message as spamassassin modified it. From the body of the e-mail, you can
clearly see that it is looking at my blacklist, it just isn't doing anything
with it. Well, after ramming my head into the wall to knock some sense into
me, I think that I know why it isn't. My .procmailrc file isn't doing anything
with it. Now, that means to me that spamassassin does nothing more than assign
a score to the e-mail and that proc mail does the actual filtering and
deletion. So, what it seems to me is that 1) the black list in the user_prefs
file is totally useless since you could easily put this in your .procmailrc
file:
:0: * ^From:*badaddress.com /dev/null
or 2) there has to be a way in the .procmailrc file to send to /dev/null
anything that has a score over a certain value. I'm not finding anything on
how to do that, so if you know, that would be much appreciated. My only other
option is to take the listings in my blacklist and run them through a perl
script to re-write them to go into my procmailrc file. But, something tells me
that the processing would take longer if my mail server had to parse through a
huge procmailrc file.
Thanks,
Antonio DeLaCruz
Quoting "Pettit, Paul" <[EMAIL PROTECTED]>:
[snip]Antonio DeLaCruz [mailto:[EMAIL PROTECTED] wrote: =20 Here is my user_prefs file: =20 # SpamAssassin config file for version 3.0 =20=20 whitelist_from address.com =20
Is this a typo or what is actually in the user_pref file? Seems odd and = may be related if it isn't a typo.
#### Start of Manual Blacklist #### # blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] blacklist_from [EMAIL PROTECTED] =20 =20 Here is my .procmailrc file: =20 :0fw: spamassassin.lock | /usr/bin/spamassassin -p /home/<user>/.spamassassin/user_prefs =20 Here is my .forward file: =20 "|IFS=3D' ' && exec /usr/bin/procmail -f- || exit 75 #<user>" =20 =20 =20 The entries in my blacklist_from are not getting blocked. =20 I'm not sure what I've done wrong. I installed postfix (version 2.2.2) from=20 source. I have also installed Spamassassin using cpan (version 3.0.2). Any help=20 on this would be appreciated. =20 Thanks, =20
Can you send a cut&paste of the headers from an email that you feel = should have been caught but got through? All the above looks about right but = the key would be if SA is even checking the email.
Did you run 'sendmail -D --lint -p = /home/<user>/.spamassassin/user_prefs' (if not logged in as the user) to check your settings? What was the = output?
Paul Pettit CTO and IS Manager Consistent Computer Bargains Inc.
I've heard it said that the proof of lunacy is when you repeat the same steps expecting different results. I say it's proof that you're a = Microsoft user. - comment by deshi777 on experts-exchange.com
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
******HEADER SECTION**********
Content-Type: multipart/mixed; boundary="----------=_42715022.7617461C"
Date: Thu, 28 Apr 2005 17:05:51 -0500 [05:05:51 PM CDT]
From: [EMAIL PROTECTED]
MIME-Version: 1.0
Message-Id: <[EMAIL PROTECTED]>
Received: from localhost by jedi.homenet.tzo.com with SpamAssassin (version
3.0.2); Thu, 28 Apr 2005 16:05:38 -0500
Subject: *****SPAM***** Congratulations
To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on
jedi.homenet.tzo.com
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=112.6 required=3.5 tests=BAYES_95,DCC_CHECK,
DIGEST_MULTIPLE,DNS_FROM_AHBL_RHSBL,HELO_DYNAMIC_IPADDR2,
HELO_DYNAMIC_SPLIT_IP,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_BY_IP,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,URI_REDIRECTOR,USER_IN_BLACKLIST
autolearn=no version=3.0.2
******END OF HEADER SECTION***********
******BODY SECTION***********
Spam detection software, running on the system "jedi.homenet.tzo.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
[EMAIL PROTECTED] for details.
Content preview: Hello [EMAIL PROTECTED], We tried to contact you
earlier about flnanclng your home at a lower rate. I would like to let
you know that we have gone ahead and started the preapproval process,
Here are the results: [...]
Content analysis details: (112.6 points, 3.5 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.8 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split IP)
3.5 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr 2)
0.1 RCVD_BY_IP Received by mail server with no name
100 USER_IN_BLACKLIST From: address is in the user's black-list
0.0 URI_REDIRECTOR Message has HTTP redirector URI
2.1 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
[score: 0.9839]
0.1 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
[cf: 100]
1.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[84.102.227.154 listed in dnsbl.sorbs.net]
0.3 DNS_FROM_AHBL_RHSBL RBL: From: sender listed in dnsbl.ahbl.org
0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[84.102.227.154 listed in combined.njabl.org]
0.1 DIGEST_MULTIPLE Message hits more than one network digest check
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
******END OF BODY SECTION***********
