spamassassin ocassionally skips network-checks

Fri, 22 May 2009 09:00:16 -0700 

My spamassassin-setup works quite fine.  I've spamassassin invoked as milter 
(using the perl-module Mail::SpamAssassin in the milter)

But occassionally spam comes through where it seems that spamassassin just 
"forgot" to do all the network-checks (spamcop, sorbs, dcc, razor2) and 
therefore the score is low and the mail gets through.

When I run spamassassin on the same mail later its marked as spam and on most 
of my mail the spamassassin-milter runs these network-checks. But on some it 
simply doesnt and I cant figure out. Didnt find any pattern yet and no error in 
any log.

example:

This mail passed the initial spam-check with the following report:

X-Spam-Status: No, score=0.8 required=2.4 tests=BAYES_50,HTML_MESSAGE,
        SPF_HELO_PASS autolearn=ham version=3.2.4
X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record        
               *  0.0  HTML_MESSAGE BODY: HTML included in message      
               *  0.8 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
               *      [score: 0.5257]


When I copy/paste the mail a few minutes later and feed it to spamassassin I 
get something completely different:


X-Spam-Status: Yes, score=8.6 required=2.5 tests=BAYES_50,DCC_CHECK,
        
DIGEST_MULTIPLE,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,
        RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SORBS_WEB,SPF_HELO_PASS
        autolearn=no version=3.2.4
X-Spam-Report: 
        *  2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in 
bl.spamcop.net
        *      [Blocked - see <http://www.spamcop.net/bl.shtml?60.218.81.56>]
        *  0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
        *      [60.218.81.56 listed in dnsbl.sorbs.net]
        * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
        *  0.0 HTML_MESSAGE BODY: HTML included in message
        *  0.8 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
        *      [score: 0.5000]
        *  1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
        *      above 50%
        *      [cf: 100]
        *  1.0 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
        *  0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
        *      [cf: 100]
        *  2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
        *  0.0 DIGEST_MULTIPLE Message hits more than one network digest check



any idea how this could happen? or how can I debug this problem? 

thnx for any hints, tips, solutions ...

peter

Reply via email to