Spamassassin rules not firing correctly

Stef Morrell stef at aoc-uk.com
Thu May 1 12:07:45 IST 2014


Hi guys,

This is a very strange one. 

Here is the spamassassin report for an email which passed through MailScanner.

score=2.691, required 5, BAYES_50 0.80, DCC_CHECK 1.10,
RDNS_NONE 0.79, SPF_HELO_PASS -0.00, SPF_PASS -0.00

Here is the report for the same email, when I run spamassassin manually. MS runs as postfix and I get the below running either as root, or as postfix.

X-Spam-Status: Yes, score=9.0 required=5.0 tests=BAYES_40,DCC_CHECK,
        DIGEST_MULTIPLE,PYZOR_CHECK,RCVD_IN_BL_SPAMCOP_NET,RDNS_NONE,SPF_HELO_PASS,
        URIBL_DBL_SPAM,URIBL_WS_SURBL autolearn=no autolearn_force=no version=3.4.0
X-Spam-Report: 
        *  2.5 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
        *      [URIs: moms-flowersbouquet-nice.me]
        *  1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
        *      [Blocked - see <http://www.spamcop.net/bl.shtml?198.176.28.130>]
        *  1.6 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
        *      [URIs: moms-flowersbouquet-nice.me]
        * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
        * -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40%
        *      [score: 0.2809]
        *  1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
        *  1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
        *  0.3 DIGEST_MULTIPLE Message hits more than one network digest check
        *  0.8 RDNS_NONE Delivered to internal network by a host with no rDNS

As you can see, MS has skipped all the blacklist rules and (for some reason) pyzor. 

I'm getting a knock on effect with this, where spam is being autolearned as ham, so my bayes is now totalled as well and I'll have to clear and recreate from scratch.

I've considered timeouts, but I'm running a cacheing DNS on the LAN and there's certainly when I run manually, the response is instant.

I'm at a bit of a loss here how to proceed and would appreciate any ideas anyone has.

Linux fedecks.level5.net 2.6.32-431.11.2.el6.x86_64 #1 SMP Tue Mar 25 19:59:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS release 6.5 (Final)
This is Perl version 5.010001 (5.10.1)
This is MailScanner version 4.84.6
SpamAssassin version 3.4.0

Thanks

Stef


More information about the MailScanner mailing list