Figured I would forward this to the list since it's meant to be there
and everyone seems to want to email me directly this week.
-------- Original Message --------
Subject: Mails not being scanned / filtered by SA server
Date: Fri, 25 Sep 2009 18:50:24 +0530
From: Atul Paralikar <a...@etisbew.com>
Reply-To: <a...@etisbew.com>
Organization: Etisbew Technology Group
To: <qmailtoaster-list-subscr...@qmailtoaster.com>
CC: 'Jake Vickers' <j...@qmailtoaster.com>
Hi,
I have setup a SA (Spamassissin) server for scanning non-locally hosted
domain. The server is able to accept mails and filter them but unable to
scan them for viruses or arrest the spam. The reason why I say is, when
I check in the Qmail Stats page, SPAMD & CLAMD are showing "ZERO" activity.
It will be great if anyone can guide me in checking how to enable SPAMD
& CLAMD checking for the emails being forwarded? Are there any other
utilities which can help check the working of SPAMD & CLAMD.
For your information, my SIMCONTROL file output is below where I see
both of them are enabled:
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
etisbew.com:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
When I checked out the email header of the spam emails received by me,
they appear as below. Here *mail.providio.com* is my main server and
*mail.etisbew.com* is SA server.
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on mail.providio.com
X-Spam-Level: **********
X-Spam-Status: Yes, score=11.0 required=4.0 tests=BAYES_50,HTML_MESSAGE,
MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_WEB,
RCVD_IN_XBL,URIBL_JP_SURBL,URIBL_WS_SURBL autolearn=spam
version=3.2.4
X-Spam-Report:
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see
<http://www.spamcop.net/bl.shtml?189.60.108.67>]
* 0.9 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [189.60.108.67 listed in zen.spamhaus.org]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* 0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable
web server
* [189.60.108.67 listed in dnsbl.sorbs.net]
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
* [URIs: dwusipaf.cn]
* 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL
blocklist
* [URIs: dwusipaf.cn]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5002]
* 1.5 MIME_HTML_ONLY BODY: Message only has text/html MIME
parts
Received: (qmail 25096 invoked from network); 18 Sep 2009 08:20:43 -0500
Received: from bd3c6c43.virtua.com.br (HELO ?189.60.108.67?) (189.60.108.67)
by mail.etisbew.com with SMTP; 18 Sep 2009 08:20:42 -0500
Received-SPF: pass (mail.etisbew.com: SPF record at etisbew.com
designates 189.60.108.67 as permitted sender)
From: "Marketta Icjifu" <a...@etisbew.com>
To: a...@etisbew.com
Mime-Version: 1.0
Date: Fri, 18 Sep 2009 10:20:49 -0300
Reply-To: "Marketta Fjga" <j...@etisbew.com>
Subject: *****SPAM***** Did you follow client?
Message-ID: <2060kq.558468e3.097679275426qdwmetjgpphjrbk...@casa>
Content-type: text/html; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Spam-Prev-Subject: Did you follow client?
Regards,
Atul
-------------------------------------------------------------------------------------------------
Your mails are being scanned and scored. It's even marking them as spam.
I am not sure if the qmailmrtg will reflect non-hosted domains, but
regardless I think that you are disillusioned that it is not working
because it sent this message through. You need to define at what score a
message is deleted in your simcontrol file. By default it does not
delete a message until it reaches a score of 12, and you can see this
message scored 11. It gets marked at 4, which is not to be confused with
the setting in simscan.