David Reta wrote: > I am having an issue with spam not getting caught by the filter. > > The spam will score low initially but when I run it on the > quarantined message a minute later the message will score well over > the threshold. > > I am using spamassassin 3.1.4 and it is being called through > mimedefang. I quarantine the message so I can keep a copy on the > relay. I have a bayes database that is shared over nfs. On this > particular instance it looks like the bayes test is skipped. Since I > am using a bayes database that is shared, could this be causing a > timeout issue and if so how can I increase the timeout so this does > not occur? > > Here is the MSG.0 File from the quarantine directory > > Content analysis details: (3.6 points, 4.5 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.1 EXTRA_MPART_TYPE Header has extraneous > Content-type:...type= entry > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO > 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address [85.99.173.13 listed in > dnsbl.sorbs.net] > > 3.647 4.5 > EXTRA_MPART_TYPE,FORGED_RCVD_HELO,HTML_30_40,HTML_MESSAGE,RCVD_IN_SORBS_DUL > > Here is the ourput from when I run it manually a minute later. > > [EMAIL PROTECTED] qdir-2006-09-07-15.33.07-001]$ spamassassin < > ENTIRE_MESSAGE | more > Content analysis details: (7.1 points, 4.5 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.1 EXTRA_MPART_TYPE Header has extraneous > Content-type:...type= entry > 0.1 FORGED_RCVD_HELO Received: contains a forged HELO > 0.4 HTML_30_40 BODY: Message is 30% to 40% HTML > 0.0 HTML_MESSAGE BODY: HTML included in message > 3.5 BAYES_99 BODY: Bayesian spam probability > is 99 to 100% > [score: 0.9997] > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [85.99.221.218 listed in dnsbl.sorbs.net]
The only difference between these two runs is Bayes. Based on this, I would say that mimedefang is running as one user, and you are testing as a different user. The mimedefang user either has Bayes disabled, or has not learned enough ham and spam to run Bayes. If you do your test while logged in as the mimedefang user, you should see identical results to the first run. Most likely, you need to either use a global Bayes db, or make sure you are doing your ham/spam learning as the mimedefang user. -- Bowie
