> -----Original Message----- > From: Mike Sassaman [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 5:48 PM > To: users@spamassassin.apache.org > Subject: RE: spam scores low (Sendmail + smtp-vilter + SA ) > > > > > > % spamassassin --lint shows no output, so I'm thinking > that means no > > > problems in my local.cf. > > > > Good, 'spamassassin --lint' should show no outout, it ony barks when > > there's something wrong. Now 'spamassassin --lint -D' gives -tons- > > of output, but any error messages often get buried in with all the > > debugging output. > > > > > % spamassassin < /tmp/test-message.txt on a lowscoring spam > > (-1.6 according > > > to smtp-vilter's headers) get scored a whopping 14.3 by > > spamassassin! Tests > > > hit include HELO_DYNAMIC_IPADDR, BAYES_99, RCVD_IN_SORBS_DUL, > > > RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_XBL, RCVD_IN_NJABL_DUL > > > > OK, so that vets your basic spamassassin system. Now the next > > thing to try > > is to take that same test message and feed it to "spamd" via > > spamc to see > > what the daemon thinks about it. Do: '% spamc -R < > > /tmp/test-message.txt' > > that should give a report output that shows the same tests > hit. If it > > doesn't then that says that there's something about how > you're running > > "spamd" that is causing problems. > > > > I noticed that in your tests report you show most of the > > score came from > > network type tests. If you start your "spamd" with the "-L" > > command line > > option that will disable all network tests (and seriously > > reduce your spam > > recognising ability). Or if there's something about the way > that your > > "spamd" starts up so that network tests are disabled, it > will have the > > same "net"-not result. > > > > > So I think Dave is right - the problem is with the milter, > > or at least the > > > milter / spamassassin communication. > > > > It may be a milter issue but first we need to rule out > whether it's a > > "spamd" issue (thus the "spamc" tests). IE the flow is > > sendmail -> milter > > -> spamd, spamd results -> milter -> sendmail. > > > > Verified that spamassassin < testmessage.txt and spamc -R < > testmessage.txt > hit the same tests for my sample spam, specifically: > > Content analysis details: (14.3 points, 4.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 SUB_HELLO Subject starts with "Hello" > 4.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious > hostname (IP addr > 1) > 3.5 BAYES_99 BODY: Bayesian spam probability > is 99 to 100% > [score: 0.9937] > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [24.125.102.162 listed in dnsbl.sorbs.net] > 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in > bl.spamcop.net > [Blocked - see > <http://www.spamcop.net/bl.shtml?24.125.102.162>] > 3.1 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL > [24.125.102.162 listed in > sbl-xbl.spamhaus.org] > 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did > non-local SMTP > [24.125.102.162 listed in > combined.njabl.org] > > Again, rating this mail actually received when it passed thru > my system was > -1.6. > > These are the entries in /etc/rc.local that start smtp-vilter > and spamd: > > # start smtp-vilter > > if [ X"${smtp_vilter}" != X"NO" -a \ > -x /usr/local/sbin/smtp-vilter ]; then > echo -n ' smtp-vilter' > /usr/local/sbin/smtp-vilter > fi > > # Start Spamassassin daemon > /usr/local/bin/spamd -u _vilter -d -D -s mail -x && echo -e "spamd > started..." > > ...and here is where it is called in my sendmail .mc file: > > INPUT_MAIL_FILTER(`smtp-vilter', > `S=unix:/var/smtp-vilter/smtp-vilter.sock, > F=T, T=S:10m;R:10m;E:10m')dnl > > Starting spamd in debug mode, I see this message: > > debug: Score set 0 chosen. > > Doesn't that mean network tests are not being run? But as > you can see, I am > NOT starting spamd with a -L. Why would score set 0 be > chosen? Can I force > it to run network tests or choose the score set manually? >
Ok, so according to the logs it seems that just about every spam message is hitting the ALL_TRUSTED rule. Maybe this is my problem. I understand that indicates a broken trust path, as told here: http://wiki.apache.org/spamassassin/TrustPath But why is my trust broken? My local.cf contains the lines: clear_internal_networks clear_trusted_networks internal_networks x.x.x.x trusted_networks x.x.x.x Where x.x.x.x is the address of my mail server running SA. All other mail (basically all mail period) should be external, untrusted. So how can spam be hitting the ALL_TRUSTED rule?
