I agree with your posting .. however most of my users relay me anyway
any spam received to analyze (they are in doubt about how to proceed and
insecure when they receive some malware) II'd rather not take the risk
of leaving this analysis if done by them. :)
But it might be a good idea to use sa-reject to return the question to
the sender (I'll check this out next time)
Em 15-03-2017 05:42, John Puttergill escreveu:
As a general point I think that a score of 5.1 to trigger quarantine a
little low ... it means you are going to have to monitor that
quarantine account very actively.
I much prefer using sa-reject which places the onus on the sender of
the e-mail ... but ! use a score of 7.7 as my trigger point.
When you quarantine neither the sender nor the recipient is aware that
this has taken place.
By using qmail-scanner with settings per domain feature you could
deliver the mails between say 5.1 and 7.7 to a specific Spam folder in
the recipients Maildir ... this relieves you of having to monitor your
quarantine events and any mails that are not delivered are rejected
during the smtp ... so the sender is aware of the delivery failure ...
and if the mail is genuine can choose some other method of communicating.
On 14/03/2017 22:23, Rejaine Monteiro wrote:
The problem was the sa_quarantine_over parameter .. I think I was
interpreting it incorrectly .. as in my case I want for everything
that spam classifies above 5 in quarantine, then the value should be
0.1 and not 5, as was before.
because this line:
if ($sa_quarantine_over > 0 && ($sa_score - $sa_required_hits) >=
$sa_quarantine_over) {
&debug("SA: seriously spammy - quarantine and don't deliver");
thanks!!
Em 14-03-2017 18:32, Rejaine Monteiro escreveu:
qmail-scanner seems crazy here...
Tue, 14 Mar 2017 17:40:00 BRT:3511: qmail-scanner:
Clear:RC:0(194.67.222.61):SA:1(7.7/5.0): 1.740696 9914
tlepole...@partalli.com u...@mydomain.com.br
Instantly_erect,_instant_respect
<qyr1-q3qRwMXNPUJCgCOwtrdjcUswVS9bDzzxpXOejs.nsuEl60B9RNjQ0A-GTBbeE2CgXdDS2525pG
....
Why "Clear" if SA score is 7.7 ?? Why not going to quaratine ( my
$sa_quarantine_over='5'; )
qmail-queue.log is:
Tue, 14 Mar 2017 17:40:00 BRT:3511: SA: yup, this smells like SPAM
(score=7.7 required=5.0)
Tue, 14 Mar 2017 17:40:00 BRT:3511: spamassassin: finished scan of
dir "/var/spool/qscan/tmp/server14895239985893511" in 1.698798 secs
Tue, 14 Mar 2017 17:40:00 BRT:3511: scanloop: finished scan of
"/var/spool/qscan/tmp/server14895239985893511"...
Tue, 14 Mar 2017 17:40:00 BRT:3511: ini_sc: scanning message took
1.735613 seconds
Tue, 14 Mar 2017 17:40:00 BRT:3511: q_r: fork off child into
/var/qmail/bin/qmail-queue...
Tue, 14 Mar 2017 17:40:00 BRT:3525: q_r: xstatus=0
Tue, 14 Mar 2017 17:40:00 BRT:3511: qmail-scanner:
Clear:RC:0(194.67.222.61):SA:1(7.7/5.0): 1.740696 9914
tlepole...@partalli.com u...@mydomain.com.br
Instantly_erect,_instant_respect
<qyr1-q3qRwMXNPUJCgCOwtrdjcUswVS9bDzzxpXOejs.nsuEl60B9RNjQ0A-GTBbeE2CgXdDS2525pG
1489523999.3513-0.server:3508 1489523999.3513-1.server:5515
Tue, 14 Mar 2017 17:40:00 BRT:3511: cleanup: /usr/bin/rm -rf
/var/spool/qscan/tmp/server14895239985893511/
/var/spool/qscan/working/new/server14895239985893511
Tue, 14 Mar 2017 17:40:00 BRT:3511: all finished. Total of 1.783561 secs
I have several cases of messages with score by SA above 5 that
should be quarantined, but that are being delivered normally ..
I'm going crazy here. Any idea?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!http://sdm.link/slashdot
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
--
Rejaine da Silveira Monteiro
Suporte-TI
Tel: (31) 2102-8854
Jamef Encomendas Urgentes - Matriz - Belo Horizonte/MG
www.jamef.com.br
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
