The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

spamassassin miscalculate spam scores

Discussion in 'E-mail Discussions' started by djmerlyn, Feb 5, 2009.

  1. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    I'm trying to figure out this S.A. header;

    X-Spam-Status: No, score=3.2
    X-Spam-Score: 32

    How do you get a spam-score of 32, but a status of NO score=3.2?

    Looking at the email, its very clearly defined spam, and rightfully scores a 32. So I'm not understanding this score board in the mail header.

    Thanks
     
  2. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    some idiot decided to change the way the SA headers work and thought it would be a really cool idea to confuse everyone and break every filter and application out there that relies on the SA headers.

    this idiot decided to divide the score by 0.1 in order to get an integer value (3,2/0,1=32).

    really kool... not.
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    For the purposes of allowing for easier mail filtering (and avoiding all the difficult to diagnose issues introduced by comparing to a decimal number in a mail filter), spam scores are multiplied by 10. This means that the piece of spam, according to Spam Assassin, received a spam score of 3.2. Most people leave the default setting of 5 being the threshold for spam, and since 3.2 is less than 5 numerically, it is flagged as not being spam.

    Be mindful that spammers do attempt to manipulate spam filters, so sometimes obvious spam will come in not being flagged as such. An internet search for "jibberish mail spam" returns many useful results for one common tactic used to do this.
     
  4. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    I'm not understanding this.

    So did spam assassin score it 3.2? Or did spam assassin score it 32?

    My initial thought is that first SA would need to score it, before it can be given a status, so the previous statement seemed more accurate about it being divided instead of multiplied.

    Or-

    A piece of email scored a 32, someone divided the number by 10, then gave it a status. This would make far more sense as to why spam has been coming in- as opposed to the other way around.

    Either way, it would be nice if the 2 lined up- more difficult or not.
     
    #4 djmerlyn, Feb 6, 2009
    Last edited: Feb 6, 2009
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    32 is just 3.2 times 10. That's the correlation between the two. All spam scores are by default a floating point number with 1 decimal spot. That is spam scores could be 3.2, 4.8, 7.9, or 2.0. It is easier to compare integer numbers than to compare floating point numbers. So if you multiple all of these numbers by 10, then you shift the decimal point to the right one spot and therefore do away with the decimal point. 3.2 becomes 32. 4.8 becomes 48. 7.9 becomes 79. 2.0 becomes 20.

    Now if your required score is 5.0, it is also multiplied by 10 and becomes 50.

    Is 32 > 50 ? No, not spam

    Is 48 > 50 ? No, not spam

    Is 79 > 50 ? Yes, this is spam

    Is 20 > 50 ? No, not spam
     
  6. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Thats just plain stupid, you could as easily compare 3.2 with 5.0, there isn't the slightest difference and all you managed to do is confuse people and break existing filters.

    Ever wondered why nobody started whole threads about comparing 3.2 with 5.0? its because it was easy to do and thats what SA is using by default.

    Do a search and you'll see how many people are confused about the X*10 scoring and you'll understand why it was a bad idea.

    If you can't compare floats then maybe you shouldn't be in this job...
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I'm just stating the reason for it. If you want to complain to someone, then you need to complain to the SpamAssassin developers and their user group. Though this item has been around, perhaps since SpamAssassin was first created. I don't think you'll get anywhere by complaining to them, its not that difficult to understand.
     
  8. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Actually it does look like this is added by exim in the exim configuration. If you don't want the integer value to be displayed in the headers, just comment or remove the lines:

    add_header = X-Spam-Score: $spam_score_int

    in the exim configuration using the Advanced Exim Configuration Editor in the WHM. There are two instances of this line.

    Though keep in mind that if you have users who are using this information in their individual e-mail applications to sort spam, then those filters will no longer work.
     
  9. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    sparek-3, you are wrong, the SA headers haven't changed... ever!

    the cPanel developers ignore the SA headers and instead use their own version that does the multiplication of the scoring.
     
  10. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    Thank you for the detailed explaination (minus the drama lol).

    This does make sense now.

    Cheers
     
  11. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Keep in mind, novice users do set mail rules. Additionally, comparisons to scores are string comparisons. Therefore a comparison of 3.2 > 5 would return true as it is a string comparison. Note that I used 5, not the moderately non-intuitive (for novices) 5.0.

    Integer comparisons are easier since novice users wont need to understand the intricacies of string comparison since 32 > 50 is false both in numerical and string comparisons.

    I'm not taking any sides on this debate, just presenting some facts that haven't yet been presented :).
     
Loading...

Share This Page