Menu
▾
▴
Re: [Assp-test] Spam let through
|
From: Dave W. <dwa...@in...> - 2008-08-26 23:18:45
|
This [NoProcessing] 72.14.246.249 Is the key I would guess. You have set googles domain or this IP to NoProcessing, so it didn't process it From: ass...@li... [mailto:ass...@li...] On Behalf Of James Brown Sent: Wednesday, 27 August 2008 11:15 a.m. To: ASSP development mailing list Subject: [Assp-test] Spam let through I'm running version 2, 5.15. A scam email came through and I was wondering if anyone can tell me why. Log output: Aug-27-08 06:09:46 id-81383-15461 [Worker_1] 72.14.246.249 <chi...@gm...<mailto:chi...@gm...>> to: jl...@bo...<mailto:jl...@bo...> DKIM-signature found Aug-27-08 06:09:50 id-81383-15461 [Worker_1] [NoProcessing] 72.14.246.249 <chi...@gm...<mailto:chi...@gm...>> to: jl...@bo...<mailto:jl...@bo...> message proxied without processing - (attachments unchecked) [Re Assalam to you Kindly Get Back To Me for more details] If I copy the body of the email into the mail Analyzer section it correctly says that it is spam: Feature Matching: * is in CountryCache: status= * has a Griplist value of 0.896764: (adds 0.896764 0.896764) Bayesian Analysis: Bad Words Bad Prob Good Words Good Prob of nigeria 1.0000 this funds 1.0000 government of 1.0000 of finance 0.9999 the former 0.9998 will ever 0.9997 and deposited 0.9997 your compensation 0.9996 foreigner who 0.9995 in various 0.9995 the nigerian 0.9994 confiscated all 0.9993 nigeria has 0.9993 assist him 0.9990 general of 0.9989 the republic 0.9988 invest the 0.9988 nigeria for 0.9986 the federation 0.9985 of contacting 0.9984 nigerian government 0.9977 funds he 0.9975 Totals: 1.0000 1.0000 1.0000 1.0000 0.9999 0.9998 0.9997 0.9997 0.9996 0.9995 0.9995 0.9994 0.9993 0.9993 0.9990 0.9989 0.9988 0.9988 0.9988 0.9986 0.9985 0.9984 0.9977 0.9975 0.9975 0.9966 0.9956 0.9949 0.9942 0.9942 0.9942 ________________________________ Spam Probability: probability: 1.0000 If I forward the email to assp-analyze@mydomain (complete with headers) it comes back saying it is OK: Subject: Re;Assalam to you ........Kindly Get Back To Me for more details!! Connecting IP: 127.0.0.1 Connecting HELO: ag-out-0708.google.com Feature Matching: Not a Valid Format of HELO: 'ag-out-0708.google.com IP 127.0.0.1 is in PB White IP 127.0.0.1 is in Accept All Mail (127.0.0.1) 127.0.0 has a Griplist value of 0.961119: (adds 0.961119 0.961119) Bayesian Analysis: Bad Words:Bad Prob Good Words:Good Prob 47 am:0.0004 assp-nospam 27:0.0018 com mail.bordo.com.au:0.0026 subject re:0.0029 est received:0.0032 date from:0.0032 26 aug:0.0041 localhost 127.0.0.1:0.0041 10 26:0.0046 09 50:0.0061 mime-version content-type:0.0072 27 august:0.0072 54 1000:0.0072 delivered-to href:0.0085 am to:0.0090 09 47:0.9902 09 43:0.0126 au received:0.0126 com date:0.0129 live.fr rcpt:0.9848 1000 received:0.0159 09 41:0.0159 Totals: 0.0004 0.0018 0.0026 0.0029 0.0032 0.0032 0.0032 0.0041 0.0041 0.0041 0.0041 0.0046 0.0061 0.0072 0.0072 0.0072 0.0085 0.0090 0.9902 0.9902 0.0126 0.0126 0.0129 0.9848 0.0159 0.0159 0.0159 0.0159 0.0162 0.0206 0.0276 Spam/Ham Probabilities: Spam Probability: probability 0.0000 X-Assp-Spf: pass ip=72.14.246.249 mailfrom=chi...@gm...<mailto:mailfrom=chi...@gm...> helo=ag-out-0708.google.com Notice that it has only looked the header section! If I forward the email to asspanalyze@mydomain without the headers, then it returns the same as when I pasted the body into the web interface's Mail Analyzer. (ie Spam Probability of 1.0000). Thanks, James. |