[Rspamd-Users] Email hits BAYES_* after a few times
Sophie Loewenthal
sophie at klunky.co.uk
Sun Jun 2 18:47:28 UTC 2019
Hi,
For some reason emails that come in more than twice start hitting BAYES_* rule, but these emails were not processed by 'rspamc learn_spam' or 'rspamc learn_ham', those can be discounted. How does this email get into BAYES when I didn’t feed any eamils from the sender into rspamc learn_spam?
e.g
2nd email:
x-copernica-mid: pom:baiqkbat5s3friee:feedback.smartphonehoesjes.nl
X-Rspamd-Queue-Id: B012D5B
X-Spamd-Result: default: False [6.86 / 14.00];
ARC_NA(0.00)[];
BAYES_SPAM(4.34)[98.00%];
R_DKIM_ALLOW(-0.20)[copernica.com:s=two,smartphonehoesjes.nl:s=two];
FROM_HAS_DN(0.00)[];
R_SPF_ALLOW(-0.20)[+ip4:145.255.128.0/21];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
TO_DN_NONE(0.00)[];
HTML_SHORT_LINK_IMG_1(2.00)[];
HAS_LIST_UNSUB(-0.01)[];
URI_COUNT_ODD(1.00)[31];
RCPT_COUNT_ONE(0.00)[1];
MANY_INVISIBLE_PARTS(0.20)[3];
DKIM_TRACE(0.00)[copernica.com:+,smartphonehoesjes.nl:+];
DMARC_POLICY_ALLOW(-0.50)[smartphonehoesjes.nl,none];
RCVD_IN_DNSWL_NONE(0.00)[131.131.255.145.list.dnswl.org : 127.0.15.0];
MX_GOOD(-0.01)[publisher.copernica.nl];
SUBJECT_ENDS_EXCLAIM(0.00)[];
FORGED_SENDER(0.30)[nieuwsbrief at smartphonehoesjes.nl,pom-baiqkbat5s3friee at feedback.smartphonehoesjes.nl];
RCVD_COUNT_ZERO(0.00)[0];
MIME_TRACE(0.00)[0:+,1:+,2:~];
IP_SCORE(0.04)[asn: 60781(0.26), country: NL(-0.07)];
ASN(0.00)[asn:60781, ipnet:145.255.128.0/21, country:NL];
FROM_NEQ_ENVFROM(0.00)[nieuwsbrief at smartphonehoesjes.nl,pom-baiqkbat5s3friee at feedback.smartphonehoesjes.nl]
3rd email:
X-Spamd-Result: default: False [8.29 / 14.00];
ARC_NA(0.00)[];
DMARC_POLICY_ALLOW(-0.50)[smartphonehoesjes.nl,none];
R_DKIM_ALLOW(-0.20)[copernica.com:s=zero,smartphonehoesjes.nl:s=zero];
BAYES_SPAM(5.04)[99.85%];
FROM_HAS_DN(0.00)[];
PHISH_EMOTION(1.00)[];
R_SPF_ALLOW(-0.20)[+ip4:145.255.128.0/21];
TO_MATCH_ENVRCPT_ALL(0.00)[];
MIME_GOOD(-0.10)[multipart/alternative,text/plain];
TO_DN_NONE(0.00)[];
HAS_LIST_UNSUB(-0.01)[];
URI_COUNT_ODD(1.00)[65];
RCPT_COUNT_ONE(0.00)[1];
MANY_INVISIBLE_PARTS(0.60)[7];
MX_GOOD(-0.01)[publisher.copernica.nl];
DKIM_TRACE(0.00)[copernica.com:+,smartphonehoesjes.nl:+];
RCVD_IN_DNSWL_NONE(0.00)[245.135.255.145.list.dnswl.org : 127.0.15.0];
SUBJECT_ENDS_EXCLAIM(0.00)[];
FORGED_SENDER(0.30)[nieuwsbrief at smartphonehoesjes.nl,pom-baiqkbctvu37zmfg at feedback.smartphonehoesjes.nl];
RCVD_COUNT_ZERO(0.00)[0];
MIME_TRACE(0.00)[0:+,1:+,2:~];
IP_SCORE(0.05)[asn: 60781(0.31), country: NL(-0.07)];
ASN(0.00)[asn:60781, ipnet:145.255.128.0/21, country:NL];
FROM_NEQ_ENVFROM(0.00)[nieuwsbrief at smartphonehoesjes.nl,pom-baiqkbctvu37zmfg at feedback.smartphonehoesjes.nl];
PHISHING(1.32)[handyhuellen.de->smartphonehoesjes.nl]
It’s a bit rum : How could i investigate this?
Thank, Sophie
More information about the Users
mailing list