spam e-mail are not deleted

Hello,

In DA in spamassassin setup I have settings:

Would you like to delete high scoring spam?
Yes, block all spam scoring higher than: (1-99, no decimals),

where my score level is 15.00, but spam marked email landing in my messages .

Why ??????

Help me

Regards.

Look at the scores SpamAssassin is applying to thos emails. Are they all over 15?

Remember that -x is always lower than 0.

Jeff

Yes, below example e-mail with SA score's:

Content analysis details: (20.0 points, 5.0 required)

----+----------------------+--------------------------------------------------
|pts|rule name |description
----+----------------------+--------------------------------------------------
4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
1.9 TVD_RCVD_IP TVD_RCVD_IP
0.2 SUBJECT_FUZZY_TION Attempt to obfuscate words in Subject:
2.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[89.141.75.12 listed in dnsbl.sorbs.net]
2.1 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[89.141.75.12 listed in zen.spamhaus.org]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
2.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
3.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
rDNS

Content analysis details: (17.9 points, 5.0 required)

----+----------------------+--------------------------------------------------
|pts|rule name |description
----+----------------------+--------------------------------------------------
4.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
2.9 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[79.36.220.73 listed in dnsbl.sorbs.net]
2.1 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[79.36.220.73 listed in zen.spamhaus.org]
3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
2.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
3.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
rDNS

And this e-mail is marked as spam, but not deleted.
Why ???

I'm noticing same problems here. Some of the messages, but not all of them, are going through. I've checked "delete spam" but few messages goes through even when they are marked as spam. I've checked the headers and that's what I've found in one of them:

--- CUT ---
Received: from mail by s1.xxxx.pl with spam-scanned (Exim 4.67)
id 1M835u-0000bd-41
[...]
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on s1.xxxxx.pl
X-Spam-Level: ****************************
X-Spam-Status: Yes, score=28.6 required=7.0 tests=BAYES_50,FH_HELO_EQ_D_D_D_D, HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,RCVD_IN_PBL,RCVD_IN_SORBS_DUL, RCVD_IN_XBL,RDNS_DYNAMIC,STOX_REPLY_TYPE,TVD_RCVD_IP,URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_WS_SURBL autolearn=spam version=3.2.5
--- CUT ---

I know that exim is looking for "Yes," in "X-Spam-Status" header and it is there but this specific message was not deleted.

Here are the logs from /var/log/exim/mainlog:

--- CUT ---
2009-05-24 04:05:51 1M835u-0000bd-41 <= <> U=mail P=spam-scanned S=4338 id=002701c9dc10$877885e0$7ead2296@ALMIRctvkd T="McCain says E
NHANCE!" from <> for [email protected]
2009-05-24 04:05:55 1M835u-0000bd-41 => info <[email protected]> F=<> R=virtual_user T=virtual_localdelivery S=4432
2009-05-24 04:05:55 1M835u-0000bd-41 => info <[email protected]> F=<> R=virtual_user T=virtual_localdelivery S=4432
2009-05-24 04:05:55 1M835u-0000bd-41 Completed
2009-05-24 04:05:55 1M835t-0000bY-Il => info <[email protected]> F=<> R=spamcheck_director T=spamcheck S=4241
2009-05-24 04:05:55 1M835t-0000bY-Il Completed
--- CUT ---

I'm using SpamBlocker Version 3.1-beta, Exim 4.67, SpamAssasin 3.2.5, Linux Debian

I have a same problem.

/var/log/mail.log
--- CUT ---
Jun 7 21:19:33 s1 spamd[12679]: spamd: processing message <[email protected]> for admin:1003
Jun 7 21:19:37 s1 spamd[12679]: spamd: identified spam (18.0/5.5) for admin:1003 in 4.3 seconds, 1432 bytes.
Jun 7 21:19:37 s1 spamd[12679]: spamd: result: Y 18 - BAYES_99,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,STOX_REPLY_TYPE,TVD
_FINGER_02,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SC_SURBL scantime=4.3,size=1432,user=admin,uid=1003,required_score=5.5,rhost=localhost,raddr=127.0.
0.1,rport=54038,mid=<[email protected]>,bayes=0.999957,autolearn=spam
--- CUT ---

/var/log/exim/mainlog
--- CUT ---
2009-06-07 21:19:37 1MDNu1-0002I2-5w <= <> U=mail P=spam-scanned S=3111 [email protected] T="*****SPAM***** Loan mortg
age car" from <> for [email protected]
2009-06-07 21:19:37 1MDNu1-0002I2-5w => tomek <[email protected]> F=<> R=virtual_user T=virtual_localdelivery S=3203
2009-06-07 21:19:37 1MDNu1-0002I2-5w Completed
--- CUT ---

email header's
--- CUT ---
Received: from mail by mail.xxx.net with spam-scanned (Exim 4.67)
id 1MDNu1-0002I2-5w
for [email protected]; Sun, 07 Jun 2009 21:19:37 +0200
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on s1.xxx.net
X-Spam-Level: ******************
X-Spam-Status: Yes, score=18.0 required=5.5 tests=BAYES_99,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_NONE,
STOX_REPLY_TYPE,TVD_FINGER_02,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,
URIBL_SC_SURBL autolearn=spam version=3.2.5
--- CUT ---
Subject: *****SPAM***** Loan mortgage car
--- CUT ---

Debian 4, Exim 4.67, SpamAssassin 3.2.5, SpamBlocker.exim.conf.2.1.1-release , DA 1.33.6

We have the same problem

Hello

We have the same problem, our client are pissed. When you make any solution for this?

Hello,

Isn't this the same thing?
http://www.directadmin.com/forum/showthread.php?p=165084

Have somebody from DA checked this one out?

Regards,
HKI

Hello,

And one email received again today.

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on i13.xxx.eu
X-Spam-Level: ******
X-Spam-Status: Yes, score=7.0 required=5.0 tests=BAYES_50,HTML_IMAGE_RATIO_04,
HTML_MESSAGE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL
autolearn=no version=3.2.5


It has a nice ***SPAM*** tag, but it should be DELETED from point 5.0

Please DA look into this and advise.
Regards,
HKI

I too have noticed this exact same issue, its only started happening recently.

Same here....

Marco

same problem here from about a week

I've the same problem, how can we fix that?

Everyone keeps writing they have the same problem but no one has responded to my question above.

Jeff

Ill let u know the score from spamassassin on next email marked as SPAM

This email is just arrived, those are the socre and i get it with object changed as ***SPAM*** but ive set to delete the spam.

Need more info?

Here another one, with higher score.

My recollection is that after email goes through SpamAssassin it goes back into exim. Is that correct, anyone (I don't remember with certainty)?

Do you see anything different in the log entries between emails that get properly handled and those that don't?

Are you sure that the email is getting those SpamAssassin headers on your server, and not on a previous server forwarding (relaying) the mail to you?

I'm not an expert in SpamAssassin and I don't know if anyone here is. But if someone could take the time to track the email through the logs, maybe we can figure it out.

Jeff

hi, thanks for your help first at all.


Ill check log today when they arrive again. I didnt thot about what u thot. Cause i saw ***SPAM*** tag in sjubject and i immediatly thot was my own spamassassin that changed it, but, you right.

Il check that and log on new mail arriving, im sure will arrive as aways today too

Regards

Hello,

Looking at a few of the headers, I believe it might be related to this:
http://help.directadmin.com/item.php?id=215

Let me know if that solves it. If it does we'll look into the possibility of changing the default templates (might have to be discussed first, as it could have side-effects)

John

Thanks , ill let you know if worked, but, for example, today i didnt get any.