spam getting through in sa-exim w/ scores of 0 even with matched patterns

To: debian-user@lists.debian.org
Subject: spam getting through in sa-exim w/ scores of 0 even with matched patterns
From: Eric Agnew <agnew@geekhive.net>
Date: Tue, 11 Jul 2006 22:31:15 +0900
Message-id: <[🔎] 20060711133115.GA8730@goku.geekhive.net>

Lately I've been getting a lot of spam that comes through with a score of
0 even after it matches several spam patterns (usually EMPTY_MESSAGE,
MISSING_SUBJECT, etc.).  It should be getting a high score at SMTP time
(via sa-exim) and thus rejected then, but somehow it's slipping through.
If I run spamassassin on the same message again, it shows up w/ the same
rules matched, and a high score (which would have caused it to be
rejected).

Here's an example message:

-=-=-=-=-BEGIN SPAM EXAMPLE-=-=-=-=-
>From Gillisarchitect@representative.com Tue Jul 11 21:54:58 2006
From: "Gillis" <Gilliscosmetic@engineer.com>
Subject: I have ssex much longer, because I take Exxtra-Time!

How are you bro ? Thousands of couples broke down because of them, making both parties unhappy. The great thing about Extra-Time is that it works, making you last longer from the very first time. We all hate her saying her previous partner did not finish that soon. You may find what you need here: [URL snipped] Keep her satisfied tonight and any night in the future. She'll love it!
-=-=-=-=-=END SPAM EXAMPLE=-=-=-=-=-

Now, when it comes through the first time, it has the following SA header:

X-Spam-Status: No, score=0.0 required=5.0 tests=EMPTY_MESSAGE,MISSING_SUBJECT,
	NO_RECEIVED,SARE_HTML_NO_BODY,SARE_HTML_NO_BODY_TO,TO_CC_NONE 
	autolearn=no version=3.1.1

However, noting that it should obviously be marked as spam and have a
higher score (esp. since I've modified my config to score EMPTY_MESSAGE at
6), I ran the same message through spamc again (using spamc -u
Debian-exim, as it should be running when it comes in under sa-exim), and
it becomes this:

X-Spam-Status: Yes, score=21.3 required=5.0 tests=AWL,BAYES_95,
	FORGED_RCVD_HELO,RCVD_IN_XBL,TW_XX,URIBL_SBL,URIBL_SC_SURBL,
	USER_IN_BLACKLIST_TO autolearn=no version=3.1.1

The following package/versions are installed:
ii  exim4-base          4.62-1
ii  exim4-config        4.62-1
ii  exim4-daemon-heavy  4.62-1
ii  sa-exim             4.2.1-2
ii  spamassassin        3.1.1-1

Any ideas what could be causing certain messages to not go through spamassassin
correctly?  The vast majority of spam gets caught & rejected at smtp time, so I
don't know why certain messages are slipping through (usually in groups)...

Please Cc: replies, as I'm not subscribed to the ML...  Thanks.

-- 
Eric Agnew                                       agnew at geekhive dot net

Reply to:

Prev by Date: Re: Testing and honesty
Next by Date: Re: SID, Gnome and default media player
Previous by thread: Re: Force kill a process?
Next by thread: Battery monitor and sound adjust short cut
Index(es):
- Date
- Thread