Treat Invalid Watermarks with No Sender as Spam
Kevin Miller
Kevin_Miller at ci.juneau.ak.us
Wed Feb 26 01:12:33 GMT 2014
It might be instructive to look at the original message that Tim McCord sent to Paul Imkamp rather than just the delivery report for it. That way you could verify that the watermark went out on it. Do you have multiple paths out or just the one? Your message to gmail did look fine
Rather than setting the action to high scoring spam, maybe try setting it to a value – say 1. The other spamassassin tests should push it over the top if it’s actually spam, and if it’s not, adding a little to the score shouldn’t hurt too much. Play with the score until you find a value that catches spam w/o incurring false positive. Ultimately, you can’t control what the far end does.
One thing though. The mail coming in lacking a watermark shouldn’t trigger the rule. My understanding is, it fires when there’s an invalid watermark AND no from user. I have many messages that don’t have anything in the “from field” (envelope from). That’s a normal thing in an NDR and such but they come right through just fine. I don’t see anything in the post on pastebin to indicate that it failed because of the watermark. Why do you think that’s the case?
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Monday, February 24, 2014 2:54 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam
Use Watermarking = yes
Add Watermark = yes
Check Watermarks With No Sender = yes
Treat Invalid Watermarks With No Sender as Spam = high-scoring spam
Check Watermarks To Skip Spam Checks = yes
Watermark Secret = mysecret
Watermark Lifetime = 604800
Watermark Header = X-%org-name%-MailScanner-EFA-Watermark:
Message sent to my gmail from inside has a watermark...appears to be watermarking outbound emails ok.
http://pastebin.com/CmiShz59
Valid Delivery Success Notification from remote server that was blocked, watermark not there...my X headers are gone...
http://pastebin.com/UxnAKb3F
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us<mailto:iversons at rushville.k12.in.us>
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us<mailto:Kevin_Miller at ci.juneau.ak.us>> 2/21/2014 8:23 PM >>>
What are your watermark settings in MailScanner.conf? The idea behind a watermark is outbound mail gets watermarked. Bounces include the original headers so the watermark should be in it if it came from you. If there’s no watermark it implies it’s a forged NDR. (You probably already understand all that – just being pedantic.)
Can you check your outbound messages to verify they’re getting watermarked? Maybe post some examples to pastebin. It’s hard to say w/o seeing the actual message headers. Post your watermark settings too. Naturally you’ll want to munge the “Watermark Secret” to something other than the actual value you use.
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357
--
This message has been scanned for viruses and dangerous content by
E.F.A. Project<http://www.efa-project.org>, and is believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140225/f58d5456/attachment.html
More information about the MailScanner
mailing list