Maybe it helps to show the source of the complete mail that our user has
received:
<---------------[snip]----------------->
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on vmvmai
X-Spam-Level: ********************
X-Spam-Status: Yes, score=20.3 required=5.0 tests=BAYES_99,MISSING_MID,
RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
SARE_SPEC_REPLICA_OBFU,SARE_SPEC_ROLEX_NOV5A,TW_VP,URIBL_AB_SURBL,UR
IBL_BLACK,
URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB,URIBL_SBL,URIBL_SC_SURBL
,
URIBL_WS_SURBL autolearn=spam version=3.2.4
X-Spam-Report:
* 1.9 URIBL_AB_SURBL Contains an URL listed in the AB SURBL
blocklist
* [URIs: manninst.com]
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
* [URIs: manninst.com]
* 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
blocklist
* [URIs: manninst.com]
* 1.5 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
* [URIs: manninst.com]
* 0.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
* [URIs: manninst.com]
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.0 MISSING_MID Missing Message-Id: header
* 1.8 SARE_SPEC_REPLICA_OBFU BODY: Rolex with obfuscated replica
* 1.1 SARE_SPEC_ROLEX_NOV5A BODY: replica watch spam sign
* 0.1 TW_VP BODY: Odd Letter Triples with VP
* 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: manninst.com]
* 1.1 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
* [URIs: manninst.com]
* 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence
level
* above 50%
* [cf: 100]
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above
50%
* [cf: 100]
* 1.5 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: manninst.com]
X-Envelope-From:
Received: from ostvideo.de (HELO h1198312.stratoserver.net) (85.214.85.80)
by mv.be with SMTP; 1 Apr 2008 20:02:30 -0000
Received: (qmail 4596 invoked for bounce); 1 Apr 2008 19:54:41 -0000
Date: 1 Apr 2008 19:54:41 -0000
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: **** SPAM? (20.3) **** failure notice
X-Qmail-Scanner-Message-ID: <[EMAIL PROTECTED]>
X-Spam-Prev-Subject: failure notice
Hi. This is the qmail-send program at h1198312.stratoserver.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<[EMAIL PROTECTED]>:
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is a copy of the message.
Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 4592 invoked by uid 60000); 1 Apr 2008 19:54:40 -0000
Received: from 200.88.82.106 by h1198312 (envelope-from
<[EMAIL PROTECTED]>, uid 60004) with qmail-scanner-1.24st SA 24
(spamassassin: 3.1.3.
Clear:RC:0(200.88.82.106):SA:0(0.6/5.0):.
Processed in 35.047529 secs); 01 Apr 2008 19:54:40 -0000
X-Spam-Status: No, hits=0.6 required=5.0
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
h1198312.stratoserver.net
X-Spam-Level:
X-Qmail-Scanner-MOVED-X-Spam-Status: No, score=0.6 required=5.0
tests=HTML_40_50,HTML_MESSAGE
autolearn=no version=3.1.3
X-Envelope-From: [EMAIL PROTECTED]
Received: from 106samana82.codetel.net.do (200.88.82.106)
by ostvideo.de with SMTP; 1 Apr 2008 19:54:05 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "Impressive Watches" <[EMAIL PROTECTED]>
To: "Perfect Watches" <[EMAIL PROTECTED]>
Subject: Replica Pens
Date: Tue, 01 Apr 2008 18:14:30 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0004_01C89433.06C5D84B"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
This is a multi-part message in MIME format.
(.... original spam text ....)
*** Qmail-Scanner Envelope Details Begin ***
X-Qmail-Scanner-Mail-From: "" via vmvmai
X-Qmail-Scanner-Rcpt-To: "[EMAIL PROTECTED]"
X-Qmail-Scanner: 2.01 (clamdscan: 0.92/6530. spamassassin: 3.2.4.
Clear::RC:0(85.214.85.80):SA:0(0.6/5.0):. Processed in 9.372121 secs)
*** Qmail-Scanner Envelope Details End ***
<---------------[snip]----------------->
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Tom
De Puysseleyr
Verzonden: woensdag 2 april 2008 10:24
Aan: qmail-scanner-general@lists.sourceforge.net
Onderwerp: [Qmail-scanner-general] subject tagged as spam but no sign
ofspam-score in logfile?
Hi,
We're using qmail-scanner for a couple of years now, with no real problems.
But last night something strange happened. A user complains that he has
received some spam. The subject of these mails is tagged with what we have
configured in local.cf, in this case: "**** SPAM? (20.3) ****". We have
configured qmail-scanner with the --sa-quarantine option so that mails with
a score >= 7 will be quarantined. This is weird, the mail should have gone
to quarantine. I'm sure that this subject was added by our server, as the
qmail-queue.log file shows the original subject without that score. The rest
of the qmail-queue.log shows the following:
<---------------[snip]----------------->
Tue, 01 Apr 2008 22:02:30 CEST:19637: SA: run /usr/bin/spamc -t 30 -f <
/var/spool/qscan/working/new/vmvmai120708015054019637
Tue, 01 Apr 2008 22:02:39 CEST:19637: SA: overwriting
/var/spool/qscan/working/new/vmvmai120708015054019637 with
/var/spool/qscan/working/new/vmvmai120708015054019637.spamc
Tue, 01 Apr 2008 22:02:39 CEST:19637: spamassassin: finished scan of dir
"/var/spool/qscan/tmp/vmvmai120708015054019637" in 9.317778 secs
Tue, 01 Apr 2008 22:02:39 CEST:19637: scanloop: finished scan of
"/var/spool/qscan/tmp/vmvmai120708015054019637"...
Tue, 01 Apr 2008 22:02:39 CEST:19637: ini_sc: scanning message took 9.352407
seconds
Tue, 01 Apr 2008 22:02:39 CEST:19637: q_r: fork off child into
/var/qmail/bin/qmail-queue...
Tue, 01 Apr 2008 22:02:39 CEST:19637: qmail-scanner[19637]:
Clear:RC:0(85.214.85.80):SA:0(0.6/5.0): 9.358264 3991 <>
[EMAIL PROTECTED] failure_notice <[EMAIL PROTECTED]>
1207080150.19639-0.vmvmai:3612 orig-vmvmai120708015054019637:3991
Tue, 01 Apr 2008 22:02:39 CEST:19637: cleanup: archiving into
/var/spool/qscan/archives/new/
<---------------[snip]----------------->
So it does not detect it as spam, but it does alter the subject with a score
of 20.3? One reason I could imagine, is that the message is a bounce, and
that the bounce contains a copy of the original message, which in turn
contains a line: "X-Spam-Status: No, hits=0.6 required=5.0". Maybe somehow
qmail-scanner is confused and takes the 0.6 score instead of the 20.3 ?
Any help is appreciated!
Greetings,
Tom
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
