Eric Shubert wrote:
Kisakye ALex wrote:
Eric Shubert wrote:
Kisakye ALex wrote:
Hello,
Am getting alot of spam mail these days into my toaster am running
spamdyke at the front and yes spam assassin is on. Funny that a couple
of weeks ago spam had tremendously gone down when I implemented
spamdyke. On some of the messages that are tagged spam, the actual email
is blank?? is spam assassin wiping out the content??
Any help is welcome...
thanks
ALex
Kinda hard to tell much from what you've said so far.
What distro/toaster versions ?
Contents of:
/etc/spamdyke/spamdyke.conf ?
/etc/mail/spamassassin/local.cf ?
/var/qmail/control/simcontrol ?
Sample of spam log ?
Anything else you'd like to share which might provide a hint, like the
contents of the headers of one of the blank spams?
Thanks Eric, sorry for the shallow info
Am running CentOS 4 toaster version is
--
#rpm -qa | grep toaster
libdomainkeys-toaster-0.68-1.3.3
courier-authlib-toaster-0.59.2-1.3.6
ezmlm-toaster-0.53.324-1.3.3
maildrop-toaster-2.0.3-1.3.5
squirrelmail-toaster-1.4.13-1.3.9
simscan-toaster-1.3.1-1.3.6
daemontools-toaster-0.76-1.3.3
vpopmail-toaster-5.4.17-1.3.4
libsrs2-toaster-1.0.18-1.3.3
qmail-pop3d-toaster-1.03-1.3.15
courier-imap-toaster-4.1.2-1.3.7
control-panel-toaster-0.5-1.3.4
ezmlm-cgi-toaster-0.53.324-1.3.3
qmailmrtg-toaster-4.2-1.3.3
maildrop-toaster-devel-2.0.3-1.3.5
vqadmin-toaster-2.3.4-1.3.3
spamassassin-toaster-3.2.4-1.3.13
ripmime-toaster-1.4.0.6-1.3.3
qmailtoaster-plus.repo-0.1-1
ucspi-tcp-toaster-0.88-1.3.5
qmail-toaster-1.03-1.3.15
autorespond-toaster-2.0.4-1.3.3
qmailadmin-toaster-1.2.11-1.3.4
isoqlog-toaster-2.1-1.3.4
clamav-toaster-0.93-1.3.18
qmailtoaster-plus-0.3.0-1.4.4
--
spamdyke.conf
--
#check-dnsrbl=zombie.dnsbl.sorbs.net
#check-dnsrbl=dul.dnsbl.sorbs.net
#check-dnsrbl=bogons.cymru.com
check-dnsrbl=zen.spamhaus.org
check-dnsrbl=bl.spamcop.net
check-dnsrbl=list.dsbl.org
graylist-dir=/var/spamdyke/graylist
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
local-domains-file=/var/qmail/control/rcpthosts
log-level=2
log-target=0
max-recipients=5
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
----
contents of
/etc/mail/spamassassin/local.cf
ok_locales all
skip_rbl_checks 1
required_score 5
report_safe 0
rewrite_header Subject ***SPAM***
use_pyzor 1
use_auto_whitelist 1
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
--
contents of /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
---
And this is a header from one of the emails
From: - Tue Jun 10 13:53:15 2008
X-Account-Key: account2
X-UIDL: 1213094543.26404.abram.domain.com,S=1345
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 26402 invoked by uid 89); 10 Jun 2008 10:42:23 -0000
Received: by simscan 1.3.1 ppid: 26302, pid: 26343, t: 60.5942s
scanners: attach: 1.3.1 clamav: 0.93
/m: 46/d:7046 spam: 3.2.4
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
abram.domain.com
X-Spam-Level: ********
X-Spam-Status: Yes, score=9.0 required=5.0
tests=EMPTY_MESSAGE,MISSING_DATE,
MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE,
TVD_SPACE_RATIO autolearn=no version=3.2.4
X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 0.0
MISSING_DATE Missing Date: header * 2.5 MISSING_HB_SEP Missing blank
line between message header and body * 1.6 MISSING_HEADERS Missing To:
header * 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO * 1.3 MISSING_SUBJECT
Missing Subject: header * 0.6 EMPTY_MESSAGE Message appears to have no
textual parts and no * Subject: text * 0.1 RDNS_NONE Delivered to
trusted network by a host with no rDNS
Received: from unknown (HELO ole.kenic.or.ke) (198.32.67.19) by
abram.domain.com with SMTP; 10 Jun 2008 10:41:22 -0000
Received-SPF: none (abram.domain.com: domain at my.co.ke does not
designate permitted sender hosts)
Subject: ***SPAM***
X-Spam-Prev-Subject: (nonexistent)
thanks
ALex
ALex,
I don't see any glaring problem. In local.cf I'd use
skip_rbl_checks 0
but that's not a big thing.
Can you find and post the smtp log messages that correspond to this message?
If the smtp log for this message appears normal, I think I'd try using
full-log-dir=/var/log/spamdyke
in spamdyke.conf for a while and see if you can capture the whole smtp
session for one of these. Be sure you have plenty of disk space at the
specified location, because it'll log a ton of stuff. ;) Much easier to use
though than recordio, as each message is logged in a separate file.
Eric, Below are some of the smtp logs for the messages... I can see
TIMEOUT in them but from looking at the rest of the smtp log file I can
see other messages that TIMED out but still made it... for me it seems
that this is happening only for this my.co.ke domain but there other
users on this toaster with the same issue from other domains...
@40000000484feb090b2bdef4 TIMEOUT from: [EMAIL PROTECTED] to:
[EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke
auth: (unknown) reason: (unknown)
@40000000484feb09117ce7e4 simscan:[3130]:CLEAN
(9.00/12.00):61.0956s:***SPAM***
:198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
--Another One
@40000000484fd73c1d34e7e4 TIMEOUT from: [EMAIL PROTECTED] to:
[EMAIL PROTECTED] origin_ip: 198.32.67.19 origin_rdns: ole.kenic.or.ke
auth: (unknown) reason: (unknown)
@40000000484fd73c23a04704 simscan:[30585]:CLEAN
(9.00/12.00):61.0979s:***SPAM***
:198.32.67.19:[EMAIL PROTECTED]:[EMAIL PROTECTED]:
thanks
ALex
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
