spamass-milt-list
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Going from procmail based SA to spamass-milter produces more spam

From: Ken Long
Subject: Re: Going from procmail based SA to spamass-milter produces more spam
Date: Mon, 30 Oct 2006 15:23:31 -0500 
On Mon, 2006-10-30 at 13:01 -0700, John E Hein wrote:
> Ken Long wrote at 12:58 -0500 on Oct 30, 2006:
> Three...
> 
> "erratic results" doesn't tell me much.

Erratic means some messages seemed to tag out the same and some did not.

As I mentioned, I tried setting up a double check by passing the mail
that makes it through sa-milter into procmail and here is an example
e-mail.

spamass-milter provided these results:

Oct 30 13:33:57 mailbuoy spamd[22619]: clean message (3.3/5.0) for
klong:0 in 4.4 seconds, 6936 bytes. 
Oct 30 13:33:57 mailbuoy spamd[22619]: result: .  3 -
HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,URIBL_WS_S
URBL
scantime=4.4,size=6936,mid=<address@hidden>,autolearn=no 

It then went on to my .procmailrc where it was run against spamc and
came up with these results:

Oct 30 13:34:01 mailbuoy spamd[22920]: identified spam (5.2/5.0) for
klong:0 in 3.2 seconds, 7101 bytes. 
Oct 30 13:34:01 mailbuoy spamd[22920]: result: Y  5 -
HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_NJ
ABL_SPAM,SPF_HELO_PASS,SPF_PASS,URIBL_WS_SURBL
scantime=3.2,size=7101,mid=<address@hidden>,autolearn=no 

Same message.  Same SA configuration on same machine using same bayes
and same preferences.  Different results.

Saving the message and running it with spamassassin -t gives me this:

Content analysis details:   (5.2 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.1 HTML_80_90             BODY: Message is 80% to 90% HTML
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_FONT_BIG          BODY: HTML tag for a big font size
 0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
50%
                            [cf: 100]
 0.0 HTML_NONELEMENT_00_10  BODY: 0% to 10% of HTML elements are
non-standard
 1.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 1.8 RCVD_IN_NJABL_SPAM     RBL: NJABL: sender is confirmed spam source
                            [65.175.106.73 listed in combined.njabl.org]
 1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
blocklist
                            [URIs: supercenterpromotions.com]


That matches what spamc got through procmail.  So, being called through
the milter definitely changes the results - but why?

> Try using -d for spamass-milter.

I'll give that a try and see if I can see anything.

Thanks

-Ken
reply via email to
[Prev in Thread] Current Thread [Next in Thread]