On Fri, 24 Apr 2015, Forrest wrote:
On 4/24/15 2:22 PM, David B Funk wrote:
On Fri, 24 Apr 2015, Forrest wrote:
Since last night, suddenly Spamassassin/Milter is rejecting my own reports
to Spamcop. Out of nowhere and with no other changes
other than downloading new rules. Why is this happening? Everything
has been working for literally years. spam.spamcop.net
is whitelisted in both the system and user_prefs. 127 is a trusted
network.
The original message was received at Fri, 24 Apr 2015 14:06:23 -0400
from account@localhost
----- The following addresses had permanent fatal errors -----
submit.[omitted]@spam.spamcop.net
(reason: 550 5.7.1 Blocked by SpamAssassin)
(expanded from: submit.[omitted]@spam.spamcop.net)
----- Transcript of session follows -----
... while talking to [127.0.0.1]:
DATA
<<< 550 5.7.1 Blocked by SpamAssassin
554 5.0.0 Service unavailable
Does this mean that you're SA filtering your -outgoing- mail?
Locate the corresponding entry in your spamd logs and post the rules
that hit.
Yes, outgoing, which is what I find troubling.
Here are the rules I see hit from the mail logs:
spamd: result: Y 8 -
ALL_TRUSTED,FILL_THIS_FORM,FILL_THIS_FORM_FRAUD_PHISH,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_QP_LONG_LINE,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TVD_PH_BODY_ACCOUNTS_PRE,T_HTML_ATTACH,URIBL_BLACK,URIBL_SBL,URIBL_SBL_A
I have the mutt mail/CLI agent configured to forward tagged messages to my
spamcop submit address. This has been in place for many years and I've never
had any problems until today.
Now let me make sure I've got your situation right;
1) You are sending submissions to spamcop -and- these submissions are
identified example "spam" messages.
2) You are SA filtering your outgoing mail stream -and- blocking at the
relatively low SA score of 8
3) You are surprised when (1) + (2) result in blocked submissions.
I'm surprised you haven't run into this 'problem' before now.
Look at those rules that hit your message. There's a whole mess of stuff
(URIBL_BLACK, URIBL_SBL, RAZOR2_CF_RANGE_E8_51_100, etc) which is time dependent
(IE maybe didn't hit when the message first came in but now hits later on
when you try to resend that spam submission).
Also note that there are no "whitelist" in those listed hits. So in spite of
your attempts to whitelist spamcop, it isn't doing what you think.
Answer is simple, don't filter your outgoing spam submissions or at least
change the reject threshold to something more reasonable (say 20 or more) and
make sure your "whitelist"s are actually working.
Now maybe your whitelist was doing what you expected and protected you from
the 1+2 punch, but it clearly isn't now. In this case you need to figure out
what change has broken your whitelist. (but I'm still dubious of your outgoing
filter+blocking setup). Filter outgoing to monitor for customer misbehavior
but blocking too? (that's harsh).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
