On Thu, 22 Oct 2009, Angus Dunn wrote:
I have enabled spamassassin on my mail server. Spamassassin is correctly
tagging most of the email but some of the emails are not.
The correctly tagged emails has the following in the email headers:
Received: from inspiron1505 (titanium [127.0.0.1])
by titanium.3idea.com (8.13.8/8.13.8) with ESMTP id n9N031fU015203
for <[email protected]>; Thu, 22 Oct 2009 17:03:01 -0700
The emails that has not been tagged at all:
Received: from inspiron1505 (titanium [127.0.0.1])
by titanium.3idea.com (8.13.8/8.13.8) with ESMTP id n9MNutNS014287
for <[email protected]>; Thu, 22 Oct 2009 16:56:55 -0700
I have confirmed that spamassassin is running all the time. It seems like
all emails with attachment are passing straight through and not evaluate by
spamassassin.
How is SA glued into your MTA? What rules, if any, are implemented to
control when a message gets passed to SA for scanning?
The IP of the spam email is from a blacklisted mail server.
Oh? You can't tell that from the examples you posted. Both examples only
have _one_ Received: header, shoing that the message originates at
localhost.
I am using the following:
Spamassassin 3.2.5
Sendmail 8.13.8-2
Centos 5.1
If there is additional info i need to provide, please let me know.
(1) How SA is attached to Sendmail. Via procmail? Via a milter? Via some
other package?
(2) Does the message skipping appear to be related to message size -
larger message are skipped? Is spamc in use? If so, do you have a size
limit set that would cause a message with a large attachment would be
skipped?
(3) Provide full, unedited (i.e. all headers intact) samples of a spam
message that did not get scanned and one that did get scanned and scored,
posted to a website (e.g. pastebin) and the URLs to them posted here.
Please don't send samples to the mailing list.
Something you could check:
Find where spamassassin writes its logs. It will probably be
/var/log/maillog.
Look for the message-ID of a message that was properly marked up. You
should find it.
Look for the message-ID of a message that was not marked up at all. Do you
find it?
If you don't find it then it's likely your glue layer is deciding not to
ask SA to scan the message, thus the problem does not lie in SA.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
One death is a tragedy; thirty is a media sensation;
a million is a statistic. -- Joseph Stalin, modernized
-----------------------------------------------------------------------
14 days since President Obama won the Nobel "Not George W. Bush" prize
