On 1/18/2011 11:12 AM, J4 wrote: > > > Right - I've moved the SA scanning to the front of postfix, and it > scans accordingly and adds headers. > > What is odd, is that :- > It seems that the AWL white-lists the email addresses that were > black-listed. Additionally, the shortcircuit should have classes > these as blacklisted addresses. > > Tue Jan 18 17:07:18 2011 [28825] info: spamd: clean message (-0.1/6.0) > for nobody:5002 in 0.9 seconds, 2231 bytes. > Tue Jan 18 17:07:18 2011 [28825] info: spamd: result: . 0 - > AWL,HTML_MESSAGE,SPF_HELO_PASS > scantime=0.9,size=2231,user=nobody,uid=5002,required_score=6.0,rhost=localhost,raddr=127.0.0.1,rport=51653,mid=<4d35babb.8020...@abc.com>,autolearn=ham,shortcircuit=no > > The mysql spamassassin.userpref table has the entry in it: > | username | preference | > value > > | prefid | > | t...@test.info | blacklist_from | > a...@abc.com > > | 19 | > +----------------------------+--------------------------------+------------------------------------------------------------------------------------------------------+--------+ > > Here is the entry it added to the awl table: > select * from awl; > +-------------------------+------------------------+-------+-------+----------+ > | username | email | ip | count | > totscore | > +-------------------------+------------------------+-------+-------+----------+ > | si...@simonloewen.info | a...@abc.com | 62.58 | 1 | -0.7 | > | nobody | b...@blah.com | 62.58 | 7 | -0.7 | > +-------------------------+------------------------+-------+-------+----------+ > > My testing was based on rejecting spam using a blacklist, and now this > test method has been circumvented :D Brought a smile to my face. I > could simply disable AWL for testing purposes... > > Q) I would like to understand why a blacklisted address in the > userpref table is overridden. Does anyone know?
AWL is a score averager. It takes the SA score and adjusts it toward the average for that sender. Some people don't like the way it works, but I've found that it usually does not cause problems unless the database has been corrupted by spams being scored and hams or visa-versa. You did not give enough information for us to determine why the blacklist was not applied. The two most likely answers are: 1) You did not restart SA after adding the blacklist entry (this may not apply since you are using mysql) 2) The email did not match the blacklist for some reason. We would need to see the whole email to determine why. -- Bowie
