Coming soon! Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.
Course Of The Month
7 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
SpamAssassin not filtering spam
Posted on 2004-07-30
Hi experts.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
-
3
2
9 Comments
check if you dont have this address in the /usr/share/spamassassin/60
whitelist_from_rcvd *@lilli.freeserve.co.uk
or something like this
or in your home directory you have
/home/you/.spamassassin/us
whitelist_from_rcvd *@lilli.freeserve.co.uk
or something like this
or in your home directory you have
/home/you/.spamassassin/us
yep i forget this options :)
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
nop..
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
"X-Euro-MailScanner-SpamCh
here's my spam.assassin.prefs.conf file:
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
Here's your problem:
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
That says that messages from or to any user at either of those domains is to be whitelisted. The sample above is "To: <jorgep@eurolatina.com.co>
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
That says that messages from or to any user at either of those domains is to be whitelisted. The sample above is "To: <jorgep@eurolatina.com.co>
Thanks a lot jlevie, i didn't notice it..
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
Featured Post
You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.
IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable.
1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers.
Hopes this gives you ideas on visualizing your data in new ways ~
Create a calculated field in a query:
…
Suggested Courses
Course of the Month7 days, 2 hours left to enroll
726 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.