After knowing exactly one mail that passed I did some testings with it and guess what... I found a simple reason for it. I should have read better the manpages before boring a newsgroup.
The -s parameter of spamc is by default setting the internal value for a mail to 250K. In this particular case, the supplier sends an PDF Doc attached that exceed this internal limitation. Setting the -s to a size larger than 250K (in my case 1MB) the mail is scanned and rated as expected. I was simply not aware that there is an internal limit of 250K for a mail. Perhaps there should be some sort of return code if this happens so an additional "special" scan could handle that issue.
Anyhow,
thanks again for your help and your great job.
Jochen
