Spam with lot of blind text not detected

[Chris741]

For most spam my spamassassin/amavisd Filter works quite well. However, regulary I get spam emails that contain blind text like this:

s Notizbuch IMG Ein Tagebuch Ein Notizbuch ist ein Buch mit unbeschriebenen Seiten, das der Sammlung von Einfällen, Bemerkungen und Notizen aller Art dient. Bei manuell-systematischer Aufzeichnung von naturwissenschaftlichen Beobachtungen oder Messungen spricht man hingegen von Beobachtungsbuch oder Feldbuch. Inhaltsverzeichnis * Geschichte * . Frühgeschichte * . Legal Pad * Formen und Verwendung * Wiederverwendbare Formen * . Stifte mit Radierfunktion * . Non-Permanente Marker * In der Literatur * Siehe auch * Literatur * Weblinks * Einzelnachweise GeschichteBearbeiten | Quelltext bearbeiten FrühgeschichteBearbeiten | Quelltext bearbeiten Während des . und . Jahrhunderts

These emails are not detected as spam. Also running them through sa-learn does not help. What can be done?
Thanks for any suggestion.

 

[wakko]

Could you check the message size? spamassassin has a default maximum message size of 500 kB to avoid high CPU load. Anything above that size will be skipped. The max_size can be increased but it is not recommended.

 

[Chris741]

Could you check the message size? spamassassin has a default maximum message size of 500 kB to avoid high CPU load. Anything above that size will be skipped. The max_size can be increased but it is not recommended.

No it is not that large. Here are the headers contained in the message:

X-Spam-Flag: NO
X-Spam-Score: -3.601
X-Spam-Level:
X-Spam-Status: No, score=-3.601 tagged_above=-999 required=2
tests=[BAYES_99=3.5, BAYES_999=0.2, DKIM_SIGNED=0.1, DKIM_VALID=-5,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DKIM_VERIFIED=-5,
HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=1.886, RAZOR2_CHECK=0.922,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=no autolearn_force=no

 

[wakko]

At least your bayes filter is very confident that this is a spam message but it is overruled.

The DKIM_VERIFIED rule is deprecated and should have a score of 0:
https://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_dkim.cf
Still not enough, though.... I am out of ideas. :/

 

[danton]

The DKIM values should be corrected - at the moment you have a negative score of 10.2 if a message has a valid DKIM signature - so you will need more than 12 points from other checks to even match your quite low spam value. A score of 0 is a good value for the DKIM checks because DKIM is not for spam protection but only to recognize forged senders.
If you correct the DKIM scores to zero you mail wohl have scored at 6.5 instead of -3.6 and would have been recognized as spam.

 

[Chris741]

I am trying this right now! Will report on success.

 

[Chris741]

Thanks guys! This seems to work. At least two of those suspicious emails came, and they showed up in the quarantine folder. No false positives either.

 

[danton]

You should take a look at the headers of your spam mails for their score after your change. You may get some more false positive because 2 is quite low for spam detection in my opinion. I tend to have a more laxed spam setup and live with the odd false negative (spam not sorted out) and have decrease the false positives to a minimum.