[SA-exim] sapamassissaing check and process

Raphael Bauduin rblists at gmail.com
Fri Jun 18 05:37:00 PDT 2010


Hi,

I'm trying to help someone using Exim with the Debian packaged
spamassassin 3.2.5-2 and sa-exim 4.2.1-11
I've looked for information on how a mail is processed precisely but
didn't find any explanation of the following.

In the spamd logs, I see that each mail is processed 2 times: one
"checking" the mail, one "processing" the mail. I've looked for
information on these two steps, but didn't find any.
Here's an example:

Jun 18 14:20:25 vsExim4 spamd[13098]: spamd: connection from localhost
[127.0.0.1] at port 55664
Jun 18 14:20:25 vsExim4 spamd[13098]: spamd: setuid to Debian-exim succeeded
Jun 18 14:20:25 vsExim4 spamd[13098]: spamd: checking message
<4C1B6488.80502 at XXXX> for Debian-exim:102
Jun 18 14:20:26 vsExim4 spamd[13098]: spamd: clean message (-3.3/5.0)
for Debian-exim:102 in 1.7 seconds, 1154 bytes.
Jun 18 14:20:26 vsExim4 spamd[13098]: spamd: result: . -3 -
ALL_TRUSTED,AWL,BAYES_00
scantime=1.7,size=1154,user=Debian-exim,uid=102,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=55664,mid=<4C1B6488.80502 at XXXX>,bayes=0.000000,autolearn=ham
Jun 18 14:20:26 vsExim4 spamd[14908]: spamd: connection from localhost
[127.0.0.1] at port 55670
Jun 18 14:20:26 vsExim4 spamd[14908]: spamd: setuid to Debian-exim succeeded
Jun 18 14:20:26 vsExim4 spamd[14908]: spamd: processing message
<4C1B6488.80502 at XXXX> for Debian-exim:102
Jun 18 14:20:26 vsExim4 spamd[18117]: prefork: child states: IB

A problem I encountered is that the two steps have different
results.Here's an example:

According to my understanding, the checking step had a score of 3.9
(put in the header to X-Spam_score)
with this info in the X-Spam_report header:
       0.0 HTML_MESSAGE           BODY: HTML included in message
      2.0 HTML_IMAGE_ONLY_04     BODY: HTML: images with 0-400 bytes of words
      -1.1 BAYES_05               BODY: Bayesian spam probability is 1 to 5%
      [score: 0.0336]
      1.4 MIME_QP_LONG_LINE      RAW: Quoted-printable line longer than 76 chars
      0.6 DC_PNG_UNO_LARGO       Message contains a single large inline gif
      0.0 DC_IMAGE_SPAM_TEXT     Possible Image-only spam with little text
      0.0 DC_IMAGE_SPAM_HTML     Possible Image-only spam
      1.0 AWL                    AWL: From: address is in the auto white-list

The processing on the other hand generated this:
 X-Spam-Status: Yes, score=6.9 required=5.0 tests=AWL,BAYES_95,
      DC_IMAGE_SPAM_HTML,DC_IMAGE_SPAM_TEXT,DC_PNG_UNO_LARGO,HTML_IMAGE_ONLY_04,
      HTML_MESSAGE,MIME_QP_LONG_LINE autolearn=no version=3.2.5

The difference is:
* BAYES_95 in place of BAYES_05
* score is 6.9 in place of 3.9

My questions are then:
- is it normal to have the messages handled twice, once for check,
once for process?
- is this configured somewhere?

Thanks in advance for your help!

Raph

-- 
Web database: http://www.myowndb.com
Free Software Developers Meeting: http://www.fosdem.org



More information about the SA-Exim mailing list