Use Spamassassin - Not working properly

Jim Scott jscott at INFOCONEX.COM
Fri Jul 30 22:58:44 IST 2004 

> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Jim Scott
> > Sent: Friday, July 30, 2004 2:56 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Use Spamassassin - Not working properly
> >
> > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott <jscott at infoconex.com>
> > wrote:
> > Not sure what to look at. We setup a rule in the MailScanner.conf
> > file like this.
> >
> >  /etc/MailScanner/rules/spamassassin.rules
> >
> >  The file contains a couple of test rules.
> >
> >  For example:
> >  FromOrTo:    jscott at infoconex.com   yes
> >  From:    192.168.105.5/24    yes
> >  From:    Customers block     yes
> >
> >  If I send or receive email it gets processed by spamassassin. If
> > I
> >  send an email from the private IP space no matter what my from
> > email
> >  address is it gets scanned by spamassassin as it should.
> >
> >  However my customers IP space nothing is getting processed?
> >
> >  The only thing that is different is that I have 2 IP's bound to
> > this
> >  machine. I have the client use the 2nd IP to relay emails via so
> > I
> >  can monitor traffic generated. The customers has multiple
> > networks
> >  and for each I have the whole /24 added.
> >
> >  Any ideas what to look at?
> >
> >  It sure looks like it should work properly. Just isnt.
> >
> >  Jim
> >
> > Anyone able to help me on this one?
> >
> > Jim
> >
>
> White space or tabs shouldn't matter
> 192.126. or 192.168 or regular expressions should be the same
>
>
> What does "Customers block" in you file represent?
>
> Here is a copy of a file that does work.
>
> # Start of File
> # This file controls which email is scanned for spam
> # and MailScanner security checks
> # Addresses matching in here, with the value
> # "no" will never be marked as spam or be checked by
> # Mailscanner or SpamAssassin checks
> # Use IP addresses whenever possible
> # From this host to allow release from Quarantine
> From:           127.0.0.1       no
> # For somedomain.net & another.com
> From:           192.22.14.19   no
> # From otherdomain.com
> From:           192.143.190.16 no
> # Always, always end with a default rule
> FromOrTo:       default         yes
> # EOF
>
>
> Do read the EXAMPE and README files in %rules-dir%
> Additional documentation available in the MailScanner Manual available at
> www.fsl.com/support
>
> Steve
>
> Stephen Swaney
> President
> Fortress Systems Ltd.
> Steve.Swaney at FSL.com
>
Steve sorry I should not have put "Customers Block" in my example. I was
trying to prevent putting the IP address that is the customers space.


Example File:

FromOrTo:    jscott at infoconex.com    yes   # this rule works - this is my
address and is working
From:            192.168.105.0/24            yes # this rule works - this
internal IP space I tested against
From:            xxx.xxx.xxx.                       yes # Not displaying
customers IP space and instead representing to you as xxx. Actual file does
contain a realy IP notation. this represents the entire class C for that
space.
From:            xxx.xxx.xxx.xxx                yes # added customer
speicific IP. Still not getting scanned
From:            xxx.xxx.xxx.0/24                yes # Same as above but
different notation
FromOrTo:    default                                no # default is to not
scan unless it is listed above

In the examples above in which it is setup for detecting for my customer it
is not scanned for spam. What is odd is it works for jscott at infoconex.com
and I can setup a test account using something else and relay via the
private IP space listed above 192.168.105.0/24 and it detects and scans.
However when email is relayed via customers premises it does not work. The
one thing that may be of issue here is this particular customers locations
use a Transparent SMTP proxy. This customer wants all there locations to
have outbound SMTP transparently sent out the server of there choice instead
of the customers setup SMTP server in the client. This makes it easy to
support since they would not have to have people reconfigure the outbound
SMTP server in some cases. So I am receiving the emails from the SMTP proxy
server. Not sure if all that is relevant but I figured I would add it.

I have also added a specific IP instead of a range from one of the servers
we are receiving emails from. Does not work. I looked at the headers of the
message received since we are using MailWatch (Thanks Steve) and it shows it
was received from the IP we have added. But still no scanning for spam.



Jim

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list