Comments (3)
Sorry for the late response. I've managed to add support for the headers you provided. Some in-depth regex changes were necessary in order to parse the tables correctly.
The regex now parses not just the rule name, score and description, but also the specific reason this rule matched in SpamAssassin (e.g. [URIs: topdelivery.net.pl]
).
I'll do some more tests this weekend before publishing the new version through the Thunderbird store.
from spam-scores.
Thank you for submitting the screeenshots.
I have not seen this type of SpamAssassin header before. Could you please post the header you just sent as raw text? I would then try to update the header parsing expressions so that this variant is recognised and the detailed rules are displayed correctly.
from spam-scores.
First source
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="_=aspNetEmail=_75e2e48014514b86929a6e80bafeb356"
Precedence: bulk
List-Unsubscribe: <http://info.topdelivery.net.pl/appreg/panel/Redirect.aspx?link_id=CF1D6AAB-0078-4D9E-93DE-C9559163C1BF&mail_id=9f625b60-53d3-44a7-a5d4-6de805228f10&d=14A96185-339C-41B4-8E28-CB069D47DA14&cntct_id=WmAXexFzAVoMe11BOm5ARhYoFDQVd0NoUA0XKggWZnoWQkUu&p1=FBNFExdQBDNLWxYpa1trICl6ZXRddFkOBWkWbWULFQhLCCggHXRfdC1BEh4ZRXRKAVwNdmcAP2xsUXx0AAUYVxIYd0xuC0V4DA4EbBQ8VltnLVhVKH4sOGQZUBduCnRmS2Z8JmgrbjI5ZGVqH1REGnAcchd4GgRxCB52egl4ahlPVXhRL3wGZARbDl9Se30%3d&p2=R3tSeUBQU0deXBgIIkVuUl4yfFVafkViAjtmJDcBaAMfegoBAWExDERTfB0eI2QlLw0%2fIVRIPkgqESYxIiguARFPWhR4VhBlHhMQPxtKWgAQXk1YWChaS3RzBBF1WHRcWxUJBDxXaEZKFHA8HlMiExppe2NtFQ8BfAEE&site=aHR0cCUzYSUyZiUyZmluZm8udG9wZGVsaXZlcnkubmV0LnBsJTJmYXBwcmVnJTJmcGFuZWwlMmZSZWdpc3Rlck91dFBhZ2UuYXNweCUzZm1haWxfaWQlM2QlMjMlMjNtYWlsX2lkJTIzJTIzJTI2YW1wJTNiZCUzZDE0QTk2MTg1LTMzOUMtNDFCNC04RTI4LUNCMDY5RDQ3REExNA%3d%3d>
Feedback-ID: :51635:65841:net.pl
X-Sid: [email protected]
Message-ID: <[email protected]>
X-Spam-Subject: ***SPAM*** =?utf-8?B?8J+UtVBST01PQ0pBIDMwIHrFgiB6YSBjYcWCeSByb2sgdyBQbGF5ZXIg8J+UlCBTUFJBV0TFuSA+Pj4=?=
X-Spam-Status: Yes, score=21.2
X-Spam-Score: 212
X-Spam-Bar: +++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "*****",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: PROMOCJA 30 zĹ? za caĹ?y rok w Player Ostatne dni promocji!
30 zĹ? za caĹ?y rok w Player - zobacz nowoĹ?ci Kampania realizowana przez
Redgroup do bazy partnera Kampanie Online LTD, na zlecenie: TVN S.A. ul.
Wiertnicza 166 02-952 Warszawa, NIP: 951-00-57-883 R [...]
Content analysis details: (21.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist
[URIs: topdelivery.net.pl]
5.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: topdelivery.net.pl]
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
area
0.5 KAM_REALLYHUGEIMGSRC RAW: Spam with image tags with ridiculously
huge http urls
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
5.0 KAM_VERY_BLACK_DBL Email that hits both URIBL Black and Spamhaus
DBL
X-Spam-Flag: YES
Another example, with more rules.
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-FEAS-AUTH-USER: [email protected]
X-Spam-Subject: ***SPAM*** I NEED YOUR SERIOUS ATTENTION.
X-Spam-Status: Yes, score=55.2
X-Spam-Score: 552
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "*****",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Dear Friend I am techinical consultant,tony maxwell by name,
I have a client .who made a fixed deposit of fund valued at USD$8,500,000.00
(Eight Million, Five Hundred Thousand United States Dollars) with a deposi
[...]
Content analysis details: (55.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[88.157.215.74 listed in psbl.surriel.com]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
2.0 MILLION_USD BODY: Talks about millions of dollars
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 NSL_RCVD_FROM_USER Received from User
0.5 SUBJ_ALL_CAPS Subject is all capitals
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[88.157.215.74 listed in bl.score.senderscore.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[max_tony[at]aim.com]
1.0 MISSING_HEADERS Missing To: header
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
1.3 HK_SCAM No description available.
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSP_USER From misspaced, from "User"
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
2.6 MSOE_MID_WRONG_CASE No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
10 KAM_BENEFICIARY Beneficiary scams
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
2.5 KAM_NIGERIAN Nigerian Scam and Variants
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 FROM_MISSPACED From: missing whitespace
1.5 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.5 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
0.0 T_MONEY_PERCENT X% of a lot of money for you
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
1.8 SPOOFED_FREEMAIL No description available.
2.5 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.9 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
3.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
X-Spam-Flag: YES
from spam-scores.
Related Issues (20)
- Es werden nur bei älteren E-Mails vereinzelt Spam-Scores angezeigt HOT 5
- Add support for X-VR-SPAMSCORE headers (OVH) HOT 2
- Popup with detailed information HOT 9
- Error parsing detail rules with content preview header HOT 6
- Contributors discussion HOT 1
- v1.4.0 not working with Thunderbird 78 HOT 5
- Is it possible to add support for fastmail HOT 1
- No X Spam-Report displayed for emails opened from EML file
- Empty popup on second opening (macOS Big Sur) HOT 10
- Duplicates in score list HOT 3
- When installing, Spam Scores appends to the last existing filter header instead of creating a new filter header
- Questions regarding score ranges HOT 3
- Thunderbird 102: Column disappears after restart HOT 6
- When Spam Scores enabled unable to scroll Junk folder when message is selected HOT 5
- Look for header "x-hmailserver-reason-score"
- Maxing out one core and crashing TB
- Support for Sophos PureMessage Headers (X-PMX-Spam)
- Support X-Ham-Report for detailed report info
- Spam score column not longer available in Thunderbird 115 HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spam-scores.