Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1493
  • Last Modified:

Spamassassin not using blacklist to mark emails

My spamassassin installation is not using any of my blacklist items to score messages. Currently I have three custom blacklist files in my /etc/mail/spamassassin folder.

blacklist.cf
custom_bl.cf
foreign_bl.cf

blacklist.cf contains manually entered blacklist entries.
custom_bl.cf contains specific entries that I wanted to keep separate from other manual entries.
foreign_bl.cf contains about 50 items specifically designed to blacklist messages from certain domains in the form of: blacklist_from *@*.vu

None of these blacklist items are being used to flag messages in SA. Running 'spamassassin -D --lint' reveals no errors and shows all files being loaded.

I'm at a loss.
0
Tekz08
Asked:
Tekz08
  • 3
  • 3
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
It has been a while since I have used Spamassissin. In the version I used, blacklist entries were in user_prefs, but a newer version might be different.

More importantly, I had difficulty with *@*.vu.  I use *.vu or *.ar or *.whatever. That worked very well.  Use the following to unblacklist from *.de

blacklist_from   *.de
unblacklist_from *lavasoft.de
whitelist_from   *@lavasoft.de

What I suggest you do is create a rule you want working and see if you can make one file work.

As I noted, it has been a long while since I have used Spamassissin since my mail now gets filtered by mail.com.

.... Thinkpads_User
0
 
John HurstBusiness Consultant (Owner)Commented:
@Tekz08 - Any follow up?

Check the message headers of one of your emails. Do you see this?

Return-Path: <noreply@info.blackhatcovertchannel.com>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on my mailserver
X-Spam-Level: **
X-Spam-Status: No, score=2.6 required=5.0 tests=HK_RANDOM_FROM,
      HK_RANDOM_REPLYTO,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,REMOVE_BEFORE_LINK
      autolearn=no version=3.3.2
X-Original-To: Me
Delivered-To: Me

... Thinkpads_User
0
 
Tekz08Author Commented:
I switched my top-level domain blacklists over to the *.de format but it's still not working properly.

All my blacklists and custom rules are not being applied, even though spamassassin -D --lint shows that they are being read.

http://pastebin.com/PnZQGrVD
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
John HurstBusiness Consultant (Owner)Commented:
Thanks for the update. I am an end user so I have limited operating knowledge, so some questions:

1. Per an earlier post, what do your mail headers say (Outlook headers for example). Is Spamassissin working at the user level?

2. Are you setting up user rules? I could not tell from the long output list. But each user needs a separate rules file so my rules can be different than yours.

3. Have you tried removing and then re-installing Spamassissin?

Thanks, ... Thinkpads_User
0
 
Tekz08Author Commented:
Alright I just figured this out. Turns out that MailCleaner uses the spamd daemon and had the siteconfigpath set in spamd.conf to /usr/mailcleaner/share/spamassassin and did not mention /etc/mail/spamassasssin at all.

I moved my custom config files over to that directory and the rules started working after restarting services.

Thanks for participating.
0
 
Tekz08Author Commented:
Figured out solution.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now