Aide sur la Configuration de SpamAssassin

[sheen]

Bonjour à tous,


Avec l'aide de Google, j'ai monté une passerelle entre le Firewall et le Serveur 2003 Exchange, car IMF de Exchange commence à me rendre fou.
C'est une Debian, avec Postfix / Mailscanner / ClamAV / Postgrey / SpamAssassin / Squid / Squidguard / Webmin. Je ne suis pas un expert Linux, mais je suis très curieux, ce qui m'a amené jusqu'ici.

En scruttant minutieusement le fichier /var/log/mail.log, j'ai constaté que tout marchait aux petits oignons sauf SpamAssassin, qui, malgré mon acharnement n'en fait encore qu'à sa tête.

Cela fait des semaines que je cherche à comprendre le système de Rules de SA, que je met à jour via SARE (sa-update), j'ai essayé Rules-du-jour, j'ai tenté de faire des règles basiques personnelles (reconnaissance d'un mot.... je ne vais pas aller loin...), de baisser le "required hits" à 3 au lieu de 6, de forcer le langage "Fr" (ce qui apparemment ne fonctionne pas chez moi d'ailleurs), mais rien à faire, SpamAssassin n'en fait qu'à sa tête.

J'ai même isolé les mails de nos utilisateurs, une partie "Ham" et l'autre "Spam", que j'ai progressivement donné à manger à "sa-learn", mais il semble toujours aussi stupide.... il doit y avoir un facteur que je n'ai pas compris.


Au niveau des updates, quel est le mieux, sa-update ou rules-du-jour ?
J'ai remarqué que les prefs de spamassassin prisent en compte sont dans MailScanner.conf, par contre les rules sont dans Local.cf (Les rules sont tout les fichier /etc/spamassassin/*.cf de SARE)

Je souhaiterai si c'est possible, que vous me disiez ce qui ne va pas dans ma config, ce qui pourrait être amélioré.

Je me permet de vous poster mes différents fichiers de config, vous y verrez peut être plus clair que moi (main.cf / master.cf / Mailscanner.conf / local.cf), ainsi que les sorties de "/var/log/mail.log" et "spamassassin --lint -D" :

MAIN.CF

mailbox_command = /usr/bin/procmail.
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
myorigin = maildomain.fr
mydestination =
relayhost =
mynetworks = 127.0.0.0/8, 192.168.18.0/24, 192.168.70.0/24, 192.168.72.0/24, 192.168.76.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
alias_maps = hash:/etc/aliases
myhostname = debian.cpa.local
message_size_limit = 10485760
local_recipient_maps =
virtual_alias_maps = hash:/etc/postfix/virtual
transport_maps = hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/relay_domains
smtpd_helo_required = yes
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10023

smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_rbl_client zen.spamhaus.org

header_checks = regexp:/etc/postfix/header_checks

MASTER.CF

smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

MAILSCANNER.CONF

%org-name% = ORGNAME
%org-long-name% = ORGFULLNAME
%web-site% = ORGWEBSITE
%etc-dir% = /etc/MailScanner
%report-dir% = /etc/MailScanner/reports/en
%rules-dir% = /etc/MailScanner/rules
%mcp-dir% = /etc/MailScanner/mcp
Max Children = 1
Run As User = postfix
Run As Group = www-data
Queue Scan Interval = 6
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner/MailScanner.pid
Restart Every = 7200
MTA = postfix
Sendmail = /usr/sbin/sendmail
Sendmail2 = /usr/sbin/sendmail -DOUTGOING
Incoming Work User = clamav
Incoming Work Group =
Incoming Work Permissions = 0640
Quarantine User =
Quarantine Group =
Quarantine Permissions = 0600
Max Unscanned Bytes Per Scan = 100m
Max Unsafe Bytes Per Scan = 50m
Max Unscanned Messages Per Scan = 30
Max Unsafe Messages Per Scan = 30
Max Normal Queue Size = 800
Scan Messages = yes
Reject Message = no
Maximum Attachments Per Message = 200
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = no
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120
File Command = /usr/bin/file
File Timeout = 20
Gunzip Command = /bin/gunzip
Gunzip Timeout = 50
Unrar Command = /usr/bin/unrar
Unrar Timeout = 50
Find UU-Encoded Files = no
Maximum Message Size = %rules-dir%/max.message.size.rules
Maximum Attachment Size = -1
Minimum Attachment Size = -1
Maximum Archive Depth = 3
Find Archives By Content = yes
Zip Attachments = no
Attachments Zip Filename = MessageAttachments.zip
Attachments Min Total Size To Zip = 100k
Attachment Extensions Not To Zip = .zip .rar .gz .tgz .jpg .jpeg .mpg .mpe .mpeg .mp3 .rpm .htm .html .eml
Add Text Of Doc = no
Antiword = /usr/bin/antiword -f
Antiword Timeout = 50
Virus Scanning = yes
Virus Scanners = clamav
Virus Scanner Timeout = 300
Deliver Disinfected Files = no
Silent Viruses = HTML-IFrame All-Viruses
Still Deliver Silent Viruses = no
Non-Forging Viruses = Joke/ OF97/ WM97/ W97M/ eicar
Block Encrypted Messages = no
Block Unencrypted Messages = no
Allow Password-Protected Archives = no
Check Filenames In Password-Protected Archives = yes

# Options specific to ClamAV Anti-Virus
# -------------------------------------
#

# ClamAVModule only: monitor each of these files for changes in size to
# detect when a ClamAV update has happened.
# This is only used by the "clamavmodule" virus scanner, not the "clamav"
# scanner setting.
Monitors for ClamAV Updates = /usr/local/share/clamav/*.cld /usr/local/share/clamav/*.cvd

# ClamAVModule only: set limits when scanning for viruses.
#
# The maximum recursion level of archives,
# The maximum number of files per batch,
# The maximum file of each file,
# The maximum compression ratio of archive.
# These settings *cannot* be the filename of a ruleset, only a simple number.
ClamAVmodule Maximum Recursion Level = 8
ClamAVmodule Maximum Files = 1000
ClamAVmodule Maximum File Size = 10000000 # (10 Mbytes)
ClamAVmodule Maximum Compression Ratio = 250

# Clamd only: configuration options for using the clamd daemon.
# 1. The port to use when communicating with clamd via TCP connection
# 2. The Socket, or IP to use for communicating with the clamd Daemon.
# You enter either the full path to the UNIX socket file or the IP
# address the daemon is listening on.
# 3. The ClamD Lock file should be created by clamd init script in most
# cases. If it is not then the entry should be blank.
# 4. If MailScanner is running on a system with more then 1 CPU core (or
# more than 1 CPU) then you can set "Clamd Use Threads" to "yes" to
# speed up the scanning, otherwise there is no advantage and it should
# be set to "no".
#
# None of these options can be the filenames of rulesets, they must be just
# simple values.
Clamd Port = 3310
# Clamd Socket = /var/run/clamav/clamd.ctl
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/run/clamav/clamd.pid
Clamd Use Threads = no

# There are now sets of signatures available from places such as
# www.sanesecurity.co.uk which use ClamAV to detect spam. Some of these
# signatures rely on being passed the whole message as one file. By setting
# this option to "yes", each entire message is written out to the scanning
# area, thus enabling these signatures to work reliably.
# It has a slight speed impact but is worth it for the extra spam-spotting
# ability.
#
# This option cannot be the filename of a ruleset, it must be "yes" or "no".
ClamAV Full Message Scan = yes

Dangerous Content Scanning = yes
Allow Partial Messages = no
Allow External Message Bodies = no
Find Phishing Fraud = yes
Also Find Numeric Phishing = yes
Use Stricter Phishing Net = yes
Highlight Phishing Fraud = yes
Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf
Allow IFrame Tags = disarm
Allow Form Tags = disarm
Allow Script Tags = disarm
Allow WebBugs = disarm
Ignored Web Bug Filenames = spacer pixel.gif pixel.png gap shim
Known Web Bug Servers = msgtag.com
Web Bug Replacement = http://www.mailscanner.tv/1x1spacer.gif
Allow Object Codebase Tags = disarm
Convert Dangerous HTML To Text = no
Convert HTML To Text = no
Allow Filenames =
Deny Filenames =
Filename Rules = %etc-dir%/filename.rules.conf
Allow Filetypes =
Allow File MIME Types =
Deny Filetypes =
Deny File MIME Types =
Filetype Rules = %etc-dir%/filetype.rules.conf

Quarantine Infections = yes
Quarantine Silent Viruses = no
Quarantine Modified Body = no
Quarantine Whole Message = no
Quarantine Whole Messages As Queue Files = no
Keep Spam And MCP Archive Clean = no
Language Strings = %report-dir%/languages.conf
Rejection Report = %report-dir%/rejection.report.txt
Deleted Bad Content Message Report = %report-dir%/deleted.content.message.txt
Deleted Bad Filename Message Report = %report-dir%/deleted.filename.message.txt
Deleted Virus Message Report = %report-dir%/deleted.virus.message.txt
Deleted Size Message Report = %report-dir%/deleted.size.message.txt
Stored Bad Content Message Report = %report-dir%/stored.content.message.txt
Stored Bad Filename Message Report = %report-dir%/stored.filename.message.txt
Stored Virus Message Report = %report-dir%/stored.virus.message.txt
Stored Size Message Report = %report-dir%/stored.size.message.txt
Disinfected Report = %report-dir%/disinfected.report.txt
Inline HTML Signature = %report-dir%/inline.sig.html
Inline Text Signature = %report-dir%/inline.sig.txt
Signature Image Filename = %report-dir%/sig.jpg
Signature Image <img> Filename = signature.jpg
Inline HTML Warning = %report-dir%/inline.warning.html
Inline Text Warning = %report-dir%/inline.warning.txt
Sender Content Report = %report-dir%/sender.content.report.txt
Sender Error Report = %report-dir%/sender.error.report.txt
Sender Bad Filename Report = %report-dir%/sender.filename.report.txt
Sender Virus Report = %report-dir%/sender.virus.report.txt
Sender Size Report = %report-dir%/sender.size.report.txt
Hide Incoming Work Dir = yes
Include Scanner Name In Reports = yes
Mail Header = X-%org-name%-MailScanner:
Spam Header = X-%org-name%-MailScanner-SpamCheck:
Spam Score Header = X-%org-name%-MailScanner-SpamScore:
#Information Header = X-%org-name%-MailScanner-Information:
Add Envelope From Header = yes
Add Envelope To Header = no
Envelope From Header = X-%org-name%-MailScanner-From:
Envelope To Header = X-%org-name%-MailScanner-To:
ID Header = X-%org-name%-MailScanner-ID:
IP Protocol Version Header = # X-%org-name%-MailScanner-IP-Protocol:
Spam Score Character = s
SpamScore Number Instead Of Stars = no
Minimum Stars If On Spam List = 0
Clean Header Value = Found to be clean
Infected Header Value = Found to be infected
Disinfected Header Value = Disinfected
Information Header Value = Please contact the ISP for more information
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Always Include SpamAssassin Report = yes
Multiple Headers = append
Hostname = the %org-name% ($HOSTNAME) MailScanner
Sign Messages Already Processed = yes
Sign Clean Messages = yes
Attach Image To Signature = no
Attach Image To HTML Message Only = yes
Allow Multiple HTML Signatures = no
Dont Sign HTML If Headers Exist = # In-Reply-To: References:
Mark Infected Messages = yes
Mark Unscanned Messages = yes
Unscanned Header Value = Not scanned: please contact your Internet E-Mail Service Provider for details
Remove These Headers = X-Mozilla-Status: X-Mozilla-Status2:
Deliver Cleaned Messages = yes
Notify Senders = no
Notify Senders Of Viruses = no
Notify Senders Of Blocked Filenames Or Filetypes = no
Notify Senders Of Blocked Size Attachments = no
Notify Senders Of Other Blocked Content = no
Never Notify Senders Of Precedence = list bulk
Scanned Modify Subject = yes # end
Scanned Subject Text = {Scanned}
Virus Modify Subject = start
Virus Subject Text = {Virus?}
Filename Modify Subject = start
Filename Subject Text = {Filename?}
Content Modify Subject = start
Content Subject Text = {Dangerous Content?}
Size Modify Subject = start
Size Subject Text = {Size}
Disarmed Modify Subject = start
Disarmed Subject Text = {Disarmed}
Phishing Modify Subject = yes #end
Phishing Subject Text = {Fraud?}
Spam Modify Subject = start
Spam Subject Text = ***SPAM***
High Scoring Spam Modify Subject = start
High Scoring Spam Subject Text = {Spam?}
Warning Is Attachment = yes
Attachment Warning Filename = %org-name%-Attachment-Warning.txt
Attachment Encoding Charset = ISO-8859-1
#Archive Mail = /var/spool/MailScanner/archive
Missing Mail Archive Is = directory
Send Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = -- \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = MailScanner
Notices To = postmaster
Local Postmaster = postmaster
Spam List Definitions = %etc-dir%/spam.lists.conf
Virus Scanner Definitions = %etc-dir%/virus.scanners.conf

Spam Checks = yes
Spam List = spamcop.net SBL+XBL
Spam Domain List =
Spam Lists To Be Spam = 1
Spam Lists To Reach High Score = 3
Spam List Timeout = 10
Max Spam List Timeouts = 7
Spam List Timeouts History = 10
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules
Is Definitely Spam = no
Definite Spam Is High Scoring = no
Ignore Spam Whitelist If Recipients Exceed = 20
Max Spam Check Size = 200k

Use Watermarking = no
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = nothing
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = %org-name%-Secret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-Watermark:


#
# SpamAssassin
# ------------

Use SpamAssassin = yes
Max SpamAssassin Size = 200k
Required SpamAssassin Score = 3.1
High SpamAssassin Score = 10
SpamAssassin Auto Whitelist = no
SpamAssassin Timeout = 75
Max SpamAssassin Timeouts = 10
SpamAssassin Timeouts History = 30
Check SpamAssassin If On Spam List = yes
Include Binary Attachments In SpamAssassin = no
Spam Score = yes
Cache SpamAssassin Results = yes
SpamAssassin Cache Database File = /var/spool/MailScanner/incoming/SpamAssassin.cache.db
Rebuild Bayes Every = 0
Wait During Bayes Rebuild = no

Use Custom Spam Scanner = no
Max Custom Spam Scanner Size = 20k
Custom Spam Scanner Timeout = 20
Max Custom Spam Scanner Timeouts = 10
Custom Spam Scanner Timeout History = 20
Spam Actions = deliver
High Scoring Spam Actions = delete
Non Spam Actions = deliver header "X-Spam-Status: No"
SpamAssassin Rule Actions =
Sender Spam Report = %report-dir%/sender.spam.report.txt
Sender Spam List Report = %report-dir%/sender.spam.rbl.report.txt
Sender SpamAssassin Report = %report-dir%/sender.spam.sa.report.txt
Inline Spam Warning = %report-dir%/inline.spam.warning.txt
Recipient Spam Report = %report-dir%/recipient.spam.report.txt
Enable Spam Bounce = %rules-dir%/bounce.rules
Bounce Spam As Attachment = no

#
# Logging
# -------

Syslog Facility = mail
Log Speed = no
Log Spam = yes
Log Non Spam = yes
Log Permitted Filenames = no
Log Permitted Filetypes = no
Log Permitted File MIME Types = no
Log Silent Viruses = no
Log Dangerous HTML Tags = no
Log SpamAssassin Rule Actions = no

#
# Advanced SpamAssassin Settings
# ------------------------------

SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
#SpamAssassin Install Prefix = /opt/MailScanner
SpamAssassin Site Rules Dir = /etc/mail/spamassassin
#SpamAssassin Local Rules Dir = /etc/MailScanner/mail/spamassassin
SpamAssassin Local Rules Dir =
SpamAssassin Local State Dir = # /var/lib/spamassassin
#SpamAssassin Default Rules Dir = /usr/share/spamassassin

MCP Checks = no
First Check = spam
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-%org-name%-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = deliver
High Scoring MCP Actions = deliver
Bounce MCP As Attachment = no
MCP Modify Subject = start
MCP Subject Text = {MCP?}
High Scoring MCP Modify Subject = start
High Scoring MCP Subject Text = {MCP?}
Is Definitely MCP = no
Is Definitely Not MCP = no
Definite MCP Is High Scoring = no
Always Include MCP Report = no
Detailed MCP Report = yes
Include Scores In MCP Report = no
Log MCP = no
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100k
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/sender.mcp.report.txt

Use Default Rules With Multiple Recipients = no
Read IP Address From Received Header = no
Spam Score Number Format = %d
MailScanner Version Number = 4.71.10
SpamAssassin Cache Timings = 1800,300,10800,172800,600
Debug = no
Debug SpamAssassin = yes
Run In Foreground = no
Always Looked Up Last = no
Always Looked Up Last After Batch = no
Deliver In Background = yes
Delivery Method = batch
Split Exim Spool = no
Lockfile Dir = /var/lock/subsys/MailScanner
Custom Functions Dir = /etc/MailScanner/CustomFunctions
Lock Type =
Syslog Socket Type =
Automatic Syntax Check = yes
Minimum Code Status = supported
SpamAssassin Prefs File = /etc/MailScanner/spam.assassin.prefs.conf
SpamAssassin Install Prefix =
SpamAssassin Default Rules Dir =

LOCAL.CF

rewrite_header Subject *****SPAM*****
trusted_networks 192.168.18.
required_score 3.1
use_bayes 1
ok_languages fr
ok_locales en

Edit : nombre maximum de caractères dépassé, je poste la suite sur le prochain reply.

[ccnet]

L'intégration manuelle de tous ces composants est un énorme travail. Je n'ai pas réussi, faute de compétences système je pense, à obtenir quelque chose de stable dans le temps. Ma curiosité et mon temps ayant des limites mais souhaitant une solution stable je me suis tourné vers quelque chose de plus simple et plus efficace.

http://forums.ixus.fr/viewtopic.php?t=4 ... amassassin
http://forums.ixus.fr/viewtopic.php?t=4 ... rckconnect

Sur ces bases j'ai plusieurs sites en production donnant de bons résultats.

En espérant que cela puisse vous éclairer.

[sheen]

J'ai dépassé le nombre maximum de caractères (désolé), je poste la suite ici :

SPAMASSASSIN --LINT -D

[3197] dbg: logger: adding facilities: all
[3197] dbg: logger: logging level is DBG
[3197] dbg: generic: SpamAssassin version 3.2.5
[3197] dbg: config: score set 0 chosen.
[3197] dbg: util: running in taint mode? yes
[3197] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH
[3197] dbg: util: PATH included '/usr/local/sbin', keeping
[3197] dbg: util: PATH included '/usr/local/bin', keeping
[3197] dbg: util: PATH included '/usr/sbin', keeping
[3197] dbg: util: PATH included '/usr/bin', keeping
[3197] dbg: util: PATH included '/sbin', keeping
[3197] dbg: util: PATH included '/bin', keeping
[3197] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[3197] dbg: dns: is Net::DNS::Resolver available? yes
[3197] dbg: dns: Net::DNS version: 0.63
[3197] dbg: diag: perl platform: 5.010000 linux
[3197] dbg: diag: module installed: Digest::SHA1, version 2.11
[3197] dbg: diag: module installed: HTML::Parser, version 3.59
[3197] dbg: diag: module installed: Net::DNS, version 0.63
[3197] dbg: diag: module installed: MIME::Base64, version 3.07_01
[3197] dbg: diag: module installed: DB_File, version 1.816_1
[3197] dbg: diag: module installed: Net::SMTP, version 2.31
[3197] dbg: diag: module installed: Mail::SPF, version v2.005
[3197] dbg: diag: module installed: Mail::SPF::Query, version 1.999001
[3197] dbg: diag: module installed: IP::Country::Fast, version 604.001
[3197] dbg: diag: module installed: Razor2::Client::Agent, version 2.84
[3197] dbg: diag: module installed: Net::Ident, version 1.20
[3197] dbg: diag: module installed: IO::Socket::INET6, version 2.54
[3197] dbg: diag: module installed: IO::Socket::SSL, version 1.17
[3197] dbg: diag: module installed: Compress::Zlib, version 2.015
[3197] dbg: diag: module installed: Time::HiRes, version 1.9711
[3197] dbg: diag: module installed: Mail::DomainKeys, version 1.0
[3197] dbg: diag: module installed: Mail::DKIM, version 0.32
[3197] dbg: diag: module installed: DBI, version 1.607
[3197] dbg: diag: module installed: Getopt::Long, version 2.37
[3197] dbg: diag: module installed: LWP::UserAgent, version 5.819
[3197] dbg: diag: module installed: HTTP::Date, version 5.810
[3197] dbg: diag: module installed: Archive::Tar, version 1.38
[3197] dbg: diag: module installed: IO::Zlib, version 1.07
[3197] dbg: diag: module installed: Encode::Detect, version 1.01
[3197] dbg: ignore: using a test message to lint rules
[3197] dbg: config: using "/etc/spamassassin" for site rules pre files
[3197] dbg: config: read file /etc/spamassassin/init.pre
[3197] dbg: config: read file /etc/spamassassin/v310.pre
[3197] dbg: config: read file /etc/spamassassin/v312.pre
[3197] dbg: config: read file /etc/spamassassin/v320.pre
[3197] dbg: config: using "/var/lib/spamassassin/3.002005" for sys rules pre files
[3197] dbg: config: using "/var/lib/spamassassin/3.002005" for default rules dir
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org.cf
[3197] dbg: config: using "/etc/spamassassin" for site rules dir
[3197] dbg: config: read file /etc/spamassassin/00_FVGT_File001.cf
[3197] dbg: config: read file /etc/spamassassin/65_debian.cf
[3197] dbg: config: read file /etc/spamassassin/70_domainatrix.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_adult.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_evilnum0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_evilnum1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_evilnum2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj3.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj4.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj_eng.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_genlsubj_x30.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header3.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header4.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header_eng.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header_x264_x30.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_header_x30.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_highrisk.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html3.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html4.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html_eng.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html_x30.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_html_x31.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu3.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu4.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_obfu_x31.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_oem.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_random.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_ratware.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_specific.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_specific_rolex.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_spoof.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_stocks.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_unsub.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri0.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri1.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri2.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri3.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri4.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri_eng.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_uri_x31.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_whitelist.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_whitelist_pre30.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_whitelist_rcvd.cf
[3197] dbg: config: read file /etc/spamassassin/70_sare_whitelist_spf.cf
[3197] dbg: config: read file /etc/spamassassin/70_sc_top200.cf
[3197] dbg: config: read file /etc/spamassassin/71_sare_bml_pre25x.cf
[3197] dbg: config: read file /etc/spamassassin/71_sare_redirect_pre3.0.0.cf
[3197] dbg: config: read file /etc/spamassassin/72_sare_bml_post25x.cf
[3197] dbg: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_Bayes_Poison.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_Tripwire.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_body.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_headers.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_rawbody.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_subject.cf
[3197] dbg: config: read file /etc/spamassassin/88_FVGT_uri.cf
[3197] dbg: config: read file /etc/spamassassin/90_2tld.cf
[3197] dbg: config: read file /etc/spamassassin/98_text_de_evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/98_text_es_evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/98_text_fr_evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/98_text_it_evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/98_text_nl_evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/99_FVGT_Tripwire.cf
[3197] dbg: config: read file /etc/spamassassin/99_FVGT_meta.cf
[3197] dbg: config: read file /etc/spamassassin/99_sare_adult.cf
[3197] dbg: config: read file /etc/spamassassin/99_sare_biz_market_learn_post25x.cf
[3197] dbg: config: read file /etc/spamassassin/99_sare_biz_market_learn_pre25x.cf
[3197] dbg: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf
[3197] dbg: config: read file /etc/spamassassin/99_sare_fraud_pre25x.cf
[3197] dbg: config: read file /etc/spamassassin/antidrug.cf
[3197] dbg: config: read file /etc/spamassassin/backhair.cf
[3197] dbg: config: read file /etc/spamassassin/bogus-virus-warnings.cf
[3197] dbg: config: read file /etc/spamassassin/chickenpox.cf
[3197] dbg: config: read file /etc/spamassassin/evilnumbers.cf
[3197] dbg: config: read file /etc/spamassassin/imageinfo.cf
[3197] dbg: config: read file /etc/spamassassin/local.cf
[3197] dbg: config: read file /etc/spamassassin/mangled.cf
[3197] dbg: config: read file /etc/spamassassin/meta_addition.cf
[3197] dbg: config: read file /etc/spamassassin/mr_wiggly.cf
[3197] dbg: config: read file /etc/spamassassin/popcorn_new.cf
[3197] dbg: config: read file /etc/spamassassin/random.current.cf
[3197] dbg: config: read file /etc/spamassassin/tripwire.cf
[3197] dbg: config: read file /etc/spamassassin/useless.cf
[3197] dbg: config: read file /etc/spamassassin/vbounce.cf
[3197] dbg: config: read file /etc/spamassassin/weeds.cf
[3197] dbg: config: read file /etc/spamassassin/weeds_2.cf
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC
[3197] dbg: dcc: local tests only, disabling DCC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[3197] dbg: pyzor: local tests only, disabling Pyzor
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[3197] dbg: razor2: local tests only, skipping Razor
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[3197] dbg: reporter: local tests only, disabling SpamCop
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DCC, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AWL, already registered

[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::TextCat from @INC
[3197] dbg: textcat: loading languages file...
[3197] dbg: textcat: loaded 73 language models
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[3197] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DCC, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AWL, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AutoLearnThreshold, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::TextCat, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Check, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HTTPSMismatch, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIDetail, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Bayes, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::BodyEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DNSEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HTMLEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::HeaderEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::MIMEEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::RelayEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::URIEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::WLBLEval, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::VBounce, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::ImageInfo, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::DCC, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Pyzor, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::Razor2, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::SpamCop, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AWL, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::AutoLearnThreshold, already registered
[3197] dbg: plugin: did not register Mail::SpamAssassin::Plugin::TextCat, already registered
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/10_default_prefs.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_advance_fee.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_body_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_compensate.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dnsbl_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_drugs.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_dynrdns.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_fake_helo_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_head_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_html_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_imageinfo.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_meta_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_net_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_phrases.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_porn.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_ratware.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_uri_tests.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/20_vbounce.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/23_bayes.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_accessdb.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_antivirus.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_asn.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dcc.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_dkim.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_domainkeys.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_hashcash.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_pyzor.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_razor2.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_replace.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_spf.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_textcat.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/25_uribl.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_de.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_fr.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_it.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_nl.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pl.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/30_text_pt_br.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/50_scores.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_awl.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_shortcircuit.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dk.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_dkim.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_spf.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/60_whitelist_subject.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_active.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_removed.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/72_scores.cf
[3197] dbg: config: fixed relative path: /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
[3197] dbg: config: using "/var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf" for included file
[3197] dbg: config: read file /var/lib/spamassassin/3.002005/updates_spamassassin_org/80_additional.cf
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_1XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_2XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_3XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_4XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_5XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_6XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_7XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_8XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_9XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_BOX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_ROOM_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_A_INT_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_X31_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_X33_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_X34_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_X44_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_2XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_201_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_203_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_212_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_3XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_4XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_5XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_6XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_7XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_8XX_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_2
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_3
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_4
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_5
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_6
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_7
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_8
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_800_9
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_866_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_877_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_888_1
[3197] warn: config: warning: description exists for non-existent rule EvilNumber_N_9XX_1
[3197] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E
[3197] dbg: rules: PREVENT_NONDELIVERY merged duplicates: SARE_HEAD_HDR_PREVNDR
[3197] dbg: rules: __SARE_HEAD_HDR_IDKEY merged duplicates: SARE_HEAD_HDR_XIDKEY
[3197] dbg: rules: __JM_REACTOR_DATE merged duplicates: __RATWARE_0_TZ_DATE
[3197] dbg: rules: DRUGS_DIET merged duplicates: LOCAL_DRUGS_DIET
[3197] dbg: rules: __DRUGS_ERECTILE_V merged duplicates: __DRUGS_MALEDYSFUNCTION_V
[3197] dbg: rules: __HTML_IMG_ONLY merged duplicates: __IMG_ONLY
[3197] dbg: rules: FU_UKGEOCITIES merged duplicates: __SARE_SPEC_XX2GEOCIT
[3197] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
[3197] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE
[3197] dbg: rules: dmtrxp91 merged duplicates: dmtrxp98
[3197] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7
[3197] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6
[3197] dbg: rules: FB_FAKE_NUMS2 merged duplicates: SARE_OBFU_NUMS2
[3197] dbg: rules: __SARE_HEAD_FALSE merged duplicates: __SARE_SUB_FALSE
[3197] dbg: rules: __FPS_TEEN merged duplicates: __FS_TEEN
[3197] dbg: rules: VIRUS_WARNING128 merged duplicates: __VBOUNCE_MMS
[3197] dbg: rules: DRUGS_ANXIETY merged duplicates: LOCAL_DRUGS_ANXIETY
[3197] dbg: rules: __FVGT_RAPE merged duplicates: __WORD_RAPED
[3197] dbg: rules: VIRUS_WARNING123 merged duplicates: VIRUS_WARNING37
[3197] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05
[3197] dbg: rules: FAKE_OUTBLAZE_RCVD merged duplicates: __SARE_RECV_FORGE_OUTB
[3197] dbg: rules: __GENUINE_REP merged duplicates: __SARE_SPEC_GENU_REPL
[3197] dbg: rules: dmtrxp92 merged duplicates: dmtrxp99
[3197] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI
[3197] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
[3197] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E
[3197] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40
[3197] dbg: rules: dmtrxp100 merged duplicates: dmtrxp93
[3197] dbg: rules: __FR_HTML_HAS_IMG merged duplicates: __SARE_HTML_HAS_IMG
[3197] dbg: rules: X_MESSAGE_INFO merged duplicates: __SARE_HEAD_HDR_XMSGIN
[3197] dbg: rules: __DRUGS_ERECTILE_C merged duplicates: __DRUGS_MALEDYSFUNCTION_C
[3197] dbg: rules: AXB_RCVD_ZOOBSEND merged duplicates: BROKEN_RATWARE_BOM CTYPE_001C_A DEAR_HOMEOWNER DIV_CENTER_A_HREF DRUG_RA_PRICE HG_HORMONE HS_PHARMA_1 HS_UPLOADED_SOFTWARE OEBOUND RCVD_IN_DSBL STOX_RCVD_N_NN_N URIBL_RHS_ABUSE URIBL_RHS_BOGUSMX URIBL_RHS_DSN URIBL_RHS_POST URIBL_RHS_TLD_WHOIS URIBL_RHS_WHOIS URIBL_XS_SURBL URI_L_PHP XMAILER_MIMEOLE_OL_5E7ED XMAILER_MIMEOLE_OL_C7C33 XMAILER_MIMEOLE_OL_D03AB X_LIBRARY YOUR_CRD_RATING
[3197] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8
[3197] dbg: rules: DC_PNG_MULTI_LARGO merged duplicates: __DC_PNG_MULTI_LARGO
[3197] dbg: rules: __SARE_BODY_BLANKS_5_100 merged duplicates: __SARE_BODY_BLNK_5_100
[3197] dbg: rules: __FH_YAHOOGROUPS merged duplicates: __SARE_EXIST_XYPROF
[3197] dbg: rules: __DRUGS_ERECTILE4 merged duplicates: __DRUGS_MALEDYSFUNCTION4
[3197] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
[3197] dbg: rules: __DRUGS_ERECTILE2 merged duplicates: __DRUGS_MALEDYSFUNCTION2
[3197] dbg: rules: FB_FAKE_NUMBERS merged duplicates: SARE_OBFU_NUMBERS
[3197] dbg: rules: __FM_NO_FROM merged duplicates: __SARE_WHITELIST_FLAG
[3197] dbg: rules: SARE_SUB_2UNDERSCORES merged duplicates: SARE_SUB_6_FIG_INC SARE_SUB_ACCENT_CHAR SARE_SUB_ACCT_UPD SARE_SUB_ACQUISITION SARE_SUB_ACTION_OB SARE_SUB_ADV_DB SARE_SUB_ADV_SEARCH SARE_SUB_AGING SARE_SUB_BETTER_OB1 SARE_SUB_BETTER_OB2 SARE_SUB_BIGGER_OB SARE_SUB_BOOST_OB SARE_SUB_BREAKTHRU_OB SARE_SUB_BRKING_NEWS SARE_SUB_BUY_OB SARE_SUB_BUY_OB1 SARE_SUB_CALL_NOW SARE_SUB_CARD_BILLED SARE_SUB_CARTRIDGE_OB SARE_SUB_CASINO_OB SARE_SUB_CHANGE_LIFE SARE_SUB_CHARGE_OB SARE_SUB_CHEAP_OB SARE_SUB_COMMA_LEAD SARE_SUB_COMM_MAILERS SARE_SUB_CONFID_OB SARE_SUB_CONSULTN_OB SARE_SUB_DBL_MEDICTN SARE_SUB_DBL_PHARM SARE_SUB_DEBTS_COURT SARE_SUB_DOWNLOAD_OB SARE_SUB_EBAY_OB SARE_SUB_EXCITING_NEW SARE_SUB_EXCL_OB SARE_SUB_EXPIRED SARE_SUB_FOR_WOMEN SARE_SUB_FREE_BANG SARE_SUB_GAPPY_3 SARE_SUB_GAPPY_4 SARE_SUB_GAPPY_5 SARE_SUB_GAPPY_6 SARE_SUB_GAPPY_7 SARE_SUB_GAPPY_8 SARE_SUB_HARD_OB SARE_SUB_HOMEOWNER_OB SARE_SUB_INC_ONLINE SARE_SUB_INKJET_OB SARE_SUB_KICKBACK SARE_SUB_LAST_CHANCE SARE_SUB_LEAD_PUNCT SARE_SUB_LETTERS_NUMS SARE_SUB_LETTER_1 SARE_SUB_LONG_SUBJ_140 SARE_SUB_LONG_SUBJ_170 SARE_SUB_LOSE_OB SARE_SUB_LOTS_PUNC_21 SARE_SUB_LOTS_PUNC_26 SARE_SUB_MEDICAL_NEWS SARE_SUB_MED_USE SARE_SUB_MENS_HEALTH SARE_SUB_MISC_1 SARE_SUB_MORTGAGE_OB SARE_SUB_MOVE_OB SARE_SUB_MSGSUB SARE_SUB_OBFU_V SARE_SUB_ODDWORD_G SARE_SUB_ODDWORD_I SARE_SUB_ODDWORD_P SARE_SUB_ODDWORD_Q SARE_SUB_ODDWORD_U SARE_SUB_ONLINE SARE_SUB_ONLINE_OB SARE_SUB_ORIG_SOFT_OB SARE_SUB_PASSION_OB SARE_SUB_PENIS_OB SARE_SUB_PERFECT SARE_SUB_PERFECTLY SARE_SUB_PHOTOS_OB SARE_SUB_PHYSICIAN_OB SARE_SUB_PLEASE_OB SARE_SUB_PRINTER_OB SARE_SUB_PROVEN_OB SARE_SUB_RAND_LETTRS5 SARE_SUB_RAND_UC SARE_SUB_REAL_OB SARE_SUB_SION_OB SARE_SUB_SPECIAL_BANG SARE_SUB_STRETCH_MARK SARE_SUB_STRONG_OB SARE_SUB_TAXES SARE_SUB_THOU_CLI SARE_SUB_TION_OB SARE_SUB_TONER SARE_SUB_TONER_OB SARE_SUB_VIDEO_OB SARE_SUB_VIRUSQ SARE_SUB_WEBMASTER SARE_SUB_WEBMASTER2 SARE_SUB_YOUNGER_OB SARE_SUB_YOUR_WOMAN
[3197] dbg: rules: __FR_HTML_HAS_AHREF merged duplicates: __SARE_HTML_HAS_A
[3197] dbg: rules: SARE_SUBJ_SLUT merged duplicates: __FPS_SLUT
[3197] dbg: rules: VIRUS_WARNING357 merged duplicates: __CRBOUNCE_BLOCKED
[3197] dbg: rules: SARE_HTML_URI_OC merged duplicates: SARE_URI_OC
[3197] dbg: rules: SARE_USERAG_BAT merged duplicates: __SARE_HEAD_MAIL_BAT2
[3197] dbg: rules: __XM_OL_C9068 merged duplicates: __XM_OL_EF20B
[3197] dbg: rules: __FH_RCV_53 merged duplicates: __RCVD_53
[3197] dbg: rules: SARE_OBFU_CIALIS merged duplicates: SARE_OBFU_GREAT_POX SARE_OBFU_OBLIGATION SARE_URI_AFF_DIG SARE_URI_DIG_LET_PIC SARE_URI_H0 SARE_URI_HOUSE SARE_URI_IPPORT3333 SARE_URI_MRTG SARE_URI_NUMASP8 SARE_URI_P8 SARE_URI_PERV SARE_URI_PORTD4 SARE_URI_REFID2 SARE_URI_REFID3 SARE_URI_SIXCAPS SARE_URI_SQUARE SARE_URI_SUCCEZZ
[3197] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E
[3197] dbg: rules: VIRUS_WARNING103 merged duplicates: VIRUS_WARNING52
[3197] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01
[3197] dbg: rules: SARE_SPOOF_COM2OTH merged duplicates: SPOOF_COM2COM
[3197] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA
[3197] dbg: rules: SARE_HEAD_HDR_XRMDTXT merged duplicates: __SARE_HEAD_HDR_RMDB
[3197] dbg: rules: __FH_FRM_53 merged duplicates: __FROM_53
[3197] dbg: rules: DC_GIF_MULTI_LARGO merged duplicates: __DC_GIF_MULTI_LARGO
[3197] dbg: rules: FH_FROMEML_NOTLD merged duplicates: SARE_FROM_NOTLD
[3197] dbg: rules: __HAS_XMAILER merged duplicates: __HAS_X_MAILER
[3197] dbg: rules: dmtrx94 merged duplicates: dmtrxp86
[3197] dbg: rules: FH_HELO_GMAILSMTP merged duplicates: SARE_HELO_GMAILSMTP
[3197] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0
[3197] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
[3197] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A
[3197] dbg: rules: dmtrxp90 merged duplicates: dmtrxp97
[3197] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI __SARE_URI_ANY
[3197] dbg: rules: SARE_BOUNDARY_D2 me

TAIL -F /VAR/LOG/MAIL.LOG

////////////////////////////////////////////////////////////////////////////
J'ai envoyé 3 emails :
* Un d'une adresse inconnue (le Greylisting est en place)
* Une d'une adresse connue contenant une pub / image
* Un d'une adresse connue, avec tapé à la main : VIAGRA/$%#&!/DRUGS (14 en Hits... heureusement)
////////////////////////////////////////////////////////////////////////////


Dec 11 10:46:37 debian spamd[2271]: razor2: razor2 check failed: No such file or directory razor2: razor2 had unknown error during get_server_info at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 188. at /usr/share/perl5/Mail/SpamAssassin/Plugin/Razor2.pm line 326.
Dec 11 10:46:38 debian postfix/master[2676]: reload configuration /etc/postfix
Dec 11 10:46:48 debian spamd[2271]: spamd: server started on port 783/tcp (running version 3.2.5)
Dec 11 10:46:48 debian spamd[2271]: spamd: server pid: 2271
Dec 11 10:46:48 debian spamd[2271]: spamd: server successfully spawned child process, pid 3003
Dec 11 10:46:48 debian spamd[2271]: spamd: server successfully spawned child process, pid 3004
Dec 11 10:46:48 debian spamd[2271]: prefork: child states: II
Dec 11 10:47:03 debian MailScanner[2610]: ClamAV scanner using unrar command /usr/bin/unrar
Dec 11 10:47:03 debian MailScanner[2610]: Using locktype = flock
Dec 11 10:53:17 debian postfix/smtpd[3186]: connect from host.111.111.111.111.rev.coltfrance.com[111.111.111.111]
Dec 11 10:54:05 debian postgrey[2267]: action=greylist, reason=new, client_name=host.111.111.111.111.rev.coltfrance.com, client_address=111.111.111.111, sender=salutations@test.fr, recipient=admin@maildomain.fr
Dec 11 10:54:05 debian postfix/smtpd[3186]: NOQUEUE: reject: RCPT from host.111.111.111.111.rev.coltfrance.com[111.111.111.111]: 504 5.5.2 <debian>: Helo command rejected: need fully-qualified hostname; from=<salutations@test.fr> to=<admin@maildomain.fr> proto=SMTP helo=<debian>
Dec 11 10:54:28 debian postfix/smtpd[3186]: disconnect from host.111.111.111.111.rev.coltfrance.com[111.111.111.111]
Dec 11 10:57:48 debian postfix/anvil[3187]: statistics: max connection rate 1/60s for (smtp:111.111.111.111) at Dec 11 10:53:17
Dec 11 10:57:48 debian postfix/anvil[3187]: statistics: max connection count 1 for (smtp:111.111.111.111) at Dec 11 10:53:17
Dec 11 10:57:48 debian postfix/anvil[3187]: statistics: max cache size 1 at Dec 11 10:53:17
Dec 11 11:05:30 debian postfix/smtpd[3214]: connect from n8a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:05:30 debian postgrey[2267]: action=pass, reason=triplet found, client_name=n8a.bullet.ukl.yahoo.com, client_address=217.146.183.156, sender=mailtest@yahoo.fr, recipient=admin@maildomain.fr
Dec 11 11:05:30 debian postfix/smtpd[3214]: 881D75CC479: client=n8a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:05:30 debian postfix/cleanup[3217]: 881D75CC479: hold: header Received: from n8a.bullet.ukl.yahoo.com (n8a.bullet.ukl.yahoo.com [111.111.111.111])??by debian.cpa.local (Postfix) with SMTP id 881D75CC479??for <admin@maildomain.fr>; Thu, 11 Dec 2008 11:05:30 + from n8a.bullet.ukl.yahoo.com[111.111.111.111]; from=<mailtest@yahoo.fr> to=<admin@maildomain.fr> proto=SMTP helo=<n8a.bullet.ukl.yahoo.com>
Dec 11 11:05:30 debian postfix/cleanup[3217]: 881D75CC479: message-id=<556366.6797.qm@web28609.mail.ukl.yahoo.com>
Dec 11 11:05:30 debian postfix/smtpd[3214]: disconnect from n8a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:05:34 debian MailScanner[2610]: New Batch: Scanning 1 messages, 7567 bytes
Dec 11 11:05:34 debian MailScanner[2610]: Spam Checks: Starting
Dec 11 11:05:40 debian MailScanner[2610]: Message 881D75CC479.66BC9 from 111.111.111.111 (mailtest@yahoo.fr) to maildomain.fr is not spam, SpamAssassin (not cached, score=1.384, required 3.1, HTML_MESSAGE 0.00, SARE_FREE_WEBM_FrYahoo 0.13, SARE_UNSUB09 1.25)
Dec 11 11:05:41 debian MailScanner[2610]: Virus and Content Scanning: Starting
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --unzip
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --jar
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --tar
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --tgz
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --deb
Dec 11 11:05:41 debian MailScanner[2610]: WARNING: Ignoring deprecated option --unrar
Dec 11 11:05:49 debian MailScanner[2610]: Requeue: 881D75CC479.66BC9 to D42345CC47B
Dec 11 11:05:49 debian MailScanner[2610]: Uninfected: Delivered 1 messages
Dec 11 11:05:49 debian postfix/qmgr[2948]: D42345CC47B: from=<mailtest@yahoo.fr>, size=6875, nrcpt=1 (queue active)
Dec 11 11:05:52 debian postfix/smtp[3230]: D42345CC47B: to=<admin@maildomain.fr>, relay=192.168.18.X[192.168.18.X]:25, delay=23, delays=19/0.13/0.02/3.6, dsn=2.6.0, status=sent (250 2.6.0 <556366.6797.qm@web28609.mail.ukl.yahoo.com> Queued mail for delivery)
Dec 11 11:05:52 debian postfix/qmgr[2948]: D42345CC47B: removed
Dec 11 11:06:37 debian postfix/smtpd[3214]: connect from n9a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:06:37 debian postgrey[2267]: action=pass, reason=triplet found, client_name=n9a.bullet.ukl.yahoo.com, client_address=111.111.111.111, sender=mailtest@yahoo.fr, recipient=admin@maildomain.fr
Dec 11 11:06:37 debian postfix/smtpd[3214]: EACE15CC479: client=n9a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:06:38 debian postfix/cleanup[3217]: EACE15CC479: hold: header Received: from n9a.bullet.ukl.yahoo.com (n9a.bullet.ukl.yahoo.com [111.111.111.111])??by debian.cpa.local (Postfix) with SMTP id EACE15CC479??for <admin@maildomain.fr>; Thu, 11 Dec 2008 11:06:37 + from n9a.bullet.ukl.yahoo.com[111.111.111.111]; from=<mailtest@yahoo.fr> to=<admin@maildomain.fr> proto=SMTP helo=<n9a.bullet.ukl.yahoo.com>
Dec 11 11:06:38 debian postfix/cleanup[3217]: EACE15CC479: message-id=<400099.47268.qm@web28615.mail.ukl.yahoo.com>
Dec 11 11:06:38 debian postfix/smtpd[3214]: disconnect from n9a.bullet.ukl.yahoo.com[111.111.111.111]
Dec 11 11:06:43 debian MailScanner[2610]: New Batch: Scanning 1 messages, 2532 bytes
Dec 11 11:06:43 debian MailScanner[2610]: Spam Checks: Starting
Dec 11 11:06:44 debian MailScanner[2610]: Message EACE15CC479.CA44C from 111.111.111.111 (mailtest@yahoo.fr) to maildomain.fr is spam, SpamAssassin (not cached, score=14.85, required 3.1, BODY_ENHANCEMENT 1.61, DRUGS_ERECTILE 0.65, DRUG_ED_CAPS 1.54, LOCAL_DRUGS_MALEDYSFUNCTION 1.00, SARE_ADLTSUB2 1.67, SARE_ADULT2 1.67, SARE_ENLRGYOUR 2.22, SARE_FREE_WEBM_FrYahoo 0.13, SARE_SUB_PENIS 1.67, SUBJ_ALL_CAPS 1.81, SUBJ_BUY 0.90)
Dec 11 11:06:44 debian MailScanner[2610]: Spam Checks: Found 1 spam messages
Dec 11 11:06:44 debian MailScanner[2610]: Spam Actions: message EACE15CC479.CA44C actions are delete
Dec 11 11:06:44 debian MailScanner[2610]: Virus and Content Scanning: Starting
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --unzip
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --jar
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --tar
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --tgz
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --deb
Dec 11 11:06:44 debian MailScanner[2610]: WARNING: Ignoring deprecated option --unrar

Merci pour votre réponse ccnet
Vous me conseillez donc clarkconnect, mais au niveau de Spamassassin il est déjà préconfiguré ?
Parce que je pense que l'intégration Postfix / ClamAV / SpamAssassin sur mon système est plus que correcte (charge systeme à 0 avec tout les services lancés), quand on regarde le Mail.log on voit que tout fonctionne ensemble (postfix, mailscanner, postgrey, clamav, spamassassin), ça m'ennuie de tout effacer et de passer à autre chose après m'être donné autant de mal.
Après, si Clarkconnect à déjà un SpamAssassin bien configuré là je m'incline et je vais tester la distribution.
En attendant votre opinion, je vais faire un Ghost de mon système au cas où.

[ccnet]

Vous me conseillez donc clarkconnect, mais au niveau de Spamassassin il est déjà préconfiguré ?

Oui c'est le cas. L'intégration est faite.

ça m'ennuie de tout effacer et de passer à autre chose après m'être donné autant de mal.

Je vous comprend. En même temps ce n'est jamais perdu. Oui faite une image du système actuel. Pour moi, un des avantages de CConnect est aussi la présence d'une interface web qui me permet de déléguer sans risque à une personne quelconque chez le client la mise à jour des liste blanches et noires. Il y a donc aussi un aspect organisationnel dans l'exploitation qui motive mon choix.
Comme indiqué dans les liens j'ai néanmoins fait pas mal de modifications, similaires aux votres, dans main.cf pour que Postfix fasse un premier tri et rejette les spams évident. Spamassassin est écrit en pearl et chaque appel est couteux en ressources système.
J'ai aussi modifié la production de rapports, et le classement des spams qui se fait à deux niveaux. Les mails "moyennement douteux" sont distribués à l'utilisateur final dans son courrier indésirable. Ceux qui sont notés > 10 ou 15 sont envoyés dans une boite commune pendant 3 ou 4 jours pour traçabilité uniquement.

[sheen]

Ah mince, je n'avais pas vu mais ClarkConnect est Payant : /
Ca me refroidit un peu.
Je vais quand meme tester la démo de 30 jours pour me faire une opinion.

Edit : Oups, il y a une version gratuite, toute mes excuses ^^

[ccnet]

Non pas pour faire une passerelle AS-AV, regardez bien. La version Community convient parfaitement. C'est celle que j'utilise.

[sheen]

J'ai donc testé ClarkConnect.

Cette distribution est en effet excellente, légère et très complete, je ne suis pas déçu.
Et effectivement la configuration par défaut de SpamAssassin ne marche pas trop mal (En mettant l'indice à 3), mais j'aimerai le rendre plus intelligent (Il laisse encore passer pas mal de spam)

J'aurais bien aimé utiliser DSpam couplé à SpamAssassin, mais d'après ce que j'ai pu lire sur le forum de ClarkConnect cela n'est pas possible pour une Passerelle SMTP (Uniquement pour le serveur mail).
La question est donc, comment dire à SpamAssassin quels sont les bons mails des mauvais sur une installation Passerelle SMTP ?

J'ai testé une méthode avec SpamAssassin Coach, un plugin Outlook / Thunderbird qui en un clic de souris va se connecter au serveur SpamAssassin (port 785) et lui dire les Ham/Spam signalé.
Pour que ça marche il faut lancer "Spamd -l -A IP" sur le serveur.
Ca a l'air génial, l'idée est excellente, mais malgré toute cette bonne volonté et cette recherche de solution, ça ne marche pas.

J'ai testé les deux logiciels de messagerie avec le plugin SpamAssassin Coach (Outlook et Thunderbird), et quand je reporte un mail comme du 'Spam' ou du 'Ham' il ne se passe rien.
Je veux dire par là que SpamAssassin ne dit rien dans son log, j'ai donc utilisé WireShark pour sniffer les paquets sortant de ma carte réseau, et aucun paquet n'est destiné à ma Passerelle Antispam même en cliquant dix fois sur "report as spam".

J'en déduis donc que le plugin ne marche pas, et donc retour à zéro, je n'ai pas d'idée pour entrainer SpamAssassin : /

Comment procèdes tu CCNet pour rendre SpamAssassin plus intelligent ?

[ccnet]

A vrai dire je ne tente pas de le rendre plus intelligent. J'essaye de l'utiliser le moins possible. Ce que je veux dire par là c'est que je fais le maximum au niveau de Postfix avant de mettre Spamassassin en marche. Dans la configuration Postfix, je fais un test à l'aide d'expressions régulières sur le champ Subject du mail. Exemple de fichier header_checks

Code: Tout sélectionner

/\b(^Subject: .*s(-|\.|\ )?e\2?x\2?u\2?a\2?l\2?.*)/ REJECT
/^Subject: .*Solution for your sexual life/ REJECT
/^Subject: .*Casino|casino/   REJECT
/^Subject: .*Rolex|rolex/   REJECT
/^Subject: .*Pharmacie|pharmacie/   REJECT
/^Subject: .*Watches|watches/   REJECT
/^Subject: .*Bonus|bonus/   REJECT
/^Subject: .*Pillules|pillules/   REJECT
/^Subject: .*CNN/   REJECT
/^Subject: .*BREAKING NEWS/   REJECT
/^Subject: .*BBC NEWS/   REJECT
/^Subject: .*V en ligne/   REJECT
/^Subject: .*Viagra|viagra|Cialis|cialis|pills|Cialix|Xanax|$%#&!/   REJECT
/^Subject: .*Prada|Adidas|Chanel|Dior|Versace|Hermes|Chloe|Ph.d|Dolce Gabana|Paris Hilton|Britney Spears|Omega|Cartier/   REJECT
/^Subject: .*Veritable Sante/   REJECT
/^Subject: .*Une faible puissance/    REJECT

L'utilisation de ce fichier par Postfix est obtenu avec ce paramètre dans main.cf :

Code: Tout sélectionner

header_checks = regexp:/etc/postfix/header_checks

Je réalise pas mal d'autres contrôles au niveau de Postix. J'arrive à un taux de réjection des spams d'environ 98%.

Effectivement Dspam dans ClarkConnect n'est pas utilisable dans une configuration en relay smtp.

Je n'ai pas encore creusé la question des pluggins parce que la majorité de mes installation concerne des serveur de mails Domino le plus souvent.

Je dois aussi me pencher sur le Grey listing qui me semble une voie très intéressante si c'est bien réalisé.

La valeur 3 est un bon réglage de sensibilité pour Spamassassin. J'ai un peu laissé de côté "l'intelligence" de spamassassin pour le moment.

[sheen]

Tout a fait, le GreyListing se révèle redoutablement efficace et extrêmement simple à mettre en place (Surtout avec ClarkConnect).
Pour le Header_check de Postfix, je vais jeter un œil de plus près je ne m'y suis jamais attardé.

C'est quand même bien dommage qu'on ne puisse pas peaufiner SpamAssassin sur une passerelle : /

[ccnet]

C'est quand même bien dommage qu'on ne puisse pas peaufiner SpamAssassin sur une passerelle : /

Je n'en suis pas certain. La seule chose dont je suis sûr c'est que je ne maitrise pas la question à 100%. Je dois y retravailler.