SpamAssassin Rule Actions

Michael Mansour micoots at yahoo.com
Tue Mar 9 03:33:20 GMT 2010


Hi,

> > From: Michael Mansour <micoots at yahoo.com>
> > Subject: Re: SpamAssassin Rule Actions
> > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Received: Monday, 8 March, 2010, 11:13 PM
> > Hi Jules,
> > 
> > --- On Mon, 8/3/10, Julian Field <MailScanner at ecs.soton.ac.uk>
> > wrote:
> > 
> > > From: Julian Field <MailScanner at ecs.soton.ac.uk>
> > > Subject: Re: SpamAssassin Rule Actions
> > > To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > > Received: Monday, 8 March, 2010, 8:24 PM
> > > Start by looking in your
> > > /var/log/maillog. That will tell you what 
> > > actions it thinks it is trying to do.
> > 
> > Looking in there, when a spam is detected I see:
> > 
> > Mar  8 23:03:48 server MailScanner[29709]: Message
> > o28C3XnG031821 from 119.155.14.213 (vicky41 at yahoo.com)
> > to example.net.au is spam, SpamAssassin (cached,
> > score=26.672, required 5, autolearn=spam, BAYES_99
> 3.50,
> > BOTNET 2.00, CRM114_UNSURE 0.00, FORGED_YAHOO_RCVD
> 2.30,
> > FREEMAIL_EXTRA 1.50, FREEMAIL_FROM 0.50,
> MS_FOUND_SPAMVIRUS
> > 3.00, NIXSPAM_IXHASH 3.00, RAZOR2_CHECK 0.50,
> RCVD_IN_PBL
> > 0.91, RCVD_IN_SORBS_WEB 0.62, RCVD_IN_XBL 3.03,
> RDNS_NONE
> > 0.10, RELAY_RU 2.00, TVD_SPACE_RATIO 2.22, URIBL_SBL
> 1.50)
> > 
> > Mar  8 23:03:48 server MailScanner[29709]: Spam
> > Actions: message o28C3XnG031821 actions are
> > delete,header,store-spam
> > 
> > That Spam Action of "delete,header,store-spam" is from
> my
> > high.scoring.spam.actions.rules file.
> > 
> > So even with this line:
> > 
> > To: default
> SpamScore>10=>store,not-deliver,forward
> > normalspam at domain.com
> > SpamScore>18=>store,not-deliver,forward highspam at domain.com
> > 
> > in the spamassassin.rule.actions.rules file, it
> doesn't
> > seem to trigger the SpamScore forward on the spam
> message?
> > 
> > Any ideas why?
> 
> Since I don't believe my
> /etc/MailScanner/rules/spamassassin.rule.actions.rules file
> is even being read, I decided to change the MailScanner.conf
> and add:
> 
> SpamAssassin Rule Actions =
> SpamScore>10=>store,not-deliver,forward normalspam at domain.com
> SpamScore>18=>store,not-deliver,not-forward normalspam at domain.com,forward
> highspam at domain.com
> 
> The result was, for a 10.34 spam message:
> 
> Mar  9 09:16:56 server sendmail[25330]:
> o28MGQlI024857: to=<highspam at domain.com>,
> delay=00:00:26, xdelay=00:00:00, mailer=esmtp, pri=127118,
> relay=mail.domain.com. [xxx.xxx.xxx.xxx], dsn=2.0.0,
> stat=Sent (o28MGu3F007739 Message accepted for delivery)
> 
> Mar  9 09:16:56 server sendmail[25330]:
> o28MGQlI024857: to=<normalspam at domain.com
> SpamScore>18=>store>, delay=00:00:26,
> xdelay=00:00:00, mailer=esmtp, pri=127118,
> relay=domain.com.spamscore, dsn=5.1.2, stat=Host unknown
> (Name server: domain.com.spamscore: host not found)
> 
> So the rule produced a weird result (even though a
> MailScanner --lint didn't detect problems). In the first
> instance it reported the 10.34 scored message to the highspam at domain.com
> account, in the second instance it tries to find a
> "domain.com.spamscore" hostname.
> 
> At least I know MailScanner does somehow have the facility
> working, although I can't seem to use it in a .rules file.
> 
> The version I'm using BTW is mailscanner-4.79.11-1.noarch
> 
> I'm going to change the rule now to:
> 
> SpamAssassin Rule Actions =
> SpamScore>18=>store,not-deliver,forward highspam at domain.com
> 
> and see what happens.

Just to let you know, the above rule works as shown:

Mar  9 13:56:52 server MailScanner[30075]: Message o292uDeP008415 from 128.175.1.14 (robertmueller at fbi.gov) to example.com is spam, SpamAssassin (not cached, score=18.448, required 5, autolearn=spam, BAYES_99 3.50, CRM114_SPAM 3.00, DATE_IN_PAST_12_24 0.99, FAKE_REPLY_C 2.01, FORGED_MUA_OUTLOOK 3.12, JM_SOUGHT_FRAUD_3 3.00, KAM_LOTTO1 0.50, KAM_LOTTO2 1.00, MSOE_MID_WRONG_CASE 0.82, MS_FOUND_SPAMVIRUS 3.00, PYZOR_CHECK 3.70, RCVD_IN_DNSWL_MED -10.00, SUBJ_ALL_CAPS 2.08, TVD_APPROVED 1.73)

Mar  9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action store in message o292uDeP008415

Mar  9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action not-deliver in message o292uDeP008415

Mar  9 13:56:52 server MailScanner[30075]: SpamAssassin Rule Actions: rule spamscore>18 caused action forward highspam at domain.com in message o292uDeP008415

Mar  9 13:56:52 server MailScanner[30075]: Spam Actions: message o292uDeP008415 actions are store,forward,delete,header,store-spam

It would be good if I could meet my original requirement, to sent SAcore > 10 to normalspam at domain.com and SAscore > 18 to highspam at domain.com

Also not sure why it doesn't work through the .rules file.

Regards,

Michael.

> Regards,
> 
> Michael.



      


More information about the MailScanner mailing list