my girlfriend has been bitching at me for quite some time now to figure
out why spamassassin isn't catching the spam like it used to. I'm using
3.0.2 on a debian woody box. Its from www.backports.org (great site).
Here is an example of the X-Virus/Spam headers from a spam that was
caught:
..............
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.2 with clamscan / ClamAV
0.83/795/Wed
Mar 30 03:58:09 2005
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
server.nocturnal.org
X-Spam-Report:
* 2.9 UNRESOLVED_TEMPLATE Headers contain an unresolved
template
* 4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 4.2 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info)
found
* 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
* 3.2 DOMAIN_RATIO BODY: Message body mentions many internet
domains
* 1.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME
parts
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML
* 3.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of
words
* 2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html
MIME parts
X-Spam-Status: Yes, score=22.3 required=5.0 tests=BAYES_99,DOMAIN_RATIO,
HTML_90_100,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_BOUND_DD_DIGITS,
MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MPART_ALT_DIFF,
UNRESOLVED_TEMPLATE,X_MESSAGE_INFO autolearn=unavailable
version=3.0.2
X-Spam-Level: **********************
............
here is an example of the headers from an spam that wasn't caught
............
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.2 with clamscan / ClamAV
0.83/795/Wed
Mar 30 03:58:09 2005
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
server.nocturnal.org
X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_99,HTML_80_90,
HTML_FONT_BIG,HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY,
MSGID_FROM_MTA_ID autolearn=no version=3.0.2
X-Spam-Level: ****
............
I'm only posting these to make sure its not obvious to the more
spamassassin learned than myself. :)
.spamassassin/user_prefs is empty (nothing uncommented rather)
There is also auto-whitelist (1.2M), bayes_journal (16k), bayes_seen
(332k), bayes_toks (5.0M).
her .forward contains:
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #HERUSERNAMEHERE"
her .procmailrc contains:
SHELL=/bin/sh
PATH=/bin:/usr/bin
PMDIR=$HOME/.procmail
LOGABSTRACT=all
MAILDIR=$HOME/mail
LOGFILE=$PMDIR/proclog
VERBOSE=off
:0fw
| /usr/local/bin/clamassassin
:0:
* ^X-Virus-Status: Yes
/dev/null
#Spamassassin start
:0fw: spamassassin.lock
| /usr/bin/spamc
:0:
* ^X-Spam-Status: Yes
Spam/Inbox
#Spamassassin end
here is the spread on how spamassassin is seeing most of the missed
spams (their scores) out of ~5000 missed spams since early February.
nil = 36
* = 331
** = 2008
*** = 1306
**** = 1227
spamassassin has caught ~4000 so its getting less than half.
Ideas where to start (other than having her change her email address
hehe)
Thanks in advance.
