Hi users,
I have a weird problem here that i know i am not the only one to encounter, and have yet to see (in much searching) a solution for.
I am running spamassassin for all mail via spamd/spamc, and filtering on the "X-Spam-Status: Yes" header. The majority of my spam is getting caught, but quite a bit is getting through. The vast majority of the spam that gets through is tagged as spam in the subject line (i enable rewrite_header), but not tagged as spam in the X-Spam-Status header line. In an example spam, i get the following spamass header:
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
phase.nyc.analogue.net
X-Spam-Level: ****
X-Spam-Status: No, score=4.8 required=5.0 tests=BAYES_50,HTML_10_20,
HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,URIBL_SBL
autolearn=no version=3.0.2The subject/body, on the other hand, contains:
Subject: ****SPAM(10.9)**** Become the man that women desire
Content analysis details: (10.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5508]
0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
50%
[cf: 100]
0.2 HTML_10_20 BODY: Message is 10% to 20% HTML
0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
3.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[218.80.35.217 listed in dnsbl.sorbs.net]
3.8 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?218.80.35.217>]
0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[218.80.35.217 listed in combined.njabl.org]
1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: heavenlyitemsbutique.com]So it appears that spamassassin tagged this as spam with 10.9 points, but left out some of the rules when writing the X-Spam-Status header, claiming the email only received 4.8 points. Spamassassin is installed directly out of freebsd ports on a fbsd4.11 box with perl 5.8.5. My local.cf is included below. Why would spamassassin be dropping rules like this?
Thanks much, -jba
__ [EMAIL PROTECTED] :: analogue.networks.nyc :: http://analogue.net
---------- local.cf ----------
rewrite_header Subject ****SPAM(_SCORE_)**** skip_rbl_checks 0
use_razor2 1 bayes_auto_learn 1 use_bayes 1 use_pyzor 1 auto_learn 1 use_dcc 1 dcc_add_header 1 dns_available yes dcc_timeout 10 dcc_path /my/path/to/dccproc
rbl_timeout 3 num_check_received 3
bayes_path /path/to/my/spamass/ auto_whitelist_path /path/to/my/auto-whitelist
header ARIX_DF rbleval:check_rbl('arix-df', 'fresh.dict.rbl.arix.com.')
describe ARIX_DF Recent dictionary spammer
tflags ARIX_DF netheader ARIX_DS rbleval:check_rbl('arix-ds', 'stale.dict.rbl.arix.com.')
describe ARIX_DS Sender has a history of dictionary spamming
tflags ARIX_DS netscore ARIX_DF 3.0 score ARIX_DS 0.5
trusted_networks (my trusted nets) internal_networks (my internal nets) lock_method flock
## Optional Score Increases score DCC_CHECK 4.000 score RAZOR2_CHECK 3.500 score BAYES_99 4.300 score BAYES_90 3.500 score BAYES_80 3.000 score RCVD_IN_SORBS_WEB 2.000 score RCVD_IN_SBL 3.000 score URIBL_SBL 1.00 score ALL_TRUSTED 0.000 score RCVD_IN_BL_SPAMCOP_NET 2.0
