Very bad score spamassassin

Markus Nilsson markus at markusoft.se
Fri Nov 18 14:34:25 GMT 2011 

> 
> Martin Hepworth <maxsec <at> gmail.com> writes:
> 
> > 
> > 
> > yes disable auto learn by commenting out the plugin in one of
> the /usr/local/spamassassin/*.cf filesyou need to know WHAT
> spamassassin rule
> is dragging the score down, you should be able to see this in
> Mailwatch or
> alter the following settings in MailWatch.conf and you'll get more
> info in the
> email headers to help diagnose..
> > 
> > Spam Score Number Format = %5.2f
> > 
> > 
> > 
> > Detailed Spam Report = yes
> > 
> > 
> > 
> > Include Scores In SpamAssassin Report = yes
> > 
> > 
> > 
> > Always Include SpamAssassin Report = yes
> > 
> > 
> > 
> > Spam Score Number Format = %5.2f
> > 
> > -- Martin HepworthOxford, UKOn 17 November 2011 10:31, eric le
> > corre
> <eric_le_corre <at> msn.com> wrote:
> > Spamassassin configuration is in autolearning. So there has to be
> > found in
> > spam HAM.
> >  Occasionally, I learn to SpamAssassin manually.
> >  But this problem has been the case since I installed mailscanner.
> >  Since the
> > beginning I have negative cores.
> >  Do I have to disable the AutoLearn, how?
> >  how can your remove the old tokens?
> >  
> > --
> > MailScanner mailing listmailscanner <at>
> lists.mailscanner.infohttp://lists.mailscanner.info/mailman/listinfo/mailscanne
> r
> > Before posting, read http://wiki.mailscanner.info/posting
> > Support MailScanner development - buy the book off the website!
> > 
> 
> 
> for example, example of spam that is not considered as spam by
> spamassasin
> with score 4.90
> in spam report, i can see :
> 
> cached not
> score=4.904
> 5 requis
> 3.50 BAYES_99 Bayes spam probability is 99 to 100%
> 0.00 FROM_12LTRDOM
> 1.39 HTML_COMMENT_SAVED_URL HTML message is a saved web page
> 0.00 HTML_MESSAGE HTML included in message
> 0.00 SPF_FAIL SPF: sender does not match SPF record (fail)
> 0.01 T_KHOP_FOREIGN_CLICK
> 
> an other one :
> cached not
> score=1.58
> 5 requis
> 0.80 BAYES_50 Bayes spam probability is 40 to 60%
> 0.10 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> valid
> -0.10 DKIM_VALID Message has at least one valid DKIM or DK signature
> 0.00 HTML_MESSAGE HTML included in message
> 0.78 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
> 
> 
> thanks
> 

Did I understand correctly if all your mail come from the same IP? Then your rbl-checks might not work in SpamAssassin/MailScanner, since you are not seeing the correct IP.

If this is wrongly setup, your RBL-checks will check the wrong IP, and your SPF checks will fail. You could try adding this header to your spamassassin config:

add_header all RelaysUntrusted _RELAYSUNTRUSTED_

Then you will get a header in all mails showing which IP is used for RBL and SPF checks. Make sure this IP is not your provider's (which is the same for all mail).

The header will look like this:
X-Spam-!RelaysUntrusted: [ ip=140.211.11.3 rdns=hermes.apache.org....

Read more here:
http://wiki.apache.org/spamassassin/TrustPath

Also, this is more a SpamAssassin issue than MailScanner, so you might get even more help on that mailing list!

/Markus

More information about the MailScanner mailing list