Am Mittwoch, 27. November 2002 18:39 schrieb Theo Van Dinter:
> On Wed, Nov 27, 2002 at 04:24:05PM +0100, Tilman Kastner wrote:
> > Obviously, the negative score did not apply to the
> > sum. (It's a custom rule to avoid false positives).
> >
> > What am I doing wrong here? This is SA 2.43 called via MIMEDefang
> > on a Linux Box with Perl 5.6.1
>
> My theory is that you're double scanning, but the report indicates the
>
> rule worked fine:
> > SPAM: Content analysis details:   (3.60 hits, 5 required)
>
> Why there's a body report for a score of 3.6?  Don't know, how are you
> running SA?
>
> It's hard to discuss the problem without a full message though.


Well, I did some more investigating. Unfortunately, I do not have the
original message available, as MIMEDefang mangled it
seriously. I tried to restore it as far as possible and ran a
spamassassin -D -C <my_config> < message

Here's what I got:

debug: using "/etc/mail/spamassassin.cf" for site rules dir
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: Failed to parse line in SpamAssassin configuration, skipping: 
auto_report_threshold      30
debug: is Net::DNS::Resolver unavailable? 0
debug: trying (3) kernel.org...
debug: looking up MX for 'kernel.org'
debug: MX for 'kernel.org' exists? 1
debug: MX lookup of kernel.org succeeded => Dns available (set dns_available to 
hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=0
debug: running raw-body-text per-line regexp tests; score so far=-5
debug: running uri tests; score so far=-5
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=-5
debug: Ran run_rbl_eval_test rule MESSE_RCVD_IN_ORDB ======> got hit
debug: running meta tests; score so far=0
debug: is spam? score=0 required=5 tests=MESSE_NAMEN,MESSE_RCVD_IN_ORDB

Hmm, that looks good so far (although very different to the original run which was 
started
via MIMEDefang), as my rule MESSE_NAMEN is at -5 and MESSE_RCVD_IN_ORDB is 5

BTW:
This rule is defined as:

header MESSE_RCVD_IN_ORDB               rbleval:check_rbl('ordb','relays.ordb.org.')
describe MESSE_RCVD_IN_ORDB             Received via open relay, see 
http://www.ordb.org
tflags MESSE_RCVD_IN_ORDB               net
score MESSE_RCVD_IN_ORDB                5

One question occurs: Is it OK to choose the first parameter to check_rbl
deliberately (as I did)? Or are they hardcoded anywhere?
Maybe this rule hit and got added to the score, but got lost while creating the report,
because I screwed up that one?

I checked our whole spambox (approx 1200 msg. since last cleanup) and
this strange "hits < required" happend several times, but always
with the same spam message and always 3.60 vs. 5

So nothing bad happend (That message deserved assassination). But I surely
would sleep better if I could sort this thing out...

Tilman

-- 
Tilman Kastner                 DEVICE/N GmbH
[EMAIL PROTECTED]             Ilse-ter-Meer-Weg 7
PGP key available              30449 Hannover, Germany



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to