[Rspamd-Users] no greylisting but greylisting and learned as spam at score 0.37

Christian rspam at 2nibbles4u.de
Sun Aug 29 15:20:11 UTC 2021


I have numbered the lines for a simpler question. Maybe someone can help me understand the following behavior:

- The following message skips greylisting (#2)
- reaches a score of 0.37 and is still learned as spam (#2)
- and postfix throws a a temporary error (#8)

#1 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; lua; greylist.lua:318: Score too low - skip greylisting
#2 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; proxy; rspamd_stat_check_autolearn: <trinity-30c8a1cf-fc42-4adb-b22f-0a7c39391ff7-1630249186764 at 3c-app-webde-bap47>: autolearn spam for classifier 'bayes' as message's action is reject, score: 0.37
#3 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; proxy; rspamd_stat_cache_redis_get: <trinity-30c8a1cf-fc42-4adb-b22f-0a7c39391ff7-1630249186764 at 3c-app-webde-bap47> has been already learned as spam, ignore it
#4 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; proxy; rspamd_task_process: skip learning: <trinity-30c8a1cf-fc42-4adb-b22f-0a7c39391ff7-1630249186764 at 3c-app-webde-bap47> has been already learned as spam, ignore it
#5 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; proxy; rspamd_task_write_log: id: <trinity-30c8a1cf-fc42-4adb-b22f-0a7c39391ff7-1630249186764 at 3c-app-webde-bap47>, qid: <4175013A024B>, ip: 212.227.17.12, from: <sender at web.de>, (default: T (add): [0.37/0.00] [PYZOR(2.94){bl_21360619_wl_210250;},DWL_DNSWL_LOW(-1.00){web.de:dkim;},IP_REPUTATION_HAM(-0.75){asn: 8560(-0.19), country: DE(-0.00), ip: 212.227.17.12(-0.56);},GENERIC_REPUTATION(-0.60){-0.60584562991923;},DMARC_POLICY_ALLOW(-0.50){web.de;none;},MID_RHS_NOT_FQDN(0.50){},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){web.de:s=dbaedf251592;},R_SPF_ALLOW(-0.20){+ip4:212.227.17.0/27:c;},WL_DOMAIN(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){web.de:s=1546251274:i=1;},ASN(0.00){asn:8560, ipnet:212.227.0.0/16, country:DE;},DKIM_TRACE(0.00){web.de:+;},FREEMAIL_ENVFROM(0.00){web.de;},FREEMAIL_FROM(0.00){web.de;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},HAS_X_PRIO_THREE(0.00){3;},MIME_TRACE(0.00){0:~;},MX_WHITE(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){;},RCVD_TLS_LAST(0.00){},RECEIVED_SPAMHAUS_PBL(0.00){188.110.12.143:received;},RWL_MAILSPIKE_GOOD(0.00){212.227.17.12:from;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2211, time: 1116.974ms, dns req: 27, digest: <2cb149d1fa39f391609c0a5080063455>, rcpts: <recipient at domain.tld>, mime_rcpts: <rcpt at domain.tld>, settings_id: whitelist
#6 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 1 regexps matched, 175 regexps total, 61 regexps cached, 0B scannedusing pcre, 1.46KiB scanned total
#7 Aug 29 16:59:58 mx02 rspamd[12902]: <54d5af>; milter; rspamd_milter_send_task_results: action add has not been registered
#8 Aug 29 16:59:58 mx02 postfix/cleanup[13052]: 4175013A024B: milter-reject: END-OF-MESSAGE from mout.web.de[212.227.17.12]: 4.7.1 Service unavailable - try again later; from=<sender at web.de> to=<recipient at domain.tld> proto=ESMTP helo=<mout.web.de>
Some minutes later the email have been
- learned as ham (#2)
- accepted #5
#1 Aug 29 17:01:48 mx02 rspamd[12902]: <e49ff0>; lua; greylist.lua:318: Score too low - skip greylisting
#2 Aug 29 17:01:48 mx02 rspamd[12902]: <e49ff0>; proxy; rspamd_stat_check_autolearn: <trinity-bc306338-0456-44c6-bc79-bbc7ef9867bb-1630248975846 at 3c-app-webde-bap47>: autolearn ham for classifier 'bayes' as message's score is negative: -0.07
#3 Aug 29 17:01:48 mx02 rspamd[12902]: <e49ff0>; proxy; rspamd_task_write_log: id: <trinity-bc306338-0456-44c6-bc79-bbc7ef9867bb-1630248975846 at 3c-app-webde-bap47>, qid: <E28E313A024B>, ip: 217.72.192.78, from: <sender at web.de>, (default: F (no action): [-0.07/0.00] [PYZOR(2.94){bl_21360619_wl_210250;},DWL_DNSWL_LOW(-1.00){web.de:dkim;},IP_REPUTATION_HAM(-0.69){asn: 8560(-0.19), country: DE(-0.00), ip: 217.72.192.78(-0.50);},GENERIC_REPUTATION(-0.52){-0.52919891156728;},DMARC_POLICY_ALLOW(-0.50){web.de;none;},MID_RHS_NOT_FQDN(0.50){},SPF_REPUTATION_HAM(-0.48){-0.48455367793625;},MIME_HTML_ONLY(0.20){},R_DKIM_ALLOW(-0.20){web.de:s=dbaedf251592;},R_SPF_ALLOW(-0.20){+ip4:217.72.192.64/26;},RCVD_IN_DNSWL_LOW(-0.10){217.72.192.78:from;},WL_DOMAIN(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){web.de:s=1546251274:i=1;},ASN(0.00){asn:8560, ipnet:217.72.192.0/20, country:DE;},DKIM_TRACE(0.00){web.de:+;},FREEMAIL_ENVFROM(0.00){web.de;},FREEMAIL_FROM(0.00){web.de;},FROM_EQ_ENVFROM(0.00){},FROM_NO_DN(0.00){},HAS_X_PRIO_THEE(0.00){3;},MIME_TRACE(0.00){0:~;},MX_WHITE(0.00){},RCPT_COUNT_ONE(0.00){1;},RCVD_COUNT_TWO(0.00){2;},RCVD_TLS_LAST(0.00){},RECEIVED_SPAMHAUS_PBL(0.00){188.110.12.143:received;},RWL_MAILSPIKE_POSSIBLE(0.00){217.72.192.78:from;},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2211, time: 1800.564ms, dns req: 28, digest: <2cb149d1fa39f391609c0a5080063455>, rcpts: <rcpt at domain.tld>, mime_rcpts: <rcpt at domain.tld>, settings_id: whitelist
#4 Aug 29 17:01:48 mx02 rspamd[12902]: <e49ff0>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 1 regexps matched, 175 regexps total, 61 regexps cached, 0B scanned using pcre, 1.46KiB scanned total
#5 Aug 29 17:01:48 mx02 postfix/qmgr[32189]: E28E313A024B: from=<sender at web.de>, size=2756, nrcpt=2 (queue active)

BR Christian


More information about the Users mailing list