Hi,
i'm using Debian stable and spamassassin v3.2.3.
Recently i noticed a few spam mails getting through although the
combined scores should be high enough.
The email is however flagged as not being spam, the score is set to 3.9 but
should actually be way higher.
I also encountered something similar when the result of one of the tests
was "nan", anyway, the score was a string instead of a number and that also
resulted in a spam message getting flagged as no spam.
Here is the header report:
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on loki.x.y
X-Spam-Level:
X-Spam-Status: "No, score=3.9 required=4.0 tests=FORGED_HOTMAIL_RCVD2,
FORGED_MUA_AOL_FROM,FROM_ILLEGAL_CHARS,MIME_BOUND_DD_DIGITS,MISSING_MIMEOLE,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_RELAY,SPF_SOFTFAIL,
SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,UNPARSEABLE_RELAY autolearn=no
version=3.2.3
X-Spam-Report: * 4.2 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 4.0 FROM_ILLEGAL_CHARS Van: bevat te veel 'raw' tekens
* 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
* 1.5 SUBJ_ILLEGAL_CHARS Onderwerp: bevat te veel 'raw' tekens
* 1.1 FORGED_HOTMAIL_RCVD2 hotmail.com 'Van' adres, maar geen 'Received:'
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 1.8 RCVD_IN_NJABL_RELAY RBL: NJABL: verzender is een bevestigde open
* relay
* [58.211.230.39 listed in combined.njabl.org]
* 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Ontvangen via een relay die gevonden is
* in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?58.10.84.108>]
* 1.3 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
* 1.3 FORGED_MUA_AOL_FROM Vals mailtje, pretendeert afkomstig te zijn van
* AOL (middels From)
* 0.0 MISSING_MIMEOLE Bericht heeft een X-MSMail-Priority, maar geen
* X-MimeOLE
I ran the message through spamassassin again with the -D flag and this
is what i got. Notice the nan score now. Maybe it's that score again
that is the reason why counting the scores didn't work?
[32465] dbg: learn: auto-learn: currently using scoreset 3, recomputing score
based on scoreset 1
[32465] dbg: learn: auto-learn: message score: nan, computed score for
autolearn: 18.646
[32465] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=18.646,
head-points=18.646, learned-points=3.5
[32465] dbg: learn: auto-learn? no: scored as ham but autolearn wanted spam
[32465] dbg: check: is spam? score=nan required=4
...
X-Spam-Flag: NO
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on loki.x.y
X-Spam-Level:
X-Spam-Status: "No, score=3.9 required=4.0 tests=BAYES_99,
DNS_FROM_SECURITYSAGE,FORGED_HOTMAIL_RCVD2,FORGED_MUA_AOL_FROM,
FROM_ILLEGAL_CHARS,MIME_BOUND_DD_DIGITS,MISSING_MIMEOLE,RCVD_IN_NJABL_RELAY,
SPF_SOFTFAIL,SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,UNPARSEABLE_RELAY
autolearn=no version=3.2.3
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesiaanse kans op spam is 99 tot 100%
* [score: 1.0000]
* 1.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* nan FROM_ILLEGAL_CHARS Van: bevat te veel 'raw' tekens
* 0.6 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
* 1.6 SUBJ_ILLEGAL_CHARS Onderwerp: bevat te veel 'raw' tekens
* 1.5 FORGED_HOTMAIL_RCVD2 hotmail.com 'Van' adres, maar geen 'Received:'
* 1.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
* 2.7 RCVD_IN_NJABL_RELAY RBL: NJABL: verzender is een bevestigde open
* relay
* [58.211.230.39 listed in combined.njabl.org]
* 2.5 DNS_FROM_SECURITYSAGE RBL: Envelope sender in
* blackholes.securitysage.com
* 0.5 SUBJECT_NEEDS_ENCODING SUBJECT_NEEDS_ENCODING
* 3.3 FORGED_MUA_AOL_FROM Vals mailtje, pretendeert afkomstig te zijn van
* AOL (middels From)
* 1.0 MISSING_MIMEOLE Bericht heeft een X-MSMail-Priority, maar geen
* X-MimeOLE
Why is the score only at 3.9 and thus not flagged as spam?
Thanks,
Benedict
