Am Mittwoch, 27. November 2002 18:39 schrieb Theo Van Dinter: > On Wed, Nov 27, 2002 at 04:24:05PM +0100, Tilman Kastner wrote: > > Obviously, the negative score did not apply to the > > sum. (It's a custom rule to avoid false positives). > > > > What am I doing wrong here? This is SA 2.43 called via MIMEDefang > > on a Linux Box with Perl 5.6.1 > > My theory is that you're double scanning, but the report indicates the > > rule worked fine: > > SPAM: Content analysis details: (3.60 hits, 5 required) > > Why there's a body report for a score of 3.6? Don't know, how are you > running SA? > > It's hard to discuss the problem without a full message though.
Well, I did some more investigating. Unfortunately, I do not have the original message available, as MIMEDefang mangled it seriously. I tried to restore it as far as possible and ran a spamassassin -D -C <my_config> < message Here's what I got: debug: using "/etc/mail/spamassassin.cf" for site rules dir debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: Failed to parse line in SpamAssassin configuration, skipping: auto_report_threshold 30 debug: is Net::DNS::Resolver unavailable? 0 debug: trying (3) kernel.org... debug: looking up MX for 'kernel.org' debug: MX for 'kernel.org' exists? 1 debug: MX lookup of kernel.org succeeded => Dns available (set dns_available to hardcode) debug: is DNS available? 1 debug: running header regexp tests; score so far=0 debug: running body-text per-line regexp tests; score so far=0 debug: running raw-body-text per-line regexp tests; score so far=-5 debug: running uri tests; score so far=-5 debug: uri tests: Done uriRE debug: running full-text regexp tests; score so far=-5 debug: Ran run_rbl_eval_test rule MESSE_RCVD_IN_ORDB ======> got hit debug: running meta tests; score so far=0 debug: is spam? score=0 required=5 tests=MESSE_NAMEN,MESSE_RCVD_IN_ORDB Hmm, that looks good so far (although very different to the original run which was started via MIMEDefang), as my rule MESSE_NAMEN is at -5 and MESSE_RCVD_IN_ORDB is 5 BTW: This rule is defined as: header MESSE_RCVD_IN_ORDB rbleval:check_rbl('ordb','relays.ordb.org.') describe MESSE_RCVD_IN_ORDB Received via open relay, see http://www.ordb.org tflags MESSE_RCVD_IN_ORDB net score MESSE_RCVD_IN_ORDB 5 One question occurs: Is it OK to choose the first parameter to check_rbl deliberately (as I did)? Or are they hardcoded anywhere? Maybe this rule hit and got added to the score, but got lost while creating the report, because I screwed up that one? I checked our whole spambox (approx 1200 msg. since last cleanup) and this strange "hits < required" happend several times, but always with the same spam message and always 3.60 vs. 5 So nothing bad happend (That message deserved assassination). But I surely would sleep better if I could sort this thing out... Tilman -- Tilman Kastner DEVICE/N GmbH [EMAIL PROTECTED] Ilse-ter-Meer-Weg 7 PGP key available 30449 Hannover, Germany ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk