This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.
SpamAssassin not filtering spam
Hi experts.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
Asked:
-
4
-
3
2
1 Solution
yep i forget this options :)
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
nop..
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
"X-Euro-MailScanner-SpamCh
here's my spam.assassin.prefs.conf file:
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
Here's your problem:
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
That says that messages from or to any user at either of those domains is to be whitelisted. The sample above is "To: <jorgep@eurolatina.com.co>
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
That says that messages from or to any user at either of those domains is to be whitelisted. The sample above is "To: <jorgep@eurolatina.com.co>
Thanks a lot jlevie, i didn't notice it..
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
whitelist_from_rcvd *@lilli.freeserve.co.uk
or something like this
or in your home directory you have
/home/you/.spamassassin/us