On 2025-06-04 at 09:04:58 UTC-0400 (Wed, 4 Jun 2025 09:04:58 -0400)
Robert Moskowitz <r...@htt-consult.com>
is rumored to have said:
It has been over 10 years since I last took the time to ask for help
here. Help! :)
I just replaced my over 10 year-old homegrown mail server with the
Mail-in-a-Box package and have a few open issues. One with
spamassasin.
I have a few internal servers sending logwatch reports. These are
getting flagged as spam;
MiaB is much better at recognizing spam than my outdated efforts.
It does not sound like that's true. It sounds to me like it is failing
to allow non-spam through, which is about an order of magnitude more
important than blocking spam.
At first they scored 8.4 for spam. Adding their Networks to the
Known Network list lowered this to 7.1. Still not good.
One MiaB expert suggested adding:
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit ALL_TRUSTED on
endif # Mail::SpamAssassin::Plugin::Shortcircuit
But this did not make any score improvements.
You should check for whether the Shortcircuit plugin is loaded. It is
NOT loaded by default. See /etc/mail/spamassassin/v320.pre
Here is what I am seeing in mail headers from one of the servers:
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
klovia.htt-consult.com
Obsolete version. The current version is 4.0.1
X-Spam-Flag: YES
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.1 required=5.0 tests=ALL_TRUSTED,BAYES_00,
DMARC_FAIL_QUARANTINE,SPF_FAIL autolearn=no autolearn_force=no
version=3.4.6
DMARC_FAIL_QUARANTINE is not part of the default ruleset.
X-Spam-Report:
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 5.0 DMARC_FAIL_QUARANTINE DMARC check failed (p=quarantine)
An entirely unjustifiable score. Whatever added that rule and have it an
absurd score needs to be disciplined...
* 5.0 SPF_FAIL SPF check failed
That's a standard rule, but as the above: an absurd score.
However, you can fix it by fixing your SPF record. Or by fixing
Shortcircuiting. Or removing unwise local rules and scores.
X-Spam-Score: 7.1
Authentication-Results: klovia.htt-consult.com; dmarc=fail
(p=quarantine dis=none) header.from=htt-consult.com
Authentication-Results: klovia.htt-consult.com; spf=fail
smtp.mailfrom=medon.htt-consult.com
Authentication-Results: klovia.htt-consult.com; dkim=none;
dkim-atps=neutral
Received: from medon.htt-consult.com (medon.htt-consult.com
[23.123.122.148])
What do you recommend I try, or look for to get this unspammed?
The current SPF record for klovia.htt-consult.com is "v=spf1 mx -all"
which is an assertion that the domain never generates any email.
Obviously that is false. Fix that and your SPF_FAIL will go away.
You should also consider removing DMARC_FAIL_QUARANTINE and any other
rules/scores from the same source.
The BEST approach for handling your own auto-generated mail is to simply
make sure it never gets seen by SpamAssassin. Consult with your vendor
for how to do that.
If you need any DNS info, I can forward that. MiaB is quite good at
setting a lot of DNS items, but I still need to finish up the DNSSEC
piece with my registrar.
Indeed: you really cannot expect receivers to bother with your SPF,
DKIM, and DMARC records if they are unsigned. Most sites will still
accept insecure DNS, but not all will and you can expect that stringency
to spread.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
