# Spamassassin not working well

## feardapenguin

Spamassassin is partially working but not very well.  I'm getting a LOT of missed spam.  Some very obvious spam messages actually have a negative score.

I run sendmail as my MTA and get mail via fetchmail.  Spamassassin is executed from my user's procmail rule:

```
# Start spamassassin

:0fw: spamassassin.lock

| /usr/bin/spamassassin

 :0:

   * ^X-Spam-Status: Yes

      $SPAMOUT
```

I've had a stock install (i.e. no custom rules) of spamassassin running on this machine for quite a while using this configuration.  It was doing a decent job but I recently decided to beef it up with some custom rulesets from rulesemporium (see debug below).  Since then I'm getting hits on approximately half of the real spam and it doesn't seem to be scoring properly.  I've made NO changes to any of the configuration with the exception of adding the rulesemporium .cf files to /etc/mail/spamassassin.

What am I doing wrong?

Here is the output from "spamassassin -D --lint":

```
[~]$ spamassassin -D --lint

[10446] dbg: logger: adding facilities: all

[10446] dbg: logger: logging level is DBG

[10446] dbg: generic: SpamAssassin version 3.1.0

[10446] dbg: config: score set 0 chosen.

[10446] dbg: util: running in taint mode? no

[10446] dbg: dns: is Net::DNS::Resolver available? yes

[10446] dbg: dns: Net::DNS version: 0.53

[10446] dbg: dns: name server: 192.168.0.1, family: 2, ipv6: 0

[10446] dbg: diag: perl platform: 5.008007 linux

[10446] dbg: diag: module installed: Digest::SHA1, version 2.10

[10446] dbg: diag: module installed: MIME::Base64, version 3.05

[10446] dbg: diag: module installed: HTML::Parser, version 3.46

[10446] dbg: diag: module installed: DB_File, version 1.814

[10446] dbg: diag: module installed: Net::DNS, version 0.53

[10446] dbg: diag: module installed: Net::SMTP, version 2.29

[10446] dbg: diag: module installed: Mail::SPF::Query, version 1.997

[10446] dbg: diag: module installed: IP::Country::Fast, version 309.002

[10446] dbg: diag: module installed: Razor2::Client::Agent, version 2.77

[10446] dbg: diag: module not installed: Net::Ident ('require' failed)

[10446] dbg: diag: module installed: IO::Socket::INET6, version 2.51

[10446] dbg: diag: module installed: IO::Socket::SSL, version 0.97

[10446] dbg: diag: module installed: Time::HiRes, version 1.82

[10446] dbg: diag: module installed: DBI, version 1.48

[10446] dbg: diag: module installed: Getopt::Long, version 2.34

[10446] dbg: diag: module installed: LWP::UserAgent, version 2.033

[10446] dbg: diag: module installed: HTTP::Date, version 1.46

[10446] dbg: diag: module installed: Archive::Tar, version 1.26

[10446] dbg: diag: module installed: IO::Zlib, version 1.04

[10446] dbg: ignore: using a test message to lint rules

[10446] dbg: config: using "/etc/mail/spamassassin" for site rules pre files

[10446] dbg: config: read file /etc/mail/spamassassin/init.pre

[10446] dbg: config: read file /etc/mail/spamassassin/v310.pre

[10446] dbg: config: using "/usr/share/spamassassin" for sys rules pre files

[10446] dbg: config: using "/usr/share/spamassassin" for default rules dir

[10446] dbg: config: read file /usr/share/spamassassin/10_misc.cf

[10446] dbg: config: read file /usr/share/spamassassin/11_gentoo.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_compensate.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_drugs.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_phrases.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_porn.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_ratware.cf

[10446] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf

[10446] dbg: config: read file /usr/share/spamassassin/23_bayes.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_dcc.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_razor2.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_replace.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_spf.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_textcat.cf

[10446] dbg: config: read file /usr/share/spamassassin/25_uribl.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_de.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_it.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf

[10446] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf

[10446] dbg: config: read file /usr/share/spamassassin/50_scores.cf

[10446] dbg: config: read file /usr/share/spamassassin/60_awl.cf

[10446] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf

[10446] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf

[10446] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf

[10446] dbg: config: using "/etc/mail/spamassassin" for site rules dir

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_obfu0.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf

[10446] dbg: config: read file /etc/mail/spamassassin/70_sc_top200.cf

[10446] dbg: config: read file /etc/mail/spamassassin/antidrug.cf

[10446] dbg: config: read file /etc/mail/spamassassin/chickenpox.cf

[10446] dbg: config: read file /etc/mail/spamassassin/local.cf

[10446] dbg: config: read file /etc/mail/spamassassin/mime_validate.cf

[10446] dbg: config: read file /etc/mail/spamassassin/secrets.cf

[10446] dbg: config: using "/home/user/.spamassassin" for user state dir

[10446] dbg: config: using "/home/user/.spamassassin/user_prefs" for user prefs file

[10446] dbg: config: read file /home/user/.spamassassin/user_prefs

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8f37938)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x914486c)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC

[10446] dbg: pyzor: network tests on, attempting Pyzor

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91a3594)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC

[10446] dbg: reporter: network tests on, attempting SpamCop

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x91b8920)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x917b530)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x917c514)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x917cf1c)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x91e3308)

[10446] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC

[10446] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91ecacc)

[10446] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i

[10446] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i

[10446] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i

[10446] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i

[10446] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i

[10446] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i

[10446] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i

[10446] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x91ecacc) implements 'finish_parsing_end'

[10446] dbg: replacetags: replacing tags

[10446] dbg: replacetags: done replacing tags

[10446] dbg: config: using "/home/user/.spamassassin" for user state dir

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_toks

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_seen

[10446] dbg: bayes: found bayes db version 3

[10446] dbg: bayes: DB journal sync: last sync: 0

[10446] dbg: config: using "/home/user/.spamassassin" for user state dir

[10446] dbg: bayes: not available for scanning, only 39 spam(s) in bayes DB < 200

[10446] dbg: bayes: untie-ing

[10446] dbg: bayes: untie-ing db_toks

[10446] dbg: bayes: untie-ing db_seen

[10446] dbg: config: score set 1 chosen.

[10446] dbg: message: ---- MIME PARSER START ----

[10446] dbg: message: main message type: text/plain

[10446] dbg: message: parsing normal part

[10446] dbg: message: added part, type: text/plain

[10446] dbg: message: ---- MIME PARSER END ----

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_toks

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_seen

[10446] dbg: bayes: found bayes db version 3

[10446] dbg: bayes: DB journal sync: last sync: 0

[10446] dbg: bayes: not available for scanning, only 39 spam(s) in bayes DB < 200

[10446] dbg: bayes: untie-ing

[10446] dbg: bayes: untie-ing db_toks

[10446] dbg: bayes: untie-ing db_seen

[10446] dbg: dns: testing resolver nameservers: 192.168.0.1

[10446] dbg: dns: trying (3) doubleclick.com...

[10446] dbg: dns: looking up NS for 'doubleclick.com'

[10446] dbg: dns: NS lookup of doubleclick.com using 192.168.0.1 succeeded => DNS available (set dns_available to override)

[10446] dbg: dns: is DNS available? 1

[10446] dbg: metadata: X-Spam-Relays-Trusted:

[10446] dbg: metadata: X-Spam-Relays-Untrusted:

[10446] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8f37938) implements 'extract_metadata'

[10446] dbg: metadata: X-Relay-Countries:

[10446] dbg: message: no encoding detected

[10446] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x914486c) implements 'parsed_metadata'

[10446] dbg: uridnsbl: domains to query:

[10446] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop

[10446] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted

[10446] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl

[10446] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted

[10446] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop

[10446] dbg: dns: checking RBL combined.njabl.org., set njabl

[10446] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois

[10446] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop

[10446] dbg: dns: checking RBL bl.spamcop.net., set spamcop

[10446] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted

[10446] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop

[10446] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop

[10446] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs

[10446] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted

[10446] dbg: check: running tests for priority: 0

[10446] dbg: rules: running header regexp tests; score so far=0

[10446] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"

[10446] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1136422052@lint_rules>

[10446] dbg: rules: "

[10446] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org

[10446] dbg: rules: "

[10446] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>"

[10446] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1136422052"

[10446] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: spf: message was delivered entirely via trusted relays, not required

[10446] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org

[10446] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x917cf1c))

[10446] dbg: eval: all '*To' addrs:

[10446] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: spf: message was delivered entirely via trusted relays, not required

[10446] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: rules: ran eval rule NO_RELAYS ======> got hit

[10446] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: spf: cannot get Envelope-From, cannot use SPF

[10446] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender

[10446] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit

[10446] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x917cf1c))

[10446] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit

[10446] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x915ae44))

[10446] dbg: spf: spf_whitelist_from: could not find useable envelope sender

[10446] dbg: rules: running body-text per-line regexp tests; score so far=0.738

[10446] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"

[10446] dbg: uri: running uri tests; score so far=0.738

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_toks

[10446] dbg: bayes: tie-ing to DB file R/O /home/user/.spamassassin/bayes_seen

[10446] dbg: bayes: found bayes db version 3

[10446] dbg: bayes: DB journal sync: last sync: 0

[10446] dbg: bayes: not available for scanning, only 39 spam(s) in bayes DB < 200

[10446] dbg: bayes: not scoring message, returning undef

[10446] dbg: bayes: DB expiry: tokens in DB: 40387, Expiry max size: 150000, Oldest atime: 1091934715, Newest atime: 1136415185, 

Last expire: 0, Current time: 1136422054

[10446] dbg: bayes: DB journal sync: last sync: 0

[10446] dbg: bayes: untie-ing

[10446] dbg: bayes: untie-ing db_toks

[10446] dbg: bayes: untie-ing db_seen

[10446] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x914486c))

[10446] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738

[10446] dbg: rules: running full-text regexp tests; score so far=0.738

[10446] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x91a3594))

[10446] dbg: util: executable for pyzor was found at /usr/bin/pyzor

[10446] dbg: pyzor: pyzor is available: /usr/bin/pyzor

[10446] dbg: info: entering helper-app run mode

[10446] dbg: pyzor: opening pipe: /usr/bin/pyzor  check < /tmp/.spamassassin104468GcZG1tmp

[10447] dbg: util: setuid: ruid=500 euid=500

[10446] dbg: pyzor: [10447] finished:  exit=0x0100

[10446] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0

[10446] dbg: info: leaving helper-app run mode

[10446] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x914486c) implements 'check_tick'

[10446] dbg: check: running tests for priority: 500

[10446] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x914486c) implements 'check_post_dnsbl'

[10446] dbg: rules: running meta tests; score so far=0.738

[10446] dbg: rules: running header regexp tests; score so far=2.216

[10446] dbg: rules: running body-text per-line regexp tests; score so far=2.216

[10446] dbg: uri: running uri tests; score so far=2.216

[10446] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216

[10446] dbg: rules: running full-text regexp tests; score so far=2.216

[10446] dbg: check: running tests for priority: 1000

[10446] dbg: rules: running meta tests; score so far=2.216

[10446] dbg: rules: running header regexp tests; score so far=2.216

[10446] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x917b530))

[10446] dbg: config: using "/home/user/.spamassassin" for user state dir

[10446] dbg: locker: safe_lock: created /home/user/.spamassassin/auto-whitelist.lock.myhost.localdomain.10446

[10446] dbg: locker: safe_lock: trying to get lock on /home/user/.spamassassin/auto-whitelist with 0 retries

[10446] dbg: locker: safe_lock: link to /home/user/.spamassassin/auto-whitelist.lock: link ok

[10446] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /home/user/.spamassassin/auto-whitelist

[10446] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0

[10446] dbg: auto-whitelist: AWL active, pre-score: 2.216, autolearn score: 2.216, mean: undef, IP: undef

[10446] dbg: auto-whitelist: DB addr list: untie-ing and unlocking

[10446] dbg: auto-whitelist: DB addr list: file locked, breaking lock

[10446] dbg: locker: safe_unlock: unlink /home/user/.spamassassin/auto-whitelist.lock

[10446] dbg: auto-whitelist: post auto-whitelist score: 2.216

[10446] dbg: rules: running body-text per-line regexp tests; score so far=2.216

[10446] dbg: uri: running uri tests; score so far=2.216

[10446] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216

[10446] dbg: rules: running full-text regexp tests; score so far=2.216

[10446] dbg: check: is spam? score=2.216 required=5

[10446] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE

[10446] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID

[~]$
```

----------

## feardapenguin

For the record, here is an example of a mail that should have scored as spam.  Note the tests performed.  The URL in the body of the email IS listed in sa-blacklist.current.  

Why would this score so low (only 3.9)?

```
From leprecaunzqtt@yahoo.co.in Wed Jan  4 20:20:11 2006

Return-Path: <leprecaunzqtt@yahoo.co.in>

X-Spam-Checker-Version: SpamAssassin 3.1.0-gr2 (2005-09-13) on 

   myhost.localdomain

X-Spam-Level: ***

X-Spam-Status: No, score=3.9 required=5.0 tests=FUZZY_CREDIT,SORTED_RECIPS,

   SUSPICIOUS_RECIPS,UNPARSEABLE_RELAY autolearn=no version=3.1.0-gr2

Received: <snip>

X-IronPort-AV: i="3.99,331,1131339600";  d="scan'208";

   a="1162056367:sNHT19310676"

Received: from cephalochordal.astigmatically.net   by

   achlorhydria.arrear.net with SMTP; Wed, 04 Jan 2006 21:20:16 -0500

Date: Wed, 04 Jan 2006 23:18:16 -0300

From: "Hollie" <leprecaunzqtt@yahoo.co.in>

To: addr@myisp.net, addrandgo-jo@myisp.net, myhost@myisp.net, addred@myisp.net, addrer26@myisp.net, addrer@myisp.net, addrerman@myisp.net

Subject: Re:

Message-ID: <7A020.UG68.5dl7.879K2A1H9@localhost>

MIME-Version: 1.0

Content-type: text/plain; charset=US-ASCII

Priority: normal

X-mailer: Pegasus Mail for Win32 (v3.12c)

Status: O

X-Evolution-Source: mbox:/var/spool/mail/user

X-Evolution: 0000062b-0010

Hey,

Cash Out Now! 

Get a Specialist. Someone to take care of you every step of the way through the LOOAN process, from application through approval.

The real world is filled with ups and downs that may have a ufi unancial impact which can affect your ucr edit history. Thats why our loan program accommodates a wide range of ucre udit scores and is custom-tailored to meet your requirements. The end result will be a home with a home ulo an you can afford.

We process all customer payments at our state-of-the-art payment processing center, which ensures timely, accurate processing of payments on the day they are received.

US D $ 290 ,000       uL0 uANS        are avai lable for only $255 / month! WE'RE uPRACT ICALLY uGIVIuNG uAWAY MOuNEY!

-----------------------------------------------------------

COPY the Addreuss below and paste in your WEuB BROuWSER:

baseboard.y838x.com

-----------------------------------------------------------

Valid for 24 Hrs.

7.

Luke is missing jumping today..

I don't miss jumping for three or four weeks..

Luke is missing jumping today..

The librarians don't remember skiing for more than an hour..

Later,

Meghan Peel

```

----------

## magic919

The SA output indicates on 39 messages seen, so it's likely to not be at its best.  This maybe due to you running the SA -D --lint as another user.

I can't see the sa-blacklist rule in the output unless it has some other name.

I use SA with DCC, Pyzor and Razor2 as a combo.  Mine scored higher.

```

spamassassin -D --lint < spamtest.txt

[8232] dbg: logger: adding facilities: all

[8232] dbg: logger: logging level is DBG

[8232] dbg: generic: SpamAssassin version 3.1.0

[8232] dbg: config: score set 0 chosen.

[8232] dbg: util: running in taint mode? no

[8232] dbg: dns: is Net::DNS::Resolver available? yes

[8232] dbg: dns: Net::DNS version: 0.49

[8232] dbg: dns: name server: 192.168.0.106, family: 2, ipv6: 0

[8232] dbg: diag: perl platform: 5.008006 linux

[8232] dbg: diag: module installed: Digest::SHA1, version 2.10

[8232] dbg: diag: module installed: DB_File, version 1.811

[8232] dbg: diag: module installed: Net::DNS, version 0.49

[8232] dbg: diag: module installed: Net::SMTP, version 2.29

[8232] dbg: diag: module installed: Mail::SPF::Query, version 1.997

[8232] dbg: diag: module not installed: IP::Country::Fast ('require' failed)

[8232] dbg: diag: module installed: Razor2::Client::Agent, version 2.77

[8232] dbg: diag: module not installed: Net::Ident ('require' failed)

[8232] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)

[8232] dbg: diag: module installed: IO::Socket::SSL, version 0.96

[8232] dbg: diag: module installed: Time::HiRes, version 1.66

[8232] dbg: diag: module installed: DBI, version 1.46

[8232] dbg: diag: module installed: Getopt::Long, version 2.34

[8232] dbg: diag: module installed: LWP::UserAgent, version 2.032

[8232] dbg: diag: module installed: HTTP::Date, version 1.46

[8232] dbg: diag: module installed: Archive::Tar, version 1.26

[8232] dbg: diag: module installed: IO::Zlib, version 1.01

[8232] dbg: diag: module installed: MIME::Base64, version 3.05

[8232] dbg: diag: module installed: HTML::Parser, version 3.46

[8232] dbg: ignore: using a test message to lint rules

[8232] dbg: config: using "/etc/mail/spamassassin" for site rules pre files

[8232] dbg: config: read file /etc/mail/spamassassin/init.pre

[8232] dbg: config: read file /etc/mail/spamassassin/v310.pre

[8232] dbg: config: using "/usr/share/spamassassin" for sys rules pre files

[8232] dbg: config: using "/usr/share/spamassassin" for default rules dir

[8232] dbg: config: read file /usr/share/spamassassin/10_misc.cf

[8232] dbg: config: read file /usr/share/spamassassin/11_gentoo.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_compensate.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_drugs.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_phrases.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_porn.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_ratware.cf

[8232] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf

[8232] dbg: config: read file /usr/share/spamassassin/23_bayes.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_dcc.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_razor2.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_replace.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_spf.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_textcat.cf

[8232] dbg: config: read file /usr/share/spamassassin/25_uribl.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_de.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_it.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf

[8232] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf

[8232] dbg: config: read file /usr/share/spamassassin/50_scores.cf

[8232] dbg: config: read file /usr/share/spamassassin/60_awl.cf

[8232] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf

[8232] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf

[8232] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf

[8232] dbg: config: using "/etc/mail/spamassassin" for site rules dir

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_adult.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj2.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj3.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_genlsubj_eng.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_header0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_header1.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_header2.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_header3.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_header_eng.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_highrisk.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html1.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html2.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html3.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html4.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_html_eng.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_oem.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_random.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_ratware.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_specific.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_spoof.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_unsub.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_uri.cf

[8232] dbg: config: read file /etc/mail/spamassassin/70_sare_uri0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf

[8232] dbg: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf

[8232] dbg: config: read file /etc/mail/spamassassin/99_FVGT_Tripwire.cf

[8232] dbg: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf

[8232] dbg: config: read file /etc/mail/spamassassin/antidrug.cf

[8232] dbg: config: read file /etc/mail/spamassassin/bogus-virus-warnings.cf

[8232] dbg: config: read file /etc/mail/spamassassin/evilnumbers.cf

[8232] dbg: config: read file /etc/mail/spamassassin/local.cf

[8232] dbg: config: read file /etc/mail/spamassassin/random.cf

[8232] dbg: config: read file /etc/mail/spamassassin/random.current.cf

[8232] warn: config: cannot open "/etc/mail/spamassassin/secrets.cf": Permission denied

[8232] dbg: config: read file /etc/mail/spamassassin/tripwire.cf

[8232] dbg: config: using "/home/filter/.spamassassin" for user state dir

[8232] dbg: config: using "/home/filter/.spamassassin/user_prefs" for user prefs file

[8232] dbg: config: read file /home/filter/.spamassassin/user_prefs

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9062cf0)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x908d378)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC

[8232] dbg: dcc: network tests on, registering DCC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::DCC=HASH(0x90501bc)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC

[8232] dbg: pyzor: network tests on, attempting Pyzor

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9096ec4)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC

[8232] dbg: razor2: razor2 is available, version 2.77

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::Razor2=HASH(0x9090d04)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC

[8232] dbg: reporter: network tests on, attempting SpamCop

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x907c788)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9102488)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9117fd4)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9110ed0)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x91157bc)

[8232] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC

[8232] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x911db84)

[8232] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i

[8232] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i

[8232] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i

[8232] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i

[8232] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i

[8232] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i

[8232] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i

[8232] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x911db84) implements 'finish_parsing_end'

[8232] dbg: replacetags: replacing tags

[8232] dbg: replacetags: done replacing tags

[8232] dbg: config: using "/home/filter/.spamassassin" for user state dir

[8232] dbg: bayes: tie-ing to DB file R/O /home/filter/.spamassassin/bayes_toks

[8232] dbg: bayes: tie-ing to DB file R/O /home/filter/.spamassassin/bayes_seen

[8232] dbg: bayes: found bayes db version 3

[8232] dbg: bayes: DB journal sync: last sync: 1136020482

[8232] dbg: config: using "/home/filter/.spamassassin" for user state dir

[8232] dbg: bayes: opportunistic call found journal sync due

[8232] dbg: bayes: bayes journal sync starting

[8232] dbg: locker: safe_lock: created /home/filter/.spamassassin/bayes.lock.hidden.8232

[8232] dbg: locker: safe_lock: trying to get lock on /home/filter/.spamassassin/bayes with 0 retries

[8232] dbg: locker: safe_lock: link to /home/filter/.spamassassin/bayes.lock: link ok

[8232] dbg: bayes: tie-ing to DB file R/W /home/filter/.spamassassin/bayes_toks

[8232] dbg: bayes: tie-ing to DB file R/W /home/filter/.spamassassin/bayes_seen

[8232] dbg: bayes: found bayes db version 3

[8232] dbg: locker: refresh_lock: refresh /home/filter/.spamassassin/bayes.lock

[8232] dbg: bayes: synced databases from journal in 0 seconds: 3 unique entries (6 total entries)

[8232] dbg: bayes: bayes journal sync completed

[8232] dbg: config: score set 3 chosen.

[8232] dbg: message: ---- MIME PARSER START ----

[8232] dbg: message: main message type: text/plain

[8232] dbg: message: parsing normal part

[8232] dbg: message: added part, type: text/plain

[8232] dbg: message: ---- MIME PARSER END ----

[8232] dbg: dns: testing resolver nameservers: 192.168.0.106, x.x.x.x

[8232] dbg: dns: trying (3) doubleclick.com...

[8232] dbg: dns: looking up NS for 'doubleclick.com'

[8232] dbg: dns: NS lookup of doubleclick.com using 192.168.0.106 succeeded => DNS available (set dns_available to override)

[8232] dbg: dns: is DNS available? 1

[8232] dbg: metadata: X-Spam-Relays-Trusted:

[8232] dbg: metadata: X-Spam-Relays-Untrusted:

[8232] dbg: message: no encoding detected

[8232] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9062cf0) implements 'parsed_metadata'

[8232] dbg: uridnsbl: domains to query:

[8232] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop

[8232] dbg: dns: checking RBL dialups.mail-abuse.org., set dialup-notfirsthop

[8232] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted

[8232] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl

[8232] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted

[8232] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop

[8232] dbg: dns: checking RBL combined.njabl.org., set njabl

[8232] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois

[8232] dbg: dns: checking RBL blackholes.mail-abuse.org., set rbl

[8232] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop

[8232] dbg: dns: checking RBL bl.spamcop.net., set spamcop

[8232] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted

[8232] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop

[8232] dbg: dns: checking RBL relays.mail-abuse.org., set rss

[8232] dbg: dns: checking RBL nonconfirm.mail-abuse.org., set nml

[8232] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop

[8232] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs

[8232] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted

[8232] dbg: check: running tests for priority: 0

[8232] dbg: rules: running header regexp tests; score so far=0

[8232] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"

[8232] dbg: rules: ran header rule __SARE_CC_NONE ======> got hit: "UNSET"

[8232] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1136451222@lint_rules>

[8232] dbg: rules: "

[8232] dbg: rules: ran header rule __SARE_TO_NONE ======> got hit: "UNSET"

[8232] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>"

[8232] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org

[8232] dbg: rules: "

[8232] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1136451222"

[8232] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x908d378))

[8232] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org

[8232] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9110ed0))

[8232] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x908d378))

[8232] dbg: eval: all '*To' addrs:

[8232] dbg: rules: ran eval rule NO_RELAYS ======> got hit

[8232] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit

[8232] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9110ed0))

[8232] dbg: rules: running body-text per-line regexp tests; score so far=0.96

[8232] dbg: rules: ran body rule __SARE_HTML_HAS_MSG ======> got hit: "I"

[8232] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"

[8232] dbg: uri: running uri tests; score so far=0.96

[8232] dbg: bayes: tie-ing to DB file R/O /home/filter/.spamassassin/bayes_toks

[8232] dbg: bayes: tie-ing to DB file R/O /home/filter/.spamassassin/bayes_seen

[8232] dbg: bayes: found bayes db version 3

[8232] dbg: bayes: DB journal sync: last sync: 1136451223

[8232] dbg: bayes: corpus size: nspam = 1019, nham = 1222

[8232] dbg: bayes: score = 0.574370880609513

[8232] dbg: bayes: DB expiry: tokens in DB: 76190, Expiry max size: 150000, Oldest atime: 1109883025, Newest atime: 1136020665, Last expire: 0, Current time  : 1136451225

[8232] dbg: bayes: DB journal sync: last sync: 1136451223

[8232] dbg: bayes: untie-ing

[8232] dbg: bayes: untie-ing db_toks

[8232] dbg: bayes: untie-ing db_seen

[8232] dbg: bayes: files locked, now unlocking lock

[8232] dbg: locker: safe_unlock: unlink /home/filter/.spamassassin/bayes.lock

[8232] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9062cf0))

[8232] dbg: rules: ran eval rule BAYES_50 ======> got hit

[8232] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.961

[8232] dbg: rules: running full-text regexp tests; score so far=0.961

[8232] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0x9090d04))

[8232] dbg: info: entering helper-app run mode

[8232] dbg: info: leaving helper-app run mode

[8232] dbg: razor2: part=0 engine=4 contested=0 confidence=0

[8232] dbg: razor2: results: spam? 0

[8232] dbg: razor2: results: engine 8, highest cf score: 0

[8232] dbg: razor2: results: engine 4, highest cf score: 0

[8232] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0x9090d04))

[8232] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x9096ec4))

[8232] dbg: util: current PATH is: /usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.4:/usr/qt/3/bin

[8232] dbg: util: executable for pyzor was found at /usr/bin/pyzor

[8232] dbg: pyzor: pyzor is available: /usr/bin/pyzor

[8232] dbg: info: entering helper-app run mode

[8232] dbg: pyzor: opening pipe: /usr/bin/pyzor  check < /tmp/.spamassassin8232rTVFo6tmp

[8233] dbg: util: setuid: ruid=1000 euid=1000

[8232] dbg: pyzor: [8233] finished:  exit=0x0100

[8232] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0

[8232] dbg: info: leaving helper-app run mode

[8232] dbg: plugin: registering glue method for check_dcc (Mail::SpamAssassin::Plugin::DCC=HASH(0x90501bc))

[8232] dbg: dcc: dccifd is not available: no r/w dccifd socket found

[8232] dbg: util: executable for dccproc was found at /usr/bin/dccproc

[8232] dbg: dcc: dccproc is available: /usr/bin/dccproc

[8232] dbg: info: entering helper-app run mode

[8232] dbg: dcc: opening pipe: /usr/bin/dccproc -H -R < /tmp/.spamassassin8232rTVFo6tmp

[8234] dbg: util: setuid: ruid=1000 euid=1000

[8232] dbg: dcc: got response: X-DCC-wuwien-Metrics: denzilla.atavus.co.uk 1290; Body=59001 Fuz1=4255345 Fuz2=4255357

[8232] dbg: info: leaving helper-app run mode

[8232] dbg: dcc: listed: BODY=59001/999999 FUZ1=4255345/999999 FUZ2=4255357/999999

[8232] dbg: rules: ran eval rule DCC_CHECK ======> got hit

[8232] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9062cf0) implements 'check_tick'

[8232] dbg: check: running tests for priority: 500

[8232] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9062cf0) implements 'check_post_dnsbl'

[8232] dbg: rules: running meta tests; score so far=3.131

[8232] dbg: rules: running header regexp tests; score so far=5.568

[8232] dbg: rules: running body-text per-line regexp tests; score so far=5.568

[8232] dbg: uri: running uri tests; score so far=5.568

[8232] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.568

[8232] dbg: rules: running full-text regexp tests; score so far=5.568

[8232] dbg: check: running tests for priority: 1000

[8232] dbg: rules: running meta tests; score so far=5.568

[8232] dbg: rules: running header regexp tests; score so far=5.568

[8232] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x9102488))

[8232] dbg: config: using "/home/filter/.spamassassin" for user state dir

[8232] dbg: locker: safe_lock: created /home/filter/.spamassassin/auto-whitelist.lock.hidden.8232

[8232] dbg: locker: safe_lock: trying to get lock on /home/filter/.spamassassin/auto-whitelist with 0 retries

[8232] dbg: locker: safe_lock: link to /home/filter/.spamassassin/auto-whitelist.lock: link ok

[8232] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W in /home/filter/.spamassassin/auto-whitelist

[8232] dbg: auto-whitelist: db-based ignore@compiling.spamassassin.taint.org|ip=none scores 0/0

[8232] dbg: auto-whitelist: AWL active, pre-score: 5.568, autolearn score: 5.568, mean: undef, IP: undef

[8232] dbg: auto-whitelist: DB addr list: untie-ing and unlocking

[8232] dbg: auto-whitelist: DB addr list: file locked, breaking lock

[8232] dbg: locker: safe_unlock: unlink /home/filter/.spamassassin/auto-whitelist.lock

[8232] dbg: auto-whitelist: post auto-whitelist score: 5.568

[8232] dbg: rules: running body-text per-line regexp tests; score so far=5.568

[8232] dbg: uri: running uri tests; score so far=5.568

[8232] dbg: rules: running raw-body-text per-line regexp tests; score so far=5.568

[8232] dbg: rules: running full-text regexp tests; score so far=5.568

[8232] dbg: check: is spam? score=5.568 required=5

[8232] dbg: check: tests=BAYES_50,DCC_CHECK,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,SARE_TOCC_NONE,TO_CC_NONE

[8232] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_CC_NONE,__SARE_HTML_HAS_MSG,__SARE_TO_NONE,__U  NUSABLE_MSGID

```

You can compare rulesets and even consider RulesDuJour to keep up to date.

I block more spam with RBLs and a few config checks these days so SA has little left to work on. YMMV.Last edited by magic919 on Fri Jan 06, 2006 8:26 am; edited 2 times in total

----------

## feardapenguin

 *magic919 wrote:*   

> The SA output indicates on 39 messages seen, do it's likely to not be at its best.  This maybe due to you running the SA -D --lint as another user.
> 
> I can't see the sa-blacklist rule in the output unless it has some other name.
> 
> I use SA with DCC, Pyzor and Razor2 as a combo.  Mine scored higher.
> ...

 

I'm running debug on the same user that executes the procmail rule to call spamassassin.  

You were right about sa-blacklist.  I had forgot to rename it from .current to .cf.  This has been fixed but it doesn't seem to have made any difference.

I also tried fooling with trusted_network but since I'm behind a NAT it doesn't appear to help.  When I specified my network IPs it assumed everything was trusted and automatically scored -1.4.

The strange thing is that I've seen several obvious spam messages with a score of 0 and tests of "None".  Yet other spam is scoring correctly and getting caught.  On again, off again.

----------

## magic919

Okay.  Sounds like things are basically alright - meaning I can't see any direct evidence of a problem with SA.  Bear in mind the corpus of spam it has seen is too small for it to do its best.  Do consider using some of the other tools with SA.  I've used this on a few servers and for 2-3 years now and I'm sure it helps.  Do the training too, it's all part of SA.  Run the sa-learn as the same user (I'm assuming you run SA as the same user for the whole server).

I'd suggest a trip to the SA wiki http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions so you can see what happens with the tests, scores etc.  Bear in mind the output is flagging up rules/tests hit rather than indicating few were run.

Be aware that too high a ratio of spam is not healthy when it tries to learn.  Try to train with a balanced diet.  Consider training with some old email of yours if you have some lying around.  Work towards cracking through the 200 mails barrier, as performance will improve.

----------

## feardapenguin

You were right about crossing the threshold for the Bayesian test.  I just crossed 200 and my "-D --lint" score went from 2.216 to 2.907.  Not a big improvement but I guess it will get better over time.

I also realized that I was using both SpamCop and Rulesemporium's 70_sc_top200.cf.  Their notes say don't do this.

It still bothers me that spam like the following goes through with a score of 0.0.  Note that the only test was UNPARSEABLE_RELAY and autolearn=ham.  With all of the rules I've got I can see several tokens that should have been tested and caught (obfuscation, urls, etc).  Why weren't these tests performed?  They are performed on other emails.  Its like SA randomly chooses to do some tests some of the time but not others.  

Edit:  These 0.0 scored spams all seem to be "autolearn=ham".  I have several other examples like this (all with a test of UNPARSEABLE_RELAY only).  How is this controlled?  I'm having a hard time finding info on 'autolearn' in the doc.  What caused these to be learned as ham and how can I reverse it?

```
Return-Path: <flammablemsgb@yahoo.co.uk>

X-Spam-Checker-Version: SpamAssassin 3.1.0-gr2 (2005-09-13) on  myhost.localdomain

X-Spam-Level: 

X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY  autolearn=ham version=3.1.0-gr2

Received: from myhost.localdomain (localhost [127.0.0.1]) by myhost.localdomain (8.13.4/8.13.4) with ESMTP id k06BxXaO012191 for <user@localhost>; Fri, 6 Jan 2006 05:59:33 -0600

Received: from pop.myisp.net [209.xxx.8.224] by myhost.localdomain with POP3 (fetchmail-6.3.1) for <user@localhost> (single-drop); Fri, 06 Jan 2006 05:59:33 -0600 (CST)

Received: from mxsf15.cluster1.myisp.net ([10.20.xxx.xxx]) by mtai05.myisp.net (InterMail vM.6.01.05.04 201-2131-123-105-20051025) with ESMTP id <20060106115510.EESP24010.mtai05.myisp.net@mxsf15.cluster1.myisp.net> for <myaddr@myisp.net>; Fri, 6 Jan 2006 06:55:10 -0500

Received: from mxip19a.cluster1.myisp.net (mxip19a.cluster1.myisp.net [209.xxx.xx.149]) by mxsf15.cluster1.myisp.net (8.12.11/8.12.11) with ESMTP id k06BsdBO031363; Fri, 6 Jan 2006 06:55:10 -0500

Received: from unknown (HELO 1D48F98) (218.11.xxx.xxx) by mxip19a.cluster1.myisp.net with SMTP; 06 Jan 2006 06:55:04 -0500

X-IronPort-AV: i="3.99,338,1131339600";  d="scan'208"; a="1982769023:sNHT20019338"

Received: from anthokyan.allocyanine.net (aminoacetanilide.betask.net [ceratomania.yahoo.se]) by mailout7-2.Andian.com (7.9.8/5.3.0) with ESMTP id UHX58071; Fri, 06 Jan 2006 17:45:26 +0600

Message-ID: <WKQ36.HT523qcruqe867928a9@yahoo.se.com>

Date: Fri, 06 Jan 2006 09:47:26 -0200  (05:47 CST)

From: Ruben Grisham <flammablemsgb@yahoo.co.uk>

To: nddafx@myisp.net

Subject: how is life

X-Evolution-Source: mbox:/var/spool/mail/user

Mime-Version: 1.0

Hey whats up,

You are approved for re feyenance

Get signs, flat-fee MLS listings, contracts and free research.=20

With less-than-perfect iCRidit, you may be turned down by other leainders.=

 But we=92ll work hard to get you the money you need.

Our l o a n counselors are absolutely dedicated to finding you the best  l=

 o a n program, assisting you every step of the way and working very hard =

to secure your l o a n iapproval and closing within days, not months...wit=

h no last minute surprises.

US D $ 290 ,000       iL0 iANS        are avai lable for only $255 / month=

! WE'RE iPRACT ICALLY iGIVIiNG iAWAY MOiNEY!

COPY the Addreiss below and paste in your WEiB BROiWSER:

Bhavani.y838x.com

Valid for 24 Hrs.

Was Michael enjoying running early last month?.

Do you hate shaving badly?.

I'll study as soon as you have liked skiing..

The musicians have missed playing since a few days ago..

Did Debbie love jumping in front of the restaurant?.

Regards,

Emilia Hartman
```

----------

## magic919

SpamAssassin is a good tool but it will take time and effort to get it working well.  I don't know any single solution that will do a perfect job out of the box.

There is a lot to uinderstand about how SA works if you really want to learn it.  Head off to the website, read the wiki, do some searches.

You really need to spend time training it.  If it auto-learns as ham then teach it the message was spam.  With sa-learn it will forget the message and then learn as spam.

Don't get too fixated on the rules.  Some are large and hog resources for minimal benefit.  Rules are just part of SA.

I don't think the tests section means it is only running some tests.  It only shows tests that cause a match.  You may _think_ a rule should be hit but you'd need to check the actual rule content against the message to be sure.

Consider bolstering SA with add-ons to improve scores.

If you really want to get tough on spam then run your own mailserver and config that to be more picky.  You can block 80% of spam and not have to waste time and effort working out whether it is spam.

----------

## feardapenguin

I do tend to get anal about trying to analyze what I THINK the score should be.  Gotta learn to let SA do its job.

I'll admit my current SA setup has been doing a pretty good job over the last few days.  I'm getting about an 80% hit rate or better.  I'm sure that will improve as I train it.

I had some procmail rules to catch obvious spam before I began tweaking SA.  I'll probably reinstate those soon but I wanted to give SA a fair shot first just to get a feel for how well it could do on its own.

Thanks for all your help!

Cheers

----------

## Paloma

earlier I was using Spamassassin and also realized that "it doesn't work well".

some monts ago I have installed Spam Bully  .  it really impressed me with its ease of use and overall effectiveness.

Spam bully has a feature that allows to see detailed information about selected email..  information on why the message was blocked or allowed, also the ability to correct miscategorized messages, the sender's IP address, country, language, Bayesian rank and the ability to report the spammers.

----------

## feardapenguin

SA seems to be doing fairly well now.  In the last three days I've received 137 emails.  Out of that total 8 were ham.  Only 7 spam slipped through.  The rest were caught by SA.

----------

