I received a spam yesterday with two different scores (one directly to me, one to a webmaster account that forwards to me).
This was very odd, because the scores were quite different. I understand differences in the AWL and Bayes scores, due to being processed with different user directories (actually, domain directories in this implementation of 3.1.7). However, there are some other tests that are coming out differently, depending on the user specified. All have identical user_prefs (completely null) with the exception of some whitelist_from's. Setup is spamc/spamd, so the following analysis data were obtained by 4 calls to spamc with different parameters: >spamc -p 785 -s 500000 -u bydanjohnson < \tmp\Dtestnews.smd > \tmp\testnewsB.smd >spamc -p 785 -s 500000 -u kitepilot < \tmp\Dtestnews.smd > \tmp\testnewsK.smd >spamc -p 785 -s 500000 -u LMFP < \tmp\Dtestnews.smd > \tmp\testnewsL.smd >spamc -p 785 -s 500000 -u visioncomm.net < \tmp\Dtestnews.smd > \tmp\testnewsV.smd Where do I begin to look to understand what's happening? I understand the lines with an asterisk in column 1. spamassassin --lint is fine, as is spamassassin -p <various user directories> --lint, if that is even supposed to work<g>. Summaries from the spamc output (- indicates the test did not fire. It's included so non-proportional fonts and/or line wraps don't mess up the table): *-u B K L V *Score 3.3 5.2 2.9 7.3 *AWL 0.712 - 0.390 0.629 *BAYES_80 - 2 - - *BAYES_99 - - - 3.5 FORGED_RCVD_HELO - 0.135 - 0.135 HTML_50_60 - 0.134 - 0.134 *HTML_MESSAGE 0.001 0.001 0.001 0.001 HTML_TAG_EXIST_TBODY 0.126 - 0.126 - MIME_HTML_MOSTLY 0.699 1.102 0.699 1.102 MPART_ALT_DIFF 0.137 - 0.137 - RCVD_IN_BL_SPAMCOP_NET 1.332 1.558 1.332 1.558 *URIBL_GREY 0.25 0.25 0.25 0.25 Notice that some of the rules use different scores for the same tests (Mime mostly and Spamcop). That's got to be a hint to somebody<g>. Thanks in Advance; Dan Barker
