You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rainer Sokoll <R....@intershop.de> on 2004/12/28 16:41:27 UTC
WrongMX plugin
Hi all,
is someone here using $SUBJECT from
http://wiki.apache.org/spamassassin/WrongMXPlugin ?
Here, it seems to do nothing :-(
A mail sent to a secondary MX:
-----8<----
>From operandejogtht@carcamo.net Tue Dec 28 15:18:28 2004
Received: from hcou105200.catv.ppp.infoweb.ne.jp (hcou105200.catv.ppp.infoweb.ne.jp [218.229.219.200])
by mailrelay.intershop.de (8.11.6/8.11.6) with SMTP id iBSEI5F01084
for <ra...@netconx.de>; Tue, 28 Dec 2004 15:18:17 +0100
Message-Id: <20...@mailrelay.intershop.de>
From: =?utf-8?q?Sally Jsa?= <op...@carcamo.net>
To: =?utf-8?q?Ethel Lnowyg?= <ra...@netconx.de>
Subject: =?utf-8?q?Impress her with a R?=
=?utf-8?q?olex?=
Date: Tue, 28 Dec 2004 09:31:36 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="dVr0u7EBATa5zijOP7WgRU"
X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/)
X-Spam-Status: No, score=9.1 required=100.0 tests=BAYES_99,HTML_MESSAGE,
RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_NJABL_DUL,
RCVD_IN_SORBS_DUL autolearn=no version=3.0.2
X-Spam-Level: *********
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
mailrelay.intershop.de
-----8<----
The output from "spamassassin -D --siteconfigpath=/etc/mail/spamassassin
< /tmp/spammail" is as follows:
-----8<----
debug: SpamAssassin version 3.0.2
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/games/bin', keeping.
debug: PATH included '/usr/games', keeping.
debug: PATH included '/opt/gnome/bin', keeping.
debug: Final PATH set to: /usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games/bin:/usr/games:/opt/gnome/bin
debug: using "/usr/local/perl-5.8.5/share/spamassassin" for default rules dir
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/10_misc.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_compensate.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_drugs.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_phrases.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_porn.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_ratware.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/23_bayes.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/25_spf.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/25_uribl.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/30_text_de.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/50_scores.cf
debug: config: read file /usr/local/perl-5.8.5/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/antidrug.cf
debug: config: read file /etc/mail/spamassassin/local.cf
debug: config: read file /etc/mail/spamassassin/wrongmx.cf
debug: using "/var/spool/vscan/.spamassassin" for user state dir
debug: using "/var/spool/vscan/.spamassassin/user_prefs" for user prefs file
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8dfd4a8)
debug: plugin: fixed relative path: /etc/mail/spamassassin/wrongmx.pm
debug: plugin: loading WrongMX from /etc/mail/spamassassin/wrongmx.pm
debug: plugin: registered WrongMX=HASH(0x8ca69a0)
debug: using "/var/spool/vscan/.spamassassin" for user state dir
debug: bayes: 5338 tie-ing to DB file R/O /var/spool/vscan/.spamassassin/bayes_toks
debug: bayes: 5338 tie-ing to DB file R/O /var/spool/vscan/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: using "/var/spool/vscan/.spamassassin" for user state dir
debug: Score set 3 chosen.
debug: received-header: parsed as [ ip=218.229.219.200 rdns=hcou105200.catv.ppp.infoweb.ne.jp helo=hcou105200.catv.ppp.infoweb.ne.jp by=mailrelay.intershop.de ident= envfrom= intl=0 id=iBSEI5F01084 auth= ]
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: trying (3) comcast.net...
debug: looking up NS for 'comcast.net'
debug: NS lookup of comcast.net succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: looking up A records for 'mailrelay.intershop.de'
debug: A records for 'mailrelay.intershop.de': 217.17.202.233
debug: looking up A records for 'mailrelay.intershop.de'
debug: A records for 'mailrelay.intershop.de': 217.17.202.233
debug: received-header: 'by' mailrelay.intershop.de has public IP 217.17.202.233
debug: received-header: relay 218.229.219.200 trusted? no internal? no
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted: [ ip=218.229.219.200 rdns=hcou105200.catv.ppp.infoweb.ne.jp helo=hcou105200.catv.ppp.infoweb.ne.jp by=mailrelay.intershop.de ident= envfrom= intl=0 id=iBSEI5F01084 auth= ]
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: Return-Path header found after 1 or more Received lines, cannot trust envelope-from
debug: all '*From' addrs: operandejogtht@carcamo.net
debug: ---- MIME PARSER START ----
debug: main message type: multipart/alternative
debug: parsing multipart, got boundary: dVr0u7EBATa5zijOP7WgRU
debug: found part of type text/plain, boundary: dVr0u7EBATa5zijOP7WgRU
debug: parsing normal part
debug: added part, type: text/plain
debug: found part of type text/html, boundary: dVr0u7EBATa5zijOP7WgRU
debug: parsing normal part
debug: added part, type: text/html
debug: ---- MIME PARSER END ----
debug: decoding: quoted-printable
debug: decoding: quoted-printable
debug: uri found: http://hedihisfunoa.jhex.com/r/vron/cy.cfm
debug: uri found: http://ipanpkep.hedj.com/replica/vron/ulfze.cfm
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: all '*To' addrs: rainer@netconx.de
debug: forged-HELO: from=infoweb.ne.jp helo=infoweb.ne.jp by=intershop.de
debug: registering glue method for wrongmx (WrongMX=HASH(0x8ca69a0))
debug: running body-text per-line regexp tests; score so far=1.723
debug: running uri tests; score so far=1.723
debug: bayes corpus size: nspam = 84873, nham = 5317
debug: tokenize: header tokens for *m = " 200412281418 iBSEI5F01084 mailrelay intershop de "
debug: tokenize: header tokens for *F = "U*operandejogtht D*carcamo.net D*net"
debug: tokenize: header tokens for To = "U*rainer D*netconx.de D*de"
debug: tokenize: header tokens for MIME-Version = " "
debug: tokenize: header tokens for *c = " multipart/alternative; HVrHuHHHHTHHzijOPHWgRU"
debug: tokenize: header tokens for *p = "U*operandejogtht D*carcamo.net D*net"
debug: tokenize: header tokens for *RT = " "
debug: tokenize: header tokens for *RU = " [ ip=218.229.219.200 rdns=hcou105200.catv.ppp.infoweb.ne.jp helo=hcou105200.catv.ppp.infoweb.ne.jp by=mailrelay.intershop.de ident= envfrom= intl=0 id=iBSEI5F01084 auth= ]"
debug: tokenize: header tokens for *r = " hcou105200.catv.ppp.infoweb.ne.jp (hcou105200.catv.ppp.infoweb.ne.jp [218.229.219 ip*218.229.219.200 ]) by mailrelay.intershop.de (8.11.6/8.11.6) <ra...@netconx.de>; "
debug: bayes token 'H*m:mailrelay' => 0.999967807121455
debug: bayes token 'H*MI:mailrelay' => 0.999967717140661
debug: bayes token 'zenith' => 0.99996017584691
debug: bayes token 'roger' => 0.999956987245135
debug: bayes token 'Zenith' => 0.999956212681262
debug: bayes token 'muller' => 0.999955878139624
debug: bayes token 'Muller' => 0.99995566644276
debug: bayes token 'patek' => 0.99995562385938
debug: bayes token 'philippe' => 0.99995562385938
debug: bayes token 'Philippe' => 0.999955452704657
debug: bayes token 'Patek' => 0.999955366631243
debug: bayes token 'iwc' => 0.999955366631243
debug: bayes token 'IWC' => 0.999955280224567
debug: bayes token 'Roger' => 0.999955149985438
debug: bayes token 'panerai' => 0.999953896816685
debug: bayes token 'dubuis' => 0.999953665630328
debug: bayes token 'Dubuis' => 0.999953665630328
debug: bayes token 'Panerai' => 0.999953572505276
debug: bayes token 'Officine' => 0.999953525802233
debug: bayes token 'officine' => 0.999953525802233
debug: bayes token 'tudor' => 0.999953479005135
debug: bayes token 'Tudor' => 0.99995252286507
debug: bayes token 'impress' => 0.999858758789361
debug: bayes token 'vron' => 0.999714990746453
debug: bayes token 'wristwatches' => 0.999624695369618
debug: bayes token 'UD:jhex.com' => 0.999450653983353
debug: bayes token 'reproductions' => 0.9994440433213
debug: bayes token 'Reproductions' => 0.9994440433213
debug: bayes token 'veritable' => 0.999400778210117
debug: bayes token 'wrist-watches' => 0.999367989056088
debug: bayes token 'Wristwatches' => 0.999367989056088
debug: bayes token 'Wrist-Watches' => 0.999367989056088
debug: bayes token 'WristWatches' => 0.999367989056088
debug: bayes token 'rolex' => 0.997188987190798
debug: bayes token 'HTo:D*netconx.de' => 0.996917251570631
debug: bayes token 'H*Ad:D*netconx.de' => 0.996318992693284
debug: bayes token 'UD:hedj.com' => 0.994923076923077
debug: bayes token 'Authentic' => 0.993492957746479
debug: bayes token 'replica' => 0.991848975932494
debug: bayes token 'H*p:D*net' => 0.988399293002876
debug: bayes token 'olex' => 0.978
debug: bayes token 'H*m:intershop' => 0.976274922283082
debug: bayes token 'HTo:D*de' => 0.960640110783912
debug: bayes token 'H*Ad:U*rainer' => 0.910922497070463
debug: bayes token 'H*Ad:D*de' => 0.910302933748863
debug: bayes token 'authentic' => 0.905844516451783
debug: bayes token 'Sinn' => 0.899456603711187
debug: bayes token 'sinn' => 0.899456603711187
debug: bayes token 'H*c:alternative' => 0.886668204688024
debug: bayes token 'H*r:sk:mailrel' => 0.86921106390368
debug: bayes: score = 1
debug: bayes: 5338 untie-ing
debug: bayes: 5338 untie-ing db_toks
debug: bayes: 5338 untie-ing db_seen
debug: madiff: left: 11, orig: 17, max-difference: 64.71%
debug: Razor2 is available
debug: entering helper-app run mode
Razor-Log: Computed razorhome from env: /var/spool/vscan/.razor
Razor-Log: Found razorhome: /var/spool/vscan/.razor
Razor-Log: read_file: 16 items read from /var/spool/vscan/.razor/razor-agent.conf
Dec 28 16:32:21.655407 check[5338]: [ 2] [bootup] Logging initiated LogDebugLevel=9 to stdout
Dec 28 16:32:21.656522 check[5338]: [ 5] computed razorhome=/var/spool/vscan/.razor, conf=/var/spool/vscan/.razor/razor-agent.conf, ident=/var/spool/vscan/.razor/identity
Dec 28 16:32:21.657059 check[5338]: [ 8] Client supported_engines: 4 8
Dec 28 16:32:21.659978 check[5338]: [ 8] prep_mail done: mail 1 headers=1098, mime0=313, mime1=558
Dec 28 16:32:21.661183 check[5338]: [ 5] read_file: 4 items read from /var/spool/vscan/.razor/servers.discovery.lst
Dec 28 16:32:21.662194 check[5338]: [ 5] read_file: 2 items read from /var/spool/vscan/.razor/servers.nomination.lst
Dec 28 16:32:21.663160 check[5338]: [ 5] read_file: 3 items read from /var/spool/vscan/.razor/servers.catalogue.lst
Dec 28 16:32:21.664294 check[5338]: [ 9] Assigning defaults to folly.cloudmark.com
Dec 28 16:32:21.664928 check[5338]: [ 9] Assigning defaults to joy.cloudmark.com
Dec 28 16:32:21.665578 check[5338]: [ 9] Assigning defaults to thrill.cloudmark.com
Dec 28 16:32:21.666227 check[5338]: [ 9] Assigning defaults to wonder.cloudmark.com
Dec 28 16:32:21.666855 check[5338]: [ 9] Assigning defaults to pride.cloudmark.com
Dec 28 16:32:21.669427 check[5338]: [ 5] read_file: 11 items read from /var/spool/vscan/.razor/server.conceit.cloudmark.com.conf
Dec 28 16:32:21.671107 check[5338]: [ 5] read_file: 11 items read from /var/spool/vscan/.razor/server.conceit.cloudmark.com.conf
Dec 28 16:32:21.672924 check[5338]: [ 5] read_file: 12 items read from /var/spool/vscan/.razor/server.stress.cloudmark.com.conf
Dec 28 16:32:21.674678 check[5338]: [ 5] read_file: 12 items read from /var/spool/vscan/.razor/server.stress.cloudmark.com.conf
Dec 28 16:32:21.676516 check[5338]: [ 5] read_file: 12 items read from /var/spool/vscan/.razor/server.truth.cloudmark.com.conf
Dec 28 16:32:21.678276 check[5338]: [ 5] read_file: 12 items read from /var/spool/vscan/.razor/server.truth.cloudmark.com.conf
Dec 28 16:32:21.680554 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.thrill.cloudmark.com.conf
Dec 28 16:32:21.682772 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.thrill.cloudmark.com.conf
Dec 28 16:32:21.685037 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.wonder.cloudmark.com.conf
Dec 28 16:32:21.687269 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.wonder.cloudmark.com.conf
Dec 28 16:32:21.689535 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.pride.cloudmark.com.conf
Dec 28 16:32:21.691743 check[5338]: [ 5] read_file: 17 items read from /var/spool/vscan/.razor/server.pride.cloudmark.com.conf
Dec 28 16:32:21.692328 check[5338]: [ 5] 116889 seconds before closest server discovery
Dec 28 16:32:21.692896 check[5338]: [ 6] thrill.cloudmark.com is a Catalogue Server srl 5050; computed min_cf=6, Server se: C8
Dec 28 16:32:21.693407 check[5338]: [ 8] Computed supported_engines: 4 8
Dec 28 16:32:21.693818 check[5338]: [ 8] Using next closest server thrill.cloudmark.com:2703, cached info srl 5050
Dec 28 16:32:21.694193 check[5338]: [ 8] mail 1 Subject: =?utf-8?q?Impress her with a R?=
Dec 28 16:32:21.695206 check[5338]: [ 6] preproc: mail 1.0 went from 313 bytes to 192
Dec 28 16:32:21.696284 check[5338]: [ 6] preproc: mail 1.1 went from 558 bytes to 144
Dec 28 16:32:21.696669 check[5338]: [ 6] computing sigs for mail 1.0, len 192
Dec 28 16:32:21.703795 check[5338]: [ 6] computing sigs for mail 1.1, len 144
Dec 28 16:32:21.710005 check[5338]: [ 6] skipping whitelist file (empty?): /var/spool/vscan/.razor/razor-whitelist
Dec 28 16:32:21.710411 check[5338]: [ 5] Connecting to thrill.cloudmark.com ...
Dec 28 16:32:22.081008 check[5338]: [ 8] Connection established
Dec 28 16:32:22.081448 check[5338]: [ 4] thrill.cloudmark.com >> 36 server greedebug: Using results from Razor v2.61
debug: Found Razor2 part: part=0 engine=4 ct=0 cf=0
debug: Found Razor2 part: part=0 engine=8 ct=0 cf=100
debug: Found Razor2 part: part=1 engine=4 ct=0 cf=0
debug: Found Razor2 part: part=1 engine=8 ct=0 cf=100
debug: leaving helper-app run mode
ting: sn=C&srl=5050&a=l&a=cg&ep4=7542-10
Dec 28 16:32:22.082891 check[5338]: [ 4] thrill.cloudmark.com << 25
Dec 28 16:32:22.083123 check[5338]: [ 6] cn=razor-agents&cv=2.61
Dec 28 16:32:22.083799 check[5338]: [ 6] thrill.cloudmark.com is a Catalogue Server srl 5050; computed min_cf=6, Server se: C8
Dec 28 16:32:22.084325 check[5338]: [ 8] Computed supported_engines: 4 8
Dec 28 16:32:22.084767 check[5338]: [ 8] mail 1.0 e4 sig: YO_QQZlIuMUv9fxU5hK16khgTGwA
Dec 28 16:32:22.085233 check[5338]: [ 8] mail 1.0 e8 sig: REa_ksw7yA0A
Dec 28 16:32:22.085679 check[5338]: [ 8] mail 1.1 e4 sig: 3geTT_4c22ZLzf3PGG_AJtZHAiIA
Dec 28 16:32:22.086060 check[5338]: [ 8] mail 1.1 e8 sig: d_7c2F1rXe8A
Dec 28 16:32:22.086559 check[5338]: [ 8] preparing 4 queries
Dec 28 16:32:22.087620 check[5338]: [ 8] sending 1 batches
Dec 28 16:32:22.088060 check[5338]: [ 4] thrill.cloudmark.com << 156
Dec 28 16:32:22.088283 check[5338]: [ 6] -a=c&e=4&ep4=7542-10&s=YO_QQZlIuMUv9fxU5hK16khgTGwA
a=c&e=8&s=REa_ksw7yA0A
a=c&e=4&ep4=7542-10&s=3geTT_4c22ZLzf3PGG_AJtZHAiIA
a=c&e=8&s=d_7c2F1rXe8A
.
Dec 28 16:32:29.846103 check[5338]: [ 4] thrill.cloudmark.com >> 38
Dec 28 16:32:29.846400 check[5338]: [ 6] response to sent.2
-p=0
p=1&cf=100
p=0
p=1&cf=100
.
Dec 28 16:32:29.848103 check[5338]: [ 6] mail 1.0 e=4 sig=YO_QQZlIuMUv9fxU5hK16khgTGwA: sig not found.
Dec 28 16:32:29.848422 check[5338]: [ 6] mail 1.0 e=8 sig=REa_ksw7yA0A: Is spam: cf 100 >= min_cf 6
Dec 28 16:32:29.848727 check[5338]: [ 6] mail 1.1 e=4 sig=3geTT_4c22ZLzf3PGG_AJtZHAiIA: sig not found.
Dec 28 16:32:29.849011 check[5338]: [ 6] mail 1.1 e=8 sig=d_7c2F1rXe8A: Is spam: cf 100 >= min_cf 6
Dec 28 16:32:29.849316 check[5338]: [ 7] method 4: mail 1.0: no-contention part, spam=1
Dec 28 16:32:29.849553 check[5338]: [ 7] method 4: mail 1.1: no-contention part, spam=1
Dec 28 16:32:29.849792 check[5338]: [ 7] method 4: mail 1: a non-contention part was spam, mail spam
Dec 28 16:32:29.850025 check[5338]: [ 3] mail 1 is known spam.
Dec 28 16:32:29.850309 check[5338]: [ 5] disconnecting from server thrill.cloudmark.com
Dec 28 16:32:29.850764 check[5338]: [ 4] thrill.cloudmark.com << 5
Dec 28 16:32:29.850982 check[5338]: [ 6] a=q
debug: Razor2 results: spam? 1 highest cf score: 100
debug: running raw-body-text per-line regexp tests; score so far=7.28
debug: running full-text regexp tests; score so far=7.28
debug: Razor2 is available
debug: Current PATH is: /usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games/bin:/usr/games:/opt/gnome/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: executable for dccproc was found at /usr/local/bin/dccproc
debug: DCC is available: /usr/local/bin/dccproc
debug: entering helper-app run mode
debug: setuid: helper proc 5341: ruid=65 euid=65
debug: DCC: got response: X-DCC-sgs_public_dcc_server-Metrics: mailrelay 1199; Body=6 Fuz1=6 Fuz2=6
debug: leaving helper-app run mode
debug: Running tests for priority: 500
debug: RBL: success for 7 of 8 queries
debug: DNS: timeout for rsl after 11 seconds
debug: running meta tests; score so far=10.866
debug: running header regexp tests; score so far=10.866
debug: running body-text per-line regexp tests; score so far=10.866
debug: running uri tests; score so far=10.866
debug: running raw-body-text per-line regexp tests; score so far=10.866
debug: running full-text regexp tests; score so far=10.866
debug: Running tests for priority: 1000
debug: running meta tests; score so far=10.866
debug: running header regexp tests; score so far=10.866
debug: using "/var/spool/vscan/.spamassassin" for user state dir
debug: lock: 5338 created /var/spool/vscan/.spamassassin/auto-whitelist.mutex
debug: lock: 5338 trying to get lock on /var/spool/vscan/.spamassassin/auto-whitelist with 30 timeout
debug: lock: 5338 link to /var/spool/vscan/.spamassassin/auto-whitelist.mutex: link ok
debug: Tie-ing to DB file R/W in /var/spool/vscan/.spamassassin/auto-whitelist
debug: auto-whitelist (db-based): operandejogtht@carcamo.net|ip=218.229 scores 6/55.525
debug: AWL active, pre-score: 10.866, autolearn score: 10.866, mean: 9.25416666666667, IP: 218.229.219.200
debug: add_score: New count: 7, new totscore: 66.391
debug: DB addr list: untie-ing and unlocking.
debug: DB addr list: file locked, breaking lock.
debug: unlock: 5338 unlocked /var/spool/vscan/.spamassassin/auto-whitelist.mutex
debug: Post AWL score: 10.0600833333333
debug: running body-text per-line regexp tests; score so far=10.0600833333333
debug: running uri tests; score so far=10.0600833333333
debug: running raw-body-text per-line regexp tests; score so far=10.0600833333333
debug: running full-text regexp tests; score so far=10.0600833333333
debug: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1.
debug: auto-learn: message score: 10.0600833333333, computed score for autolearn: 5.132
debug: auto-learn? ham=0.1, spam=12, body-points=3.428, head-points=3.646, learned-points=5.5
debug: auto-learn? no: inside auto-learn thresholds, not considered ham or spam
debug: is spam? score=10.06 required=100
debug: tests=AWL,BAYES_99,HTML_MESSAGE,MSGID_FROM_MTA_ID,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
debug: subtests=__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__HAS_MSGID,__HAS_SUBJECT,__HTML_LENGTH_512,__MIME_HTML,__MIME_QP,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__RATWARE_0_TZ_DATE,__RCVD_IN_NJABL,__RCVD_IN_SORBS,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META
-----8<----
So the question is: Why SA loads the plugin, but does not use it? Can
someone give me a light?
And sorry for the long debug output,
Rainer
Re: WrongMX plugin
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Rainer Sokoll wrote:
> On Tue, Dec 28, 2004 at 11:58:23AM -0500, Matt Kettler wrote:
>>Disclaimer: I've never used the plugin, but I can casually read the code...
>
> Lucky you ;-)
>
>>wrongmx needs to run on your primary, and will detect that mail first went
>>through one of your secondaries before hitting the primary... If there's
>>only one received: header it bails out immediately, as it can't have been
>>relayed this way yet.
>
> Both my primary and secondaries forward any accepted mail to an internal
> mailserver (which cannot run SA), so this particular plugin will never
> do any useful things to mails in my case. I understand.
>
>>If you're running SA on your secondaries, you could just save yourself the
>>effort and add +1.0 to every email.
>
> Hm, nice idea ;-)
I wrote the WrongMX plugin for a regional ISP that a friend owns. As
Matt said, it was designed to run only on a primary MX, or at least on
an MX that may receive mail from a lower preference MX.
The mail system it was designed for has four primary MXes (all
preference 0) multihomed with connections from three different networks.
A secondary MX was added mainly to attract spam. The secondary MX
doesn't scan mail, it just queues it and passes it along to the
primaries. It shouldn't receive too much legitimate mail since it is on
the same networks as the primary MXes so cost based routing shouldn't be
causing legit mail to be delivered to it (yes, there are still some very
large companies doing cost based mail routing -- Thomson Worldwide and
all their divisions, Technicolor, RCA, etc, do this along with others).
That brings up the issue of scoring. Many people will get legit mail on
their secondary MX(es), even if their primary MX(es) are up, so I
wouldn't score the rule any higher than 2, maybe 3.
Also note that the plugin code is blocking. The DNS lookups are sent
out and waited for, instead of doing them in the background. This is a
result of the plugin being written quickly when I dropped in to my
friend's ISP one afternoon and being lazy knowing that he's got a a
couple of large and fast DNS caches in front of the spam filtering
machines. This shouldn't be a huge issue though since there are only a
couple of lookups done. It will increasing processing times by a small
amount though -- not system load though.
That said, I posted the plugin expecting it to be used mainly be people
with a primary MX of their own and a secondary MX that they don't
control which most likely doesn't scan their mail, or that they at least
scan their mail again themselves.
It's been my experience that any MX used for spam filtering would have
the same preference as the rest of the filtering MXes, at least for
medium sized installations or smaller.
Larger sized/volume installations generally have a group of primary MXes
that only do virus scanning (since it's faster than spam filtering)
which drastically cuts down on the amount of messages passed to the spam
filtering machines.
So... like Matt said, and I've recommended to numerous people who have
emailed me, you could simply add a rule on your secondary MX that adds a
point or two to each email that passes through it. However, keep in
mind that legitimate mail can be expected to pass through it, even if
your primary MX never goes down or stops accepting mail due to a high
load average.
Daryl
Re: WrongMX plugin
Posted by Rainer Sokoll <R....@intershop.de>.
On Tue, Dec 28, 2004 at 11:58:23AM -0500, Matt Kettler wrote:
Hi,
> Disclaimer: I've never used the plugin, but I can casually read the code...
Lucky you ;-)
> wrongmx needs to run on your primary, and will detect that mail first went
> through one of your secondaries before hitting the primary... If there's
> only one received: header it bails out immediately, as it can't have been
> relayed this way yet.
Both my primary and secondaries forward any accepted mail to an internal
mailserver (which cannot run SA), so this particular plugin will never
do any useful things to mails in my case. I understand.
> If you're running SA on your secondaries, you could just save yourself the
> effort and add +1.0 to every email.
Hm, nice idea ;-)
Thank you,
Rainer
--
tempora mutantur et nos mutamur in illis
(N.N.)
Re: WrongMX plugin
Posted by Matt Kettler <mk...@evi-inc.com>.
At 10:41 AM 12/28/2004, Rainer Sokoll wrote:
>is someone here using $SUBJECT from
>http://wiki.apache.org/spamassassin/WrongMXPlugin ?
>
>Here, it seems to do nothing :-(
>A mail sent to a secondary MX:
>
>-----8<----
> >From operandejogtht@carcamo.net Tue Dec 28 15:18:28 2004
>Received: from hcou105200.catv.ppp.infoweb.ne.jp
>(hcou105200.catv.ppp.infoweb.ne.jp [218.229.219.200])
> by mailrelay.intershop.de (8.11.6/8.11.6) with SMTP id iBSEI5F01084
> for <ra...@netconx.de>; Tue, 28 Dec 2004 15:18:17 +0100
Disclaimer: I've never used the plugin, but I can casually read the code...
it shouldn't have done anything for that email...
wrongmx needs to run on your primary, and will detect that mail first went
through one of your secondaries before hitting the primary... If there's
only one received: header it bails out immediately, as it can't have been
relayed this way yet.
If you're running SA on your secondaries, you could just save yourself the
effort and add +1.0 to every email.
WrongMX is really for sites that only run SA on the primary and want to
detect forwarding from their secondaries in a semi-automatic fashion.