Dspam and MailScanner

Mohammed Alli malli at mcrirents.com
Fri Sep 26 18:06:13 IST 2008


Ok guys,

 

I've redone the Dspam db and retrained it with the spamassassin corpus.
Now everything seems to be working fine. However, since
MailWatch\MailScanner doesn't know who the email is coming from, it
can't distinguish between whitelist or blacklist entries.

 

I can see the address in the mail.log or if I go into the message detail
using MailWatch.  The message still gets delivered the same, with the
only difference being the headers that are added.

 

Does anyone know of any Postfix setting that will hide the sender email
address?  

 

Thanks,

 

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Mohammed Alli
Sent: Friday, September 26, 2008 10:23 AM
To: MailScanner discussion
Subject: RE: Dspam and MailScanner

 

Ok guys, I'm at a point now where Mailscanner is logging Dspam headers.
Take a look at the following:

 

Received: from DSPAM-Daemon (localhost [127.0.0.1])
     by xxx.org (Postfix) with SMTP id A7259B83BA
     for <xxx at xxx.com>; Fri, 26 Sep 2008 10:07:43 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
     by xxx.org (Postfix) with ESMTP id 8AC9DB83B8
     for < xxx at xxx.com>; Fri, 26 Sep 2008 10:07:43 -0400 (EDT)
Received: from xxx.org ([127.0.0.1])
     by localhost (xxx.org [127.0.0.1]) (amavisd-new, port 10024)
     with ESMTP id oF2FtsAbUmen for < xxx at xxx.com>;
     Fri, 26 Sep 2008 10:07:42 -0400 (EDT)
Received: from 121.189.88.200.d.dyn.codetel.net.do (unknown
[200.88.189.121])
     by xxx.org (Postfix) with ESMTP
     for < xxx at xxx.com>; Fri, 26 Sep 2008 10:07:42 -0400 (EDT)
Message-ID: <000a01c91fe2$067c51fd$1a8a0592 at ddlaqctm>
From: "Normal Sexual" < xxx at xxx.com>
To: "Treat erectile dysfunction online now" < xxx at xxx.com>
Subject: Drug Erectile
Date: Fri, 26 Sep 2008 12:27:26 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
     boundary="----=_NextPart_000_0007_01C91FE2.06791D0F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Fri Sep 26 10:07:43 2008
X-DSPAM-Confidence: 0.9990
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 48dcecaf205628863029213

 

[
<http://server1.mcrirents.org/mailscanner/detail.php?id=A7259B83BA.77A0F
> ]

09/26/08
10:07:52

 

xxx at xxx.com

Drug Erectile

3.4Kb

35.72

Spam

 

Spam Report:

Score

Matching Rule

Description

cached 

not

 

 

score=35.718

 

4.5 

required

 

 

autolearn=spam

 

3.50

BAYES_99

Bayesian spam probability is 99 to 100%

2.17

DCC_CHECK

Listed in DCC (http://rhyolite.com/anti-spam/dcc/)

0.00

DIGEST_MULTIPLE

Message hits more than one network digest check

0.28

DRUGS_ERECTILE

Refers to an erectile drug

-0.25 

DSPAM_HAM

 

4.39

HELO_DYNAMIC_IPADDR2

Relay HELO'd using suspicious hostname (IP addr 2)

 

 

I had to implement Amavisd-new and Dspam as a pre-queue scanner.  The
mail is then reinjected back into the queue, where MailScanner picks it
up.  I can see it logging using Mailwatch, but the From To line is
blank, although if I go into details I can see it.  MailScanner is even
using a rule I have setup in my local.cf for Dspam results.  If the mail
is spam, it assigns a score and if it's ham, it gives it a negative
score.  

 

I do have a problem with Dspam being inaccurate, as you can see from the
example above.  Guess I'll have to retrain it or dump the db and start
over.

 

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Neuman van der Hans
Sent: Thursday, September 25, 2008 10:00 AM
To: MailScanner discussion
Subject: Re: Dspam and MailScanner

 

How about giving a step by step of what you did? That way those of us
who haven't tried it can, and those who have might make suggestions...
Remember to include things like os, mta, etc. - if it's too long you can
use the wiki or pastebin. 

---

 

Alex Neuman

Reliant Technologies

+507 6781-9505

Skype: alexneuman


On Sep 25, 2008, at 10:44 AM, "Mohammed Alli" <malli at mcrirents.com>
wrote:

	Guys,

	 

	I've gotten Dspam working with my MailScanner setup on Ubuntu.
I can see both MailScanner and Dspam headers added to my messages.
Dspam is tagging missed messages as **SPAM**, per my setup.  I just
don't know how to combine the 2 scores.  I tried the Spamassassin perl
module for Dspam, but it doesn't work either and requires Amavisd-new to
combine the scores.

	 

	I tried Dspam as a GenericSpamScanner, but I couldn't tell if it
was working as I didn't see anything in the mail.log.

	 

	Any suggestions?

	 

	 

	 

	-- 
	MailScanner mailing list
	mailscanner at lists.mailscanner.info
	http://lists.mailscanner.info/mailman/listinfo/mailscanner
	
	Before posting, read <http://wiki.mailscanner.info/posting>
http://wiki.mailscanner.info/posting
	
	Support MailScanner development - buy the book off the website! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080926/9b2318ee/attachment-0001.html


More information about the MailScanner mailing list