On Sat, Nov 01, 2008 at 11:19:44PM +0100, Karsten Bräckelmann wrote:
> On Sat, 2008-11-01 at 19:54 +0000, Martin Gregorie wrote:
> > On Sat, 2008-11-01 at 18:20 +0100, Karsten Bräckelmann wrote:

>

..snip..
>
> > and here's one of the messages I mentioned:
> >
> > http://pastebin.com/m1de987d0

>
> X-Spam-Status: No, score=5.2 required=6.0 tests=HTML_MESSAGE,MIME_HTML_ONLY,
> RCVD_IN_PBL,RCVD_IN_XBL,RDNS_NONE
>
> This one would have been flagged as spam when using the default
> required_score spam threshold of 5.0. Also, I notice you're apparently
> not using Bayes, which likely could raise the score above your 6.0
> threshold, when trained on these.
>
> On my check the sample also scored 0.8 for SPF_HELO_SOFTFAIL. Plus
> Pyzor, which is not enabled by default unless you install Pyzor.
>
> URIBL_BLACK as well as SURBL JP and OB triggered for me. These might
> very well be updated *after* you received that mail, but it won't hurt
> to check, if they are working for you at all.
>
> Oh, and then I got a custom rule worth 0.5 for any single Relay, direct
> client to MX mail.


And for me it scored 13 (and that was despite bayes_00 scoring at -2.6! - I
guess I haven't been blessed with any of these myself.

A large part of that score was from the Botnet plugin. It might be worth
looking into that...

HTH

Mark


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkM3CYACgkQ75heFf3niHI3bgCdH+9YlDe/SgUIxs7nwlm9WR4K
luAAniOLkwl7vp/Tvj4mm0VJY/9JWGwf
=1dIA
-----END PGP SIGNATURE-----