[Mimedefang] Intermittent case of SA not groking correct configuration?

Jason Gurtz jason at jasongurtz.com
Mon Aug 30 12:02:56 EDT 2004 

This intermittent problem is manifested by spam that comes through
without the Subject: header being rewritten and tagged with
******SPAM******.  The other symptom is the X-Spam-Status: header which
doesn't seem right, especially given the X-Spam-Score: header content
:)  I've included an example inline below.

I guess, really, I'm a little unsure if this is a MD or SA issue, though
I'm leaning towards MD because I'm using it to run SA.  Other than
blacklist_from and whitelist_from entries this is what's in
/etc/mail/spamassassin:

required_hits       4.0
auto_learn          1
use_bayes           1
bayes_path          /root/.spamassassin
bayes_file_mode     0644
ok_locales      en
rewrite_subject 1
defang_mime 0
skip_rbl_checks 0

header    SUBJ_MONSTER_RESUME  Subject =~ /.*Monster\sResume.*/
describe  SUBJ_MONSTER_RESUME  Subject: contains phrase /Monster Resume/
score     SUBJ_MONSTER_RESUME  -5.0

My hunch is that somehow there is another config file being read in
somewhere (but where?)  What really gets me though is why it sometimes
acts properly and sometimes not.

The headers of Spam mail that is properly tagged is first, followed by
one that isn't properly tagged (Interesting that there's no
X-Scanned-By: header in the correct spam):

>From minfo at realbigbonez.net  Wed Aug 25 10:15:43 2004
Received: from localhost by ophiopogon.tommyk.com
    with SpamAssassin (2.63 2004-01-11);
    Wed, 25 Aug 2004 10:15:45 -0400
From: "CureMySnore" <minfo at realbigbonez.net>
To: jason at tommyk.com
Subject: *****SPAM***** Stop Snoring! Sleep Better!
Date: Wed, 25 Aug 2004 07:15:35 -0700 (PDT)
Message-Id: <1093443335.2128.15364337 at realbigbonez.net>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
    ophiopogon.tommyk.com
X-Spam-Status: Yes, hits=7.3 required=4.0 tests=BANG_GUARANTEE,CLICK_BELOW,
    HTML_60_70,HTML_MESSAGE,HTML_TAG_EXISTS_TBODY,MANY_EXCLAMATIONS,
    MIME_QP_NO_CHARSET,OFFERS_ETC,STOP_SNORING autolearn=no version=2.63
X-Spam-Level: *******
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_412C9F11.E8D5487D"
Status: RO
X-Status:
X-Keywords:
X-UID: 83


[Non Tagged Spam mail  (lines rewrapped for brevity)]
>From Hilda.W at dividedwefall.us  Sat Aug 28 19:34:48 2004
X-UIDL: 6KU!!L66"!kB6!!1]'"!
Return-Path: <Hilda.W at dividedwefall.us>
Received: from d66-183-76-121.bchsia.telus.net
(d66-183-76-121.bchsia.telus.net [66.183.76.121])
    by ophiopogon.tommyk.com (8.12.6/8.12.6) with SMTP id i7SNYhh8032272
    for <jason at tommyk.com>; Sat, 28 Aug 2004 19:34:44 -0400
Message-ID: <GWE.twk_Jason_204.60.70.245 at dividedwefall.us>
To: "Jason" <jason at tommyk.com>
From: "Tanisha Richmond" <Hilda.W at dividedwefall.us>
Reply-To: "Tanisha Richmond" <Hilda.W at dividedwefall.us>
Subject: Re: Singles Search annals
Date: Sat, 28 Aug 2004 16:35:10 -0800
X-Mailer: Eudora for Mac OS X
X-Sender: Velma%dividedwefall.us at mailin-02.dividedwefall.us
X-Loop: Hilda.W at dividedwefall.us
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1093736088-22598-710"
X-Priority: 3 (Normal)
X-Spam-Score: 10.33 (**********)
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
NORMAL_HTTP_TO_IP,OB_URI_RBL,SPAMCOP_URI_RBL,WS_URI_RBL
X-Scanned-By: MIMEDefang 2.35
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
    ophiopogon.tommyk.com
X-Spam-Status: No, hits=0.6 required=4.0
tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP
    autolearn=no version=2.63
X-Spam-Level:
Status: RO


<snipped spam>

[Attached report]
------------=_1093736088-22598-710
Content-Type: text/plain; name="SpamAssassinReport.txt"
Content-Disposition: inline; filename="SpamAssassinReport.txt"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)

<snip>

Content analysis details:   (10.3 points, 3.5 required)

 pts rule name              description
---- ---------------------- --------------------------------------------
 0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.0 SPAMCOP_URI_RBL        URI's domain appears in spamcop database at
                            sc.surbl.org [www.onlythebestbabes.com is
                            blacklisted in URI] [RBL at multi.surbl.org]
 2.1 WS_URI_RBL             URI's domain appears in ws database at
                            ws.surbl.org
                            [206.223.1.105 is blacklisted in URI RBL at]
                            [multi.surbl.org]
 2.1 OB_URI_RBL             URI's domain appears in ws database at
                            ob.surbl.org [www.onlythebestbabes.com is
                            blacklisted in URI] [RBL at multi.surbl.org]
 0.2 NORMAL_HTTP_TO_IP      URI: Uses a dotted-decimal IP address in URL
 1.7 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag
 1.1 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME
                            parts



------------=_1093736088-22598-710--

Any ideas on this much appreciated!  Would it help to post my
sendmail.mc and sendmail init script?

Cheers,

~Jason

--

More information about the MIMEDefang mailing list