I'm very, very sorry to beat a dead horse, but I'm deeply confused by
the "RCVD_IN_DNSWL_HI" rule which appears to be reporting incorrectly on
my system.
I ran this command:
sudo -u s -- spamassassin -t -d < some_email
It gives me this report:
pts rule name description
---- ----------------------
--------------------------------------------------
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: bizgrouplinknews.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
[URIs: bizgrouplinknews.com]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus
DBL
blocklist
[URIs: bizgrouplinknews.com]
0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[50.30.46.135 listed in bl.mailspike.net]
-2.0 RCVD_IN_DNSWL_HI RBL: Sender listed at
https://www.dnswl.org/,
high trust
[50.30.46.135 listed in list.dnswl.org]
0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
<https://www.spamcop.net/bl.shtml?50.30.46.135>]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTTPS_HTTP_MISMATCH BODY: No description available.
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
3.5 URI_PHP_REDIR PHP redirect to different URL (link
obfuscation)
So it's showing the IP address 50.30.46.135 is whitelisted as shown by
the RCVD_IN_DNSWL_HI rule.
However, the dnswl.org domain shows that the 50.30.46.135 is *not*
whitelisted: https://www.dnswl.org/s/?s=50.30.46.135
So what would account for my system reporting it as whitelisted when the
dnswl.org domain does not report it as whitelisted?
the "RCVD_IN_DNSWL_HI" rule which appears to be reporting incorrectly on
my system.
I ran this command:
sudo -u s -- spamassassin -t -d < some_email
It gives me this report:
pts rule name description
---- ----------------------
--------------------------------------------------
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
blocklist
[URIs: bizgrouplinknews.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
[URIs: bizgrouplinknews.com]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus
DBL
blocklist
[URIs: bizgrouplinknews.com]
0.0 RCVD_IN_MSPIKE_L5 RBL: Very bad reputation (-5)
[50.30.46.135 listed in bl.mailspike.net]
-2.0 RCVD_IN_DNSWL_HI RBL: Sender listed at
https://www.dnswl.org/,
high trust
[50.30.46.135 listed in list.dnswl.org]
0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
<https://www.spamcop.net/bl.shtml?50.30.46.135>]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTTPS_HTTP_MISMATCH BODY: No description available.
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature
from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted
3.5 URI_PHP_REDIR PHP redirect to different URL (link
obfuscation)
So it's showing the IP address 50.30.46.135 is whitelisted as shown by
the RCVD_IN_DNSWL_HI rule.
However, the dnswl.org domain shows that the 50.30.46.135 is *not*
whitelisted: https://www.dnswl.org/s/?s=50.30.46.135
So what would account for my system reporting it as whitelisted when the
dnswl.org domain does not report it as whitelisted?