Randy Ramsdell wrote:
Randy Ramsdell wrote:
Theo Van Dinter wrote:
On Thu, Dec 13, 2007 at 11:29:21AM -0500, Randy Ramsdell wrote:
I have doing some checking of spam messages that make it through
our mail filtering systems and noticed that the spam score does not
reflect what I get when checking manually.
An example spam report:
X-Spam-Status: No, score=3.068 tagged_above=-9999 required=5
tests=[BAYES_50=0.001, HELO_DYNAMIC_DHCP=3.066, HTML_MESSAGE=0.001]
X-Spam-Score: 3.068
But when using "spamassassin -D -lint < $message" it hits more rules:
[...]
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to
100%
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
0.0 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
That is a big difference!
Any ideas about why this is?
It appears that the first results are a) using a different Bayes DB,
and b) not using network tests (aka: local mode).
This is a log message from our server which shows it checks
sbl-xbl.spamhaus.org and rejects the message. Also it using a
different bayes and I am not sure about that either. Actually I think
I do and will check, but it looks like I need to sort out some things
here.
postfix/smtpd[10855]: NOQUEUE: reject: RCPT from
acd34.internetdsl.tpnet.pl[83.16.55.34]: 554 Service unavailable;
Client host [83.16.55.34] blocked using sbl-xbl.spamhaus.org;
http://www.spamhaus.org/query/bl?ip=83.16.55.34;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
proto=ESMTP helo=<acd34.internetdsl.tpnet.pl>
s
Correction.
1.Obviously the log above was from postfix and not spamassassin and
spamassassin is probably set up for local only! But this leads to an
interesting question. How would postfix "sbl-xbl" checks miss this and
spamassassin not? It does appear as if that is the case.
Postfix is looking at the connecting host. SA is looking in all the
untrusted RCVD lines. Hence the rule name RCVD_IN_