It can only do so if report_safe is set to 0. With non-zero report_safe settings, the original mail is encapsulated as an attachment inside a wrapper message also including the report. That wrapper message containing the SA report is "safe" because it is fully local, the text/plain part won't look like spam to any spam filter, and the original, encapsulated as a message/rfc822 attachment, should be skipped by any filter. If you want to test the *original* message, you have to extract the message/rfc822 part into its own file and test that.
OK, did some more googling on this. Let me spell this out and help clear up those who may be as confused as I was:
1) sa-learn *will* "unwrap" the original encapsulated spam emails when they are encapsulated by SA: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/LearningMarkedUpMessages 2) However, the spamassassin command (or spamc/spamd) does not do this for you. You must use the -d option to remove any spam markup.
What this means is if that report_safe is set to "1" (the default) in your SA config file, you must pull the original spam email out with the -d option if you wish to run it through spamassassin/spamc again. You do *not* have to worry about doing this with the sa-learn command.
If I got this wrong, let me know. Thanks.
