SpamAssassin Rule Actions

Michael Mansour micoots at yahoo.com
Mon Mar 8 23:40:58 GMT 2010


Hi,

--- On Mon, 8/3/10, Michael Mansour <micoots at yahoo.com> wrote:

> From: Michael Mansour <micoots at yahoo.com>
> Subject: Re: SpamAssassin Rule Actions
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Received: Monday, 8 March, 2010, 11:13 PM
> Hi Jules,
> 
> --- On Mon, 8/3/10, Julian Field <MailScanner at ecs.soton.ac.uk>
> wrote:
> 
> > From: Julian Field <MailScanner at ecs.soton.ac.uk>
> > Subject: Re: SpamAssassin Rule Actions
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Received: Monday, 8 March, 2010, 8:24 PM
> > Start by looking in your
> > /var/log/maillog. That will tell you what 
> > actions it thinks it is trying to do.
> 
> Looking in there, when a spam is detected I see:
> 
> Mar  8 23:03:48 server MailScanner[29709]: Message
> o28C3XnG031821 from 119.155.14.213 (vicky41 at yahoo.com)
> to example.net.au is spam, SpamAssassin (cached,
> score=26.672, required 5, autolearn=spam, BAYES_99 3.50,
> BOTNET 2.00, CRM114_UNSURE 0.00, FORGED_YAHOO_RCVD 2.30,
> FREEMAIL_EXTRA 1.50, FREEMAIL_FROM 0.50, MS_FOUND_SPAMVIRUS
> 3.00, NIXSPAM_IXHASH 3.00, RAZOR2_CHECK 0.50, RCVD_IN_PBL
> 0.91, RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03, RDNS_NONE
> 0.10, RELAY_RU 2.00, TVD_SPACE_RATIO 2.22, URIBL_SBL 1.50)
> 
> Mar  8 23:03:48 server MailScanner[29709]: Spam
> Actions: message o28C3XnG031821 actions are
> delete,header,store-spam
> 
> That Spam Action of "delete,header,store-spam" is from my
> high.scoring.spam.actions.rules file.
> 
> So even with this line:
> 
> To: default SpamScore>10=>store,not-deliver,forward
> normalspam at domain.com
> SpamScore>18=>store,not-deliver,forward highspam at domain.com
> 
> in the spamassassin.rule.actions.rules file, it doesn't
> seem to trigger the SpamScore forward on the spam message?
> 
> Any ideas why?

Since I don't believe my /etc/MailScanner/rules/spamassassin.rule.actions.rules file is even being read, I decided to change the MailScanner.conf and add:

SpamAssassin Rule Actions = SpamScore>10=>store,not-deliver,forward normalspam at domain.com SpamScore>18=>store,not-deliver,not-forward normalspam at domain.com,forward highspam at domain.com

The result was, for a 10.34 spam message:

Mar  9 09:16:56 server sendmail[25330]: o28MGQlI024857: to=<highspam at domain.com>, delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118, relay=mail.domain.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (o28MGu3F007739 Message accepted for delivery)

Mar  9 09:16:56 server sendmail[25330]: o28MGQlI024857: to=<normalspam at domain.com SpamScore>18=>store>, delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118, relay=domain.com.spamscore, dsn=5.1.2, stat=Host unknown (Name server: domain.com.spamscore: host not found)

So the rule produced a weird result (even though a MailScanner --lint didn't detect problems). In the first instance it reported the 10.34 scored message to the highspam at domain.com account, in the second instance it tries to find a "domain.com.spamscore" hostname.

At least I know MailScanner does somehow have the facility working, although I can't seem to use it in a .rules file.

The version I'm using BTW is mailscanner-4.79.11-1.noarch

I'm going to change the rule now to:

SpamAssassin Rule Actions = SpamScore>18=>store,not-deliver,forward highspam at domain.com

and see what happens.

Regards,

Michael.

> Thanks.
> 
> Michael.
> 
> > On 06/03/2010 01:24, Michael Mansour wrote:
> > > Hi,
> > >
> > > I'm currently in the process of testing this and
> it
> > doesn't seem to be working for me.
> > >
> > > This is the rule I put in place:
> > >
> > > To: *@*
> SpamScore>20=>store,not-deliver,forward
> > some at email.address.com
> > >
> > > In my file:
> > >
> > > spamassassin.rule.actions.rules
> > >
> > > Referenced from:
> > >
> > > SpamAssassin Rule Actions =
> > %rules-dir%/spamassassin.rule.actions.rules
> > >
> > > But when I get spam greater than a score of 20,
> some at email.address.com
> > doesn't get the email?
> > >
> > > Any ideas how I could trouble-shoot this?
> > >
> > > Thanks.
> > >
> > > Michael.
> > >
> > >
> > >
> > >
> > >    
> > 
> > Jules
> > 
> > -- 
> > Julian Field MEng CITP CEng
> > www.MailScanner.info
> > Buy the MailScanner book at
> www.MailScanner.info/store
> > 
> > Need help customising MailScanner?
> > Contact me!
> > Need help fixing or optimising your systems?
> > Contact me!
> > Need help getting you started solving new requirements
> from
> > your boss?
> > Contact me!
> > 
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
> 1415
> > B654
> > Follow me at twitter.com/JulesFM and
> > twitter.com/MailScanner
> > 
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > 
> > -- 
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > 
> > Before posting, read http://wiki.mailscanner.info/posting
> > 
> > Support MailScanner development - buy the book off
> the
> > website! 
> > 
> 
> 
> 
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the
> website!
> 


      


More information about the MailScanner mailing list