[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Going from procmail based SA to spamass-milter produces more spam
From: |
Ken Long |
Subject: |
Re: Going from procmail based SA to spamass-milter produces more spam |
Date: |
Mon, 30 Oct 2006 15:23:31 -0500 |
On Mon, 2006-10-30 at 13:01 -0700, John E Hein wrote:
> Ken Long wrote at 12:58 -0500 on Oct 30, 2006:
> Three...
>
> "erratic results" doesn't tell me much.
Erratic means some messages seemed to tag out the same and some did not.
As I mentioned, I tried setting up a double check by passing the mail
that makes it through sa-milter into procmail and here is an example
e-mail.
spamass-milter provided these results:
Oct 30 13:33:57 mailbuoy spamd[22619]: clean message (3.3/5.0) for
klong:0 in 4.4 seconds, 6936 bytes.
Oct 30 13:33:57 mailbuoy spamd[22619]: result: . 3 -
HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,URIBL_WS_S
URBL
scantime=4.4,size=6936,mid=<address@hidden>,autolearn=no
It then went on to my .procmailrc where it was run against spamc and
came up with these results:
Oct 30 13:34:01 mailbuoy spamd[22920]: identified spam (5.2/5.0) for
klong:0 in 3.2 seconds, 7101 bytes.
Oct 30 13:34:01 mailbuoy spamd[22920]: result: Y 5 -
HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_NJ
ABL_SPAM,SPF_HELO_PASS,SPF_PASS,URIBL_WS_SURBL
scantime=3.2,size=7101,mid=<address@hidden>,autolearn=no
Same message. Same SA configuration on same machine using same bayes
and same preferences. Different results.
Saving the message and running it with spamassassin -t gives me this:
Content analysis details: (5.2 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 HTML_FONT_BIG BODY: HTML tag for a big font size
0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above
50%
[cf: 100]
0.0 HTML_NONELEMENT_00_10 BODY: 0% to 10% of HTML elements are
non-standard
1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
1.8 RCVD_IN_NJABL_SPAM RBL: NJABL: sender is confirmed spam source
[65.175.106.73 listed in combined.njabl.org]
1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
[URIs: supercenterpromotions.com]
That matches what spamc got through procmail. So, being called through
the milter definitely changes the results - but why?
> Try using -d for spamass-milter.
I'll give that a try and see if I can see anything.
Thanks
-Ken