Raphael Bauduin wrote: > Hi, > > I'm trying to help someone using Exim with the Debian packaged > spamassassin 3.2.5-2 and sa-exim 4.2.1-11 > I've looked for information on how a mail is processed precisely but > didn't find any explanation of the following. > > In the spamd logs, I see that each mail is processed 2 times: one > "checking" the mail, one "processing" the mail. (any precise docs on > those two steps?) > The problem I encountered, according to my understanding, is that the > checking step had a score of 3.9 (put in the header to X-Spam_score) > with this info in the X-Spam_report header: > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.0 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words > -1.1 BAYES_05 BODY: Bayesian spam probability is 1 to 5% > [score: 0.0336] > 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer > than 76 chars > 0.6 DC_PNG_UNO_LARGO Message contains a single large inline gif > 0.0 DC_IMAGE_SPAM_TEXT Possible Image-only spam with little text > 0.0 DC_IMAGE_SPAM_HTML Possible Image-only spam > 1.0 AWL AWL: From: address is in the auto white-list > > The chekcing on the other hand generated this: > X-Spam-Status: Yes, score=6.9 required=5.0 tests=AWL,BAYES_95, > > DC_IMAGE_SPAM_HTML,DC_IMAGE_SPAM_TEXT,DC_PNG_UNO_LARGO,HTML_IMAGE_ONLY_04, > HTML_MESSAGE,MIME_QP_LONG_LINE autolearn=no version=3.2.5 > > The difference is: > * BAYES_95 in place of BAYES_05 > * score is 6.9 in place of 3.9 >
Sounds like you are running the message through SA twice. Possibly once at receipt and once at delivery? The wide differences in Bayes score indicates that you are using two different databases, one of which is seriously mis-trained. > What I don't understand is: > - If I'm summing up all scores mentioned in X-Spam-Status, I should > get 3.9 - BAYES_05 ( -1.1) + BAYES_95 (+3 or +5, I need to check > which value is used), giving 8 or 10, which in no case match 6.9 > The culprit here is likely AWL. Unless you get the full report, you have no idea what score was assigned by AWL. Put a message with the complete set of headers in pastebin and give us the link to it. Once we see all of the headers, we may be able to tell you more. -- Bowie
