sm - We have the same configuration on all our MX servers. Here are all
of the headers for an example spam email:
Note, it may be system/config-related - the /dev/shm directory is used
by spamassassin, but it is not getting cleaned out consistently.
Microsoft Mail Internet Headers Version 2.0
Received: from houfe01node01.bakerbotts.net ([10.20.254.151]) by
HOUEVS02.bakerbotts.net with Microsoft SMTPSVC(6.0.3790.211);
Wed, 25 Jul 2007 06:28:25 -0500
Received: from housweep03.bakerbotts.net ([10.20.254.246]) by
houfe01node01.bakerbotts.net with Microsoft SMTPSVC(6.0.3790.211);
Wed, 25 Jul 2007 06:28:25 -0500
Received: from housweep01.bakerbotts.net (housweep01.bakerbotts.net
[10.20.254.236]) by housweep03.bakerbotts.net
(Content Technologies SMTPRS 4.3.20) with ESMTP id
<[EMAIL PROTECTED]>;
Wed, 25 Jul 2007 06:28:24 -0500
Received: from houmx05.bakerbotts.com (houmx05-inside.bakerbotts.net) by
housweep01.bakerbotts.net
(Content Technologies SMTPRS 4.3.20) with ESMTP id
<[EMAIL PROTECTED]>;
Wed, 25 Jul 2007 06:28:23 -0500
X-Envelope-From: [EMAIL PROTECTED]
Received: from dsl85-102-24083.ttnet.net.tr
(dsl85-102-24083.ttnet.net.tr [85.102.94.19] (may be forged))
by houmx05.bakerbotts.com (8.13.8/8.13.5) with ESMTP id l6PBRJSh012871;
Wed, 25 Jul 2007 06:27:27 -0500
Received: from [85.102.94.19] by mail.amorymusic.com; Wed, 25 Jul 2007
11:27:32 -0200
Date: Wed, 25 Jul 2007 11:27:32 -0200
From: "Erick Page" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.01) Personal
Reply-To: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Greatest artworks from top artists
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------F6EBF6EB821E4B82"
X-Null-Tag: fca71ee22f4011b5a8b9f02a21610260
X-BakerBotts-MailScanner-Information: Please contact the ISP for more
information
X-BakerBotts-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
score=0, required 5, autolearn=)
X-BakerBotts-MailScanner-From: [EMAIL PROTECTED]
X-Spam-Status: No
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 25 Jul 2007 11:28:25.0570 (UTC)
FILETIME=[EA688C20:01C7CEAE]
------------F6EBF6EB821E4B82
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
------------F6EBF6EB821E4B82
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
------------F6EBF6EB821E4B82--
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 25, 2007 3:11 PM
To: users@spamassassin.apache.org
Subject: RE: score-0 problem: SpamAssassin (not cached, score=0,
required 5, autolearn=)
There are files in /dev/shm/ (.spamassassin*) that are being
created, and some are being left in that directory. Here is an example
of a file that has been left on this ramdisk fs:
# grep l6PJ1iYV029369 /var/log/maillog
Jul 25 14:01:51 houmx05 milter-greylist: l6PJ1iYV029369:
skipping greylist because this is the default action,
([EMAIL PROTECTED]>,
rcpt=<[EMAIL PROTECTED]>,
addr=smtp02.bis.na.blackberry.com[216.9.248.49])
Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369:
from=<[EMAIL PROTECTED]
ry.com>, size=654, class=0, nrcpts=1,
msgid=<2074773001-1185390040-cardhu_decombobulator_blackberry.rim.net-11
[EMAIL PROTECTED], proto=ESMTP, daemon=MTA,
relay=smtp02.bis.na.blackberry.com [216.9.248.49]
Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369: Milter
add: header: X-Null-Tag: 3a576a56bd3b913802bbc7fd4c9f07ad
Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369: Milter
add: header: X-Greylist: Default is to whitelist mail, not delayed by
milter-greylist-3.0rc3 (houmx05.bakerbotts.com [204.194.98.17]); Wed, 25
Jul 2007 14:01:51 -0500 (CDT)
Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369:
to=<[EMAIL PROTECTED]>, delay=00:00:00, mailer=esmtp,
pri=30654, stat=queued
Jul 25 14:01:53 houmx05 MailScanner[6850]: Message
l6PJ1iYV029369 from 216.9.248.49
([EMAIL PROTECTED]
m) to bakerbotts.com is not spam, SpamAssassin (not cached, score=0,
required 5, autolearn=)
Jul 25 14:01:56 houmx05 sendmail[29452]: l6PJ1iYV029369:
to=<[EMAIL PROTECTED]>, delay=00:00:05, xdelay=00:00:00,
mailer=esmtp, pri=120654, relay=housweep01.bakerbotts.net.
[10.20.254.236], dsn=2.0.0, stat=Sent (Message received OK)
# l .spamassassin29421Mvfyimtmp
-rw------- 1 root root 1307 Jul 25 14:01
.spamassassin29421Mvfyimtmp
Wed Jul 25 14:12:06 CDT 2007
I'm wondering if it is a possible problem with the /dev/shm ram
disk. Can spamassassin be pointed to use another directory?
Thanks,
Donald
-----Original Message-----
From: Dawson, Donald
Sent: Wednesday, July 25, 2007 1:01 PM
To: users@spamassassin.apache.org
Subject: score-0 problem: SpamAssassin (not
cached, score=0, required 5, autolearn=)
I have noticed that some spam has been creeping in. We
have 4 inbound MX servers, but only has is experiencing this problem.
SpamAssassin version 3.2.0
running on Perl version 5.8.3
This is MailScanner version 4.59.4
Here are the counts of 'is not spam' and 'is spam' with
'score=0,':
fgrep "score=0," /var/log/maillog | grep 'is not spam' |
wc -l -- 649
fgrep "score=0," /var/log/maillog | grep 'is spam' | wc
-l -- 311
Spamassasin is not showing any errors, and
'/usr/bin/spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf
--lint' does not show errors.
Here is an example of the headers from a spam message:
From: "Erick Page" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.01) Personal
Reply-To: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Greatest artworks from top artists
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------F6EBF6EB821E4B82"
X-Null-Tag: fca71ee22f4011b5a8b9f02a21610260
X-BakerBotts-MailScanner-Information: Please contact the
ISP for more information
X-BakerBotts-MailScanner-SpamCheck: not spam,
SpamAssassin (not cached,
score=0, required 5, autolearn=)
X-BakerBotts-MailScanner-From:
[EMAIL PROTECTED]
X-Spam-Status: No
Return-Path: [EMAIL PROTECTED]
I would appreciate any help you can provide.
Thanks,
Donald
Donald Dawson
Security Administrator
Baker Botts L.L.P.
713-229-2183
