Here is my story.
I notice a message been marked as spam. i clicked on it to see why it was marked as spam. this is what it showed:
Score Matching Rule Description
2.02 HELO_NO_DOMAIN
0.00 HTML_MESSAGE
1.00 ImageCerberusPLG1
1.27 RDNS_NONE
0.16 SHORT_HELO_AND_INLINE_IMAGE
3.00 SPOOF_COM2OTH
anyway to see the logs on why SPOOF_COM2OTH score was high for this particular message?
NOTE: Life would be a lot easier if the Matching Rule would have its Description
BTW To the EFA guys. Thanks for all the help you guys have giving me on this FORUM...
How to view logs for a particular SpamAssassin Rule
Re: How to view logs for a particular SpamAssassin Rule
You'll need to examine the Spamassassin rule sets, find the rule and then work out yourself why it was triggered
(in 3.0.0.7, built from scratch)
Without me trying to parse the regex, it looks like there's a funny url in the message trying to disguise itself as coming from somewhere else.
(in 3.0.0.7, built from scratch)
Code: Select all
cd /var/lib/spamassassin/3.004000/updates.spamassassin_org
[root@efa updates_spamassassin_org]# grep SPOOF_COM2OTH *
20_uri_tests.cf:uri SPOOF_COM2OTH m{^https?://(?:\w+\.)+?com\.(?!(?:[a-z]{2}\.)?s3\.amazonaws\.com)(?:\w+\.){2}}i
20_uri_tests.cf:describe SPOOF_COM2OTH URI contains ".com" in middle
50_scores.cf:score SPOOF_COM2OTH 2.999 2.999 2.877 2.723
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: How to view logs for a particular SpamAssassin Rule
You can run "Update Spammassassin Rule Descriptions" under tools to update the descriptions on the SA rules, if they have them.
Re: How to view logs for a particular SpamAssassin Rule
And that's much easier.
You only need to look at the spam assassin rules if you want to find out exactly what that condition is, assuming you can parse the regexes that is.
You only need to look at the spam assassin rules if you want to find out exactly what that condition is, assuming you can parse the regexes that is.