Spam not being flagged revisited

Julian Field jkf at ecs.soton.ac.uk
Sat May 25 08:38:38 IST 2002 

This looks like a variation of the SpamAssassin bug that caused me to stop
calling the "compile_now" method, which did speed up the SA analysis a bit,
but caused it to produce random output results. I'm pretty sure this is a
combination of a possible SA bug, and a possible Perl bug. I've checked the
MailScanner code pretty carefully, and it's doing everything correctly
according to the docs.

As well as getting a different score, do you get a different list of
successful tests as well?

At 20:07 24/05/2002, you wrote:
>Julian,
>
>Okay having captured three different spam messages that scored above the
>threshold but didn't have their subjects rewritten -- I dropped one back
>into mqueue.in as you suggested.
>
>4/5 times the scores were above threshold and still the subject was not
>re-written.  Apparently a consistent and persistent bug rearing its head
>when this particular message crosses its path.
>
>Now the plot thickens, but let me begin by saying I have not been
>drinking.
>
>Each of the 5 times I dropped the dfg/qfg combo into mqueue.in it came
>to me with different spam scores.  Once registering -4.4.  I'll throw
>that one away as an anomaly.  Each of the other times the scores
>exceeded the threshold but differed by as many as 15 points.
>
>I pieced the dfg/qfg back together and piped them through spamassassin
>using "spamassassin -t < test-spam > spam.out" and each time it
>registered 8.5 hits.
>
>So is it possible we are looking at two different problems or the same
>problem manifesting itself in different ways?  I've attached the dfg/qfg
>to this email.
>
>Thanks,
>D.
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>Behalf Of Julian Field
>Sent: Wednesday, May 22, 2002 12:25 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: Spam not being flagged revisited
>
>
>At 18:09 22/05/2002, you wrote:
> >It seems like a mailscanner issue where for some odd reason once in a
> >while the subject line doesn't get re-written as it should.  Is there
> >some way for me to pipe these messages back through mailscanner and see
> >if I can replicate the error?
>
>If you set the Archive Mail options, then it will save the qf and df
>files
>out of the queue for you. Then you can later drop them back into
>mqueue.in
>to see what happens if it has a second go at them.
>
>What's interesting is your report that it only does this sometimes, not
>always. Stinks of being a Perl bug, but I would like to prove it or work
>out how to avoid it.
>
> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> >Behalf Of Julian Field
> >Sent: Wednesday, May 22, 2002 11:07 AM
> >To: MAILSCANNER at JISCMAIL.AC.UK
> >Subject: Re: Spam not being flagged revisited
> >
> >
> >At 16:42 22/05/2002, you wrote:
> > >I received four more messages, where the Spamscore was greater than
>the
> > >threshold but the message was not marked as spam.  I am including one
> > >header, as the rest are similar  Everthing in spam.whitelist is
> > >commented out and only my local IP address is specified in
> > >mailscanner.conf.   I don't see how this is a whitelist problem.  Any
> > >ideas?
> >
> >I have just wiped my spam.whitelist.conf and commented out all "Accept
> >Spam
> >From" lines in mailscanner.conf.
> >I then set
> >          Use SpamAssassin = yes
> >          Always Include SpamAssassin Report = yes
> >and restarted MailScanner.
> >
> >Using the 2 SpamAssassin test messages sample-spam.txt and
> >sample-nonspam.txt that they supply for the purpose, I get these
> >results:
> >sample-spam.txt
> > >X-MailScanner-SpamCheck: SpamAssassin (score=17, required 5,
> > >FROM_HAS_MIXED_NUMS, INVALID_MSGID, INVALID_DATE, MSGID_HAS_NO_AT,
> > >SMTPD_IN_RCVD, UNDISC_RECIPS, NO_REAL_NAME, HOME_EMPLOYMENT,
> > >ONCE_IN_LIFETIME, CALL_FREE, REMOVE_SUBJ, LINES_OF_YELLING,
> > >LINES_OF_YELLING_2, LINES_OF_YELLING_3, RCVD_IN_OSIRUSOFT_COM)
> >
> >sample-nonspam.txt
> > >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.8, required
> >5,
> > >GAPPY_TEXT, LINES_OF_YELLING, PGP_SIGNATURE)
> >
> >I then set
> >          Use SpamAssassin = yes
> >          Always Include SpamAssassin Report = no
> >and restarted MailScanner.
> >
> >Using the same pair of messages again, I get
> >sample-spam.txt
> > >X-MailScanner-SpamCheck: SpamAssassin (score=17, required 5,
> > >FROM_HAS_MIXED_NUMS, INVALID_MSGID, INVALID_DATE, MSGID_HAS_NO_AT,
> > >SMTPD_IN_RCVD, UNDISC_RECIPS, NO_REAL_NAME, HOME_EMPLOYMENT,
> > >ONCE_IN_LIFETIME, CALL_FREE, REMOVE_SUBJ, LINES_OF_YELLING,
> > >LINES_OF_YELLING_2, LINES_OF_YELLING_3, RCVD_IN_OSIRUSOFT_COM)
> >
> >sample-nonspam.txt
> > >(no SpamCheck header at all)
> >
> >So either
> >          a) something weird is happening that is affecting your system
> >and
> >not mine
> >or      b) we are running different code.
> >
> >(b) is the most likely. I've got 1 more little feature to test out (RBL
> >checks timeout setting), then I'll release the code again. Any of you
> >having problems can then upgrade to that version and we'll see if your
> >problems go away.
> >
> > >Return-Path: <susanepapelej at jippii.fi>
> > >Received: from mail1.alluneedhosting.com ([208.46.132.87])
> > >         by vulcan.bepinc.com (8.11.6/8.11.6) with SMTP id
>g4M9DW103272
> > >         for <darian at bepinc.com>; Wed, 22 May 2002 04:13:32 -0500
> > >To: darian at bepinc.com
> > >Date: Wed, 22 May 2002 05:11:15 -0500
> > >Message-ID: <1022058675.2071 at localhost.localdomain>
> > >X-Mailer: Becky! ver. 2.00.03
> > >From: susanepapelej at jippii.fi
> > >Sender: <susanjqhnomac at jippii.fi>
> > >X-Sender: <susanqbiyhrhn at jippii.fi>
> > >Reply-To: <susanhhfnsjye at jippii.fi>
> > >Subject: INC 500 Co. Seeks Mgrs. / High $$ Paid!
> > >X-VirusScan: Found to be clean
> > >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=9.8, required
>5,
> > >         INVALID_DATE_ODD_MONTH, PLING, CLICK_BELOW,
>NORMAL_HTTP_TO_IP,
> > >         WEB_BUGS, CLICK_HERE_LINK, CTYPE_JUST_HTML)
> > >Status:
> > >
> > >-----Original Message-----
> > >From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > >Behalf Of Mike Wallis
> > >Sent: Tuesday, May 21, 2002 10:24 AM
> > >To: MAILSCANNER at JISCMAIL.AC.UK
> > >Subject: Spam not being flagged
> > >
> > >
> > >I just upgraded to 3.15-3 and noticed something odd while testing.
> > >
> > >---begin---
> > >X-MailScanner: Found to be clean
> > >X-MailScanner-SpamCheck: not spam, SpamAssassin (score=7, required 5,
> > >         SUBJ_HAS_Q_MARK, EXCUSE_3, EXCUSE_7, OPT_IN, CLICK_BELOW,
> > >         SUBJ_REMOVE)
> > >---end---
> > >
> > >In this particular instance, I forwarded myself some spam (the
>original
> > >generated a much higher score) and thought it rather odd that a score
> >in
> > >excess of the required score would get a 'not spam' designation.
> > >
> > >Any ideas?
> > >
> > >--
> > >Mike Wallis
> > >mw at unixsecurity.org
> >
> >--
> >Julian Field                Teaching Systems Manager
> >jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> >Tel. 023 8059 2817          University of Southampton
> >                              Southampton SO17 1BJ
>
>--
>Julian Field                Teaching Systems Manager
>jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
>Tel. 023 8059 2817          University of Southampton
>                              Southampton SO17 1BJ
>

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list