Not Catching Spams and Config

Markus Nilsson markus at markusoft.se
Mon Oct 10 14:33:27 IST 2011 

Hi, 

SA does not trust DKIM, but you can use it to whitelist (or blacklist) certain senders that are using DKIM. 

If you check the scoring, you see that DKIM gives a (close to) 0 result. 

DKIM_SIGNED 0.10 
DKIM_VALID -0.10 
DKIM_VALID_AU -0.10 

I'd guess that your MS setting for scoring is not correctly set, what does your options 

Required SpamAssassin Score = 
High SpamAssassin Score = 
Spam Actions = 
High Scoring Spam Actions = 
Non Spam Actions = 

say? 

/Markus 

----- Ursprungligt meddelande -----

Från: "Mike's List" <mikelist at leawood.com> 
Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info> 
Skickat: måndag, 10 okt 2011 14:59:26 
Ämne: Re: Not Catching Spams and Config 


I reset my Bayesian filter daily, 86400 sec, so this seems to help a 
bit. Additionally, I noticed spams are getting through even though 
I set my required score at 3 and the score > 3, example below. 
Furtheremore, there seems to be a pattern that spams are using DKIM 
to bypass SpamAssassin? 

All the spams that got through used servers with DKIM signature. This 
is not a MailScanner issue but probably SpamAssassin issue with allowing 
and/or trusting mail servers with DKIM? 

Get on SA mailing list and notify? 


DKIM-Signature: v=1; 
a=rsa-sha1; c=relaxed/relaxed; d=usmortgagehelper.com; s=gamma; 
t=1318215904; bh=VEP5C3Xju7bl6QtMCTmnJKkE8pk=; h=To:From; 
b=TVBqyP5jfRrp1f5hxil8Dmyz5n5d6WFoeiI/33/3N/8+NJXy9uKfEdJBLqplEsykz 
BvGivaUFmcXyTP1eprjGHcWBLeKcdxfxwe9uHQh3hlqP9mxqQkcnj8RoU5Une/B 
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; 
s=gamma; d=usmortgagehelper.com; 
h=To:From; 
b=CwjXvg9wNQhJ4hhquqk+9iYNi8RvvejnDQx7DAp8/UwUYjeudyDovC2eVW1vpRrGU 
uKSNCL3cffKOWrM1XsQ/97JRsyHNwFlw2M69JQdReaxiFwBxY5aJS0ZAkmY/tUO; 
Received: from vargas.desylva.onlinejobhelpers.info by 
vargas.desylva.onlinejobhelpers.info with local (Exim 4.63) 
id 683438-q83a1858095-34 
for root at desylva.onlinejobhelpers.info; 09 Oct 2011 23:05:04 -0400 
Received: from usmortgagehelper.com (localhost.localdomain [127.0.0.1]) 
by vargas.desylva.onlinejobhelpers.info (Postfix) with ESMTP id 
44q83a1858095 
for root at localhost; 09 Oct 2011 23:05:04 -0400 
Message-ID: <1318215904.olhnweddetoyjhlvanr at usmortgagehelper.com> 
Precedence: bulk 
List-Unsubscribe: <mailto:list at usmortgagehelper.com?subject=unsubscribe> 
Content-Language: en-US 
Content-type: multipart/alternative; 
boundary="__MailScanner_found_Cyrus_boundary_substring_problem__" 
X-ORG-MailScanner-Information: Please contact the ISP for more 
information 
X-ORG-MailScanner-ID: p9A35PY9014111 
X-ORG-MailScanner: Found to be clean 
X-ORG-MailScanner-SpamCheck: spam, SpamAssassin (not cached, 
score=5.149, 
required 3, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10, 
DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_02 0.81, HTML_MESSAGE 0.00, 
LOTS_OF_MONEY 0.00, RCVD_IN_BRBL_LASTEXT 1.64, SPF_HELO_PASS -0.00, 
SPF_PASS -0.00, URIBL_DBL_SPAM 1.70) 
X-ORG-MailScanner-SpamScore: sssss 
X-ORG-MailScanner-From: rate.alert at usmortgagehelper.com 
X-Spam-Status: Yes 


On Sun, 9 Oct 2011, Mike's List wrote: 

> 
> I'm getting lots of spams, even though I have lowered the SA required 
> scores in the MailScanner.conf to that of 3. It seems like some spams 
> are not even being check by SpamAssassin? B 
> 
> 
> From /etc/MailScanner/MailScanner.conf 
> Required SpamAssassin Score = 3 
> 
> 
> Header: X-YOURORG-MailScanner-SpamCheck: not spam, SpamAssassin 
> (not cached, score=0, required 3, autolearn=not spam) 
> 
> 
> How can spams be getting a score of 0 if it is run through all those 
> RBLs, Pyzor, Razor, DCC, etc.? 
> 
> 
> I ran sa-update, and looked at /etc/sysconfig/update_spamassassin file 
> and saw the below. However, the below scripts are no where in /usr/bin 
> but in /usr/local/bin. 
> 
> MSSAUPDATE=/usr/sbin/update_spamassassin 
> SAUPDATE=/usr/bin/sa-update 
> SACOMPILE=/usr/bin/sa-compile 
> SAUPDATEARGS="" 
> 
> 
> I can make the change, etc. but I'm wondering what else I need to modify 
> to make this work? Is there like a "global" setting that missed 
> somewhere during Clam-SA installation, i.e. with the install.sh script? 
> 
> All inputs are welcome. Thank you. 
> 
> 
> Mike 
> 
> -- 
> MailScanner mailing list 
> mailscanner at lists.mailscanner.info 
> http://lists.mailscanner.info/mailman/listinfo/mailscanner 
> 
> Before posting, read http://wiki.mailscanner.info/posting 
> 
> Support MailScanner development - buy the book off the website! 
-- 
MailScanner mailing list 
mailscanner at lists.mailscanner.info 
http://lists.mailscanner.info/mailman/listinfo/mailscanner 

Before posting, read http://wiki.mailscanner.info/posting 

Support MailScanner development - buy the book off the website! 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111010/d5232b98/attachment.html

More information about the MailScanner mailing list