my girlfriend has been bitching at me for quite some time now to figure out why spamassassin isn't catching the spam like it used to. I'm using 3.0.2 on a debian woody box. Its from www.backports.org (great site). Here is an example of the X-Virus/Spam headers from a spam that was caught:
.............. X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.2 with clamscan / ClamAV 0.83/795/Wed Mar 30 03:58:09 2005 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on server.nocturnal.org X-Spam-Report: * 2.9 UNRESOLVED_TEMPLATE Headers contain an unresolved template * 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary * 4.2 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found * 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 3.2 DOMAIN_RATIO BODY: Message body mentions many internet domains * 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.0000] * 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML * 3.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words * 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts X-Spam-Status: Yes, score=22.3 required=5.0 tests=BAYES_99,DOMAIN_RATIO, HTML_90_100,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_BOUND_DD_DIGITS, MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF, UNRESOLVED_TEMPLATE,X_MESSAGE_INFO autolearn=unavailable version=3.0.2 X-Spam-Level: ********************** ............ here is an example of the headers from an spam that wasn't caught ............ X-Virus-Status: No X-Virus-Checker-Version: clamassassin 1.2.2 with clamscan / ClamAV 0.83/795/Wed Mar 30 03:58:09 2005 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on server.nocturnal.org X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_99,HTML_80_90, HTML_FONT_BIG,HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY, MSGID_FROM_MTA_ID autolearn=no version=3.0.2 X-Spam-Level: **** ............ I'm only posting these to make sure its not obvious to the more spamassassin learned than myself. :) .spamassassin/user_prefs is empty (nothing uncommented rather) There is also auto-whitelist (1.2M), bayes_journal (16k), bayes_seen (332k), bayes_toks (5.0M). her .forward contains: "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #HERUSERNAMEHERE" her .procmailrc contains: SHELL=/bin/sh PATH=/bin:/usr/bin PMDIR=$HOME/.procmail LOGABSTRACT=all MAILDIR=$HOME/mail LOGFILE=$PMDIR/proclog VERBOSE=off :0fw | /usr/local/bin/clamassassin :0: * ^X-Virus-Status: Yes /dev/null #Spamassassin start :0fw: spamassassin.lock | /usr/bin/spamc :0: * ^X-Spam-Status: Yes Spam/Inbox #Spamassassin end here is the spread on how spamassassin is seeing most of the missed spams (their scores) out of ~5000 missed spams since early February. nil = 36 * = 331 ** = 2008 *** = 1306 **** = 1227 spamassassin has caught ~4000 so its getting less than half. Ideas where to start (other than having her change her email address hehe) Thanks in advance.