Mailing List Archive

Keith Dowell said:
> This is weird - I get some that don't get flagged by sa - but get sent to
> the spamdrop by mimedefang like this...
>
> X-Spam-Score: 5.906 (*****)
> FVGT_u_DOM_END_NUM,HTML_50_60,HTML_IMAGE_ONLY_02,HTML_MESSAGE,HTML_TAG_BALAN
> CE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,RM_sl_Parens
> X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang)
> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
> mail
> X-Spam-Status: No, hits=2.4 required=4.0 tests=FVGT_u_DOM_END_NUM,
> HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RM_rb_ANCHOR,RM_rb_BODY,RM_rb_HTML,
> RM_sl_Parens autolearn=no version=2.61
> X-Spam-Level: **
>
> But the ones that DO get flagged with sa have no X-Spam-Score but have a
> X-Spam-Flag=YES???
>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on
> mail
> X-Spam-Status: Yes, hits=5.2 required=4.0 tests=CLICK_BELOW,
> MIME_MISSING_BOUNDARY,MIME_QP_NO_CHARSET,MISSING_OUTLOOK_NAME,
> MSGID_FROM_MTA_SHORT,UPPERCASE_25_50 autolearn=no version=2.61
> X-Spam-Level: *****
> MIME-Version: 1.0
>

Could it be that you are accidentally sending the email through
SpamAssassin twice, perhaps even on two different systems?


--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases
(0BFU$C/\TED SPA/\/\ P|-|RA$ES):
http://www.sandgnat.com/cmos/

On Mon, Feb 09, 2004 at 04:22:27PM -0600, Keith Dowell wrote:
> But the ones that DO get flagged with sa have no X-Spam-Score but have a
> X-Spam-Flag=YES???

X-Spam-Score isn't a standard SA header, but X-Spam-Flag is. It sounds
like you're having issues wrt mimedefang.

--
Randomly Generated Tagline:
Dyslexic Christian sells soul to Santa ... film at 11.

well here the code from md.

if ($hits >= 4) {
md_log('spam', $hits, $RelayAddr);
my($score);
if ($hits < 40) {
$score = "*" x int($hits);
} else {
$score = "*" x 40;
}
action_add_header("X-Orig-Recipients", join(",
",@Recipients));
foreach $recip(@Recipients){
delete_recipient($recip);
}
add_recipient('spam@somedomain.com');
# We add a header which looks like this:
# X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
# The number of asterisks in parens is the integer part
# of the spam score clamped to a maximum of 40.
# MUA filters can easily be written to trigger on a
# minimum number of asterisks...
action_change_header("X-Spam-Score", "$hits ($score)
$names");

# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
} else {
# Delete any existing X-Spam-Score header?
action_delete_header("X-Spam-Score");

so I think I'm still missing why md catches this when sa is reporting hits
below 4
X-Spam-Status: No, hits=2.4 required=4.0 tests=...

and even weirder that when sa scores above 4 - I DON'T get the x-spam-score
header.

I mean - I don't profess to being the worlds greatest programmer, but
doesn't the code above read logically

if number of hits is greater than or equal to 4
add this header (which it isn't adding the header if it's above 4)
else
remove any existing X-Spam-Score header (which the dang thing doesn't
ever seem to hit this)

what am I missing here?