rbraym
asked on
SpamAssassin not filtering spam
Hi experts.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
I have a redhat server running spamassassin version 2.55 integrated with MailScanner. I have recently added some new rules to spamassassin, but spam is still arriving. I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted. Here is an Example:
Reply-To: "Jannie Butts" <amuvzatbh@lilli.freeserve
From: "Jannie Butts" <amuvzatbh@lilli.freeserve
To: <jorgep@eurolatina.com.co>
Subject: fill your girlfriend's asshole to the max!
Date: Wed, 28 Jul 2004 02:54:27 -0500
Message-ID: <DXVFBQDBYTVVJJNVWDXCLKKI@
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-Euro-MailScanner-Informa
X-Euro-MailScanner: Found to be clean
X-Euro-MailScanner-SpamChe
X-MailScanner-From: amuvzatbh@lilli.freeserve.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Webmail-Time: Wed, 28 Jul 2004 10:56:27 +0300
As you can see in the X-Euro-MailScanner-SpamChe
My question is, why??.. what should i do??.. what is wrong with the configuration??.
Thanks for your help.
I'd suggest also checking MailScanner's spam.assassin.prefs.conf and spam.whitelist.rules
yep i forget this options :)
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
i use spamassasin with procmail and mailscanner for separated ways.
is simple
the messages received
Mailscanner
procmail
Spamassasin
bogofilter
deliver to folder or mbox
i deactivated the options from mailscanner with spamassasin.
ASKER
nop..
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
this address is not in tha file. If you can see above, i wrote " I checked out some of this messages and all of them have a score above the required one (5) but they are getting whitelisted" so it's not only this message.
And the options are for all users, not for a specific user.
thanx
"X-Euro-MailScanner-SpamCh
ASKER
here's my spam.assassin.prefs.conf file:
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
# MailScanner
# MailScanner users, please see the comments at the bottom of this file.
# MailScanner
#
# SpamAssassin user preferences file.
#
# Format:
#
# required_hits n
# (how many hits are required to tag a mail as spam.)
#
# score SYMBOLIC_TEST_NAME n
# (if this is omitted, 1 is used as a default score.
# Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
##########################
# JKF 25/10/2002
# These next 3 lines add a local rule to SpamAssassin to help protect you
# from the friendlygreetings.com nasty-gram which will send lots of spam
# from your PC if you let it. Not really a virus, but you don't want your
# users all clicking on it.
header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i
describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS 100.0
header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i
describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com
score FRIEND_GREETINGS2 100.0
##########################
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.
# JKF 25/10/2002
# The required_hits value is now specified in the MailScanner configuration
# file, not here. Look for the word "Required" in there and you will find it.
required_hits 5
#
# JKF 28/04/2003
# The following settings has been pretty much superceded by the "Advanced
# SpamAssassin Settings" in MailScanner.conf.
#
# JKF 26/03/2003
# If your root filesystem is filling up because SpamAssassin is putting
# large databases in /.spamassassin or /root/.spamassassin, you can move
# them using the following lines to point to their new locations.
# The last part of the path is not a directory name, but actually the
# start of the filenames. So with the settings below, the Bayes files will
# be created as /var/spool/spamassassin/ba
#
#auto_whitelist_path /var/spool/spamassassin/au
#auto_whitelist_file_mode 0600
#bayes_path /var/spool/spamassassin/ba
#bayes_file_mode 0600
# MailScanner: When using the scheduled Bayes expiry feature, you probably
# MailScanner: want to turn off auto-expiry as it will rarely complete before
# MailScanner: it is killed for taking too long. You will just end up with
# MailScanner: big bayes_toks.new files wasting space.
# bayes_auto_expire 0
# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings. one exception is that "*@isp.com" is allowed. They should be in
# lower-case. You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
whitelist_from monty@roscom.com
# Add your blacklist entries in the same format...
#
# blacklist_from friend@public.com
# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
#ok_locales en
# By default, SpamAssassin will run RBL checks. If your ISP already
# does this, set this to 1.
#
skip_rbl_checks 0
##########################
# Add your own customised scores for some tests below. The default scores are
# read from the installed "spamassassin.cf" file, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .
# MailScanner: Comment out the next line to enable DCC checking if you
# have dcc installed (optional part of SpamAssassin)
# JKF Commented out as it no longer generates maillog warnings
#score DCC_CHECK 0.0
dcc_path /usr/local/bin/dccproc
#
# Added for MailScanner 23/5/2003
# The timeouts for blacklists and Razor are rather generous in the default
# state that SpamAssassin is shipped. Reducing these stops a lot of timeouts
# from removing SpamAssassin scores altogether.
#
rbl_timeout 20
razor_timeout 10
pyzor_timeout 10
#
# Added for MailScanner 14/6/2002
# If you specify these scores, SpamAssassin will do RBL checks as well as
# MailScanner, which just wastes CPU power and network bandwidth. Either
# do them here by uncommenting the rules below (if you have paid for them)
# or else uncomment the "skip_rbl_checks" line above and let MailScanner
# do the checks instead.
#
#score RCVD_IN_BL_SPAMCOP_NET 4
# These next 3 will cost you money, see mailscanner.conf.
#score RCVD_IN_RBL 10
#score RCVD_IN_RSS 1
#score RCVD_IN_DUL 1
# Osirusoft is dead
score RCVD_IN_OSIRUSOFT_COM 0.0
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_SPAM_SRC 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL_FH 0.0
# For spam and notspam bins
bayes_ignore_header X-MailScanner
bayes_ignore_header X-MailScanner-SpamCheck
bayes_ignore_header X-MailScanner-SpamScore
bayes_ignore_header X-MailScanner-Information
# By default, the Bayesian engine is used. This is a real CPU hog and uses
# a lot of system resources to work.
# On a small overloaded system, you might need to disable it.
# use_bayes 0
I can't see any problem on it.. maybe you can. And spam.whitelist.rules:
# This is where you can build a Spam WhiteList
# Addresses matching in here, with the value
# "yes" will never be marked as spam.
#From: 152.78. yes
#From: 130.246. yes
FromOrTo: default no
FromOrTo: *@eurolatina.com.co yes
FromOrTo: *@eurosistemas.com.co yes
FromOrTo: postmaster@eurosistemas.co
FromOrTo: postmaster@eurolatina.com.
FromOrTo: postmaster@master.eurolati
The same. Can't see any problem with it.
What could it be?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot jlevie, i didn't notice it..
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
one more question.. i need all the mails from those domains not to be marked as spam because they're our clients, so the only thing i have to do is put "From" instead of "FromOrTo"???.
Thanks.
From instead of FromTo would be correct.
whitelist_from_rcvd *@lilli.freeserve.co.uk
or something like this
or in your home directory you have
/home/you/.spamassassin/us