On 4/24/15 3:52 PM, David B Funk wrote:
On Fri, 24 Apr 2015, Forrest wrote:
On 4/24/15 2:22 PM, David B Funk wrote:
On Fri, 24 Apr 2015, Forrest wrote:
Since last night, suddenly Spamassassin/Milter is rejecting my own
reports to Spamcop. Out of nowhere and with no other changes
other than downloading new rules. Why is this happening?
Everything has been working for literally years. spam.spamcop.net
is whitelisted in both the system and user_prefs. 127 is a trusted
network.
The original message was received at Fri, 24 Apr 2015 14:06:23 -0400
from account@localhost
----- The following addresses had permanent fatal errors -----
submit.[omitted]@spam.spamcop.net
(reason: 550 5.7.1 Blocked by SpamAssassin)
(expanded from: submit.[omitted]@spam.spamcop.net)
----- Transcript of session follows -----
... while talking to [127.0.0.1]:
DATA
<<< 550 5.7.1 Blocked by SpamAssassin
554 5.0.0 Service unavailable
Does this mean that you're SA filtering your -outgoing- mail?
Locate the corresponding entry in your spamd logs and post the rules
that hit.
Yes, outgoing, which is what I find troubling.
Here are the rules I see hit from the mail logs:
spamd: result: Y 8 -
ALL_TRUSTED,FILL_THIS_FORM,FILL_THIS_FORM_FRAUD_PHISH,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,MIME_QP_LONG_LINE,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,TVD_PH_BODY_ACCOUNTS_PRE,T_HTML_ATTACH,URIBL_BLACK,URIBL_SBL,URIBL_SBL_A
I have the mutt mail/CLI agent configured to forward tagged messages
to my spamcop submit address. This has been in place for many years
and I've never had any problems until today.
Now let me make sure I've got your situation right;
1) You are sending submissions to spamcop -and- these submissions are
identified example "spam" messages.
2) You are SA filtering your outgoing mail stream -and- blocking at the
relatively low SA score of 8
3) You are surprised when (1) + (2) result in blocked submissions.
I'm surprised you haven't run into this 'problem' before now.
Look at those rules that hit your message. There's a whole mess of stuff
(URIBL_BLACK, URIBL_SBL, RAZOR2_CF_RANGE_E8_51_100, etc) which is time
dependent
(IE maybe didn't hit when the message first came in but now hits later on
when you try to resend that spam submission).
Also note that there are no "whitelist" in those listed hits. So in
spite of
your attempts to whitelist spamcop, it isn't doing what you think.
Answer is simple, don't filter your outgoing spam submissions or at least
change the reject threshold to something more reasonable (say 20 or
more) and
make sure your "whitelist"s are actually working.
Now maybe your whitelist was doing what you expected and protected you
from
the 1+2 punch, but it clearly isn't now. In this case you need to
figure out
what change has broken your whitelist. (but I'm still dubious of your
outgoing
filter+blocking setup). Filter outgoing to monitor for customer
misbehavior
but blocking too? (that's harsh).
Points taken, thank you.
I would prefer it not scan any outgoing messages -- as this system only
has me as the "customer". I "thought" I had configured it to ignore
outbound from my system. I've literally not touched the config in a
long time -- you're right, I probably set it up a certain way, it worked
and I just left it be.
I'll need to look up what those settings are to ignore outbound -- I
think there's a switch to spamass-milter.
Thank you :)