Charles Gregory wrote:
On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
This sounds to me like you are 'resending' the mail from a local
address to your mail server, rather than 'feeding' the original mail
back into spamassassin. If this is the case, then you would naturally
produce a new set of headers, and there would be no external relays,
thus triggering the NO_RELAYS rule....
Hmmm, this mail came in and went straight to the users inbox. 1.
Postfix ---> 2. Amavis ( Spamd/Clamd) ---> 3. Postfix ---> 4.
Dovecot-deliver
So the problem is somewhere during the 2 --- > 3 or step 3 or 4. Step 4
it is unlikely since Deliver simply send the file to a directory location.
Original rules hit.
X-Spam-Status: No, score=-0.394 tagged_above=-9999
required=5tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001,
RCVD_IN_SORBS_WEB=0.619,URG_BIZ=1.585]
Right there, we see 'RCVD_IN_SORBS'. This would not happen even if
your own server was blacklisted with SORBS. There *was* a Received
header for a relay, and somehow you have 'removed' it, either via a
filtering mechanism outside SA, or by 'resending' or 'forwarding' the
mail.
After running spamassassin -D
If this is what you used, then the forwarding and header rewriting
must have occurred prior to this. Did someone 'forward' the spam to
you as a complaint? Users often fail to properly forward with full
headers enclosed.
- C
No, I run a script on the mail server manually that simply moves the
files. Then I check with spamassassin.