Hello,
I am using SA 3.0.3 on Debian Sarge with Postfix and amavisd-new. So far
Spamassassin is filtering just about everything with very few exceptions.
However, since about a week ago, I'm getting a few false negatives (ie.
nondetected spam) every day and when I retest them with the same settings
that amavisd-new uses (ie. call "spamc < mail.txt" on the server as the
user "amavis"), it usually gets detected.
Here is such a mail as tested by SA/amavis when it arrived (full mail
below):
X-Spam-Status: No, hits=4.0 tagged_above=-100.0 required=5.0 tests=BAYES_50,
DCC_CHECK, DIGEST_MULTIPLE, HTML_MESSAGE, MIME_HTML_ONLY,
RAZOR2_CF_RANGE_51_100, RAZOR2_CHECK
X-Spam-Level: ****
Retesting it once on the command line gives
X-Spam-Status: No, hits=3.7 required=5.0 tests=AWL=0.333,BAYES_60=1,
DCC_CHECK=2.169,HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.177 autolearn=no
version=3.0.3
Testing it again ten seconds later (because I didn't believe this result)
gives:
X-Spam-Status: Yes, hits=5.8 required=5.0 tests=AWL=-2.166,BAYES_60=1,
DCC_CHECK=2.169,DIGEST_MULTIPLE=0.098,HTML_MESSAGE=0.001,
LOCAL_BLACKHOLES_CNKR=1.5,LOCAL_CHINESE_RELAY=1.5,
MIME_HTML_ONLY=0.177,RAZOR2_CF_RANGE_51_100=0.056,RAZOR2_CHECK=1.511
autolearn=no version=3.0.3
Log info during these two tests:
spamd[20769]: connection from localhost [127.0.0.1] at port 41717
spamd[20769]: processing message <[EMAIL PROTECTED]> for
amavis:105.
spamd[20769]: clean message (3.7/5.0) for amavis:105 in 20.7 seconds, 2989
bytes.
spamd[20769]: result: . 3 -
AWL,BAYES_60,DCC_CHECK,HTML_MESSAGE,MIME_HTML_ONLY
scantime=20.7,size=2989,mid
=<[EMAIL PROTECTED]>,bayes=0.700268886337914,autolearn=no
spamd[20770]: connection from localhost [127.0.0.1] at port 41741
spamd[20770]: processing message <[EMAIL PROTECTED]> for
amavis:105.
spamd[20770]: identified spam (5.8/5.0) for amavis:105 in 10.2 seconds, 2989
bytes.
spamd[20770]: result: Y 5 -
AWL,BAYES_60,DCC_CHECK,DIGEST_MULTIPLE,HTML_MESSAGE,LOCAL_BLACKHOLES_CNKR,LOCAL_CHINESE_RELAY,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK
scantime=10.2,size=2989,mid=<[EMAIL
PROTECTED]>,bayes=0.700268886337914,autolearn=no
The two local rules above are defined as
header LOCAL_CHINESE_RELAY eval:check_rbl_txt('CNKR',
'cn.ascc.dnsbl.bit.nl.')
score LOCAL_CHINESE_RELAY 1.5
header LOCAL_BLACKHOLES_CNKR eval:check_rbl('CNKR', 'cn-kr.blackholes.us.')
score LOCAL_BLACKHOLES_CNKR 1.5
I'm suspecting that this might be due to short temporary DNS outages.
Is there a way to tell SA to log DNS lookup errors?
I'd appreciate any help.
Thank you :-)
One of the SPAM mail not caught:
=================================================================================
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by master.rb-hosting.de (Postfix) with ESMTP id C0DA7F8D7
for <[EMAIL PROTECTED]>; Wed, 15 Mar 2006 08:30:30 +0100
(CET)
Received: from master.rb-hosting.de ([127.0.0.1])
by localhost (master.rb-hosting.de [127.0.0.1]) (amavisd-new, port
10024)
with LMTP id 00961-04 for <[EMAIL PROTECTED]>;
Wed, 15 Mar 2006 08:30:11 +0100 (CET)
Received: from fmmailgate01.web.de (fmmailgate01.web.de [217.72.192.221])
by master.rb-hosting.de (Postfix) with ESMTP id 98CEE624A
for <[EMAIL PROTECTED]>; Wed, 15 Mar 2006 08:29:27 +0100
(CET)
Received: from mx32.web.de (mx32.dlan.cinetic.de [172.20.6.245])
by fmmailgate01.web.de (Postfix) with ESMTP id F240715EEFCD
for <[EMAIL PROTECTED]>; Wed, 15 Mar 2006 08:28:35 +0100
(CET)
Received: from [222.43.138.135] (helo=50635278)
by mx32.web.de with smtp (WEB.DE 4.106 #94)
id 1FJQQs-0003zh-00; Wed, 15 Mar 2006 08:28:34 +0100
Received: from dugan.trade.es
by blister.midshipmen.net (Modtfix) with ESMTP id AB14EC578E
for <[EMAIL PROTECTED]>; Tue, 14 Mar 2006 23:27:43
-0800
Message-Id: <[EMAIL PROTECTED]>
From: "Dartsch Glasholz" <[EMAIL PROTECTED]>
Date: Tue, 14 Mar 2006 23:27:43 -0800
To: [EMAIL PROTECTED]
Subject: Fabian hat eine und ist ganz stolz damit
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-WEBDE-FORWARD: [EMAIL PROTECTED] -> [EMAIL PROTECTED]
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian GNU/Linux) at
master.rb-hosting.de
X-Spam-Status: No, hits=4.0 tagged_above=-100.0 required=5.0 tests=BAYES_50,
DCC_CHECK, DIGEST_MULTIPLE, HTML_MESSAGE, MIME_HTML_ONLY,
RAZOR2_CF_RANGE_51_100, RAZOR2_CHECK
X-Spam-Level: ****
X-Length: 2944
X-UID: 29834
