SA Checking user unknown e-mail?

Thu, 08 Jun 2006 07:45:45 -0700 

Hello ohÂ’ gurus of Spamassassin: 

I have a, hopefully, quick question with regards to my implementation of 
Spamassassin. 

In a nutshell it appears that Spamassassin is taking the time and energy to 
check user-
unknown e-mail. 

I am running Spamassassin 3.1.1

Attached is my sendmail log showing a piece of e-mail (which is spam) coming in 
to an 
unknown user account: 

Jun  8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: <[EMAIL PROTECTED]>... 
User unknown
Jun  8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: from=<[EMAIL PROTECTED]>, 
size=15866, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=ns2.flanigan.net 
[67.36.126.141]
Jun  8 10:13:57 ns1 sendmail[20493]: k58EDuQS020493: from=<>, size=19201, 
class=0, 
nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, 
daemon=MTA, relay=ns2.flanigan.net [67.36.126.141]

Then the following from my spamd log:

Jun  8 10:13:57 ns1 spamd[13477]: spamd: connection from ns1.flanigan.net 
[127.0.0.1] 
at port 43625 
Jun  8 10:13:57 ns1 spamd[13477]: spamd: processing message 
<[EMAIL PROTECTED]> for root:505 
Jun  8 10:14:00 ns1 spamd[13477]: spamd: identified spam (24.3/5.0) for 
root:505 in 
2.3 seconds, 19499 bytes. 
Jun  8 10:14:00 ns1 spamd[13477]: spamd: result: Y 24 - 
ALL_TRUSTED,AWL,BAYES_99,HTML_90_100,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IM
G_1,MIME_HTML_MOSTLY,SARE_GIF_ATTACH,SARE_GIF_STOX,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_
OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL 
scantime=2.3,size=19499,user=root,uid=505,required_score=5.0,rhost=ns1.flanigan.net,rad
dr=127.0.0.1,rport=43625,mid=<[EMAIL PROTECTED]>,bayes=0.999
657933165012,autolearn=no

Notice the same msgid <[EMAIL PROTECTED]> from both sendmail 
and spamd. 

My question is why dose sendmail not just reject the message and leave it be? 
Why 
process a message we have no intention of delivering to anyone? Or am I reading 
this 
wrong?

My link between sendmail and spamd is though /etc/procmailrc which reads simply:

:0fw
| /usr/bin/spamc

This quest to track this down has all come from the fact that I am seeing over 
900 
spam messages an hour. (see spam stats: http://www.flanigan.net/spam/) and 
there are 
only about a doze active mailboxes across my 3 or 4 domains. 

Any wisdom would be greatly appreciated!


---
Kind Regards,
David

http://www.flanigan.net

Reply via email to