Mailing List Archive

Different results from command line and spamd
I have a sample spam in file test_01.

I ran this though spamassassin by hand:

spamassassin -t -D < test_01 2>&1

And get a nice rejection with hits from many rules:

Content analysis details: (11.1 points, 4.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 NO_RELAYS Informational: message was not relayed via SMTP
1.2 MISSING_HEADERS Missing To: header
0.2 H_BODY_20 BODY: Message contains "If you can't see"
0.2 H_BODY_17 BODY: Message contains "opt-out"
1.0 H_BODY_21 BODY: Message contains "JonesBlvd"
0.2 H_BODY_16 BODY: Message contains "Unsubscribe"
0.2 H_BODY_19 BODY: Message contains "This offer is"
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL
blocklist [URIs: badguy]
5.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: badguy]
0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
blocklist [URIs: badguy]
-0.0 NO_RECEIVED Informational: message has no Received headers

The same message test_01 appeared in my inbox with this header:

X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on myserver.com
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=4.0 tests=AC_FROM_MANY_DOTS,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,H_BODY_16,H_BODY_17,H_BODY_19,
H_BODY_20,H_BODY_21,MIME_QP_LONG_LINE,SPF_HELO_NONE,SPF_PASS
autolearn=no autolearn_force=no version=3.4.3

I added the H_BODY rules which should be unnecessary, but they show that mail
is going through spamassassin and my procmamil script. But many of the rules
mentioned in the command line test are absent: MISSING_HEADERS and all the URIBL
rules. Another odd thing is that the subject of test_01 was not in all caps.

This seems unjust.

My user_prefs is rather long, mostly whitelist and blacklist items.
Here are some lines that might be relevant:

required_hits 4.0
use_bayes 1
use_pyzor 1
use_razor2 1
bayes_auto_learn 1
allow_user_rules 1
ok_locales en ja
report_safe 0

Perimssions stuff:

755 ~/.spamassassin
644 ~/.spamassassin/user_prefs
640 ~/.procmailrc

I changed the permissions on the .spamasssasin directory while hacking
away at this problem. They were 700.

I upgraded from Fedora 29 to Fedora 30 which may have broken something.
The gauntlet:

systemd-241
sendmail-8.15
spamassassin-3.43
procmail-3.22,
perl-Razor-Agent-2.85

Systemd is configured to run the spamassassin.service on startup
which executes:

/usr/bin/spamd $SPAMDOPTIONS

SPAMDOPTIONS="-c -m5 -H --razor-home-dir='/var/lib/razor/' --razor-log-file='sys-syslog'"

Thanks for any insight!
Re: Different results from command line and spamd [ In reply to ]
On Wed, 5 Feb 2020 08:18:34 -0600
Hugh Sparks wrote:

> I have a sample spam in file test_01.
> ...
> And get a nice rejection with hits from many rules:
>...
> The same message test_01 appeared in my inbox with this header:
> ...X-Spam-Status: No, score=2.7
...
> many of the rules mentioned in the command line test are absent:
> MISSING_HEADERS and all the URIBL rules. Another odd thing is that
> the subject of test_01 was not in all caps.

I can't comment on the rest without having a copy of the email, but
it's normal to see extra network tests because similar spams would have
been reported between the two tests.
Re: Different results from command line and spamd [ In reply to ]
Thanks, RW.
The problem I'm having is that the system service isn't running any of
the network tests, but they do run when I send the same sample through
spamassassin from the command line. It has nothing to do with the
particular piece of spam. There is some sort of permission problem (I
think) but I'm having a hard time finding it. When it works (from the
command line) I'm logged in as a regular user.

On 2/6/2020 6:26 AM, RW wrote:
> On Wed, 5 Feb 2020 08:18:34 -0600
> Hugh Sparks wrote:
>
>> I have a sample spam in file test_01.
>> ...
>> And get a nice rejection with hits from many rules:
>> ...
>> The same message test_01 appeared in my inbox with this header:
>> ...X-Spam-Status: No, score=2.7
> ...
>> many of the rules mentioned in the command line test are absent:
>> MISSING_HEADERS and all the URIBL rules. Another odd thing is that
>> the subject of test_01 was not in all caps.
> I can't comment on the rest without having a copy of the email, but
> it's normal to see extra network tests because similar spams would have
> been reported between the two tests.