Hello, everyone
Im wonder, this test, which doesnt seem to be in the original Spamassassin, IMHO, seems a bit too high of a score, as it seems to just identify the email came from a PHP script...
Any thoughts?
X-efa-SpamCheck: not spam, SpamAssassin (not cached, score=3.452,
required 4, autolearn=disabled, PHP_ORIG_SCRIPT 2.25,
SUBJECT_NEEDS_ENCODING 0.10, SUBJ_ILLEGAL_CHARS 1.10)
X-efa-SpamScore: 3
The email itself simply has:
X-PHP-Originating-Script: 786:orcamento.php
Thanks!
Robert
PHP_ORIG_SCRIPT not too high?
Re: PHP_ORIG_SCRIPT not too high?
Hi,
you can edit the score in /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf
I am running EFA 3.0.0.9 and my scores are
score PHP_ORIG_SCRIPT 0.500 2.245 0.500 2.245
I assume, that you have a different ruleset base because it is 2.25 in your posting.
This might be because of updates....
The rule itself is specified in 72_active.cf and as far as I understand it is not simply the PHP scripüt, that matters
##{ PHP_ORIG_SCRIPT
meta PHP_ORIG_SCRIPT __PHP_ORIG_SCRIPT_SONLY && !ALL_TRUSTED && !__SUBSCRIPTION_INFO
describe PHP_ORIG_SCRIPT Sent by bot & other signs
#score PHP_ORIG_SCRIPT 2.500 # limit
tflags PHP_ORIG_SCRIPT publish
##} PHP_ORIG_SCRIPT
Maybe you should investigate the other rules for your sender. I understand, that PHP_ORIG_SCRIPT is only true if all three subrules match.
But please keep in mind, that i am kind of new to this stuff as well. I am still learning myself.
Maybe some of the experts can confirm my suggestion or not, please.
Regards
akl
you can edit the score in /var/lib/spamassassin/3.004001/updates_spamassassin_org/72_scores.cf
I am running EFA 3.0.0.9 and my scores are
score PHP_ORIG_SCRIPT 0.500 2.245 0.500 2.245
I assume, that you have a different ruleset base because it is 2.25 in your posting.
This might be because of updates....
The rule itself is specified in 72_active.cf and as far as I understand it is not simply the PHP scripüt, that matters
##{ PHP_ORIG_SCRIPT
meta PHP_ORIG_SCRIPT __PHP_ORIG_SCRIPT_SONLY && !ALL_TRUSTED && !__SUBSCRIPTION_INFO
describe PHP_ORIG_SCRIPT Sent by bot & other signs
#score PHP_ORIG_SCRIPT 2.500 # limit
tflags PHP_ORIG_SCRIPT publish
##} PHP_ORIG_SCRIPT
Maybe you should investigate the other rules for your sender. I understand, that PHP_ORIG_SCRIPT is only true if all three subrules match.
But please keep in mind, that i am kind of new to this stuff as well. I am still learning myself.
Maybe some of the experts can confirm my suggestion or not, please.
Regards
akl
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: PHP_ORIG_SCRIPT not too high?
Don't edit /var/lib/spamassassin/ it'll just get overwritten in the next update 
Instead, override it in /etc/mail/spamassassin/local.cf
Instead, override it in /etc/mail/spamassassin/local.cf
Re: PHP_ORIG_SCRIPT not too high?
yes, that makes sense
can I override anything that's elsewhere in the SA chain in local.cf?
e.g.
adding just score PHP_ORIG_SCRIPT 0.500 1.000 0.500 1.000 in local.cf will override the statement no matter in which other file it is used?
I'd like to override the Image Cerberus myself, because it is really strict and I did not yet really understand its criterias, wether a rule is true for a Picture or not...
regards
akl
can I override anything that's elsewhere in the SA chain in local.cf?
e.g.
adding just score PHP_ORIG_SCRIPT 0.500 1.000 0.500 1.000 in local.cf will override the statement no matter in which other file it is used?
I'd like to override the Image Cerberus myself, because it is really strict and I did not yet really understand its criterias, wether a rule is true for a Picture or not...
regards
akl
Re: PHP_ORIG_SCRIPT not too high?
I believe so, yes.
At least, that is where I am doing it.
At least, that is where I am doing it.