MailScanner permits mail with score higher than allowed score

Oliver Kutscher ok at addix.net
Wed Dec 9 14:26:29 UTC 2015 

Hi,

we are experiencing a lot of spam mails since some days and some of the 
mails are allowed and passed to the recepient. Let's have a look into a 
log entry I found in my logs:

Dec  9 11:22:50 mailscan1.mydomain.campus MailScanner[30235]: Message 
1a6btR-0008Ty-Mo from 10.0.0.2 (spammer at spam.com) to mydomain.net is not 
spam, SpamAssassin (score=7.768, required=3.5, HTML_MESSAGE 0.00, 
KAM_LAZY_DOMAIN_SECURITY 1.00, RCVD_IN_BRBL_LASTEXT 1.45, 
RCVD_IN_SBL_CSS 3.33, RCVD_IN_XBL 0.38, URIBL_WS_SURBL 1.61)

This mail passes the mail system an reached the recepient. I'm curious 
about two things:

Why was the mail ranked as "is not spam" (score > required score)?

Why has the required score a value of 3.5? I set per domain scores 
within /etc/MailScanner/rules/spam.score.rules:

To:             *@mycompany.com                      4
To:             *@mycompany.net                     8
FromOrTo:       default                         3.5

To make it more complicated: Most time the required score for 
mycompany.net is shown as 8 which is the required score that I'm expecting.

I would be very appreciated for any suggestions.

==============
Versions / OS
==============
Running on
Linux mailscan1.addix.campus 3.10.0-229.14.1.el7.x86_64 #1 SMP Tue Sep 
15 15:05:51 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
This is CentOS Linux release 7.1.1503 (Core)
This is Perl version 5.016003 (5.16.3)

This is MailScanner version 4.85.2
Module versions are:
1.01    AnyDBM_File
1.30    Archive::Zip
0.29    bignum
1.26    Carp
2.061   Compress::Zlib
1.119   Convert::BinHex
0.18    Convert::TNEF
2.145   Data::Dumper
2.30    Date::Parse
1.04    DirHandle
1.11    Fcntl
2.84    File::Basename
2.23    File::Copy
2.02    FileHandle
2.09    File::Path
0.2301  File::Temp
0.92    Filesys::Df
3.69    HTML::Entities
3.71    HTML::Parser
3.69    HTML::TokeParser
1.25_06 IO
1.16    IO::File
1.15    IO::Pipe
2.12    Mail::Header
1.998   Math::BigInt
0.2603  Math::BigRat
3.13    MIME::Base64
5.505   MIME::Decoder
5.505   MIME::Decoder::UU
5.505   MIME::Head
5.505   MIME::Parser
3.13    MIME::QuotedPrint
5.505   MIME::Tools
0.17    Net::CIDR
1.26    Net::IP
0.19    OLE::Storage_Lite
1.04    Pod::Escapes
3.28    Pod::Simple
1.30    POSIX
1.27    Scalar::Util
2.010   Socket
2.45    Storable
1.5     Sys::Hostname::Long
0.33    Sys::Syslog
1.48    Test::Pod
0.98    Test::Simple
1.9725  Time::HiRes
1.02    Time::localtime

Optional module versions are:
1.92    Archive::Tar
0.29    bignum
2.06    Business::ISBN
20120719.001    Business::ISBN::Data
missing Data::Dump
1.83    DB_File
1.39    DBD::SQLite
1.627   DBI
1.17    Digest
1.03    Digest::HMAC
2.52    Digest::MD5
missing Digest::SHA1
1.01    Encode::Detect
0.17020 Error
missing ExtUtils::CBuilder
3.18    ExtUtils::ParseXS
2.4     Getopt::Long
missing Inline
missing IO::String
1.10    IO::Zlib
2.28    IP::Country
missing Mail::ClamAV
3.004000        Mail::SpamAssassin
v2.008  Mail::SPF
missing Mail::SPF::Query
missing Module::Build
missing Net::CIDR::Lite
0.72    Net::DNS
missing Net::DNS::Resolver::Programmable
missing Net::LDAP
  4.069  NetAddr::IP
missing Parse::RecDescent
missing SAVI
3.28    Test::Harness
missing Test::Manifest
2.02    Text::Balanced
1.60    URI
0.9907  version
missing YAML


Kind Regards,
i.A.
Oliver Kutscher

More information about the MailScanner mailing list