The rule header __CF_NOT_TO_ME To !~ /(?:[EMAIL PROTECTED]|[EMAIL PROTECTED])/i header __CF_NOT_CC_ME Cc !~ /(?:[EMAIL PROTECTED]|[EMAIL PROTECTED])/i meta CF_NOT_FOR_ME __CF_NOT_TO_ME && __CF_NOT_CC_ME score CF_NOT_FOR_ME 0.01 describe CF_NOT_FOR_ME Neither To nor Cc me
The mail: Date: Fri, 18 Mar 2005 09:05:50 -0500 From: "TINY Video Camera" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: A TINY digital video camera from DigiVu
This Advertisment was brought to you by Newageoptin...
The SA result: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on cfcl.com X-Spam-Level: X-Spam-Status: No, score=-0.6 required=0.5 tests=ALL_TRUSTED,CF_NOT_FOR_ME, HTML_30_40,HTML_MESSAGE,URIBL_SBL autolearn=ham version=3.0.2
And that's not right. It _is_ for me. The CF_NOT_FOR_ME rule should not have triggered.
What I like even less about this is that if I send that message through spamassassin -D I get the results I expect (CF_NOT_FOR_ME does _not_ trigger).
Question - Is there any chance that your MTA, MDA or MUA re-wrote the To: header, causing it to actually be different in each place? Some mail tools will add the local domain to a username-only To: header. They also will commonly insert a To: header containing the envelope recipient if no To: header exists.
You might want to add some -0.01 scored riles that look for several different combinations, so you can try to debug what's going on:
header L_TO_EXISTS exists:To score L_TO_EXISTS -0.01
header L_CC_EXISTS exists:Cc score L_CC_EXISTS -0.01
header L_TO_CFCL To =~/[EMAIL PROTECTED]/i score L_TO_CFCL -0.01
header L_TO_GMAIL To =~/[EMAIL PROTECTED]/i score L_TO_GMAIL -0.01
header L_TO_VLB To =~/[EMAIL PROTECTED]/i score L_TO_VLB -0.01
And be sure to spamassassin --lint it (should run without any messages), and restart spamd after adding the rules.