Письмо блокируется (6.6 points, 8.0 required)

[brood2]

Странное происходит

Content analysis details:   (6.6 points, 8.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME           From: does not include a real name
1.4 X_MAILER_SPAM          X-Mailer: header is bulk email fingerprint
4.3 SUBJ_ILLEGAL_CHARS     Subject: has too many raw illegal characters
0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                          [score: 0.5000]

------------------------- BEGIN HEADERS -----------------------------

и письмо в спаме !!!
Поможите кто чем может ничего не пойму!!!

[Stranger03]

дайте полный заголовок письма, посмотрите что пишет спамд в лог на это письмо.

[brood2]

собственно всё письмо

Unsolicited bulk email from:
w_agrad@skydive.ru
Subject: Registration at Болтушка Аэрограда
Our internal reference code for the message is l5FAGcRS021827/CsJNDHZXLJcQ.

The message WAS NOT delivered to:
<admin@us.com.ua>:
 550 5.7.1 Message content rejected, UBE, id=l5FAGcRS021827

The message has been quarantined as:
spam-CsJNDHZXLJcQ.gz

SpamAssassin report:
Spam detection software, running on the system "router.us.com.ua", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
postmaster for details.

Content preview:  Автоматическое сообщение от Болтушки Аэрограда brood2,
Thank you for registering at Болтушка Аэрограда. [...]

Content analysis details:   (6.6 points, 8.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
1.0 NO_REAL_NAME           From: does not include a real name
1.4 X_MAILER_SPAM          X-Mailer: header is bulk email fingerprint
4.3 SUBJ_ILLEGAL_CHARS     Subject: has too many raw illegal characters
0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                          [score: 0.5000]

------------------------- BEGIN HEADERS -----------------------------
Return-Path: <w_agrad@skydive.ru>
Received: from skydive.ru (skydive.ru [195.42.181.13])
   by router.us.com.ua (amavis-milter) id l5FAGcRS021827; Fri, 15 Jun 2007 13:16:40 +0300
Received: by skydive.ru (Postfix, from userid 502)
   id 4B30C69E41; Fri, 15 Jun 2007 14:10:34 +0400 (MSD)
To: admin@us.com.ua
From: talk@aerograd.ru
X-Mailer: ikonboard
X-Mailer-Info: http://www.ikonboard.com/
Content-type: text/plain; charset="windows-1251"
Subject: Registration at Болтушка Аэрограда
Message-Id: <20070615101034.4B30C69E41@skydive.ru>
Date: Fri, 15 Jun 2007 14:10:34 +0400 (MSD)
-------------------------- END HEADERS ------------------------------


это содержание spam-CsJNDHZXLJcQ.gz

Return-Path: <w_agrad@skydive.ru>
Delivered-To: spam-quarantine
X-Envelope-From: <w_agrad@skydive.ru>
X-Envelope-To: <admin@us.com.ua>
X-Quarantine-Id: <CsJNDHZXLJcQ>
Received: from skydive.ru (skydive.ru [195.42.181.13])
by router.us.com.ua (amavis-milter) id l5FAGcRS021827; Fri, 15 Jun 2007 13:16:40 +0300
Received: by skydive.ru (Postfix, from userid 502)
id 4B30C69E41; Fri, 15 Jun 2007 14:10:34 +0400 (MSD)
To: admin@us.com.ua
From: talk@aerograd.ru
X-Mailer: ikonboard
X-Mailer-Info: http://www.ikonboard.com/
Content-type: text/plain; charset="windows-1251"
Subject: Registration at Болтушка Аэрограда
Message-Id: <20070615101034.4B30C69E41@skydive.ru>
Date: Fri, 15 Jun 2007 14:10:34 +0400 (MSD)
X-Spam-Status: Yes, score=6.606 tag=2 tag2=5 kill=6.31 tests=[BAYES_50=0.001,
NO_REAL_NAME=0.961, SUBJ_ILLEGAL_CHARS=4.279, X_MAILER_SPAM=1.365]
X-Spam-Score: 6.606
X-Spam-Level: ******
X-Spam-Flag: YES

Автоматическое сообщение от Болтушки Аэрограда

brood2,

Thank you for registering at Болтушка Аэрограда.

(http://www.aerograd.ru/talk/ikonboard.cgi)

Please keep these details safe. You will not be able to log into the board unless you use these details.

=====================================================

Member Name: brood2
Password: *********
=====================================================

To activate your account, simply click on the link below!
Please note, that if you don't activate your account within 10 days, you will have to re-register.
http://www.aerograd.ru/talk/ikonboard.c ... 9a1c80a510

AOL users: You may need to cut and paste that link into your web browsers address bar.

If you get an error, you may complete the registration manually:
To do this, go to http://www.aerograd.ru/talk/ikonboard.c ... eg&CODE=05 and enter the following details when prompted

e-mail Address:  admin@us.com.ua
Unique Code:  *************


Thanks!
Болтушка Аэрограда

[brood2]

хелп опять теже грабли

Content analysis details:   (6.4 points, 8.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
1.4 X_MAILER_SPAM          X-Mailer: header is bulk email fingerprint
0.1 FORGED_RCVD_HELO       Received: contains a forged HELO
-0.7 BAYES_20               BODY: Bayesian spam probability is 5 to 20%
                          [score: 0.1899]
2.5 MIME_CHARSET_FARAWAY   MIME character set indicates foreign language
0.3 MIME_BOUND_NEXTPART    Spam tool pattern in MIME boundary
1.3 FROM_EXCESS_BASE64     From: base64 encoded unnecessarily
1.6 AWL                    AWL: From: address is in the auto white-list

------------------------- BEGIN HEADERS -----------------------------

[Stranger03]

Логи спамд на это письмо и заодно конфиг сюда же. Или можно в аську - почту.

[brood2]

сори пришлось в командировку уехать
новое письмо

Уведомление


Unsolicited bulk email from:
alnikol@levada.ua
Subject: =3D?koi8-r?B?Rlc6IMTPx8/Xz9I=3D?=3D
Our internal reference code for the message is l5RBCeL8020424/sTbYhMjHstMV.

According to the 'Received:' trace, the message originated at:
[80.90.225.82]
SNAB2 ([192.168.1.63])

The message WAS NOT delivered to:
<emiliya@us.com.ua>:
 550 5.7.1 Message content rejected, UBE, id=l5RBCeL8020424

The message has been quarantined as:
spam-sTbYhMjHstMV.gz

SpamAssassin report:
Spam detection software, running on the system "router.us.com.ua", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
postmaster for details.

Content preview:  _____ From: Николаевский Алексей
[mailto:alnikol@levada.ua] Sent: Wednesday, June 27, 2007 11:46 AM To:
'emiliya@us.com.ua' Subject: договор Пришлите по адресу: 65091 г. Одесса
ул. Средняя, 36 Николаевскому Алексею [...]

Content analysis details:   (6.4 points, 8.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
-0.2 BAYES_40               BODY: Bayesian spam probability is 20 to 40%
                          [score: 0.2981]
0.1 HTML_90_100            BODY: Message is 90% to 100% HTML
0.0 HTML_MESSAGE           BODY: HTML included in message
0.2 MIME_BASE64_NO_NAME    RAW: base64 attachment does not have a file name
1.9 MIME_BASE64_TEXT       RAW: Message text disguised using base64 encoding
2.5 MIME_CHARSET_FARAWAY   MIME character set indicates foreign language
1.9 AWL                    AWL: From: address is in the auto white-list

------------------------- BEGIN HEADERS -----------------------------
Return-Path: <alnikol@levada.ua>
Received: from mx.sun-tel.net (mx.sun-tel.net [80.90.224.7])
   by router.us.com.ua (amavis-milter) id l5RBCeL8020424; Wed, 27 Jun 2007 14:12:43 +0300
Received: by mx.sun-tel.net (Postfix, from userid 513)
   id 914DB130F74; Wed, 27 Jun 2007 14:06:21 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on justas.sun-tel.net
X-Spam-Status: No, score=3.4 required=6.0 tests=ALL_TRUSTED,AWL,BAYES_50,
   HTML_90_100,HTML_MESSAGE,MIME_BASE64_NO_NAME,MIME_BASE64_TEXT
   autolearn=no version=3.1.3
X-Spam-Level: ***
Received: from mx.sun-tel.net (localhost [127.0.0.1])
   by mx.sun-tel.net (Postfix) with ESMTP id 75C58131057
   for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:06:19 +0300 (EEST)
Received: from levada.ua (unknown [80.90.225.82])
   by mx.sun-tel.net (Postfix) with ESMTP id A93C2130A73
   for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:06:18 +0300 (EEST)
Received: from SNAB2 ([192.168.1.63])
   by levada.ua (8.13.4/8.13.4) with ESMTP id l5RBIvZ8049697
   for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:18:58 +0300 (EEST)
Message-Id: <200706271118.l5RBIvZ8049697@levada.ua>
From: "=?koi8-r?B?7snLz8zBxdfTy8nKIOHMxcvTxco=?=" <alnikol@levada.ua>
To: <emiliya@us.com.ua>
Subject: =?koi8-r?B?Rlc6IMTPx8/Xz9I=?=
Date: Wed, 27 Jun 2007 14:06:12 +0300
MIME-Version: 1.0
X-Security: message sanitized on justas
   See http://www.impsec.org/email-tools/sanitizer-intro.html
   for details. $Revision: 1.151 $Date: 2006-01-20 07:29:24-08
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/mixed;
   boundary="----=_NextPart_000_001E_01C7B8C4.52334120"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Thread-Index: Ace4l4kNA1TBjjFOTbGSBHeKcjDmWQAE5RcA
X-Virus-Scanned: ClamAV
-------------------------- END HEADERS ------------------------------



local.cf


# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#


# do not change the subject
# to change the subject, e.g. use
# rewrite_header Subject ****SPAM(_SCORE_)****
rewrite_header Subject

# Set the score required before a mail is considered spam.
# required_score 5.00

# uncomment, if you do not want spamassassin to create a new message
# in case of detecting spam
# report_safe 0
   



   required_hits 8
   rewrite_header 1
   report_safe 1
   use_bayes 1
   auto_learn 1
   use_terse_report 1
   always_add_headers 1
   fold_headers 1
   spam_level_stars 1
   spam_level_char *
   rewrite_subject 1
   subject_tag !!! SPAMER SSYKO !!!
   ok_languages ru
   ok_locales en
   use_razor1 1
   use_razor2 1
   use_pyzor 1
   use_dcc 1
   use_auto_whitelist 1
   skip_rbl_checks 0
   body VIAGRA /viagra/i
   body PENIS /penis/i
   score VIAGRA 8
   score PENIS 8
   score CHARSET_FARAWAY_HEADER 0
   score RCVD_IN_BL_SPAMCOP_NET 10
   score RCVD_IN_DSBL 10
   score RCVD_IN_WHOIS_BOGONS 10
   score RCVD_IN_XBL 10
   score URIBL_JP_SURBL 10
   score SUBJ_ILLEGAL_CHARS 0
   score URIBL_OB_SURBL 10
   score URIBL_SC_SURBL 10
   score CHARSET_FARAWAY 0
   score FROM_ILLEGAL_CHARS 0
   blacklist_from *@online.ua
#    blacklist_from *@hotmail.com
   whitelist_from *@us.com.ua
   whitelist from *@gpu-ua.info


Собственно само письмо в мильтере



Return-Path: <alnikol@levada.ua>
Delivered-To: spam-quarantine
X-Envelope-From: <alnikol@levada.ua>
X-Envelope-To: <emiliya@us.com.ua>
X-Quarantine-Id: <sTbYhMjHstMV>
Received: from mx.sun-tel.net (mx.sun-tel.net [80.90.224.7])
by router.us.com.ua (amavis-milter) id l5RBCeL8020424; Wed, 27 Jun 2007 14:12:43 +0300
Received: by mx.sun-tel.net (Postfix, from userid 513)
id 914DB130F74; Wed, 27 Jun 2007 14:06:21 +0300 (EEST)
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on justas.sun-tel.net
X-Spam-Status: No, score=3.4 required=6.0 tests=ALL_TRUSTED,AWL,BAYES_50,
HTML_90_100,HTML_MESSAGE,MIME_BASE64_NO_NAME,MIME_BASE64_TEXT
autolearn=no version=3.1.3
X-Spam-Level: ***
Received: from mx.sun-tel.net (localhost [127.0.0.1])
by mx.sun-tel.net (Postfix) with ESMTP id 75C58131057
for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:06:19 +0300 (EEST)
Received: from levada.ua (unknown [80.90.225.82])
by mx.sun-tel.net (Postfix) with ESMTP id A93C2130A73
for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:06:18 +0300 (EEST)
Received: from SNAB2 ([192.168.1.63])
by levada.ua (8.13.4/8.13.4) with ESMTP id l5RBIvZ8049697
for <emiliya@us.com.ua>; Wed, 27 Jun 2007 14:18:58 +0300 (EEST)
Message-Id: <200706271118.l5RBIvZ8049697@levada.ua>
From: "=?koi8-r?B?7snLz8zBxdfTy8nKIOHMxcvTxco=?=" <alnikol@levada.ua>
To: <emiliya@us.com.ua>
Subject: =?koi8-r?B?Rlc6IMTPx8/Xz9I=?=
Date: Wed, 27 Jun 2007 14:06:12 +0300
MIME-Version: 1.0
X-Security: message sanitized on justas
See http://www.impsec.org/email-tools/sanitizer-intro.html
for details. $Revision: 1.151 $Date: 2006-01-20 07:29:24-08
X-Security: The postmaster has not enabled quarantine of poisoned messages.
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_001E_01C7B8C4.52334120"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Thread-Index: Ace4l4kNA1TBjjFOTbGSBHeKcjDmWQAE5RcA
X-Virus-Scanned: ClamAV
X-Spam-Status: Yes, score=6.434 tag=2 tag2=5 kill=6.31 tests=[AWL=1.946,
BAYES_40=-0.185, HTML_90_100=0.113, HTML_MESSAGE=0.001,
MIME_BASE64_NO_NAME=0.224, MIME_BASE64_TEXT=1.885, MIME_CHARSET_FARAWAY=2.45]
X-Spam-Score: 6.434
X-Spam-Level: ******
X-Spam-Flag: YES

This is a multi-part message in MIME format.

------=_NextPart_000_001E_01C7B8C4.52334120
Content-Type: multipart/alternative; boundary="----=_NextPart_001_001F_01C7B8C4.52334120"


------=_NextPart_001_001F_01C7B8C4.52334120
Content-Type: text/plain; charset="koi8-r"
Content-Transfer-Encoding: base64