[TAG] John Karns's post tripped some spam filters

Neil Youngman ny at youngman.org.uk
Mon Aug 14 12:22:21 MSD 2006 

On or around Monday 14 August 2006 08:56, Rick Moen reorganised a bunch of 
electrons to form the message:
> Hmm, John's post got held by Mailman, claiming that SpamAssassin had
> marked it as "possible spam".  Let's have a look at what got into
> Mailman and SpamAssassin's tiny little brains:
>
>
> Received: from [201.245.212.45] (port=33475 helo=localhost.localdomain)
> 	 by linuxmafia.com with esmtp   (Exim 4.61 #1 (EximConfig 2.0))
> 	 id 1GCMEs-0005t8-Hg
> 	for <tag at lists.linuxgazette.net>; Sun, 13 Aug 2006 13:07:21 -0700
> Received: by localhost.localdomain (Postfix, from userid 1000)
> 	id 371D323055; Sun, 13 Aug 2006 15:07:01 -0500 (COT)
> Received: from localhost (localhost [127.0.0.1])
> 	by localhost.localdomain (Postfix) with ESMTP id 31E942303E;
> 	Sun, 13 Aug 2006 15:07:01 -0500 (COT)
> Date: Sun, 13 Aug 2006 15:07:01 -0500 (COT)
> From: John Karns <jkarns at etb.net.co>
> X-X-Sender: jkarns at localhost.localdomain
> To: jeff at jeffroot.us
> cc: tag at lists.linuxgazette.net
> In-Reply-To: <17630.47578.208478.397536 at localhost.localdomain>
> Message-ID: <Pine.LNX.4.61.0608131345520.21008 at localhost.localdomain>
> References: <17621.16287.466717.206264 at localhost.localdomain>
>  <20060806022547.GA3848 at linuxgazette.net>
> <17621.34053.297464.620391 at localhost.localdomain>
> <20060807030821.GA3903 at linuxgazette.net>
> <Pine.LNX.4.61.0608091621130.12020 at localhost.localdomain>
> <20060809214806.GA4892 at linuxgazette.net>
> <Pine.LNX.4.61.0608121407330.836 at localhost.localdomain>
> <17630.47578.208478.397536 at localhost.localdomain>
> MIME-Version: 1.0
> X-SA-Do-Not-Run: Yes
> X-EximConfig: v2.0 on linuxmafia.com (http://www.jcdigita.com/eximconfig)
> X-SA-Exim-Connect-IP: 201.245.212.45
> X-SA-Exim-Mail-From: jkarns at etb.net.co
> X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on linuxmafia.com
> X-Spam-Level: ***
> X-Spam-Status: No, score=3.5 required=4.0
> tests=AWL,BAYES_00,FORGED_RCVD_HELO,
> RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,RCVD_IN_SORBS,RCVD_IN_SORBS_DUL
> 	autolearn=no version=3.1.1
> Subject: Re: [TAG] LG 127 Wifi
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> X-SA-Exim-Version: 4.2.1 (built Mon, 27 Mar 2006 13:42:28 +0200)
> X-SA-Exim-Scanned: Yes (on linuxmafia.com)
>
>
>
> The weird thing is, it was Mailman that objected to your message and
> held it for my manual approval, claiming that SpamAssassin had flagged
> it as "possible spam" -- yet, as you can see, SA's score was 3.5, well
> below the 4.0 spamicity threshold I set in SpamAssassin.  I'm not sure
> what's going on _there_.

It could be looking at the "X-Spam-Level: ***" and deciding that's a match, 
rather than looking at "X-Spam-Status: No"?

I have previously seen filter rules that filter on X-Spam-Level rather than 
X-Spam-Status, which could easily generate this sort of inconsistency.

Neil

More information about the TAG mailing list