[OPENSUSE] - problème avec spamassassin qui "saute" des tests

- problème avec spamassassin qui "saute" des tests [OPENSUSE] - Logiciels - Linux et OS Alternatifs

Marsh Posté le 28-08-2009 à 11:52:08    

Bonjour,
 
J'ai un petit soucis avec un spamassassin, updaté, en prod, qui fonctionne plus ou moins bien. Je dis plus ou moins car 90% des spams qu'il laisse passer ne sont que testés sur 2 critères. Même si il y a en gros et en text "viagra" etc, il va laisser passer et donner un résultat lamentable au niveau du scoring (0.101).
 
Ci dessous, un log d'un mail qui parle de viagra, c'est spécifié plusieurs fois dans le sujet, et pourtant, comme vous pouvez le voir, cela passe avec un tout petit scoring.
 
Est ce que quelqu'un arrive à déchiffrer ce log et surtout, est ce que quelqu'un voit la raison pour laquelle SA ne ferai pas sont traitement correctement?
 
Merci d'avance!! hmm
 


Aug 27 03:39:49 SA-SERVER postfix/cleanup[14423]: 1E6D24F7B: message-id=<1251331665.0110@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER postfix/qmgr[15781]: 1E6D24F7B: from=<c_calista_qh@fulcrumproperty.com>, size=2981, nrcpt=1 (queue active)
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP< MAIL FROM:<c_calista_qh@fulcrumproperty.com> SIZE=2981 BODY=7BIT\r\n
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (debug_sender) => undef, "c_calista_qh@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP> 250 2.1.0 Sender <c_calista_qh@fulcrumproperty.com> OK
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090827T003241-12820: <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch> SIZE=2981 BODY=7BIT Received: from SA-SERVER.cla.ch ([127.0.0.1]) by localhost (SA-SERVER.cla.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <user1@cla.ch>; Thu, 27 Aug 2009 03:39:49 +0200 (CEST)
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) Checking: 7NNRjaw-XrHk [192.168.1.119] <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) 2822.From: <c_calista_qh@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup_acl(c_calista_qh@fulcrumproperty.com), no match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (snp1) => undef, "c_calista_qh@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) wbl: checking sender <c_calista_qh@fulcrumproperty.com>
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: c_calista_qh@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, .fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup_hash(c_calista_qh@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (blacklist_sender) => undef, "c_calista_qh@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: c_calista_qh@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, .fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup_hash(c_calista_qh@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (whitelist_sender) => undef, "c_calista_qh@fulcrumproperty.com" does not match
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup_re("c_calista_qh@fulcrumproperty.com" ), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) query_keys: c_calista_qh@fulcrumproperty.com, c_calista_qh@, fulcrumproperty.com, .fulcrumproperty.com, .com, .
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup_hash(c_calista_qh@fulcrumproperty.com), no matches
Aug 27 03:39:49 SA-SERVER amavis[12820]: (12820-17) lookup (score_sender<c_calista_qh@fulcrumproperty.com> ) => undef, "c_calista_qh@fulcrumproperty.com" does not match
[b]Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) SPAM-TAG, <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>, No, score=0.101 tagged_above=-9999 required=2.2 tests=[HTML_MESSAGE=0.001, RDNS_NONE=0.1][/b]
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) smtp cmd> MAIL FROM:<c_calista_qh@fulcrumproperty.com> BODY=7BIT
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) rw_loop sent 120> MAIL FROM:<c_calista_qh@fulcrumproperty.com> BODY=7BIT\r\nRCPT TO:<user1@cla.ch> ORCPT=rfc822;user1@cla.ch\r\nDATA\r\n
Aug 27 03:39:53 SA-SERVER postfix/cleanup[14423]: AD2FB4F7D: message-id=<1251331665.0110@fulcrumproperty.com>
Aug 27 03:39:53 SA-SERVER postfix/qmgr[15781]: AD2FB4F7D: from=<c_calista_qh@fulcrumproperty.com>, size=3533, nrcpt=1 (queue active)
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) FWD via SMTP: <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>,BODY=7BIT 250 2.0.0 Ok, id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AD2FB4F7D
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) DSN: sender NOT credible <c_calista_qh@fulcrumproperty.com>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) lookup (spam_dsn_cutoff_level_bysender) => true,  "c_calista_qh@fulcrumproperty.com" matches, result="10", matching_key="(constant:10)"
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) dsn: from MTA 250 NonBlocking:CleanTag <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, mta_resp: "250 2.0.0 Ok, id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AD2FB4F7D"
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) DSN: SUCC from MTA 250 NonBlocking:CleanTag, no DSN requested: <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) one_response_for_all <c_calista_qh@fulcrumproperty.com>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.0.0 Ok, id=12820-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as AD2FB4F7D'
Aug 27 03:39:53 SA-SERVER amavis[12820]: (12820-17) Passed CLEAN, [192.168.1.119] [190.175.166.169] <c_calista_qh@fulcrumproperty.com> -> <user1@cla.ch>, Message-ID: <1251331665.0110@fulcrumproperty.com>, mail_id: 7NNRjaw-XrHk, Hits: 0.101, size: 2978, queued_as: AD2FB4F7D, 4599 ms


 
 
 
Le mail en question contient ceci :
 
Buy ViagraCialisLevitr from $1.20 per pill
 
Secure & Safe Canadian Pharmacy is offering all pills at discounted prices. Buy CialisViagraLevitr, Propecia, Acomplia, Xenica1, VPXL, Tamiflu....... Prices Starting from $1.20
Buy Generic from $1.20 [LowPrice - Free Pills - Discount]
 
... ce qui est quand même des plus explicits....!!!

Reply

Marsh Posté le 28-08-2009 à 11:52:08   

Reply

Marsh Posté le 08-09-2009 à 10:46:13    

Bonjour, en fait au vue du log, on dirait qu'il ne fait que vérifier l'adresse et rien sur le contenu du mail (entête etc).


---------------
"C'est vrai qu'un type aussi pénible de jour on serait en droit d'espérer qu'il fasse un break de nuit mais bon …"
Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed