> It would be helpful to post an entire actual set of headers --
> unmodified -- along with the spamassassin -t report. I can't figure
> out (from what you posted) the IP address of the server that was in
> DNSWL_HI that delivered mail to your internal/trusted network.
OK, here is the entire output of this command:
sudo -u s -- spamassassin -t -d < the_spam_email
Note: I've changed the score of RCVD_IN_DNSWL_HI hits to -2.0 from -5.0
until I get my misconfiguration figured out. Thanks for your patience.
Received: from localhost by email.dondley.com
with SpamAssassin (version 3.4.2);
Sat, 10 Apr 2021 12:41:17 -0400
From:
=?shift_jis?B?kmqCzI/bkqWKZ5HljHaJ5iBBaXAxMA==?=<qy5cbma-yua06@yahoo.co.jp>
To: <sdondley@dondley.com>
Subject: *****SPAM*****
=?shift_jis?B?g0mDk4NpgqqLgYLfgumXQojqlrOT8YLMgZqDZoNKg2CDk4GagvCBSTA5?=
Date: Sat, 10 Apr 2021 18:50:01 +0900
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
email.dondley.com
X-Spam-Flag: YES
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.2 required=5.0 tests=BASE64_LENGTH_79_INF,
BAYES_99,BAYES_999,DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,FREEMAIL_REPLYTO,
FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSP_FREEMAIL,FROM_MISSP_REPLYTO,
LOCAL_SPAM_TLD,LOCAL_UNCOMMON_TLD,MISSING_MID,NML_ADSP_CUSTOM_MED,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H2,RCVD_IN_PSBL,
RCVD_IN_RP_RNBL,RCVD_IN_VALIDITY_RPBL,RDNS_NONE,SPF_HELO_SOFTFAIL,
SPF_SOFTFAIL,SPOOFED_FREEMAIL,SPOOFED_FREEMAIL_NO_RDNS,
SPOOFED_FREEM_REPTO,TVD_SPACE_ENCODED shortcircuit=no autolearn=no
autolearn_force=no version=3.4.2
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_6071D52D.C7B255FE"
This is a multi-part message in MIME format.
------------=_6071D52D.C7B255FE
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "email.dondley.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview:
@?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª
@@@@@@@??Æ?EÅ??Ì?{??????¬?·?ø?Ê?
@@@@@@@@@@??y?j?X??å?T?v???
Content analysis details: (23.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.0 RCVD_IN_DNSWL_HI RBL: Sender listed at
https://www.dnswl.org/, high trust
[203.160.71.180 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[203.160.71.180 listed in wl.mailspike.net]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[203.160.71.180 listed in psbl.surriel.com]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.0 LOCAL_SPAM_TLD Domain originates a lot of spam
1.0 LOCAL_UNCOMMON_TLD From address is not a common TLD
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
<
https://www.spamcop.net/bl.shtml?203.160.71.180>]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/ [203.160.71.180 listed in
bl.score.senderscore.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (qy5cbma-yua06[at]yahoo.co.jp)
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit (qy5cbma-yua06[at]yahoo.co.jp)
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record
(softfail)
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
(softfail)
1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line
length greater than 79 characters
0.5 MISSING_MID Missing Message-Id: header
0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to
RCVD_IN_VALIDITY_RPBL, please update local
rules
0.8 RDNS_NONE Delivered to internal network by a host with
no rDNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing
list
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
2.5 TVD_SPACE_ENCODED Space ratio & encoded subject
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
2.0 SPOOFED_FREEMAIL No description available.
2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
------------=_6071D52D.C7B255FE
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Received-SPF: Softfail (mailfrom) identity=mailfrom;
client-ip=203.160.71.180; helo=yahoo.co.jp;
envelope-from=qy5cbma-yua06@yahoo.co.jp; receiver=<UNKNOWN>
Received: from yahoo.co.jp (unknown [203.160.71.180])
by email.dondley.com (Postfix) with SMTP id 842C2210C0
for <sdondley@dondley.com>; Sat, 10 Apr 2021 05:49:55 -0400 (EDT)
To: <sdondley@dondley.com>
From:
=?shift_jis?B?kmqCzI/bkqWKZ5HljHaJ5iBBaXAxMA==?=<qy5cbma-yua06@yahoo.co.jp>
Subject:
=?shift_jis?B?g0mDk4NpgqqLgYLfgumXQojqlrOT8YLMgZqDZoNKg2CDk4GagvCBSTA5?=
MIME-Version: 1.0
Reply-To: <qy5cbma-yua06@yahoo.co.jp>
Date: Sat, 10 Apr 2021 18:50:01 +0900
Content-Type:text/plain; charset="shift_jis"
Content-Transfer-Encoding: base64
gUCEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqDQoNCg0KgUCBQIFAgUCBQIFAgUCBmYvGikWNxY2CgsyDe4OLg4KDk5CskreM+InKgZkNCg0KgUCBQIFAgUCBQIFAgUCBQIFAgUCBmoN5g2qDWJGdkeWDVIN2g4qBmg0KDQqBQIFAgUCBQIFAgUCCYIKHgo6ChYKTgWmDQYNqg0eDWCCDToOJg1ggg3iBW4NWg2KDToFqDQoNCg0KgUCEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqgXuEqoF7hKqBe4SqDQoNCoFAgUCVvYvPk0mCyJCskGyPl5CrgqqR5YKrgqKCxoq0graC6YN5g2qDWINUg0ODWYLNMTYuNGNtiMiP4w0KDQoNCoFAgUCBQIFAgUCBQIFAgUCDZoSrg0qEq4NghKuDk4SrgUWEq4uQhKuNqoSrDQqBQIFAgUCBQIFAgUCBQIFAhKqEroSqhK6EqoSuhKqEroSqhK6EqoSuhKqErg0KDQoNCoFAgUCBQIFAgUCBQINJg5ODaYKqi4GC34Lpl0KI6pazk/GCzINKg4mDX4LJifyRog0KDQoNCg0Kj6SVaY/ajdeCzYKxgr+C54KpgueBq4GrgauBq4GrgauBq4GrDQpodHRwczovL2JpdC5seS8zcGtaOEc0DQoNCg0KDQoNCoFAgUCBQCouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkqLiqBmQ0KDQqBQIFAgUCBQJGXl7+Ws5e/gsWCqJSDgqKTvoNMg4ODk4N5gVuDk47AjnuShoFJDQoNCg0KgUCBQIFAgUCBQIFAgUCDQYNqg0eDWCCDToOJg1ggg3iBW4NWg2KDTg0KgUCBQIFAgUCBQIFAgUCBQIFAgUCPiYnxjMCS6DY0gZ
NPRkYNCg0KDQqBQIFAgUCBQIFAgUCBQIFAgUCBQJLKj+2Jv4ppMTgsOTAwiX4NCg0KgUCBQIFAgUCBQIFAgUCBQIFAgUCBq4GrgauBq4GrgauBq4GrDQoNCoFAgUCBQIFAgUCBQIFAgUCBQIFAgUA2LDk4MIl+gWmQxY2egWoNCg0KDQqBQIFAgUAqLiqBmSouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkNCg0KgUCBQIOPg1CCqoKggumBSYFIj5eQq4LMkKuKtJHRg3yDi4Ngg0mCxoN5g2qDWILJkeWCq4KzDQoNCoFAgUCBQIFAMTYuNGNtiMiP44LMg3mDaoNYg1SDQ4NZgqqIpIKzguqC6Zedl1INCg0KgUCBQI7Ags2CsYLMMTYuNGNtiMiP44LMg3mDaoNYg1SDQ4NZgqqIpIKzguqC6Zedl1KCzaWlpQ0KDQqBQI53gsiCx4LFgs2TzYKrgsmCrYKijnGLe4x6lZSCzIN8g4uDYINJkKuKtJHRgvCOaIyDgreC6Q0KgUCCzILJlUuXdoLIg1SDQ4NZgUIgDQoNCoFAg3yDi4Ngg0mCzYzjk1aTSYLIkKuKtJHRgsWCoILogUGWoopKlK2CyI/qjYeCzZP3gqqNZIKtDQqBQILIgsGCxIKigtyCt4FCIA0KDQqBQI9dgsGCxIxvjLGCzJDzgqKPl5Crgs2SyYKqgumCsYLGguCCoILpiOqV+4LFgUGMb4yxlkyVeA0KgUCPl5CrguKPb45ZjG+MsYLMgqCC6ZBsgs2T94Kqj1+C54Kpgq2CyILogUGOcYt7jPuC4IpKgq0NCoFAgsyCxYN8g4uDYINJgsyJ9Yq0gvCTvoLigreCooLGjL6C7YLqgsSCqILogUGPb45ZjOOC3IK9DQqBQILNlE6C8JLHgqSCsoLGgsmKtJN4gqqP44KqgsGCvZOZgsaMvoLtguqCxIKigumRrZDggs2CsQ0
KgUCCzIjXgsaCs4LqgsSCooLcgreBQg0KDQqBQIK7grWCxIKxgsyDfIOLg2CDSZCrirSR0YLFk76C6oLpifWKeYLNgUGCyILxgsaCZoNYg3yDYoNnDQqBQILMlvGCVYFgMTCUe4LGgrOC6oLEgqiC6IFBiOqTeJahgu2CpoLOllmC6oLnguqCyIKiguaCpILIDQqBQIn1irSC8JO+gumCxoKzguqC6Y+XkKuCzI3FjYKCzIn1irSDWIN8g2KDZ4LGgrOC6oLEgqKC3IK3gUINCg0KDQqBQIFAgUAqLiqBmSouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkqLiqBmSouKoGZKi4qgZkNCg0KDQqPpJVpj9qN14LNgrGCv4LngqmC54GrgauBq4GrgauBq4GrgasNCmh0dHBzOi8vYml0Lmx5LzNwa1o4RzQNCg0KDQoNCg0KDQoNCg0KDQoNCoOBg4uDfYNLkuKOfoLNgrGCv4LngtyCxQ0KYTFfaW5mbzAxQHlhaG9vLmNvLmpwDQoNCoGmg0GDaIOMg1iC8JWhkJSCqI6dgr+CzJX7gs2BQZVLgriShZBNg0GDaIOMg1iCzA0KgrKKbZRGgqiK6IKigqKCvYK1gtyCt4FCDQo=
------------=_6071D52D.C7B255FE--
Spam detection software, running on the system "email.dondley.com",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview:
@?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª{?ª
@@@@@@@??Æ?EÅ??Ì?{??????¬?·?ø?Ê?
@@@@@@@@@@??y?j?X??å?T?v???
Content analysis details: (23.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-2.0 RCVD_IN_DNSWL_HI RBL: Sender listed at
https://www.dnswl.org/, high trust
[203.160.71.180 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[203.160.71.180 listed in wl.mailspike.net]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[203.160.71.180 listed in psbl.surriel.com]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.5 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.0 LOCAL_SPAM_TLD Domain originates a lot of spam
1.0 LOCAL_UNCOMMON_TLD From address is not a common TLD
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see
<
https://www.spamcop.net/bl.shtml?203.160.71.180>]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/ [203.160.71.180 listed in
bl.score.senderscore.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (qy5cbma-yua06[at]yahoo.co.jp)
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit (qy5cbma-yua06[at]yahoo.co.jp)
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record
(softfail)
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.7 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
(softfail)
1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line
length greater than 79 characters
0.5 MISSING_MID Missing Message-Id: header
0.0 RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to
RCVD_IN_VALIDITY_RPBL, please update local
rules
0.8 RDNS_NONE Delivered to internal network by a host with
no rDNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing
list
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
2.5 TVD_SPACE_ENCODED Space ratio & encoded subject
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
2.0 SPOOFED_FREEMAIL No description available.
2.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider