Rather than just pushing messages through the system, I would recommend testing your regexps using the following program (http://regex.osherove.com/)
It's very useful for checking syntax, and pointing out exactly what parts of the message have triggered on a particular rule. Failing that the next step should be to test your installation using Spamassassin --test-mode < sample.txt Where sample.txt is a text transcript of your message. This will test SA's rule matching on the exact mailbox. If after trying these things you still haven't identified the problem, you might be using sa-exim, or exiscan, or one of those other MTA plugins that only passes a portion of the message to SA. These are usually set reasonably high, but its possible that you have set the setting to the point where the test text has been cut off. I hope this helps, R -----Original Message----- From: R McGlue [mailto:[EMAIL PROTECTED] Sent: 01 March 2005 09:18 To: [EMAIL PROTECTED] Subject: mail not being scanned fully???? hi, upgrading spamd servers and running a few tests on 3.0.2 I sent an email with "fuck" in both the body and again seperatly in the subject... but even though there is a rule for it (LIVE_PORN) and i know the bayes+net score was zero so I manually set it to 5 (local.cf)but even then It isnt being flagged at all. Tried sending from on and offsite (to myself)... any ideas why it isnt flagging? I though that the strings would be flagged on a literal match, ive checked the regex and it should match f*ck. ronan # grep 42242F51.1080801 /var/log/syslog Mar 1 09:01:10 server.ac.uk spamd[25914]: checking message <[EMAIL PROTECTED]> for nobody:60001. Mar 1 09:01:10 server.ac.uk spamd[25914]: result: . -4 - ALL_TRUSTED,BAYES_00 scantime=0.3,size=709,mid=<[EMAIL PROTECTED]>,bayes=0,autole arn=ham