[Mimedefang] spam score different from when scanning via mimedefang

Kevin A. McGrail KMcGrail at PCCC.com
Thu Oct 16 12:13:00 EDT 2014


On 10/16/2014 11:26 AM, info at bsolution.net wrote:
> Hello guys,
> i am desperate. this question has been asked many times - yet the 
> resolution does not apply to me because most cases mimedefang runs a 
> different user.  I also Searched many places, read a lot of docs and 
> posts - still can't solve the mystrey.
>
> i have a relatively straight forward setup
> Sendmail->MimeDefang->CLAM+SPAM->Cyrus.

> I get email in my mailbox that has headers with following:
>
> X-Spam-Score: 2.328 (**) 
> AWL,BAYES_50,HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_BRBL_LASTEXT,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED
> X-Scanned-By: MIMEDefang 2.75
>
>
> However when i run same email in the eml format while being as a user 
> spam on the server through spamassassin - i get a correct recognition 
> of a spam.
>
> [spam at newcitymedia ~]$ spamassassin -x -p /etc/mail/sa-mimedefang.cf 
> -D < ./test.eml
>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on 
> newcitymedia.net
> X-Spam-Flag: YES
> X-Spam-Level: ******
> X-Spam-Status: Yes, score=6.5 required=3.0 tests=AWL,BAYES_99,BAYES_999,
> HTML_IMAGE_RATIO_06,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,
> RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,TVD_RCVD_SPACE_BRACKET,
> T_KAM_HTML_FONT_INVALID,UNPARSEABLE_RELAY,URIBL_BLOCKED autolearn=no
> autolearn_force=no version=3.4.0 

I don't know that you are missing anything. I'm assuming time has 
elapsed between these two tests because you are showing different Bayes 
scores, different RBL hits, etc. which would indicate that the RBLs 
reactively added information after you received the email.

However, overall, I think I would focus on a few things to improve your 
installation and not focus on the MD vs CLI differences as I think 
that's a red-herring.  Someone else might notice something I'm not, though.

1 - URIBL_BLOCKED means your DNS queries are being blocked.  See 
https://wiki.apache.org/spamassassin/DnsBlocklists under the first Q&A.  
Short answer, install a caching local nameserver fixes this issue for 
most installations

2 - Your required score of 3.0 is very aggressively low.  We suggest 5 
and I often use 5.0 to 6.5 for more real world usage.

3 - Consider adding KAM.cf

4 - Switch AWL to TxRep

regards,
KAM



More information about the MIMEDefang mailing list