For a couple of days now I could follow a strange behavior in my mail servers. More and more spam mails were tagged when they were clearly normal ham mails. All these e-mails have something in common: They were sent by an iPhone and didn't contain a subject nor body text, only an attached picture.
The problem is that such mails are now tagged by Razor (who knows why?):
Possible solutions show up. One of them is decreasing the Razor scoring, but as this is the first false-positive I personally see with Razor I don't want to do that. Instead a new spamassassin rule does the job:
header CK_IPHONE_PICTURE ALL =~ /boundary\=Apple\-Mail.*/
describe CK_IPHONE_PICTURE Mail sent by iPhone including picture
score CK_IPHONE_PICTURE -5.0
Of all the affected mails I checked, they all had some header info in common. This rule checks the mails for the Apple-Mail header and scores it a bit lower.