Julian, [SA-SPAM] and the lovely AWL
MailScanner at ecs.soton.ac.uk
Thu Mar 31 19:41:15 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Are you using the bogus anti-virus warnings ruleset for SpamAssassin? If
so, mail from me will tend to be detected as spam as the patterns just
look for "mailscanner" in the From: address. There are a whole load of
rules to zero out, they are
score VIRUS_WARNING15 0
score VIRUS_WARNING28 0
score VIRUS_WARNING33 0
score VIRUS_WARNING62 0
score VIRUS_WARNING66 0
score VIRUS_WARNING226 0
score VIRUS_WARNING250 0
score VIRUS_WARNING300 0
score VIRUS_WARNING326 0
score VIRUS_WARNING339 0
score VIRUS_WARNING340 0
The AWL files used by MailScanner's SpamAssassin should be in
~root/.spamassassin if you are running MailScanner as root. If not, then
insert the appropriate username. They should be with your bayes files.
Dave Duffner - PSCGi wrote:
>>From: MailScanner mailing list
>>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
>>Sent: Thursday, March 31, 2005 12:56 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: [SA-SPAM] Re: MCP checks for outgoing only
> Ok, finally some sanity!
> Note the original reply from Julian that was tagged
>once again my Spamassassin. For the FIRST time, it's not
>from the AWL!
> This is more an SA issue and for reference sake here
>for those about as insane as I am from screwing with the
>autowhitelist (AWL) settings.
> If you've ever run your MS/SA setup with AWL ON, then
>it's been building up an AWL file in each of your user's
>filebases. One would've thought a more collective database
>might make more sense, but on large volume systems I'm not
>sure if lookups individually would work faster than from a
>collective AWL situation. Small systems, the individual
>approach makes more sense for speed.
> So I went through changing all the locations where
>the AWL should be disabled, saw in our headers is was
>disabled, but yet it would randomly tag mail with an SA
>AWL score of insane positive proportions. Sadly Julian
>seemed to be a fixation for this install, if there's a
>post from him - tagged.
> With no responses here as to how to 'flush' the AWL,
>figuring it's turned off but pulling info from somewhere,
>I set out yesterday to dig through tons of SA/AWL pages
>on the Net. Finally, I located something somewhat irrelevant
>to our situation, but that led me to find those individual
>AWL databases. They are in each domain's user file section,
>once inside their account zone it's /.spamassassin and
>located down inside. Simply called auto-whitelist.
> I went into the account I use for this List and
>found that file, renamed it to the point it'd never be
>located by SA and DONE!
> Only reason Julian's post today was tagged was other
>config items in the rulesets that trigger him slightly over
>the limit and earn the [SA-SPAM] tag we assign. Easily
>fixable. So the bad news is once you kill the AWL feature,
>if you had it running for any period of time you must go
>in and either delete that AWL file for each user in each
>domain on your box, or rename it so it can't be found.
> Now, the only other problem that IS MailScanner
>related and has been mentioned here in the last week is
>that Julian posted several times today and only ONE of
>those was scanned by MS/SA? I see MS tags for SpamCheck,
>gives no results, but it's either passing the mail on as
>OK and then not allowing SA to touch it or it's just mod'ing
>the header with MS info and never processing it? We've
>seen that on a slew of mail, appears it's missing like 25%
>of the traffic. Doesn't sound right.
> We did insert this List into the 'don't touch' conf
>files, but that's also applied at what appears to be random.
> Any thoughts?
>Message scanned by MailScanner, and is believed to be clean.
>CONFIDENTIALITY NOTICE: This transmission intended for the
>specified destination and person. If this is not you, this
>e-mail must be deleted immediately. www.pscginternet.com
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>Support MailScanner development - buy the book off the website!
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner