On Thu, 17 Jun 2010, Randy Ramsdell wrote:
The original email did not hit the NO_RELAYS rule but subsequent runs
through do hit this rule and it isn't on all email.
This sounds to me like you are 'resending' the mail from a local address
to your mail server, rather than 'feeding' the original mail back into
spamassassin. If this is the case, then you would naturally produce a new
set of headers, and there would be no external relays, thus triggering the
NO_RELAYS rule....
Original rules hit.
X-Spam-Status: No, score=-0.394 tagged_above=-9999
required=5tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001,
RCVD_IN_SORBS_WEB=0.619,URG_BIZ=1.585]
Right there, we see 'RCVD_IN_SORBS'. This would not happen even if your
own server was blacklisted with SORBS. There *was* a Received header for a
relay, and somehow you have 'removed' it, either via a filtering mechanism
outside SA, or by 'resending' or 'forwarding' the mail.
After running spamassassin -D
If this is what you used, then the forwarding and header rewriting must
have occurred prior to this. Did someone 'forward' the spam to you as a
complaint? Users often fail to properly forward with full headers
enclosed.
- C
