Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

# spamassassin miscalculate spam scores

Discussion in 'E-mail Discussion' started by djmerlyn, Feb 5, 2009.

1. ### djmerlynWell-Known Member

Joined:
Aug 31, 2004
Messages:
201
1
Trophy Points:
168
I'm trying to figure out this S.A. header;

X-Spam-Status: No, score=3.2
X-Spam-Score: 32

How do you get a spam-score of 32, but a status of NO score=3.2?

Looking at the email, its very clearly defined spam, and rightfully scores a 32. So I'm not understanding this score board in the mail header.

Thanks

#1
2. ### sehhWell-Known Member

Joined:
Feb 11, 2006
Messages:
579
5
Trophy Points:
168
Location:
Europe
some idiot decided to change the way the SA headers work and thought it would be a really cool idea to confuse everyone and break every filter and application out there that relies on the SA headers.

this idiot decided to divide the score by 0.1 in order to get an integer value (3,2/0,1=32).

really kool... not.

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
#2
3. ### cPanelDavidGTechnical Product Specialist

Joined:
Nov 29, 2006
Messages:
11,216
10
Trophy Points:
313
Location:
Houston, TX
cPanel Access Level:
For the purposes of allowing for easier mail filtering (and avoiding all the difficult to diagnose issues introduced by comparing to a decimal number in a mail filter), spam scores are multiplied by 10. This means that the piece of spam, according to Spam Assassin, received a spam score of 3.2. Most people leave the default setting of 5 being the threshold for spam, and since 3.2 is less than 5 numerically, it is flagged as not being spam.

Be mindful that spammers do attempt to manipulate spam filters, so sometimes obvious spam will come in not being flagged as such. An internet search for "jibberish mail spam" returns many useful results for one common tactic used to do this.

#3
4. ### djmerlynWell-Known Member

Joined:
Aug 31, 2004
Messages:
201
1
Trophy Points:
168
I'm not understanding this.

So did spam assassin score it 3.2? Or did spam assassin score it 32?

My initial thought is that first SA would need to score it, before it can be given a status, so the previous statement seemed more accurate about it being divided instead of multiplied.

Or-

A piece of email scored a 32, someone divided the number by 10, then gave it a status. This would make far more sense as to why spam has been coming in- as opposed to the other way around.

Either way, it would be nice if the 2 lined up- more difficult or not.

#4
Last edited: Feb 6, 2009
5. ### sparek-3Well-Known Member

Joined:
Aug 10, 2002
Messages:
1,851
141
Trophy Points:
343
cPanel Access Level:
32 is just 3.2 times 10. That's the correlation between the two. All spam scores are by default a floating point number with 1 decimal spot. That is spam scores could be 3.2, 4.8, 7.9, or 2.0. It is easier to compare integer numbers than to compare floating point numbers. So if you multiple all of these numbers by 10, then you shift the decimal point to the right one spot and therefore do away with the decimal point. 3.2 becomes 32. 4.8 becomes 48. 7.9 becomes 79. 2.0 becomes 20.

Now if your required score is 5.0, it is also multiplied by 10 and becomes 50.

Is 32 > 50 ? No, not spam

Is 48 > 50 ? No, not spam

Is 79 > 50 ? Yes, this is spam

Is 20 > 50 ? No, not spam

#5
6. ### sehhWell-Known Member

Joined:
Feb 11, 2006
Messages:
579
5
Trophy Points:
168
Location:
Europe
Thats just plain stupid, you could as easily compare 3.2 with 5.0, there isn't the slightest difference and all you managed to do is confuse people and break existing filters.

Ever wondered why nobody started whole threads about comparing 3.2 with 5.0? its because it was easy to do and thats what SA is using by default.

Do a search and you'll see how many people are confused about the X*10 scoring and you'll understand why it was a bad idea.

If you can't compare floats then maybe you shouldn't be in this job...

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
#6
7. ### sparek-3Well-Known Member

Joined:
Aug 10, 2002
Messages:
1,851
141
Trophy Points:
343
cPanel Access Level:
I'm just stating the reason for it. If you want to complain to someone, then you need to complain to the SpamAssassin developers and their user group. Though this item has been around, perhaps since SpamAssassin was first created. I don't think you'll get anywhere by complaining to them, its not that difficult to understand.

#7
8. ### sparek-3Well-Known Member

Joined:
Aug 10, 2002
Messages:
1,851
141
Trophy Points:
343
cPanel Access Level:
Actually it does look like this is added by exim in the exim configuration. If you don't want the integer value to be displayed in the headers, just comment or remove the lines:

in the exim configuration using the Advanced Exim Configuration Editor in the WHM. There are two instances of this line.

Though keep in mind that if you have users who are using this information in their individual e-mail applications to sort spam, then those filters will no longer work.

#8
9. ### sehhWell-Known Member

Joined:
Feb 11, 2006
Messages:
579
5
Trophy Points:
168
Location:
Europe
sparek-3, you are wrong, the SA headers haven't changed... ever!

the cPanel developers ignore the SA headers and instead use their own version that does the multiplication of the scoring.

Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
#9
10. ### djmerlynWell-Known Member

Joined:
Aug 31, 2004
Messages:
201
1
Trophy Points:
168
Thank you for the detailed explaination (minus the drama lol).

This does make sense now.

Cheers

#10
11. ### cPanelDavidGTechnical Product Specialist

Joined:
Nov 29, 2006
Messages:
11,216
10
Trophy Points:
313
Location:
Houston, TX
cPanel Access Level: