LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-20-2014, 05:47 PM   #1
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Rep: Reputation: Disabled
Postfix header_checks oddity


Hello there!

I'd highly appreciate it if anybody could advise on the following oddity I ran into with simple header_checks in Postfix.

When I type *****SPAM***** blablabla in my subject field and send it to myself it gets rejected OK. However, when spamassassin adds the same *****SPAM***** tag to my subject line it's not rejected and gets delivered right into my inbox.

subject_rewrite is set correctly because I see all these extra headers added by SA.

postmap - q returns no errors and matches my rules which are correct:

Code:
/^Subject:.**{5}SPAM*{5}/             REJECT No spammers allowed here.
/^Subject:.*\*\*\*\*\*SPAM\*\*\*\*\*/ REJECT No spammers allowed.
/^X-Spam-Flag: YES/                   REJECT No spamming here. 
/^Subject:(.*)SPAM/                   REJECT No spam.
I have no -o receive_override_options=no_unknown_recipient_checks, no_header_checks set anywhere.

I am totally clueless. It's just beyond me. When SA appends it to *****spam***** the email gets through as if postfix doesn't see the headers at all, but when I type the word *****spam***** into the subject line myself it works OK.

Would be really thankful for any pointers / suggestions / comments at all.
 
Old 09-21-2014, 04:10 PM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,278

Rep: Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553
If it gets through after spamassassin adds ***SPAM***, it's a mail delivery problem.

How do you deliver the mail to the user? That's where the error is. Spamassassin (spamc presumably) exits with a non zero number IIRC, when the mail is spam

Last edited by business_kid; 09-21-2014 at 05:52 PM.
 
Old 09-22-2014, 02:23 AM   #3
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
If it gets through after spamassassin adds ***SPAM***, it's a mail delivery problem.

How do you deliver the mail to the user? That's where the error is. Spamassassin (spamc presumably) exits with a non zero number IIRC, when the mail is spam
Hey! Thank you for responding and for your suggestion. Appreciate.

How come then that delivery works OK when I type the word spam into my subject line manually? The delivery doesn't work / has a problem only when Spamassassin tags it as spam.

The mail is delivered via dovecot-deliver through Postfix, Spamassassins is used as a filter and it is running daemonized that is spamd (daemon).

How do I check if Spamassassin really exits with a non zero number IIRC when the mail is spam? Many thanks!
 
Old 09-22-2014, 08:16 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,278

Rep: Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553
Spamassassin has or may need a setting for what to do with files marked spam.

I did all this 12 years back and set up procmail for local delivery. I was getting amounts of devious spam at the time, and relying on email addresses well known to spammers. I used procmail and ran through
1. Vipul's Razor - which caught about 50%
2. DCC - caught ~ managed 5-10% that wouldn't otherwise have been caught. Most spammers have random crap at the bottom of each message in an attempt to fool these checksum methods now.
3. Spamassassin with many extra rulesets; some rules caught nothing, and could be left out. Others caught loads.
Total caught was slightly over 100% - which didn't bother me as I would check the spam folder occasionally. The same setup I had would not work for me today, as my spam input has changed. For some reason the rule "designed by Microsoft Frontpage" was my most successful spam indicating rule.
 
Old 09-23-2014, 12:51 PM   #5
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
Spamassassin has or may need a setting for what to do with files marked spam.

I did all this 12 years back and set up procmail for local delivery. I was getting amounts of devious spam at the time, and relying on email addresses well known to spammers. I used procmail and ran through
1. Vipul's Razor - which caught about 50%
2. DCC - caught ~ managed 5-10% that wouldn't otherwise have been caught. Most spammers have random crap at the bottom of each message in an attempt to fool these checksum methods now.
3. Spamassassin with many extra rulesets; some rules caught nothing, and could be left out. Others caught loads.
Total caught was slightly over 100% - which didn't bother me as I would check the spam folder occasionally. The same setup I had would not work for me today, as my spam input has changed. For some reason the rule "designed by Microsoft Frontpage" was my most successful spam indicating rule.
Well, I use all these extra filters like DCC and Razor and they do a pretty good job in addition to everything else. It is working but only partially. I mean that most probably there is something wrong with Spamassassin. That is it was your suggestion that it exits at some point. My MTA works but I found something was wrong at some point. It is all in testing now. I wrote my own, browsed for and installed quite a few trap-scripts in hopes to catch my error.

Do you happen to know how do I check if Spamassassin really exits with a non zero number IIRC when the mail is spam? That's what you suggested and I am trying to focus on that as another option to check. Many thanks!

Last edited by Klaipedaville; 09-23-2014 at 12:53 PM.
 
Old 09-23-2014, 01:23 PM   #6
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,278

Rep: Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553
surely you can call it from a script( rename to spamc-bin and call your script spamc) and trap the value? or read the docs?
 
Old 09-23-2014, 02:27 PM   #7
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
surely you can call it from a script( rename to spamc-bin and call your script spamc) and trap the value? or read the docs?
No, no, that's not the point.

In fact, I have just finally spotted the issue! Whoopee! The problem is that Postfix does not see Spamassassin's headers. The headers are added OK but Postfix won't react at the ***SPAM*** or any other tags / headers that Spamassassin creates at all... Now have to give it some shelf time and to think it over, trying to come up with any solutions by reading the docs over again, etc. Unless someone advises where and how to begin to troubleshoot it. Any ideas anyone? Many thanks!
 
Old 09-24-2014, 04:07 AM   #8
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,278

Rep: Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553Reputation: 2553
I used
postifx --> procmail.
Procmail ran:
-->razor -->dcc-->spamassassin-->inbox, with exits after each. Razor alone caught spem, or dcc. My box hadn't the ooomph to do everything with spamassassin. I was using an amd i586, which was a glorified 486.
 
Old 09-24-2014, 07:51 AM   #9
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
I used
postifx --> procmail.
Procmail ran:
-->razor -->dcc-->spamassassin-->inbox, with exits after each. Razor alone caught spem, or dcc. My box hadn't the ooomph to do everything with spamassassin. I was using an amd i586, which was a glorified 486.
Thank you for taking part, business kid. My scripts did the trick. It appeared to be that delivery was passed over to Dovecot. That means that no milters of any kind such as spamass-milter, spampd, etc., will ever work. Dovecot handles it via dovecot sieve. I will set it up a little later today and it will all work. Now, if you are interested to know the setup I was fighting with works like this: 1. All the headers that are added by Spamassassin are handled by dovecot.sieve, that is reject, discard, save to a separate file, redirect and so on are handled by the rules you create in sieve. 2. All the rest of the headers that are not added by Spamassassin are handled directly by Postfix's header_checks. Consequently, you have to bear these two in mind and you'll be OK.

Plus, it explains my initial question. Actually, I am replying to myself. When I typed any "spam" words into my subject filed it was handled directly by Postfix's header_checks (without SA involved) and it worked. When Spamassassin WAS involved and added its "spam" tags it did not work because delivery in this case was done by Dovecot and Dovecot did not have its mail filters (Dovecot sieve) setup... Man, took me a long time to figure that out. Hope it will help someone else. The key lines to search for are virtual transport = dovecot. If it is set then your trouble is in setting up dovecot sieve to enable mail filtering based on headers / tags added by Spamassassin.

I am still to go with further testing though because it looks like dovecot sieve filters override header_checks set in Postfix. That is when Dovecot sieve filters do the job Postfix simply backs the heck off :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
filtering postfix header_checks by from and subject, how to do it? mosmuller Linux - Server 3 06-22-2013 02:01 AM
Postfix regexp header_checks issue shudini Linux - Server 4 06-07-2009 02:19 PM
Get header_checks to apply to local_host in postfix dlublink Linux - Server 2 08-19-2008 03:01 PM
Postfix: Host-specific header_checks kidders Linux - Software 1 06-22-2006 07:21 AM
[postfix] header_checks filter problem pixel101 Linux - Software 1 05-24-2005 03:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration