Hi all. I'm running spamassassin 3.3.1 on my openSuse 11.2 box at home. Mail
is collected from multiple ISP mail accounts via fetchmail and delivered to
local IMAP mail folders via procmail. My user account .procmailrc file begins
thus:
LOGFILE=$HOME/pm.log
:0fw: spamassassin.lock
| spamc
:0
* ^Subject.*SPAM\([0-9]{1,3}\.[0-9]\).*
$HOME/Maildir/.Spam//
I'm attempting to filter on the modified subject line (which for some reason
isn't working - that rule never seems to match and spam never gets moved into
the Spam folder, even though I've tested the regex manually). I thought of
filtering on the X-Spam-Status header instead, but when I had a look at a
message that was marked as Spam (according to the subject line) I found
something rather strange...
X-Virus-Flag: no
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
<my.local.mailhost.name.removed>
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=6.5
tests=BAYES_00,IMPOTENCE,NO_RELAYS
autolearn=no version=3.3.1
X-Spam-Virus: No
Received: from localhost by <my.local.mailhost.name.removed>
with SpamAssassin (version 3.3.1);
Mon, 15 Aug 2011 18:58:01 +0930
From: "Adele Key" <spam.address.removed>
To: [email protected]
Subject: ****SPAM(10.1)**** <spam-subject-removed>
Date: Mon, 15 Aug 2011 18:12:48 +0900
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----------=_4E48E6A1.127A41A2"
X-Length: 7330
X-UID: 83487
X-KMail-Filtered: 61220
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:
Spam detection software, running on the system
<my.local.mailhost.name.removed>, has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
postmaster for details.
Content preview: [...]
Content analysis details: (10.1 points, 6.5 required)
pts rule name description
---- ---------------------- ----------------------------------------------
3.8 KB_DATE_CONTAINS_TAB KB_DATE_CONTAINS_TAB
3.0 IMPOTENCE BODY: Impotence cure
-0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20%
[score: 0.1050]
2.0 KB_FAKED_THE_BAT KB_FAKED_THE_BAT
1.2 RDNS_NONE Delivered to internal network by a host with no
rDNS
I don't get it - the content analysis shows a score of 10.1, the modified
subject line shows 10.1, but the X-Spam-Status header shows 1.5! What have I
messed up in my configuration?
My /etc/mail/spamassassin/local.cf looks like this:
# Add your own customisations to this file. See 'man
Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
#
# do not change the subject
# to change the subject, e.g. use
# rewrite_header Subject ****SPAM(_SCORE_)****
rewrite_header subject ****SPAM(_SCORE_)****
# Set the score required before a mail is considered spam.
# required_score 5.00
# uncomment, if you do not want spamassassin to create a new message
# in case of detecting spam
# report_safe 0
# Enhance the uridnsbl_skip_domain list with some usefull entries
# Do not block the web-sites of Novell and SUSE
ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
uridnsbl_skip_domain suse.de opensuse.org suse.com suse.org
uridnsbl_skip_domain novell.com novell.org novell.ru novell.de novell.hu
novell.co.uk
uridnsbl_skip_domain kernel.org
endif # Mail::SpamAssassin::Plugin::URIDNSBL
# Everything above this line is as per the installed openSuSE default
ok_languages en
#The combination of SpamAssassin + The Bat! as mail client can cause false
positives.
#The reason for the high spam rating is the Reply-To header inserted by
mailman,
#which seems to have more quoting than The Bat! can do.
#If you have such problem activate the next two lines
#header IS_MAILMAN exists:X-Mailman-Version
#score IS_MAILMAN -2
required_score 6.5
whitelist_from <multiple mailing daemon addresses>
[...]
use_bayes 1
report_header 1
fold_headers 1
report_safe 2
Thanks in advance.
Rodney.
--
======================================================
Rodney Baker
[email protected]
web: www.jeremiah31-10.net
======================================================
