MS not scanning for spam and Spam Header missing! (FreeBSD 8)

Martin Hepworth maxsec at gmail.com
Wed Mar 16 15:03:34 GMT 2011 

I'd

1) double check the postfix setup and make sure it's all good.
2) Don't use the spamlist here but either in the MTA ot as part of the
scoring in SA, also check you're not getting blocked by spamhaus due to high
call. NB CBL is I think part of the ZEN list so you don't need this agai,
and I'm not sure I'd trust the barracuda list to definitely say its spam.

-- 
Martin Hepworth
Oxford, UK


On 16 March 2011 13:13, Remy de Ruysscher <remy at unix-asp.com> wrote:

> Tried that too, it scans mail and then delivers it.
> I've fine tuned the spam lists and turned on DCC and Pyzor, and I checks
> various stuff in Postfix too.
>
> Spam List = spamhaus-ZEN spamcop.net NJABL AHBL CBL MULTI-SURBL MAPS-RBL
> SORBS-DNSBL BARRACUDA
>
> # This is the list of spam domain blacklists which you are using
> # (such as the "rfc-ignorant" domains). See the "Spam List Definitions"
> # file for more information about what you can put here.
> # This can also be the filename of a ruleset.
> Spam Domain List = RFC-IGNORANT-DSN RFC-IGNORANT-BOGUSMX
>
> Apparently the X-UNIX-ASP-MailScanner-SpamCheck: header is now only shown
> in
> spam messages:
>
> X-UNIX-ASP-MailScanner-SpamCheck: spam, CBL
> X-UNIX-ASP-MailScanner-From: buh at zeldom.ru
> X-Spam-Status: Yes
>
> Spam filtering works (again) but I'm not very confident it will reach those
> high spam scores I've seen in the past.
>
> Anyone willing to share their anti-spam configuration?
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Martin Hepworth
> > Sent: woensdag 16 maart 2011 13:59
> > To: MailScanner discussion
> > Subject: Re: MS not scanning for spam and Spam Header missing! (FreeBSD
> > 8)
> >
> > What happens us you ms in debug mode
> >
> > Mailscanner --debug --debug-sa
> >
> > ??
> >
> > On Wednesday, 16 March 2011, Remy de Ruysscher <remy at unix-asp.com>
> > wrote:
> > > *HELP* I'm flooded by spam!
> > >
> > >
> > >
> > > I recently upgraded MS to the latest FreeBSD port version and found
> > > problems with the latest p5-Mime-Tools so I reverted this port.
> > >
> > > However MS is not scanning for spam anymore, I don't see any headers
> > > appended to the message anymore.
> > >
> > >
> > >
> > > SA is running fine no errors while doing a lint or manually scanning a
> > > message.
> > >
> > >
> > >
> > > # Add this extra header to all messages found to be spam.
> > >
> > > # This can also be the filename of a ruleset.
> > >
> > > Spam Header = X-%org-name%-MailScanner-SpamCheck:
> > >
> > >
> > >
> > > # Add this extra header if "Spam Score" = yes. The header will
> > >
> > > # contain 1 character for every point of the SpamAssassin score.
> > >
> > > Spam Score Header = X-%org-name%-MailScanner-SpamScore:
> > >
> > >
> > >
> > > FreeBSD unix-asp.com 8.2-RELEASE FreeBSD 8.2-RELEASE #0
> > >
> > >
> > >
> > > MailScanner --lint
> > >
> > > Trying to setlogsock(unix)
> > >
> > >
> > >
> > > Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
> > >
> > > Configuration: Failed to find any configuration files like
> > > /usr/local/etc/MailScanner/conf.d/*, skipping them. at
> > > /usr/local/lib/MailScanner/MailScanner/Config.pm line 2044
> > >
> > > Read 867 hostnames from the phishing whitelist
> > >
> > > Read 6660 hostnames from the phishing blacklists
> > >
> > >
> > >
> > > Checking version numbers...
> > >
> > > Version number in MailScanner.conf (4.82.6) is correct.
> > >
> > >
> > >
> > > ERROR: The "envelope_sender_header" in your spam.assassin.prefs.conf
> > >
> > > ERROR: is not correct, it should match X-UNIX-ASP-MailScanner-From
> > >
> > >
> > >
> > > MailScanner setting GID to  (125)
> > >
> > > MailScanner setting UID to  (125)
> > >
> > >
> > >
> > > Checking for SpamAssassin errors (if you use it)...
> > >
> > > Using SpamAssassin results cache
> > >
> > > Connected to SpamAssassin cache database
> > >
> > > SpamAssassin reported no errors.
> > >
> > > Connected to Processing Attempts Database
> > >
> > > Created Processing Attempts Database successfully
> > >
> > > There are 119273 messages in the Processing Attempts Database
> > >
> > > Using locktype = posix
> > >
> > > MailScanner.conf says "Virus Scanners = clamd"
> > >
> > > Found these virus scanners installed: clamd, f-prot-6
> > >
> > >
> > ==========================================================
> > ============
> > > =====
> > >
> > > Filename Checks: Windows/DOS Executable (1 eicar.com)
> > >
> > > Other Checks: Found 1 problems
> > >
> > > Virus and Content Scanning: Starting
> > >
> > > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/
> > >
> > > Clamd::INFECTED:: Eicar-Test-Signature :: ./1/eicar.com
> > >
> > > Virus Scanning: Clamd found 2 infections
> > >
> > > Infected message 1 came from 10.1.1.1
> > >
> > > Virus Scanning: Found 2 viruses
> > >
> > >
> > ==========================================================
> > ============
> > > =====
> > >
> > > Virus Scanner test reports:
> > >
> > > Clamd said "eicar.com was infected: Eicar-Test-Signature"
> > >
> > >
> > >
> > > If any of your virus scanners (clamd,f-prot-6)
> > >
> > > are not listed there, you should check that they are installed
> > > correctly
> > >
> > > and that MailScanner is finding them correctly via its
> virus.scanners.conf.
> > >
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > >
> >
> > --
> > --
> > Martin Hepworth
> > Oxford, UK
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> > --
> > This message has been scanned for viruses and dangerous content by
> > MailScanner, and is believed to be clean.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110316/9930fd24/attachment.html

More information about the MailScanner mailing list