[Mimedefang] mimedefang letting some spams through...why?

Aniruddha Barua zmrif at yahoo.com
Wed Feb 3 08:12:52 EST 2010

> I see your point but I'm struggling to understand why every message is being 
> scanned more than once and what can I do to correct it... 

Many of us told you to check your MDA configuration which we all believe to be "procmail". MTAs like sendmail normally do not save messages directly to user 
mailboxes. They hand over the delivery work to MDAs like procmail. For procmail, there may be system wide configuration in "/etc/procmailrc" file or per user configuration in user home directories (e.g. /home/tony/.procmailrc). Contents of procmailrc file might look like this:


#Forward mail to spamassassin
| /usr/bin/spamc

#Move mail marked as spam to a Spam mailbox
* ^X-Spam-Level: \*\*\*

* ^X-Spam-Status: Yes

If there is such a file, then that is scanning your messages the second time. SA can be called many times at many stages. For example, 1st time sendmail (MTA) calls SA through mimedefang, 2nd time procmail (MDA) calls SA as shown in the configuration above, 3rd time may be by openwebmail (web based MUA http://www.openwebmail.org), if it is installed, automatically when the user logs in or manually if the user wants.Please search your filesystem for procmailrc files as we suggested. You will get your answer.

Now, you might ask why procmail is detecting these messages as SPAM when mimedefang is letting them through. I believe you know how Spamassassin detects SPAMs. So, some of many reasons are:

1. mimedefang's spamassassin database may not yet know about such SPAM patterns - it is yet to learn.
2. mimedefang is not configured to do network tests like razor, pyzor etc. which are also very effective in detecting well known SPAMs. mimedefang can do these tests if configured, read the docs.


More information about the MIMEDefang mailing list