Easy spamfighter too strict, how to change?

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,763
Location
Maastricht
I got an issue with an email which got send back to the sender.

According to my logs the reason was:
rejected after DATA:
"Your message was classified as SPAM. Please add more content, cut down on HTML links, use fewer naughty words etc. Also, ask your IT dept to make sure your mailserver has REVERSEDNS, SPF and is not on any black lists. Your score: 130"
Click to expand...
The domain had a DNS issue, but not something which would block the mail.

So I talked to the sender about it, because it happens I know him quite well.
He did send a mail with a pdf attachment to a customer of mine, which did not get the mail due to the above reason.

The sender stated to me what he did but I forgot a little bit, he had either none, or a little text in that mail. Maybe there was a link also but I don't remember.
To see if another email would be send, he send a complete empty mail to my customer. Strangely enough that mail was received by the customer.

So it looks like almost empty emails with an attachment, will be blocked and seen as spam.

This is a little bit too strict for my customers. People should be able to send attachments with only very little or none text in the email.

Is there a way to configure easy spam fighter less strict in a way that this kind of mail is not blocked as spam?
I looked at exim.strings.conf but did not find an option in there which looks like it.

Next to that I don't know how to use the "custom" version of that. The only thing I know is that you have to use == but I don't know parameters.
For example, if you want to change this line:
ONLY_ONE_AUTH_PER_CONN=Only one authentication attempt is allowed per connection
Click to expand...
How do I have to change it, like this??
ONLY_ONE_AUTH_PER_CONN==Only three authentication attempts is allowed per connection
Click to expand...
Or what? Can somebody give an example on how to work with the custom conf?

I also looked ad exim.variables.conf but only found this:
message_body_visible=3000
Click to expand...
which I don't know what it means. If I want to change things here, can I just change it or do I need a exim.variables.conf.custom also?
It's quite unclear to me.

Anyway, most importand thing is that people can send almost empty emails to my customers with an attachment.
 
To customize /etc/exim.variables.conf, please use /etc/exim.variables.conf.custom and a single '=' (copy the line from /etc/exim.variables.conf and change the value only), then run:
Code: 
cd /usr/local/directadmin/custombuild
./build exim_conf

That will 'merge' /etc/exim.variables.conf.custom with /etc/exim.variables.conf, and you'll have your custom values set in /etc/exim.variables.conf.
 
Thank you.
You also know about my other questions? Parameters for exim.strings.conf.custom and the setting the spamfilter less strict so users can receive emails like in my example?
 
Nobody any clue how I can fix this? If needed, how can I disable that new spam blocker if necessary?
 
For the message that was flagged as spam, do you have it somewhere, or can you generate another spam message?
It would be useful to see exactly which ESF headers are being added, so we can better gauge which area to loosen.
Each section of the ESF that runs should be adding it's resulting score to a new header.

If the bulk of the score is X-Spam-Score (multiplied by 10: eg. a SpamAssassin score of 7.0 is worth 70 in ESF), then let us know the largest SpamAssassin rule that's added.

As you've mentioned, it might be dns related? Let us know exactly which tag was added to signify that.

Note that the reverse IP lookup itself is actually a 2 part check.
The IP must have a reverse IP lookup, but the value that is returned must also do a forward lookup (best to have it resolve to the same IP again, although not as important as it just resolving at all)

John
 
Unfortunately I don't have that message somewhere. According to the sender he got it back and deleted it.
If I'm not mistaken, it was en empty message with only a pdf attachment to it.

If it was DNS related, the second message, which was also completely empty (as test) but had no attachment, would not have been delivered either, but that one has been delivered. So that's why I presume it was the attachment which caused the problem.
But it was only a good .pdf attachment.
 
You must log in or register to reply here.
Back
Top