All -
My apologies if this has come up before - but I was unable to find
anything relevant in the archives or while searching the docs...
I've had a recent problem with a specific piece of mail that was flagged
as spam - rightfully so in my opinion based on the flagged rules - but
indeed wasn't.
The problem is that it appears that spamassassin stripped the original
message out after it flagged it as spam. I am running Exim 4.63 with
SpamAssassin 3.2.5 being called via procmail.
Upon delivery the message contained:
1) The usual "Spam detection software, running on the system..." message
2) The Content Preview
3) A list of all the rules flagged and points applied to the message
(see below)
4) The original message headers (Date, From, To, Subject)
but the original actual message seems to have disappeared... If a copy
of the actual message as it was delivered is needed I can send it off list.
I've checked the spamassassin and my smtp agent's (exim4) logs - but
neither shows any warnings or errors for this message. My only guess at
this point is from the "MIME_QP_LONG_LINE RAW" rule... is it possible
that one line of the message was too long for spamassassin to parse so
it dropped it? Or am I totally off track on this?
The rules that tested positive on this message were:
MISSING_MID, INVALID_DATE
SPF_NEUTRAL
DATE_IN_PAST_06_12
HEADER_COUNT_CTYPE
BAYES_00
MIME_QP_LONG_LINE
#SpamAssassin Log:
Aug 29 11:49:37 spamd[20792]: spamd: connection from localhost
[127.0.0.1] at port 35098
Aug 29 11:49:37 spamd[20792]: spamd: setuid to <user> succeeded
Aug 29 11:49:37 spamd[20792]: netset: cannot include 127.0.0.0/8 as
it has already been included
Aug 29 11:49:37 spamd[20792]: spamd: processing message (unknown)
for <user>:<uid>
Aug 29 11:49:38 spamd[20792]: spamd: identified spam (4.8/3.5) for
<user>:<uid> in 0.9 seconds, 1878 bytes.
Aug 29 11:49:38 spamd[20792]: spamd: result: Y 4 -
BAYES_00,DATE_IN_PAST_06_12,HEADER_COUNT_CTYPE,INVALID_DATE,MIME_QP_LONG_LIN
E,MISSING_MID,SPF_NEUTRAL
scantime=0.9,size=1878,user=<user>,uid=1<uid>,required_score=3.5,rhost=localhost,raddr=127.0.0.1,rport=35098
,mid=(unknown),bayes=0.000000,autolearn=no
Any help in figuring out what happened would be greatly appreciated.
Thanks
-Chris H
--
-Chris Henry
Software Engineer
Statistics
(206)685-1627
begin:vcard
fn:Chris Henry
n:Henry;Chris
org:University of Washington;Statistics
adr;dom:Box 354322;;Department of Statistics;Seattle;WA;98195-4322
title:Software Engineer
tel;work:(206)685-1627
version:2.1
end:vcard
