Hi all,
I'm using SpamAssassin 3.0.1 (2004-10-22). SA is running on an OpenBSD 3.5 i386 machine. I'm starting it up using the following
/usr/local/bin/spamd -u spamd -a --allowed-ips=192.168.1.0/24 --siteconfigpath=/etc/mail/spamassassin/ -d --listen-ip=192.168.1.4 -D
my local.cf file is below, the spamd user has a user_prefs file that is all comments.
<SNIP>
skip_rbl_checks 1
<snip>
If I put the raw message into a file and then run 'spamassassin -D < a' as the spamd user on the system where the spamd process is running I get
<snip>
X-Spam-Status: Yes, score=18.0 required=3.2 tests=ALL_TRUSTED,DCC_CHECK,
DRUGS_ERECTILE,DRUGS_ERECTILE_OBFU,HTML_90_100,HTML_IMAGE_ONLY_04, HTML_MESSAGE,HTML_SHORT_CENTER,MANY_EXCLAMATIONS,MIME_HTML_ONLY,
SUBJECT_DRUG_GAP_C,SUBJECT_DRUG_GAP_L,URIBL_AB_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=disabled version=3.0.1
Now this same message when asked via my MTA to the running spamd process got
<snip>
Nov 11 06:39:51 bia spamd[19025]: debug: is spam? score=2.181
required=3.2
Nov 11 06:39:51 bia spamd[19025]: debug:
tests=ALL_TRUSTED,DCC_CHECK,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RATWARE _ZERO_TZ
<snip>
I'm at a complete loss as to why the different scores? Is there something I've done wrong here?
First a comment: You seem to have a major problem with your trusted_networks setting. ALL_TRUSTED should not fire for spam. If you've got a NATed mailserver, you need to manually set trusted_networks to only contain your servers, otherwise SA will assume the outside relay is a part of your network.
As for the different scores that's tough to account for. Are you sure those are the same messages? spamassassin is seeing a very different message body, and subject line than spamd. It looks very much like some HTML normalizer ripped out a bunch of stuff SA was matching on.
You can even see in the debug that despite spamassassin finding several URIBL list matches, that spamd finds no URLs at all, and thus
Nov 11 06:39:44 bia spamd[19025]: debug: URIDNSBL: domains to query:
However, the subject-line change is almost completely inexplicable. SUBJECT_DRUG_GAP_C matched for spamassassin, but not for spamd.
Does this message have two subject lines?
Does some other tool in you mta chain mangle messages?
