[Mimedefang] One message missed SpamAssassin rating (Weird)

John john at jjgb.com
Fri Aug 8 11:32:01 EDT 2003 

Hi,

I have been using MD & SA with ClamAV for about 5 months with great success 
(Thanks Much, David).  Enough that I have convinced my company (I work for 
an ISP) to implement it on our mailservers.  My small server (personal - 
with a few customers) handles about 500 pieces of mail a day.  I have had 
no issues until a message slipped by somewhere in the system day before 
yesterday.  I found it in my wife's mailbox late last night and started 
looking at it this AM.

No matter how I feed it to SpamAssassin in the test mode, it scores 
19+.  However, when it was delivered to my mailserver, is zipped right 
through unmolested other than adding the standard scanned by MD & ClamAV 
X-Headers.  Message size shown in the logs was ~5K and I have SA set to 
scan up to 100K.  I have my MDConfig file set up to reject at 5 on certain 
recipients, 8 on a few, and just mark up the rest to pass through.  This 
has been infallible since day 1.

One email slipping by is certainly not an issue of great concern out of 
hundreds of rejects & correct scoring.  However, it has become a curiosity 
and I could see how that might happen if it was a borderline call at 
4.9-5.1, but 19+ is a bit off borderline.

I have very few whitelisted addresses (and this one certainly wasn't one of 
them), and none in MD.  I figure if I whitelist in SA and the To: & From: 
headers are not correct or missing, then it needs to be scanned anyway 
<G>  Again, this portion functions correctly.

At the time of delivery, during the one minute period occurred, it was the 
only delivery in progress, so nothing should have been busy.

My question #1 is: Has anyone had this occur to them?  And if so, were you 
curious enough to attempt to see what happened and figure out how it got by?

#2 is, if I post all info i.e. MDCfg, features, mail log showing time etc., 
the message and anything else pertinent, would someone wish to assist in 
figuring out this one anomaly, our would I be best off just forgetting it?

Thanks in advance for any advice...

John Jaeger - Billings, Montana

EMail To	: <mailto:john at jjgb.com>
Home Page	: <http://www.jjgb.com>

PGP:
RSA Key ID: 0xAAEC7751  <http://www.jjgb.com/public_files/RSA_Key.zip>

"Our liberty is protected by four boxes...
     The ballot box, the jury box, the soap box, and the cartridge box."
                                    - Anonymous

More information about the MIMEDefang mailing list