Spamassassin logging scores

Question

I have the Spamassassin 3.4 + Ubuntu 14 + Qmail + Clamav. All are running OK. When a SPAM is detected, it is marked as [spam] and delivered to recipients. Readind the spamd log (mail.log for me), I grep these lines:

Jul 14 17:32:36 mail spamd[2575]: spamd: identified spam (11.3/7.0) for foo.user@foodomain.com.br:89 in 1.9 seconds, 5217 bytes.
Jul 14 17:32:36 mail spamd[2575]: spamd: result: Y 11 - BAYES_00,DCC_CHECK,DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HELO_DYNAMIC_DHCP,HTML_IMAGE_ONLY_24,HTML_IMAGE_RATIO_02,HTML_MESSAGE,MPART_ALT_DIFF,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BRBL_LASTEXT,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL scantime=1.9,size=5217,user=foo.user@foodomain.com.br,uid=89,required_score=7.0,rhost=localhost,raddr=127.0.0.1,rport=46216,mid=<20170714203234.33D342666A8E7@node225.7sete7corp.com>,bayes=0.000000,autolearn=no autolearn_force=no

I understand that spam was marked because reach 11.3 points; on second line, I know that there are de FLAGS/RULES which the spam was marked.

My question: It is possible to change some config on Spamassassin to add individual flag scores to the log?

Spamassassin is sendind the report with the original message attached to the recipients. I know that summary includes the same flags with scores.

It will be usefull for me it these scores could be logged too.

+1 great question! It's very frustrating to not be able to validate that our score changes from the config are taking effect without finding an affected email! Would love to be able to turn logging to "extreme" or whatever and have it log that full report you get in the headers of email marked as spam. — jerclarke, Apr 20 '18 at 21:07

score 0 · Answer 1 · answered Apr 12 '22 at 05:22

0

You need to change spamd (locate at /usr/bin/spamd or /usr/local/bin/spamd) Looking for line number around 2050 to 2060 you will see

my $tests = join(",", sort(grep(length,$status->get_names_of_tests_hit())));

change it to

my $tests = join(",", sort(grep(length,$status->get_names_of_tests_hit_with_scores())));

and then restart spamd and you will see log like this

Apr 12 12:10:33 mail spamd[3108]: spamd: result: .  0 - BAYES_00=-1.9,DKIM_INVALID=0.1,DKIM_SIGNED=0.1,DOS_RCVD_IP_TWICE_B=3.299,HTML_MESSAGE=0.001,KAM_DMARC_STATUS=0.01,RCVD_IN_DNSWL_MED=-2.3,RCVD_IN_MSPIKE_H5=0.001,RCVD_IN_MSPIKE_WL=0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001,T_SCC_BODY_TEXT_LINE=-0.01 scantime=3.1,size=35652,user=mail,uid=8,required_score=12.0,rhost=1.2.3.4,raddr=1.2.3.4,rport=44736,mid=<534734.78070.23526@email.mail.com>,bayes=0.000000,autolearn=no autolearn_force=no,shortcircuit=no

answered Apr 12 '22 at 05:22

Jimmy

1

2

Modifying executables from packages is never a good idea. – Gerald Schneider Apr 12 '22 at 06:19
Is there like a link to the line of that file in question on GitHub, or something? – John Greene Apr 16 '22 at 14:43
latest version of spamd raw file can view at [spamd.raw](https://svn.apache.org/viewvc/spamassassin/branches/3.4/spamd/spamd.raw?revision=1899531&view=markup) also referrence function of permsgstatus [PerMsgStatus.pm](https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/PerMsgStatus.pm?revision=1889731&view=markup) – Jimmy Apr 17 '22 at 02:00

Spamassassin logging scores

1 Answers1