You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Keith Dowell <ke...@rogersmfg.com> on 2004/02/09 23:22:27 UTC

Why does this happen, what's the diff between score and hits?

This is weird - I get some that don't get flagged by sa - but get sent to
the spamdrop by mimedefang like this...

X-Spam-Score: 5.906 (*****)
FVGT_u_DOM_END_NUM,HTML_50_60,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALAN
CE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens
X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail
X-Spam-Status: No, hits=2.4 required=4.0 tests=FVGT_u_DOM_END_NUM,
 HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,
 RM_sl_Parens autolearn=no version=2.61
X-Spam-Level: **

But the ones that DO get flagged with sa have no X-Spam-Score but have a
X-Spam-Flag=YES???

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail
X-Spam-Status: Yes, hits=5.2 required=4.0 tests=CLICK_BELOW,
 MIME_MISSING_BOUNDARY,MIME_QP_NO_CHARSET,MISSING_OUTLOOK_NAME,
 MSGID_FROM_MTA_SHORT,UPPERCASE_25_50 autolearn=no version=2.61
X-Spam-Level: *****
MIME-Version: 1.0

Re: Why does this happen, what's the diff between score and hits?

Posted by Chris Thielen <cm...@someone.dhs.org>.

Keith Dowell said:
> This is weird - I get some that don't get flagged by sa - but get sent to
> the spamdrop by mimedefang like this...
>
> X-Spam-Score: 5.906 (*****)
> FVGT_u_DOM_END_NUM,HTML_50_60,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALAN
> CE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens
> X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
> mail
> X-Spam-Status: No, hits=2.4 required=4.0 tests=FVGT_u_DOM_END_NUM,
>  HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,
>  RM_sl_Parens autolearn=no version=2.61
> X-Spam-Level: **
>
> But the ones that DO get flagged with sa have no X-Spam-Score but have a
> X-Spam-Flag=YES???
>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
> mail
> X-Spam-Status: Yes, hits=5.2 required=4.0 tests=CLICK_BELOW,
>  MIME_MISSING_BOUNDARY,MIME_QP_NO_CHARSET,MISSING_OUTLOOK_NAME,
>  MSGID_FROM_MTA_SHORT,UPPERCASE_25_50 autolearn=no version=2.61
> X-Spam-Level: *****
> MIME-Version: 1.0
>

Could it be that you are accidentally sending the email through
SpamAssassin twice, perhaps even on two different systems?


--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases
(0BFU$C/\TED SPA/\/\ P|-|RA$ES):
http://www.sandgnat.com/cmos/

Re: Why does this happen, what's the diff between score and hits?

Posted by Keith Dowell <ke...@rogersmfg.com>.

well here the code from md.

if ($hits >= 4) {
                md_log('spam', $hits, $RelayAddr);
                my($score);
                if ($hits < 40) {
                    $score = "*" x int($hits);
                } else {
                    $score = "*" x 40;
                }
                action_add_header("X-Orig-Recipients", join(",
",@Recipients));
                foreach $recip(@Recipients){
                        delete_recipient($recip);
                }
                add_recipient('spam@somedomain.com');
                # We add a header which looks like this:
                # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
                # The number of asterisks in parens is the integer part
                # of the spam score clamped to a maximum of 40.
                # MUA filters can easily be written to trigger on a
                # minimum number of asterisks...
                action_change_header("X-Spam-Score", "$hits ($score)
$names");

                # If you find the SA report useful, add it, I guess...
                action_add_part($entity, "text/plain", "-suggest",
                                "$report\n",
                                "SpamAssassinReport.txt", "inline");
            } else {
                # Delete any existing X-Spam-Score header?
                action_delete_header("X-Spam-Score");

so I think I'm still missing why md catches this when sa is reporting hits
below 4
X-Spam-Status: No, hits=2.4 required=4.0 tests=...

and even weirder that when sa scores above 4 -  I DON'T get the x-spam-score
header.

I mean - I don't profess to being the worlds greatest programmer, but
doesn't the code above read logically

if number of hits is greater than or equal to 4
    add this header (which it isn't adding the header if it's above 4)
else
    remove any existing X-Spam-Score header (which the dang thing doesn't
ever seem to hit this)

what am I missing here?

Re: Why does this happen, what's the diff between score and hits?

Posted by Theo Van Dinter <fe...@kluge.net>.

On Mon, Feb 09, 2004 at 04:22:27PM -0600, Keith Dowell wrote:
> But the ones that DO get flagged with sa have no X-Spam-Score but have a
> X-Spam-Flag=YES???

X-Spam-Score isn't a standard SA header, but X-Spam-Flag is.  It sounds
like you're having issues wrt mimedefang.

-- 
Randomly Generated Tagline:
Dyslexic Christian sells soul to Santa ... film at 11.