On 16/06/2011 3:13 AM, User for SpamAssassin Mail List wrote:
On Thu, 16 Jun 2011, Lawrence @ Rogers wrote:
On 15/06/2011 11:13 PM, User for SpamAssassin Mail List wrote:
Lawrence,
Thanks for the responce. I know Spam Assassin doesn't stop it we use
a spamassassin milter for sendmail to reject it. (We been doing this
for years....). Anyway here is a log on a email that was rejected:
Jun 15 06:27:33 mail spamd[981]: spamd: identified spam (22.2/6.0)
for spamass-milter:111 in 2.1 seconds, 5378 bytes.
Jun 15 06:27:33 mail spamd[981]: spamd: result: Y 22 -
AWL,BAYES_99,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,SARE
_SPEC_ROLEX,SARE_SPOOF_COM2COM,SARE_SPOOF_COM2OTH,SPOOF_COM2COM,SPOOF_COM2OTH,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_
RHS_DOB,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
scantime=2.1,size=5378,user=spamass-milter,uid=111,required_score=6.0,rhost=
localhost,raddr=127.0.0.1,rport=42127,mid=<20110615185711.2964.qmail@vsp-6214cbe9e6d>,bayes=1.000000,autolearn=spam
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251: Milter: data,
reject=550 5.7.1 Blocked by SpamAssassin
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251:
to=<u...@pcez.com>, delay=00:00:02, pri=35237, stat=Blocked by
SpamAssassin
The reason we did not block this at the MTA level is we do not know
if OTHER users might want email from this email address.
Anyway I'm still looking for a clue why one is blocked and the other
is not.
Thanks,
Ken
On Wed, 15 Jun 2011, Lawrence @ Rogers wrote:
On 15/06/2011 10:00 PM, User for SpamAssassin Mail List wrote:
Hello,
I have something I cannot explain. We blacklisted an email address
for a client but Spam assassin still let it through. Here are the
logs:
Jun 15 08:08:10 mail spamd[20901]: spamd: identified spam
(104.0/6.0) for client:2130 in 0.2 seconds, 1729 bytes.
Jun 15 08:08:10 mail spamd[20901]: spamd: result: Y 103 -
BAYES_50,HTML_MESSAGE,MISSING_SUBJECT,SPF_PASS,TVD_SPAC
E_RATIO,USER_IN_BLACKLIST
scantime=0.2,size=1729,user=client,uid=2130,required_score=6.0,rhost=localhost,raddr=127.
0.0.1,rport=55987,mid=<snt117-w309552c1e79d42eb67a294ad...@phx.gbl>,bayes=0.479706,autolearn=no
Jun 15 08:08:10 mail sm-mta[21077]: p5FF86ld021067:
to=<cli...@pcez.com>, delay=00:00:03, xdelay=00:00:02,
mailer=local, pri=31672, dsn=2.0.0, stat=Sent
As you can see the use is in the black list but yet the mail was
delivered. I checked other email that was over a score of "9" and
the mail was rejected, but for some reason or another this was not.
Anyone have an idea why this making it through?
Thanks,
Ken
SpamAssassin merely assigns scores and doesn't do any rejections on
it's own. That is handled by whatever is calling SpamAssassin and
using the score that the e-mail is assigned. This could be
something like MailScanner, Amavis, or some other third party
software.
Also, it would be better to blacklist an e-mail address at the MTA
level (ex: Exim, Postfix)
Regards,
Lawrence
Although you shouldn't be using SARE rules anymore (No longer
developed and reportedly hit many FPs), this e-mail would be blocked
by a 9.0 limit. That would indicate that your setup is working, at
least sometimes.
The first set of headers you posted were as follows
Jun 15 08:08:10 mail spamd[20901]: spamd: result: Y 103 -
BAYES_50,HTML_MESSAGE,MISSING_SUBJECT,SPF_PASS,TVD_SPAC
E_RATIO,USER_IN_BLACKLIST
scantime=0.2,size=1729,user=client,uid=2130,required_score=6.0,rhost=localhost,raddr=127.
0.0.1,rport=55987,mid=<snt117-w309552c1e79d42eb67a294ad...@phx.gbl>,bayes=0.479706,autolearn=no
BAYES_50 is 0.8
HTML_MESSAGE is 0.001
MISSING_SUBJECT is 0.001
SPF_PASS is -0.001
TVD_SPACE_RATIO is 0.001
USER_IN_BLACKLIST is 100.00
I got this from
http://spamassassin.apache.org/tests_3_3_x.html (except
MISSING_SUBJECT and TVD_SPACE_RATIO, which are not listed but are
present in the current 3.3 rules available via sa-update)
So the overall score should have been 100.802
What was the score shown as being returned by SA?
Regards,
Lawrence
As the log showed:
Jun 15 08:08:10 mail spamd[20901]: spamd: identified spam (104.0/6.0)
spamd is reporting it as spam. sendmail.mc is set up as:
INPUT_MAIL_FILTER(`spamassassin',
`S=local:/var/run/spamass/spamass.sock, F=,
T=S:6m;R:9m;E:16m')dnl
As you can see the one message is blocked by MTA:
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251: Milter: data,
reject=550 5.7.1 Blocked by SpamAssassin
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251: to=<u...@pcez.com>,
delay=00:00:02, pri=35237, stat=Blocked by SpamAssassin
But the message in question got delivered even though the spamassassin
said it was spam. So it looked like the milter is working for one
email but not the other. What would cause this?
Thanks,
Ken
Hi Ken,
It's odd that one spam e-mail is being blocked by the milter, while
another is not.
It's definitely something with your milter configuration. Unfortunately,
I cannot attempt to help any further, as I have no experience with
Sendmail and milters.
Hopefully someone else will be able to assist. Good luck!
Regards,
Lawrence