Morning list.
I have been having a few "funnies" with the latest SA.
Below is a header from a mail that slipped through.
Below that is the same mail when fed into SA using the -t switch.
The scores differ greatly.
Any ideas?
Are they *EXACTLY* the same message? Of course not.
It looks like you fed spamassassin -t something that had been severely mangled by a mail client.
SA does not understand the outlook .msg format, for example. It expects RFC-822 compliant mail messages, which is the format all mailers, even outlook, use while exchanging them over SMTP. Some mailers, like outlook, choose to store in some bizarre format with weird binary garbage in it so it can track things like if it's been read or not. SA can't read that garbage.
The -t run matched MISSING_HEADERS and MISSING_SUBJECT, but the first run did not. That right there tells me that the message headers are now corrupt, or at least not in 822 format anymore.
HEAD_ILLEGAL_CHARS and in this case ALL_TRUSTED are caused by the same.. mangled headers.
URIBL_WS_SURBL did not match the first time, but did the second. However, this is likely due to difference in time. It matched URIBL_SBL both times, so it probably was still on it's way to being listed in WS... wait another day and it will likey be picked up by the SC list too.
The only other changes in the hits is UPPERCASE_25_50. And since it looks like you fed spamassassin -t garbage, that's quite possibly a result as well.
