On 26 Jan 2021, at 17:04, Joe Acquisto-j4 wrote:
running version 3.42.
Presumably you meant 3.4.2...
Unless that's a distro-patched variant, such as the ones RH and Debian
produce, you should update to 3.4.4. There are significant security,
performance, bugfix, and functionality improvements in the 2 latest
"minor" releases, as their will be in the soon-to-come 3.4.5, which
should be the terminal release for the 3.4 branch.
I added a rule in local.cf and restarted spamd. (systemctl restart
spamd.service) It hit. Changed the score on it and an existing rule
and did a restart and they it but neither score changed.
That's not how it SHOULD work...
Ran lint (spamassassin -D --lint) and noticed numerous (20-30 ?)
"__E_LIKE_LETTER," in sequence, followed by
"__GATED_THROUGH_RCVD_REMOVER,__HAS_FROM,__HAS_MESSAGE_ID,__HAS_MSGID,__HAS_SUBJECT,__KHOP_NO_FULL_NAME,__LOWER_E,"
with "__LOWER_E," repeated a similar number of times.
Any suggestions?
Did the lint actually fail?
The many "__E_LIKE_LETTER" and "__LOWER_E" hits are normal. Those
subrules are part of the MIXED_ES metarule that was designed to catch a
particular family of bogus extortion spams (the ones claiming to have
recorded the victim consuming pornography and asking for ransom in
cryptocurrency.) The target spams typically try to avoid Bayes by using
a mix of Unicode characters that look like ASCII characters, notably
variations on lower case 'e'. MIXED_ES has been scoring well in RuleQA
for a surprisingly long time, although it MAY carry some risk that we
miss because our submissions don't include a lot of non-English ham.
It is possible that spamd and the spamassassin script are running as
different users and that means that it is possible that they are using
different per-user rules.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
