[Mimedefang] spam score different from when scanning via mimedefang
info at bsolution.net
info at bsolution.net
Thu Oct 16 11:26:22 EDT 2014
Hello guys,
i am desperate. this question has been asked many times - yet the
resolution does not apply to me because most cases mimedefang runs a
different user. I also Searched many places, read a lot of docs and
posts - still can't solve the mystrey.
i have a relatively straight forward setup
Sendmail->MimeDefang->CLAM+SPAM->Cyrus.
Mimedefang/Clam/Spam - all running as user "spam"
spam 22277 0.0 7.2 381188 292124 ? Ssl Oct15 0:33
/usr/local/sbin/clamd
spam 9547 0.0 0.0 8340 740 ? S 11:12 0:00
/usr/local/bin/mimedefang-multiplexor -p
/var/spool/MIMEDefang/mimedefang-multiplexor.pid -S mail -m 2 -x 10 -U
spam -b 600 -N /var/imap/socket/smmapd -l -t /var/log/mimedefang/stats
-s /var/spool/MIMEDefang/mimedefang-multiplexor.sock
spam 9549 1.5 2.0 182468 83556 ? S 11:12 0:03
/usr/bin/perl /usr/local/bin/mimedefang.pl -server
spam 9581 0.0 0.0 18728 836 ? Sl 11:12 0:00
/usr/local/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m
/var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U spam -S mail
-s -t -q -p /var/spool/MIMEDefang/mimedefang.sock
spam 9591 0.1 0.7 86040 32136 ? S 11:12 0:00
/usr/bin/perl /usr/local/bin/mimedefang.pl -server
spam 8918 0.0 0.0 87412 1776 ? Ssl Aug19 0:08
/usr/bin/dk-filter -l -p inet:8891 at localhost -c simple -d
bsolution.net,newcitymedia.net -s /etc/mail/domainkeys/mail.key.pem -S
mail -u spam -m msa mail mta MTA-SSL -h -H
root 15317 0.0 1.7 244704 72664 ? Ss Oct13 0:29
/usr/local/bin/spamd -d -c -m5 -H -u spam -r /var/run/spamd.pid
spam 15320 0.0 2.0 257316 84728 ? S Oct13 0:43 spamd
child
spam 15321 0.0 1.7 244704 69700 ? S Oct13 0:00 spamd
child
I get email in my mailbox that has headers with following:
X-Spam-Score: 2.328 (**)
AWL,BAYES_50,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED
X-Scanned-By: MIMEDefang 2.75
However when i run same email in the eml format while being as a user
spam on the server through spamassassin - i get a correct recognition of
a spam.
[spam at newcitymedia ~]$ spamassassin -x -p /etc/mail/sa-mimedefang.cf -D
< ./test.eml
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
newcitymedia.net
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.5 required=3.0 tests=AWL,BAYES_99,BAYES_999,
HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,
RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,TVD_RCVD_SPACE_BRACKET,
T_KAM_HTML_FONT_INVALID,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no
autolearn_force=no version=3.4.0
Obviously i am missing something.
my sa-mimedefang.cf look like this
required_score 3.0
use_bayes 1
bayes_learn_to_journal 1
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_
tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
ok_locales all
ok_languages all
header KH_FORGED_RECEIVED Received =~ /forged/i
score KH_FORGED_RECEIVED 10.0
describe KH_FORGED_RECEIVED This is a rule to catch ip that is forged
use_dcc 1
dcc_timeout 15
dcc_path /usr/local/bin/dccproc
skip_rbl_checks 0
thank you all!
More information about the MIMEDefang
mailing list