LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Spamassassin Behaviour Question (https://www.linuxquestions.org/questions/linux-newbie-8/spamassassin-behaviour-question-454486/)

jonwatson 06-13-2006 04:53 PM

Spamassassin Behaviour Question
 
Hi All,

I've read all the SA stuff I can find, but for some reason I can't seem to find an answer to my question.

I'm wondering what SA's behaviour is supposed to be when it detects spam. For example, in this log entry:

Quote:

Jun 13 17:44:28 jonzdev spamd[1287]: connection from localhost [127.0.0.1] at port 47361
Jun 13 17:44:28 jonzdev spamd[1287]: checking message <KVITCSAECWQZFNQGFMUTB@charter.net> for (unknown):33.
Jun 13 17:44:29 jonzdev citadel: -1: from=<acc-overview@paypal.com>, nrcpts=1, relay=206-251-72-194.host.webnx.com [206.251.72.194], stat=550 5.7.1 Message rejected by SpamAssassin^M
Jun 13 17:44:29 jonzdev spamd[1287]: identified spam (8.9/5.3) for (unknown):33 in 0.8 seconds, 11173 bytes.
Jun 13 17:44:29 jonzdev spamd[1287]: result: Y 8 - FORGED_MUA_AOL_FROM,FORGED_RCVD_HELO,HTML_FONT_BIG,HTML_MESSAGE,HTML_TITLE_UNTITLED,MISSING_MIMEOLE, MPART_ALT_DIFF,MSGID_FROM_MTA_HEADER,MSGID_SPAM_CAPS,RCVD_NUMERIC_HELO,WEIRD_PORT,X_MSMAIL_PRIORITY_ HIGH,X_PRIORITY_HIGH scantime=0.8,size=11173,mid=<KVITCSAECWQZFNQGFMUTB@charter.net>,autolearn=no
I would prefer that SA didn't "reject" the email. I want all of them at this point so I can filter them our on the client end.

Filtering on the client-side, however, requires X-Spam headers which is my second problem. I cannot seem to get SA to write the X-Spam headers. Ideally, I just want the X-Spam-Score and X-Spam-Flag headers written so I can filter on them. However, at the moment SA is rejecting everything that it figures is spam (as seen in the log snippet above) and isn't writing any X-Spam headers on the stuff it's letting through.

In short, I'd like to do two things:

1. Make SA stop rejecting messages that are over the required_score, and
2. Write X-Spam-Score and X-Spam-Flags headers on every message.

Here's my local.cf. My user_prefs is completely commented out.


Quote:

# How many hits before a message is considered spam.
required_score 5.0

# Change the subject of suspected spam
rewrite_header Subject [SPAM]

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
bayes_auto_learn 1

# Enable or disable network checks
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languages all

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales all

#Write the spam headers
add_header all Score _SCORE_
add_header all Flags _YESNO_
Any help would be much appreciated. I know that what I want is rather rudimentary and I should be able to dig it out myself, but I just can't seem to understand the behaviour...

Thanks!

bigrigdriver 06-13-2006 05:38 PM

You will have to do some research via www.google.com/linux in re spamassassin and procmail. Spamassassin can flag mail as SPAM. The spamaassassin rules can determine what to do with mail (whitelisted, blacklisted, etc) in so far as flagging the mail for acceptance or rejection.

Then procmail enters the picture. Procmail may be setup to work with spamassassin to accept/reject mail, or sort it, and send spam to a folder for later review.

Add the complexity of email antivirus scanning to work with procmail and spamassassin.

Google on the search words 'spamassassin rules' and 'procmail'. There is a wealth of information.

jonwatson 06-13-2006 05:47 PM

Quote:

Originally Posted by bigrigdriver
You will have to do some research via www.google.com/linux in re spamassassin and procmail. Spamassassin can flag mail as SPAM. The spamaassassin rules can determine what to do with mail (whitelisted, blacklisted, etc) in so far as flagging the mail for acceptance or rejection.

Then procmail enters the picture. Procmail may be setup to work with spamassassin to accept/reject mail, or sort it, and send spam to a folder for later review.

Add the complexity of email antivirus scanning to work with procmail and spamassassin.

Google on the search words 'spamassassin rules' and 'procmail'. There is a wealth of information.

Ahh...the missing link. OK, thanks for the info. Off I go.

jonwatson 06-14-2006 01:48 PM

OK, well, that was a total bust. I'm as clueless as I was when I started this research.

My biggest problem right now is that SA is NOT rewriting my subject line when it encounters spam. I have the rewrite_subject lines in tmy local.cf and I kow SA is readingmy local.cf, even the mail.log shows Sa identifiying messages as Spam - it just doesn't write anything to it - no x-spam headers, no subject rewrite, nothing....

Arrrgggh


All times are GMT -5. The time now is 06:03 AM.