What kind of setup are you using? What do you do if a email is tagged as spam? SpamAssassin ran twice, but because of -2.8 ALL_TRUSTED, I would say that it is some configuration issue on how you quarentine spam.
Kind Regards, Sander Holthaus > -----Original Message----- > From: Peter Marshall [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 03, 2005 2:36 PM > To: users@spamassassin.apache.org > Subject: spamassassin scoring message twice > > I am not sure why it is doing this ... but everytime i get a > spam, it looks like it does the smap rateing twice. And it > gives different scores each time. Here is the new header > from the last email I got. Notice how it looks like > spamassassin ran twice. Any Idea's ??? (yes, my threshhold > is low ... i am just testing what happens when spam arrives). > > ------------------------------------------------------ > Spam detection software, running on the system > "mailtestlx.mydomain.com", has identified this incoming email > as possible spam. The original message has been attached to > this so you can view it (if it isn't spam) or label similar > future email. If you have any questions, see > [EMAIL PROTECTED] for details. > > Content preview: Spam detection software, running on the system > "mailtestlx.mydomain.com", has identified this incoming email > as possible spam. The original message has been attached to this so > you can view it (if it isn't spam) or label similar future email. If > you have any questions, see [EMAIL PROTECTED] for details. [...] > > Content analysis details: (8.6 points, 3.0 required) > > pts rule name description > ---- ---------------------- > ------------------------------------------------ > -- > 0.5 FROM_ENDS_IN_NUMS From: ends in numbers > 0.9 PLING_QUERY Subject has exclamation mark and > question mark > -2.8 ALL_TRUSTED Did not pass through any untrusted hosts > 1.1 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but > no 'Received:' > 0.8 BODY_ENHANCEMENT2 BODY: Information on getting > larger body parts > 0.2 HTML_TEXT_AFTER_HTML BODY: HTML contains text after > HTML close tag > 0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after > BODY close tag > 0.3 MIME_HTML_MOSTLY BODY: Multipart message mostly > text/html MIME > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.5 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML > obfuscation > 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different > 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML > 0.0 HTML_TITLE_EMPTY BODY: HTML title contains no text > 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 > encoding > 0.8 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding > 1.2 OBFUSCATING_COMMENT HTML comments which obfuscate text > 3.1 PERCENT_RANDOM PERCENT_RANDOM > > The original message was not completely plain text, and may > be unsafe to open with some email clients; in particular, it > may contain a virus, or confirm that your address can receive > spam. If you wish to view it, it may be safer to save it to > a file and open it with an editor. > > > > > Subject: > ???SPAM??? FW: Get it now! > From: > "Joe" <[EMAIL PROTECTED]> > Date: > Wed, 02 Feb 2005 22:17:00 -0400 > To: > [EMAIL PROTECTED] > > Spam detection software, running on the system > "mailtestlx.mydomain.com", has identified this incoming email > as possible spam. The original message has been attached to > this so you can view it (if it isn't spam) or label similar > future email. If you have any questions, see > [EMAIL PROTECTED] for details. > > Content preview: >From: "Fastest Penis Growth Available" To: > [EMAIL PROTECTED] Subject: >Get it now! >Date: Mon, 31 Jan 2005 > 09:21:56 -0800 > Nah, it's not what i'm looking for. clickhere . . > [...] > > Content analysis details: (9.6 points, 3.0 required) > > pts rule name description > ---- ---------------------- > ------------------------------------------------ > -- > 0.5 FROM_ENDS_IN_NUMS From: ends in numbers > 0.8 BODY_ENHANCEMENT2 BODY: Information on getting > larger body parts > 0.2 HTML_TEXT_AFTER_HTML BODY: HTML contains text after > HTML close tag > 0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after > BODY close tag > 0.3 MIME_HTML_MOSTLY BODY: Multipart message mostly > text/html MIME > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.5 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML > obfuscation > 1.5 MPART_ALT_DIFF BODY: HTML and text parts are different > 0.2 HTML_90_100 BODY: Message is 90% to 100% HTML > 0.0 HTML_TITLE_EMPTY BODY: HTML title contains no text > 0.1 MIME_BASE64_TEXT RAW: Message text disguised using base64 > encoding > 0.8 MIME_BASE64_BLANKS RAW: Extra blank lines in base64 encoding > 1.2 OBFUSCATING_COMMENT HTML comments which obfuscate text > 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay > 3.1 PERCENT_RANDOM PERCENT_RANDOM > 0.1 MIME_BOUND_NEXTPART Spam tool pattern in MIME boundary > > The original message was not completely plain text, and may > be unsafe to open with some email clients; in particular, it > may contain a virus, or confirm that your address can receive > spam. If you wish to view it, it may be safer to save it to > a file and open it with an editor. > > ------------------------------------- >
