Wrong SA score?

T

team2021

Member
Jun 29, 2021
9
1
8
hello, this spam (sharepoint phising) passed through the PMG filter.
Do I understand correctly that mail was supposed to have a score of 2 (1.5 + 0.5), but he only got a score of 1?
Please, what do you recommend to improve so next similar mail does not go through? ( we mark as spam from score 2)

Score detail:

X-SPAM-LEVEL: Spam detection results: 1
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain
GB_SUBJ25 0.5 Subject with no Spaces
HTML_IMAGE_RATIO_08 0.001 HTML has a low ratio of text to image area
HTML_MESSAGE 0.001 HTML included in message
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
RCVD_IN_HOSTKARMA_BL 1.5 Sender listed in HOSTKARMA-BLACK
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
T_SPF_PERMERROR 0.01 SPF: test of record failed (permerror)


LOG:
Code: 
Jan 17 18:18:50 pmg postfix/smtpd[167918]: connect from relay.ilyich.org[15.235.134.48]
Jan 17 18:18:52 pmg postfix/smtpd[167918]: 7F4C86C011F: client=relay.ilyich.org[15.235.134.48]
Jan 17 18:18:53 pmg postfix/cleanup[167921]: 7F4C86C011F: message-id=<20230117090835.33B87EE29508F4E7@ilyich.org>
Jan 17 18:18:53 pmg postfix/qmgr[921]: 7F4C86C011F: from=<relay@ilyich.org>, size=62046, nrcpt=1 (queue active)
Jan 17 18:18:53 pmg pmg-smtp-filter[167496]: 6C0FE463C6D87D93C69: new mail message-id=<20230117090835.33B87EE29508F4E7@ilyich.org>#012
Jan 17 18:18:53 pmg postfix/smtpd[167918]: disconnect from relay.ilyich.org[15.235.134.48] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 17 18:18:54 pmg pmg-smtp-filter[167496]: 6C0FE463C6D87D93C69: SA score=1/5 time=1.135 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),GB_SUBJ25(0.5),HTML_IMAGE_RATIO_08(0.001),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),RCVD_IN_HOSTKARMA_BL(1.5),SPF_HELO_NONE(0.001),T_SPF_PERMERROR(0.01)
Jan 17 18:18:54 pmg postfix/smtpd[167926]: connect from localhost.localdomain[127.0.0.1]
Jan 17 18:18:54 pmg postfix/smtpd[167926]: CEB016C1009: client=localhost.localdomain[127.0.0.1], orig_client=relay.ilyich.org[15.235.134.48]
Jan 17 18:18:54 pmg postfix/cleanup[167921]: CEB016C1009: message-id=<20230117090835.33B87EE29508F4E7@ilyich.org>
Jan 17 18:18:54 pmg postfix/qmgr[921]: CEB016C1009: from=<relay@ilyich.org>, size=63135, nrcpt=1 (queue active)
Jan 17 18:18:54 pmg postfix/smtpd[167926]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 17 18:18:54 pmg pmg-smtp-filter[167496]: 6C0FE463C6D87D93C69: accept mail to <user@ourdomain> (CEB016C1009) (rule: default-accept)
Jan 17 18:18:54 pmg pmg-smtp-filter[167496]: 6C0FE463C6D87D93C69: processing time: 1.29 seconds (1.135, 0.061, 0)
Jan 17 18:18:54 pmg postfix/lmtp[167922]: 7F4C86C011F: to=<user@ourdomain>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.6, delays=1.3/0.02/0.05/1.3, dsn=2.5.0, status=sent (250 2.5.0 OK (6C0FE463C6D87D93C69))
Jan 17 18:18:54 pmg postfix/qmgr[921]: 7F4C86C011F: removed
Jan 17 18:18:55 pmg postfix/smtp[167927]: CEB016C1009: to=<user@ourdomain>, relay=192.168.1.91[192.168.1.91]:25, delay=0.21, delays=0.05/0.02/0.02/0.12, dsn=2.6.0, status=sent (250 2.6.0 <20230117090835.33B87EE29508F4E7@ilyich.org> [InternalId=39397735006227, Hostname=server] 64461 bytes in 0.107, 584,936 KB/sec Queued mail for delivery)
Jan 17 18:18:55 pmg postfix/qmgr[921]: CEB016C1009: removed
 
adding the scores:
Code: 
+0.1
-0.1
-0.1
-0.1
+0.5
+0.001
+0.001
+0.1
+1.5
+0.001
+0.01

results in the score: 1.913 which will be truncated not rounded. (note that 3 rules subtract 0.1 points each)
 
  • Like
Reactions: Stoiko Ivanov
Thanks
So you recommendation is to increase custom score to RCVD_IN_HOSTKARMA_BL and GB_SUBJ25 so that the score is higher than 2?
 
team2021 said:
Thanks
So you recommendation is to increase custom score to RCVD_IN_HOSTKARMA_BL and GB_SUBJ25 so that the score is higher than 2?
Click to expand...
if you want these to rules to be matched even if some points are subtracted, then yes you can increase the score of these
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back