Spam detection software, running on the system "mail.covisp.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
ad...@covisp.net for details.
Content preview: On 26 Nov 2018, at 08:21, Bill Cole
<sausers-20150...@billmail.scconsult.com>
wrote: > On 26 Nov 2018, at 9:17, @lbutlr wrote: > > [...] >> I have
spamass-milter
setup and running, and it is tagging m [...]
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[73.14.161.160 listed in zen.spamhaus.org]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[73.14.161.160 listed in dnsbl.sorbs.net]
1.5 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 HELO_MISC_IP Looking for more Dynamic IP Relays
1.9 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
BAYES_HT 0.000-+--H*Ad:U*users, 0.000-+--UD:conf,
0.000-+--H*Ad:D*apache.org, 0.000-+--HTo:D*spamassassin.apache.org,
0.000-+--H*Ad:D*spamassassin.apache.org, 0.000-+--spamassassin,
0.000-+--H*r:10.0.0, 0.000-+--HTo:U*users, 0.000-+--HTo:D*apache.org,
0.000-+--D*billmail.scconsult.com, 0.000-+--D*scconsult.com,
0.000-+--H*UA:2.3445.102.3, 0.000-+--H*x:2.3445.102.3, 0.001-7--postconf,
0.001-7--i, 0.001-4--H*F:D*kreme.com, 0.001-4--H*m:kreme,
0.001-4--H*F:U*kremels, 0.001-4--spamc, 0.001-3--sendmail,
0.002-3--HX-Random-Signature:signatures,
0.002-3--HX-Random-Signature:sk:www.key, 0.002-3--HX-Random-Signature:Maestro,
0.002-3--HX-Random-Signature:random, 0.002-3--HX-Random-Signature:https,
0.002-3--HX-Random-Signature:Broke, 0.002-3--HX-Random-Signature:sigs,
0.002-3--HX-Random-Signature:access, 0.002-3--HX-Random-Signature:Apple,
0.002-3--HX-Random-Signature:Keyboard, 0.002-3--HX-Random-Signature:powered,
0.002-3--HX-Random-Signature:Applescrip, 0.002-3--HX-Random-Signature:Pro, 0.002
-2--retrieve, 0.002-2--milter, 0.002-+--H*UA:Apple, 0.002-+--H*x:Apple,
0.003-2--sk:milter_, 0.004-+--bugzilla, 0.004-2--UD:rc.conf,
0.004-2--sausers-20150...@billmail.scconsult.com, 0.004-2--spamass-milter,
0.004-2--spamassmilter, 0.004-2--sausers20150205billmailscconsultcom,
0.004-2--sk:sausers, 0.004-2--U*sausers-20150205, 0.004-2--rc.conf,
0.004-2--rcconf, 0.004-2--u8:ï¸, 0.005-+--HTo:D*org
BAYES_ST 0.993-1--gods, 0.993-1--They're, 0.921-+--H*r:sk:kremels
--- Begin Message ---
On 26 Nov 2018, at 08:21, Bill Cole <sausers-20150...@billmail.scconsult.com>
wrote:
> On 26 Nov 2018, at 9:17, @lbutlr wrote:
>
> [...]
>> I have spamass-milter setup and running, and it is tagging mail, but I am
>> seeing various readme and setup guides that set various things in
>> rc.conf:spamass_milter_localflags. Trouble is, these settings seem to vary
>> wildly.
>
> Yes, local details of mail systems do in fact vary wildly. :)
Fair enough, but the various settings I have seen are not even related/similar.
And it’s working without anything set.
>> Spamd does run as the spamd user, but despite the milter having no flags set
>> currently and running as root, it is successfully tagging spam.
>
> There is a spamass-milter man page that may help.
Ah yes, that does help.
> Unlike some other milters that use SA (e.g. MIMEDefang, Amavis)
> spamass-milter actually runs spamc and so it can use all of the features of
> spamc by simply putting the arguments you would otherwise give spamc in the
> spamass_milter_localflags after '--' and any spamass-milter args.
So it seems it is picking up the current config without issue.
>> Oh, and I do get this when the miller starts:
>>
>> spamass-milter[27557]: Could not retrieve sendmail macro "i"!. Please add
>> it to confMILTER_MACROS_ENVFROM for better spamassassin results
>>
>> (I am not using sendmail, other than postfix’s sendmail replacement)
>
> See the documentation of the milter_*_macros in 'man 5 postconf' and
> MILTER_README
From postconf -d
milter_data_macros = i
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
{mail_host} {mail_mailer}
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
An i is supposed to return the queue ID. Why this confuses/upsets
spamass-milter is not clear, nor which of these might be the issue. I did find
at least two mentions via google that said this message can be ignored and some
bugzilla entries that didn’t show any useful information and marked the bug as
closed more than two years ago. 🤷🏼♀️
--
'They're the cream!' Rincewind sighed. 'Cohen, they're the cheese.’
--
'The gods,' he said. 'Imprisoned in a thought. And perhaps they were
never more than a dream.' —Sourcery
--- End Message ---
