Pieter De Wit wrote: > Hi Guys, > > I am pretty sure I covered this well, but I saw some strange happenings > over the last couple of days. I don't have access to the box to copy and > paste the results so this goes from memory (thought I would get the ball > rolling) > > I am writing my own custom milter for sendmail. I use the following > process: > > some custom checks->archive mail->clamav does filescan on that > archive->strip EHLO,MAIL FROM,RCPT TO from mail and hand over to spamd > > the archiving of the mail is simply a dump of what comes in, goes out. I > add the headers like EHLO/HELO,MAIL FROM etc on my own, but they get > stripped out of the email handed over to spamd. > > Here is the weird part - some mail comes up as spam when I hand it over to > spamd, but if I take the archive file and strip the header (EHLO etc) out, > save it it gets a MUCH lower score - I am talking 5.7/5.0 for spamd and > 1.x/5.0 for spamc. > > By spamd I mean connect to the port send the headers CHECK SPAMC/1.2\r\n > (and another line I think) and then sending the mail where as spamc is "cat > /archive_file | spamc -c" > > I guess my question is - is what I am sending to spamd correct ? > >
Maybe. Maybe not. Are you sending the "Content-Length:" header after the check? To really make any decent comparison you'd want to look at the X-Spam-Status headers that each generates. The difference in score alone doesn't tell us much, however, the rules that matched could tell us quite a lot. Try replacing the CHECK command with PROCESS and grab the header that it adds to the message. (this command works the same as CHECK, but returns the entire message after being marked-up by SA, instead of just a score.) Compare the resulting X-Spam-Status with one from sending it to spamc on the command line. If in doubt, post both headers to the list and we'll make some observations/suggestions (or at least I will, but it is likely others will chime in too).
