Re: Spamc, spamassassin, different scores

2005-09-06 Thread Miguel Angel Rasero Peral (TCOR) 
Yeah this was my problems, Thanks.

El mar, 06-09-2005 a las 12:00 -0400, Matt Kettler escribió:
> Andy Jezierski wrote:
> > 
> > 
> > Are you running the spamassassin command under the same userid as spamd
> > is running under? Looks like spamd is using bayes that spamassassin did
> > not have, and spamassassin had a negative AWL score that spamd didn't
> > have.  
> 
> 
> Definitely not.
> 
> Look at the prompts. Miguel is running spamassassin as root.
> 
> Miguel is running spamc as root, but spamd will *NEVER* scan mail as root. It
> will setuid itself to nobody if it finds this situation.
> 
> This causes a huge difference, because only the root account has bayes 
> training,
> but spamd will never use it.
> 
> Notice that the spamassassin (run as root) version has BAYES_95 matching, but
> the  spamc one does not.
> 
> Miguel, this is your problem: you can't train with sa-learn as root and expect
> this to impact mail run through spamc, unless you set up a global bayes 
> database.
> 
> Ideally, I'd suggest creating a "spamd" user, and running spamd with -u spamd.
> Then when you train mail with sa-learn, just su yourself to spamd first. This
> way everything all gets scanned using the same bayes db. You also get the
> security benefit of all scanning being done as a user that isn't used for
> anything else.
> 
> If that's not practical, use bayes_path and bayes_file_mode 0777 together in
> your local.cf to create a single bayes DB that gets used no matter what user
> calls SA.
> 
> (Warnings: use bayes_file_mode 0777, not 0666. Also, read the docs on 
> bayes_path
> very carefully. It's not just a path. The last part is actually the start of a
> filename, not a directory name)
> 
> 
>

Spamc, spamassassin, different scores

2005-09-06 Thread Miguel Angel Rasero Peral (TCOR) 

Hello, my system is a redhat 7.3 with this spamassassin versions and i
am using qmail in it.
"""
machine:/etc/mail/spamassassin# spamassassin -V
SpamAssassin version 3.0.1
  running on Perl version 5.6.1
machine:/etc/mail/spamassassin# spamc -V
SpamAssassin Client version 3.0.1
"""

The problem that i have is that i only want to launch spamassassin in my
account so i am using my .qmail-file to do it.
| spamassassin | preline procmail -t -m -p ./skuda/procmailrc

I know that i would be launching spamc and not spamassassin perl script
but i get different scores from the 2 programs.

SPAMC:
spamc -r <
skuda/Maildir/.spam/cur/1121844030.M156489P30796V0303I00436361_2015.betanetweb.com,S=9921:2,S
Spam detection software, running on the system "betanetweb.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  neuroanotomy Incredible Prices on Rx Hurry While
  Supplies Last! [...]

Content analysis details:   (7.3 points, 4.0 required)

 pts rule name  description
 --
--
 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different
 0.3 MIME_HTML_MOSTLY   BODY: Multipart message mostly text/html
MIME
 0.0 HTML_MESSAGE   BODY: HTML included in message
 0.2 HTML_FONT_BIG  BODY: HTML tag for a big font size
 0.2 HTML_90_100BODY: Message is 90% to 100% HTML
 1.1 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS
records
 0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org
 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
[URIs: weofferaselection.com]
 0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: weofferaselection.com]
-0.6 AWLAWL: From: address is in the auto white-list


Spamassassin:
spamassassin <
cur/1121844030.M156489P30796V0303I00436361_2015.betanetweb.com,S=9921:2,S

>From [EMAIL PROTECTED] Fri Nov 12 12:53:26 2004
Received: from localhost by betanetweb.com
with SpamAssassin (version 3.0.1);
Tue, 06 Sep 2005 16:24:08 +0200
From: "VicoRx  6" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: *SPAM* Your order
Date: Fri, 12 Nov 2004 07:50:35 -0500 (MSD)
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on
betanetweb.com
X-Spam-Status: Yes, score=11.0 required=4.0 tests=BAYES_95,

DNS_FROM_AHBL_RHSBL,HTML_90_100,HTML_FONT_BIG,HTML_IMAGE_RATIO_02,
HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF,NO_DNS_FOR_FROM,
URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=no version=3.0.1
X-Spam-Level: **
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--=_431DA688.5E031C81"

This is a multi-part message in MIME format.
=_431DA688.5E031C81
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "betanetweb.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  neuroanotomy Incredible Prices on Rx Hurry While
  Supplies Last! [...]

Content analysis details:   (11.0 points, 4.0 required)

 pts rule name  description
 --
--
 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
 2.1 BAYES_95   BODY: Bayesian spam probability is 95 to 99%
[score: 0.9714]
 0.0 HTML_IMAGE_RATIO_02BODY: HTML has a low ratio of text to image
area
 1.0 MIME_HTML_MOSTLY   BODY: Multipart message mostly text/html
MIME
 0.0 HTML_MESSAGE   BODY: HTML included in message
 0.1 HTML_FONT_BIG  BODY: HTML tag for a big font size
 0.0 HTML_90_100BODY: Message is 90% to 100% HTML
 1.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS
records
 0.3 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org
 4.3 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist
[URIs: weofferaselection.com]
 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: weofferaselection.com]

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an edi