(Re-post to list. For some reason the post which quoted all of chad's email
bounced back with a 10.4 score. No clue why, there's no spam quotes here,
only one URIBL listed domain mentioned in the body report. One domain alone
shouldn't be >10, even if it's listed in every URIBL in the universe)
Chad, based on the difference in hits on the two scores below, it sounds
like you're double-scanning the email. Make sure you don't have an MTA
integration that's scanning the mail before it gets to procmail.
Also, try temporarily disabling both spamc calls in your procmail.rc, see
if you still get X-Spam-Status headers.
Order of events:
The first time it's scanned, the message gets tagged a body report is
added, and the whole thing is encapsulated in a new message with new
headers, including new Received: headers that show the message as being
locally generated.
The second time around, the scan will get result because the message
headers are different. The X-Spam-Status header gets over-written, but
nothing else.
Note that in the body (first scan) several RBLs hit (XBL, spamcop and
NJABL_DUL) but the second time (X-Spam-Status) they don't fire and in their
place ALL_TRUSTED matches, suggesting a locally generated email (such as
the encapsulation).
At 09:11 PM 11/23/2005, Chad wrote:
Hello!
I've been googling and searching this list for a little over 2 hours
now and have yet to find this problem, or a fix for it. If there is
something obvious I'm missing, feel free to point me in that
direction, but here goes:
I recieve Spam from "Doctor" with the subject "Ultimate Online Pharmaceutical"
It's subject gets marked up correctly with my [SPAM] subject_rewrite,
and I have report_safe set to 1, so the message shows the score as:
Content analysis details: (9.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[217.217.190.99 listed in dnsbl.sorbs.net]
1.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?217.217.190.99>]
2.5 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[217.217.190.99 listed in sbl-xbl.spamhaus.org]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[217.217.190.99 listed in combined.njabl.org]
0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: *MUNGED*]
As noted, it's a score of 9.2 points total.
But, when I check the header, it shows:
X-Spam-Level:
X-Spam-Status: No, score=0.5 required=5.0 tests=ALL_TRUSTED,
DATE_IN_FUTURE_12_24,HTML_40_50,HTML_MESSAGE,MIME_HTML_MOSTLY,
URIBL_SBL autolearn=no version=3.0.2-gr1
