spam getting through in sa-exim w/ scores of 0 even with matched patterns

Tue, 11 Jul 2006 06:46:47 -0700 

Lately I've been getting a lot of spam that comes through with a score of
0 even after it matches several spam patterns (usually EMPTY_MESSAGE,
MISSING_SUBJECT, etc.).  It should be getting a high score at SMTP time
(via sa-exim) and thus rejected then, but somehow it's slipping through.
If I run spamassassin on the same message again, it shows up w/ the same
rules matched, and a high score (which would have caused it to be
rejected).

Here's an example message:

-=-=-=-=-BEGIN SPAM EXAMPLE-=-=-=-=-
>From [EMAIL PROTECTED] Tue Jul 11 21:54:58 2006
From: "Gillis" <[EMAIL PROTECTED]>
Subject: I have ssex much longer, because I take Exxtra-Time!

How are you bro ? Thousands of couples broke down because of them, making both 
parties unhappy. The great thing about Extra-Time is that it works, making you 
last longer from the very first time. We all hate her saying her previous 
partner did not finish that soon. You may find what you need here: [URL 
snipped] Keep her satisfied tonight and any night in the future. She'll love it!
-=-=-=-=-=END SPAM EXAMPLE=-=-=-=-=-

Now, when it comes through the first time, it has the following SA header:

X-Spam-Status: No, score=0.0 required=5.0 tests=EMPTY_MESSAGE,MISSING_SUBJECT,
        NO_RECEIVED,SARE_HTML_NO_BODY,SARE_HTML_NO_BODY_TO,TO_CC_NONE 
        autolearn=no version=3.1.1

However, noting that it should obviously be marked as spam and have a
higher score (esp. since I've modified my config to score EMPTY_MESSAGE at
6), I ran the same message through spamc again (using spamc -u
Debian-exim, as it should be running when it comes in under sa-exim), and
it becomes this:

X-Spam-Status: Yes, score=21.3 required=5.0 tests=AWL,BAYES_95,
        FORGED_RCVD_HELO,RCVD_IN_XBL,TW_XX,URIBL_SBL,URIBL_SC_SURBL,
        USER_IN_BLACKLIST_TO autolearn=no version=3.1.1

The following package/versions are installed:
ii  exim4-base          4.62-1
ii  exim4-config        4.62-1
ii  exim4-daemon-heavy  4.62-1
ii  sa-exim             4.2.1-2
ii  spamassassin        3.1.1-1

Any ideas what could be causing certain messages to not go through spamassassin
correctly?  The vast majority of spam gets caught & rejected at smtp time, so I
don't know why certain messages are slipping through (usually in groups)...

Please Cc: replies, as I'm not subscribed to the ML...  Thanks.

-- 
Eric Agnew                                       agnew at geekhive dot net


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to