Message flagged as spam missing original message - SpamAssassin

This is a discussion on Message flagged as spam missing original message - SpamAssassin ; All - My apologies if this has come up before - but I was unable to find anything relevant in the archives or while searching the docs... I've had a recent problem with a specific piece of mail that was ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Message flagged as spam missing original message

  1. Message flagged as spam missing original message

    All -

    My apologies if this has come up before - but I was unable to find
    anything relevant in the archives or while searching the docs...

    I've had a recent problem with a specific piece of mail that was flagged
    as spam - rightfully so in my opinion based on the flagged rules - but
    indeed wasn't.

    The problem is that it appears that spamassassin stripped the original
    message out after it flagged it as spam. I am running Exim 4.63 with
    SpamAssassin 3.2.5 being called via procmail.

    Upon delivery the message contained:

    1) The usual "Spam detection software, running on the system..." message
    2) The Content Preview
    3) A list of all the rules flagged and points applied to the message
    (see below)
    4) The original message headers (Date, From, To, Subject)

    but the original actual message seems to have disappeared... If a copy
    of the actual message as it was delivered is needed I can send it off list.

    I've checked the spamassassin and my smtp agent's (exim4) logs - but
    neither shows any warnings or errors for this message. My only guess at
    this point is from the "MIME_QP_LONG_LINE RAW" rule... is it possible
    that one line of the message was too long for spamassassin to parse so
    it dropped it? Or am I totally off track on this?

    The rules that tested positive on this message were:
    MISSING_MID, INVALID_DATE
    SPF_NEUTRAL
    DATE_IN_PAST_06_12
    HEADER_COUNT_CTYPE
    BAYES_00
    MIME_QP_LONG_LINE


    #SpamAssassin Log:

    Aug 29 11:49:37 spamd[20792]: spamd: connection from localhost
    [127.0.0.1] at port 35098
    Aug 29 11:49:37 spamd[20792]: spamd: setuid to succeeded
    Aug 29 11:49:37 spamd[20792]: netset: cannot include 127.0.0.0/8 as
    it has already been included
    Aug 29 11:49:37 spamd[20792]: spamd: processing message (unknown)
    for :
    Aug 29 11:49:38 spamd[20792]: spamd: identified spam (4.8/3.5) for
    : in 0.9 seconds, 1878 bytes.
    Aug 29 11:49:38 spamd[20792]: spamd: result: Y 4 -
    BAYES_00,DATE_IN_PAST_06_12,HEADER_COUNT_CTYPE,INV ALID_DATE,MIME_QP_LONG_LIN
    E,MISSING_MID,SPF_NEUTRAL
    scantime=0.9,size=1878,user=,uid=1,required_score=3.5,rhost=localhost,raddr=127.0.0. 1,rport=35098
    ,mid=(unknown),bayes=0.000000,autolearn=no


    Any help in figuring out what happened would be greatly appreciated.

    Thanks

    -Chris H

    --
    -Chris Henry
    Software Engineer
    Statistics
    (206)685-1627



  2. Re: Message flagged as spam missing original message

    On 02.09.08 12:01, Chris Henry wrote:
    > The problem is that it appears that spamassassin stripped the original
    > message out after it flagged it as spam. I am running Exim 4.63 with
    > SpamAssassin 3.2.5 being called via procmail.


    don't you use the '--headers' option to spamc? It causes spamd return only
    headers...
    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    I feel like I'm diagonally parked in a parallel universe.


  3. Re: Message flagged as spam missing original message

    Matus -

    No I didn't pass the --headers option to spamc. All the other messages
    in my system include the original message - this is the only one out of
    millions that stripped it.

    -Chris H

    Matus UHLAR - fantomas wrote:
    > On 02.09.08 12:01, Chris Henry wrote:
    >
    >> The problem is that it appears that spamassassin stripped the original
    >> message out after it flagged it as spam. I am running Exim 4.63 with
    >> SpamAssassin 3.2.5 being called via procmail.
    >>

    >
    > don't you use the '--headers' option to spamc? It causes spamd return only
    > headers...
    >



  4. Re: Message flagged as spam missing original message




    Chris Henry-7 wrote:
    >
    > Matus -
    >
    > No I didn't pass the --headers option to spamc. All the other messages
    > in my system include the original message - this is the only one out of
    > millions that stripped it.
    >
    > -Chris H
    >
    > Matus UHLAR - fantomas wrote:
    >> On 02.09.08 12:01, Chris Henry wrote:
    >>
    >>> The problem is that it appears that spamassassin stripped the original
    >>> message out after it flagged it as spam. I am running Exim 4.63 with
    >>> SpamAssassin 3.2.5 being called via procmail.
    >>>

    >>
    >> don't you use the '--headers' option to spamc? It causes spamd return
    >> only
    >> headers...
    >>

    >


    What does your .procmailrc look like?

    --
    View this message in context: http://www.nabble.com/Message-flagge...p19319356.html
    Sent from the SpamAssassin - Users mailing list archive at Nabble.com.


  5. Re: Message flagged as spam missing original message

    the .procmailrc is pretty straight forward - it's attached below.
    Basically all it does is scan for spam, then deliver to the users
    inbox. This particular user is still using the old mbox format... but
    that shouldn't matter.

    The procmail log for this message is completely normal:

    From @ Fri Aug 29 11:49:37 2008
    Subject: U10 Season
    Folder:
    /homes//mail/spam 4271

    -Chris H

    #.procmailrc
    #Directory for storing procmail log and rc files
    PMDIR=$HOME/.procmail
    LOGFILE=$PMDIR/log
    #
    #.procmailrc looks like:
    #
    UMASK=007

    # Look for spam if size is under 256 K
    :0fw
    * < 256000
    | /usr/bin/spamc

    :0
    * ^X-Spam-Flag: YES
    $HOME/mail/spam

    # invoke the Vacation program
    #INCLUDERC=$HOME/.procmail/.vacationrc

    :0:
    $HOME/mbox

    PileOfMush wrote:
    >
    > Chris Henry-7 wrote:
    >
    >> Matus -
    >>
    >> No I didn't pass the --headers option to spamc. All the other messages
    >> in my system include the original message - this is the only one out of
    >> millions that stripped it.
    >>
    >> -Chris H
    >>
    >> Matus UHLAR - fantomas wrote:
    >>
    >>> On 02.09.08 12:01, Chris Henry wrote:
    >>>
    >>>
    >>>> The problem is that it appears that spamassassin stripped the original
    >>>> message out after it flagged it as spam. I am running Exim 4.63 with
    >>>> SpamAssassin 3.2.5 being called via procmail.
    >>>>
    >>>>
    >>> don't you use the '--headers' option to spamc? It causes spamd return
    >>> only
    >>> headers...
    >>>
    >>>

    >
    > What does your .procmailrc look like?
    >
    >



+ Reply to Thread