You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by cpayne <cp...@magigames.net> on 2007/09/24 10:27:47 UTC
Every e-mail is now getting a new score, creating a lot of false
postive.
Guys,
I am not sure when this started but now every e-mail that comes on to my
box has this score...
2.0 MISSING_SUBJECT Missing Subject: header
-0.0 NO_RECEIVED Informational: message has no Received headers
0.1 TO_CC_NONE No To: or Cc: header
I use amavisd, spamassassin, and postfix. What rule set this? Why would
every email be getting this.
Chuck
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by cpayne <cp...@magigames.net>.
Matthias Haegele wrote:
> cpayne schrieb:
>> Matthias Haegele wrote:
>>> cpayne schrieb:
>>>> Guys,
>>>>
>>>> I am not sure when this started but now every e-mail that comes on
>>>> to my box has this score...
>>>>
>>>> 2.0 MISSING_SUBJECT Missing Subject: header
>>>> -0.0 NO_RECEIVED Informational: message has no Received
>>>> headers
>>>> 0.1 TO_CC_NONE No To: or Cc: header
>>>>
>>>> I use amavisd, spamassassin, and postfix. What rule set this? Why
>>>> would every email be getting this.
>>>
>>> Perhaps you could show a complete message?
>>> Maybe config errors (removed headers ...)?
>>>
>>> Without further details it is hard to guess ...
>>> Which versions you use ...
>>>
>>>> Chuck
>>>
>>>
>> Ok, this message is spam, but I think this what you are looking for,
>> if not please let me know. But those lines are showing up in every
>> email.
>
> Perhaps the complete message would help more ...
> (Your MUA should have a button or opportunity to show "Source Code"
> with Thunderbird its CTRL-U, here)
>
> [Anatrim spam]
>
>> Content analysis details: (6.9 points, 1.5 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> 1.1 HTML_20_30 BODY: Message is 20% to 30% HTML
>> 0.2 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup
>> 0.0 HTML_MESSAGE BODY: HTML included in message
>> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
>> [score: 0.9974]
>
> btw:
> 0.99 for Bayes_99 seems really low for me, but that depends on your
> policy ...
>
>> 2.0 MISSING_SUBJECT Missing Subject: header
>> -0.0 NO_RECEIVED Informational: message has no Received
>> headers
>> 0.1 TO_CC_NONE No To: or Cc: header
>
> [...
> From - Wed Sep 26 17:27:45 2007
> X-Account-Key: account5
> X-UIDL: nJo"!IL("!F>p"![nF"!
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
> Return-Path: <ne...@elabs1.com>
> X-Original-To: cepayne@magidesign.com
> Delivered-To: cepayne@magidesign.com
> Received: from localhost (unknown [127.0.0.1])
> by magi.magidesign.com (Postfix) with ESMTP id 02BE01A375
> for <ce...@magidesign.com>; Wed, 26 Sep 2007 15:46:08 +0000 (UTC)
> Received: from magi.magidesign.com ([127.0.0.1])
> by localhost (magi.magidesign.com [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id 06076-04 for <ce...@magidesign.com>;
> Wed, 26 Sep 2007 11:46:07 -0400 (EDT)
> Received: by magi.magidesign.com (Postfix, from userid 65534)
> id 10B8C1A372; Wed, 26 Sep 2007 11:46:07 -0400 (EDT)
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on magi.magidesign.com
> X-Spam-Level:
> X-Spam-Status: No, score=(-97.2), required=1.5, tests=BAYES_20,HTML_MESSAGE,
> HTML_TAG_BALANCE_BODY,MISSING_SUBJECT,Magi_Body_Chuck,NO_RECEIVED,TO_CC_NONE,
> USER_IN_WHITELIST, autolearn=no, bayes score = 0.1625, version=3.1.8 date
> scan = Wed, 26 Sep 2007 11:46:06 -0400
> X-Spam-remote: hostinfo = localhost @ 127.0.0.1
> Received-SPF: pass (elabs1.com: 208.66.204.194 is authorized to use 'newsletter@elabs1.com' in 'mfrom' identity (mechanism 'ip4:208.66.204.0/22' matched)) receiver=magi.magidesign.com; identity=mfrom; envelope-from="newsletter@elabs1.com"; helo=mail32.elabs1.com; client-ip=208.66.204.194
> Received: from mail32.elabs1.com (mail32.elabs1.com [208.66.204.194])
> by magi.magidesign.com (Postfix) with ESMTP id 652B21A336
> for <ce...@magidesign.com>; Wed, 26 Sep 2007 11:46:01 -0400 (EDT)
> To: <ce...@magidesign.com>
> Subject: New Applications for your handheld
> Date: Wed, 26 Sep 2007 08:31:29 -0700
> X-Delivery: Level 3
> Reply-To: reply-27@palmpowered.com
> Content-description: 9c5b4215e4cepayne@magidesign.com!1b!9e0!3!rynof1.pbz!
> X-Complaints-To: abuse@elabs1.com
> Message-Id: <20...@elabs1.com>
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="=_f026f74b7f9ebf7665c9a4740b9aec99"
> From: "ACCESS Systems Americas, Inc." <re...@palmpowered.com>
> X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (SuSE 10.0) at magidesign.com
>
Here you go. Thanks.
> X-UIDL: nJo"!IL("!F>p"![nF"!
>
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.
Daryl C. W. O'Shea schrieb:
> Matthias Haegele wrote:
>> cpayne schrieb:
>
>>> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
>>> [score: 0.9974]
>>
>> btw:
>> 0.99 for Bayes_99 seems really low for me, but that depends on your
>> policy ...
>
> 99.74% seems reasonable for BAYES_99 to me.
Oops i exchanged the "Score of 3.5" with the Probability of 0.9974 ->
99,74xx%.
Many thanks for your correction ;-).
> Daryl
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher@linuxrocks.dyndns.org
--
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Matthias Haegele wrote:
> cpayne schrieb:
>> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
>> [score: 0.9974]
>
> btw:
> 0.99 for Bayes_99 seems really low for me, but that depends on your
> policy ...
99.74% seems reasonable for BAYES_99 to me.
Daryl
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.
cpayne schrieb:
> Matthias Haegele wrote:
>> cpayne schrieb:
>>> Guys,
>>>
>>> I am not sure when this started but now every e-mail that comes on to
>>> my box has this score...
>>>
>>> 2.0 MISSING_SUBJECT Missing Subject: header
>>> -0.0 NO_RECEIVED Informational: message has no Received
>>> headers
>>> 0.1 TO_CC_NONE No To: or Cc: header
>>>
>>> I use amavisd, spamassassin, and postfix. What rule set this? Why
>>> would every email be getting this.
>>
>> Perhaps you could show a complete message?
>> Maybe config errors (removed headers ...)?
>>
>> Without further details it is hard to guess ...
>> Which versions you use ...
>>
>>> Chuck
>>
>>
> Ok, this message is spam, but I think this what you are looking for, if
> not please let me know. But those lines are showing up in every email.
Perhaps the complete message would help more ...
(Your MUA should have a button or opportunity to show "Source Code" with
Thunderbird its CTRL-U, here)
[Anatrim spam]
> Content analysis details: (6.9 points, 1.5 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 1.1 HTML_20_30 BODY: Message is 20% to 30% HTML
> 0.2 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
> [score: 0.9974]
btw:
0.99 for Bayes_99 seems really low for me, but that depends on your
policy ...
> 2.0 MISSING_SUBJECT Missing Subject: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 0.1 TO_CC_NONE No To: or Cc: header
[...]
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher@linuxrocks.dyndns.org
--
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by cpayne <cp...@magigames.net>.
Matthias Haegele wrote:
> cpayne schrieb:
>> Guys,
>>
>> I am not sure when this started but now every e-mail that comes on to
>> my box has this score...
>>
>> 2.0 MISSING_SUBJECT Missing Subject: header
>> -0.0 NO_RECEIVED Informational: message has no Received
>> headers
>> 0.1 TO_CC_NONE No To: or Cc: header
>>
>> I use amavisd, spamassassin, and postfix. What rule set this? Why
>> would every email be getting this.
>
> Perhaps you could show a complete message?
> Maybe config errors (removed headers ...)?
>
> Without further details it is hard to guess ...
> Which versions you use ...
>
>> Chuck
>
>
Ok, this message is spam, but I think this what you are looking for, if
not please let me know. But those lines are showing up in every email.
Spam detection software, running on the system "magi.magidesign.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: Do not waste your opportunity! - Anatrim - The latest and
most delighting product for over-weight people is made available now - As
you could see on Oprah Can you hold in your memory all the situations when
you appeal to yourself to do anything to get rid of this frightful pounds
of fat? Fortunately, now no major offering is required. Thanks to Anatrim,
the ground-breaking, you can achieve healthier lifestyle and become really
slimmer. [...]
Content analysis details: (6.9 points, 1.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 HTML_20_30 BODY: Message is 20% to 30% HTML
0.2 HTML_SHOUTING3 BODY: HTML has very strong "shouting" markup
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 0.9974]
2.0 MISSING_SUBJECT Missing Subject: header
-0.0 NO_RECEIVED Informational: message has no Received headers
0.1 TO_CC_NONE No To: or Cc: header
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by Matthias Haegele <mh...@linuxrocks.dyndns.org>.
cpayne schrieb:
> Guys,
>
> I am not sure when this started but now every e-mail that comes on to my
> box has this score...
>
> 2.0 MISSING_SUBJECT Missing Subject: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 0.1 TO_CC_NONE No To: or Cc: header
>
> I use amavisd, spamassassin, and postfix. What rule set this? Why would
> every email be getting this.
Perhaps you could show a complete message?
Maybe config errors (removed headers ...)?
Without further details it is hard to guess ...
Which versions you use ...
> Chuck
--
Grüsse/Greetings
MH
Dont send mail to: ubecatcher@linuxrocks.dyndns.org
--
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by cpayne <cp...@magigames.net>.
cpayne wrote:
> Mark Martinec wrote:
>> Just in case, make sure the --lint passess with no complaints, e.g:
>>
>> # su vscan -c 'spamassassin --lint'
>>
>>
>> David B Funk writes,
>>
>>> Cannot tell for sure (I don't use amavisd) but that looks like
>>> something
>>> is broken in the way that messages are being passed into the SA
>>> engine so
>>> that it no longer 'sees' headers vs body part of the message.
>>> The RFC message format is headers first, then a blank line then body.
>>> So if something is feeding a blank line to SA -first- then the message,
>>> SA will think that the message has no headers and -all- of it is
>>> "body".
>>>
>>
>> So it seems. I'm not aware of any such compatibility problems between
>> amavisd and SpamAssassin, it is more likely it is a mail submission
>> problem,
>> or there was really such a broken mail that arrived to MTA 'from the
>> wild'.
>>
>>
>>> Is there some way to collect telemetry on what is actually being fed
>>> into
>>> the SA engine? Some amavisd option that is equivalent to running spamd
>>> with the '-D' option?
>>>
>>
>> The
>> # amavisd debug-sa
>> turns on SpamAssassin logging.
>>
>> If a mail gathered enough spam points it was already captured in a
>> quarantine and can be examined there.
>>
>> An alternative is to specify a 'test sender address', e.g.:
>> @debug_sender_maps = ( ['user@example.com'] );
>> When a mail is seen whose envelope sender address matches the configured
>> one, a temporary file with a message is preserved and can be examined.
>> The log reports the fact, and tells the directory, e.g.:
>>
>> (42432-01) DEBUG_ONESHOT CAUSES EVIDENCE TO BE PRESERVED
>> (42432-01) (!)PRESERVING EVIDENCE
>> in /var/amavis/tmp-am/amavis-20070924T195255-42432
>>
>> Mark
>>
> Well, I am NOT using amavisd for spam scanning, I am using it only for
> scanning emails for virus. I am using spamassassin 3.1.8 on openSuSE
> 10 with a day update for rules, and this started about the day of the
> post.
>
> Anyway, it becoming more and more of a pain.
>
> Here is a good header that is whitelist... and you can see it there.
> And as you can see
>
> MISSING_SUBJECT,
> NO_RECEIVED,TO_CC_NONE
>
>
>
> This is on every email.
>
> Payne
>
> From - Fri Sep 28 00:11:32 2007
> X-Account-Key: account5
> X-UIDL: WQC!!`$?!!GZp"!Q9d!!
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
> $label5
> Return-Path: <ro...@mail.pegasusofamerica.com>
> X-Original-To: cepayne@magidesign.com
> Delivered-To: cepayne@magidesign.com
> Received: from localhost (unknown [127.0.0.1])
> by magi.magidesign.com (Postfix) with ESMTP id 7F1EA1A40E
> for <ce...@magidesign.com>; Fri, 28 Sep 2007 04:18:32 +0000 (UTC)
> Received: from magi.magidesign.com ([127.0.0.1])
> by localhost (magi.magidesign.com [127.0.0.1]) (amavisd-new, port 10024)
> with ESMTP id 20195-04 for <ce...@magidesign.com>;
> Fri, 28 Sep 2007 00:17:52 -0400 (EDT)
> Received: by magi.magidesign.com (Postfix, from userid 65534)
> id 03F761A3BA; Fri, 28 Sep 2007 00:17:48 -0400 (EDT)
> X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
> magi.magidesign.com
> X-Spam-Level: X-Spam-Status: No, score=(-0.2), required=1.5,
> tests=BAYES_00,MISSING_SUBJECT,
> NO_RECEIVED,TO_CC_NONE, autolearn=no, bayes score = 0.0000,
> version=3.1.8
> date scan = Fri, 28 Sep 2007 00:17:48 -0400
> X-Spam-remote: hostinfo = localhost @ 127.0.0.1
> Received-SPF: none (mail.pegasusofamerica.com: No applicable sender
> policy available) receiver=magi.magidesign.com; identity=mfrom;
> envelope-from="root@mail.pegasusofamerica.com";
> helo=mail.pegasusofamerica.com; client-ip=72.17.187.66
> Received: from mail.pegasusofamerica.com (mail.pegasusofamerica.com
> [72.17.187.66])
> by magi.magidesign.com (Postfix) with ESMTP id 99F481A406
> for <ce...@magidesign.com>; Fri, 28 Sep 2007 00:17:39 -0400 (EDT)
> Received: by mail.pegasusofamerica.com (Postfix)
> id 033B71C85; Fri, 28 Sep 2007 00:00:24 -0400 (EDT)
> Delivered-To: root@mail.pegasusofamerica.com
> Received: by mail.pegasusofamerica.com (Postfix, from userid 0)
> id EC6041C83; Fri, 28 Sep 2007 00:00:07 -0400 (EDT)
> To: root@mail.pegasusofamerica.com
> Subject: Local Daily Security for mail: Changes
> Message-Id: <20...@mail.pegasusofamerica.com>
> Date: Fri, 28 Sep 2007 00:00:07 -0400 (EDT)
> From: root@mail.pegasusofamerica.com (root)
> X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (SuSE 10.0) at
> magidesign.com
> X-UIDL: WQC!!`$?!!GZp"!Q9d!!
>
>
>
>
>
>
I think I have found the problem I am seeing for the first time in my
logs the following error, failed to run header check, Illegal
declaration in ratware.cf.
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by cpayne <cp...@magigames.net>.
Mark Martinec wrote:
> Just in case, make sure the --lint passess with no complaints, e.g:
>
> # su vscan -c 'spamassassin --lint'
>
>
> David B Funk writes,
>
>> Cannot tell for sure (I don't use amavisd) but that looks like something
>> is broken in the way that messages are being passed into the SA engine so
>> that it no longer 'sees' headers vs body part of the message.
>> The RFC message format is headers first, then a blank line then body.
>> So if something is feeding a blank line to SA -first- then the message,
>> SA will think that the message has no headers and -all- of it is "body".
>>
>
> So it seems. I'm not aware of any such compatibility problems between
> amavisd and SpamAssassin, it is more likely it is a mail submission problem,
> or there was really such a broken mail that arrived to MTA 'from the wild'.
>
>
>> Is there some way to collect telemetry on what is actually being fed into
>> the SA engine? Some amavisd option that is equivalent to running spamd
>> with the '-D' option?
>>
>
> The
> # amavisd debug-sa
> turns on SpamAssassin logging.
>
> If a mail gathered enough spam points it was already captured in a
> quarantine and can be examined there.
>
> An alternative is to specify a 'test sender address', e.g.:
> @debug_sender_maps = ( ['user@example.com'] );
> When a mail is seen whose envelope sender address matches the configured
> one, a temporary file with a message is preserved and can be examined.
> The log reports the fact, and tells the directory, e.g.:
>
> (42432-01) DEBUG_ONESHOT CAUSES EVIDENCE TO BE PRESERVED
> (42432-01) (!)PRESERVING EVIDENCE
> in /var/amavis/tmp-am/amavis-20070924T195255-42432
>
> Mark
>
Well, I am NOT using amavisd for spam scanning, I am using it only for
scanning emails for virus. I am using spamassassin 3.1.8 on openSuSE 10
with a day update for rules, and this started about the day of the post.
Anyway, it becoming more and more of a pain.
Here is a good header that is whitelist... and you can see it there.
And as you can see
MISSING_SUBJECT,
NO_RECEIVED,TO_CC_NONE
This is on every email.
Payne
>From - Fri Sep 28 00:11:32 2007
X-Account-Key: account5
X-UIDL: WQC!!`$?!!GZp"!Q9d!!
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys: $label5
Return-Path: <ro...@mail.pegasusofamerica.com>
X-Original-To: cepayne@magidesign.com
Delivered-To: cepayne@magidesign.com
Received: from localhost (unknown [127.0.0.1])
by magi.magidesign.com (Postfix) with ESMTP id 7F1EA1A40E
for <ce...@magidesign.com>; Fri, 28 Sep 2007 04:18:32 +0000 (UTC)
Received: from magi.magidesign.com ([127.0.0.1])
by localhost (magi.magidesign.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 20195-04 for <ce...@magidesign.com>;
Fri, 28 Sep 2007 00:17:52 -0400 (EDT)
Received: by magi.magidesign.com (Postfix, from userid 65534)
id 03F761A3BA; Fri, 28 Sep 2007 00:17:48 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on magi.magidesign.com
X-Spam-Level:
X-Spam-Status: No, score=(-0.2), required=1.5, tests=BAYES_00,MISSING_SUBJECT,
NO_RECEIVED,TO_CC_NONE, autolearn=no, bayes score = 0.0000, version=3.1.8
date scan = Fri, 28 Sep 2007 00:17:48 -0400
X-Spam-remote: hostinfo = localhost @ 127.0.0.1
Received-SPF: none (mail.pegasusofamerica.com: No applicable sender policy available) receiver=magi.magidesign.com; identity=mfrom; envelope-from="root@mail.pegasusofamerica.com"; helo=mail.pegasusofamerica.com; client-ip=72.17.187.66
Received: from mail.pegasusofamerica.com (mail.pegasusofamerica.com [72.17.187.66])
by magi.magidesign.com (Postfix) with ESMTP id 99F481A406
for <ce...@magidesign.com>; Fri, 28 Sep 2007 00:17:39 -0400 (EDT)
Received: by mail.pegasusofamerica.com (Postfix)
id 033B71C85; Fri, 28 Sep 2007 00:00:24 -0400 (EDT)
Delivered-To: root@mail.pegasusofamerica.com
Received: by mail.pegasusofamerica.com (Postfix, from userid 0)
id EC6041C83; Fri, 28 Sep 2007 00:00:07 -0400 (EDT)
To: root@mail.pegasusofamerica.com
Subject: Local Daily Security for mail: Changes
Message-Id: <20...@mail.pegasusofamerica.com>
Date: Fri, 28 Sep 2007 00:00:07 -0400 (EDT)
From: root@mail.pegasusofamerica.com (root)
X-Virus-Scanned: by amavisd-new-2.3.3 (20050822) (SuSE 10.0) at magidesign.com
X-UIDL: WQC!!`$?!!GZp"!Q9d!!
Re: Every e-mail is now getting a new score, creating a lot of false postive.
Posted by Mark Martinec <Ma...@ijs.si>.
Just in case, make sure the --lint passess with no complaints, e.g:
# su vscan -c 'spamassassin --lint'
David B Funk writes,
> Cannot tell for sure (I don't use amavisd) but that looks like something
> is broken in the way that messages are being passed into the SA engine so
> that it no longer 'sees' headers vs body part of the message.
> The RFC message format is headers first, then a blank line then body.
> So if something is feeding a blank line to SA -first- then the message,
> SA will think that the message has no headers and -all- of it is "body".
So it seems. I'm not aware of any such compatibility problems between
amavisd and SpamAssassin, it is more likely it is a mail submission problem,
or there was really such a broken mail that arrived to MTA 'from the wild'.
> Is there some way to collect telemetry on what is actually being fed into
> the SA engine? Some amavisd option that is equivalent to running spamd
> with the '-D' option?
The
# amavisd debug-sa
turns on SpamAssassin logging.
If a mail gathered enough spam points it was already captured in a
quarantine and can be examined there.
An alternative is to specify a 'test sender address', e.g.:
@debug_sender_maps = ( ['user@example.com'] );
When a mail is seen whose envelope sender address matches the configured
one, a temporary file with a message is preserved and can be examined.
The log reports the fact, and tells the directory, e.g.:
(42432-01) DEBUG_ONESHOT CAUSES EVIDENCE TO BE PRESERVED
(42432-01) (!)PRESERVING EVIDENCE
in /var/amavis/tmp-am/amavis-20070924T195255-42432
Mark
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 24 Sep 2007, cpayne wrote:
> Guys,
>
> I am not sure when this started but now every e-mail that comes on to my
> box has this score...
>
> 2.0 MISSING_SUBJECT Missing Subject: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 0.1 TO_CC_NONE No To: or Cc: header
>
> I use amavisd, spamassassin, and postfix. What rule set this? Why would
> every email be getting this.
>
> Chuck
Cannot tell for sure (I don't use amavisd) but that looks like something
is broken in the way that messages are being passed into the SA engine so
that it no longer 'sees' headers vs body part of the message.
The RFC message format is headers first, then a blank line then body.
So if something is feeding a blank line to SA -first- then the message,
SA will think that the message has no headers and -all- of it is "body".
Is there some way to collect telemetry on what is actually being fed into
the SA engine? Some amavisd option that is equivalent to running spamd
with the '-D' option?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Every e-mail is now getting a new score, creating a lot of false
postive.
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
cpayne wrote:
> Guys,
>
> I am not sure when this started but now every e-mail that comes on to my
> box has this score...
>
> 2.0 MISSING_SUBJECT Missing Subject: header
> -0.0 NO_RECEIVED Informational: message has no Received headers
> 0.1 TO_CC_NONE No To: or Cc: header
>
> I use amavisd, spamassassin, and postfix. What rule set this? Why would
> every email be getting this.
Is there an old version of SpamAssassin or an old version of amavisd
installed? I can't remember specific version combos that will cause
this at 6am, but there are some non-current versions that will cause this.
Daryl