Different SA scan results

Tue Mar 3 15:25:30 GMT 2015

Actually.... The spa.-assassin.prefs.conf should already be "included"
in all SA calls via the /etc/mail/spamassassin/mailscanner.cf symbolic
link, so you should not need to include it in any other way (I think
the "-p" option is more or less wrong anyway, since it is a cf file,
not really a prefs file).
So check that symlink...

Usually differences between scans as done by MailScanner and done from
the cli fall into two (well, three, counting the possible omission of
the mailscanner.cf symlink categories):
- Time has passed between invocation one and invocation two, meaning
that things like digest tests and BLs will fire differently (as
mentioned previously)
- Different users "get" different result: If you have a run as user =
postfix, for example, you might get a different Bayes (file) database
etc. Also, if you normally run MS as a non-privileged user, you might
actually have a problem reaching all the SA config your root user
would.

If the latter case is true, simply run your cli invocation logged on
as postfix ("su - postfix -s /bin/bash" or somesuch, then do the
spamassasin thing, lint or whatever).

Cheers!
-- 
-- Glenn

On 3 March 2015 at 05:51, Jerry Benton <jerry.benton at mailborder.com> wrote:
> No.
>
> spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf -D < msg
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
> On Mar 2, 2015, at 10:45 PM, Jeremy McSpadden <jeremy at fluxlabs.net> wrote:
>
> Not sure what you mean. MS is calling spamassassin ... Shouldn't it be the
> same scan ? Why would NOT including my prefs.conf file change ?
>
> --
> Jeremy McSpadden
> Flux Labs | http://www.fluxlabs.net | Endless Solutions
> Office : 850-250-5590x501 | Cell : 850-890-2543 | Fax : 850-254-2955
>
> On Feb 27, 2015, at 1:46 AM, Jerry Benton <jerry.benton at mailborder.com>
> wrote:
>
> You need to include your /etc/MailScanner/ spam.assassin.prefs.conf in your
> command to get the same results.
>
> -
> Jerry Benton
> www.mailborder.com
>
>
>
> On Feb 26, 2015, at 9:12 PM, Jeremy McSpadden <jeremy at fluxlabs.net> wrote:
>
> What would cause an cli scan (spamassassin -D < msg) to have different
> results than mailscanner scan ?
>
> via cli
>
> Content analysis details:   (26.1 points, 5.0 required)
>
>  pts rule name              description
> ---- ----------------------
> --------------------------------------------------
>  3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
>                             [46.105.49.218 listed in zen.spamhaus.org]
>  5.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
>                             [URIs: karefon.eu]
>  5.0 URIBL_DBL_SPAM         Contains a spam URL listed in the DBL blocklist
>                             [URIs: karefon.eu]
> -2.0 SPF_HELO_PASS          SPF: HELO matches SPF record
> -0.0 SPF_PASS               SPF: sender matches SPF record
>  0.0 HTML_MESSAGE           BODY: HTML included in message
>  1.5 BAYES_50               BODY: Bayes spam probability is 40 to 60%
>                             [score: 0.4995]
>  0.5 KAM_EU                 RAW: Prevalent use of .eu in spam/malware
>  5.0 KAM_GRABBAG2           Grabbag of Spams hitting EU domains and other
> indicators
>  0.8 RDNS_NONE              Delivered to internal network by a host with no
> rDNS
>  2.0 HTML_OFF_PAGE          HTML element rendered well off the displayed
> page
>  0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay
> lines
>  5.0 KAM_VERY_BLACK_DBL     Email that hits both URIBL Black and Spamhaus
> DBL
>  0.0 T_REMOTE_IMAGE         Message contains an external image
>
>
> via ms
> 1.50
> BAYES_50
> Bayes spam probability is 40 to 60%
> 0.00
> HTML_MESSAGE
> HTML included in message
> 2.00
> HTML_OFF_PAGE
> HTML element rendered well off the displayed page
> 0.50
> KAM_EU
> Prevalent use of .eu in spam/malware
> 0.79
> RDNS_NONE
> Delivered to internal network by a host with no rDNS
> -2.00
> SPF_HELO_PASS
> SPF: HELO matches SPF record
> -0.00
> SPF_PASS
> SPF: sender matches SPF record
> 0.01
> T_REMOTE_IMAGE
> 0.00
> UNPARSEABLE_RELAY
> Informational: message has unparseable relay lines
> --
> Jeremy McSpadden
> Flux Labs, Inc | http://www.fluxlabs.net | Endless Solutions
> Office : 850-250-5590 x 501 | Cell : 850-890-2543 | Fax : 850-254-2955
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se