Dspam and MailScanner
Mohammed Alli
malli at mcrirents.com
Fri Sep 26 18:06:13 IST 2008
Ok guys,
I've redone the Dspam db and retrained it with the spamassassin corpus.
Now everything seems to be working fine. However, since
MailWatch\MailScanner doesn't know who the email is coming from, it
can't distinguish between whitelist or blacklist entries.
I can see the address in the mail.log or if I go into the message detail
using MailWatch. The message still gets delivered the same, with the
only difference being the headers that are added.
Does anyone know of any Postfix setting that will hide the sender email
address?
Thanks,
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
Mohammed Alli
Sent: Friday, September 26, 2008 10:23 AM
To: MailScanner discussion
Subject: RE: Dspam and MailScanner
Ok guys, I'm at a point now where Mailscanner is logging Dspam headers.
Take a look at the following:
Received: from DSPAM-Daemon (localhost [127.0.0.1])
by xxx.org (Postfix) with SMTP id A7259B83BA
for <xxx at xxx.com>; Fri, 26 Sep 2008 10:07:43 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
by xxx.org (Postfix) with ESMTP id 8AC9DB83B8
for < xxx at xxx.com>; Fri, 26 Sep 2008 10:07:43 -0400 (EDT)
Received: from xxx.org ([127.0.0.1])
by localhost (xxx.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id oF2FtsAbUmen for < xxx at xxx.com>;
Fri, 26 Sep 2008 10:07:42 -0400 (EDT)
Received: from 121.189.88.200.d.dyn.codetel.net.do (unknown
[200.88.189.121])
by xxx.org (Postfix) with ESMTP
for < xxx at xxx.com>; Fri, 26 Sep 2008 10:07:42 -0400 (EDT)
Message-ID: <000a01c91fe2$067c51fd$1a8a0592 at ddlaqctm>
From: "Normal Sexual" < xxx at xxx.com>
To: "Treat erectile dysfunction online now" < xxx at xxx.com>
Subject: Drug Erectile
Date: Fri, 26 Sep 2008 12:27:26 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C91FE2.06791D0F"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2727.1300
X-DSPAM-Result: Innocent
X-DSPAM-Processed: Fri Sep 26 10:07:43 2008
X-DSPAM-Confidence: 0.9990
X-DSPAM-Probability: 0.0000
X-DSPAM-Signature: 48dcecaf205628863029213
[
<http://server1.mcrirents.org/mailscanner/detail.php?id=A7259B83BA.77A0F
> ]
09/26/08
10:07:52
xxx at xxx.com
Drug Erectile
3.4Kb
35.72
Spam
Spam Report:
Score
Matching Rule
Description
cached
not
score=35.718
4.5
required
autolearn=spam
3.50
BAYES_99
Bayesian spam probability is 99 to 100%
2.17
DCC_CHECK
Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.00
DIGEST_MULTIPLE
Message hits more than one network digest check
0.28
DRUGS_ERECTILE
Refers to an erectile drug
-0.25
DSPAM_HAM
4.39
HELO_DYNAMIC_IPADDR2
Relay HELO'd using suspicious hostname (IP addr 2)
I had to implement Amavisd-new and Dspam as a pre-queue scanner. The
mail is then reinjected back into the queue, where MailScanner picks it
up. I can see it logging using Mailwatch, but the From To line is
blank, although if I go into details I can see it. MailScanner is even
using a rule I have setup in my local.cf for Dspam results. If the mail
is spam, it assigns a score and if it's ham, it gives it a negative
score.
I do have a problem with Dspam being inaccurate, as you can see from the
example above. Guess I'll have to retrain it or dump the db and start
over.
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Alex
Neuman van der Hans
Sent: Thursday, September 25, 2008 10:00 AM
To: MailScanner discussion
Subject: Re: Dspam and MailScanner
How about giving a step by step of what you did? That way those of us
who haven't tried it can, and those who have might make suggestions...
Remember to include things like os, mta, etc. - if it's too long you can
use the wiki or pastebin.
---
Alex Neuman
Reliant Technologies
+507 6781-9505
Skype: alexneuman
On Sep 25, 2008, at 10:44 AM, "Mohammed Alli" <malli at mcrirents.com>
wrote:
Guys,
I've gotten Dspam working with my MailScanner setup on Ubuntu.
I can see both MailScanner and Dspam headers added to my messages.
Dspam is tagging missed messages as **SPAM**, per my setup. I just
don't know how to combine the 2 scores. I tried the Spamassassin perl
module for Dspam, but it doesn't work either and requires Amavisd-new to
combine the scores.
I tried Dspam as a GenericSpamScanner, but I couldn't tell if it
was working as I didn't see anything in the mail.log.
Any suggestions?
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read <http://wiki.mailscanner.info/posting>
http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080926/9b2318ee/attachment-0001.html
More information about the MailScanner
mailing list