[SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete

wayne wayne at midwestcs.com
Fri Apr 30 13:46:27 PDT 2004

Previous message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In <20040430170631.GA13836 at freshdot.net> Sander Smeenk <ssmeenk at freshdot.net> writes:

> Quoting Wayne Schlitt (wayne at midwestcs.com):
>
>> I happen to run SpamAssassin twice on each email, once using SA-Exim and
>> once using procmail.  I noticed that the scores from procmail were
>> higher, often *MUCH* higher so I investigated a little bit and found
>> that the DNSBL checks weren't being done in SA-Exim.
>
> Uhm, i'm forwarding this upstream, [...]

The reason why I re-filled the Debian bug was because the more I
thought about it, the more I figured it was an up-stream bug.  That's
when I discovered that I should have used sa-exim rather than
sa-exim4.



>  [...]                             but you are aware that when you run
> spamc it uses your spamassassin settings, bayes databases,
> autowhitelists, and when sa-exim runs spamc it uses 'nobody''s settings,
> which most probably do not exist.

Yes, I'm aware of this, although sa-exim appears to use Debian-exim
rather than nobody.  In particular, the Bayesian database hasn't been
filled out for "Debian-exim" as well.  This is, in part, because I
haven't been running sa-exim as long as I have been running
SpamAssassin through procmail, but it is also in part because sa-exim
isn't auto-learning as much due to the lack of DNSBL checks.



> Seems like you did a good job investigating the problem. I'd really like
> to see the Spam Tests that sa-exim's spamc-run found, and the Spam Tests
> that you found.


Here are two examples from today.  I can't explain all the
differences, but the lack of DNSBL checks is very consistent.


Example 1:

SA results from procmail:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	backbone.midwestcs.com
X-Spam-Level: *********
X-Spam-Status: Yes, hits=9.6 required=4.0 tests=BAYES_99,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS autolearn=no 
	version=2.63



SA results from SA-exim:

X-SA-Exim-Connect-IP: 217.42.255.98
X-SA-Exim-Mail-From: QIFRP at msn.com
Subject: SPAM: 04.20 Why are you paying full price for your meds? 8PC6dsN2AV
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	backbone.midwestcs.com
X-Spam-Level: ****
X-Spam-Status: Yes, hits=4.2 required=4.0 tests=BAYES_60,
	HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI 
	autolearn=no version=2.63
Content-Type: multipart/mixed; boundary="----------=_40921C07.BF957B3B"
X-SA-Exim-Version: 4.0 (built Tue, 16 Mar 2004 19:40:56 +0100)
X-SA-Exim-Scanned: Yes (on backbone.midwestcs.com)


(wayne at footbone) $ host 98.255.42.217.bl.spamcop.net
98.255.42.217.bl.spamcop.net	A	127.0.0.2
(wayne at footbone) $ host 98.255.42.217.dnsbl.sorbs.net
98.255.42.217.dnsbl.sorbs.net	A	127.0.0.10

Sorbs 127.0.0.10 will trigger both the RCVD_IN_DYNABLOCK and
RCVD_IN_SORBS SA checks.


------

Example 2:

SA results from procmail:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	backbone.midwestcs.com
X-Spam-Level: ************
X-Spam-Status: Yes, hits=12.1 required=4.0 tests=BAYES_99,
	HTML_FONTCOLOR_UNKNOWN,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_HTML_ONLY,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP 
	autolearn=no version=2.63



SA results from SA-exim:

X-SA-Exim-Connect-IP: 68.124.89.142
X-SA-Exim-Mail-From: gretchenoneil_ls at travelnet.no
Subject: Visit our Internet pharmacy, buy Víagra and many other meds.
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	backbone.midwestcs.com
X-Spam-Level: *
X-Spam-Status: No, hits=1.5 required=4.0 tests=BAYES_50,
	HTML_FONTCOLOR_UNKNOWN,HTML_IMAGE_ONLY_04,HTML_MESSAGE,MIME_HTML_ONLY 
	autolearn=no version=2.63
X-SA-Exim-Version: 4.0 (built Tue, 16 Mar 2004 19:40:56 +0100)
X-SA-Exim-Scanned: Yes (on backbone.midwestcs.com)


(wayne at footbone) $ host 142.89.124.68.bl.spamcop.net
142.89.124.68.bl.spamcop.net	A	127.0.0.2
(wayne at footbone) $ host 142.89.124.68.dnsbl.njabl.org
142.89.124.68.dnsbl.njabl.org	A	127.0.0.3

Najabl 127.0.0.3 will trigger both the RCVD_IN_NJABL_DIALUP and
RCVD_IN_NJABL SA checks.



-wayne

Previous message: [SA-exim] Re: Bug#246715: sa-exim: network checks are failing because headers are incomplete
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SA-Exim mailing list