Hello everyone,
I noticed that SPAM seems to be getting worse (I'm on the latest version) and my settings are pretty cranked. However, the total spam scores remain near 1 or even 0 at times and aren't reaching the level 3 I need to get them tagged and quarantined. One thing I noticed that might be hurting it is the message in the headers of these emails that states:
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
I went to the link and read up on it but it seems that it is something that ProxMox would control on their install rather than myself. Am I correct in this?
Here are some tags from the email headers that we believe should have been marked as SPAM but werent:
Received: from spamgateway (192.168.1.67) by
myexchangeserver (192.168.1.3) with Microsoft SMTP Server id
14.3.224.2; Tue, 10 Mar 2015 11:12:36 -0500
Received: from spamgateway(localhost [127.0.0.1]) by
spamgateway (Proxmox) with ESMTP id C948481103B6 for
<user@mydomain>; Tue, 10 Mar 2015 11:12:36 -0500 (CDT)
Received-SPF: none (m.surveyanalytics.com: No applicable sender policy available) receiver=spamgateway; identity=mailfrom; envelope-from="surveybounce@m.surveyanalytics.com"; helo=mail1.surveyanalytics.com; client-ip=70.42.174.189
Received: from mail1.surveyanalytics.com (mail1.surveyanalytics.com
[70.42.174.189]) by spamgateway (Proxmox) with ESMTP id
E5F9780D7627 for <user@mydomain>; Tue, 10 Mar 2015 11:12:34 -0500 (CDT)
Received: from sadata1 (sadata1 [10.0.0.193]) by mail1.surveyanalytics.com
(Postfix) with ESMTP id 71DF5A60862 for <user@mydomain>; Tue, 10 Mar
2015 09:03:02 -0700 (PDT)
Date: Tue, 10 Mar 2015 09:03:02 -0700
From: Elle Ford <eford@vernonresearch.com>
To: <user@mydomain>
Message-ID: <551557743.723288.1426003382467.JavaMail.surveyanalytics@samail>
Subject: Your HR expertise is needed
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_723287_565211297.1426003382460"
X-Bounce-To: surveybounce+139440870@m.surveyanalytics.com
X-Proxmox-CTCH-Refid: str=0001.0A020205.54FF17F4.00E3:SCFSTAT29658072,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-SPAM-LEVEL: Spam detection results: 0
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_IMAGE_ONLY_32 0.001 HTML: images with 2800-3200 bytes of words
HTML_MESSAGE 0.001 HTML included in message
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at http://www.dnswl.org/, no trust
RP_MATCHES_RCVD 0.001 Envelope sender domain matches handover relay domain
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
Return-Path: surveybounce+139440870@m.surveyanalytics.com
X-MS-Exchange-Organization-AuthSource: myexchangeserver
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-EsetId: A4D57938467EE432FE9327
Any thoughts?
I noticed that SPAM seems to be getting worse (I'm on the latest version) and my settings are pretty cranked. However, the total spam scores remain near 1 or even 0 at times and aren't reaching the level 3 I need to get them tagged and quarantined. One thing I noticed that might be hurting it is the message in the headers of these emails that states:
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
I went to the link and read up on it but it seems that it is something that ProxMox would control on their install rather than myself. Am I correct in this?
Here are some tags from the email headers that we believe should have been marked as SPAM but werent:
Received: from spamgateway (192.168.1.67) by
myexchangeserver (192.168.1.3) with Microsoft SMTP Server id
14.3.224.2; Tue, 10 Mar 2015 11:12:36 -0500
Received: from spamgateway(localhost [127.0.0.1]) by
spamgateway (Proxmox) with ESMTP id C948481103B6 for
<user@mydomain>; Tue, 10 Mar 2015 11:12:36 -0500 (CDT)
Received-SPF: none (m.surveyanalytics.com: No applicable sender policy available) receiver=spamgateway; identity=mailfrom; envelope-from="surveybounce@m.surveyanalytics.com"; helo=mail1.surveyanalytics.com; client-ip=70.42.174.189
Received: from mail1.surveyanalytics.com (mail1.surveyanalytics.com
[70.42.174.189]) by spamgateway (Proxmox) with ESMTP id
E5F9780D7627 for <user@mydomain>; Tue, 10 Mar 2015 11:12:34 -0500 (CDT)
Received: from sadata1 (sadata1 [10.0.0.193]) by mail1.surveyanalytics.com
(Postfix) with ESMTP id 71DF5A60862 for <user@mydomain>; Tue, 10 Mar
2015 09:03:02 -0700 (PDT)
Date: Tue, 10 Mar 2015 09:03:02 -0700
From: Elle Ford <eford@vernonresearch.com>
To: <user@mydomain>
Message-ID: <551557743.723288.1426003382467.JavaMail.surveyanalytics@samail>
Subject: Your HR expertise is needed
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_723287_565211297.1426003382460"
X-Bounce-To: surveybounce+139440870@m.surveyanalytics.com
X-Proxmox-CTCH-Refid: str=0001.0A020205.54FF17F4.00E3:SCFSTAT29658072,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-SPAM-LEVEL: Spam detection results: 0
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_IMAGE_ONLY_32 0.001 HTML: images with 2800-3200 bytes of words
HTML_MESSAGE 0.001 HTML included in message
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at http://www.dnswl.org/, no trust
RP_MATCHES_RCVD 0.001 Envelope sender domain matches handover relay domain
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.
Return-Path: surveybounce+139440870@m.surveyanalytics.com
X-MS-Exchange-Organization-AuthSource: myexchangeserver
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-EsetId: A4D57938467EE432FE9327
Any thoughts?
