It looks to me like you received that mail before the uri could be listed in the surbls. Bayes here, hit it hard, for me, it made it over for spam. (local tests only.)
I've noticed some inconsistencies in how spamassassin is marking up messages on my host.
At first I thought it was the way mimedefang was in the mix on my host but now that I'm digging a little further I am noticing something weird and would appreciate some help troubleshooting it.
If I run this spam <http://moose.ca/downloads/content/text/sample_new.email> through spamassassin on the command line I receive one set of output. The score it returns is 4.5. The email is blatant spam. Here is the output from $(spamassassin -D -t < ~/sample.email) : <http://moose.ca/content/downloads/text/SA-result1.txt>.
If I run the test again immediately I get a score of 12.9: <http://moose.ca/content/downloads/text/SA-result2.txt>. Every subsequent run after that is at 12.9 - which seems to be what I'd expect from an email like that to begin with.
My /etc/mail/sa-mimedefang.cf is symlinked to /etc/mail/spamasssassin/local.cf. /etc/mail/spamassassin.cf is also sylinked to the /etc/mail/spamassassin/local.cf file. Here is it's content: <http://moose.ca/content/downloads/text/local.cf>
Spamassassin is 3.02, Perl is 5.8.3
I feel like I'm missing something obvious - been staring at this problem for a few days now and am not getting any where. I've been working through similar messages in the mailing list archives at the SA and Mimedefang sites with no joy.
If I "leave the host alone" for a certain amount of time and re-run the test it will revert to 4.5 score again. In the meantime the host has been processing email for our site (~0.5 emails / second during prime time according to the mimedefang watch tool). I was thinking it might be related to the bayes rules getting reset some how but the source email above should never have a score as low as 4.5 should it?
What do I have misconfigured?
Thanks!
As far as bayes, debug: bayes: Not available for scanning, only 2 ham(s) in Bayes DB < 200
You need more hams. This also helped in the scoring of the mail.
You may also want to turn back on rbl checks, to see if this helps any:
skip_rbl_checks 1
I don't trust anything from anyone ;-)
HTH
-- Thanks, JamesDR
smime.p7s
Description: S/MIME Cryptographic Signature
