Use Spamassassin - Not working properly

Jim Scott jscott at INFOCONEX.COM
Sat Jul 31 01:22:53 IST 2004


> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > Behalf Of Jim Scott
> > Sent: Friday, July 30, 2004 5:59 PM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Use Spamassassin - Not working properly
> >
> > > > -----Original Message-----
> > > > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
On
> > > > Behalf Of Jim Scott
> > > > Sent: Friday, July 30, 2004 2:56 PM
> > > > To: MAILSCANNER at JISCMAIL.AC.UK
> > > > Subject: Re: Use Spamassassin - Not working properly
> > > >
> > > > > On Fri, 30 Jul 2004 09:18:43 -0700, Jim Scott
<jscott at infoconex.com>
> > > > wrote:
> > > > Not sure what to look at. We setup a rule in the MailScanner.conf
> > > > file like this.
> > > >
> > > >  /etc/MailScanner/rules/spamassassin.rules
> > > >
> > > >  The file contains a couple of test rules.
> > > >
> > > >  For example:
> > > >  FromOrTo:    jscott at infoconex.com   yes
> > > >  From:    192.168.105.5/24    yes
> > > >  From:    Customers block     yes
> > > >
> > > >  If I send or receive email it gets processed by spamassassin. If
> > > > I
> > > >  send an email from the private IP space no matter what my from
> > > > email
> > > >  address is it gets scanned by spamassassin as it should.
> > > >
> > > >  However my customers IP space nothing is getting processed?
> > > >
> > > >  The only thing that is different is that I have 2 IP's bound to
> > > > this
> > > >  machine. I have the client use the 2nd IP to relay emails via so
> > > > I
> > > >  can monitor traffic generated. The customers has multiple
> > > > networks
> > > >  and for each I have the whole /24 added.
> > > >
> > > >  Any ideas what to look at?
> > > >
> > > >  It sure looks like it should work properly. Just isnt.
> > > >
> > > >  Jim
> > > >
> > > > Anyone able to help me on this one?
> > > >
> > > > Jim
> > > >
> > >
> > > White space or tabs shouldn't matter
> > > 192.126. or 192.168 or regular expressions should be the same
> > >
> > >
> > > What does "Customers block" in you file represent?
> > >
> > > Here is a copy of a file that does work.
> > >
> > > # Start of File
> > > # This file controls which email is scanned for spam
> > > # and MailScanner security checks
> > > # Addresses matching in here, with the value
> > > # "no" will never be marked as spam or be checked by
> > > # Mailscanner or SpamAssassin checks
> > > # Use IP addresses whenever possible
> > > # From this host to allow release from Quarantine
> > > From:           127.0.0.1       no
> > > # For somedomain.net & another.com
> > > From:           192.22.14.19   no
> > > # From otherdomain.com
> > > From:           192.143.190.16 no
> > > # Always, always end with a default rule
> > > FromOrTo:       default         yes
> > > # EOF
> > >
> > >
> > > Do read the EXAMPE and README files in %rules-dir%
> > > Additional documentation available in the MailScanner Manual available
> > at
> > > www.fsl.com/support
> > >
> > > Steve
> > >
> > > Stephen Swaney
> > > President
> > > Fortress Systems Ltd.
> > > Steve.Swaney at FSL.com
> > >
> > Steve sorry I should not have put "Customers Block" in my example. I was
> > trying to prevent putting the IP address that is the customers space.
> >
> >
> > Example File:
> >
> > FromOrTo:    jscott at infoconex.com    yes   # this rule works - this is
my
> > address and is working
> > From:            192.168.105.0/24            yes # this rule works -
this
> > internal IP space I tested against
> > From:            xxx.xxx.xxx.                       yes # Not displaying
> > customers IP space and instead representing to you as xxx. Actual file
> > does
> > contain a realy IP notation. this represents the entire class C for that
> > space.
> > From:            xxx.xxx.xxx.xxx                yes # added customer
> > speicific IP. Still not getting scanned
> > From:            xxx.xxx.xxx.0/24                yes # Same as above but
> > different notation
> > FromOrTo:    default                                no # default is to
not
> > scan unless it is listed above
> >
> > In the examples above in which it is setup for detecting for my customer
> > it
> > is not scanned for spam. What is odd is it works for
jscott at infoconex.com
> > and I can setup a test account using something else and relay via the
> > private IP space listed above 192.168.105.0/24 and it detects and scans.
> > However when email is relayed via customers premises it does not work.
The
> > one thing that may be of issue here is this particular customers
locations
> > use a Transparent SMTP proxy. This customer wants all there locations to
> > have outbound SMTP transparently sent out the server of there choice
> > instead
> > of the customers setup SMTP server in the client. This makes it easy to
> > support since they would not have to have people reconfigure the
outbound
> > SMTP server in some cases. So I am receiving the emails from the SMTP
> > proxy
> > server. Not sure if all that is relevant but I figured I would add it.
> >
>
> this is probably the problem since the mail sin not really from the relay
> server who is just passing it on transparently. Can you determine a range
of
> Addresses that the clients use?
>
>
> Stephen Swaney
> President
> Fortress Systems Ltd.
> Steve.Swaney at FSL.com

Yes we have the entire range that the client can come from. Even though the
machine always talking to us is the proxy server we have the entire range
added. Also as I mentioned before the header does show the relay server as
the proxy servers IP.

Perhaps I could send you offline an example of what I am seeing?

Jim

>
>
> > I have also added a specific IP instead of a range from one of the
servers
> > we are receiving emails from. Does not work. I looked at the headers of
> > the
> > message received since we are using MailWatch (Thanks Steve) and it
shows
> > it
> > was received from the IP we have added. But still no scanning for spam.
> >
> >
> >
> > Jim
> >

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list