spamassassin still!

J

jechilt

Verified User
Joined
Jun 21, 2004
Messages
212
i am not sure if the post should go in email, 3rd party or where so i am putting it here....

this post was made at the pinacle of my frustration with SA. For goodness sake, if I can't resolve this, I am going remove the ()*#$$)$ thing from the server.

I have one domain prodominately that is having spam issues just by sending a message from one person to the other in the same domain, let alone the same office. This is just getting frikin rediculous. Maybe it is frustrating because I don't know how to fix this but i can tell you what I have done.

1. changed their SA threshold to 50. No change. They send a message and the email comes in saying they exceeded the 5.0 threshhold. hmmm, so it is not changing the threshold on the server but their control sure says 50 or whatever number i make it.

2. enter *@theirdomain.com to allow any messages through.

stopped/restarted spamd and exim.

person sends self a message and BAM, blocked by spam again, exceeding 5.0 threshold.
This is totally frustrating and frankly, SA is proving to be more a pain in my side that it is worth. Not only do they have this problem with SA, I have other domains where people are complaining that they are not getting their messages...sometimes when they send it to themself. So far, SA sucks. plain and simple.

Can anyone help me figure out what is going on? my head hurts....litterally.

thanks in advance...
 
download the original exim.conf from DA, or comment the SA section in exim.conf, restart exim, and SA is completely off
 
download the original exim.conf from DA, or comment the SA section in exim.conf, restart exim, and SA is completely off
Click to expand...

He didn't ask how to remove.

Where did you change the threshold ? In the control panel ??

Did the spamassassin .cf file in the sending/receiving user /home/[user]/.spamassassin/

change ?

If it still doesn't work upgrade you're spamassassin to 3.0
 
I changed the threshold in the user control panel under spamassassin setup.
In my little book, I would call this a system bug when the user changes their spam threshold but the messages keep coming in under the default point system of the server.
Out of chance, how can I manually change the threshold from the default 5 to say, 7.5?

Here is the user_prefs file after altering from control panel:


Code: 
required_hits   50
rewrite_subject 1
subject_tag     *****SPAM*****
report_safe     1


whitelist_from *@abacus95.com


required_score 50
rewrite_header subject *****SPAM*****

Here is a typical response from user sending message from self to self:
Code: 
Content preview:  Michael J. Blair Senior Partner [...] 

Content analysis details:   (5.0 points, 5.0 required)

 pts rule name              description
---- ----------------------
--------------------------------------------------
 0.0 HTML_MESSAGE           BODY: HTML included in message
 3.3 MSGID_FROM_MTA_SHORT   Message-Id was added by a relay
 0.1 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP
address
                            [67.65.58.210 listed in dnsbl.sorbs.net]
 1.6 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [67.65.58.210 listed in combined.njabl.org]
 0.1 AWL                    AWL: Auto-whitelist adjustment

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

Let's not get confused with the 50 setting...I had it at 25, 75, 1000....made no difference.

ps>> would still like to get to the bottom of the 3.3 MSGID_FROM_MTA_SHORT ordeal. From the different newsgroups I have been to, this seems to be an exclusive element to EXIM...ooops, sorry, first things first :)
 
Ok I think you're missing something :p

Ok let's say John sends a message to Willy.


On you're server it goes like this:

john sends message >>> SMTP JOHN (exim) >>> spamassassin JOHN (will tag @ threshold) >>> SMTP WILLY (exim) >>> spamassassin WILLY (will tag @ threshold) >>> message received by willy


So in both John AND Willy the threshold has to be Higher than 5 for the message you described to pass.


I normaly used MailScanner so outgoing and incomming messages are scanned, so I think the same hapens here with exi-scan ;)
 
hi....

i understand the threshold and how points are tallied. The main problem here is the threshold is set to 50 for the specified user, as outlined in the snip above. however, messages are still being flagged at a threshold of 5.0
 
jechilt said:
hi....

i understand the threshold and how points are tallied. The main problem here is the threshold is set to 50 for the specified user, as outlined in the snip above. however, messages are still being flagged at a threshold of 5.0
Click to expand...

Ok as you say specified user, you're sending from outside and not an account on the server to the other account on the server?

Try upgrading you're spamassassin to Version 3.0 if it isn't already!


MSGID_FROM_MTA_SHORT: Message-Id was added by a relay

This is deprecated and not used in 3.0, so I would recommend upgrading to 3.0 and check if the thresholds are working correct. (think it will)
 
Successful upgrade but still confused

Need some help....

Successfully upgraded SpamAssassin to 3.01

After upgrading, began testing with user account.

Set the threshold to 10 for the user domain.

Send Test messages with the following results (actual data, no psuedos):
Code: 
Date: Sun, 14 Nov 2004 22:44:35 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_057B_01C4CA9B.84097350"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on ns.tudads.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=5.0 tests=DEAR_SOMETHING,HTML_10_20,
	HTML_MESSAGE,LONGWORDS autolearn=no version=3.0.1
Question: Why is the required value still at 5.0? I don't understand.

Here is the data from the user_conf file:
Code: 
required_hits   10.0
rewrite_subject 1
subject_tag     *****SPAM*****
report_safe     1


whitelist_from *@abacus95.com


required_score 10.0
rewrite_header subject *****SPAM*****

Thanks for any info to help me understand.
 
Hi John,

We had a similar problem a few weeks ago..

I'm sticking my neck out a bit as I stll don't fully understand but heres what I *think* we found that resolved the problem...

The latest version of da_exim from DA has Jeffs exim.conf - although its missing all the required files which is very odd considering its an RPM and they can easily be created as the rpm is installed - the exim.conf that was being used is the old DA version, and may be the reason why the user specific mailscanning wasnt working.

*Edited to add* : actually the problem existed on our systems running SA 2.* - we are waiting for DA to officially upgrade to SA V3.* which I understand will be in the next upgrade.

Hope this helps - sorry if it's off the mark,

Rob
 
Last edited:
thanks for the explanation.

it is unfortunate for me that i lack the knowledge (for the moment) to resolve this myself. however, it is fortunate to have a great group of people on this board that help us along.
a few of my hopes are these:
1. i am not the only one that is dealing with stuff like this and not know what to do. heaven forbid i am...i should just pack up and do something else like pump gas at a gas station
2. the things i learn i can use in the future and hopefully be able to help someone else
3. this info can be used later by another person lost as I am and be able to find a solution.

if something is missing and we can fix it, what would it be?

thanks for all the help. we will be looking watching and waiting...
 
Hi John,

I was sort of sticking my neck out on this as I don't understand everything I'm afraid.

Maybe someone can read through everything and make some sense from it!!

Keep going though - pumping gas would be ok in the summer but winters coming ;)

Rob
 
Thanks to everyone for their help.

Installed SA 3.01 and resolved some of the threshold point problems.
As for each domain getting their own threshold value was finally figured out....I missed a very important step modifying the exim.conf file.

As per this thread , we changed the transport_filter
Code: 
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
restarted exim and now domains are reading speficied thresholds :)
 
Last edited:
Does anyone know how this relates or would be resolved when using MailScanner to handle spamassassin?

Sounds like an upgrade of spamassassin will help with some issues but we are having the same issue where per user settings seem to not be used.

I don't think that same transport_filter line will work with MailScanner...
 
You must log in or register to reply here.
Back
Top