Am 27.09.2016 um 11:29 schrieb Antony Stone:
I added the following rule to /etc/mail/spamassassin/local.cf
header RELAYCOUNTRY_BAD X-Relay-Countries !~ /(DE|AT|CH|NL)/
describe RELAYCOUNTRY_BAD Relayed through black countries
score RELAYCOUNTRY_BAD 5.0
If not DE, AT, CH, NL add 5 points.
That's a lot.
Really? Spam level is 6.31, but good mails by legitimate senders mostly
dont have any other spam property. Theses mails from other countries
will be delivered then.
Today I saw a mail from facebook.com (US) with a score of 8.6 rejected
as spam. So without my bad country rule it sends mail with spam
properties to get a score of 3.6. Why is facebook using spam properties? :)
Where's the actual SA processing happening, though? Is it possible the plugin
may be responding to the 127.0.0.1 or 192.168.178.156 addresses (which
certainly aren't DE, AT, CH or NL)?
Seems to be the problem.
Where in that network sequence is SA being called - ie: what are the headers
on the email at the time SA sees it?
Here is the mail header
----------------
Return-Path: <tba...@txbweb.de>
X-Original-To: tba...@txbweb.de
Delivered-To: tba...@txbweb.de
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.txbweb.de (Postfix) with ESMTP id B361E2DC3AD
for <tba...@txbweb.de>; Tue, 27 Sep 2016 10:51:52 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail.txbweb.de
Received: from mail.txbweb.de ([127.0.0.1])
by localhost (mail.txbweb.de [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hOuPuMcZFqmE for <tba...@txbweb.de>;
Tue, 27 Sep 2016 10:51:51 +0200 (CEST)
Received: from [192.168.178.156]
(dslb-092-072-043-207.092.072.pools.vodafone-ip.de [92.72.43.207])
by mail.txbweb.de (Postfix) with ESMTPSA
for <tba...@txbweb.de>; Tue, 27 Sep 2016 10:51:51 +0200 (CEST)
To: Thomas Barth <tba...@txbweb.de>
From: Thomas Barth <tba...@txbweb.de>
Subject: eigentest
Message-ID: <1e6cf571-8cd1-5081-2e5b-2159b91fd...@txbweb.de>
Date: Tue, 27 Sep 2016 10:51:43 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101
Thunderbird/45.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
test
----------------
This rule should make it easier
header RELAYCOUNTRY_BAD X-Relay-Countries !~ /(DE|AT|CH|NL)/
Before I wrote
header RELAYCOUNTRY_BAD X-Relay-Countries =~ /(CN|VN|BH|CO|RU|UA|IN|BR|JP)/
https://www.spamhaus.org/statistics/countries/
Ok, then I have to use a long country list again.
Yesterday I got a virus mail relayed through mexico, one hour later, the
mailsystem was able to recognize the same virus, because there was a
virus signature update in the meantime. When the mail was going through
the wall the spam score was just 5.661. Mexico still wasnt in the bad
country list. If it were in the list, the mail would ve been rejected as
spam. That was the reason why I tried the shorter list.
