We are seeing SA-3.2.0 acting strangely/inconsistently on our FC3 servers Ever since upgrading from 3.1.8 to 3.2.0, we have started tagging HAM that we never had problems with before. e.g. we just had it tag email from Dell as spam with scores >5 as follows:
spamd: result: Y 5 - DKIM_SIGNED,DKIM_VERIFIED,DK_SIGNED,DK_VERIFIED,HTML_IMAGE_ONLY_32, HTML_MESSAGE,INVALID_DATE,MIME_HTML_ONLY,MIME_QP_LONG_LINE,MISSING_MIMEOLE,SPF_PASS The weird thing was that when we noticed (less than 1/2 hour later) and ran the same message through the same spamd on the same box - it scored 1.3/5! spamd: result: . 1 - DKIM_POLICY_SIGNSOME,HTML_IMAGE_ONLY_32,HTML_MESSAGE,SPF_PASS Unfortunately the mail terminates on Exchange - so the second run is over the message as pulled out of Exchange via IMAP - so it could have been "cleaned up". The version we pulled was in multipart/alternative - but perhaps the first run was in text/html only - I can't tell. The weird thing is that there are tonnes more DKIM rules in the first run than the second (that shouldn't have changed in 1/2 an hour), and the message was classified as HTML_IMAGE_ONLY - whereas it actually had a remote image link (their logo) - it wasn't in the message itself. Also the INVALID_DATE doesn't seem correct either - according to the Received and Date headers, they all looks within seconds of each other (inc. timezones). I'm stumped. It makes no sense whatsoever. Any suggestions welcome. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
