Re: How is it that my X-Spam-Status is no, but my header gets marked with
On Sat, 25 Oct 2014, Cathryn Mataga wrote: On 10/25/2014 9:29 PM, John Hardin wrote: On Sat, 25 Oct 2014, Cathryn Mataga wrote: Received: from ecuador.junglevision.com (localhost [127.0.0.1]) by ecuador.junglevision.com (8.14.7/8.14.7) with ESMTP id s9P2o1ZZ026032 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for megans...@junglevision.com; Fri, 24 Oct 2014 19:50:01 -0700 Received: (from megan@localhost) by ecuador.junglevision.com (8.14.7/8.14.7/Submit) id s9P2o1dN026031 for megans...@junglevision.com; Fri, 24 Oct 2014 19:50:01 -0700 Why is the message hitting ecuador.junglevision.com twice? Would this do it? Maybe it's just failing on the initial spam check and then .procmailrc meganspam checks again for some reason? [root@ecuador megan]# cat .procmailrc : 0 * ^Subject:.*\[SPAM\]* !megans...@junglevision.com Yes, that would do it. I suspect what you really want here is to save the spam to a mail folder rather than forwarding it to a different user, which will send it through the mail system again. [root@ecuador spamassassin]# cat spamassassin-default.rc # send mail through spamassassin : 0fw | /usr/bin/spamassassin You probably should be using spamc there rather than firing off a fresh new spamassassin for each message, which re-parses all of the rules from scratch every time. You also might want to put an exclusion in there for messages having a Received: from ecuador.junglevision.com (localhost [127.0.0.1]) header so that you don't scan messages twice. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- 877 days since the first successful private support mission to ISS (SpaceX)
Re: How is it that my X-Spam-Status is no, but my header gets marked with
On Sat, 25 Oct 2014 20:06:00 -0700 Cathryn Mataga cath...@junglevision.com wrote: Okay, here's another header.Shows X-Xpam-Status as no. In local.cf I changed to this, just to be sure. rewrite_header Subject [SPAM][JUNGLEVISION SPAM CHECK] Not familiar with how sendmail rewrites headers. Is this supposed to replace [SPAM] with [JUNGLEVISION SPAM CHECK]? replace the subject with [SPAM][JUNGLEVISION SPAM CHECK] or ...? How does your sa modify the subject? Is it the default SPAM(%score)? It looks as if the message is delivered to megan and then something is resubmitting the message to sendmail. Are you using procmail to forward messages containing SPAM to meganspam? Could that be why sendmail sees the message twice? Are you using milters with sendmail? How hard would it be to disable them one by one and inject test messages with [SPAM] in the subject? What if you turned up spamassassin's and sendmail's debugging? I wonder if that would log the Subject header as it receives the incoming message and handles it. It could tell you if the message is received with [SPAM] already in the header or where [SPAM] is being inserted before delivery. jd
Re: How is it that my X-Spam-Status is no, but my header gets marked with
On Sun, 26 Oct 2014, jdebert wrote: On Sat, 25 Oct 2014 20:06:00 -0700 Cathryn Mataga cath...@junglevision.com wrote: Okay, here's another header.Shows X-Xpam-Status as no. In local.cf I changed to this, just to be sure. rewrite_header Subject [SPAM][JUNGLEVISION SPAM CHECK] Not familiar with how sendmail rewrites headers. Is this supposed to replace [SPAM] with [JUNGLEVISION SPAM CHECK]? replace the subject with [SPAM][JUNGLEVISION SPAM CHECK] or ...? That's an SA directive. It says if the message scores spammy, prepend '[SPAM][JUNGLEVISION SPAM CHECK]' to the Subject header. How does your sa modify the subject? Is it the default SPAM(%score)? The rewrite_header. It looks as if the message is delivered to megan and then something is resubmitting the message to sendmail. Are you using procmail to forward messages containing SPAM to meganspam? Could that be why sendmail sees the message twice? Yes. She posted a procmailrc snippet that does exactly that. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com --- 5 days until Halloween