Hello,
I've set up ESF yesterday on my server, it blocks most spam that is listed but some spam is still passing through, even though the spam score reaches the threshold for deletion.
How can I fix this? I see in the log that most spam is blocked when the threshold is met.
I've set 55 to be the score limit in variables.conf as you can see this email has a spamscore of 90 but it's still not deleted.
P.s it also looks like rdns is not being checked, nor DKIM, spam that does have rdns and dkim checked and fail are deleted and i see it in the exim log
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28)
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0 tests=BAYES_50,HELO_DYNAMIC_IPADDR,
HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE autolearn=no autolearn_force=no
version=3.4.1
SPFCheck: Server passes SPF test, -30 Spam score
BlacklistCheck: Blacklisted address, +120 Spam score
SpamTally: Final spam score: 90
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
exim log:
2016-03-24 06:26:04 1aizeX-0007EW-A5 <= [email protected] H=(dynamic-user-cco-177-75-150-198.mhnet.com.br) [177.75.150.198] P=smtp S=15596 id=59h428z5ii0t$vd2q33e3$xm0026d2@LDOO39 T="Making Money Easy - Own Your Money" from <[email protected]> for
2016-03-24 06:26:04 cwd=/ 3 args: /usr/sbin/exim -Mc 1aizeX-0007EW-A5
2016-03-24 06:26:04 cwd=/ 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2016-03-24 06:26:07 login authenticator failed for (User) [91.200.12.126]: 535 Incorrect authentication data (set_id=brown)
2016-03-24 06:26:09 1aizee-0007Ed-2W <= [email protected] U=mail P=spam-scanned S=16073 id=59h428z5ii0t$vd2q33e3$xm0026d2@LDOO39 T="Making Money Easy - Own Your Money" from <[email protected]> for
2016-03-24 06:26:09 cwd=/ 3 args: /usr/sbin/exim -Mc 1aizee-0007Ed-2W
2016-03-24 06:26:09 1aizee-0007Ed-2W => info <> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=16400 C="250 2.0.0 <> 6NWeFpGW81bZawAAjo929g Saved"
2016-03-24 06:26:09 1aizee-0007Ed-2W Completed
2016-03-24 06:26:09 1aizeX-0007EW-A5 => info <> F=<[email protected]> R=spamcheck_director T=spamcheck S=15949
2016-03-24 06:26:09 1aizeX-0007EW-A5 Completed
I've set up ESF yesterday on my server, it blocks most spam that is listed but some spam is still passing through, even though the spam score reaches the threshold for deletion.
How can I fix this? I see in the log that most spam is blocked when the threshold is met.
I've set 55 to be the score limit in variables.conf as you can see this email has a spamscore of 90 but it's still not deleted.
P.s it also looks like rdns is not being checked, nor DKIM, spam that does have rdns and dkim checked and fail are deleted and i see it in the exim log
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28)
X-Spam-Level: ****
X-Spam-Status: No, score=4.3 required=5.0 tests=BAYES_50,HELO_DYNAMIC_IPADDR,
HTML_MESSAGE,MIME_HTML_ONLY,RDNS_NONE autolearn=no autolearn_force=no
version=3.4.1
SPFCheck: Server passes SPF test, -30 Spam score
BlacklistCheck: Blacklisted address, +120 Spam score
SpamTally: Final spam score: 90
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
exim log:
2016-03-24 06:26:04 1aizeX-0007EW-A5 <= [email protected] H=(dynamic-user-cco-177-75-150-198.mhnet.com.br) [177.75.150.198] P=smtp S=15596 id=59h428z5ii0t$vd2q33e3$xm0026d2@LDOO39 T="Making Money Easy - Own Your Money" from <[email protected]> for
2016-03-24 06:26:04 cwd=/ 3 args: /usr/sbin/exim -Mc 1aizeX-0007EW-A5
2016-03-24 06:26:04 cwd=/ 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2016-03-24 06:26:07 login authenticator failed for (User) [91.200.12.126]: 535 Incorrect authentication data (set_id=brown)
2016-03-24 06:26:09 1aizee-0007Ed-2W <= [email protected] U=mail P=spam-scanned S=16073 id=59h428z5ii0t$vd2q33e3$xm0026d2@LDOO39 T="Making Money Easy - Own Your Money" from <[email protected]> for
2016-03-24 06:26:09 cwd=/ 3 args: /usr/sbin/exim -Mc 1aizee-0007Ed-2W
2016-03-24 06:26:09 1aizee-0007Ed-2W => info <> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=16400 C="250 2.0.0 <> 6NWeFpGW81bZawAAjo929g Saved"
2016-03-24 06:26:09 1aizee-0007Ed-2W Completed
2016-03-24 06:26:09 1aizeX-0007EW-A5 => info <> F=<[email protected]> R=spamcheck_director T=spamcheck S=15949
2016-03-24 06:26:09 1aizeX-0007EW-A5 Completed
Last edited: