one more thing:
because the pflogsumm contains a lot of the urls from severall blocklists (if you receive a lot of smaps) so the report could be filtered because of some other issues too, like you can see below:
0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
2.1 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
[URIs: moretoodo.com pdibb.com]
3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
on the authors page of pflogsumm he gives some examples how to avoid this, maybe someone can incorporate those tipps into the howto?