spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Costacurta <tec...@costacurta.org>
Subject [SOLVED] Re: USER_IN_BLACKLIST identified but not reported as spam
Date Sat, 03 Dec 2011 20:41:11 GMT

Quoting "Kevin A. McGrail" <KMcGrail@PCCC.com>:

> On 12/3/2011 1:46 PM, Bruno Costacurta wrote:
>>>> note : spamassassin version = 3.3.1, called from Postfix as  
>>>> spamd, platform is Debian stable Squeeze
>>>>
>>>> I configured a test blacklist user in /etc/spamassassin/local.cf.
>>>> Indeed the blacklist user is identified as below via process  
>>>> spamd in Postfix mail.info :
>>>>
>>>> ..etc..
>>>> spamd: result: Y 97 -
>>>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
 
>>>> ..etc..
>>>>
>>>> However the header do not mention it, and the score is negative  
>>>> so the email is considered as a non-spam.
>>>>
>>>> X-Spam-Status: No, score=-2.6 required=2.0  
>>>> tests=BAYES_00,FREEMAIL_FROM,  
>>>> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID  
>>>> autolearn=ham version=3.3.1
>>>>
>>>> In file /usr/share/spamassassin/50_scores.cf :
>>>> score USER_IN_BLACKLIST 100.000
>>>>
>>>> In /etc/spamassassin/local.cf
>>>> blacklist_from   here-a-test-email-address@gmail.com
>>>>
>>>> Something is missing ?
>>>> Do I need to configure more than the local.cf file ?
>>>
>>> Looks like you are calling spamassassin more than once on the same  
>>> email.  And a required score of 2.0 is not a very good idea IMO.
>>>
>>> Regards,
>>> KAM
>>
>>
>> Hummm...log mail.info only reflect more than one treatment by spamassassin.
>> See processes hereafter.
>>
>> ...
>> Dec  3 19:36:55 vps622 postfix/smtpd[7541]: 8D3653574419:  
>> client=mail-pz0-f47.google.com[209.85.210.47]
>> Dec  3 19:36:55 vps622 postfix/cleanup[7543]: 8D3653574419:  
>> message-id=<CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com>
>> Dec  3 19:36:55 vps622 postfix/qmgr[19645]: 8D3653574419:  
>> from=<bad@zzzz.com>, size=1476, nrcpt=1 (queue active)
>> Dec  3 19:36:55 vps622 spamd[1165]: spamd: connection from  
>> localhost [127.0.0.1] at port 60247
>> Dec  3 19:36:55 vps622 spamd[1165]: spamd: setuid to spamfilter succeeded
>> Dec  3 19:36:55 vps622 spamd[1165]: spamd: processing message  
>> <CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com> for  
>> spamfilter:5001
>> Dec  3 19:36:56 vps622 spamd[1165]: spamd: identified spam  
>> (97.5/2.0) for spamfilter:5001 in 1.0 seconds, 1512 bytes.
>> Dec  3 19:36:56 vps622 spamd[1165]: spamd: result: Y 97 -  
>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
scantime=1.0,size=1512,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=60247,mid=<CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com>,bayes=0.000000,autolearn=no
Dec  3 19:36:57 vps622 spamd[1164]: prefork: child states:  
>> II
>> Dec  3 19:36:57 vps622 postfix/pipe[7544]: 8D3653574419:  
>> to=<xxxx@yyyyyyy.org>, relay=myprocmail, delay=2.4,  
>> delays=1.3/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via  
>> myprocmail service)
>
> Well this one is a score of 97.5 and indicates user_in_blacklist worked:
> spamd: result: Y 97 -
> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
 
> ..etc..
>
> This header indicates a different score and not spam and no  
> user_in_blacklist:
>
> X-Spam-Status: No, score=-2.6 required=2.0  
> tests=BAYES_00,FREEMAIL_FROM,  
> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID  
> autolearn=ham version=3.3.1
>
> That header is coming from somewhere...
>
> However, the required=2.0 is highly odd.  Try changing to  
> required=2.1 or something similar in your local.cf and see if you  
> get two different required scores.
>
> regards,
> KAM

Solved.
Indeed it was already working previously.
My confusion came from my reading of the file mail.info
In fact for USER_IN_BLACKLIST there is *no* indication like the following :

For a real spam the following is indicated in the log file.
Obviously this is not the case for USER_IN_BLACKLIST.

...
spamd: identified spam (5.0/2.0) for spamfilter:5001 in 0.6 seconds,  
1451 bytes.
...

Thanks for your attention.

Bye,
Bruno

Mime
View raw message