m=285374&c=796782>
> X-Unsubscribe-Web: <https://app.icontact.com/icp/listunsubscribe.php?r=50654126&l=4084&s=FSMC&m=285374&c=796782>
> X-Feedback-ID: 01_796782_285374:01_796782:01:vocus
> X-ICPINFO:
> X-Return-Path-Hint: bounces+796782.50654126.285374@icpbounce.com
> Content-Type: multipart/alternative; boundary="cdf82e78-582d-4a55-9037-dacf81ae37d3"
> Message-ID: <0.1.F.AFD.1CF2D149FE8FD9E.0@drone166.ral.icpbounce.com>
>
> [1 <text/plain; utf-8 (quoted-printable)>]
> HOME ABOUT US TRADE IDEAS PENNY STOCK ARTICLES DAILY NEWS
>
> [1][png] [2][png] [3][png]
>
They are smart and dkim sign their messages; even though it's invalid I
believe that's why it has such a low bayes score.
It's getting marked as ham and not spam. Are you positive your
definitions are still updating?
