Treat Invalid Watermarks with No Sender as Spam

Wed Feb 26 18:42:57 GMT 2014

Well, that's a curious thing.  The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
        CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.  I think the latter.  With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.  Fat lot of good that did me! <g>  

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.  I noticed in my reports (via MailWatch) that I would get this:
  SpamAssassin Score:	-0.70
or
  SpamAssassin Score:	40.99
  Spam Report:	
    address	no watermark or sender	
but no other spam scores.  The first score above is from a legitimate message, the other from one that's clearly spam.  The other spam messages all seem to have similar scores in the high 30s or low 40s.  I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.  I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.  I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.  

 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Tuesday, February 25, 2014 4:48 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

I only have one path, but I am thinking of putting up a second relay in the path to see the outbound header...

SpamAssassin Score:10.00
Spam Report:spam(no watermark or sender address)

This is what Spamassassin reports on this message.

Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/25/2014 8:12 PM >>>

It might be instructive to look at the original message that Tim McCord sent to Paul Imkamp rather than just the delivery report for it.  That way you could verify that the watermark went out on it.  Do you have multiple paths out or just the one?  Your message to gmail did look fine  
Rather than setting the action to high scoring spam, maybe try setting it to a value say 1.  The other spamassassin tests should push it over the top if its actually spam, and if its not, adding a little to the score shouldnt hurt too much.  Play with the score until you find a value that catches spam w/o incurring false positive.  Ultimately, you cant control what the far end does.
One thing though.  The mail coming in lacking a watermark shouldnt trigger the rule.  My understanding is, it fires when theres an invalid watermark AND no from user.  I have many messages that dont have anything in the from field (envelope from).  Thats a normal thing in an NDR and such but they come right through just fine.  I dont see anything in the post on pastebin to indicate that it failed because of the watermark.  Why do you think thats the case?
...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 

-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project, and is believed to be clean. 