Am 30.11.2015 um 17:24 schrieb Sebastian Arcus:
OK - this might be a basic question, but recently the detection rate on my SA install has been really unreliable, so I decided that the first step is to be sure it is using the public dns blocklists and razor. My setup: 1. Spamassassin 3.4.1 2. I have Bind configured as recursive, non-forwarding, caching DNS server. 3. spamassassin --lint doesn't return any errors or failures. 5. My init.pre contains "loadplugin Mail::SpamAssassin::Plugin::URIDNSBL" Here is the report included in one of the emails which is spam, but wasn't detected as such: Content analysis details: (1.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [212.227.15.41 listed in list.dnswl.org] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines Does the above mean that the DNSBL tests were applied, but returned zero values - or would it mean they were skipped. I'm not sure how to find out which one is it? I'm happy to attach some sample emails which weren't detected, or any other useful info. Thank you
RCVD_IN_DNSWL_LOW is the opposite of "returned zero values" but why not just pass a sample against SA in debug-mode?
spamassassin -D < /path/to/spam-example.eml
signature.asc
Description: OpenPGP digital signature
