[Mimedefang] One message missed SpamAssassin rating (Weird)

Keith Dowell keith at rogersmfg.com
Fri Aug 8 13:16:01 EDT 2003 

i actually had a problem like this with sa set to 4.5 that some were
slipping through and not being marked

what i wound up doing was hard coding to 4 in md as well as sa configs and
now it seems to work fine - some messages in the spam drop do not have my
"POSSIBLE SPAM!!!" header but with md hard coded they are still sent to the
maildrop

----- Original Message -----
From: "John" <john at jjgb.com>
To: "mimedefang-lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Sent: Friday, August 08, 2003 10:31 AM
Subject: [Mimedefang] One message missed SpamAssassin rating (Weird)


> Hi,
>
> I have been using MD & SA with ClamAV for about 5 months with great
success
> (Thanks Much, David).  Enough that I have convinced my company (I work for
> an ISP) to implement it on our mailservers.  My small server (personal -
> with a few customers) handles about 500 pieces of mail a day.  I have had
> no issues until a message slipped by somewhere in the system day before
> yesterday.  I found it in my wife's mailbox late last night and started
> looking at it this AM.
>
> No matter how I feed it to SpamAssassin in the test mode, it scores
> 19+.  However, when it was delivered to my mailserver, is zipped right
> through unmolested other than adding the standard scanned by MD & ClamAV
> X-Headers.  Message size shown in the logs was ~5K and I have SA set to
> scan up to 100K.  I have my MDConfig file set up to reject at 5 on certain
> recipients, 8 on a few, and just mark up the rest to pass through.  This
> has been infallible since day 1.
>
> One email slipping by is certainly not an issue of great concern out of
> hundreds of rejects & correct scoring.  However, it has become a curiosity
> and I could see how that might happen if it was a borderline call at
> 4.9-5.1, but 19+ is a bit off borderline.
>
> I have very few whitelisted addresses (and this one certainly wasn't one
of
> them), and none in MD.  I figure if I whitelist in SA and the To: & From:
> headers are not correct or missing, then it needs to be scanned anyway
> <G>  Again, this portion functions correctly.
>
> At the time of delivery, during the one minute period occurred, it was the
> only delivery in progress, so nothing should have been busy.
>
> My question #1 is: Has anyone had this occur to them?  And if so, were you
> curious enough to attempt to see what happened and figure out how it got
by?
>
> #2 is, if I post all info i.e. MDCfg, features, mail log showing time
etc.,
> the message and anything else pertinent, would someone wish to assist in
> figuring out this one anomaly, our would I be best off just forgetting it?
>
> Thanks in advance for any advice...
>
> John Jaeger - Billings, Montana
>
> EMail To : <mailto:john at jjgb.com>
> Home Page : <http://www.jjgb.com>
>
> PGP:
> RSA Key ID: 0xAAEC7751  <http://www.jjgb.com/public_files/RSA_Key.zip>
>
> "Our liberty is protected by four boxes...
>      The ballot box, the jury box, the soap box, and the cartridge box."
>                                     - Anonymous
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list