Stefan, > I received a Spam message with these headers and all relays are recognized > as trusted, which is wrong: > > X-Spam-Status: No, score=0.272 tagged_above=-999 required=5 > tests=[ALL_TRUSTED=-1.8, BAYES_00=-2.599, DCC_CHECK=2.17, > DIGEST_MULTIPLE=0.001, RAZOR2_CF_RANGE_51_100=0.5, > RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5] > Received: from charybdis.rus.uni-stuttgart.de ([127.0.0.1]) > by localhost (charybdis.rus.uni-stuttgart.de [127.0.0.1]) (amavisd-new, > port 10024) > with LMTP id ADlVFCPYapqG; Mon, 30 Mar 2009 12:51:11 +0200 (CEST) > Received: from 237-176-244-87.sat.poltava.ua (unknown [87.244.176.237]) > by charybdis.rus.uni-stuttgart.de (Postfix) with ESMTP id 33141381E32; > Mon, 30 Mar 2009 12:51:10 +0200 (CEST) > Received: from [87.244.176.237] by mx0.qq.com; Mon, 30 Mar 2009 12:51:11 > +0200 From: "Stan Pate" <teg...@qq.com> > > But if I rerun the message through spamassassin it will not be trusted: > # sudo -H -u vscan spamassassin -D -t < spammail.mbox > > [1762] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns= > helo=charybdis.rus.uni-stuttgart.de by=localhost ident= envfrom= intl=1 > id=ADlVFCPYapqG auth= msa=0 ] > [1762] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=87.244.176.237 rdns= > helo=237-176-244-87.sat.poltava.ua by=charybdis.rus.uni-stuttgart.de ident= > envfrom= intl=0 id=33141381E32 auth= msa=0 ] [ ip=87.244.176.237 rdns= > helo=! 87.244.176.237! by=mx0.qq.com ident= envfrom= intl=0 id= auth= msa=0 > ]
> [1762] dbg: check: > tests=BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,FH_HELO_EQ_D_D_D_D,HELO_DYNAMIC_IP >ADDR2,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100 > ,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,RDNS_NONE,SA2DNSBLC,SUBJEC >T_NEEDS_ENCODING ... > > Does someone know why amavisd/spamassassin has recognized this message as > ALL_TRUSTED? Don't know, it should be the same. Except for the topmost Received which is added by amavisd after checking, SpamAssassin should see the same message as it eventually passes, assuming that in both cases the same SA config files and rules are used. My first guess is that it is not the same message or that you used different rules or cf files. For example the SUBJECT_NEEDS_ENCODING hit is also missing, yet it should clearly be there regardless of Received/trusted. To receive SpamAssassin debugging info on metadata only, try running amavisd for a while as: amavisd -d noall,metadata The 'SA dbg:' lines appear at log level 3 or above. Mark ------------------------------------------------------------------------------ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
