MS and SA diuffer
Duncan, Brian M.
brian.duncan at kattenlaw.com
Fri Oct 6 19:17:52 IST 2006
If you figure this out, please post back to the list to why it is
happening.
When I use either Imageinfo.pm or Fuzzyocr.pm with a .cf in the
/etc/mail/spamassassin dir MailScanner seems to cause Spam Assasin to
ignore these??
I JUST finished installing FuzzyOCR and all the accompanying tools to
make it work on 2 different relays here. I never see any hits from test
Spam messages I send from outside.
For the heck of it I also installed Imageinfo.pm and installed
imageinfo.cf into my /etc/mail/spamassassin directory and the same
results occurred. (more later on this)
Both servers are running:
spamassassin-3.1.4
mailscanner-4.54.6-1
A stock spam with inline gif processed through Mailscanner:
X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55,
required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20,
SARE_GIF_ATTACH 4.25)
X-MailScanner-SpamScore: sssss
Saved and processed locally on the SAME mail sever with - cat test.txt |
spamassassin -t
Content analysis details: (12.6 hits, 6.5 required)
0.8 HTML_00_10 BODY: Message is 0% to 10% HTML
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
4.2 SARE_GIF_ATTACH FULL: Email has a inline gif
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in
abuse.rfc-ignorant.org
10 FUZZY_OCR BODY: Mail contains an image with common
spam text inside
Words found:
"target" in 1 lines
"symbol" in 1 lines
"stock" in 1 lines
"price" in 1 lines
"company" in 1 lines
"breaking" in 1 lines
"banking" in 1 lines
"news" in 1 lines
(8 word occurrences found)
Appropriate output regarding Fuzzy_OCR from spamassassin -D --lint:
[30731] dbg: plugin: fixed relative path:
/etc/mail/spamassassin/FuzzyOcr.pm
[30731] dbg: plugin: loading FuzzyOcr from
/etc/mail/spamassassin/FuzzyOcr.pm
[30731] dbg: plugin: registered FuzzyOcr=HASH(0xa4200b4)
[30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'parse_config'
[30731] dbg: FuzzyOcr: Found scan: $gocr -i $pfile
[30731] dbg: FuzzyOcr: Found scan: $gocr -l 180 -d 2 -i $pfile
[30731] dbg: FuzzyOcr: Found scan: $gocr -l 140 -d 2 -i $pfile
[30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements
'finish_parsing_end'
[30731] dbg: FuzzyOcr: Using giffix => /usr/bin/giffix
[30731] dbg: FuzzyOcr: Using giftext => /usr/bin/giftext
[30731] dbg: FuzzyOcr: Using gifinter => /usr/bin/gifinter
[30731] dbg: FuzzyOcr: Using giftopnm => /usr/bin/giftopnm
[30731] dbg: FuzzyOcr: Using jpegtopnm => /usr/bin/jpegtopnm
[30731] dbg: FuzzyOcr: Using pngtopnm => /usr/bin/pngtopnm
[30731] dbg: FuzzyOcr: Using bmptopnm => /usr/bin/bmptopnm
[30731] dbg: FuzzyOcr: Using ppmhist => /usr/bin/ppmhist
[30731] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr
[30731] dbg: FuzzyOcr: Loaded <43> words from
"/etc/mail/spamassassin/FuzzyOcr.words"
[30731] dbg: FuzzyOcr: Using scan: $gocr -i $pfile
[30731] dbg: FuzzyOcr: Using scan: $gocr -l 180 -d 2 -i $pfile
[30731] dbg: FuzzyOcr: Using scan: $gocr -l 140 -d 2 -i $pfile
I do NOT have anything set in Mailscanner.conf specific to SpamAssassin
aside from site rules dir. Should I?
SpamAssassin Install Prefix =
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib
SpamAssassin Default Rules Dir =
Now with a different plugin loaded, ImageInfo.pm -
[2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from
/etc/mail/spamassassin/ImageInfo.pm
[2013] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc)
[2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from
/etc/mail/spamassassin/ImageInfo.pm
[2013] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc)
A stock spam with inline gif processed through Mailscanner:
X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55,
required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20,
SARE_GIF_ATTACH 4.25)
X-MailScanner-SpamScore: sssss
Saved and processed locally on the SAME mail sever with - cat test.txt |
spamassassin -t
Content analysis details: (11.1 hits, 6.5 required)
0.8 HTML_00_10 BODY: Message is 0% to 10% HTML
-2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
5.5 DC_IMAGE001_GIF BODY: Contains image named image001.gif
4.2 SARE_GIF_ATTACH FULL: Email has a inline gif
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in
abuse.rfc-ignorant.org
3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif
(imageinfo.cf had this specific rule I added JUST for the spam because I
already knew the inline GIF was named DDT.gif)
# you can match by image name
body DC_IMAGE001_GIF eval:image_named('DDT.gif')
describe DC_IMAGE001_GIF Contains image named
image001.gif
score DC_IMAGE001_GIF 5.50
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Garry
Glendown
Sent: Thursday, October 05, 2006 11:54 PM
To: MailScanner discussion
Subject: MS and SA diuffer
Hi,
I've just set up FuzzyOCR to take care of the Image spam that has
increased recently ... after still receiving untagged stock spam, I've
checked into the scores and stuff and noticed on a test message, that MS
has a lot less rule hits (and therefore less score points) than when
calling spamassassin directly ...
Here's what I got originally from MS:
X-nethinks-MailScanner-SpamCheck: not spam, SpamAssassin (Wertung=3.905,
benoetigt 5, HTML_10_20 1.35, HTML_IMAGE_ONLY_32 1.05,
HTML_MESSAGE 0.00, MIME_HTML_ONLY 0.00, RCVD_NUMERIC_HELO 1.50)
whereas the -t run from SA resulted in:
X-Spam-Status: Yes, score=25.2 required=5.0 tests=AWL,BAYES_99,
FORGED_RCVD_HELO,FUZZY_OCR,HTML_10_20,HTML_IMAGE_ONLY_32,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH autolearn=no
MailScanner.conf points to the right SA directory
(/etc/mail/spamassassin), there ARE image spams that get tagged with the
OCR-tags, so I don't really get it why the scoring differs this much ...
also with the Bayes score ... none on MS, 99 on SA ... !?
I'm still running MS 4.50, SA is 3.1.5 ...
Any idea where I could look for the cause of this?
Tnx!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
More information about the MailScanner
mailing list