Not Catching Spams and Config

Mike's List mikelist at leawood.com
Mon Oct 10 19:22:22 IST 2011


Thank you Markus, I setup .procmailrc for client-side filtering.
Manually deleting some spams isn't that bad...leaving the global "store"
feature for now.


## SpamAssassin start
#
:0fw: spamassassin.lock
| /usr/bin/spamc

:0:
* ^X-Spam-Status: Yes
spam-folder

## SpamAssassin end


On Mon, 10 Oct 2011, Markus Nilsson wrote:

> Yes as you see in the headers below, the mail has been classified as spam:
> 
> > X-Spam-Status: Yes
> 
> Either configure your mail client to put mails with the x-spam-status header in a spam folder, or handle it with actions in MS.
> 
> Setting mails with scoring > 3 to delete, is in my opinion *very* aggressive
> 
> The options you have now is reasonable (maybe a too low Required score), just configure your client to handle the header and you should be fine!
> 
> /Markus
> 
> ______________________________________________________________________________________________________________________________________________________________________
> Från: "Mike's List" <mikelist at leawood.com>
> Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Skickat: måndag, 10 okt 2011 16:01:51
> Ämne: Re: Not Catching Spams and Config
> 
> 
> Required SA = 3
> High SA Score = 10
> Spam Actions = deliver header "X-Spam-Status: Yes"
> High Scoring Spam Actions = store
> Non Spam Actions = deliver header "X-Spam-Status: No"
> 
> I see.  So I need to modify my "Spam Actions" and "High Scoring Spam
> Actions" to that of "= delete" to remove spams and not store, i.e.
> deliver with {spam?} status?
> 
> Thank you.
> 
> 
> Mike
> 
> 
> On Mon, 10 Oct 2011, Markus Nilsson wrote:
> 
> > Hi,
> >
> > SA does not trust DKIM, but you can use it to whitelist (or blacklist) certain senders that are using DKIM.
> >
> > If you check the scoring, you see that DKIM gives a (close to) 0 result.
> >
> > DKIM_SIGNED 0.10
> > DKIM_VALID -0.10
> > DKIM_VALID_AU -0.10
> >
> > I'd guess that your MS setting for scoring is not correctly set, what does your options
> >
> > Required SpamAssassin Score =
> > High SpamAssassin Score =
> > Spam Actions =
> > High Scoring Spam Actions =
> > Non Spam Actions =
> >
> > say?
> >
> > /Markus
> >
> >_____________________________________________________________________________________________________________________________________________________________________
> _
> > Från: "Mike's List" <mikelist at leawood.com>
> > Till: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> > Skickat: måndag, 10 okt 2011 14:59:26
> > Ämne: Re: Not Catching Spams and Config
> >
> >
> > I reset my Bayesian filter daily, 86400 sec, so this seems to help a
> > bit.  Additionally, I noticed spams are getting through even though
> > I set my required score at 3 and the score > 3, example below.
> > Furtheremore, there seems to be a pattern that spams are using DKIM
> > to bypass SpamAssassin?
> >
> > All the spams that got through used servers with DKIM signature.  This
> > is not a MailScanner issue but probably SpamAssassin issue with allowing
> > and/or trusting mail servers with DKIM?
> >
> > Get on SA mailing list and notify?
> >
> >
> > DKIM-Signature: v=1;
> >      a=rsa-sha1; c=relaxed/relaxed; d=usmortgagehelper.com; s=gamma;
> >      t=1318215904; bh=VEP5C3Xju7bl6QtMCTmnJKkE8pk=; h=To:From;
> >      b=TVBqyP5jfRrp1f5hxil8Dmyz5n5d6WFoeiI/33/3N/8+NJXy9uKfEdJBLqplEsykz
> >       BvGivaUFmcXyTP1eprjGHcWBLeKcdxfxwe9uHQh3hlqP9mxqQkcnj8RoU5Une/B
> > DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
> >      s=gamma; d=usmortgagehelper.com;
> >      h=To:From;
> >      b=CwjXvg9wNQhJ4hhquqk+9iYNi8RvvejnDQx7DAp8/UwUYjeudyDovC2eVW1vpRrGU
> >      uKSNCL3cffKOWrM1XsQ/97JRsyHNwFlw2M69JQdReaxiFwBxY5aJS0ZAkmY/tUO;
> > Received: from vargas.desylva.onlinejobhelpers.info by
> > vargas.desylva.onlinejobhelpers.info with local (Exim 4.63)
> >      id 683438-q83a1858095-34
> >      for root at desylva.onlinejobhelpers.info; 09 Oct 2011 23:05:04 -0400
> > Received: from usmortgagehelper.com (localhost.localdomain [127.0.0.1])
> >      by vargas.desylva.onlinejobhelpers.info (Postfix) with ESMTP id
> > 44q83a1858095
> >      for root at localhost; 09 Oct 2011 23:05:04 -0400
> > Message-ID: <1318215904.olhnweddetoyjhlvanr at usmortgagehelper.com>
> > Precedence: bulk
> > List-Unsubscribe: <mailto:list at usmortgagehelper.com?subject=unsubscribe>
> > Content-Language: en-US
> > Content-type: multipart/alternative;
> > boundary="__MailScanner_found_Cyrus_boundary_substring_problem__"
> > X-ORG-MailScanner-Information: Please contact the ISP for more
> > information
> > X-ORG-MailScanner-ID: p9A35PY9014111
> > X-ORG-MailScanner: Found to be clean
> > X-ORG-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
> > score=5.149,
> >      required 3, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10,
> >      DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_02 0.81, HTML_MESSAGE 0.00,
> >      LOTS_OF_MONEY 0.00, RCVD_IN_BRBL_LASTEXT 1.64, SPF_HELO_PASS -0.00,
> >      SPF_PASS -0.00, URIBL_DBL_SPAM 1.70)
> > X-ORG-MailScanner-SpamScore: sssss
> > X-ORG-MailScanner-From: rate.alert at usmortgagehelper.com
> > X-Spam-Status: Yes
> >
> >
> > On Sun, 9 Oct 2011, Mike's List wrote:
> >
> > >
> > > I'm getting lots of spams, even though I have lowered the SA required
> > > scores in the MailScanner.conf to that of 3.  It seems like some spams
> > > are not even being check by SpamAssassin?  B
> > >
> > >
> > >         From /etc/MailScanner/MailScanner.conf
> > >                 Required SpamAssassin Score = 3
> > >
> > >
> > >         Header: X-YOURORG-MailScanner-SpamCheck: not spam, SpamAssassin
> > >         (not cached, score=0, required 3, autolearn=not spam)
> > >
> > >
> > > How can spams be getting a score of 0 if it is run through all those
> > > RBLs, Pyzor, Razor, DCC, etc.?
> > >
> > >
> > > I ran sa-update, and looked at /etc/sysconfig/update_spamassassin file
> > > and saw the below.  However, the below scripts are no where in /usr/bin
> > > but in /usr/local/bin.
> > >
> > > MSSAUPDATE=/usr/sbin/update_spamassassin
> > > SAUPDATE=/usr/bin/sa-update
> > > SACOMPILE=/usr/bin/sa-compile
> > > SAUPDATEARGS=""
> > >
> > >
> > > I can make the change, etc. but I'm wondering what else I need to modify
> > > to make this work?  Is there like a "global" setting that missed
> > > somewhere during Clam-SA installation, i.e. with the install.sh script?
> > >
> > > All inputs are welcome.  Thank you.
> > >
> > >
> > > Mike
> > >
> > > --
> > > MailScanner mailing list
> > > mailscanner at lists.mailscanner.info
> > > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> > >
> > > Before posting, read http://wiki.mailscanner.info/posting
> > >
> > > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
> >
> >
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> 
> 
>


More information about the MailScanner mailing list