Spam scrore in exim

Dennis · February 23, 2021, 10:36am

i have mine set to 90 and it works great.

X-Spam-Score: 94
X-Spam-Bar: +++++++++
X-Spam-Report: Spam detection software, running on the system

E-Mail lands in users spam folder with following info:

X-Spam-Status: Yes
X-ACL-Warn: SpamAssassin detected spam (from [email protected] to [email protected]).
Subject: *** POSSIBLE SPAM *** Reite auf der Bitcoin  Welle und verdiene €13,000 in genau 24 Stunden

you just need to ignore Content analysis details: (9.4 points, 5.0 required) as its not being used.

Dennis · February 23, 2021, 10:46am

Here, i set the required rate i bit high in spamassassin so you can see what i meant:

  Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Tue, 23 Feb 2021 11:43:34 +0100
Received: from mail-io1-f43.google.com ([209.85.166.43]:43697)
	by ns1.AABBCC.info with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.92)
	(envelope-from <[email protected]>)
	id 1lEVAE-0000uS-13
	for [email protected]; Tue, 23 Feb 2021 11:43:34 +0100
Received: by mail-io1-f43.google.com with SMTP id f20so16543481ioo.10
        for <[email protected]>; Tue, 23 Feb 2021 02:43:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=uLID6RH84cQBlT8BoHxqvbh+9cpVeog6Dpa/hLchgH4=;
        b=rPDpr3Qnlx7stv9+VrwiURQTph0r+IrtfysklFxrqoGV1cltZYrw03RvyNwxusks9C
         Vmip5hMZIMXFUo+8CDq2f1SWXrMDJF4qwBEneIY3D0XVfjkXS5FoWejcKgtS01tJuOgf
         XXXX
         UV8bcdNItoa4DMvDXYNrTt6DImszQibxtUbjhzPcLeUNmJwp7q8aDtQgAEGctmcRP8ww
         GatsnKgqYLRIs2pQbrasv1Zj2nkcMGVxqbbnR8w5uHjkaNU8WidMyIU9nvCCLxwfQR2p
         JZ/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=uLID6RH84cQBlT8BoHxqvbh+9cpVeog6Dpa/hLchgH4=;
        b=eaTRHEcmzxLrW9ArVEHSaUGu0AvWuShYfUvjr/HAnCIxdR2x162UqdYuz+4nZDLlv6
         7CXz+9J6tN/lbR/NAFCa99G2gInCkRKhURUvtysrv+itxGeVXCsQKQmCGB4glK0+Hb0r
         XXX
         iFDNH8AiFXYS4UzIUrvEi8OiRQ2vf+2g60Fhfb9+BHycjZCDUGEBKpx/rYdSjlmC6w4v
         udYo9MRQVyDZ5iJ+yX2X6IyPNXlhybucs74efAtMtWCTAMyLWi43tR2e1KDisnMsvWp2
         GfoA==
X-Gm-Message-State: AOAM5336bC56DquyCT30wFAxIb4iPdAYBEPqifMh67ST0YVru9w1G4gi
	tAcKVx4lAxE3R1dOvEclOEs6XXnzIhMmLLupkUjA==
X-Google-Smtp-Source: ABdhPJyXIas15VXnYPjsiwI5b9jRR/+ATewMBZ9XXgGb7gXZS4wNazXnygVPCvs6QcSxD7UJRICOp5wc4=
X-Received: by 2002:a6b:6519:: with SMTP id z25mr19439085iob.147.1614077012830;
 Tue, 23 Feb 2021 02:43:32 -0800 (PST)
MIME-Version: 1.0
From: Dennis AABBCC <[email protected]>
Date: Tue, 23 Feb 2021 11:43:22 +0100
Message-ID: <CAJ=e7j5+SY6SC1HaXBPRD5wktTmsnwtduv11VwZxHEefvn_CDA@mail.gmail.com>
To: Dennis AABBCC <[email protected]>
Content-Type: multipart/alternative; boundary="000000000000fd6b6e05bbfe96b0"
X-Spam-Score: 9998
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "ns1.AABBCC.info",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 
 Content preview:  XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X 
 
 Content analysis details:   (999.8 points, 5000000.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 1000 GTUBE                  BODY: Generic Test for Unsolicited Bulk Email
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (dennis.AABBCC[at]gmail.com)
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
                             [209.85.166.43 listed in wl.mailspike.net]
  0.0 TVD_SPACE_RATIO        No description available.
X-Spam-Status: Yes
X-ACL-Warn: SpamAssassin detected spam (from [email protected] to [email protected]).
Subject: *** POSSIBLE SPAM *** dsfrdf

--000000000000fd6b6e05bbfe96b0
Content-Type: text/plain; charset="UTF-8"

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

--000000000000fd6b6e05bbfe96b0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail-gs" style=3D"margin:0px;padding:0px 0p=
x 20px;width:1504px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-ser=
if;font-size:medium"><div class=3D"gmail-"><div id=3D"gmail-:192" class=3D"=
gmail-ii gmail-gt" style=3D"font-size:0.875rem;direction:ltr;margin:8px 0px=
 0px;padding:0px"><div id=3D"gmail-:191" class=3D"gmail-a3s gmail-aiL" styl=
e=3D"overflow:hidden;font-variant-numeric:normal;font-variant-east-asian:no=
rmal;font-stretch:normal;font-size:small;line-height:1.5;font-family:Arial,=
Helvetica,sans-serif"><div dir=3D"ltr">XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-ST=
ANDARD-ANTI-UBE-TEST-EMAIL*C.34X</div></div></div></div></div></div>

--000000000000fd6b6e05bbfe96b0--

ozgurerdogan · February 23, 2021, 2:19pm

Why is this:

X-Spam-Report: Spam detection software, running on the system “ns1.AABBCC.info”,
has NOT identified this incoming email as spam.
and also

X-ACL-Warn: SpamAssassin detected spam (from [email protected] to [email protected]).

Dennis · February 23, 2021, 2:41pm

because spamassassin (the one adding this header info) is net setup to be in charge of it.

Dennis · February 23, 2021, 2:46pm

if you want to align both of them (exim and spamassassin), then just put the same score into both locations.

50 for EXIM and 5.0 for spamassassin, then the reports will look ok. Or you can disable spamassassins report and just use EXIM’s added info.

just comment out what you do not want to show:

/etc/spamassassin/10_default_prefs.cf

or use mine:

nano /etc/spamassassin/10_default_prefs.cf

and drop this in it.

# SpamAssassin basic config file
#
# Please don't modify this file as your changes will be overwritten with
# the next update. Use @@LOCAL_RULES_DIR@@/local.cf instead.
# See 'perldoc Mail::SpamAssassin::Conf' for details.
#
# <@LICENSE>
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# </@LICENSE>
#
###########################################################################

# Default template. Try to keep it under 78 columns (inside the the dots below).
#      ........................................................................
clear_report_template
#if can(Mail::SpamAssassin::Conf::feature_yesno_takes_args)
#report Spam detection software, running on the system "_HOSTNAME_",
#report has_YESNO(, NOT)_ identified this incoming email as_YESNO( possible,)_ spam.  The original
#report message has been attached to this so you can view it or label
#else
#report Spam detection software, running on the system "_HOSTNAME_", has
#report identified this incoming email as possible spam.  The original message
#report has been attached to this so you can view it (if it isn't spam) or label
#endif
#report similar future email.  If you have any questions, see
#report _CONTACTADDRESS_ for details.
#report
#report Content preview:  _PREVIEW_
#report
#report Content analysis details:   (_SCORE_ points, _REQD_ required)
report
report " pts rule name              description"
report  ---- ---------------------- --------------------------------------------------
report _SUMMARY_

#      ........................................................................

# A 'contact address' users should contact for more info. (replaces
# _CONTACTADDRESS_ above if present)
report_contact  @@CONTACT_ADDRESS@@

###########################################################################

# Unsafe-for-viewing message report template.
#
#             ......................................................................
clear_unsafe_report_template
unsafe_report The original message was not completely plain text, and may be unsafe to
unsafe_report open with some email clients; in particular, it may contain a virus,
unsafe_report or confirm that your address can receive spam.  If you wish to view
unsafe_report it, it may be safer to save it to a file and open it with an editor.
#             ......................................................................

###########################################################################
# Database configuration options.
#
# user_scores_dsn MUST be in the form:
# DBI:databasetype:databasename:hostname:port
# ex. DBI:mysql:spamassassin:localhost
#
# user_scores_sql_username is the authorized username to connect to DSN
# user_scores_sql_password is the password for the database username

#user_scores_dsn                DBI:mysql:spamassassin:localhost
#user_scores_sql_username       spam
#user_scores_sql_password       spamfilter

##########################################################################
# Headers to be added to mail (can be overriden by users in
# ~/.spamassassin/user_prefs)
# Make sure the header stays entirely on one line here

clear_headers

#X-Spam-Checker-Version: SpamAssassin 2.60-cvs (1.188-2003-05-24-exp)
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_

#X-Spam-Flag: YES
add_header spam Flag _YESNOCAPS_

#X-Spam-Level: *************
add_header all Level _STARS(*)_

#X-Spam-Status: Yes, score=14.0 required=5.0 tests=BAYES_99,CALL_FREE
#        DATE_IN_PAST_12_24,DCC_CHECK,DRASTIC_REDUCED,FROM_HAS_MIXED_NUMS
#        FROM_HAS_MIXED_NUMS3,HOME_EMPLOYMENT,INVALID_DATE,INVALID_MSGID
#        LINES_OF_YELLING,MSGID_HAS_NO_AT,NO_REAL_NAME,ONCE_IN_LIFETIME
#        UNDISC_RECIPS autolearn=spam version=2.60-cvs
add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"

###########################################################################
# Default prefs values: users can override these in their
# ~/.spamassassin/user_prefs files.

# How many points before a mail is considered spam.
required_score           5

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              all

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.  This is an expensive
# classification, so it is is disabled in init.pre by default.
ifplugin Mail::SpamAssassin::Plugin::TextCat
ok_languages            all
endif # Mail::SpamAssassin::Plugin::TextCat

# Mail which scores outside this range will be fed back into SpamAssassin's
# learning system automatically, to train the Bayesian scanner.
ifplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
bayes_auto_learn_threshold_nonspam      0.1
bayes_auto_learn_threshold_spam         12.0
endif # Mail::SpamAssassin::Plugin::AutoLearnThreshold

# Set this to 0 to turn off auto-learning.
bayes_auto_learn                        1

# report_safe controls the markup of spam. If you set it to 0, the message
# body of spam messages will not be modified
report_safe           1

# Headers to parse for originating IP address
if (can(Mail::SpamAssassin::Conf::feature_originating_ip_headers))
clear_originating_ip_headers
originating_ip_headers X-Yahoo-Post-IP X-Originating-IP X-Apparently-From
originating_ip_headers X-SenderIP X-AOL-IP
endif

if (can(Mail::SpamAssassin::Conf::feature_dns_local_ports_permit_avoid))
# leave out the more densely populated port number ranges
dns_local_ports_avoid 0-11000
# leave out some ephemeral ports, making them available to other programs
dns_local_ports_avoid 49152-49408
# avoid IANA assigned high port numbers
dns_local_ports_avoid 11000-11001 11106 11111-11112 11161-11165 11201 11208
dns_local_ports_avoid 11211 11319-11321 11367 11371 11600 11720 11751 11967
dns_local_ports_avoid 12000-12008 12012-12013 12109 12121 12168 12172 12300
dns_local_ports_avoid 12321-12322 12345 12753 13160 13216-13218 13223-13224
dns_local_ports_avoid 13720-13722 13724 13782-13783 13785-13786 13818-13822
dns_local_ports_avoid 13929 14000-14001 14033-14034 14141-14142 14145 14149
dns_local_ports_avoid 14154 14250 14414 14936-14937 15000 15345 15363 15555
dns_local_ports_avoid 15660 15740 16161 16309-16311 16360-16361 16367-16368
dns_local_ports_avoid 16384 16900 16950 16991-16995 17007 17185 17219 17235
dns_local_ports_avoid 17500 17729 17754-17756 18000 18181-18187 18241 18262
dns_local_ports_avoid 18463 18634-18635 18769 18881 18888 19000 19191 19194
dns_local_ports_avoid 19283 19315 19398 19410-19412 19539-19541 19999-20003
dns_local_ports_avoid 20005 20014 20034 20046 20049 20167 20202 20222 20480
dns_local_ports_avoid 20670 20999-21000 21554 21590 21800 21845-21849
dns_local_ports_avoid 22000-22005 22273 22305 22343 22347 22350 22555 22763
dns_local_ports_avoid 22800 22951 23000-23005 23272 23333 23400-23402
dns_local_ports_avoid 24000-24006 24242 24249 24321 24386 24465 24554
dns_local_ports_avoid 24676-24678 24680 24922 25000-25009 25793 25900-25903
dns_local_ports_avoid 26000 26133 26208 26260-26263 26486-26487 26489 27345
dns_local_ports_avoid 27442 27504 27782 27999-28000 28240 29167 30001-30002
dns_local_ports_avoid 30260 30999 31416 31457 31620 31765 31948-31949 32034
dns_local_ports_avoid 32249 32483 32635-32636 32767-32777 32801 32896 33123
dns_local_ports_avoid 33331 33434 33656 34249 34378-34379 34962-34964 34980
dns_local_ports_avoid 36001 36865 37475 37654 38201-38203 39681 40000
dns_local_ports_avoid 40841-40843 41111 41794-41795 42508-42510 43188-43190
dns_local_ports_avoid 43440-43441 44321-44322 44553 44818 45054 45678 45825
dns_local_ports_avoid 45966 46999-47000 47557 47624 47806 47808 48000-48003
dns_local_ports_avoid 48128-48129 48556 48619
endif

# Some common prefs settings can be set here, to take effect site-wide
# unless the user override them. See the user_prefs.template file for
# explanations.

ozgurerdogan · February 23, 2021, 3:05pm

Can we please talk on skpye or some where

Dennis · February 23, 2021, 3:07pm

sure - https://meet.joinedworkspace.eu/GpgP9r2LEnE7yn2xMGENERAL

ozgurerdogan · February 23, 2021, 3:31pm

Very friendly person, explained well with a sample. Thanks.

system · March 25, 2021, 3:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.