Mailscanner not catching SPAM but manual run via SA catches it

Dan Carl danc at bluestarshows.com
Mon Nov 13 22:57:44 GMT 2006 

----- Original Message ----- 
From: "René Berber" <r.berber at computer.org>
To: <mailscanner at lists.mailscanner.info>
Sent: Monday, November 13, 2006 4:13 PM
Subject: Re: Mailscanner not catching SPAM but manual run via SA catches it


> Dan Carl wrote:
> [snip]
> > I have no RBL listed in my MS conf. because I thought if it was set to
use
> > SA it would use SA's RBL.
>
> It does, but the configuration (mailscanner.cf) has to explicitly enable
it with
>  "skip_rbl_checks        0" (the default is set to 1).
this defers from what's noted in the mailscanner cf
# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, stop RBL checks in SpamAssassin by un-commenting  the
# following line
but I uncommented it out anyway and set it to 0 like you suggested

> [snip]
> > OK I know how run a test email through SA:
> > spamassassin -tx < test.eml
> > How do I do it with Mailscanner?
>
Test with the same message

FROM SPAMASSASSIN:

Content analysis details:   (9.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 0.5 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
 0.0 BAYES_50               BODY: Bayesian spam probability is 40 to 60%
                            [score: 0.5000]
 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
               [Blocked - see
<http://www.spamcop.net/bl.shtml?58.56.112.230>]
 3.9 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
                            [58.56.112.230 listed in sbl-xbl.spamhaus.org]
 3.2 RCVD_IN_SBL            RBL: Received via a relay in Spamhaus SBL
                            [58.56.112.230 listed in sbl-xbl.spamhaus.org]

FROM MAILSCANNER:
X-Bluestar-MScan-SpamCheck: spam, SpamAssassin (not cached, score=9.094,
 required 6, BAYES_50 0.00, DATE_IN_PAST_03_06 0.48,
 RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_SBL 3.16, RCVD_IN_XBL 3.90)
X-Bluestar-SpamScore: sssssssss

Looks to me like there very close to one another.
Do they have to be exact?
Both marked them as spam, good no problem.

The problem I have is the the ones that get though MailScanner.
They contain no information in the header.
Example:
FROM MAILSCANNER:
X-Bluestar-Scanned: Found to be clean
X-Spam-Status: No
FROM SPAMASSASSIN:
Content analysis details:   (31.9 points, 5.0 required)

 pts rule name              description
---- ---------------------- ------------------------------------------------
--
 2.2 INVALID_DATE           Invalid Date: header (not RFC 2822)
 4.1 HELO_DYNAMIC_HCC       Relay HELO'd using suspicious hostname (HCC)
 3.8 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr
                            2)
 1.0 BAYES_60               BODY: Bayesian spam probability is 60 to 80%
                            [score: 0.6529]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 2.2 DCC_CHECK              Listed in DCC
(http://rhyolite.com/anti-spam/dcc/)
 3.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: goneextra.com]
 4.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: goneextra.com]
 3.8 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: goneextra.com]
 4.1 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: goneextra.com]
 0.8 DIGEST_MULTIPLE        Message hits more than one network digest check

These are the same message.
What gives? Me dog could tell this is SPAM.
Its like Mailscanner changes the header but never scans the message
Any ideas for me?
sorry for the length just trying a give detail infomation.
I set conf file to log spam and no spam maybe I'll find something here.
thx for your help.
> The easiest way is to send a message from outside.  MS works with the mail
> queues so any manual test would have to add the qf/df files directly to
> mqueue.in which doesn't look easy to me.
> -- 
> René Berber
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list