Treat Invalid Watermarks with No Sender as Spam

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Wed Feb 26 23:40:02 GMT 2014 

It looks like all your X-headers are being stripped.  I don't see any of these (which are present on our outgoing messages:
    X-Rushville-MailScanner-EFA-Information: Please contact postmaster at rushville.k12.in.us for more information
    X-Rushville-MailScanner-EFA-ID: B3A7A80085.AF60E
    X-Rushville-MailScanner-EFA: Found to be clean
    X-Rushville-MailScanner-EFA-From: iversons at rushville.k12.in.us
    X-Rushville-MailScanner-EFA-Watermark: 1393889850.17369 at 8yKbOlpq7bdTT0q0qeBUZg
    X-Spam-Status: No

Could be their Exchange server.  Sometimes they do funny things. 

In MailScanner.conf, what do you have for the "Remove These Headers" line?

Since you can use a ruleset, as a last resort you might just want to not check watermarks from zone.com and other domains that are screwy.  If there's just a few, that's workable.  If not, then it becomes a game of whack-a-mole and quickly becomes a chore...

 ...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357 
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Shawn Iverson
Sent: Wednesday, February 26, 2014 1:41 PM
To: 'MailScanner discussion'
Subject: RE: Treat Invalid Watermarks with No Sender as Spam

Interestingly, I noticed as I am emailing this Listserv that the delivery notifications come through just fine and my watermark is there.  I am really wondering if the remote site is not returning a complete original MIME header in this case.
 
Will fire up a secondary relay and capture the outbound message later tonight...
 
Shawn Iverson
Rush County Schools
District Technology Coordinator
iversons at rushville.k12.in.us
>>> Kevin Miller <Kevin_Miller at ci.juneau.ak.us> 2/26/2014 1:42 PM >>>
Well, that's a curious thing.  The delivery report you posted had these for spam reporting:
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 4
X-NAI-Spam-Score: 0.5
X-NAI-Spam-Rules: 2 Rules triggered
        CTYPE_GTONE_UNDRSCOPE_PART=0.5, RV4863=0

I don't' know if they're yours or zone.com's.  I think the latter.  With what you posted there aren't any spam reports.

I implemented watermarks a year or two ago, but being cautious, and wanting to watch it a bit first, had the action set to nothing and forgot to every go back and set it to something else.  Fat lot of good that did me! <g>  

After you posted I set it to "1" on my primary mx gateway, and "spam" on my backup gateways.  I noticed in my reports (via MailWatch) that I would get this:
  SpamAssassin Score:-0.70
or
  SpamAssassin Score:40.99
  Spam Report:
    addressno watermark or sender
but no other spam scores.  The first score above is from a legitimate message, the other from one that's clearly spam.  The other spam messages all seem to have similar scores in the high 30s or low 40s.  I'm only adding one point on this gateway, so the other 39.99 must have been from other spam checks but why they're not listed I don't know.  I'm thinking at this point that perhaps your problem isn't the watermarking, but some other spam scores that are triggered, but don't show up in the spam report.  I don't think MailScanner is assigning a default score of 10 to the messages.

The trick is to figure out how to see the rest of the spam report.  

-- 
This message has been scanned for viruses and dangerous content by 
E.F.A. Project, and is believed to be clean.

More information about the MailScanner mailing list