How to determine which spam rules are triggered and why for given samples

  • Article ID: 12495
  • Updated: 17 Feb 2010

You can scan a sample email message in mbox format with the pmx-spam command to see which anti-spam rules have triggered. This is a great tool for verifying whether a specific message should be caught by the Sophos Anti-Spam Engine.

What to do

Pass your sample message to the pmx-spam command.

For example, to test sample file '4' at /opt/pmx/etc/data/samples/spam/, then, as the 'pmx'user, run:

pmx-spam scan /opt/pmx/etc/data/samples/spam/4

The output shows which anti-spam rules are hit, and the content that triggers each anti-spam rule.

Output sample:

Scanning /opt/pmx/etc/data/samples/spam/4#1
GTUBE: w+=10.000 pd+=00.000 t=+10.000 [XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X]
LINES_OF_YELLING_3: w+=00.671 pd+=00.000 t=+10.671
NO_REAL_NAME: w+=00.000 pd+=00.000 t=+10.671 [banditofrito2000@yahoo.com]
PRIORITY_NO_NAME: w+=00.716 pd+=00.000 t=+11.387
RCVD_IN_NJABL_ORG: w+=00.000 pd+=00.000 t=+11.387 [148.48.4.4.dnsbl.njabl.org]
X_ENC_PRESENT: w+=04.400 pd+=00.000 t=+15.787 [M]
X_NJABL_DUL: w+=01.000 pd+=00.000 t=+16.787
Summary: total=16.787 pdelta=0.000 p=100%

Useful tips:

  • If you have multiple samples to scan, enter them one after another.
  • If you want to scan all samples in a directory, enter the directory path.
  • You normally do not need to use the verbose option. The defaults provide everything you need to know most of the time.
  • 'w', 'pd' and 't' are the 'weight' of the spam rule, the 'probability adjust' of the spam rule and the running total. The last 't' is the 'total' in the 'Summary' line.

If you need more information or guidance, then please contact Technical Support.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments