~/.spamassassin/user_prefs ignored?

[philips]

Hi all,
I have a shared hosting account and for the past couple of months I've been getting 100+ spams daily. I've spot-checked the SpamAssassin headers in a number of them and SA doesn't think they're spam.

Being of geeky persuasion, I tried modifying my ~/.spamassassin/user_prefs to see if I could get SA to do a better job. Strangely, my user_prefs seem to be ignored. For instance, I wanted to see exactly why SA was accepting these spams as ham, so I tried to get it to show its test scores by changing the add_header line to this:

add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_ version=_VERSION_

To my understanding, this should give me a full set of scores in each email I get, but instead I get this in ham emails:

X-Spam-Status: No, score=-1.1
X-Spam-Score: -10
X-Spam-Bar: -
X-Spam-Flag: NO

In spam emails I do get a full report:
X-Spam-Subject: ***SPAM*** Save money. Fix your credit scores.
X-Spam-Status: Yes, score=7.6
X-Spam-Score: 76
X-Spam-Bar: +++++++
X-Spam-Report: Spam detection software, running on the system "deimos.nocdirect.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Need Credit Repair? Restore your credit now! Get Creditcard
Counceling through financial education and debt management. See Your Credit
Score in Seconds! Easy to Read and Viewable Online [...]
Content analysis details: (7.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: saviouroftoday.com]
2.6 SUBJ_YOUR_DEBT Subject contains "Your Bills" or similar
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
1.6 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
-0.2 BAYES_40 BODY: Bayesian spam probability is 20 to 40%
[score: 0.2094]
0.0 HTML_MESSAGE BODY: HTML included in message
1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
X-Spam-Flag: YES


I tried to add my own header like so, but I see no evidence of it:
add_header all Philip _TESTSSCORES(,)_

Now I'm really baffled -- shouldn't I be able to affect SA's operation with ~/.spamassassin/user_prefs?

My user_prefs is below. Any help would be appreciated.

----------------------------------------
required_score 5.0
# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
bayes_auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 1

whitelist_from *@johnsmls.com

add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTSSCORES(,)_ autolearn=_AUTOLEARN_ version=_VERSION_

add_header all Philip _TESTSSCORES(,)_
----------------------------------------


Thanks
Philip

[Vin DSL]

Did you lint your rules?

Code:

spamassassin --lint -D

[philips]

Thanks for the tip. Lots of interesting stuff in there. The only complaints about user_prefs are about lines that cpanel wrote --

[9531] warn: config: failed to parse line, skipping, in "/home/xxxxxxxx/.spamassassin/user_prefs": use_razor2 1
[9531] warn: config: failed to parse line, skipping, in "/home/xxxxxxxx/.spamassassin/user_prefs": use_dcc 1
[9531] warn: config: failed to parse line, skipping, in "/home/xxxxxxxx/.spamassassin/user_prefs": use_pyzor 1


Then at the end there's this --

check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164.


Some Googling suggests that this is due to a broken SA config which might explain all the spam I'm getting.

[Ron]

Fascinating. I'm away from my desk ATM, but I'm gonna check that out when I get back.

I know my user prefs are working and I get my custom reports and values, but I only see the reports in the headers when it reaches the spam threshold.

[codeman38]

I can't test SpamAssassin from the command line either (on olympia.nocdirect.com):

Code:

-jailshell-3.00$ spamassassin < spamtest.txt 
[17132] warn: config: could not find site rules directory
check: no loaded plugin implements 'check_main': cannot scan! at /usr/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/PerMsgStatus.pm line 164.

The same error is returned if I try running spamassassin --lint.

However, it does appear that SpamAssassin is processing mail on the server-- it seems like non-root users don't have read permissions on the config files for local testing or something like that.

[philips]

codeman38, thanks for reminding me to update this with some sort of resolution. I was told that modification of headers for mail from nocdirect is handled by Exim, not SA. exim.conf lives in /etc so it's not something that non-privileged users can access.

[Ron]

My user prefs are working just fine and they modify (well they add my custom report to) the header. What they can't do is rewrite the subject, IIRC.