I think I've figured it out, in short my X-Spam-Status header is in the amavis format, d'oh.
I have a little tweak to the mass-check script to allow for both style of X-Spam-Status headers - I'll raise a bug and a pull for this, but before I do - do we feel this is valid? Should I be producing masscheck reuse scores based on the Amavis headers? How many other people have amavis insert the X-Spam-Status header into the mail they use on the masscheck? The format of the SA and Amavis X-Spam-Status header are similar, just that the Amavis one shows the score along with the rule name - T_FROM_FMBLA_NEWDOM vs T_FROM_FMBLA_NEWDOM=0.001 Thoughts? On Sat, 27 Apr 2019 at 12:47, Paul Stead <paul.st...@gmail.com> wrote: > Hiya, > > I was surprised today to find that the fresh.fmb.la rules I've added > didn't match much on the weekly masscheck on my box.. > > After some investigation I've found some weirdness and I'm not sure if > I've found a bug? > > I ran mass-check manually against one email with debug enabled to try and > figure out what's going on. The rule in question is T_FROM_FMBLA_NEWDOM > > The message in question matched the following tags, this is in place in > the email header : > > X-Spam-Status: No, score=12.486 tagged_above=-999 required=999 > tests=[BAYES_50=0.8, DKIMWL_BL=1.414, DKIM_SIGNED=0.1, > DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FSL_HELO_NON_FQDN_1=0.001, > HTML_FONT_LOW_CONTRAST=0.001, HTML_IMAGE_RATIO_06=0.001, > HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, PYZOR_CHECK=1.392, > RCVD_IN_SBL_CSS=3.335, T_FROM_FMBLA_NEWDOM=-0.01, > URIBL_ABUSE_SURBL=1.25, URIBL_BLACK=1.7, URIBL_CSS=0.1, > URIBL_CSS_A=0.1, URIBL_DBL_SPAM=2.5] autolearn=no > autolearn_force=no > > As you can see this email matched the rule T_FROM_FMBLA_NEWDOM > > With net but without reuse this rule is matched in the output logs from > masscheck - see attached net-spam.log > > With net and reuse the rule isn't matched - see attached net-reuse-spam.log > > Running masscheck in --net --reuse --debug shows that the header is found > during the reuse stage: > > Apr 27 14:21:37.513 [25341] dbg: message: _decode_header x-spam-status: > No, score=12.486 tagged_above=-999 required=999 tests=[BAYES_50=0.8, > DKIMWL_BL=1.414, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, > FSL_HELO_NON_FQDN_1=0.001, HTML_FONT_LOW_CONTRAST=0.001, > HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, > PYZOR_CHECK=1.392, RCVD_IN_SBL_CSS=3.335, T_FROM_FMBLA_NEWDOM=-0.01, > URIBL_ABUSE_SURBL=1.25, URIBL_BLACK=1.7, URIBL_CSS=0.1, URIBL_CSS_A=0.1, > URIBL_DBL_SPAM=2.5] autolearn=no autolearn_force=no > > > I just don't understand why the rule isn't output in the resulting log > when net and reuse are in use. This leads me to think this rule, and > possibly others aren't getting scored properly. > > The domain currently still matches on fresh.fmb.la (rhubarbdnd.world) but > may expire soon - give me a shout offlist for an up to date spample which > matches the rules. > > Hope you can help! > > Paul >
