[Mimedefang] spam score different from when scanning via mimedefang

info at bsolution.net info at bsolution.net
Thu Oct 16 11:26:22 EDT 2014


Hello guys,
i am desperate. this question has been asked many times - yet the 
resolution does not apply to me because most cases mimedefang runs a 
different user.  I also Searched many places, read a lot of docs and 
posts - still can't solve the mystrey.

i have a relatively straight forward setup
Sendmail->MimeDefang->CLAM+SPAM->Cyrus.

Mimedefang/Clam/Spam - all running as user "spam"


spam     22277  0.0  7.2 381188 292124 ?       Ssl  Oct15   0:33 
/usr/local/sbin/clamd
spam      9547  0.0  0.0   8340   740 ?        S    11:12   0:00 
/usr/local/bin/mimedefang-multiplexor -p 
/var/spool/MIMEDefang/mimedefang-multiplexor.pid -S mail -m 2 -x 10 -U 
spam -b 600 -N /var/imap/socket/smmapd -l -t /var/log/mimedefang/stats 
-s /var/spool/MIMEDefang/mimedefang-multiplexor.sock
spam      9549  1.5  2.0 182468 83556 ?        S    11:12   0:03 
/usr/bin/perl /usr/local/bin/mimedefang.pl -server
spam      9581  0.0  0.0  18728   836 ?        Sl   11:12   0:00 
/usr/local/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m 
/var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U spam -S mail 
-s -t -q -p /var/spool/MIMEDefang/mimedefang.sock
spam      9591  0.1  0.7  86040 32136 ?        S    11:12   0:00 
/usr/bin/perl /usr/local/bin/mimedefang.pl -server

spam      8918  0.0  0.0  87412  1776 ?        Ssl  Aug19   0:08 
/usr/bin/dk-filter -l -p inet:8891 at localhost -c simple -d 
bsolution.net,newcitymedia.net -s /etc/mail/domainkeys/mail.key.pem -S 
mail -u spam -m msa mail mta MTA-SSL -h -H
root     15317  0.0  1.7 244704 72664 ?        Ss   Oct13   0:29 
/usr/local/bin/spamd -d -c -m5 -H -u spam -r /var/run/spamd.pid
spam     15320  0.0  2.0 257316 84728 ?        S    Oct13   0:43 spamd 
child
spam     15321  0.0  1.7 244704 69700 ?        S    Oct13   0:00 spamd 
child


I get email in my mailbox that has headers with following:

X-Spam-Score: 2.328 (**) 
AWL,BAYES_50,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED
X-Scanned-By: MIMEDefang 2.75


However when i run same email in the eml format while being as a user 
spam on the server through spamassassin - i get a correct recognition of 
a spam.

[spam at newcitymedia ~]$ spamassassin -x -p /etc/mail/sa-mimedefang.cf -D 
< ./test.eml

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on 
newcitymedia.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.5 required=3.0 tests=AWL,BAYES_99,BAYES_999,
HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,
RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,TVD_RCVD_SPACE_BRACKET,
T_KAM_HTML_FONT_INVALID,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no
autolearn_force=no version=3.4.0

Obviously i am missing something.

my sa-mimedefang.cf look like this

required_score 3.0
use_bayes 1
bayes_learn_to_journal 1
add_header all  Status _YESNO_, score=_SCORE_ required=_REQD_ 
tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
ok_locales all
ok_languages all
header KH_FORGED_RECEIVED Received =~ /forged/i
score KH_FORGED_RECEIVED 10.0
describe KH_FORGED_RECEIVED This is a rule to catch ip that is forged
use_dcc 1
dcc_timeout 15
dcc_path /usr/local/bin/dccproc
skip_rbl_checks 0

thank you all!



More information about the MIMEDefang mailing list