[Mimedefang] spam score different from when scanning via mimedefang
Kevin A. McGrail
KMcGrail at PCCC.com
Thu Oct 16 12:13:00 EDT 2014
On 10/16/2014 11:26 AM, info at bsolution.net wrote:
> Hello guys,
> i am desperate. this question has been asked many times - yet the
> resolution does not apply to me because most cases mimedefang runs a
> different user. I also Searched many places, read a lot of docs and
> posts - still can't solve the mystrey.
>
> i have a relatively straight forward setup
> Sendmail->MimeDefang->CLAM+SPAM->Cyrus.
> I get email in my mailbox that has headers with following:
>
> X-Spam-Score: 2.328 (**)
> AWL,BAYES_50,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED
> X-Scanned-By: MIMEDefang 2.75
>
>
> However when i run same email in the eml format while being as a user
> spam on the server through spamassassin - i get a correct recognition
> of a spam.
>
> [spam at newcitymedia ~]$ spamassassin -x -p /etc/mail/sa-mimedefang.cf
> -D < ./test.eml
>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
> newcitymedia.net
> X-Spam-Flag: YES
> X-Spam-Level: ******
> X-Spam-Status: Yes, score=6.5 required=3.0 tests=AWL,BAYES_99,BAYES_999,
> HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,
> RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,TVD_RCVD_SPACE_BRACKET,
> T_KAM_HTML_FONT_INVALID,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no
> autolearn_force=no version=3.4.0
I don't know that you are missing anything. I'm assuming time has
elapsed between these two tests because you are showing different Bayes
scores, different RBL hits, etc. which would indicate that the RBLs
reactively added information after you received the email.
However, overall, I think I would focus on a few things to improve your
installation and not focus on the MD vs CLI differences as I think
that's a red-herring. Someone else might notice something I'm not, though.
1 - URIBL_BLOCKED means your DNS queries are being blocked. See
https://wiki.apache.org/spamassassin/DnsBlocklists under the first Q&A.
Short answer, install a caching local nameserver fixes this issue for
most installations
2 - Your required score of 3.0 is very aggressively low. We suggest 5
and I often use 5.0 to 6.5 for more real world usage.
3 - Consider adding KAM.cf
4 - Switch AWL to TxRep
regards,
KAM
More information about the MIMEDefang
mailing list