Julian, [SA-SPAM] and the lovely AWL

Julian Field MailScanner at ecs.soton.ac.uk
Thu Mar 31 19:41:15 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Are you using the bogus anti-virus warnings ruleset for SpamAssassin? If
so, mail from me will tend to be detected as spam as the patterns just
look for "mailscanner" in the From: address. There are a whole load of
rules to zero out, they are
score VIRUS_WARNING15   0
score VIRUS_WARNING28   0
score VIRUS_WARNING33   0
score VIRUS_WARNING62   0
score VIRUS_WARNING66   0
score VIRUS_WARNING226  0
score VIRUS_WARNING250  0
score VIRUS_WARNING300  0
score VIRUS_WARNING326  0
score VIRUS_WARNING339  0
score VIRUS_WARNING340  0

The AWL files used by MailScanner's SpamAssassin should be in
~root/.spamassassin if you are running MailScanner as root. If not, then
insert the appropriate username. They should be with your bayes files.

Dave Duffner - PSCGi wrote:

>>-----Original Message-----
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: Thursday, March 31, 2005 12:56 PM
>>Subject: [SA-SPAM] Re: MCP checks for outgoing only
>        Ok, finally some sanity!
>        Note the original reply from Julian that was tagged
>once again my Spamassassin.  For the FIRST time, it's not
>from the AWL!
>        This is more an SA issue and for reference sake here
>for those about as insane as I am from screwing with the
>autowhitelist (AWL) settings.
>        If you've ever run your MS/SA setup with AWL ON, then
>it's been building up an AWL file in each of your user's
>filebases.  One would've thought a more collective database
>might make more sense, but on large volume systems I'm not
>sure if lookups individually would work faster than from a
>collective AWL situation.  Small systems, the individual
>approach makes more sense for speed.
>        So I went through changing all the locations where
>the AWL should be disabled, saw in our headers is was
>disabled, but yet it would randomly tag mail with an SA
>AWL score of insane positive proportions.  Sadly Julian
>seemed to be a fixation for this install, if there's a
>post from him - tagged.
>        With no responses here as to how to 'flush' the AWL,
>figuring it's turned off but pulling info from somewhere,
>I set out yesterday to dig through tons of SA/AWL pages
>on the Net.  Finally, I located something somewhat irrelevant
>to our situation, but that led me to find those individual
>AWL databases.  They are in each domain's user file section,
>once inside their account zone it's /.spamassassin and
>located down inside.  Simply called auto-whitelist.
>        I went into the account I use for this List and
>found that file, renamed it to the point it'd never be
>located by SA and DONE!
>        Only reason Julian's post today was tagged was other
>config items in the rulesets that trigger him slightly over
>the limit and earn the [SA-SPAM] tag we assign.  Easily
>fixable.  So the bad news is once you kill the AWL feature,
>if you had it running for any period of time you must go
>in and either delete that AWL file for each user in each
>domain on your box, or rename it so it can't be found.
>        Now, the only other problem that IS MailScanner
>related and has been mentioned here in the last week is
>that Julian posted several times today and only ONE of
>those was scanned by MS/SA?  I see MS tags for SpamCheck,
>gives no results, but it's either passing the mail on as
>OK and then not allowing SA to touch it or it's just mod'ing
>the header with MS info and never processing it?  We've
>seen that on a slew of mail, appears it's missing like 25%
>of the traffic.  Doesn't sound right.
>        We did insert this List into the 'don't touch' conf
>files, but that's also applied at what appears to be random.
>        Any thoughts?
>        Dave
>Message scanned by MailScanner, and is believed to be clean.
>CONFIDENTIALITY NOTICE:  This transmission intended for the
>specified destination and person.  If this is not you, this
>e-mail must be deleted immediately.     www.pscginternet.com
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>Support MailScanner development - buy the book off the website!

Julian Field
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list