spamassassin problem

[eivinn]

My SpamAssassin setup seems to be acting strange. The header is written like this:

Code: Select all

Received: from localhost [127.0.0.1] by server.domain.com
	with SpamAssassin (2.60 1.212-2003-09-23-exp);
	Sun, 19 Oct 2003 09:32:15 +0200
From: "Sonny Olson" <migdalialoa@bluebottle.com>
To: user@domain.com
Subject: Fill up your calender with ~S-E-X~ :) .. klqqxcibewos
Date: Sun, 19 Oct 03 02:23:00 GMT
Message-Id: <19o4ib8vnnv7u2j$2--8-dfmd95sdgl@alp.1u212>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_3F923DFF.44919961"
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	server.domain.com
X-Spam-Level: *****
X-Spam-Status: No, hits=5.9 required=7.5 tests=DATE_IN_PAST_03_06,
	DATE_SPAMWARE_Y2K,HTML_40_50,HTML_FONTCOLOR_BLUE,
	HTML_FONTCOLOR_UNKNOWN,HTML_FONT_BIG,HTML_MESSAGE autolearn=no 
	version=2.60


This is a multi-part message in MIME format.

But text added to top of e-mail is:

Code: Select all

Spam detection software, running on the system "server.domain.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
root@localhost for details.

Content preview:  chancel
  URI:http://rd.yahoo.com/strengthen/quitting/*http://BangMatch.com/wmaster.asp?WID3451925820
  BangMatch.com BYE-BYE CYBER!! HELLOOOO REAL TIME!!
  URI:http://rd.yahoo.com/abode/mathematik/*http://BangMatch.com/emailimages/bangmatch1_1.gif
  [...] 

Content analysis details:   (18.5 points, 7.5 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 4.4 DATE_SPAMWARE_Y2K      Date header uses unusual Y2K formatting
 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
 0.1 HTML_FONTCOLOR_BLUE    BODY: HTML font color is blue
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.1 HTML_FONT_BIG          BODY: HTML has a big font
 0.1 HTML_70_80             BODY: Message is 70% to 80% HTML
 0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 0.7 MIME_HTML_NO_CHARSET   RAW: Message text in HTML without charset
 0.7 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
 1.1 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                            [<http://dsbl.org/listing?ip=210.85.226.188>]
 1.1 RCVD_IN_NJABL_PROXY    RBL: NJABL: sender is an open proxy
                            [210.85.226.188 listed in dnsbl.njabl.org]
 1.1 RCVD_IN_SORBS_MISC     RBL: SORBS: sender is open proxy server
                            [210.85.226.188 listed in dnsbl.sorbs.net]
 2.5 RCVD_IN_DYNABLOCK      RBL: Sent directly from dynamic IP address
                            [Dynamic/Residential IP range listed by]
            [easynet.nl DynaBlock - <http://dynablock.easynet.nl/errors.html>]
 0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org
                            [210.85.226.188 listed in dnsbl.njabl.org]
 0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                            [210.85.226.188 listed in dnsbl.sorbs.net]

 0.1 RCVD_IN_RFCI           RBL: Sent via a relay in ipwhois.rfc-ignorant.org
                            [Inaccurate or missing WHOIS data]
 1.2 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE
 1.1 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
 1.1 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 1.1 MIME_HTML_ONLY_MULTI   Multipart message only has text/html MIME parts
 1.6 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

How can I fix this?? I'm using procmail to move spam to another folder, but since SpamAssassin isn't marking headers correctly it's not working as I would like it to.

[weltraumfahrer]

Hi,
> X-Spam-Status: No, hits=5.9 required=7.5 ...

put in your '~/.spamassassin/user_prefs' or in '/etc/mail/spamassassin/local.cf'

# How many hits before a mail is considered spam.
required_hits 5

Frank

[eivinn]

Well, that's not the problem is it?

The problem is that the header does only count 6 of the checks, but in the body there are 21 checks that should be counted as points.

My /et/mail/spamassassin/local.cf :

Code: Select all

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits           7.5

# Whether to change the subject of suspected spam
rewrite_subject         0

# Text to prepend to subject if rewrite_subject is used
subject_tag             *****SPAM*****

# Encapsulate spam in an attachment
report_safe             1

# Use terse version of the spam report
use_terse_report        0

# Enable the Bayes system
use_bayes               1

# Enable Bayes auto-learning
auto_learn              1

# Enable or disable network checks
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - danish english norwegian swedish
ok_languages            da en no sv

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales              en

[eivinn]

Last check...

Has anyone else got this problem besides me? Should I open a new bug?
I haven't found out anything about this from google, or these forums.

[eivinn]

Found the problem:

Spamassassin was filtering the mails twice. E.g. don't filter mails in both /etc/procmailrc and ~/.procmailrc