Different score with SpamAssassin Alone

Rick Cooper rcooper at DIMENSION-FLM.COM
Sun Feb 8 12:34:51 GMT 2004


Ok I was being very brain dead... There is no return path when
MailScanner gets the message as Exim has queued it for delivery
but doesn't add the return path until final delivery, after
MailScanner has processed it. Doh!

Rick

> -----Original Message-----
> From: MailScanner mailing list
> [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Rick Cooper
> Sent: Saturday, February 07, 2004 7:31 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Different score with SpamAssassin Alone
>
>
> Hopefully someone will see/think something I have
> missed on this,
> it's driving me up the wall..
>
> I have been getting a lot of mail from the new
> SpamAssassin list
> dumped into my spam box even though I had the list
> whitelisted. I
> then wrote a custom rule that would look at the Return-path
> header (since the from address could be some other
> address with a
> cc to the list) and tested it with SA and all worked fine. But
> when it runs through MailScanner (and I restarted MS several
> times) it misses every single time. Below is a sample header
> section of the last message that got tagged spam.
> Rules that are
> in the same .cf file as the rule in question will have hits but
> the RC_SA_LIST has not hit once, spam or ham. And every time I
> run it on the same message in the SpamBox it gets
> dumped into (by
> MailScanner delete forward  spam) it will hit the RC_SA_LIST
> rule. (MailScanner Version 4.23-7 SA Version 2.63)
>
> Message header:
>
> Return-path:
> <spamassassin-users-return-012-MyUname=MyDomain.com at inc
> ubator.apa
> che.org>
> Envelope-to: SpamMailBox at MyDomain.com
> Delivery-date: Sat, 07 Feb 2004 16:44:24 -0500
> Received: from daedalus.apache.org ([208.185.179.12]
> helo=mail.apache.org)
>         by Mail.MyDomain.com with smtp (Exim 4.22)
>         id 1ApaFQ-0003Vn-MY
>         for MyUname at MyDomain.com; Sat, 07 Feb 2004
> 16:44:20 -0500
> Received: (qmail 68038 invoked by uid 500); 7 Feb 2004
> 21:44:06 -0000
> Mailing-List: contact
> spamassassin-users-help at incubator.apache.org; run by ezmlm
> Precedence: bulk
> list-help:
> <mailto:spamassassin-users-help at incubator.apache.org>
> list-unsubscribe:
> <mailto:spamassassin-users-unsubscribe at incubator.apache.org>
> list-post: <mailto:spamassassin-users at incubator.apache.org>
> List-Id: "SpamAssassin Users" <users at spamassassin.apache.org>
>
> Rule:
>
> header RC_SA_LIST Return-path =~
> /spamassassin-users-return-[0-9]{2,4}-MyUname=MyDomain\
> .com\@incu
> bator\.apache\.org/i
>
> Original Score from MailScanner (right out of the header)
>
> X-XXXXX-MailScanner-SpamCheck: spam, SpamAssassin (score=7.759,
> required 5,
>         AWL -5.91, CLICK_BELOW 0.00, FROM_HAS_MIXED_NUMS 0.30,
>         FVGT_TRIPWIRE_FC 0.08, FVGT_TRIPWIRE_LQ 0.08,
> FVGT_TRIPWIRE_LW 0.08,
>         FVGT_TRIPWIRE_QC 0.08, FVGT_TRIPWIRE_WC 0.08,
> FVGT_m_MULTI_ODD2 1.10,
>         FVGT_m_MULTI_ODD3 1.10, FVGT_m_MULTI_ODD4 1.10,
>         FVGT_m_MULTI_ODD5 1.10, HTML_40_50 0.47,
> HTML_LINK_CLICK_HERE 0.10,
>         HTML_MESSAGE 0.00, OACYS_m_MULTI_CONS4 3.00,
> RC_B_REGALIS
> 4.50,
>         b_OBFU_QnoU 0.50)
> X-DFW-MailScanner-SpamScore: sssssss
>
> Note that RC_B_REGALIS is in the same .cf file as RC_SA_LIST
>         ,
>
> Score running spamassassin directly:
> (with the -p option or not, I have local.cf linked to
> etc/spam.assassin.prefs.conf)
>
>
> X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
>         MyDomain.com
> X-Spam-Level:
> X-Spam-Status: No, hits=-106.3 required=5.0 tests=CLICK_BELOW,
>         FROM_HAS_MIXED_NUMS,FVGT_TRIPWIRE_FC,FVGT_TRIPWIRE_LQ,
>
> FVGT_TRIPWIRE_LW,FVGT_TRIPWIRE_QC,FVGT_TRIPWIRE_WC,FVGT
> _m_MULTI_O
> DD2,
>
> FVGT_m_MULTI_ODD3,FVGT_m_MULTI_ODD4,FVGT_m_MULTI_ODD5,H
> TML_40_50,
>
> HTML_LINK_CLICK_HERE,HTML_MESSAGE,OACYS_m_MULTI_CONS4,R
> C_B_REGALI
> S,
>         RC_SA_LIST,USER_IN_WHITELIST,b_OBFU_QnoU autolearn=no
> version=2.63
>         ^^^^^^^^^  ^^^^^^^^^^^^^^^^^
>  So when SA is called directly it hists the whitelist and the
> custome RC_SA_LIST rule, but both are missed when
> MailScanner is
> front-ending SA. I have not updated MailScanner as I don't want
> to have to repatch Exim.pm, or reapply the custom
> logging code to
> log the "To:" address(s), and truncate the SA return to 800
> chars,  as I have not created a patch for that as of yet.
>
> Any one have an idea?
>
> Thanks
>
>
>  Rick Cooper



More information about the MailScanner mailing list