You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by William Thackrey <we...@gmail.com> on 2013/06/03 20:39:15 UTC
Content rules don't seem to be firing
We're running Spamassassin 3.3.2 (Perl 5.10.1) on Scientific Linux 6.2
(BlueOnyx 5108R).
In trying to fine tune our configuration, I note that the header rules are
working as expected. I'm seeing hits on myriad structure and header
related rules like: URIBL_BLACK, FROM_12LTRDOM, RDNS_NONE, FAKE_REPLY_C,
URIBL_DBL_SPAM, HK_RANDOM_FROM, RATS_DYNA, DATE_IN_FUTURE_06_12,
SUBJECT_DRUG_GAP_C, etc.
What I do NOT see , in looking at several hundred emails, is any occurrence
of body content rules like those in: 20_porn.cf, 20_phrases.cf, or
20_drugs.cf. All of the rules in those files (MORE_SEX, MALE_ENHANCE,
SUBJECT_SEXUAL, etc) are set up with default scores, yet none of them seem
to be firing on emails that clearly have matching content (lots of
un-obscured sexual or drug references, for example.)
Is there a setting somewhere in Spamassassin to restrict checks to headers
and ignore body content?
Re: Content rules don't seem to be firing
Posted by John Hardin <jh...@impsec.org>.
On Tue, 4 Jun 2013, William Thackrey wrote:
> There are no "EMPTY_BODY" rules firing. I did see today that
> LOTS_OF_MONEY seems to be working, as to the HTML-related rules.
Ok, so that proves the message body is being processed, unless the money
text is in the subject.
> Email that's filled with impotence, sex or porn-related related content
> is not being tagged though.
Is Bayes in use?
> To my knowledge, none of the rules files have been altered. The web GUI
> writes to local.cf and user_prefs. Any custom scoring and a custom
> EMPTY_SUBJECT rule is in a custom.cf file.
>
>
> On Jun 3, 2013, at 3:10 PM, John Hardin <jh...@impsec.org> wrote:
>
>> On Mon, 3 Jun 2013, William Thackrey wrote:
>>
>>> Is there a setting somewhere in Spamassassin to restrict checks to headers
>>> and ignore body content?
>>
>> No. A couple of questions:
>>
>> In the current ruleset there is an EMPTY_BODY rule. Is that hitting consistently?
>>
>> What is your MTA, and how is SA glued onto your mail delivery system? It's possible the message bodies aren't being passed in - this can be done by, for example, procmail, if misconfigured.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The social contract exists so that everyone doesn't have to squat
in the dust holding a spear to protect his woman and his meat all
day every day. It does not exist so that the government can take
your spear, your meat, and your woman because it knows better what
to do with them. -- Dagny @ Ace of Spades
-----------------------------------------------------------------------
2 days until the 69th anniversary of D-Day
Re: Content rules don't seem to be firing
Posted by William Thackrey <we...@gmail.com>.
John – Thanks for your reply.
The MTA is sendmail. Spamassassin is implemented with a spamassassin milter. This is actually part of a "BlueOnyx" server appliance package... the current implementation of the old Sun Cobalt appliance code that was open sourced when Sun was sold.
There are no "EMPTY_BODY" rules firing. I did see today that LOTS_OF_MONEY seems to be working, as to the HTML-related rules. Email that's filled with impotence, sex or porn-related related content is not being tagged though. To my knowledge, none of the rules files have been altered. The web GUI writes to local.cf and user_prefs. Any custom scoring and a custom EMPTY_SUBJECT rule is in a custom.cf file.
On Jun 3, 2013, at 3:10 PM, John Hardin <jh...@impsec.org> wrote:
> On Mon, 3 Jun 2013, William Thackrey wrote:
>
>> Is there a setting somewhere in Spamassassin to restrict checks to headers
>> and ignore body content?
>
> No. A couple of questions:
>
> In the current ruleset there is an EMPTY_BODY rule. Is that hitting consistently?
>
> What is your MTA, and how is SA glued onto your mail delivery system? It's possible the message bodies aren't being passed in - this can be done by, for example, procmail, if misconfigured.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Rights can only ever be individual, which means that you cannot
> gain a right by joining a mob, no matter how shiny the issued
> badges are, or how many of your neighbors are part of it. -- Marko
> -----------------------------------------------------------------------
> 3 days until the 69th anniversary of D-Day
Re: Content rules don't seem to be firing
Posted by John Hardin <jh...@impsec.org>.
On Mon, 3 Jun 2013, William Thackrey wrote:
> Is there a setting somewhere in Spamassassin to restrict checks to headers
> and ignore body content?
No. A couple of questions:
In the current ruleset there is an EMPTY_BODY rule. Is that hitting
consistently?
What is your MTA, and how is SA glued onto your mail delivery system? It's
possible the message bodies aren't being passed in - this can be done by,
for example, procmail, if misconfigured.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Rights can only ever be individual, which means that you cannot
gain a right by joining a mob, no matter how shiny the issued
badges are, or how many of your neighbors are part of it. -- Marko
-----------------------------------------------------------------------
3 days until the 69th anniversary of D-Day