> > % spamassassin --lint shows no output, so I'm thinking that means no
> > problems in my local.cf.
>
> Good, 'spamassassin --lint' should show no outout, it ony barks when
> there's something wrong. Now 'spamassassin --lint -D' gives -tons-
> of output, but any error messages often get buried in with all the
> debugging output.
>
> > % spamassassin < /tmp/test-message.txt on a lowscoring spam
> (-1.6 according
> > to smtp-vilter's headers) get scored a whopping 14.3 by
> spamassassin! Tests
> > hit include HELO_DYNAMIC_IPADDR, BAYES_99, RCVD_IN_SORBS_DUL,
> > RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_XBL, RCVD_IN_NJABL_DUL
>
> OK, so that vets your basic spamassassin system. Now the next
> thing to try
> is to take that same test message and feed it to "spamd" via
> spamc to see
> what the daemon thinks about it. Do: '% spamc -R <
> /tmp/test-message.txt'
> that should give a report output that shows the same tests hit. If it
> doesn't then that says that there's something about how you're running
> "spamd" that is causing problems.
>
> I noticed that in your tests report you show most of the
> score came from
> network type tests. If you start your "spamd" with the "-L"
> command line
> option that will disable all network tests (and seriously
> reduce your spam
> recognising ability). Or if there's something about the way that your
> "spamd" starts up so that network tests are disabled, it will have the
> same "net"-not result.
>
> > So I think Dave is right - the problem is with the milter,
> or at least the
> > milter / spamassassin communication.
>
> It may be a milter issue but first we need to rule out whether it's a
> "spamd" issue (thus the "spamc" tests). IE the flow is
> sendmail -> milter
> -> spamd, spamd results -> milter -> sendmail.
>
Verified that spamassassin < testmessage.txt and spamc -R < testmessage.txt
hit the same tests for my sample spam, specifically:
Content analysis details: (14.3 points, 4.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 SUB_HELLO Subject starts with "Hello"
4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr
1)
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9937]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[24.125.102.162 listed in dnsbl.sorbs.net]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?24.125.102.162>]
3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[24.125.102.162 listed in sbl-xbl.spamhaus.org]
0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[24.125.102.162 listed in combined.njabl.org]
Again, rating this mail actually received when it passed thru my system was
-1.6.
These are the entries in /etc/rc.local that start smtp-vilter and spamd:
# start smtp-vilter
if [ X"${smtp_vilter}" != X"NO" -a \
-x /usr/local/sbin/smtp-vilter ]; then
echo -n ' smtp-vilter'
/usr/local/sbin/smtp-vilter
fi
# Start Spamassassin daemon
/usr/local/bin/spamd -u _vilter -d -D -s mail -x && echo -e "spamd
started..."
...and here is where it is called in my sendmail .mc file:
INPUT_MAIL_FILTER(`smtp-vilter', `S=unix:/var/smtp-vilter/smtp-vilter.sock,
F=T, T=S:10m;R:10m;E:10m')dnl
Starting spamd in debug mode, I see this message:
debug: Score set 0 chosen.
Doesn't that mean network tests are not being run? But as you can see, I am
NOT starting spamd with a -L. Why would score set 0 be chosen? Can I force
it to run network tests or choose the score set manually?
