SpamAssassin treats every email as being whitelisted

Thu Sep 21 15:33:41 IST 2006

alexp at beautybase.com wrote:
> how do i empty SpamAssassin results cache??  I have removed phishing
> whitelist but is still whitelists everething...
> 
> 
> Sep 21 13:50:05 mx1 MailScanner[3335]: MailScanner E-Mail Virus Scanner
> version 4.55.10 starting...
> Sep 21 13:50:05 mx1 MailScanner[3335]: Could not read phishing whitelist file
> Sep 21 13:50:06 mx1 MailScanner[3335]: Using SpamAssassin results cache
> Sep 21 13:50:06 mx1 MailScanner[3335]: Connected to SpamAssassin cache
> database
> Sep 21 13:50:06 mx1 MailScanner[3335]: Enabling SpamAssassin
> auto-whitelist functionality...
> 
> 
> 
> 
>> My MailScanner starting
>>
>> Sep 21 13:23:44 mx1 MailScanner[1977]: MailScanner E-Mail Virus Scanner
>> version 4.55.10 starting...
>> Sep 21 13:23:45 mx1 MailScanner[1977]: Read 748 hostnames from the
>> phishing whitelist
>> Sep 21 13:23:47 mx1 MailScanner[1977]: Using SpamAssassin results cache
>> Sep 21 13:23:47 mx1 MailScanner[1977]: Connected to SpamAssassin cache
>> database
>> Sep 21 13:23:47 mx1 MailScanner[1977]: Enabling SpamAssassin
>> auto-whitelist functionality...
>>
>> it looks like Mailscanner makes this wrongly
>>
>> the file pointed to by your "Is Definitely Not Spam" configuration
>> in /etc/MailScanner/MailScanner.conf has the follwng stucture
>>
>> FromOrTo:       *@inbox.ru      yes
>> FromOrTo:       *@microdental.com       yes
>>
>>
>>
>>
>>
>>
>>
>>> That's not SpamAssassin declaring the message whitelisted. MailScanner
>>> is.
>>>
>>> A SA whitelist will show up as a rule hit named USER_IN_WHITELIST.
>>>
>>> Check the file pointed to by your "Is Definitely Not Spam" configuration
>>> in /etc/MailScanner/MailScanner.conf
>>>
>>> alexp at beautybase.com wrote:
>>>> I had my system consisting of Mailscanner Version 4.55.10-3 + postfix+
>>>> ClamAV 0.88.4 + SpamAssassin 3.1.5  working fine until my spam assassin
>>>> started treating all the mail as being whitelisted. I have not changed
>>>> anything, any configuration at all.
>>>>
>>>> this  is how my mail log looks like
>>>> Sep 21 12:59:31 mx1 MailScanner[7021]: New Batch: Scanning 1 messages,
>>>> 1917 bytes
>>>> Sep 21 12:59:31 mx1 MailScanner[7021]: Spam Checks: Starting
>>>> Sep 21 12:59:31 mx1 MailScanner[7021]: Message 11A222200D8.D9718 from
>>>> 217.160.173.36 (666ieit at sentinel-online.co.uk) is whitelisted
>>>> Sep 21 12:59:31 mx1 MailScanner[7021]: Virus and Content Scanning:
>>>> Starting
>>>> Sep 21 12:59:32 mx1 MailScanner[7021]: Requeue: 11A222200D8.D9718 to
>>>> 258942200DB
>>>> Sep 21 12:59:32 mx1 postfix/qmgr[6954]: 258942200DB:
>>>> from=<666ieit at sentinel-online.co.uk>, size=1467, nrcpt=1 (queue active)
>>>> Sep 21 12:59:32 mx1 MailScanner[7021]: Uninfected: Delivered 1 messages
>>>> S
>>>>
>>>>
>>>> before it would have been
>>>>
>>>> Sep 17 04:09:28 mx1 MailScanner[3132]: New Batch: Scanning 1 messages,
>>>> 3363 bytes
>>>> Sep 17 04:09:28 mx1 MailScanner[3132]: Spam Checks: Starting
>>>> Sep 17 04:09:40 mx1 MailScanner[6109]: Message F2A562200F5 from
>>>> 63.170.10.91 (suzuki at jtrealty.com) to beautybase.com is spam,
>>>> SpamAssassin
>>>> (score=11.659, requ
>>>> ired 5, BAYES_99, HTML_MESSAGE, SPF_HELO_SOFTFAIL, UPPERCASE_25_50,
>>>> URIBL_JP_SURBL, URIBL_SBL)
>>>> Sep 17 04:09:45 mx1 MailScanner[6109]: Spam Checks: Found 1 spam
>>>> messages
>>>> Sep 17 04:09:46 mx1 MailScanner[6109]: Spam Actions: message
>>>> F2A562200F5
>>>> actions are deliver
>>>>
>>>>
>>>> Please help
>>>>

Alex

this looks like the Spamassassin autowhitelist being too enthusiastic.

I never recommend running it as I find it's too friendly (other peoples 
experience differs).
Turn it off by not loading the plugin in /etc/mail/spamassassin/init.pre 
(ie comment the autowhitlist load line out).

-- 
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************