MS and SA diuffer
Glenn Steen
glenn.steen at gmail.com
Fri Oct 6 21:43:27 IST 2006
On 06/10/06, Duncan, Brian M. <brian.duncan at kattenlaw.com> wrote:
>
> If you figure this out, please post back to the list to why it is
> happening.
>
> When I use either Imageinfo.pm or Fuzzyocr.pm with a .cf in the
> /etc/mail/spamassassin dir MailScanner seems to cause Spam Assasin to
> ignore these??
>
> I JUST finished installing FuzzyOCR and all the accompanying tools to
> make it work on 2 different relays here. I never see any hits from test
> Spam messages I send from outside.
>
> For the heck of it I also installed Imageinfo.pm and installed
> imageinfo.cf into my /etc/mail/spamassassin directory and the same
> results occurred. (more later on this)
>
> Both servers are running:
>
> spamassassin-3.1.4
> mailscanner-4.54.6-1
>
> A stock spam with inline gif processed through Mailscanner:
>
> X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55,
> required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20,
> SARE_GIF_ATTACH 4.25)
> X-MailScanner-SpamScore: sssss
>
> Saved and processed locally on the SAME mail sever with - cat test.txt |
> spamassassin -t
>
> Content analysis details: (12.6 hits, 6.5 required)
> 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML
> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif
> 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in
> abuse.rfc-ignorant.org
> 10 FUZZY_OCR BODY: Mail contains an image with common
> spam text inside
> Words found:
> "target" in 1 lines
> "symbol" in 1 lines
> "stock" in 1 lines
> "price" in 1 lines
> "company" in 1 lines
> "breaking" in 1 lines
> "banking" in 1 lines
> "news" in 1 lines
> (8 word occurrences found)
>
>
> Appropriate output regarding Fuzzy_OCR from spamassassin -D --lint:
>
> [30731] dbg: plugin: fixed relative path:
> /etc/mail/spamassassin/FuzzyOcr.pm
> [30731] dbg: plugin: loading FuzzyOcr from
> /etc/mail/spamassassin/FuzzyOcr.pm
> [30731] dbg: plugin: registered FuzzyOcr=HASH(0xa4200b4)
> [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements 'parse_config'
> [30731] dbg: FuzzyOcr: Found scan: $gocr -i $pfile
> [30731] dbg: FuzzyOcr: Found scan: $gocr -l 180 -d 2 -i $pfile
> [30731] dbg: FuzzyOcr: Found scan: $gocr -l 140 -d 2 -i $pfile
> [30731] dbg: plugin: FuzzyOcr=HASH(0xa4200b4) implements
> 'finish_parsing_end'
> [30731] dbg: FuzzyOcr: Using giffix => /usr/bin/giffix
> [30731] dbg: FuzzyOcr: Using giftext => /usr/bin/giftext
> [30731] dbg: FuzzyOcr: Using gifinter => /usr/bin/gifinter
> [30731] dbg: FuzzyOcr: Using giftopnm => /usr/bin/giftopnm
> [30731] dbg: FuzzyOcr: Using jpegtopnm => /usr/bin/jpegtopnm
> [30731] dbg: FuzzyOcr: Using pngtopnm => /usr/bin/pngtopnm
> [30731] dbg: FuzzyOcr: Using bmptopnm => /usr/bin/bmptopnm
> [30731] dbg: FuzzyOcr: Using ppmhist => /usr/bin/ppmhist
> [30731] dbg: FuzzyOcr: Using gocr => /usr/bin/gocr
> [30731] dbg: FuzzyOcr: Loaded <43> words from
> "/etc/mail/spamassassin/FuzzyOcr.words"
> [30731] dbg: FuzzyOcr: Using scan: $gocr -i $pfile
> [30731] dbg: FuzzyOcr: Using scan: $gocr -l 180 -d 2 -i $pfile
> [30731] dbg: FuzzyOcr: Using scan: $gocr -l 140 -d 2 -i $pfile
>
> I do NOT have anything set in Mailscanner.conf specific to SpamAssassin
> aside from site rules dir. Should I?
>
> SpamAssassin Install Prefix =
>
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
>
> SpamAssassin Local Rules Dir =
>
> SpamAssassin Local State Dir = # /var/lib
>
> SpamAssassin Default Rules Dir =
>
>
> Now with a different plugin loaded, ImageInfo.pm -
>
> [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from
> /etc/mail/spamassassin/ImageInfo.pm
> [2013] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc)
>
> [2013] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from
> /etc/mail/spamassassin/ImageInfo.pm
> [2013] dbg: plugin: registered
> Mail::SpamAssassin::Plugin::ImageInfo=HASH(0x95bdacc)
>
>
> A stock spam with inline gif processed through Mailscanner:
>
> X-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=5.55,
> required 6.5, MR_NOT_ATTRIBUTED_IP 0.10, RATWR10_MESSID 1.20,
> SARE_GIF_ATTACH 4.25)
> X-MailScanner-SpamScore: sssss
>
> Saved and processed locally on the SAME mail sever with - cat test.txt |
> spamassassin -t
>
> Content analysis details: (11.1 hits, 6.5 required)
> 0.8 HTML_00_10 BODY: Message is 0% to 10% HTML
> -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> [score: 0.0000]
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 5.5 DC_IMAGE001_GIF BODY: Contains image named image001.gif
> 4.2 SARE_GIF_ATTACH FULL: Email has a inline gif
> 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in
> abuse.rfc-ignorant.org
> 3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif
>
> (imageinfo.cf had this specific rule I added JUST for the spam because I
> already knew the inline GIF was named DDT.gif)
> # you can match by image name
> body DC_IMAGE001_GIF eval:image_named('DDT.gif')
> describe DC_IMAGE001_GIF Contains image named
> image001.gif
> score DC_IMAGE001_GIF 5.50
>
>
>
Good info, but you haven't addressed Anthony (or Alex') questions.
Please tell us more about your setup, or we will likely not be able to
help you... What MTA, OS/version etc etc. The more details the
better:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list