I am not sure why it is doing this ... but everytime i get a spam, it looks like it does the smap rateing twice. And it gives different scores each time. Here is the new header from the last email I got. Notice how it looks like spamassassin ran twice. Any Idea's ??? (yes, my threshhold is low ... i am just testing what happens when spam arrives).
------------------------------------------------------ Spam detection software, running on the system "mailtestlx.mydomain.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see [EMAIL PROTECTED] for details. Content preview: Spam detection software, running on the system "mailtestlx.mydomain.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see [EMAIL PROTECTED] for details. [...] Content analysis details: (8.6 points, 3.0 required) pts rule name description ---- ---------------------- ------------------------------------------------ -- 0.5 FROM_ENDS_IN_NUMS From: ends in numbers 0.9 PLING_QUERY Subject has exclamation mark and question mark -2.8 ALL_TRUSTED Did not pass through any untrusted hosts 1.1 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:' 0.8 BODY_ENHANCEMENT2 BODY: Information on getting larger body parts 0.2 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag 0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag 0.3 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML 0.0 HTML_TITLE_EMPTY BODY: HTML title contains no text 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 0.8 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding 1.2 OBFUSCATING_COMMENT HTML comments which obfuscate text 3.1 PERCENT_RANDOM PERCENT_RANDOM The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. Subject: ???SPAM??? FW: Get it now! From: "Joe" <[EMAIL PROTECTED]> Date: Wed, 02 Feb 2005 22:17:00 -0400 To: [EMAIL PROTECTED] Spam detection software, running on the system "mailtestlx.mydomain.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see [EMAIL PROTECTED] for details. Content preview: >From: "Fastest Penis Growth Available" To: [EMAIL PROTECTED] Subject: >Get it now! >Date: Mon, 31 Jan 2005 09:21:56 -0800 > Nah, it's not what i'm looking for. clickhere . . [...] Content analysis details: (9.6 points, 3.0 required) pts rule name description ---- ---------------------- ------------------------------------------------ -- 0.5 FROM_ENDS_IN_NUMS From: ends in numbers 0.8 BODY_ENHANCEMENT2 BODY: Information on getting larger body parts 0.2 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag 0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag 0.3 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML 0.0 HTML_TITLE_EMPTY BODY: HTML title contains no text 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 0.8 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding 1.2 OBFUSCATING_COMMENT HTML comments which obfuscate text 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay 3.1 PERCENT_RANDOM PERCENT_RANDOM 0.1 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. -------------------------------------
