Your first scan is running as nobody (that's bad) but the second is running as szinski. That would
explain the BAYES_99. I'm not sure about the FORGED_RCVD_HELO and HTML_50_60 though.
Zinski, Steve wrote:
I need some help trying to figure out why spamassassin scores the same
message differently.
I am using an ACL with exim4 to scan email during the actual smtp
connection (so I can reject spam before my server accepts it). It's
pretty straightforward. My ACL looks like this:
# Reject messages with a SpamAssassin score >7
deny message = Rejected: Flagged as spam ($spam_score).
spam = nobody:true
condition = ${if >{$spam_score_int}{70}{1}{0}}
Everything works just fine for mail destined to local accounts, but
there seems to be a discrepancy in spamassassin when mail is delivered
to a forwarded account (the forwarder directs mail to another local
account; i.e., [EMAIL PROTECTED] --> [EMAIL PROTECTED]). What
happens is that spamassassin scores the message low (non-spam) when it
accepts it from the Internet, but then scores it higher (as spam) when
the message is rerouted to the local mailbox. Here is a snippet from
maillog that illustrates this:
Jul 26 07:58:20 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56458
Jul 26 07:58:20 vps spamd[7361]: spamd: setuid to nobody succeeded
Jul 26 07:58:20 vps spamd[7361]: spamd: checking message
<[EMAIL PROTECTED]> for nobody:99
Jul 26 07:58:20 vps spamd[7361]: spamd: clean message (2.6/5.0) for
nobody:99 in 0.1 seconds, 2230 bytes.
Jul 26 07:58:20 vps spamd[7361]: spamd: result: . 2 -
HTML_MESSAGE,URIBL_SBL,URIBL_WS_SURBL
scantime=0.1,size=2230,user=nobody,uid=99,required_score=5.0,rhost=local
host,raddr=127.0.0.1,rport=56458,mid=<[EMAIL PROTECTED]
8>,autolearn=no
Jul 26 07:58:20 vps spamd[26587]: prefork: child states: II
Jul 26 07:58:21 vps spamd[7361]: spamd: connection from localhost
[127.0.0.1] at port 56459
Jul 26 07:58:21 vps spamd[7361]: spamd: setuid to szinski succeeded
Jul 26 07:58:21 vps spamd[7361]: spamd: processing message
<[EMAIL PROTECTED]> for szinski:503
Jul 26 07:58:21 vps spamd[7361]: spamd: identified spam (7.5/5.0) for
szinski:503 in 0.6 seconds, 2183 bytes.
Jul 26 07:58:21 vps spamd[7361]: spamd: result: Y 7 -
BAYES_99,FORGED_RCVD_HELO,HTML_50_60,HTML_MESSAGE,URIBL_SBL,URIBL_WS_SUR
BL
scantime=0.6,size=2183,user=szinski,uid=503,required_score=5.0,rhost=loc
alhost,raddr=127.0.0.1,rport=56459,mid=<[EMAIL PROTECTED]
hn8>,bayes=0.999997051713734,autolearn=no
As you can see, during the initial smtp pass (accepting from remote
host) the message is deemed "clean" with a score of 2.6. Then, when the
same message is delivered to the local account, it's identified as spam
with a score of 7.5. Unfortunately, my ACL only kicks in during the
first pass so the message gets accepted and delivered instead of
rejected. Anyone know what I might be doing wrong here?
Any help would be greatly appreciated.
Steve Zinski
University of Richmond
