[exim] Oddity in spam filtering: negative scores still produ…

Top Pagina
Delete this message
Reply to this message
Auteur: John Robinson
Datum:  
Aan: exim-users
Onderwerp: [exim] Oddity in spam filtering: negative scores still produce "possible spam" message in X-Spam-Report
Hi! I'm afraid this is a stupid newbie question, but I haven't found an
answer elsewhere; apologies if I've not looked carefully enough.

I've just installed a fresh system with CentOS 4, using
exim-4.43-1.RHEL4.5.i386.rpm from CentOS and
spamassassin-3.1.5-1.el4.rf.i386.rpm from rpmforge (also clamav-0.88.4
but that's not the problem), and used pretty much the stock
configuration, which follows most of the suggestions at
http://www.timj.co.uk/linux/Exim-SpamAndVirusScanning.pdf , and I've
added bits and pieces from the spec file and exim.org wiki. It's mostly
working fine.

The odd thing is, I'm getting the following in messages delivered on the
box:
X-Spam-Score: -1.4 (-)
X-Spam-Report: Spam detection software, running on the system
    "yuiop.plus.com", has identified this incoming email as possible
    spam.  The original message has been attached to this so you can
    view it (if it isn't spam) or label similar future email.  If
    you have any questions, see the administrator of that system for
    details.
    Content preview:
[etc]


Now, clearly it's not spam. Checking the logs for what spamd thought shows:

Sep 8 16:09:58 yuiop spamd[22421]: spamd: connection from
yuiop.plus.com [127.0.0.1] at port 32814
Sep 8 16:09:58 yuiop spamd[22421]: spamd: setuid to nobody succeeded
Sep 8 16:09:58 yuiop spamd[22421]: spamd: checking message
<450187D9.9090205@???> for nobody:99
Sep 8 16:09:59 yuiop spamd[22421]: spamd: clean message (-1.4/5.0) for
nobody:99 in 0.5 seconds, 2667 bytes.
Sep 8 16:09:59 yuiop spamd[22421]: spamd: result: . -1 - ALL_TRUSTED
scantime=0.5,size=2667,user=nobody,uid=99,required_score=5.0,rhost=yuiop.plus.com,raddr=127.0.0.1,rport=32814,mid=<450187D9.9090205@???>,autolearn=ham

I'm running spamd with the options "-d -m3 --max-conn-per-child=25", and
my local.cf specifies "required_hits 5".

And for completeness, my main.log shows:
2006-09-08 16:09:59 1GLhzS-0003eZ-DF <= john.robinson@???
H=([192.168.1.10]) [192.168.1.10] P=esmtpsa X=TLSv1:AES256-SHA:256
A=plain:john S=4767 id=450187D9.9090205@???
2006-09-08 16:09:59 1GLhzS-0003eZ-DF => john
john.robinson@???> R=localuser T=local_delivery
2006-09-08 16:09:59 1GLhzS-0003eZ-DF Completed

I suspect I've missed something very simple; can anyone here help? I've
attached my exim.conf; I hope the list etiquette tolerates this use of MIME.

Cheers,

John.