FW: score=0 problem: SpamAssassin (not cached, score=0, required 5, autolearn=)

Glenn Steen glenn.steen at gmail.com
Wed Jul 25 23:30:46 IST 2007 

On 26/07/07, donald.dawson at bakerbotts.com <donald.dawson at bakerbotts.com> wrote:
>
>
>
> I have noticed that some spam has been creeping in.  We have 4 inbound MX
> servers, but only has is experiencing this problem.
>
> We are running SpamAssassin version 3.2.0, Perl version 5.8.3, and
> MailScanner version 4.59.4.
>
> Here are the counts of 'is not spam' and 'is spam' with 'score=0,' (should
> not happen):
Which one do you mean? score=0 could happen.... and "is spam" too,
provided it either was a cached entry, or hit an RBL in MS.

> fgrep "score=0," /var/log/maillog | grep 'is not spam' | wc -l -- 649
> fgrep "score=0," /var/log/maillog | grep 'is spam' | wc -l -- 311
>
> Spamassasin is not showing any errors, and '/usr/bin/spamassassin -D -p
> /etc/MailScanner/spam.assassin.prefs.conf --lint' does not
> show errors.
>
> There are files in /dev/shm/ (.spamassassin*) that are being created, and
> some are being left in that directory.  Here is an example of a file that
> has been left on this ramdisk fs:
>
> # grep l6PJ1iYV029369 /var/log/maillog
> Jul 25 14:01:51 houmx05 milter-greylist: l6PJ1iYV029369: skipping greylist
> because this is the default action,
> (from==kimharrison2 at srs.bis.na.blackberry.com>,
> rcpt=<tracy.hallenberger at bakerbotts.com>,
> addr=smtp02.bis.na.blackberry.com[216.9.248.49])
>
> Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369:
> from=<SRS0=R44+k6=MX=tmo.blackberry.net=kimharrison2 at srs.bis.na.blackberry.com>,
> size=654, class=0, nrcpts=1,
> msgid=<2074773001-1185390040-cardhu_decombobulator_blackberry.rim.net-1101465393- at bxe017.bisx.prod.on.blac,
> proto=ESMTP, daemon=MTA, relay=smtp02.bis.na.blackberry.com [216.9.248.49]
>
> Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369: Milter add: header:
> X-Null-Tag: 3a576a56bd3b913802bbc7fd4c9f07ad
>
> Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369: Milter add: header:
> X-Greylist: Default is to whitelist mail, not delayed by
> milter-greylist-3.0rc3 (houmx05.bakerbotts.com [204.194.98.17]); Wed, 25 Jul
> 2007 14:01:51 -0500 (CDT)
>
> Jul 25 14:01:51 houmx05 sendmail[29369]: l6PJ1iYV029369:
> to=<tracy.hallenberger at bakerbotts.com>, delay=00:00:00,
> mailer=esmtp, pri=30654, stat=queued
>
> Jul 25 14:01:53 houmx05 MailScanner[6850]: Message l6PJ1iYV029369 from
> 216.9.248.49
> (srs0=r44+k6=mx=tmo.blackberry.net=kimharrison2 at srs.bis.na.blackberry.com)
> to bakerbotts.com is not spam, SpamAssassin (not cached, score=0, required
> 5, autolearn=)
>
> Jul 25 14:01:56 houmx05 sendmail[29452]: l6PJ1iYV029369:
> to=<tracy.hallenberger at bakerbotts.com>, delay=00:00:05,
> xdelay=00:00:00, mailer=esmtp, pri=120654, relay=housweep01.bakerbotts.net.
> [10.20.254.236], dsn=2.0.0, stat=Sent (Message received OK)

What did this crackberry message score when you ran SA on it manually?

> # l .spamassassin29421Mvfyimtmp
> -rw-------  1 root root 1307 Jul 25 14:01 .spamassassin29421Mvfyimtmp
> Wed Jul 25 14:12:06 CDT 2007
>
> I'm wondering if it is a possible problem with the /dev/shm ram disk.  Can
> spamassassin be pointed to use another directory?

Might be something, yes... And the info on what it might be could be
present in the logs, your grep isn't that ... perfect:-). Check the
lines around that/during that time (minute), possibly pasting a more
conclusive excerpt here.
Upgrading SA is usually simple, so you could do that too (I have no
knowledge that that would help, but it can't hurt (much) either:-).

> I would appreciate any help you can provide.
>
> Thanks,
> Donald

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list