Jari Fredriksson wrote:
>
>
>
> 23.10.2009 20:04, MySQL Student kirjoitti:
>> Hi,
>>
>>> SpamAssassin DOES NOT bypass scanning, if the internal or trusted
>>> networks contain the server in it.
>>
>> Hmm.. thanks for correcting me.
>>
>> How would you, then, go about preventing SA from scanning the
>> localhost or a specific domain without whitelisting that domain or
>> range?
>>
>> Thanks,
>> Alex
>>
>
> Personally, I do call SpamAssassin from maildrop (/etc/maildroprc).
>
> That takes place as
>
> ----------------------------------------------------------------------
>
> if ( $SCAN_SPAM == 1 )
> {
> xfilter "spamc -H --retry-sleep=10 --connect-retries=100 -d spamd
> -u spam"
> }
>
> ----------------------------------------------------------------------
>
> Than can be done from procmailrc etc. with their own ways.
>
> The SCAN_SPAM variable is a key in this. I can set it to 0 (default
> value for script 1) using various tests.
>
> I have various tests for that variable, that this is what whitelists the
> message from being passed to SpamAssassin.
>
> ----------------------------------------------------------------------
>
> if (( $SCAN_SPAM == 1) && /^From:\s*(.*)/ && lookup( $MATCH1,
> "/usr/etc/maildrop_sender_whitelist", "D" ))
> {
> xfilter "reformail -A'X-Whitelisted: $MATCH1 in
> /usr/etc/maildrop_sender_whitelist'"
> SCAN_SPAM=0
> }
>
> ----------------------------------------------------------------------
>
> In this case, I have a text file /usr/etc/maildrop_sender_whitelist
> which contains email addresses line by line, and if maildrop finds a
> match from there, it sets the SCAN_SPAM to 0, thus bypassing the SA call.
>
> This test if earlier in the maildroprc script, the spamc call is of
> course in the end.
>
> This kind of whitelisting is of course dangerous, but it it works for
> me. The whitelisted addresses are mostly of type
> [email protected] which are not abused by spammers (knock knock).
>
> You can do all kinds of tests with maildrop. I have also this.
>
> -----------------------------------------------------------------------
> # Check for bounces. If matches, no SpamAssassin call needed, because I
> do not consider bounce as spam.
> if ( /^Subject: Mail Delivery Problem/ || \
> /^Subject: Mail Delivery \(failure/ || \
> /^Subject: Undelivered Mail Returned to Sender/ || \
> /^Subject: virus found in sent message/ || \
> /^Subject: failure notice / || \
> /^Subject: Mail delivery failed/ || \
> /^Subject: Undeliverable\:/ || \
> /^Subject: Undeliverable [Mm]ail/ || \
> /^Subject: Undeliverable Mail/ || \
> /^Subject: Undeliverable mail/ || \
> /^Subject: Returned mail\: / || \
> /^Subject: DELIVERY FAILURE: User / || \
> /^Subject: Yahoo! Auto Response/ || \
> /^X-ME-bounce-domain:/ || \
> /^X-Failed-Recipients:/ || \
> /^X-Yahoo-Newman-Property: groups-bounce/ || \
> /^Diagnostic-Code: X-Postfix; host / || \
> /^Content-type: multipart\/report;/ || \
> /^Subject: Delivery failed\:/ || \
> /^Subject: DELIVERY FAILURE\:/ || \
> /^Subject: MESSAGE NOT DELIVERED\: / || \
> /^Subject: Delivery problem/ || \
> /^Subject: Email Failure Notification/ || \
> /^Subject: Email not allowed/ || \
> /^Subject: failure delivery/ || \
> /^Subject: failure notice/ || \
> /^Subject: Mail Not Delivered/ || \
> /^Subject: mail failed, returning to sender/ || \
> /^Subject: Nondeliverable mail/ || \
> /^Subject: Warning: could not send message for/ || \
> /^Subject: MDaemon Warning - Virus Found/ || \
> /^Subject: Permanent Delivery Failure/ || \
> /^Subject: Mail System Error - Returned Mail/ || \
> /^Subject: Mail System Error - Undeliverable Mail/ || \
> /^Subject: Transient Delivery Failure/ || \
> /^Subject: Message status - undeliverable/ || \
> /^Subject: Warning\: message / || \
> /^Subject: Mail could not be delivered/ || \
> /^Subject: Your email to .* has NOT been delivered/ || \
> /^Subject: Returned mail: see our site/ || \
> /^Subject: Delivery failure/ )
> {
> `logger -p mail.info "** BOUNCE RECEIVED **"`
> if (hasaddr("[email protected]"))
> {
> exit
> }
> xfilter "reformail -A'X-Whitelisted: Apparently a bounce,
> SpamAssassin will not be called.'"
> xfilter "reformail -A'X-Bounce: Yes '"
> SCAN_SPAM=0
> }
>
> -----------------------------------------------------------------------
>
> It does not scan for Spam Attachments if the mail is a bounce. Bounces
> will be delivered to another folder with a later rule.
>
> You have your ways, your have your tools.
>
> --
> http://www.iki.fi/jarif/
>
>
>
>
>
Hi All,
Thank you for the useful tips. I have tried the following:
1. trusted_networks/internal_networks - I checked the conf file for
spamassassin /etc/mail/spamassassin/local.cf, there is no reference to
trusted_networks or internal_networks. I also clear those two setting just
in case with the following settings:
clear_trusted_networks
clear_internal_networks
trusted_networks
internal_networks
But this does not help. The spam emails still did not get tag.
2. I am using procmailrc to invoke spamassassin.
Here is the /etc/procmailrc:
DROPPRIVS=yes
:0fw
* < 25600
| /usr/bin/spamc
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/dev/null
~
As someone suggested, this may be due to size of the email. It looks like
spamassassion will not be invoked if email is larger than 25600 bytes.
I changed the above to the following:
DROPPRIVS=yes
:0fw
* < 102400
| /usr/bin/spamc
:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/dev/null
That seems to fix the problem.
I also have a question:
Do i really need to check for the size of email? Should I just remove the
size check?
Thanks,
Angus
--
View this message in context:
http://www.nabble.com/Spamassassin-not-tagging-some-emails-tp26019435p26033969.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
