Not Catching Spams and Config
Markus Nilsson
markus at markusoft.se
Mon Oct 10 14:33:27 IST 2011
Hi,
SA does not trust DKIM, but you can use it to whitelist (or blacklist) certain senders that are using DKIM.
If you check the scoring, you see that DKIM gives a (close to) 0 result.
DKIM_SIGNED 0.10
DKIM_VALID -0.10
DKIM_VALID_AU -0.10
I'd guess that your MS setting for scoring is not correctly set, what does your options
Required SpamAssassin Score =
High SpamAssassin Score =
Spam Actions =
High Scoring Spam Actions =
Non Spam Actions =
say?
/Markus
----- Ursprungligt meddelande -----
Från: "Mike's List" <mikelist at leawood.com>
Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Skickat: måndag, 10 okt 2011 14:59:26
Ämne: Re: Not Catching Spams and Config
I reset my Bayesian filter daily, 86400 sec, so this seems to help a
bit. Additionally, I noticed spams are getting through even though
I set my required score at 3 and the score > 3, example below.
Furtheremore, there seems to be a pattern that spams are using DKIM
to bypass SpamAssassin?
All the spams that got through used servers with DKIM signature. This
is not a MailScanner issue but probably SpamAssassin issue with allowing
and/or trusting mail servers with DKIM?
Get on SA mailing list and notify?
DKIM-Signature: v=1;
a=rsa-sha1; c=relaxed/relaxed; d=usmortgagehelper.com; s=gamma;
t=1318215904; bh=VEP5C3Xju7bl6QtMCTmnJKkE8pk=; h=To:From;
b=TVBqyP5jfRrp1f5hxil8Dmyz5n5d6WFoeiI/33/3N/8+NJXy9uKfEdJBLqplEsykz
BvGivaUFmcXyTP1eprjGHcWBLeKcdxfxwe9uHQh3hlqP9mxqQkcnj8RoU5Une/B
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=gamma; d=usmortgagehelper.com;
h=To:From;
b=CwjXvg9wNQhJ4hhquqk+9iYNi8RvvejnDQx7DAp8/UwUYjeudyDovC2eVW1vpRrGU
uKSNCL3cffKOWrM1XsQ/97JRsyHNwFlw2M69JQdReaxiFwBxY5aJS0ZAkmY/tUO;
Received: from vargas.desylva.onlinejobhelpers.info by
vargas.desylva.onlinejobhelpers.info with local (Exim 4.63)
id 683438-q83a1858095-34
for root at desylva.onlinejobhelpers.info; 09 Oct 2011 23:05:04 -0400
Received: from usmortgagehelper.com (localhost.localdomain [127.0.0.1])
by vargas.desylva.onlinejobhelpers.info (Postfix) with ESMTP id
44q83a1858095
for root at localhost; 09 Oct 2011 23:05:04 -0400
Message-ID: <1318215904.olhnweddetoyjhlvanr at usmortgagehelper.com>
Precedence: bulk
List-Unsubscribe: <mailto:list at usmortgagehelper.com?subject=unsubscribe>
Content-Language: en-US
Content-type: multipart/alternative;
boundary="__MailScanner_found_Cyrus_boundary_substring_problem__"
X-ORG-MailScanner-Information: Please contact the ISP for more
information
X-ORG-MailScanner-ID: p9A35PY9014111
X-ORG-MailScanner: Found to be clean
X-ORG-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=5.149,
required 3, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_02 0.81, HTML_MESSAGE 0.00,
LOTS_OF_MONEY 0.00, RCVD_IN_BRBL_LASTEXT 1.64, SPF_HELO_PASS -0.00,
SPF_PASS -0.00, URIBL_DBL_SPAM 1.70)
X-ORG-MailScanner-SpamScore: sssss
X-ORG-MailScanner-From: rate.alert at usmortgagehelper.com
X-Spam-Status: Yes
On Sun, 9 Oct 2011, Mike's List wrote:
>
> I'm getting lots of spams, even though I have lowered the SA required
> scores in the MailScanner.conf to that of 3. It seems like some spams
> are not even being check by SpamAssassin? B
>
>
> From /etc/MailScanner/MailScanner.conf
> Required SpamAssassin Score = 3
>
>
> Header: X-YOURORG-MailScanner-SpamCheck: not spam, SpamAssassin
> (not cached, score=0, required 3, autolearn=not spam)
>
>
> How can spams be getting a score of 0 if it is run through all those
> RBLs, Pyzor, Razor, DCC, etc.?
>
>
> I ran sa-update, and looked at /etc/sysconfig/update_spamassassin file
> and saw the below. However, the below scripts are no where in /usr/bin
> but in /usr/local/bin.
>
> MSSAUPDATE=/usr/sbin/update_spamassassin
> SAUPDATE=/usr/bin/sa-update
> SACOMPILE=/usr/bin/sa-compile
> SAUPDATEARGS=""
>
>
> I can make the change, etc. but I'm wondering what else I need to modify
> to make this work? Is there like a "global" setting that missed
> somewhere during Clam-SA installation, i.e. with the install.sh script?
>
> All inputs are welcome. Thank you.
>
>
> Mike
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111010/d5232b98/attachment.html
More information about the MailScanner
mailing list