On 15/06/2011 11:13 PM, User for SpamAssassin Mail List wrote:
Lawrence,
Thanks for the responce. I know Spam Assassin doesn't stop it we use a
spamassassin milter for sendmail to reject it. (We been doing this for
years....). Anyway here is a log on a email that was rejected:
Jun 15 06:27:33 mail spamd[981]: spamd: identified spam (22.2/6.0) for
spamass-milter:111 in 2.1 seconds, 5378 bytes.
Jun 15 06:27:33 mail spamd[981]: spamd: result: Y 22 -
AWL,BAYES_99,HTML_IMAGE_ONLY_12,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,SARE
_SPEC_ROLEX,SARE_SPOOF_COM2COM,SARE_SPOOF_COM2OTH,SPOOF_COM2COM,SPOOF_COM2OTH,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_
RHS_DOB,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
scantime=2.1,size=5378,user=spamass-milter,uid=111,required_score=6.0,rhost=
localhost,raddr=127.0.0.1,rport=42127,mid=<20110615185711.2964.qmail@vsp-6214cbe9e6d>,bayes=1.000000,autolearn=spam
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251: Milter: data,
reject=550 5.7.1 Blocked by SpamAssassin
Jun 15 06:27:33 mail sm-mta[1251]: p5FDRUgF001251: to=<u...@pcez.com>,
delay=00:00:02, pri=35237, stat=Blocked by SpamAssassin
The reason we did not block this at the MTA level is we do not know if
OTHER users might want email from this email address.
Anyway I'm still looking for a clue why one is blocked and the other
is not.
Thanks,
Ken
On Wed, 15 Jun 2011, Lawrence @ Rogers wrote:
On 15/06/2011 10:00 PM, User for SpamAssassin Mail List wrote:
Hello,
I have something I cannot explain. We blacklisted an email address
for a client but Spam assassin still let it through. Here are the logs:
Jun 15 08:08:10 mail spamd[20901]: spamd: identified spam
(104.0/6.0) for client:2130 in 0.2 seconds, 1729 bytes.
Jun 15 08:08:10 mail spamd[20901]: spamd: result: Y 103 -
BAYES_50,HTML_MESSAGE,MISSING_SUBJECT,SPF_PASS,TVD_SPAC
E_RATIO,USER_IN_BLACKLIST
scantime=0.2,size=1729,user=client,uid=2130,required_score=6.0,rhost=localhost,raddr=127.
0.0.1,rport=55987,mid=<snt117-w309552c1e79d42eb67a294ad...@phx.gbl>,bayes=0.479706,autolearn=no
Jun 15 08:08:10 mail sm-mta[21077]: p5FF86ld021067:
to=<cli...@pcez.com>, delay=00:00:03, xdelay=00:00:02, mailer=local,
pri=31672, dsn=2.0.0, stat=Sent
As you can see the use is in the black list but yet the mail was
delivered. I checked other email that was over a score of "9" and
the mail was rejected, but for some reason or another this was not.
Anyone have an idea why this making it through?
Thanks,
Ken
SpamAssassin merely assigns scores and doesn't do any rejections on
it's own. That is handled by whatever is calling SpamAssassin and
using the score that the e-mail is assigned. This could be something
like MailScanner, Amavis, or some other third party software.
Also, it would be better to blacklist an e-mail address at the MTA
level (ex: Exim, Postfix)
Regards,
Lawrence
Although you shouldn't be using SARE rules anymore (No longer developed
and reportedly hit many FPs), this e-mail would be blocked by a 9.0
limit. That would indicate that your setup is working, at least sometimes.
The first set of headers you posted were as follows
Jun 15 08:08:10 mail spamd[20901]: spamd: result: Y 103 -
BAYES_50,HTML_MESSAGE,MISSING_SUBJECT,SPF_PASS,TVD_SPAC
E_RATIO,USER_IN_BLACKLIST
scantime=0.2,size=1729,user=client,uid=2130,required_score=6.0,rhost=localhost,raddr=127.
0.0.1,rport=55987,mid=<snt117-w309552c1e79d42eb67a294ad...@phx.gbl>,bayes=0.479706,autolearn=no
BAYES_50 is 0.8
HTML_MESSAGE is 0.001
MISSING_SUBJECT is 0.001
SPF_PASS is -0.001
TVD_SPACE_RATIO is 0.001
USER_IN_BLACKLIST is 100.00
I got this from
http://spamassassin.apache.org/tests_3_3_x.html (except MISSING_SUBJECT
and TVD_SPACE_RATIO, which are not listed but are present in the current
3.3 rules available via sa-update)
So the overall score should have been 100.802
What was the score shown as being returned by SA?
Regards,
Lawrence
