FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm receiving lots of spam on my GoDaddy RH Fedora Core 6 server. One of my users sent this to me. In looking at the header it appears that this spammer (from Russia) has been "whitelisted". How?
Does anyone know anything about this?
X-Spam-Status: No, score=-81.5 required=3.1 tests=BAYES_40,DRUGS_ERECTILE,
DRUG_ED_CAPS,HTML_90_100,HTML_IMAGE_ONLY_12,HTML_MESSAGE,
HTML_SHORT_LINK_IMG_1,MIME_HTML_ONLY,NO_REAL_NAME,URIBL_AB_SURBL,
URIBL_JP_SURBL,URIBL_SC_SURBL,USERPASS,USER_IN_WHITELIST autolearn=no
USER_IN_WHITELIST is a Spamassassin rule that applies a negative score to a message (hence here you have -81.5). From memory it's -90 but with the other rules this mail hit on, it's dropped. If the user was not in the whitelist it would have scored 9.5. Given you have a required level of 3.1, that would have hit as spam.
Without seeing the full headers and Spamassassin config (which I would *not* post for disclosure reasons) help is going to be limited to telling you to check your Spamassassin(SA) config. Check all the addresses in the header (Return Path/From/To/Last external 'Received From IP') against entries in:
1. any of the .cf files starting with the word 'whitelist'
2. check local.cf (or any .cf files) looking for 'whitelist_<BLAH>' entries matching the 4 headers above.
3. You may want to additionally check local.cf and see if 'use_auto_whitelist' is set to off (0) or on (1). This is normally tied to a separate issue, but I've mentioned it FYI.
The issue of whitelisting in Spamassassin is sometimes not as obvious as it could be. This is almost certainly a whitelist rule you have added yourself and I suspect it could be for your own domain. I also suspect the headers have been trivially forged in your spam mails so that the return path carries your own domain or user which happens to match a 'whitelist_from' entry in one of your .cf files.If it becomes a real PITA whilst you troubleshoot it, you can always add this line to your local.cf
Quote:
score USER_IN_WHITELIST 0
which will disable the feature period. I don't recommend this approach as it's better to fix the whitelist issues.
In addition, if you have root access to your server (which I doubt, but you may have a dedicated or VPS) I would set the MTA up to knock out the obvious trash before it even gets passed to Spamassassin. In the example above it probably would not help as I don't see it catching on anything in the network ruleset other than a blocklisted URI in the body (on three blocklists from what I can see there).
USER_IN_WHITELIST is a Spamassassin rule that applies a negative score to a message (hence here you have -81.5). From memory it's -90 but with the other rules this mail hit on, it's dropped. If the user was not in the whitelist it would have scored 9.5. Given you have a required level of 3.1, that would have hit as spam.
Without seeing the full headers and Spamassassin config (which I would *not* post for disclosure reasons) help is going to be limited to telling you to check your Spamassassin(SA) config. Check all the addresses in the header (Return Path/From/To/Last external 'Received From IP') against entries in:
1. any of the .cf files starting with the word 'whitelist'
2. check local.cf (or any .cf files) looking for 'whitelist_<BLAH>' entries matching the 4 headers above.
3. You may want to additionally check local.cf and see if 'use_auto_whitelist' is set to off (0) or on (1). This is normally tied to a separate issue, but I've mentioned it FYI.
The issue of whitelisting in Spamassassin is sometimes not as obvious as it could be. This is almost certainly a whitelist rule you have added yourself and I suspect it could be for your own domain. I also suspect the headers have been trivially forged in your spam mails so that the return path carries your own domain or user which happens to match a 'whitelist_from' entry in one of your .cf files.If it becomes a real PITA whilst you troubleshoot it, you can always add this line to your local.cf
which will disable the feature period. I don't recommend this approach as it's better to fix the whitelist issues.
In addition, if you have root access to your server (which I doubt, but you may have a dedicated or VPS) I would set the MTA up to knock out the obvious trash before it even gets passed to Spamassassin. In the example above it probably would not help as I don't see it catching on anything in the network ruleset other than a blocklisted URI in the body (on three blocklists from what I can see there).
HTH
Many thanks for the info. I am following it and checking now. I found a whitelist for several local email addresses in the "local.cf" file which purports to update Spamassassin. I removed the email entries preceeded by "whitelist"q.
After changing the "local.cf" file, do I need to do some sort of update to get local.cf to update spamassassin?
Incidentally, I do have root access as I'm using a VPS.
Once you make any changes to Spamassassin, restart it. Without knowing which bread of OS you have on your VPS I can't tell you how to do that but it could be as simple as;
Once you make any changes to Spamassassin, restart it. Without knowing which bread of OS you have on your VPS I can't tell you how to do that but it could be as simple as;
HTH
I'm on GoDaddy with a RedHat Fedora Core 6 server. I know its older than dirt but I am going to change soon. I eliminated the whitelist entries that referred back to email addresses on this server. We'll see if that has any effect. In the meantime, I received the following error message from a user in NC this morning:
Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'jscrxxxxer@asienxxxxs.com' <mailto:'jscribner@asienterprises.com'> , Server: 'mail.asienxxxxs.com', Protocol: SMTP, Port: 587, Secure(SSL): Yes, Error Number: 0x800CCC0F
No other user has made any mention of an error. Do you think this might be related?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.