Problems with whitelists and simscan

[Jose Luis Marin Perez]

Dear Sirs

I noticed a problem with Spamassassin whitelists and Simscan:

Spamassassin is configured to use white lists using mysql (for example)

mysql> select * from userpref;
+------------------------------+----------------+-------------------------+--------+
| username                     | preference     | value                   | 
prefid |
+------------------------------+----------------+-------------------------+--------+
| jma...@enlaceaduanero.com.pe | whitelist_from | jolumape...@hotmail.com |     
 2 |
| lca...@enlaceaduanero.com.pe | whitelist_from | jolumape...@hotmail.com |     
 3 |
+------------------------------+----------------+-------------------------+--------+
2 rows in set (0.01 sec)

When I send mail to these accounts individually operate normally white list 
(SIMSCAN DEBUG):

@400000004b0d6d6c1ea5738c qmail-smtpd: pid 27178 
Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.221:unknown 
H:col0-omc4-s19.col0.hotmail.com F:jolumape...@hotmail.com 
T:jma...@enlaceaduanero.com.pe
@400000004b0d6d6c2c0e677c simscan: cdb looking up
@400000004b0d6d6c2c11da4c simscan: cdb for  found 
clam=yes,spam=yes,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c12862c simscan: pelookup clam = yes
@400000004b0d6d6c2c1312cc simscan: pelookup spam = yes
@400000004b0d6d6c2c137474 simscan: pelookup spam_hits = 5.0
@400000004b0d6d6c2c14b0dc simscan: Per Domain Hits set to : 5.000000
@400000004b0d6d6c2c15260c simscan: pelookup attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c1587b4 simscan: attachment flag attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c162bc4 simscan: .pif is attachment number 0
@400000004b0d6d6c2c16953c simscan: .scr is attachment number 1
@400000004b0d6d6c2c16f2fc simscan: .vbs is attachment number 2
@400000004b0d6d6c2c174cd4 simscan: .bat is attachment number 3
@400000004b0d6d6c2c17a6ac simscan: .bas is attachment number 4
@400000004b0d6d6c2c180084 simscan: .cmd is attachment number 5
@400000004b0d6d6c2c185a5c simscan: .com is attachment number 6
@400000004b0d6d6c2c18b04c simscan: .exe is attachment number 7
@400000004b0d6d6c2c190a24 simscan: .dll is attachment number 8
@400000004b0d6d6c2c19fc54 simscan: starting: work dir: 
/var/qmail/simscan/1259171170.739859.27217
@400000004b0d6d6c3998fccc simscan: pelookup: called with jolumape...@hotmail.com
@400000004b0d6d6c3999143c simscan: pelookup: domain is hotmail.com
@400000004b0d6d6c399923dc simscan: cdb looking up hotmail.com
@400000004b0d6d6c3999337c simscan: pelookup: local part is jolumape_al
@400000004b0d6d6c3999431c simscan: cdb looking up jolumape...@hotmail.com
@400000004b0d6d6c399952bc simscan: pelookup: called with 
jma...@enlaceaduanero.com.pe
@400000004b0d6d6c39995e74 simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6d6c399a5c5c simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6d6c399a6bfc simscan: cdb for enlaceaduanero.com.pe found 
clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399a7f84 simscan: pelookup clam = yes
@400000004b0d6d6c399a8f24 simscan: pelookup spam = yes
@400000004b0d6d6c399a9adc simscan: pelookup spam_passthru = no
@400000004b0d6d6c399aaa7c simscan: unimplemented flag spam_passthru = no
@400000004b0d6d6c399ac9bc simscan: pelookup spam_hits = 5.0
@400000004b0d6d6c399ad95c simscan: Per Domain Hits set to : 5.000000
@400000004b0d6d6c399ae8fc simscan: pelookup attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399af89c simscan: attachment flag attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399b083c simscan: .pif is attachment number 0
@400000004b0d6d6c399b17dc simscan: .scr is attachment number 1
@400000004b0d6d6c399b3334 simscan: .vbs is attachment number 2
@400000004b0d6d6c399b42d4 simscan: .bat is attachment number 3
@400000004b0d6d6c399b7d6c simscan: .bas is attachment number 4
@400000004b0d6d6c399b8924 simscan: .cmd is attachment number 5
@400000004b0d6d6c399b98c4 simscan: .com is attachment number 6
@400000004b0d6d6c399ba864 simscan: .exe is attachment number 7
@400000004b0d6d6c399bb804 simscan: .dll is attachment number 8
@400000004b0d6d6c399bc3bc simscan: pelookup: local part is jmarin
@400000004b0d6d6c399bd35c simscan: cdb looking up jma...@enlaceaduanero.com.pe
@400000004b0d6d6c399bf29c simscan: regex opening message file 
msg.1259171170.739859.27217
@400000004b0d6d6c399c023c simscan: regex reading message
@400000004b0d6d6c399c11dc simscan: regex freeing memory
@400000004b0d6d6c399c1d94 simscan: cdb looking up version regex
@400000004b0d6d6c39bebcdc simscan: cdb looking up version attach
@400000004b0d6d6c39bfce4c simscan: calling clamdscan
@400000004b0d6d6c3a7bf644 simscan: cdb looking up version clamav
@400000004b0d6d6c3a7d51ec simscan: normal clamdscan return code: 0
@400000004b0d6d6c3a7efbb4 simscan: calling spamc
@400000004b0d6d6c3a7fe22c simscan: calling /usr/bin/spamc  spamc -s 200000 -t 
60 -U /tmp/spamd.sock -u jma...@enlaceaduanero.com.pe
@400000004b0d6d701fda26e4 simscan: cdb looking up version spam
@400000004b0d6d701fda3e54 simscan:[27178]:CLEAN (-69.30/5.00):3.7908s:Correo 
1-18:65.55.34.221:jolumape...@hotmail.com:jma...@enlaceaduanero.com.pe
@400000004b0d6d701fda51dc simscan: done, execing qmail-queue
@400000004b0d6d7027f1652c simscan: qmail-queue exited 0
@400000004b0d6d70349fcb4c tcpserver: end 27178 status 0
@400000004b0d6d7034a0b1c4 tcpserver: status: 0/800

But when I send mail to both emails (CC or BCC) does not work properly 
whitelisted and assigns a value close to 5.0 (SIMSCAN DEBUG):

@400000004b0d6e222906c4fc tcpserver: ok 27737 :172.16.4.5:25 :65.55.34.24::2436
@400000004b0d6e2502164f34 qmail-smtpd: pid 27737 
Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.24:unknown 
H:col0-omc1-s14.col0.hotmail.com F:jolumape...@hotmail.com 
T:lca...@enlaceaduanero.com.pe
@400000004b0d6e25021666a4 qmail-smtpd: pid 27737 
Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.24:unknown 
H:col0-omc1-s14.col0.hotmail.com F:jolumape...@hotmail.com 
T:jma...@enlaceaduanero.com.pe
@400000004b0d6e250be1773c simscan: cdb looking up
@400000004b0d6e250be4ceb4 simscan: cdb for  found 
clam=yes,spam=yes,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be576ac simscan: pelookup clam = yes
@400000004b0d6e250be60734 simscan: pelookup spam = yes
@400000004b0d6e250be66cc4 simscan: pelookup spam_hits = 5.0
@400000004b0d6e250be7d424 simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e250be8550c simscan: pelookup attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be8ba9c simscan: attachment flag attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be96a64 simscan: .pif is attachment number 0
@400000004b0d6e250bea1e14 simscan: .scr is attachment number 1
@400000004b0d6e250bed370c simscan: .vbs is attachment number 2
@400000004b0d6e250bed4a94 simscan: .bat is attachment number 3
@400000004b0d6e250bed5a34 simscan: .bas is attachment number 4
@400000004b0d6e250bed69d4 simscan: .cmd is attachment number 5
@400000004b0d6e250bed758c simscan: .com is attachment number 6
@400000004b0d6e250bed852c simscan: .exe is attachment number 7
@400000004b0d6e250bed94cc simscan: .dll is attachment number 8
@400000004b0d6e250beda084 simscan: starting: work dir: 
/var/qmail/simscan/1259171355.199932.27747
@400000004b0d6e2516196304 simscan: pelookup: called with jolumape...@hotmail.com
@400000004b0d6e2516197e5c simscan: pelookup: domain is hotmail.com
@400000004b0d6e2516198dfc simscan: cdb looking up hotmail.com
@400000004b0d6e25161999b4 simscan: pelookup: local part is jolumape_al
@400000004b0d6e251619a954 simscan: cdb looking up jolumape...@hotmail.com
@400000004b0d6e251619b8f4 simscan: pelookup: called with 
lca...@enlaceaduanero.com.pe
@400000004b0d6e251619c894 simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6e25161a35f4 simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6e25161a4594 simscan: cdb for enlaceaduanero.com.pe found 
clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161a591c simscan: pelookup clam = yes
@400000004b0d6e25161a68bc simscan: pelookup spam = yes
@400000004b0d6e25161a7474 simscan: pelookup spam_passthru = no
@400000004b0d6e25161a8414 simscan: unimplemented flag spam_passthru = no
@400000004b0d6e25161a9f6c simscan: pelookup spam_hits = 5.0
@400000004b0d6e25161af55c simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e25161b04fc simscan: pelookup attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161b149c simscan: attachment flag attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161b243c simscan: .pif is attachment number 0
@400000004b0d6e25161b33dc simscan: .scr is attachment number 1
@400000004b0d6e25161b531c simscan: .vbs is attachment number 2
@400000004b0d6e25161b62bc simscan: .bat is attachment number 3
@400000004b0d6e25161b996c simscan: .bas is attachment number 4
@400000004b0d6e25161ba524 simscan: .cmd is attachment number 5
@400000004b0d6e25161bb4c4 simscan: .com is attachment number 6
@400000004b0d6e25161bc464 simscan: .exe is attachment number 7
@400000004b0d6e25161bd01c simscan: .dll is attachment number 8
@400000004b0d6e25161bdfbc simscan: pelookup: local part is lcampo
@400000004b0d6e25161bef5c simscan: cdb looking up lca...@enlaceaduanero.com.pe
@400000004b0d6e25161c0e9c simscan: pelookup: called with 
jma...@enlaceaduanero.com.pe
@400000004b0d6e25161c1e3c simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6e25161c2ddc simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6e25161c3994 simscan: cdb for enlaceaduanero.com.pe found 
clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161c4d1c simscan: pelookup clam = yes
@400000004b0d6e25161d106c simscan: pelookup spam = yes
@400000004b0d6e25161d200c simscan: pelookup spam_passthru = no
@400000004b0d6e25161d2bc4 simscan: unimplemented flag spam_passthru = no
@400000004b0d6e25161d3b64 simscan: pelookup spam_hits = 5.0
@400000004b0d6e25161d4b04 simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e25161d5aa4 simscan: pelookup attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161d6a44 simscan: attachment flag attach = 
.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161d8984 simscan: .pif is attachment number 0
@400000004b0d6e25161d9924 simscan: .scr is attachment number 1
@400000004b0d6e25161dd3bc simscan: .vbs is attachment number 2
@400000004b0d6e25161de35c simscan: .bat is attachment number 3
@400000004b0d6e25161def14 simscan: .bas is attachment number 4
@400000004b0d6e25161dfeb4 simscan: .cmd is attachment number 5
@400000004b0d6e25161e0e54 simscan: .com is attachment number 6
@400000004b0d6e25161e1a0c simscan: .exe is attachment number 7
@400000004b0d6e25161e29ac simscan: .dll is attachment number 8
@400000004b0d6e25161e394c simscan: pelookup: local part is jmarin
@400000004b0d6e25161e588c simscan: cdb looking up jma...@enlaceaduanero.com.pe
@400000004b0d6e25161e682c simscan: regex opening message file 
msg.1259171355.199932.27747
@400000004b0d6e25161e77cc simscan: regex reading message
@400000004b0d6e25161e8384 simscan: regex freeing memory
@400000004b0d6e25161e9324 simscan: cdb looking up version regex
@400000004b0d6e2516423824 simscan: cdb looking up version attach
@400000004b0d6e251642537c simscan: calling clamdscan
@400000004b0d6e2516fe872c simscan: cdb looking up version clamav
@400000004b0d6e2517002154 simscan: normal clamdscan return code: 0
@400000004b0d6e251701c34c simscan: calling spamc
@400000004b0d6e2517029254 simscan: calling /usr/bin/spamc  spamc -s 200000 -t 
60 -U /tmp/spamd.sock
@400000004b0d6e273143b79c simscan: cdb looking up version spam
@400000004b0d6e273143cf0c simscan:[27737]:CLEAN (4.10/5.00):2.6227s:Correo 
1-21:65.55.34.24:jolumape...@hotmail.com:lca...@enlaceaduanero.com.pe,jma...@enlaceaduanero.com.pe

What is wrong?

Thanks

Jose Luis

SETTINGS:

Mail Server: Qmail + Spamassassin + ClamAV + Simscan

/etc/init.d/spamassassin.rc

#!/bin/sh
# spamassassin This script starts and stops the spamd daemon
#

PATH=$PATH:/usr/local/sbin:/usr/local/bin
case "$1" in
  start)
        cd /

        /usr/bin/spamd -v -u vpopmail -m 3 -x -q -s stderr -r 
/var/run/spamd/spamd.pid \
        --socketpath=/tmp/spamd.sock 2>&1 | \
        /usr/local/bin/setuidgid qmaill \
        /usr/local/bin/multilog t !spamdappend /var/log/qmail/spamd &
        echo "spamd started"
        ;;

  stop)
        if [ -r /var/run/spamd/spamd.pid ]; then
          pid=`cat /var/run/spamd/spamd.pid`
          kill $pid || ( echo "failed to stop spamd" && exit 1 )
          echo "spamd (pid $pid) stopped"
        else
          echo "/var/run/spamd/spamd.pid doesn't exist, is spamd running?"
        fi
        ;;

  restart)
        $0 stop && sleep 2 &&  $0 start
        ;;

  *)
        echo "usage: spamassassin.rc (start|stop|restart)"
        ;;
esac


/etc/mail/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 212.17.35.
# lock_method flock


required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe 0
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ 
bayes=_BAYES_ report=_REPORT_ autolearn=_AUTOLEARN_ version=_VERSIO
N_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on 
_HOSTNAME_
ok_locales all
skip_rbl_checks 0
auto_whitelist_factor 0.5
bayes_auto_learn 1
bayes_file_mode 0666
whitelist_from *...@surfcontrol.com
whitelist_from servic...@profuturo.com.pe
whitelist_from juan.enc...@gmail.com

# auto_whitelist_file_mode 0666

#####################
user_scores_dsn                 DBI:mysql:spamassassin:localhost
user_scores_sql_username        spamuser
user_scores_sql_password        spampass
user_scores_sql_custom_query    SELECT preference, value FROM _TABLE_ WHERE  
username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) OR userna
me = _USERNAME_ ORDER BY username ASC

auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn                    DBI:mysql:spamassassin:localhost
user_awl_sql_username           spamuser
user_awl_sql_password           spampass
user_awl_sql_table              awl

bayes_store_module              Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn                   DBI:mysql:spamassassin:localhost
bayes_sql_username              spamuser
bayes_sql_password              spampass
#####################

header PUBLICIDAD_ASUNTO    Subject =~ /publicidad/i
describe PUBLICIDAD_ASUNTO  Subject: comienza con publicidad
score PUBLICIDAD_ASUNTO     5.0

Simscan

./configure --enable-clamav=y --enable-clamdscan=/usr/local/bin/clamdscan 
--enable-dropmsg=y --enable-custom-smtp-reject=n --enable-per-domain=y 
--enable-attach=y --enable-spam=y --enable-ripmime=/usr/local/bin/ripmime 
--enable-received=y --enable-spam-hits=5.0 --enable-spamc=/usr/bin/spamc 
--enable-spamc-args="-s 200000 -t 60 -U /tmp/spamd.sock" --enable-spamc-user=y 
--enable-regex=y --with-pcre-include=/usr/local/include --enable-quarantinedir


qmail-smtpd

#!/bin/bash
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
export NOP0FCHECK="1"
export MFDNSCHECK=""
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export HELOCHECK=""
export SIMSCAN_DEBUG=2
exec /usr/local/bin/softlimit -m 24000000 \
/usr/local/bin/tcpserver -H -p -R -x /usr/vpopmail/etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID -v -c 800 0 smtp rblsmtpd -t 180 \
-r zen.spamhaus.org \
-r bl.spamcop.net \
-r dnsbl.njabl.org \
/usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1

                                          
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx