Atomicorp

Running 11.5.30 Update #47 , with qmail scanner , and getting false positives on 5.0 URIBL_RHS_DOB

I tried adding score URIBL_RHS_DOB 0 to /etc/mail/spamassassin/local.cf , with no change and made the same change in /usr/share/spamassassin/local.cf , with no change either.

Where would this have to go to let spamd actually see it?

thats how I'd do it:

score URIBL_RHS_DOB 0.0

and then restart spamassassin

right, but where does it go?

I've tried those two files with no result. does it somehow go in qmailscanner.ini?

find / -name "*local.cf"
/usr/share/spamassassin/local.cf
/etc/mail/spamassassin/local.cf
/var/lib/spamassassin/3.003002/updates_spamassassin_org/local.cf


all three files edited, service spamassassin restart

service spamassassin status shows different PID before and after , yet still it scores 5

Not sure whats going on there then, thats every place its defined. The local.cf would override everything else

I suggest you do something like:

# spamassassin -D --lint > sadebug.txt 2>&1
or
# spamassassin -D < actual-email.txt > sadebug.txt 2>&1

(where actual-email.txt is either a test email or ideally an actual email that's causing the false positive)

And take a look at what files it is loading, why it is scoring etc etc etc

the difference here being spamassassin vs spamc. spamassassin is going to load the config in the context of the user, and not use spamd (this is really useful for debugging). You can run the same test using spamc and if your configs are in sync then the results should be identical. If they are not, then you know that a config setting in the spamd context is your culprit.