Re: diferent rules hitting with diferent users

11 Feb 2005 21:37:58 -0000

Robert Menschel wrote: 
Hello Matías,

Friday, February 11, 2005, 8:48:18 AM, you wrote:

MLB> I just got a spam message in my inbox without being flagged by SA, and I
MLB> find it very curios because it was a clear spam message. Wen I examine
MLB> the headers to see the score assigned by SA I get more surprised

MLB>    Content analysis details:   (0.4 points, 5.0 required)
MLB>     0.2 HTML_MESSAGE           BODY: HTML included in message
MLB>     0.2 HTML_FONT_BIG          BODY: HTML tag for a big font size

MLB> I copy the message a feed SA with it
MLB> X-Spam-Status: No, score=2.4 required=5.0 tests=BAYES_99,HTML_80_90,
MLB> HTML_FONT_BIG,HTML_IMAGE_RATIO_08,HTML_MESSAGE,MIME_QP_LONG_LINE
MLB>          autolearn=no version=3.0.2

MLB> OK, here it hit the rules that it was supposed to hit. But is still
MLB> getting a low score.

It's also hitting BAYES_99, which means your global Bayes database
(since you're running as root) thinks for sure this is NOT spam.
You've got a problem with the emails you've been learning in the past.


This are bad news.
What could happened?? This can be caused only by a bad training?
I have stored all the mail that I feed sa-learn with.
What can I do to debug and solve this problem??

MLB> What can be causing this different scores??

MLB> I thought that maybe the running user name was the problem...
MLB> So I run SA before as root, now I su to the user name which receive the
MLB> mail the first time and guess what...

MLB> X-Spam-Status: No, score=0.4 required=5.0
MLB> tests=HTML_FONT_BIG,HTML_MESSAGE
MLB>          autolearn=no version=3.0.2

This suggests that maybe the user's user_prefs file is turning off
some rules, or maybe you've got a configuration problem such that the
user's emails aren't going against the same rules files.

If you run spamassassin -D on this email from root, and from your two
users, are the lists of *.cf rules files used the same?


Yes, Exactly the same.
I had never touched those user preferences.
What can be happening?

I have moved the sare rules from the /usr/share/spamassassin dir to /etc/mail/spamassassin dir this morning, but I restarted spamd and the checking are happening after this, so if one user if affected, the other one should do, besides, the spamassassin -D command output is showing the same .cf files.

Thanks for your help Bob.

BR,
Matías.

Reply via email to