Spam over the max allowed score still slips through!!!
Remco Barendse
mailscanner at BARENDSE.TO
Mon May 17 12:44:51 IST 2004
This is in my MailScanner.conf
High SpamAssassin Score = 8
Spam Actions = striphtml deliver
High Scoring Spam Actions = striphtml forward root at mydomain.com
Non Spam Actions = deliver
This is my MCP config:
MCP Checks = yes
MCP Required SpamAssassin Score = 1
MCP High SpamAssassin Score = 10
MCP Error Score = 1
MCP Header = X-MailScanner-MCPCheck:
Non MCP Actions = deliver
MCP Actions = delete
High Scoring MCP Actions = delete
Is Definitely MCP = no
Is Definitely Not MCP = %rules-dir%/mcp.check.rules
Definite MCP Is High Scoring = no
Always Include MCP Report = yes
Detailed MCP Report = yes
Include Scores In MCP Report = yes
Log MCP = yes
MCP Max SpamAssassin Timeouts = 20
MCP Max SpamAssassin Size = 100000
MCP SpamAssassin Timeout = 10
MCP SpamAssassin Prefs File = %mcp-dir%/mcp.spam.assassin.prefs.conf
MCP SpamAssassin User State Dir =
MCP SpamAssassin Local Rules Dir = %mcp-dir%
MCP SpamAssassin Default Rules Dir = %mcp-dir%
MCP SpamAssassin Install Prefix = %mcp-dir%
Recipient MCP Report = %report-dir%/en/recipient.mcp.report.txt
Sender MCP Report = %report-dir%/en/sender.mcp.report.txt
I assumed that spam scanning and mcp scanning are completely different,
separated issues and that the mail would first be checked for MCP and
after that a spam check is done whereby either of the 2 scans can remove
the mail from the queue to be delivered. Judging by your e-mail my
assumption is wrong?
On Mon, 17 May 2004, Julian Field wrote:
> At 07:56 17/05/2004, you wrote:
> >OK, so I set my high scoring spam actions to forward
> >postmaster at mydomain.com
> >
> >Still those mails are being delivered grrrrrrrrr
> >
> >The headers are identical, no changes, the score is way above my
> >acceptable limit and it is delivered without a complaint, no reference to
> >any whitelisting.
> >
> >The linux box I am forwarding the re-routed mails to is the same box that
> >has a rule in mailertables to route all mail through to the exchange
> >server. Could this be the problem? I *suspect* MailScanner thinks that the
> >mail has already been checked by this server and is passed on for further
> >delivery.
>
> MailScanner doesn't use anything in the headers to determine what it should do.
>
> >One would expect this to happen with virii too then, but this is not the
> >case.
>
> MCP saying it should deliver the message? What are all your spam actions
> and mcp actions settings?
> It's not trivial to work out what you actually want to do with the message
> when the spam actions and mcp actions conflict.
>
>
> >Ideas anyone?
> >
> >
> >On Fri, 14 May 2004, Julian Field wrote:
> >
> > > At 14:41 14/05/2004, you wrote:
> > > >This makes sense too, sort of but MailScanner.conf clearly states:
> > > ># forward user at domain.com - forward a copy of the message to
> > > >user at domain.com
> > > >
> > > >Forwarding a COPY implies that the original will still be delivered?
> > >
> > > No. "deliver" is the only way of sending the (possibly mutated) mail to the
> > > original recipient.
> > >
> > >
> > > >This is why I added the delete rule
> > > >
> > > >On Fri, 14 May 2004, Spicer, Kevin wrote:
> > > >
> > > > > Remco Barendse wrote:
> > > > > > OK, that makes sense, sort of.
> > > > > >
> > > > > > Do you mean I should reverse the actions order then or does it mean
> > > > > > that a combination of delete and forward is never possible??
> > > > > >
> > > > > > Would :
> > > > > > striphtml forward root at mydomain.com delete
> > > > > > do what I want??
> > > > >
> > > > > No.
> > > > >
> > > > > Why are you stripping html if you are not delivering to users, this is
> > > > surely creating unecessary load for your servers. Why not just
> > > > >
> > > > > forward root at mydomain.com
> > > > >
> > > > > If you _really_ want to striphtml then
> > > > >
> > > > > striphtml forward root at mydomain.com
> > > > >
> > > > > (even then I'm not sure that forward won't take effect before the
> > > > striphtml) They should not be delivered to end users unless you add
> > > > 'deliver' to the list of options.
> > > > >
> > > > >
> > > > >
> > > > > BMRB International
> > > > > http://www.bmrb.co.uk
> > > > > +44 (0)20 8566 5000
> > > > > _________________________________________________________________
> > > > > This message (and any attachment) is intended only for the
> > > > > recipient and may contain confidential and/or privileged
> > > > > material. If you have received this in error, please contact the
> > > > > sender and delete this message immediately. Disclosure, copying
> > > > > or other action taken in respect of this email or in
> > > > > reliance on it is prohibited. BMRB International Limited
> > > > > accepts no liability in relation to any personal emails, or
> > > > > content of any email which does not directly relate to our
> > > > > business.
> > > > >
> > > > > -------------------------- MailScanner list ----------------------
> > > > > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > > > Before posting, please see the Most Asked Questions at
> > > > > http://www.mailscanner.biz/maq/ and the archives at
> > > > > http://www.jiscmail.ac.uk/lists/mailscanner.html
> > > > >
> > > >
> > > >-------------------------- MailScanner list ----------------------
> > > >To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > >Before posting, please see the Most Asked Questions at
> > > >http://www.mailscanner.biz/maq/ and the archives at
> > > >http://www.jiscmail.ac.uk/lists/mailscanner.html
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> > >
> > > -------------------------- MailScanner list ----------------------
> > > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > Before posting, please see the Most Asked Questions at
> > > http://www.mailscanner.biz/maq/ and the archives at
> > > http://www.jiscmail.ac.uk/lists/mailscanner.html
> > >
> >
> >-------------------------- MailScanner list ----------------------
> >To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> >Before posting, please see the Most Asked Questions at
> >http://www.mailscanner.biz/maq/ and the archives at
> >http://www.jiscmail.ac.uk/lists/mailscanner.html
>
> --
> Julian Field
> www.MailScanner.info
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list