You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Reta <Da...@Narus.com> on 2007/01/23 19:05:32 UTC
Some tests not being run during relay
hello,
I am looking for some help with an issue I am having. Some spam has been
getting through and it looks like when it comes through a bunch of rules
are not getting hit, but when I run it manually as the same user that my
mimedefang runs as it scores well above the threshold.
I am running on RedHat Linux 4 with
sendmail->mimedefang->spamassassin(3.1.7). I am running it manually as
the same user mimedefang uses so I don't think that is the issue. Could
it be timing out or something? Any help would be appreciated.
Thanks,
David
Here is an example.
Here is the MSG.0 file that gets quarantined by Mimedefang.
-bash-3.00$ more MSG.0
Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good day Davidr!!! A Genuine Univers1ty Degree 1n 4-6
weeks! Haev you ever thought that the only thing stopping you from a
great job and better pay was a few letters behind you name? Well now
you
can get them! [...]
Content analysis details: (4.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.5 PLING_QUERY Subject has exclamation mark and question
mark
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4473]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[89.137.135.243 listed in
sbl-xbl.spamhaus.org]
4.412 5 BAYES_50,PLING_QUERY,RCVD_IN_XBL
Here is the output when I run it manually.
-bash-3.00$ spamassassin < ENTIRE_MESSAGE
Received: from localhost by mx2.narus.com
with SpamAssassin (version 3.1.7);
Tue, 23 Jan 2007 10:01:46 -0800
From: "(270) 818-7244 Reuben " <11...@itpaystolearn.com>
To: <da...@narus.com>
Subject: *****SPAM***** Need a Diploma? {}You Need a Better Degere, and
we can Help!
Date: Tue, 23 Jan 2007 19:46:19 +0300
Message-Id: <08...@CNN7>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx2.narus.com
X-Spam-Level: ****************
X-Spam-Status: Yes, score=16.4 required=5.0 tests=BAYES_50,
DRUGS_STOCK_MIMEOLE,FM_SCHOOLING,FM_SCHOOL_DIPLOMA,FM_SCHOOL_TYPES,
J_CHICKENPOX_31,J_CHICKENPOX_72,MID_14DIGITS_HEX,NO_RECEIVED,
NO_RELAYS,PLING_QUERY,SARE_SPEC_DIPLOMA autolearn=no
version=3.1.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45B64D8A.F257228F"
This is a multi-part message in MIME format.
------------=_45B64D8A.F257228F
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good day Davidr!!! A Genuine Univers1ty Degree 1n 4-6
weeks! Haev you ever thought that the only thing stopping you from a
great job and better pay was a few letters behind you name? Well now
you
can get them! [...]
Content analysis details: (16.4 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.5 PLING_QUERY Subject has exclamation mark and question
mark
2.8 MID_14DIGITS_HEX MID_14DIGITS_HEX
1.1 SARE_SPEC_DIPLOMA educational spam subject
-0.0 NO_RELAYS Informational: message was not relayed via
SMTP
0.6 J_CHICKENPOX_72 BODY: 7alpha-pock-2alpha
0.6 J_CHICKENPOX_31 BODY: 3alpha-pock-1alpha
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.4275]
5.6 FM_SCHOOL_TYPES Meta Combo Phrase for Schooling
1.2 FM_SCHOOLING Meta Combo Phrase for Schooling (2)
2.0 DRUGS_STOCK_MIMEOLE Stock-spam forged headers found (5510)
-0.0 NO_RECEIVED Informational: message has no Received
headers
2.0 FM_SCHOOL_DIPLOMA Meta for Schooling + Diploma.
------------=_45B64D8A.F257228F
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-ID: <08...@CNN7>
From: "(270) 818-7244 Reuben " <11...@itpaystolearn.com>
To: <da...@narus.com>
Subject: Need a Diploma? {}You Need a Better Degere, and we can Help!
Date: Tue, 23 Jan 2007 19:46:19 +0300
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: A4ZDuhTMWDpnC33nubM21tj5viVqfrdeJ83i
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 8bit
Good day Davidr!!!
A Genuine Univers1ty Degree 1n 4-6 weeks!
Haev you ever thought that the only thing stopping you from a great job
and better pay was a few letters behind you name?
Well now you can get them!
BA BSc MA MSc MBA PhD
Wtihin 4-6 weeks!
No Study Required!
100% Verifiable!
These are real, genuine degrees that include Bachelosr, Masters, MBA and
Doctorate Degrees. They are fully verifiable and certified transcripts
are also available.
Just call the number below.
You?l lthank me later?
Begin Right Now! +1 (270) 818-7244
Online Now
--**--**--**--**--**--**--**--**--**
hopes of ever regaining his family's land-if the Parthians
didn'tremembered his fear beside the river and his conquest of fear. A
voicethumbs down. "Morituri te salutamus," he remarked, then spat.
"Doesn'tvinegar before that ... that ... Persian with his catamite
eyes."
------------=_45B64D8A.F257228F--
This email and attachments may contain Narus, Inc. confidential material. If you are not the intended recipient, contact the sender immediately and delete all instances of this email and attachments.
Re: Some tests not being run during relay
Posted by Matthias Fuhrmann <Ma...@stud.uni-hannover.de>.
On Tue, 23 Jan 2007, David Reta wrote:
hI,
> I am looking for some help with an issue I am having. Some spam has been
> getting through and it looks like when it comes through a bunch of rules
> are not getting hit, but when I run it manually as the same user that my
> mimedefang runs as it scores well above the threshold.
>
> I am running on RedHat Linux 4 with
> sendmail->mimedefang->spamassassin(3.1.7). I am running it manually as
> the same user mimedefang uses so I don't think that is the issue. Could
> it be timing out or something? Any help would be appreciated.
>
did you run it manualy,using the same user as used by
mimedefang/spamassasin? maybe its some sort of permission mismatch.
got no help/hint using spamasasssin --lint -D?
regards,
Matthias