0

Spam scores are above 5 (my threshold)!

X-Spam-Status: Yes, score=5.924 tagged_above=-9999 required=5
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_IMAGE_RATIO_02=0.805,
    HTML_MESSAGE=0.001, NO_RECEIVED=-0.001, NO_RELAYS=-0.001,
    RCVD_REMOVED=3.75, T_REMOTE_IMAGE=0.01, URIBL_GREY=1.084,
    URIBL_RHS_DOB=0.276] autolearn=disabled

RCVD_REMOVED seems to be the culprit. I believe it's because amavis is stripping that down, and spamassassin doesn't like it:

Received: from mail.xx ([127.0.0.1])
    by localhost (mail.xx [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id U6DCLGNBdNtN for <sam@xx.xx>;
    Tue, 22 Dec 2015 01:01:11 -0800 (PST)

I could just raise the threshold score to 6, but I'd rather fix this issue instead.

ffxsam
  • 433
  • 2
  • 4
  • 9
  • 1
    You need to explain a lot better what your problem is. – Sven Dec 22 '15 at 09:49
  • 1
    What else would you like to know? Summary: spam score is high because I believe amavis is stripping the "Received" header. I'd like to have it not do that. I don't want the 3.75 score from `RCVD_REMOVED`. Is that specific enough? – ffxsam Dec 22 '15 at 10:27
  • 1
    Why is Amavis stripping received headers, did you ask it to? – Law29 Dec 23 '15 at 09:15

4 Answers4

1

I had the same issue and it started about the same time. Then I found out that in my Postfix installation the server deleted the Received headers before it passed the mail to SpamAssassin. I had this line in /etc/postfix/header_checks:

/^Received:/    IGNORE

I have no idea why I had it there but I deleted it and the problem is gone.

Attila Bakos
  • 11
  • 1
0

RCVD_REMOVED is a very unusual code (at least I've never seen it before). If you're getting it on all your mail and you won't or can't correct whatever is causing it, your easiest solution is probably to go into the amavis/spamassassin configuration and manually set a score of 0.0 for the RCVD_REMOVED tag.

To do this, add

score RCVD_REMOVED          0.0

to a likely configuration file (try to find a local.cf somewhere in /usr/share/spamassassin or /etc/mail/spamassassin, hopefully that will survive upgrades).

Law29
  • 3,557
  • 1
  • 16
  • 28
0

I have the same issue since 22nd of December. I didn't change anything regarding the configuration, so I think that must be a spamassassin signature update, which occur daily in my case.

I followed the answer above and set score RCVD_REMOVED 0.0 in /etc/spamassassin/local.cf(Ubuntu 14.04.3 LTS), which worked perfectly, but from my point of view, this does not really solve the root cause, which might be a faulty signature update.

Thomas M.
  • 101
-1

I think the main problem might be the following commit in spamassassin's sources made on December 16th 2015 which could be a good guess as this is the time about when the problem started:

https://github.com/apache/spamassassin/commit/aa98a1573458f8df5ebe4338eaa99eeba69d4876#diff-c34e50f996b2140fbdc2454bfbfb6267

In this commit the rule set of spamassassin has been modified introducing the new RCVD_REMOVED flag.

rulesrc/sandbox/jhardin/20_misc_testing.cf

meta       RCVD_REMOVED                __GATED_THROUGH_RCVD_REMOVER && !__BODY_URI_ONLY && !__XPRIO && !__DOS_HAS_LIST_ID && !__BOTH_INR_AND_REF 
describe   RCVD_REMOVED                Headers removed
score      RCVD_REMOVED                3.750    # limit
tflags     RCVD_REMOVED                publish
dachande
  • 1
  • 1
  • Please don't just post a link as an answer. From the Help Center, "Always quote the most relevant part of an important link, in case the target site is unreachable or goes permanently offline." – D34DM347 Jan 13 '16 at 14:52
  • I have added some additional info explaining what has been changed in the commit I posted here. I hope these information are sufficient to vote up my answer. – dachande Mar 21 '16 at 13:28