sde
Verified User
does mail addressed to mailing lists get checked for spam?
when i receive mail through a list, i don't see spam ratings in the headers.
when i receive mail through a list, i don't see spam ratings in the headers.
mail lists & spam assassin
- Thread starter sde
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I'm not sure if you mean email from external lists, or mail going out through lists on your server?
Incoming mail from external lists should be checked for spam.
Outgoing email through lists on your server should also go through SpamAssassin though I'm not sure.
Perhaps someone else who runs lists and uses SpamAssassin can tell us.
Jeff
Incoming mail from external lists should be checked for spam.
Outgoing email through lists on your server should also go through SpamAssassin though I'm not sure.
Perhaps someone else who runs lists and uses SpamAssassin can tell us.
Jeff
sde
Verified User
A customer setup a list which my email happens to be a part of. I noticed my inbox getting a lot of spam all of a sudden as my account normally would without spamassassin and spamblocker setup.
Looking at the header, it does not appear that mail to the list gets sent through spamassassin.
Looking at the header, it does not appear that mail to the list gets sent through spamassassin.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Is this a local delivery (is your email address on the same server as your email address)?
I can't figure out why the last Received header shows the mail for list-out; I'd think it should be your email address.
Or no email address.
So I'm a bit confused.
If your email address is on the same server, then have you tried looking at the headers of a list mail sent to a different server?
It does appear that incoming email isn't being tested by SpamAssassin.
Can you see SpamAssassin headers in other messages you receive to addresses on the same server?
Jeff
I can't figure out why the last Received header shows the mail for list-out; I'd think it should be your email address.
Or no email address.
So I'm a bit confused.
If your email address is on the same server, then have you tried looking at the headers of a list mail sent to a different server?
It does appear that incoming email isn't being tested by SpamAssassin.
Can you see SpamAssassin headers in other messages you receive to addresses on the same server?
Jeff
sde
Verified User
yes, my email address is on the same server as the mail list email address, but the spam is coming from an external address.
no, i haven't looked at the headers of an email address on the list sent to another server.
yes, i can see SA checks in other emails to my address.
My guess is that since the list address isn't in the email address list of the domain, that it is not getting checked my SA.
no, i haven't looked at the headers of an email address on the list sent to another server.
yes, i can see SA checks in other emails to my address.
My guess is that since the list address isn't in the email address list of the domain, that it is not getting checked my SA.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Looking in your exim.conf file, is your spamcheck_director section uncommented? Is it above your majordomo_aliases director?
We run mailing lists, but not on any machine where we run SpamAssassin, so i can't troubleshoot it myself.
Jeff
We run mailing lists, but not on any machine where we run SpamAssassin, so i can't troubleshoot it myself.
Jeff
sde
Verified User
yes, it is un-commented.
i have an email out to support to ask if they could shed any light into.
Code:
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
{exists{/etc/virtual/${domain}/passwd}} \
{\
or \
{ \
{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify
Last edited:
nobaloney
NoBaloney Internet Svcs - In Memoriam †
It looks quite different from mine; what's all that stuff following the or and where did it come from?
Jeff
Jeff
sde
Verified User
when i was having problem with SA using 99% cpu usage, i found a post that recommended to use that to make sure only email sent to valid addresses got checked.
hmmm .. maybe that is it.
hmmm .. maybe that is it.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
DA shouldn't accept email to invalid addresses unless you've made changes to the default configuration of the exim.conf file.
Does your exim.conf file say Spamblocker Version 2 somewhere near the top?
Jeff
Does your exim.conf file say Spamblocker Version 2 somewhere near the top?
Jeff
- Joined
- Feb 27, 2003
- Messages
- 8,139
Hello,
This code will prevent lists from being scanned
because it says only scan either the username, or pop accounts. You could probably add another entry to make it look like:
Which might solve that for you, with your current setup.
John
This code will prevent lists from being scanned
Code:
{\
or \
{ \
{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
{eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \
Code:
{\
or \
{ \
{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}} \
[b]{!eq {}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliases}}}} \[/b]
{eq {$local_part} {${lookup{$domain}lsearch{/etc/virtual/domainowners}}}} \
} \
} \John
sde
Verified User
Jeff, yes, I'm using version 2. That is good to know, thanks.
John, thanks for pointing that out too. I added it to my file, but since Spam Blocker 2 does this for me, maybe I should get rid of the 'or' all together.
I really appreciate the responses.
John, thanks for pointing that out too. I added it to my file, but since Spam Blocker 2 does this for me, maybe I should get rid of the 'or' all together.
I really appreciate the responses.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
sde,
we've had a lot of problems with high usage on SA. We've turned it off on a lot of servers.
Did you have those pesky bsmtp errors others have reported (look here)?
Does that "or" section really help? If it does, I'm going to try it on one of our servers.
So don't remove it yet.
Does it really help?
Jeff
we've had a lot of problems with high usage on SA. We've turned it off on a lot of servers.
Did you have those pesky bsmtp errors others have reported (look here)?
Does that "or" section really help? If it does, I'm going to try it on one of our servers.
So don't remove it yet.
Does it really help?
Jeff
sde
Verified User
Yes, I was getting those bsmtp errors, but it is all resolved now.
I was using Spam Blocker 2.0 the entire time so if you are saying that only valid addresses get scanned, then those lines I added did not help.
Ultimately what I believe to be the problem was an upgrade of SA which put 2 conflicting rule sets in my /etc/mail/spamassassin/ directory.
v310.pre
v312.pre
As soon as I got rid of 310.pre, everything seemed to stabilize.
Currently I'm running SA 3.1.7 with the following rulesets (most from SARE)
My system is a dual 2.8 xenon with about 40 users. Everything seems to run pretty smooth and only a couple spam sneak through per day on accounts that see plenty of spam action usually.
____________
Mike Milano
I was using Spam Blocker 2.0 the entire time so if you are saying that only valid addresses get scanned, then those lines I added did not help.
Ultimately what I believe to be the problem was an upgrade of SA which put 2 conflicting rule sets in my /etc/mail/spamassassin/ directory.
v310.pre
v312.pre
As soon as I got rid of 310.pre, everything seemed to stabilize.
Currently I'm running SA 3.1.7 with the following rulesets (most from SARE)
Code:
70_sare_adult.cf 70_sare_html0.cf 72_sare_bml_post25x.cf.1
70_sare_evilnum0.cf 70_sare_html1.cf 72_sare_redirect_post3.0.0.cf
70_sare_evilnum1.cf 70_sare_obfu.cf 99_sare_fraud_post25x.cf
70_sare_genlsubj0.cf 70_sare_oem.cf chickenpox.cf
70_sare_genlsubj1.cf 70_sare_specific.cf init.pre
70_sare_header0.cf 70_sare_spoof.cf local.cf
70_sare_header1.cf 70_sare_stocks.cf v312.pre
70_sare_header2.cf 72_sare_bml_post25x.cfMy system is a dual 2.8 xenon with about 40 users. Everything seems to run pretty smooth and only a couple spam sneak through per day on accounts that see plenty of spam action usually.
____________
Mike Milano
nobaloney
NoBaloney Internet Svcs - In Memoriam †
sde,
In one of my servers I found rulesets in these directories:
/usr/share/spamassassin/
/usr/local/Mail-SpamAssassin-3.0.4/masses/
/usr/local/Mail-SpamAssassin-3.0.4/rules/
/etc/mail/spamassassin/
This is an old installation, and doesn't need updating because the entire server is now out of service, but it's one I where I had to shut down SA because of the BSMTP problem.
On a new server currently also NOT running SpamAssassin (but with SpamAssassin 3.1.1 installed) I have rulesets in these directories:
/etc/mail/spamassassin/
/usr/share/spamassassin/
In the first directory I have:
init.pre
local.cf
v310.pre
and in the second I have:
10_misc.cf
20_advance_fee.cf
20_anti_ratware.cf
20_body_tests.cf
20_compensate.cf
20_dnsbl_tests.cf
20_drugs.cf
20_fake_helo_tests.cf
20_head_tests.cf
20_html_tests.cf
20_meta_tests.cf
20_net_tests.cf
20_phrases.cf
20_porn.cf
20_ratware.cf
20_uri_tests.cf
23_bayes.cf
25_accessdb.cf
25_antivirus.cf
25_body_tests_es.cf
25_body_tests_pl.cf
25_dcc.cf
25_domainkeys.cf
25_hashcash.cf
25_pyzor.cf
25_razor2.cf
25_replace.cf
25_spf.cf
25_textcat.cf
25_uribl.cf
30_text_de.cf
30_text_fr.cf
30_text_it.cf
30_text_nl.cf
30_text_pl.cf
30_text_pt_br.cf
50_scores.cf
60_awl.cf
60_whitelist.cf
60_whitelist_spf.cf
60_whitelist_subject.cf
languages
sa-update-pubkey.txt
triplets.txt
user_prefs.template
Are these reasonable? Do you have them as well?
What I'm looking for is a SpamAssassin configuration that will work for me and my clients and not result in BSMTP errors.
How do you call SpamAssassin in DA? Do you use the standard SpamBlocker exim.conf file distributed with DA, or some other?
Thanks.
Jeff
In one of my servers I found rulesets in these directories:
/usr/share/spamassassin/
/usr/local/Mail-SpamAssassin-3.0.4/masses/
/usr/local/Mail-SpamAssassin-3.0.4/rules/
/etc/mail/spamassassin/
This is an old installation, and doesn't need updating because the entire server is now out of service, but it's one I where I had to shut down SA because of the BSMTP problem.
On a new server currently also NOT running SpamAssassin (but with SpamAssassin 3.1.1 installed) I have rulesets in these directories:
/etc/mail/spamassassin/
/usr/share/spamassassin/
In the first directory I have:
init.pre
local.cf
v310.pre
and in the second I have:
10_misc.cf
20_advance_fee.cf
20_anti_ratware.cf
20_body_tests.cf
20_compensate.cf
20_dnsbl_tests.cf
20_drugs.cf
20_fake_helo_tests.cf
20_head_tests.cf
20_html_tests.cf
20_meta_tests.cf
20_net_tests.cf
20_phrases.cf
20_porn.cf
20_ratware.cf
20_uri_tests.cf
23_bayes.cf
25_accessdb.cf
25_antivirus.cf
25_body_tests_es.cf
25_body_tests_pl.cf
25_dcc.cf
25_domainkeys.cf
25_hashcash.cf
25_pyzor.cf
25_razor2.cf
25_replace.cf
25_spf.cf
25_textcat.cf
25_uribl.cf
30_text_de.cf
30_text_fr.cf
30_text_it.cf
30_text_nl.cf
30_text_pl.cf
30_text_pt_br.cf
50_scores.cf
60_awl.cf
60_whitelist.cf
60_whitelist_spf.cf
60_whitelist_subject.cf
languages
sa-update-pubkey.txt
triplets.txt
user_prefs.template
Are these reasonable? Do you have them as well?
What I'm looking for is a SpamAssassin configuration that will work for me and my clients and not result in BSMTP errors.
How do you call SpamAssassin in DA? Do you use the standard SpamBlocker exim.conf file distributed with DA, or some other?
Thanks.
Jeff
sde
Verified User
I'm in no way a spam assassin expert but rather flying by the seat of my pants with trial and error.
here are the contents of my /user/share/spamassassin/ directory:
my exim.conf file started as the one distributed with DA with support for Spam Blocker 2.
Here is the SA section:
/etc/init.d/exim
i got the transport exim.conf line and exim launch mod from this thread.
at the time i was just trying out everything i could find to get rid of the bsmtp errors and they went away. i'm pretty sure launching 10 spamd processes instead of 5 really helped.
hope that helps.
here are the contents of my /user/share/spamassassin/ directory:
Code:
10_misc.cf 23_bayes.cf 30_text_fr.cf
20_advance_fee.cf 25_accessdb.cf 30_text_it.cf
20_anti_ratware.cf 25_antivirus.cf 30_text_nl.cf
20_body_tests.cf 25_body_tests_es.cf 30_text_pl.cf
20_compensate.cf 25_body_tests_pl.cf 30_text_pt_br.cf
20_dnsbl_tests.cf 25_dcc.cf 50_scores.cf
20_drugs.cf 25_dkim.cf 60_awl.cf
20_fake_helo_tests.cf 25_domainkeys.cf 60_whitelist.cf
20_head_tests.cf 25_hashcash.cf 60_whitelist_dk.cf
20_html_tests.cf 25_pyzor.cf 60_whitelist_dkim.cf
20_meta_tests.cf 25_razor2.cf 60_whitelist_spf.cf
20_net_tests.cf 25_replace.cf 60_whitelist_subject.cf
20_phrases.cf 25_spf.cf languages
20_porn.cf 25_textcat.cf sa-update-pubkey.txt
20_ratware.cf 25_uribl.cf triplets.txt
20_uri_tests.cf 30_text_de.cf user_prefs.templatemy exim.conf file started as the one distributed with DA with support for Spam Blocker 2.
Here is the SA section:
Code:
# Spam Assassin
begin transports
spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output = true
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
# transport_filter = /usr/bin/spamc -U /var/spool/spamd/spamd -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!/etc/init.d/exim
Code:
if [ -e /usr/bin/spamd ]; then /usr/bin/spamd -d -c -m 10 1>/dev/null 2>/dev/null; fii got the transport exim.conf line and exim launch mod from this thread.
at the time i was just trying out everything i could find to get rid of the bsmtp errors and they went away. i'm pretty sure launching 10 spamd processes instead of 5 really helped.
hope that helps.
Last edited: