Spam Assassin Detecting our emails as spam
I have just set up Spam Assassin on our server. It is working very nicely however whenever we try to send an email from our own server to someone else on the same server, it gets picked up as spam. I am wondering if anyone here has experience with Spam Assassin and can help me fix the issues below as I don't know what they mean exactly. I have spam assassin set to detect at 8 points whether or not an email is spam. We are way over that because of the following reasons. What do I have to fix on our server to fix the 4 issues below? 1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR. 2. We are losing 2.6 points because of NO_DNS_FOR_FROM. 3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL. 4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL. Here is a standard header from Spam Assassin that we get when we sent each other email. Code: 3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr1) 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has tbody tag 0.7 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [68.56.175.199 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [68.56.175.199 listed in combined.njabl.org] -0.2 AWLAWL: From: address is in the auto white-list Thanks for any help with this. Wayne -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4480701 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Spam Assassin Detecting our emails as spam
I have just set up Spam Assassin on our server. It is working very nicely however whenever we try to send an email from our own server to someone else on the same server, it gets picked up as spam. I am wondering if anyone here has experience with Spam Assassin and can help me fix the issues below as I don't know what they mean exactly. I have spam assassin set to detect at 8 points whether or not an email is spam. We are way over that because of the following reasons. What do I have to fix on our server to fix the 4 issues below? 1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR. 2. We are losing 2.6 points because of NO_DNS_FOR_FROM. 3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL. 4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL. Hi, you did not show the full headers - but probably your server failed to indicate in its received headers that the mail from the dynamic ip was authenticated, or SA failed to parse the received header Wolfgang Hamann
Re: Proposal: First URI black list, how about email address black lists?
On Freitag, 19. Mai 2006 11:07 jdow wrote: I generalized - in ANY spam there is a URL they want you to use. Except for those spammers who are just too stupid to configure their tools. I've received some SPAM where they wanted you to contact them at [2]r Account is Blocked, please update it. or %DOMAINNAME% Maybe they just wanted to hide too good? *g* mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpTdppmTO5sy.pgp Description: PGP signature
Re: Spam Assassin Detecting our emails as spam
Don't use a dialup and send direct?
{o.o}
- Original Message -
From: spectacularstuff [EMAIL PROTECTED]
To: users@spamassassin.apache.org
Sent: Friday, May 19, 2006 22:47
Subject: Spam Assassin Detecting our emails as spam
I have just set up Spam Assassin on our server.
It is working very nicely however whenever we try to send an email from our
own server to someone else on the same server, it gets picked up as spam.
I am wondering if anyone here has experience with Spam Assassin and can help
me fix the issues below as I don't know what they mean exactly.
I have spam assassin set to detect at 8 points whether or not an email is
spam. We are way over that because of the following reasons.
What do I have to fix on our server to fix the 4 issues below?
1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR.
2. We are losing 2.6 points because of NO_DNS_FOR_FROM.
3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL.
4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL.
Here is a standard header from Spam Assassin that we get when we sent each
other email.
Code:
3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP
addr1)
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has tbody tag
0.7 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[68.56.175.199 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[68.56.175.199 listed in combined.njabl.org]
-0.2 AWLAWL: From: address is in the auto white-list
Thanks for any help with this.
Wayne
--
View this message in context:
http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4480701
Sent from the SpamAssassin - Users forum at Nabble.com.
Announce: GERMAN ruleset updated
I'd like to inform you that my GERMAN ruleset has seen updates. It's available via RulesDuJour as ruleset ZMI_GERMAN, or directly from http://zmi.at/x/70_zmi_german.cf I always update after new rules are applied, so the use of RulesDuJour is greatly suggested. Updates occur when needed, sometimes daily, sometimes weekly. Please, if you use my ruleset and still get german SPAM, report to [EMAIL PROTECTED] the *full mail with all headers*. And yes, you can speak german with me :) Any suggestions for improvement of the rules are welcome. The rules are written with an eye on creating no false positives, while hitting phishing, some viruses, and other german SPAM. Should you get a false positive, please send the e-mail with full headers to [EMAIL PROTECTED] mass-check results with network tests: http://ruleqa.spamassassin.org/?daterev=20060519-r406046-ns_defcorpus=onrule=%2FZMIs_zero=ons_detail=checked+g=Change mass-check results w/o network tests: http://ruleqa.spamassassin.org/?daterev=20060518-r407506-ns_defcorpus=onrule=%2FZMIs_zero=ons_detail=+g=Change Current download volume: 41602 downloads in 04/2006. Thank you for using these rules. mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660/4156531 .network.your.ideas. // PGP Key: lynx -source http://zmi.at/zmi3.asc | gpg --import // Fingerprint: 44A3 C1EC B71E C71A B4C2 9AA6 C818 847C 55CB A4EE // Keyserver: www.keyserver.net Key-ID: 0x55CBA4EE pgpyvzAH9cgPA.pgp Description: PGP signature
Re: Who wants my spam - seriously!
Marc Perkel [EMAIL PROTECTED] writes: I'm now capturing 2 separate spam feeds and I want to share it with anyone who can use it. I'll forward it to you in real time. First - the spambot feed. This is spam that is mostly spambot generated targeted at email addresses that never existed. It's 100% spam and I've added a header that has the IP address of the host that sent it to me. None of this is forwarded. If you're building an RBL of IPs you'll want this feed. I think this feed will give you at least 40,000 spams a day. These are bots NOT listed with Spamhaus because I reject those spams at connect time. The second is high scoring SA caught spam of 15 points and up. But it's not just SA scores. It's modified by hundreds of other tricks I've developed. This spam is good for harvesting URIs for URIBL lists. It also includes Phishing spam. I can't say it's 100% but it's better than 99.9% accurate. These spams are high quality in that it's spam that snuck through other screening meathods I've used. None of this spam is the really easy to catch stuff. We all can block the easy stuff. I hate spam and spammers. I'm already sending one list to a URIBL provider who is very happy so far. I just started sending the spambot stuff to another IP RBL provider and they have yet to comment. But - if anyone else wants some of this I can add you to my list. All I need is an email address to feed it to. So - who wants in on this? Have you considered using spamassassin -r to report the spam to: * dcc * pyzor * razor * spamcop.net You can use *separate* script to make spamcop.net send LARTs (munged or unmunged). e.g. http://anfi.homeunix.net/perl/spamcop-ack.pl or previous art mentioned in previous thread about spamcop-ack.pl -- [pl2en Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED] http://anfi.homeunix.net/ http://www.linkedin.com/in/andfil
Re: Who wants my spam - seriously!
Andrzej Adam Filip wrote on Sat, 20 May 2006 12:58:15 +0200: Have you considered using spamassassin -r to report the spam to: Well, he says that at least one of his feeds isn't 100% spam. So I very much hope if he starts doing this that he cleans that feed to 100% ;-) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Re: Spam Assassin Detecting our emails as spam
spectacularstuff wrote: I have just set up Spam Assassin on our server. It is working very nicely however whenever we try to send an email from our own server to someone else on the same server, it gets picked up as spam. I am wondering if anyone here has experience with Spam Assassin and can help me fix the issues below as I don't know what they mean exactly. I have spam assassin set to detect at 8 points whether or not an email is spam. We are way over that because of the following reasons. What do I have to fix on our server to fix the 4 issues below? 1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR. 2. We are losing 2.6 points because of NO_DNS_FOR_FROM. 3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL. 4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL. Here is a standard header from Spam Assassin that we get when we sent each other email. Code: 3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr1) 0.1 HTML_TAG_EXIST_TBODY BODY: HTML has tbody tag 0.7 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.0 HTML_MESSAGE BODY: HTML included in message 2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [68.56.175.199 listed in dnsbl.sorbs.net] 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [68.56.175.199 listed in combined.njabl.org] -0.2 AWLAWL: From: address is in the auto white-list Thanks for any help with this. Wayne -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4480701 Sent from the SpamAssassin - Users forum at Nabble.com. Read about trusted_networks and internal_networks in the Mail::SpamAssassin::Conf man page. These parameters go into your local.cf configuration file. Andrew
Re: Who wants my spam - seriously!
Kai Schaetzl wrote: Andrzej Adam Filip wrote on Sat, 20 May 2006 12:58:15 +0200: Have you considered using "spamassassin -r" to report the spam to: Well, he says that at least one of his "feeds" isn't 100% spam. So I very much hope if he starts doing this that he cleans that feed to 100% ;-) Kai I've ade arrangements with Spamcop to take one of my feeds. I just turned it on last night and waiting for feedback. What I need to do is contact someone at Spamhaus to take that feed to because it's spamers that are not on their lists.
Re: Who wants my spam - seriously!
Kai Schaetzl [EMAIL PROTECTED] writes: Andrzej Adam Filip wrote on Sat, 20 May 2006 12:58:15 +0200: Have you considered using spamassassin -r to report the spam to: Well, he says that at least one of his feeds isn't 100% spam. So I very much hope if he starts doing this that he cleans that feed to 100% ;-) Personally I use spamassassin -r to report messages classified as spam *after* (very short) personal inspection (1-3s per message). [ move (drag drop) between IMAP folders ] -- [pl2en Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED] http://anfi.homeunix.net/ http://www.linkedin.com/in/andfil
Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
Thank you for all of the suggestions and comments.
[
A) But probably your server failed to indicate in its received headers that the mail from the dynamicIP was authenticated, or SA failed to parse the received header
B) Don't use a dial-up and send direct? {o.o}
C) Read about trusted_networks and internal_networks in the Mail::SpamAssassin::Conf man page. These parameters go into your Local.cf configuration file.
[
[My Replies]
A) There are 4 main things wrong. Is there the error failing to parse the received header for all of them?
How do I change that if that is the case. I am using smartermail if anyone is familiar with it.
How do I get SA to parse the received header if that is the case?
I have placed a header below.
B) We are not using a dial-up. What do you mean send direct?
We have an Ip for our server and we have our mail server on the same box using a different IP.
We have reverse DNS turned on for both IP's.
C) I have been searching for a manual everywhere for Windows. I cannot find one.
I am on a windows system and do not have access to the man command.
[This header to an email being picked up as spam and below it is the SA points]
Received: from localhost byServer-Name-RemovedWith SpamAssassin (version 3.1.1);Tue, 16 May 2006 22:26:26 -0500From: "Spectacular Stuff" email-address-removedTo: [EMAIL PROTECTED]Subject: SPAM: Re: your alltel email messageDate: Tue, 16 May 2006 23:25:54 -0400 (Eastern Daylight Time)Message-Id: [EMAIL PROTECTED]X-Spam-Flag: YESX-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on DEDE143X-Spam-Level: *X-Spam-Status: Yes, score=9.9 required=8.0 tests=AWL,HELO_DYNAMIC_IPADDR,HTML_MESSAGE,HTML_TAG_EXIST_TBODY,NO_DNS_FOR_FROM,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL autolearn=no version=3.1.1MIME-Version: 1.0Content-Type: multipart/mixed; boundary="--=_446A97E2.4BEC"X-SmarterMail-Spam: SPF_NoneX-Rcpt-To: email-address-removed
[SA Points]
Content analysis details: (9.9 points, 8.0 required)
Pts rule namedescription
-- --
3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr1)
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records
2.0 RCVD_IN_SORBS_DULRBL: SORBS: sent directly from dynamic IP address
[68.56.175.199 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DULRBL: NJABL: dialup sender did non-local SMTP
[68.56.175.199 listed in combined.njabl.org]
0.1 AWLAWL: From: address is in the auto white-list
Wayne
---Original Message---
From: [EMAIL PROTECTED]
Date: 05/20/06 02:46:01
To: spectacularstuff
Cc: users@spamassassin.apache.org
Subject: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
I have just set up Spam Assassin on our server.
It is working very nicely however whenever we try to send an email from our
own server to someone else on the same server, it gets picked up as spam.
I am wondering if anyone here has experience with Spam Assassin and can help
me fix the issues below as I don't know what they mean exactly.
I have spam assassin set to detect at 8 points whether or not an email is
spam. We are way over that because of the following reasons.
What do I have to fix on our server to fix the 4 issues below?
1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR.
2. We are losing 2.6 points because of NO_DNS_FOR_FROM.
3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL.
4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL.
Hi,
you did not show the full headers - but probably your server failed to indicate in its
Received headers that the mail from the dynamic ip was authenticated, or SA failed
to parse the received header
Wolfgang Hamann
Re: Proposal: First URI black list, how about email address black lists?
On Fri, 2006-05-19 at 02:19, jdow wrote: (It would be a real serious gas to hook a 419 phish to Eliza and watch for the results. Generate a somewhat paranoid Eliza then sit back and party. Of course, if *I* could think of this extension of the lead them on counter phish then I am sure somebody else has already done it and simply failed to share it with us. If they have and have successfully eaten a phisher's time more power to them and I curtsey in their general direction.) Yep, someone already has done this. He wrote to spammers himself and turned it into a book. Check out http://www.thespamletters.com/ especially the conversations with the Nigerians. -Roger
Re: AWL whitelist CGPSA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tracey Gates wrote: I apologize if this has already been addressed.I am using CGPro with CGPSA. I have placed an entry in my local.cf [snip] In addition to other comments in this thread, Given: -- 4.8 FROM_KING_COM From known spammer 'king.com' and: [EMAIL PROTECTED] I'd say that the FROM_KING_COM rule might be misfiring, and for 4.8 points too! C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEb1MVMDDagS2VwJ4RAoXPAKCmBUP+J20OQvh5F3sa65PV/4KavQCdHVle Hy4r1k8v4uRWRs49gz7ZxmM= =XJSr -END PGP SIGNATURE-
Re: A lot of these going around
On Thursday 18 May 2006 22:50, Matt Kettler wrote: David Baron wrote: On Thursday 18 May 2006 20:40, Matt Kettler wrote: David Baron wrote: May 18 11:50:22 d_baron spamc[5797]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Seems harmless though annoying. Fix? Is spamd running? Of course. Is spamd configured to allow connections from 127.0.0.1? (ie: what are you passing after the -A parameter to spamd?) There is no -A parameter used. 127.0.0.1 is loopback. Do I need it (and why was it not placed on installation)?
AutoWhitelist
hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list -- thanks
spamc/spamd/bayes
Hello, I started piping my mail through SA a couple of months ago and I've been diligently marking messages as spam for the bayes subsystem. Then I noticed that neither the headers of messages nor the analysis reports have anything about bayes rules. I'm running exim and here's what I have in the config file for the spamcheck transport: spamcheck: debug_print = T: spamassassin_pipe for [EMAIL PROTECTED] driver = pipe command = /usr/sbin/exim4 -oMr spam-scanned -bS use_bsmtp transport_filter = /usr/bin/spamc home_directory = /tmp current_directory = /tmp user = Debian-exim group = Debian-exim return_fail_output message_prefix = message_suffix = The problem is that exim runs under Debian-exim (I'm running Debian) and the bayes db is under /root/.spamassassin. I tried to add -u root to /usr/bin/spamc just to test it, and while the bayes rules were consulted (or so the headers of a message said), I got autolearn=failed. I think it's because SA was trying to update the bayes database under /root/.spamassassin. So, my question is, what's the correct way of doing this so that the Bayes db is system wide? I'm sorry if this has been asked before. If so, would somebody please point me in the right direction? Thanks for any suggestions, Sergei
Re: AutoWhitelist
Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. What you can do is change auto_whitelist_factor in the preferences to lower the weight of the AWL. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpOA3SVmQG1f.pgp Description: PGP signature
Re: AutoWhitelist
On Sat, May 20, 2006 at 10:23:04PM +0200, Magnus Holmgren wrote: Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. perfect. i have this in the check_auto_whitel\ist 0.2 (0.5/2) -- [EMAIL PROTECTED]|ip=201.212 1.0 (3.0/3) -- [EMAIL PROTECTED]|ip=201.160 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 1.1 (6.7/6) -- [EMAIL PROTECTED]|ip=191.0 i need to remove this line is that possible? 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 What you can do is change auto_whitelist_factor in the preferences to lower the weight of the AWL. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) ---end quoted text--- -- .- Pablo Allietti E-mail: [EMAIL PROTECTED] | LACNIC Phone : +598 2 604 | http://LACNIC.NET
Re: AutoWhitelist
Pablo Allietti wrote: On Sat, May 20, 2006 at 10:23:04PM +0200, Magnus Holmgren wrote: Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. perfect. i have this in the check_auto_whitel\ist 0.2 (0.5/2) -- [EMAIL PROTECTED]|ip=201.212 1.0 (3.0/3) -- [EMAIL PROTECTED]|ip=201.160 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 1.1 (6.7/6) -- [EMAIL PROTECTED]|ip=191.0 i need to remove this line is that possible? 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 Are you using SQL or .db files? If SQL, it's easy. -- Steve
Re: AutoWhitelist
On Sat, May 20, 2006 at 03:51:09PM -0500, Steven Stern wrote: Pablo Allietti wrote: On Sat, May 20, 2006 at 10:23:04PM +0200, Magnus Holmgren wrote: Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. perfect. i have this in the check_auto_whitel\ist 0.2 (0.5/2) -- [EMAIL PROTECTED]|ip=201.212 1.0 (3.0/3) -- [EMAIL PROTECTED]|ip=201.160 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 1.1 (6.7/6) -- [EMAIL PROTECTED]|ip=191.0 i need to remove this line is that possible? 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 Are you using SQL or .db files? If SQL, it's easy. no :( is a simple instalattion without sql -- Steve ---end quoted text--- -- .- Pablo Allietti E-mail: [EMAIL PROTECTED] | LACNIC Phone : +598 2 604 | http://LACNIC.NET
Re: AutoWhitelist
Heute (20.05.2006/22:47 Uhr) schrieb Pablo Allietti, On Sat, May 20, 2006 at 10:23:04PM +0200, Magnus Holmgren wrote: Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. perfect. i have this in the check_auto_whitel\ist 0.2 (0.5/2) -- [EMAIL PROTECTED]|ip=201.212 1.0 (3.0/3) -- [EMAIL PROTECTED]|ip=201.160 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 1.1 (6.7/6) -- [EMAIL PROTECTED]|ip=191.0 i need to remove this line is that possible? 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 spamassassin [EMAIL PROTECTED] What you can do is change auto_whitelist_factor in the preferences to lower the weight of the AWL. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Wenn unser Gehirn so einfach wäre, dass wir es verstehen könnten, dann wären wir so dumm, daß wir es doch nicht verstehen könnten. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1550 Build 7312 20.05.2006
Re: AutoWhitelist
On Sat, May 20, 2006 at 10:54:13PM +0200, Jim Knuth wrote: Heute (20.05.2006/22:47 Uhr) schrieb Pablo Allietti, perfect. exist any way to do that for all users??? because i do that for me only. On Sat, May 20, 2006 at 10:23:04PM +0200, Magnus Holmgren wrote: Saturday 20 May 2006 21:54 skrev Pablo Allietti: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list AWL is not a normal rule. Please read http://wiki.apache.org/spamassassin/AutoWhitelist. perfect. i have this in the check_auto_whitel\ist 0.2 (0.5/2) -- [EMAIL PROTECTED]|ip=201.212 1.0 (3.0/3) -- [EMAIL PROTECTED]|ip=201.160 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 1.1 (6.7/6) -- [EMAIL PROTECTED]|ip=191.0 i need to remove this line is that possible? 6.9(20.8/3) -- [EMAIL PROTECTED]|ip=201.125 spamassassin [EMAIL PROTECTED] What you can do is change auto_whitelist_factor in the preferences to lower the weight of the AWL. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Wenn unser Gehirn so einfach wäre, dass wir es verstehen könnten, dann wären wir so dumm, daß wir es doch nicht verstehen könnten. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1550 Build 7312 20.05.2006 ---end quoted text--- -- .- Pablo Allietti E-mail: [EMAIL PROTECTED] | LACNIC Phone : +598 2 604 | http://LACNIC.NET
Re: AutoWhitelist
Heute (20.05.2006/23:53 Uhr) schrieb Pablo Allietti, On Sat, May 20, 2006 at 10:54:13PM +0200, Jim Knuth wrote: Heute (20.05.2006/22:47 Uhr) schrieb Pablo Allietti, perfect. exist any way to do that for all users??? because i do that for me only. sorry, I don`t know. I have a systemwide installation. AND learn to quote please. ;) Take a look at http://www.netmeister.org/news/learn2quote.html -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Es ist ein großer Vorteil im Leben, die Fehler, aus denen man lernen kann, möglichst früh zu begehen. (Sir Wiston Churchill, brit. Politiker, 1874-1965) -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1550 Build 7312 20.05.2006
Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
The messages getting tagged most positively are on a segment of addresses
that are tagged as dynamically assigned addresses, colloquially called
dialup addresses in the anti-spam community. That is what these mean:
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL
This is good for several points on any spam checking engine if they do
not go through an emailer that vouches for them.
A major question you never answered is whether it is your own site
filtering outbound mail or other sites that are declaring your email
to be spam.
Looking at your own email it comes from a COMCAST cable connection
in Palmer Ranch Florida through the WFGB mailer. The WFGB mailer is
not in SORBS anywhere. YOUR address most certainly is a dialup. So
it WILL get tagged unless your mail goes through a machine that
properly vouches for it. 68.32.0.0/11 (68.32.0.0-68.63.255.255) is
a dynamic IP netblock.
{^_^}
- Original Message -
From: WFGB Team [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: users@spamassassin.apache.org
Sent: Saturday, May 20, 2006 07:53
Subject: Re: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
Thank you for all of the suggestions and comments.
[
A) But probably your server failed to indicate in its received headers that
the mail from the dynamic IP was authenticated, or SA failed to parse the
received header
B) Don't use a dial-up and send direct? {o.o}
C) Read about trusted_networks and internal_networks in the
Mail::SpamAssassin::Conf man page. These parameters go into your
Local.cf configuration file.
[
[My Replies]
A) There are 4 main things wrong. Is there the error failing to parse the
received header for all of them?
How do I change that if that is the case. I am using smartermail if anyone
is familiar with it.
How do I get SA to parse the received header if that is the case?
I have placed a header below.
B) We are not using a dial-up. What do you mean send direct?
We have an Ip for our server and we have our mail server on the same box
using a different IP.
We have reverse DNS turned on for both IP's.
C) I have been searching for a manual everywhere for Windows. I cannot find
one.
I am on a windows system and do not have access to the man command.
[This header to an email being picked up as spam and below it is the SA
points]
Received: from localhost by Server-Name-Removed
With SpamAssassin (version 3.1.1);
Tue, 16 May 2006 22:26:26 -0500
From: Spectacular Stuff email-address-removed
To: [EMAIL PROTECTED]
Subject: SPAM: Re: your alltel email message
Date: Tue, 16 May 2006 23:25:54 -0400 (Eastern Daylight Time)
Message-Id: [EMAIL PROTECTED]
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on DEDE143
X-Spam-Level: *
X-Spam-Status: Yes, score=9.9 required=8.0 tests=AWL,HELO_DYNAMIC_IPADDR
HTML_MESSAGE,HTML_TAG_EXIST_TBODY,NO_DNS_FOR_FROM,RCVD_IN_NJABL_DUL
RCVD_IN_SORBS_DUL autolearn=no version=3.1.1
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=--=_446A97E2.4BEC
X-SmarterMail-Spam: SPF_None
X-Rcpt-To: email-address-removed
[SA Points]
Content analysis details: (9.9 points, 8.0 required)
Pts rule name description
--
--
3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP
addr1)
0.1 HTML_TAG_EXIST_TBODY BODY: HTML has tbody tag
0.0 HTML_MESSAGE BODY: HTML included in message
2.6 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[68.56.175.199 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[68.56.175.199 listed in combined.njabl.org]
0.1 AWLAWL: From: address is in the auto white-list
Wayne
---Original Message---
From: [EMAIL PROTECTED]
Date: 05/20/06 02:46:01
To: spectacularstuff
Cc: users@spamassassin.apache.org
Subject: SPAM-LOW: Re: Spam Assassin Detecting our emails as spam
I have just set up Spam Assassin on our server.
It is working very nicely however whenever we try to send an email from
our
own server to someone else on the same server, it gets picked up as spam.
I am wondering if anyone here has experience with Spam Assassin and can
help
me fix the issues below as I don't know what they mean exactly.
I have spam assassin set to detect at 8 points whether or not an email is
spam. We are way over that because of the following reasons.
What do I have to fix on our server to fix the 4 issues below?
1. We are losing 3.4 points because of HELO_DYNAMIC_IPADDR.
2. We are losing 2.6 points because of NO_DNS_FOR_FROM.
3. We are losing 2.0 points because of RCVD_IN_SORBS_DUL.
4. We are losing 1.7 points because of RCVD_IN_NJABL_DUL.
Hi,
you did not show the full headers -
Re: AutoWhitelist
Pablo Allietti wrote: hi all, i have spamassassin for freebsd running in my system and i want to modify a score but i dont have a 50_score Note: When changing rule scores do not edit 50_scores.cf. Add a score statement to /etc/mail/spamassassin/local.cf. 50_scores.cf, along with all the other files in /usr/share/spamassassin, will be obliterated and replaced when you upgrade SA. How i modify this score? 7.5 AWLAWL: From: address is in the auto white-list The AWL doesn't have a fixed score, you can't force it to any score. The AWL should match spam, nonspam, etc. The score decides what the AWL thinks of the message. Please read up on how the AWL works: http://wiki.apache.org/spamassassin/AutoWhitelist And be sure to read about why the scores don't always make sense: http://wiki.apache.org/spamassassin/AwlWrongWay Then you can adjust the score for the address using the following parameters to spamassassin: -W, --add-to-whitelist --add-to-blacklist -R, --remove-from-whitelist See: http://spamassassin.apache.org/full/3.1.x/dist/doc/spamassassin-run.html#options
Re: Spam Assassin Detecting our emails as spam
On 5/20/2006 11:44 PM, WFGB Team wrote: [My Replies] A) Since I am unsure what MSA is I did some checking up. How do I know if I am set up for MSA? I am using Smartermail. I am equally unsure of what MTA is. I know what the MX Records are sort of. Looking at the headers of the email you sent me, you're using the same SMTP service for both incoming mail from other domains (your MX), for accepting mail from your user's MUAs (your MSA) and for sending mail to other sites (your MTA). How do I know if I even have MSA clients? Your very own MUA is a client to your MSA. We have a dedicated server. We only have about 10 email addresses on 1 domain name and they are all POP3 and SMTP. We have 1 email address on another domain. B) I read that page but it didn't make any sense to me. I can put the trusted network up but how do I know what everyone's IP addresses are or should I put our own mail server IP? Trusted_networks 10.222.111/24 Since you're using the same SMTP service for everything you need to do one of the following (I'd look for help on some Smartermail mailing list): - get your SMTP server software to include (RFC 3848) auth tokens in it's mail headers - not scan (pipe through SpamAssassin) mail from authenticated users Yes, you should include the IPs of your mail server in your config. Something like this is probably correct for your setup: trusted_networks 127.0.0.1 209.200.82.144 Obviously if you're users are on dynamic IP space you can't include their IPs. This is where auth tokens, above, come in or not scanning their mail at all. Daryl
Re: Spam Assassin Detecting our emails as spam
Okay Please forgive my ignorance here as I am attempting to absorb and understand all of this. I am presuming the meaning of dialup here is not the same as a dialup ISP such as Juno or Netzero, etc etc etc. because all of our people on the server are on high-speed internet and not dialup accounts. ]] A major question you never answered is whether it is your own site filtering outbound mail or other sites that are declaring your email to be spam. ]] [My Reply] If someone that has an email @spectacularstuff.com sends an email to someone else that has an email @spectacularstuff.com, the email will get marked as spam because of those things mentioned in my previous emails. That is what I am trying to prevent. To get around the issue, I have raised the bar on SPAM from 8 points to 11 points. This is allowing more spam to get through but also allowing our emails to get through. Let me ask a more direct question because I don't have all of the knowledge yet to understand some of the answers being given. They are more confusing to me than anything. Just working on 1 thing right now. If I send an email to another domain on our own server I will get the following: 3.4 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr1) What do I have to do or change on the server so that doesn't happen? Thanks, Wayne -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4489396 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Spam Assassin Detecting our emails as spam
Thanks Daryle, I just read your replies That makes sense. I will have to read up on a few things... 1st: What auth tokens are. 2nd: Whether Smartmail can allow those and the RFC number you mentioend 3rd: how to set SA to utilize those. Thanks again. Wayne -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4489404 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Spam Assassin Detecting our emails as spam
Hi Daryl, I put the trusted networks in and that seem to get rid of a few things but now it brought out 4 or 5 others... lol I understand what the following is. I just don't know how to fix it. Do you know how to fix this issue? 3.2 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records.. I do have an MX right? I do have an A DNS record. I saw it. What am I doing wrong that SA doesn't see those things. (My biggest question is how do I fix that. What do I have to do or how do I have to configure the server?) Thanks, Wayne -- View this message in context: http://www.nabble.com/Spam+Assassin+Detecting+our+emails+as+spam-t1653798.html#a4489536 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Spam Assassin Detecting our emails as spam
On 5/21/2006 12:30 AM, spectacularstuff wrote: Hi Daryl, I put the trusted networks in and that seem to get rid of a few things but now it brought out 4 or 5 others... lol I understand what the following is. I just don't know how to fix it. Do you know how to fix this issue? 3.2 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records.. I do have an MX right? I do have an A DNS record. I saw it. What am I doing wrong that SA doesn't see those things. (My biggest question is how do I fix that. What do I have to do or how do I have to configure the server?) Assuming the envelope sender (return-path) ends in @spectacularstuff.com you shouldn't hit this... unless your mail server is having problems resolving DNS records. From a command shell on your server, make sure you can resolve the A and MX records for whatever the domain in the envelope-sender/return-path is in the affected messages: nslookup -type=mx spectacularstuff.com nslookup -type=a spectacularstuff.com Daryl
