(sorry by the English, an automatic translator was used)
I switched to the simscan to do a test. There seems to be, in my
opinion, no problem with simscan or qmailscaner, but something with
spamassasin or spamd/spamc Most of the time spamassassin work well. But
sometimes occurs some fails on de spamd/spamc processes
For example, see this case (some information has changed):
#siscam.log:
2012-11-13 20:51:39 simscan:[2722]:CLEAN
(4.90/5.00):10.5786s:Subjec:xx.xx.xx.xx:s...@domain.com:user@mydomain
#spamd.log
2012-11-13 20:51 [4517] info: spamd: connection from localhost
[127.0.0.1] at port 54503
2012-11-13 20:51 [4517] info: spamd: processing message
<x...@spammer.host> for qscand:1001
2012-11-13 20:51 [4517] info: spamd: clean message (4.9/5.0) for
qscand:1001 in 9.7 seconds, 4331 bytes.
2012-11-13 20:51 [4517] info*: *spamd: result: . 4 -
BAYES_50,DCC_CHECK,FUZZY_CREDIT,HS_INDEX_PARAM,HTML_MESSAGE,MIME_HTML_ONLY
scantime=9.7,size=4331,user=qscand,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=54503,mid=<x...@spammer.host>,bayes=0.499979,autolearn=no
I saved the message in my thunderbird client, I rode the spamc, run
formail to attempt to clean the headers added by the spamassasin
gateway and leaves it as close as possible to the original message
# spamc -u qscand -R < savedmessage.eml
<...cut some garbage...>
Content analysis details: (8.7 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.0 MISSING_MID Missing Message-Id: header
0.0 MISSING_DATE Missing Date: header
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
5.5 BANK_STUFF BODY: Banker email stuff
1.2 FUZZY_CREDIT BODY: Attempt to obfuscate words in spam
0.0 HS_INDEX_PARAM URI: Link contains a common tracker pattern.
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: brucesautoservice.ca]
-0.0 NO_RECEIVED Informational: message has no Received headers
There is a custom rule (in this case, 5.5 BANK_STUFF) with a high score
that seems to have been ignored by simscan+spamd process, but that is
considered when run manually spamc Attenton: this custom rule is ONLY
an example - some will say that the problem may be in the custom rules,
but this problem also occurs in the processing of standard rules. As
said above, most spams are blocked correctly (sometimes with the help
of custom rules) but I'd like to try to find out why these stuff occour
(for example, does the spamd can ignore some rules for the server
overload??)
Em 09-11-2012 19:39, Jason Haar escreveu:
Qmail-Scanner doesn't call SA as "spamc < file" - look to see how it is
called and then run that by hand - you need to compare apples with apples
hint: spamc -f -u email@address
--
Rejaine da Silveira Monteiro
Suporte-TI
Jamef Encomendas Urgentes
Matriz - Contagem/MG
Tel: (31) 2102-8854
www.jamef.com.br
* Desconhecido - detectado
* Inglês
* Inglês
<javascript:void(0);><#>
