MailScanner causes SpamAssassin rules to firing inconsistently

Wolfgang Baudler wbaudler at gb.nrao.edu
Thu Nov 5 19:05:50 UTC 2015 

> On 11/05/2015 09:51 AM, Wolfgang Baudler wrote:
>
>>
>> Not sure what you mean with normal messages being present. There is
>> always
>> a lot of activity on that server, mostly spam, but also some ham
>> messages
>> present most of the time. "Max Children" is set to 5, but testing with
>> only one instance of MailScanner resulted in the same behavior also.
>
>
> By 'normal', I mean't not errors or warnings. I mean if you consider two
> messages, one that fires and one that doesn't, if you look at all the
> MTA and MailScanner log messages relevant to the processing of those two
> messages, are the log messages the same or is there some difference
> between the two sets.
>

no difference in log messages, except the senders domain and address of
course.

internal log example:
Nov  5 13:50:58 io MailScanner[24033]: Message tA5IopES005503 from
192.33.116.115 (wbaudler at gb.nrao.edu) to gb.nrao.edu is not spam,
SpamAssassin (score=-199.008, required 5, autolearn=disabled, TEST_RULE_AA
1.00, NRAO_HEADER_PRESENT -100.00, TVD_SPACE_RATIO 0.00, T_RP_MATCHES_RCVD
-0.01, USER_IN_WHITELIST -100.00)

external log example:
Nov  5 13:55:47 io MailScanner[24004]: Message tA5ItQmr006622 from
98.138.229.70 (wbaudler at yahoo.com) to gb.nrao.edu is not spam,
 SpamAssassin (score=0.902, required 5, autolearn=disabled,
DKIM_ADSP_CUSTOM_MED 0.00, DKIM_SIGNED 0.10, FREEMAIL_FROM 0.00,
LOCAL_ID_JAVAMAIL 1.00, NML_ADSP_CUSTOM_MED 1.20, RCVD_IN_DNSWL_LOW
-0.70, RCVD_IN_MSPIKE_H3 -0.70, SPF_PASS -0.00, T_DKIM_INVALID 0.01,
T_RP_MATCHES_RCVD -0.01)

The TEST_RULE_AA test result is missing in the external example. The
message sent was completely identical.

>
>> If there is only one instance of MailScanner running it still processes
>> messages in batches, right? Is it possible that that it gets confused in
>> that process and is mixing the results of different messages scanned in
>> the same batch? Still doesn't explain why internal messages always fire
>> correctly.
>
>
> Yes, even with only one child, processing is still in batches. If there
> is some evidence (added headers) in the message that doesn't fire that
> spamassassin was invoked on that message, I don't see how that's an issue.

It does have the usual spamassassin headers added. Just not with the right
rule flags, i.e. rules that should have triggered are missing.

>
> OTOH, if there is no evidence that spamassassin was invoked on the
> message at all, then we are looking at 'why does MailScanner sometimes
> skip spamassassin' as opposed to 'why does spamassassin sometimes behave
> differently'. The former could be a rule set.
>

No, it is definitely a case of 'why does spamassassin sometimes behave
differently'.

Wolfgang

More information about the MailScanner mailing list