I'm not sure why your score is changing, since the list of hit tests seems
to be the same. Two points though:
> (command "spamassassin spam.txt")
I had always thought it was "spamassassin <spam.txt". I suppose maybe SA
will pick up an unrecognized parameter as a file name to parse though.
> I am not NAT'ed so I can see no reason why it is ALL_TRUSTED
I think I can:
> Delivered-To: [EMAIL PROTECTED]
> Received: (qmail 19588 invoked from network); 20 May 2005 22:45:07 +0100
> Received: from 82-35-6-77.cable.ubr01.hari.blueyonder.co.uk (@82.35.6.77)
> by secure.roshan.name with SMTP; 20 May 2005 22:45:07 +0100
> Language: English
I suspect the qmail header either isn't parsable by SA or doesn't contain
enough information to be interesting, or is considered local delivery. This
means that the next and only header would be from your gateway and would be
trusted, I assume. Since it is directly from the spammer with no indication
of a local gateway, SA makes the wrong guess.
I *think* that normally SA expects to see a received header from your local
MTA in the mail, and in this case there isn't one. You might be able to get
around this by setting trusted_networks to local only, but I suspect the
right fix is to get a received header for your MTA in there.
Loren
