RE: What does each SPAM hit mean?

Thread: RE: What does each SPAM hit mean?

Search this list only Search all lists
RE: What does each SPAM hit mean?
United States	2007-07-18 00:25:01

Thanks Chris.  BTW, just to add to your morning office fun, we have a Chris in our office.  So Patrick has taken to calling you Chris P, to different. However he pronounces Crispy.  So we have taken that little joke to the extreme by saying things like "...have you gotten a response from burnt boy yet..." ::> All smiles. Thanks, now I know where to look. ab * CONFIDENTIALITY NOTICE * This message and any attached files are for the designated recipient only and may contain abcISP, Inc. privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any dissemination, distribution, copying or any other use of this message is strictly prohibited. * CONFIDENTIALITY NOTICE * The Traditions of the Church are the Teachings of Christ  From: Support Surgemail CP [mailto:surgemail-supportnetwinsite.com] Sent: Tuesday, July 17, 2007 6:43 PM To: surgemail-listnetwinsite.com; Alex Barron Subject: Re: [SurgeMail List] What does each SPAM hit mean? Alex Barron wrote: malcolm.abcispinc type="cite"> I am tightening my SPAM settings, and watching my log very carefully. I realize that I do not know what most of my log is telling me. Also I don't have an easy reference guide that says if a legitimate email is getting hit with x or y, which configuration do I look too. I searched the Netwin site, the manual and the SurgeMail mailing list, but didn't find what these entries mean. Does any one know what each of these settings mean? ; I would also like to know if any one knows which settings control each of these, but that is secondary. Below seem to be the common entries in the log. FYI, You can look in 'aspam_mfilter.txt' for these and see what logic is applied in each case (well for most of them anyway) malcolm.abcispinc type="cite"> From4consonants=0.5 The username contains four non vowels in a row, which is 'rare' in english. malcolm.abcispinc type="cite"> GreyPassed=1.0 The messages was grey list blocked and then the sending server resent. malcolm.abcispinc type="cite"> Price & DodgySrc=1.0 DodgySource=2.0, SPF Default Fail=2.5 (above 3) The source ip address was not verifiable via spf and other mechanisms malcolm.abcispinc type="cite"> X-Verify-Failed present=2.0, The return address could not be verified. malcolm.abcispinc type="cite"> combo mx and smtp and from=2.0, A combination of three headers all suggesting the source may be invalid. malcolm.abcispinc type="cite"> X-Verify-SMTP present=0.6, Couldn't connect back to sending server on port 25 malcolm.abcispinc type="cite"> X-Verify-MX present=1.6" The sending server wasn't a close match to any of the mx records. malcolm.abcispinc type="cite"> SpamUrl=4.1 Found a url in the message in a list of bad urls. ; Send message to 'your.domain">notspamyour.domain' to correct if this is not spam. malcolm.abcispinc type="cite"> Aspam=-0.8 The score from the best match in aspam list of messages isspam/notspam... malcolm.abcispinc type="cite"> NakedCR=0.2 Message contained a naked 'cr' character, instead of 'crlf' malcolm.abcispinc type="cite"> SPF Soft=3.0 A soft spf failure, so spf failed but the spf rule said 'don't be too mean' malcolm.abcispinc type="cite"> ImageSize=3.0 The message appears to contain an image of a suspicious nature. malcolm.abcispinc type="cite"> Also, I was trying to figure out how "busy" we are as an ISP (actually as a IT service provider, but hey). ; We process on average 500 emails per hour. ; Is that small, tiny not worthy of posting to the list or a decent sized ISP? Hard to answer, I've seen servers on occasion running at thirty times that. ; But those are probably different business models entirely so not really relevant for comparison. ; ChrisP.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )