Use Spamassassin - Not working properly

Stephen Swaney steve.swaney at FSL.COM
Sat Jul 31 01:16:35 IST 2004


> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Jim Scott
> Sent: Friday, July 30, 2004 5:59 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Use Spamassassin - Not working properly
>
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > > Behalf Of Jim Scott
> > > Sent: Friday, July 30, 2004 2:56 PM
> > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > Subject: Re: Use Spamassassin - Not working properly
> > >
> > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott <jscott at infoconex.com>
> > > wrote:
> > > Not sure what to look at. We setup a rule in the MailScanner.conf
> > > file like this.
> > >
> > >  /etc/MailScanner/rules/spamassassin.rules
> > >
> > >  The file contains a couple of test rules.
> > >
> > >  For example:
> > >  FromOrTo:    jscott at infoconex.com   yes
> > >  From:    192.168.105.5/24    yes
> > >  From:    Customers block     yes
> > >
> > >  If I send or receive email it gets processed by spamassassin. If
> > > I
> > >  send an email from the private IP space no matter what my from
> > > email
> > >  address is it gets scanned by spamassassin as it should.
> > >
> > >  However my customers IP space nothing is getting processed?
> > >
> > >  The only thing that is different is that I have 2 IP's bound to
> > > this
> > >  machine. I have the client use the 2nd IP to relay emails via so
> > > I
> > >  can monitor traffic generated. The customers has multiple
> > > networks
> > >  and for each I have the whole /24 added.
> > >
> > >  Any ideas what to look at?
> > >
> > >  It sure looks like it should work properly. Just isnt.
> > >
> > >  Jim
> > >
> > > Anyone able to help me on this one?
> > >
> > > Jim
> > >
> >
> > White space or tabs shouldn't matter
> > 192.126. or 192.168 or regular expressions should be the same
> >
> >
> > What does "Customers block" in you file represent?
> >
> > Here is a copy of a file that does work.
> >
> > # Start of File
> > # This file controls which email is scanned for spam
> > # and MailScanner security checks
> > # Addresses matching in here, with the value
> > # "no" will never be marked as spam or be checked by
> > # Mailscanner or SpamAssassin checks
> > # Use IP addresses whenever possible
> > # From this host to allow release from Quarantine
> > From:           127.0.0.1       no
> > # For somedomain.net & another.com
> > From:           192.22.14.19   no
> > # From otherdomain.com
> > From:           192.143.190.16 no
> > # Always, always end with a default rule
> > FromOrTo:       default         yes
> > # EOF
> >
> >
> > Do read the EXAMPE and README files in %rules-dir%
> > Additional documentation available in the MailScanner Manual available
> at
> > www.fsl.com/support
> >
> > Steve
> >
> > Stephen Swaney
> > President
> > Fortress Systems Ltd.
> > Steve.Swaney at FSL.com
> >
> Steve sorry I should not have put "Customers Block" in my example. I was
> trying to prevent putting the IP address that is the customers space.
>
>
> Example File:
>
> FromOrTo:    jscott at infoconex.com    yes   # this rule works - this is my
> address and is working
> From:            192.168.105.0/24            yes # this rule works - this
> internal IP space I tested against
> From:            xxx.xxx.xxx.                       yes # Not displaying
> customers IP space and instead representing to you as xxx. Actual file
> does
> contain a realy IP notation. this represents the entire class C for that
> space.
> From:            xxx.xxx.xxx.xxx                yes # added customer
> speicific IP. Still not getting scanned
> From:            xxx.xxx.xxx.0/24                yes # Same as above but
> different notation
> FromOrTo:    default                                no # default is to not
> scan unless it is listed above
>
> In the examples above in which it is setup for detecting for my customer
> it
> is not scanned for spam. What is odd is it works for jscott at infoconex.com
> and I can setup a test account using something else and relay via the
> private IP space listed above 192.168.105.0/24 and it detects and scans.
> However when email is relayed via customers premises it does not work. The
> one thing that may be of issue here is this particular customers locations
> use a Transparent SMTP proxy. This customer wants all there locations to
> have outbound SMTP transparently sent out the server of there choice
> instead
> of the customers setup SMTP server in the client. This makes it easy to
> support since they would not have to have people reconfigure the outbound
> SMTP server in some cases. So I am receiving the emails from the SMTP
> proxy
> server. Not sure if all that is relevant but I figured I would add it.
>

this is probably the problem since the mail sin not really from the relay
server who is just passing it on transparently. Can you determine a range of
Addresses that the clients use?


Stephen Swaney
President
Fortress Systems Ltd.
Steve.Swaney at FSL.com


> I have also added a specific IP instead of a range from one of the servers
> we are receiving emails from. Does not work. I looked at the headers of
> the
> message received since we are using MailWatch (Thanks Steve) and it shows
> it
> was received from the IP we have added. But still no scanning for spam.
>
>
>
> Jim
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> Fortress Systems Ltd.
> www.fsl.com
>



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list