spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: USER_IN_BLACKLIST identified but not rep

Re: USER_IN_BLACKLIST identified but not reported as spam

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Sat Dec 03 2011 - 18:52:15 GMT
To: Bruno Costacurta <techie@costacurta.org>

On 12/3/2011 1:46 PM, Bruno Costacurta wrote:
>>> note : spamassassin version = 3.3.1, called from Postfix as spamd,
>>> platform is Debian stable Squeeze
>>>
>>> I configured a test blacklist user in /etc/spamassassin/local.cf.
>>> Indeed the blacklist user is identified as below via process spamd
>>> in Postfix mail.info :
>>>
>>> ..etc..
>>> spamd: result: Y 97 -
>>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
>>> ..etc..
>>>
>>> However the header do not mention it, and the score is negative so
>>> the email is considered as a non-spam.
>>>
>>> X-Spam-Status: No, score=-2.6 required=2.0
>>> tests=BAYES_00,FREEMAIL_FROM,
>>> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
>>> autolearn=ham version=3.3.1
>>>
>>> In file /usr/share/spamassassin/50_scores.cf :
>>> score USER_IN_BLACKLIST 100.000
>>>
>>> In /etc/spamassassin/local.cf
>>> blacklist_from here-a-test-email-address@gmail.com
>>>
>>> Something is missing ?
>>> Do I need to configure more than the local.cf file ?
>>
>> Looks like you are calling spamassassin more than once on the same
>> email. And a required score of 2.0 is not a very good idea IMO.
>>
>> Regards,
>> KAM
>
>
> Hummm...log mail.info only reflect more than one treatment by
> spamassassin.
> See processes hereafter.
>
> ...
> Dec 3 19:36:55 vps622 postfix/smtpd[7541]: 8D3653574419:
> client=mail-pz0-f47.google.com[209.85.210.47]
> Dec 3 19:36:55 vps622 postfix/cleanup[7543]: 8D3653574419:
> message-id=<CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com>
> Dec 3 19:36:55 vps622 postfix/qmgr[19645]: 8D3653574419:
> from=<bad@zzzz.com>, size=1476, nrcpt=1 (queue active)
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: connection from localhost
> [127.0.0.1] at port 60247
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: setuid to spamfilter succeeded
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: processing message
> <CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com>
> for spamfilter:5001
> Dec 3 19:36:56 vps622 spamd[1165]: spamd: identified spam (97.5/2.0)
> for spamfilter:5001 in 1.0 seconds, 1512 bytes.
> Dec 3 19:36:56 vps622 spamd[1165]: spamd: result: Y 97 -
> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
> scantime=1.0,size=1512,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=60247,mid=<CADwU8diy+PZ5hQvLpTuE8Ljwa5rGbwATkF+=tyKGhfegpYCRUQ@mail.gmail.com>,bayes=0.000000,autolearn=no
>
> Dec 3 19:36:57 vps622 spamd[1164]: prefork: child states: II
> Dec 3 19:36:57 vps622 postfix/pipe[7544]: 8D3653574419:
> to=<xxxx@yyyyyyy.org>, relay=myprocmail, delay=2.4,
> delays=1.3/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via
> myprocmail service)

Well this one is a score of 97.5 and indicates user_in_blacklist worked:
spamd: result: Y 97 -
BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
..etc..

This header indicates a different score and not spam and no
user_in_blacklist:

X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
autolearn=ham version=3.3.1

That header is coming from somewhere...

However, the required=2.0 is highly odd. Try changing to required=2.1
or something similar in your local.cf and see if you get two different
required scores.

regards,
KAM