Hi,
It looks like I am using SA 4.0.0 on Ubuntu 23.x. I have looked for an
answer in Google-pedia, and it either does not exist or I am not able to
figure out the correct search term.
Is there a way to get a "spam report" or "expanded spam headers" from
spamassassin included in the incoming emails? I'm think of something
like what rspamd provides when expanded_headers is set to true. I would
also accept a tool that I can submit an email too that would do the
same. Ultimately, when I see an piece of spam that gets through, I'm
having to manually look up each rule, the score, and figure out why it
was considered ham. I'd like something that would automate some of the
work while I'm tweaking things.
Here's an example of what I'm thinking of (from rspamd):
X-Spamd-Result: default: False [12.36 / 15.01];
BAYES_SPAM(5.10)[99.99%]; URIBL_RED(3.50)[spamserver.domain.xx:url];
FORGED_RECIPIENTS(2.00)[m:mail@domain1.xx,s:mail@domain2.xx];
R_MIXED_CHARSET(1.07)[subject]; MID_RHS_NOT_FQDN(0.50)[];
BAD_REP_POLICIES(0.10)[]; RCVD_NO_TLS_LAST(0.10)[];
HAS_ANON_DOMAIN(0.10)[];
MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain];
MX_GOOD(-0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_NA(0.00)[];
RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:34300, ipnet:XXX.XXX.XXX.0/19,
country:XX]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:+];
FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
GREYLIST(0.00)[pass,body]; R_SPF_ALLOW(0.00)[+a:c];
RWL_MAILSPIKE_POSSIBLE(0.00)[XXX.XXX.XXX.36:from]; TO_DN_NONE(0.00)[];
CLAM_VIRUS_FAIL(0.00)[failed to scan and retransmits exceed];
<https://www.allerstorfer.at/clamav-with-rspamd-and-ispconfig-on-ubuntu/>DMARC_NA(0.00)[spamsender.domain.xx];
ARC_NA(0.00)[]
D
It looks like I am using SA 4.0.0 on Ubuntu 23.x. I have looked for an
answer in Google-pedia, and it either does not exist or I am not able to
figure out the correct search term.
Is there a way to get a "spam report" or "expanded spam headers" from
spamassassin included in the incoming emails? I'm think of something
like what rspamd provides when expanded_headers is set to true. I would
also accept a tool that I can submit an email too that would do the
same. Ultimately, when I see an piece of spam that gets through, I'm
having to manually look up each rule, the score, and figure out why it
was considered ham. I'd like something that would automate some of the
work while I'm tweaking things.
Here's an example of what I'm thinking of (from rspamd):
X-Spamd-Result: default: False [12.36 / 15.01];
BAYES_SPAM(5.10)[99.99%]; URIBL_RED(3.50)[spamserver.domain.xx:url];
FORGED_RECIPIENTS(2.00)[m:mail@domain1.xx,s:mail@domain2.xx];
R_MIXED_CHARSET(1.07)[subject]; MID_RHS_NOT_FQDN(0.50)[];
BAD_REP_POLICIES(0.10)[]; RCVD_NO_TLS_LAST(0.10)[];
HAS_ANON_DOMAIN(0.10)[];
MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain];
MX_GOOD(-0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_NA(0.00)[];
RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:34300, ipnet:XXX.XXX.XXX.0/19,
country:XX]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~,5:+];
FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
GREYLIST(0.00)[pass,body]; R_SPF_ALLOW(0.00)[+a:c];
RWL_MAILSPIKE_POSSIBLE(0.00)[XXX.XXX.XXX.36:from]; TO_DN_NONE(0.00)[];
CLAM_VIRUS_FAIL(0.00)[failed to scan and retransmits exceed];
<https://www.allerstorfer.at/clamav-with-rspamd-and-ispconfig-on-ubuntu/>DMARC_NA(0.00)[spamsender.domain.xx];
ARC_NA(0.00)[]
D