On Mon, 2013-11-11 at 20:26 -0200, Sergio Durigan Junior wrote: > Here is an example of a misclassified spam message: > <http://sergiodj.net/~sergio/sa/spam.txt> > > (This spam message was sent to a mailing list, not directly to my > address, as can be seen. I still don't have spams that were sent > directly to my e-mail address.).
None directly at all, or during the last 24 hours? Do you so far exclusively receive spam via mailing-lists? (Caveat: I am not a friend of scanning mailing-list traffic at the recipient, and directly deliver them into dedicated folders. It's the mailing-list operator's damn duty to keep spam out of the lists.) That said, in order to scan list traffic properly, you need to "extend your network" to include the list server IP(s). As a result, SA will then not treat the handing-over (here list-server) SMTP as an untrusted relay, but the actual omitter of the spam sending it to the list server. This is important, because some header rules and most notably DNSBLs need that last external host info for proper operation. See the trusted_networks option, and http://wiki.apache.org/spamassassin/TrustPath The X-Spam-Status header shows another problem: URIBL_BLOCKED. ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. UNPARSABLE_RELAY and SPF_FAIL are things to dig down, too. The above two issues though are by far more important. > - I run spamc directly from my .procmailrc: # Mailing-list recipes belong here. > :0fw: spamassassin.lock > * < 256000 > | spamc -- char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}