<div dir="ltr"><div>Are you running the tests against the same user MailScanner runs as to make sure any .spamassassin directory settings arent overriding<br><br></div>in both headers you're getting spamassassin cache hits which is a mailscanner option. You might want to stop MailScanner, delete the spamassassin cache file ans retry. Could be the cache file has got corrupt somehow.<br>
<br>martin<br></div><div class="gmail_extra"><br clear="all"><div>-- <br>Martin Hepworth, CISSP<br>Oxford, UK</div>
<br><br><div class="gmail_quote">On 12 June 2013 22:05, Duncan, Brian M. <span dir="ltr"><<a href="mailto:brian.duncan@kattenlaw.com" target="_blank">brian.duncan@kattenlaw.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">spamassassin-3.3.1-3.el5.rf<u></u><u></u></p>
<p class="MsoNormal">mailscanner-4.83.5-1<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Looking for some help here, it looks like sometimes Mailscanner is causing SpamAssassin to not use some rules. (Not exactly sure on this I assume it is Mailscanner based on the behavior I am seeing)<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I receive the message and it is not tagged as Spam and winds up in my inbox. The headers show on this example:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">X-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=0.8,required 6.5, BAYES_50 0.80, LOTS_OF_MONEY 0.00,RP_MATCHES_RCVD -0.00)<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I then take that message and drag it into a separate mailbox I had setup on our Exchange server, then pull it down to my Sendmail/Mailscanner/SpamAssassin box through imap in rfc822 format.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I then run the same message through Spamassassin with –test-mode locally from my mail server I get different scoring on, it looks like I am missing some of the checks because now it defiantly shows as Spam:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Content analysis details: (17.3 hits, 6.5 required)<u></u><u></u></p>
<p class="MsoNormal"> 5.0 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist<u></u><u></u></p>
<p class="MsoNormal"> [URIs: <a href="http://eelefs.net" target="_blank">eelefs.net</a>]<u></u><u></u></p>
<p class="MsoNormal">-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain<u></u><u></u></p>
<p class="MsoNormal"> 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%<u></u><u></u></p>
<p class="MsoNormal"> [score: 0.5050]<u></u><u></u></p>
<p class="MsoNormal"> 2.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level<u></u><u></u></p>
<p class="MsoNormal"> above 50%<u></u><u></u></p>
<p class="MsoNormal"> [cf: 100]<u></u><u></u></p>
<p class="MsoNormal"> 8.5 RAZOR2_CHECK Listed in Razor2 (<a href="http://razor.sf.net/" target="_blank">http://razor.sf.net/</a>)<u></u><u></u></p>
<p class="MsoNormal"> 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%<u></u><u></u></p>
<p class="MsoNormal"> [cf: 100]<u></u><u></u></p>
<p class="MsoNormal"> 0.0 LOTS_OF_MONEY Huge... sums of money<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">------ End of SpamAssassin results, Original message follows --------<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">So I was wondering if it had to with my MailScanner.conf having this line: SpamAssassin Local State Dir = # /var/lib/spamassassin<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">But based on my debug of MailScanner, it does not matter if the # is present or not, MailScanner seems to think it knows where all the rules are. The below output is with SpamAssassin Local State Dir = /var/lib/spamassassin<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">In Debugging mode, not forking...<u></u><u></u></p>
<p class="MsoNormal">Trying to setlogsock(unix)<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: logger: adding facilities: all<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: logger: logging level is DBG<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: generic: SpamAssassin version 3.3.1<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: generic: Perl 5.008008, PREFIX=/usr, DEF_RULES_DIR=/usr/share/spamassassin, LOCAL_RULES_DIR=/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/lib/spam<u></u><u></u></p>
<p class="MsoNormal">assassin<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: config: timing enabled<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.475 [32352] dbg: config: score set 0 chosen.<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.477 [32352] dbg: util: running in taint mode? no<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.480 [32352] dbg: dns: is Net::DNS::Resolver available? yes<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.480 [32352] dbg: dns: Net::DNS version: 0.65<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: using "/etc/mail/spamassassin" for site rules pre files<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: read file /etc/mail/spamassassin/init.pre<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: read file /etc/mail/spamassassin/v310.pre<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: read file /etc/mail/spamassassin/v312.pre<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: read file /etc/mail/spamassassin/v320.pre<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: read file /etc/mail/spamassassin/v330.pre<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: using "/var/lib/spamassassin/3.003001" for sys rules pre files<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.481 [32352] dbg: config: using "/var/lib/spamassassin/3.003001" for default rules dir<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /var/lib/spamassassin/3.003001/<a href="http://updates_spamassassin_org.cf" target="_blank">updates_spamassassin_org.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: using "/etc/mail/spamassassin" for site rules dir<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /etc/mail/spamassassin/<a href="http://70_sare_evilnum1.cf" target="_blank">70_sare_evilnum1.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /etc/mail/spamassassin/<a href="http://70_sare_unsub.cf" target="_blank">70_sare_unsub.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /etc/mail/spamassassin/<a href="http://chickenpox.cf" target="_blank">chickenpox.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /etc/mail/spamassassin/<a href="http://local.cf" target="_blank">local.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.482 [32352] dbg: config: read file /etc/mail/spamassassin/<a href="http://mailscanner.cf" target="_blank">mailscanner.cf</a><u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.483 [32352] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.483 [32352] dbg: config: read file /root/.spamassassin/user_prefs<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.484 [32352] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.488 [32352] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.491 [32352] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.494 [32352] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC<u></u><u></u></p>
<p class="MsoNormal">15:54:01 Jun 12 15:54:01.496 [32352] dbg: pyzor: network tests on, attempting Pyzor<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">The odd thing here to me, is if I search my maillog for some of the hits from above, Like URIBL_DBL_SPAM, I am seeing many hits on this.. It just seems to be skipping some of the rules for a certain messages. I looked through<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Anyone have any ideas where I can start to figure this one out? I checked my rules, but since some of the rules are firing I assumed it can’t have anything to do with that..<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Here is the complete output from the message I give as an example from above: (minus the spammy body)<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Received: from <a href="http://CHI-US-HT-01.us.kmz.com" target="_blank">CHI-US-HT-01.us.kmz.com</a> (10.18.17.28) by<u></u><u></u></p>
<p class="MsoNormal"> <a href="http://CHI-US-CAS-1B.us.kmz.com" target="_blank">CHI-US-CAS-1B.us.kmz.com</a> (10.125.15.2) with Microsoft SMTP Server (TLS) id<u></u><u></u></p>
<p class="MsoNormal"> 14.3.123.3; Wed, 12 Jun 2013 15:44:04 -0500<u></u><u></u></p>
<p class="MsoNormal">Received: from <a href="http://chi-us-vwall-01.us.kmz.com" target="_blank">chi-us-vwall-01.us.kmz.com</a> (10.18.16.181) by<u></u><u></u></p>
<p class="MsoNormal"> <a href="http://CHI-US-HT-01.us.kmz.com" target="_blank">CHI-US-HT-01.us.kmz.com</a> (10.18.17.28) with Microsoft SMTP Server id<u></u><u></u></p>
<p class="MsoNormal"> 14.3.123.3; Wed, 12 Jun 2013 15:44:03 -0500<u></u><u></u></p>
<p class="MsoNormal">Received: from <a href="http://venus.kattenlaw.com" target="_blank">venus.kattenlaw.com</a> ([10.18.3.33]) by <a href="http://us.kmz.com" target="_blank">us.kmz.com</a><u></u><u></u></p>
<p class="MsoNormal"> ([10.18.16.181]) with ESMTP (TREND IMSS SMTP Service 7.1) id 844d8c4f001d4ac4<u></u><u></u></p>
<p class="MsoNormal"> ; Wed, 12 Jun 2013 15:44:01 -0500<u></u><u></u></p>
<p class="MsoNormal">Received: from <a href="http://smtp1.eelefs.net" target="_blank">smtp1.eelefs.net</a> (<a href="http://smtp1.eelefs.net" target="_blank">smtp1.eelefs.net</a> [66.197.143.105]) by<u></u><u></u></p>
<p class="MsoNormal"> <a href="http://venus.kattenlaw.com" target="_blank">venus.kattenlaw.com</a> (8.13.8/8.13.4) with ESMTP id r5CKi0H8028960 for<u></u><u></u></p>
<p class="MsoNormal"> <<a href="mailto:brian.duncan@kmzr.com" target="_blank">brian.duncan@kmzr.com</a>>; Wed, 12 Jun 2013 15:44:03 -0500<u></u><u></u></p>
<p class="MsoNormal">From: 2013 Models <<a href="mailto:Jorge.Mendoza@eelefs.net" target="_blank">Jorge.Mendoza@eelefs.net</a>><u></u><u></u></p>
<p class="MsoNormal">To: "Duncan, Brian M." <<a href="mailto:brian.duncan@kattenlaw.com" target="_blank">brian.duncan@kattenlaw.com</a>><u></u><u></u></p>
<p class="MsoNormal">Subject: *Reduction Information* 2013's for thousands less<u></u><u></u></p>
<p class="MsoNormal">Thread-Topic: *Reduction Information* 2013's for thousands less<u></u><u></u></p>
<p class="MsoNormal">Thread-Index: AQHOZ62T+0z+e2LgwkiBidggfWeC0A==<u></u><u></u></p>
<p class="MsoNormal">Date: Wed, 12 Jun 2013 15:43:58 -0500<u></u><u></u></p>
<p class="MsoNormal">Message-ID: <<a href="mailto:29295056e3e7741908e644022e5f0220@smtp1.eelefs.net" target="_blank">29295056e3e7741908e644022e5f0220@smtp1.eelefs.net</a>><u></u><u></u></p>
<p class="MsoNormal">Reply-To: "<a href="mailto:Jorge.Mendoza@eelefs.net" target="_blank">Jorge.Mendoza@eelefs.net</a>" <<a href="mailto:Jorge.Mendoza@eelefs.net" target="_blank">Jorge.Mendoza@eelefs.net</a>><u></u><u></u></p>
<p class="MsoNormal">Content-Language: en-US<u></u><u></u></p>
<p class="MsoNormal">X-MS-Exchange-Organization-AuthAs: Anonymous<u></u><u></u></p>
<p class="MsoNormal">X-MS-Exchange-Organization-AuthSource: <a href="http://CHI-US-HT-01.us.kmz.com" target="_blank">CHI-US-HT-01.us.kmz.com</a><u></u><u></u></p>
<p class="MsoNormal">X-MS-Has-Attach:<u></u><u></u></p>
<p class="MsoNormal">X-MS-TNEF-Correlator:<u></u><u></u></p>
<p class="MsoNormal">x-mailscanner-from: <a href="mailto:jorgemendoza@smtp1.eelefs.net" target="_blank">jorgemendoza@smtp1.eelefs.net</a><u></u><u></u></p>
<p class="MsoNormal">x-mailscanner-spamcheck: not spam, SpamAssassin (cached, score=0.8, required<u></u><u></u></p>
<p class="MsoNormal"> 6.5, BAYES_50 0.80, LOTS_OF_MONEY 0.00, RP_MATCHES_RCVD -0.00)<u></u><u></u></p>
<p class="MsoNormal">x-kattenlaw-mailscanner-information:<u></u><u></u></p>
<p class="MsoNormal">x-mailscanner-spam: no<u></u><u></u></p>
<p class="MsoNormal">x-kattenlaw-mailscanner-id: r5CKi0H8028960<u></u><u></u></p>
<p class="MsoNormal">x-tm-imss-message-id: <<a href="mailto:844d8c4f001d4ac4@us.kmz.com" target="_blank">844d8c4f001d4ac4@us.kmz.com</a>><u></u><u></u></p>
<p class="MsoNormal">x-kattenlaw: NS<u></u><u></u></p>
<p class="MsoNormal">Content-Type: text/plain; charset="us-ascii"<u></u><u></u></p>
<p class="MsoNormal">Content-ID: <<a href="mailto:8737EB66163E6F4DA060748F2D862AD0@kattenlaw.com" target="_blank">8737EB66163E6F4DA060748F2D862AD0@kattenlaw.com</a>><u></u><u></u></p>
<p class="MsoNormal">MIME-Version: 1.0<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks for any help.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<table><tbody><tr><td bgcolor="#ffffff"><font color="#000000"><pre>===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue
Service, any tax advice contained herein is not intended or written to be used and cannot be used
by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive
use of the individual or entity to whom it is addressed and may contain information that is
proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you
are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or
distribution of this information may be subject to legal restriction or sanction. Please notify
the sender, by electronic mail or telephone, of any unintended recipients and delete the original
message without making any copies.
===========================================================
NOTIFICATION: Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has
elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================</pre></font></td></tr></tbody></table>
<br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br></div>