Introduction
When SpamAssassin scans an email the results are saved to the /var/log/maillog file. This can be used to determine what rules are being triggered by the message.
Procedure
The /var/log/maillog file can be searched or viewed in many different ways. One method is to tail the file while sending a message to see the scan results:
tail -f /var/log/maillog
When the message is sent, lines similar to the following will be displayed.
Spam detected:
spamd: identified spam (6.7/5.0) for cpaneleximscanner:204 in 9.3 seconds, 2840 bytes.
spamd: result: Y 6 - BIGNUM_EMAILS,FREEMAIL_FORGED_REPLYTO,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,TO_NO_BRKTS_HTML_ONLY,URIBL_BLOCKED scantime=9.3,siz
e=2840,user=cpaneleximscanner,uid=204,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=51424,mid=<messageid@domain.tld>,autolearn=no autolearn_force=no,shortcircuit=no
No spam detected:
spamd: clean message (1.4/3.0) for user:1174 in 9.5 seconds, 36731 bytes.
spamd: result: . 1 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,KAM_NUMSUBJECT,KAM_REALLYHUGEIMGSRC,SPF_PASS,URIBL_BLOCKED scantime=9.5,size=36731,user=user,uid=1
174,required_score=3.0,rhost=localhost,raddr=127.0.0.1,rport=51482,mid=<messageid@domain.tld>,autolearn=no autolearn_force=no,shortcircuit=no
The results will display the rules that are trigged such as "FREEMAIL_FORGED_REPLYTO" and "HTML_MESSAGE. These can be used to determine why the message may be detected as spam.