You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/01/28 23:58:06 UTC

[Bug 2980] New: Rules Not Working Properly

http://bugzilla.spamassassin.org/show_bug.cgi?id=2980

           Summary: Rules Not Working Properly
           Product: Spamassassin
           Version: 2.63
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: critical
          Priority: P3
         Component: Rules
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: crawford@doit.net


I just upgraded from a very old version of spamassassin to the latest, 2.63 
and I started noticing email coming through to my personal mailbox with the 
SPAM: tag on it.  I have in my procmailrc file the following:

    :0:
      * ^X-Spam-Flag: YES
      $HOME/mail/SPAM

    :0:
      * ^Subject:.*SPAM:*
      $HOME/mail/SPAM

So incoming email with either the X-Spam-Flag set or the Subject as SPAM: will 
go to the user's ~/mail/SPAM folder.

Well, somethings have been getting through.  So I dug deeper... email that was 
sent to me alone, sometimes would get through - but the funny part was that 
the email acted as though SpamAssassin marked it, but when I looked at my 
sendmail log - it said it was a clean message.

For example, look at the following header information:

<<
eceived: from localhost by dns1.doit.net
     with SpamAssassin (2.63 2004-01-11);
     Wed, 28 Jan 2004 16:33:18 -0500
From: Discover Ink <di...@NEWEXPECTATIONS.COM>
To: crawford@DOIT.NET
Subject: SPAM: Printer Cartridges - Save 75% Off Retail - No Shipping Charges
Date: Wed, 28 Jan 2004 14:50:33 -0600
Message-Id: <20...@doit.net>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on dns1.doit.net
X-Spam-Level: ******
X-Spam-Status: Yes, hits=6.7 required=5.0 tests=HTML_MESSAGE,HTML_WEB_BUGS,
     MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,RCVD_IN_BL_SPAMCOP_NET,
     RCVD_IN_SBL,SAVINGS,TONER autolearn=no version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40182A9E.979C9AC4"
>>

According to this, it says that SA marked it as spam with a value of 6.7, 
however my sendmail log for the same message reads:


<<
Jan 28 16:33:08 dns1 spamd[18018]: info: setuid to crawford succeeded
Jan 28 16:33:08 dns1 spamd[18018]: processing message 
<200401282133.i0SLX7WK0180
13@doit.net> for crawford:500.
Jan 28 16:33:09 dns1 spamd[18018]: clean message (3.1/5.0) for crawford:500 in 
1
.0 seconds, 9917 bytes.
>>

This shows that it gave it a value of 3.1.   So I started looking at more 
logs.  I received a piece of SPAM that was sent to quite a few users on my 
system:

<<

Received: from localhost by dns1.doit.net
     with SpamAssassin (2.63 2004-01-11);
     Wed, 28 Jan 2004 16:36:04 -0500
From: "Harriet Gunn" <eq...@earthlink.net>
To: dennis@iaos.com, apogee@iaos.com, apache@iaos.com, info@iaos.com,
     martin@iaos.com, marty@iaos.com, mary@iaos.com, webmaster@iaos.com,
     bin@iaos.com, crawford@iaos.com, root@iaos.com, rockin@iaos.com
Subject: SPAM: hymen lucretius
Date: Wed, 28 Jan 2004 16:34:56 -0500
Message-Id: <PW...@lee>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on dns1.doit.net
X-Spam-Level: **************
X-Spam-Status: Yes, hits=14.8 required=5.0 tests=HTML_20_30,HTML_MESSAGE,
     RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,
     RCVD_IN_OPM,RCVD_IN_OPM_HTTP,RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP 
     autolearn=spam version=2.63
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_40182B44.34CF2E63"
>>

This says that it's marked as spam with a hit count of 14.8, but somehow it 
got delivered to my mailbox with the SPAM: still on it.  Further investigation 
shows that it got delievered to my users without the SPAM: on it, but yet it 
made it right through the spam filters...

<<
Jan 28 16:35:46 dns1 sendmail[18138]: i0SLZgWK018138: 
from=<eqamlgtsx@earthlink.
net>, size=3641, class=0, nrcpts=11, msgid=<PW...@lee>, 
proto=SM
TP, daemon=MTA, relay=adsl-67-112-155-226.dsl.sndg02.pacbell.net 
[67.112.155.226
Jan 28 16:35:46 dns1 spamd[18154]: info: setuid to apogee succeeded
Jan 28 16:35:46 dns1 spamd[18154]: processing message <PWRBJKA-
0005066377206@lee
> for apogee:1064.
Jan 28 16:35:47 dns1 spamd[18156]: info: setuid to crawford succeeded
Jan 28 16:35:48 dns1 spamd[18156]: processing message <PWRBJKA-
0005066377206@lee
> for crawford:500.
Jan 28 16:35:49 dns1 spamd[18154]: clean message (0.5/5.0) for apogee:1064 in 
0.
9 seconds, 3953 bytes.
Jan 28 16:35:47 dns1 sendmail[18138]: i0SLZgWM018138: 
from=<lzvmdpdzwfyry@att.ne
t>, size=3718, class=0, nrcpts=1, msgid=<FL...@rudimentary>, 
pro
to=SMTP, daemon=MTA, relay=adsl-67-112-155-226.dsl.sndg02.pacbell.net 
[67.112.15
5.226]
Jan 28 16:35:49 dns1 spamd[18156]: clean message (0.5/5.0) for crawford:500 in 
0
.7 seconds, 4330 bytes.
>>

I have an unmodified install, clean ... using redhat on an Intel platform.

HELP!

Dennis Crawford
crawford@doit.net



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.