I'm relatively new to Postfix, SpamAssassin and what not, so this might be a
silly question. I'm on SpamAssassin 3.3.1 on Debian Linux with Postfix. I've
inherited this configuration from a previous administrator and am still trying
to understand it.
To summarize up front, the two issues I need to resolve are: 1. Both Postfix
and Procmail are running SA against each message. I know this needs to be one
or the other. 2. Postfix and Procmail are coming up with very different
results for the same message, both through /usr/bin/spamc.
The previous administrator had configured SA to run BOTH as content_filter for
Postfix AND in Procmail. In /etc/postfix/master.cf, we have:
# ---- MASTER.CF ---
smtp inet n - - - - smtpd
-o content_filter=spamassassin
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
# ---- MASTER.CF ---
And in /etc/procmailrc, we have:
#------ PROCMAIL CONFIG BLOCK -----
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc -u $LOGNAME
#------ PROCMAIL CONFIG BLOCK -----
Along with the usual rules for trashing spam.
This is causing some weirdness, which we would expect. I'm seeing messages
that have two radically different scores. For instance the header might show:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.cscape.net.
X-Spam-Level: ***
X-Spam-Status: No, score=3.9 required=6.0 tests=HTML_IMAGE_ONLY_20,
HTML_IMAGE_RATIO_02,HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,NO_RELAYS,
SARE_MILLIONSOF,TO_NO_BRKTS_NOTLIST,URIBL_BLACK autolearn=no version=3.3
.1
But the BODY shows:
Content analysis details: (10.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[217.23.11.97 listed in bb.barracudacentral.org]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: only-3d.com]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.3 SARE_MILLIONSOF BODY: Millions of something.
1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.4 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.1 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
3.5 TO_NO_BRKTS_DIRECT To: misformatted and direct-to-MX
0.0 TO_NO_BRKTS_NOTLIST To: misformatted and not a mailing list
A 6.7 point score discrepancy between the two. This results in mail tagged as
SPAM in the subject line (SA local.cf) making it to the user's inbox, because
the second process/higher scoring is not modifying the message headers.
Obviously the higher score is correct. Any suggestions on how I might track
down why the scores are different, whether to use the Procmail or Postfix
master.cf methods exclusively, etc?
J
