|

»

»

SpamAssassin - Users

Spamassassin not tagging some emails

View: New views

17 Messages — Rating Filter: Alert me

	Spamassassin not tagging some emails by Angus Dunn :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I am wondering if anyone has encountered a similar problem or has a solution for this. I have enabled spamassassin on my mail server. Spamassassin is correctly tagging most of the email but some of the emails are not. The correctly tagged emails has the following in the email headers: Return-Path: <support@3idea.com> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on titanium.3idea.com X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.2.5 Received: from inspiron1505 (titanium [127.0.0.1]) by titanium.3idea.com (8.13.8/8.13.8) with ESMTP id n9N031fU015203 for <postmaster@austingrahaminc.com>; Thu, 22 Oct 2009 17:03:01 -0700 Reply-To: <support@3idea.com> From: "Support@3idea" <support@3idea.com> To: <postmaster@austingrahaminc.com> References: <000d01ca536e$1d77aa10$6400a8c0@pedicuringp> In-Reply-To: <000d01ca536e$1d77aa10$6400a8c0@pedicuringp> Subject: RE: You've received a postcard test Date: Thu, 22 Oct 2009 17:03:00 -0700 Message-ID: <00fe01ca5374$2f27ce10$8d776a30$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcpTbjaJ1YZhm8cFRkyZRJYCPUdxZwABfEow Content-Language: en-us The emails that has not been tagged at all: Return-Path: <angus.dunn@3idea.com> Received: from inspiron1505 (titanium [127.0.0.1]) by titanium.3idea.com (8.13.8/8.13.8) with ESMTP id n9MNutNS014287 for <support@3idea.com>; Thu, 22 Oct 2009 16:56:55 -0700 Reply-To: <angus.dunn@3idea.com> From: "Angus - 3idea" <angus.dunn@3idea.com> To: <support@3idea.com> Subject: FW: You've received a postcard test Date: Thu, 22 Oct 2009 16:56:54 -0700 Message-ID: <00e401ca5373$54c76aa0$fe563fe0$@dunn@3idea.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00E5_01CA5338.A86892A0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcpTbqcxbSi7uMYrQ6yvYdA8pD9mWwABKQzQ Content-Language: en-us I have confirmed that spamassassin is running all the time. It seems like all emails with attachment are passing straight through and not evaluate by spamassassin. The emails that are not tagged has an attachment ecard.zm9 which is a spam email. The IP of the spam email is from a blacklisted mail server. Does anyone know why spamassassin is not tagging the email with attachment? I am using the following: Spamassassin 3.2.5 Sendmail 8.13.8-2 Centos 5.1 If there is additional info i need to provide, please let me know. I really appreciated your help! Thanks, Angus
	Re: Spamassassin not tagging some emails by Alex-325 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, On the message that should have been scanned: > The emails that has not been tagged at all: [...] > From: "Angus - 3idea" <angus.dunn@...> > To: <support@...> Are you forwarding this spam from your internal account to this other internal support@... account? It also looked like there was no external mail server involved. If so, I would think that SA trusts your internal network, and therefore is just passing the message through without even evaluating it. If you want your internal mail to also be scanned, remove your mail server from trusted_networks and internal_networks. I think that should fix it. Regards, Alex
	Re: Spamassassin not tagging some emails by Jari Fredriksson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 23.10.2009 4:52, MySQL Student kirjoitti: > Hi, > > On the message that should have been scanned: > >> The emails that has not been tagged at all: > > [...] >> From: "Angus - 3idea" <angus.dunn@...> >> To: <support@...> > > Are you forwarding this spam from your internal account to this other > internal support@... account? It also looked like there was no > external mail server involved. > > If so, I would think that SA trusts your internal network, and > therefore is just passing the message through without even evaluating > it. If you want your internal mail to also be scanned, remove your > mail server from trusted_networks and internal_networks. > > I think that should fix it. > > Regards, > Alex > SpamAssassin DOES NOT bypass scanning, if the internal or trusted networks contain the server in it. Own mail server MUST be in those network settings. The questions follows: How do you call SpamAssassin? Via spamc? How do you initiate spamc? Does it somehow bypass local network? -- http://www.iki.fi/jarif/ Stay away from flying saucers today. signature.asc (259 bytes) Download Attachment
	Re: Spamassassin not tagging some emails by John Hardin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 22 Oct 2009, Angus Dunn wrote: > I have enabled spamassassin on my mail server. Spamassassin is correctly > tagging most of the email but some of the emails are not. > The correctly tagged emails has the following in the email headers: >
	Re: Spamassassin not tagging some emails by Alex-325 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, > SpamAssassin DOES NOT bypass scanning, if the internal or trusted > networks contain the server in it. Hmm.. thanks for correcting me. How would you, then, go about preventing SA from scanning the localhost or a specific domain without whitelisting that domain or range? Thanks, Alex
	Re: Spamassassin not tagging some emails by Karsten Bräckelmann-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 2009-10-23 at 13:04 -0400, MySQL Student wrote: > > SpamAssassin DOES NOT bypass scanning, if the internal or trusted > > networks contain the server in it. > > Hmm.. thanks for correcting me. > > How would you, then, go about preventing SA from scanning the > localhost or a specific domain without whitelisting that domain or > range? Don't feed the mail to SA. That's the responsibility of your glue, whatever passes mail to SA. SA scans any mail it gets passed. Using the Shortcircuit plugin, you can e.g. have SA end early -- but for shortcircuiting to happen, SA obviously must process the mail. -- char t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=t++,x=t+2h,c,i,l=x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=++x); c&128 && (s+=h); if (!(h>>=1)\|\|!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
	Re: Spamassassin not tagging some emails by Jari Fredriksson :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 23.10.2009 20:04, MySQL Student kirjoitti: > Hi, > >> SpamAssassin DOES NOT bypass scanning, if the internal or trusted >> networks contain the server in it. > > Hmm.. thanks for correcting me. > > How would you, then, go about preventing SA from scanning the > localhost or a specific domain without whitelisting that domain or > range? > > Thanks, > Alex > Personally, I do call SpamAssassin from maildrop (/etc/maildroprc). That takes place as ---------------------------------------------------------------------- if ( $SCAN_SPAM == 1 ) { xfilter "spamc -H --retry-sleep=10 --connect-retries=100 -d spamd -u spam" } ---------------------------------------------------------------------- Than can be done from procmailrc etc. with their own ways. The SCAN_SPAM variable is a key in this. I can set it to 0 (default value for script 1) using various tests. I have various tests for that variable, that this is what whitelists the message from being passed to SpamAssassin. ---------------------------------------------------------------------- if (( $SCAN_SPAM == 1) && /^From:\s(.)/ && lookup( $MATCH1, "/usr/etc/maildrop_sender_whitelist", "D" )) { xfilter "reformail -A'X-Whitelisted: $MATCH1 in /usr/etc/maildrop_sender_whitelist'" SCAN_SPAM=0 } ---------------------------------------------------------------------- In this case, I have a text file /usr/etc/maildrop_sender_whitelist which contains email addresses line by line, and if maildrop finds a match from there, it sets the SCAN_SPAM to 0, thus bypassing the SA call. This test if earlier in the maildroprc script, the spamc call is of course in the end. This kind of whitelisting is of course dangerous, but it it works for me. The whitelisted addresses are mostly of type root@... which are not abused by spammers (knock knock). You can do all kinds of tests with maildrop. I have also this. ----------------------------------------------------------------------- # Check for bounces. If matches, no SpamAssassin call needed, because I do not consider bounce as spam. if ( /^Subject: Mail Delivery Problem/ \|\| \ /^Subject: Mail Delivery \(failure/ \|\| \ /^Subject: Undelivered Mail Returned to Sender/ \|\| \ /^Subject: virus found in sent message/ \|\| \ /^Subject: failure notice / \|\| \ /^Subject: Mail delivery failed/ \|\| \ /^Subject: Undeliverable\:/ \|\| \ /^Subject: Undeliverable [Mm]ail/ \|\| \ /^Subject: Undeliverable Mail/ \|\| \ /^Subject: Undeliverable mail/ \|\| \ /^Subject: Returned mail\: / \|\| \ /^Subject: DELIVERY FAILURE: User / \|\| \ /^Subject: Yahoo! Auto Response/ \|\| \ /^X-ME-bounce-domain:/ \|\| \ /^X-Failed-Recipients:/ \|\| \ /^X-Yahoo-Newman-Property: groups-bounce/ \|\| \ /^Diagnostic-Code: X-Postfix; host / \|\| \ /^Content-type: multipart\/report;/ \|\| \ /^Subject: Delivery failed\:/ \|\| \ /^Subject: DELIVERY FAILURE\:/ \|\| \ /^Subject: MESSAGE NOT DELIVERED\: / \|\| \ /^Subject: Delivery problem/ \|\| \ /^Subject: Email Failure Notification/ \|\| \ /^Subject: Email not allowed/ \|\| \ /^Subject: failure delivery/ \|\| \ /^Subject: failure notice/ \|\| \ /^Subject: Mail Not Delivered/ \|\| \ /^Subject: mail failed, returning to sender/ \|\| \ /^Subject: Nondeliverable mail/ \|\| \ /^Subject: Warning: could not send message for/ \|\| \ /^Subject: MDaemon Warning - Virus Found/ \|\| \ /^Subject: Permanent Delivery Failure/ \|\| \ /^Subject: Mail System Error - Returned Mail/ \|\| \ /^Subject: Mail System Error - Undeliverable Mail/ \|\| \ /^Subject: Transient Delivery Failure/ \|\| \ /^Subject: Message status - undeliverable/ \|\| \ /^Subject: Warning\: message / \|\| \ /^Subject: Mail could not be delivered/ \|\| \ /^Subject: Your email to .* has NOT been delivered/ \|\| \ /^Subject: Returned mail: see our site/ \|\| \ /^Subject: Delivery failure/ ) { `logger -p mail.info " BOUNCE RECEIVED "` if (hasaddr("vesaf@...")) { exit } xfilter "reformail -A'X-Whitelisted: Apparently a bounce, SpamAssassin will not be called.'" xfilter "reformail -A'X-Bounce: Yes '" SCAN_SPAM=0 } ----------------------------------------------------------------------- It does not scan for Spam Attachments if the mail is a bounce. Bounces will be delivered to another folder with a later rule. You have your ways, your have your tools. -- http://www.iki.fi/jarif/ signature.asc (259 bytes) Download Attachment
	Re: Spamassassin not tagging some emails by Angus Dunn :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Jari Fredriksson wrote: 23.10.2009 20:04, MySQL Student kirjoitti: > Hi, > >> SpamAssassin DOES NOT bypass scanning, if the internal or trusted >> networks contain the server in it. > > Hmm.. thanks for correcting me. > > How would you, then, go about preventing SA from scanning the > localhost or a specific domain without whitelisting that domain or > range? > > Thanks, > Alex > Personally, I do call SpamAssassin from maildrop (/etc/maildroprc). That takes place as ---------------------------------------------------------------------- if ( $SCAN_SPAM == 1 ) { xfilter "spamc -H --retry-sleep=10 --connect-retries=100 -d spamd -u spam" } ---------------------------------------------------------------------- Than can be done from procmailrc etc. with their own ways. The SCAN_SPAM variable is a key in this. I can set it to 0 (default value for script 1) using various tests. I have various tests for that variable, that this is what whitelists the message from being passed to SpamAssassin. ---------------------------------------------------------------------- if (( $SCAN_SPAM == 1) && /^From:\s(.)/ && lookup( $MATCH1, "/usr/etc/maildrop_sender_whitelist", "D" )) { xfilter "reformail -A'X-Whitelisted: $MATCH1 in /usr/etc/maildrop_sender_whitelist'" SCAN_SPAM=0 } ---------------------------------------------------------------------- In this case, I have a text file /usr/etc/maildrop_sender_whitelist which contains email addresses line by line, and if maildrop finds a match from there, it sets the SCAN_SPAM to 0, thus bypassing the SA call. This test if earlier in the maildroprc script, the spamc call is of course in the end. This kind of whitelisting is of course dangerous, but it it works for me. The whitelisted addresses are mostly of type root@somehost.example.com which are not abused by spammers (knock knock). You can do all kinds of tests with maildrop. I have also this. ----------------------------------------------------------------------- # Check for bounces. If matches, no SpamAssassin call needed, because I do not consider bounce as spam. if ( /^Subject: Mail Delivery Problem/ \|\| \ /^Subject: Mail Delivery \(failure/ \|\| \ /^Subject: Undelivered Mail Returned to Sender/ \|\| \ /^Subject: virus found in sent message/ \|\| \ /^Subject: failure notice / \|\| \ /^Subject: Mail delivery failed/ \|\| \ /^Subject: Undeliverable\:/ \|\| \ /^Subject: Undeliverable [Mm]ail/ \|\| \ /^Subject: Undeliverable Mail/ \|\| \ /^Subject: Undeliverable mail/ \|\| \ /^Subject: Returned mail\: / \|\| \ /^Subject: DELIVERY FAILURE: User / \|\| \ /^Subject: Yahoo! Auto Response/ \|\| \ /^X-ME-bounce-domain:/ \|\| \ /^X-Failed-Recipients:/ \|\| \ /^X-Yahoo-Newman-Property: groups-bounce/ \|\| \ /^Diagnostic-Code: X-Postfix; host / \|\| \ /^Content-type: multipart\/report;/ \|\| \ /^Subject: Delivery failed\:/ \|\| \ /^Subject: DELIVERY FAILURE\:/ \|\| \ /^Subject: MESSAGE NOT DELIVERED\: / \|\| \ /^Subject: Delivery problem/ \|\| \ /^Subject: Email Failure Notification/ \|\| \ /^Subject: Email not allowed/ \|\| \ /^Subject: failure delivery/ \|\| \ /^Subject: failure notice/ \|\| \ /^Subject: Mail Not Delivered/ \|\| \ /^Subject: mail failed, returning to sender/ \|\| \ /^Subject: Nondeliverable mail/ \|\| \ /^Subject: Warning: could not send message for/ \|\| \ /^Subject: MDaemon Warning - Virus Found/ \|\| \ /^Subject: Permanent Delivery Failure/ \|\| \ /^Subject: Mail System Error - Returned Mail/ \|\| \ /^Subject: Mail System Error - Undeliverable Mail/ \|\| \ /^Subject: Transient Delivery Failure/ \|\| \ /^Subject: Message status - undeliverable/ \|\| \ /^Subject: Warning\: message / \|\| \ /^Subject: Mail could not be delivered/ \|\| \ /^Subject: Your email to .* has NOT been delivered/ \|\| \ /^Subject: Returned mail: see our site/ \|\| \ /^Subject: Delivery failure/ ) { `logger -p mail.info " BOUNCE RECEIVED "` if (hasaddr("vesaf@iki.fi")) { exit } xfilter "reformail -A'X-Whitelisted: Apparently a bounce, SpamAssassin will not be called.'" xfilter "reformail -A'X-Bounce: Yes '" SCAN_SPAM=0 } ----------------------------------------------------------------------- It does not scan for Spam Attachments if the mail is a bounce. Bounces will be delivered to another folder with a later rule. You have your ways, your have your tools. -- http://www.iki.fi/jarif/ Hi All, Thank you for the useful tips. I have tried the following: 1. trusted_networks/internal_networks - I checked the conf file for spamassassin /etc/mail/spamassassin/local.cf, there is no reference to trusted_networks or internal_networks. I also clear those two setting just in case with the following settings: clear_trusted_networks clear_internal_networks trusted_networks internal_networks But this does not help. The spam emails still did not get tag. 2. I am using procmailrc to invoke spamassassin. Here is the /etc/procmailrc: DROPPRIVS=yes :0fw * < 25600 \| /usr/bin/spamc :0 * ^X-Spam-Level: \\\\\\\\\\ /dev/null ~ As someone suggested, this may be due to size of the email. It looks like spamassassion will not be invoked if email is larger than 25600 bytes. I changed the above to the following: DROPPRIVS=yes :0fw * < 102400 \| /usr/bin/spamc :0 * ^X-Spam-Level: \\\\\\\\\\ /dev/null That seems to fix the problem. I also have a question: Do i really need to check for the size of email? Should I just remove the size check? Thanks, Angus
	Re: Spamassassin not tagging some emails by John Hardin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 23 Oct 2009, Angus Dunn wrote: > :0fw > * < 25600 > \| /usr/bin/spamc chuckle Yeah, that'd do it all right. > It looks like spamassassion will not be invoked if email is larger than > 25600 bytes. Correct. > :0fw > * < 102400 > \| /usr/bin/spamc 100KB is still rather small for an email with scannable attachments. > That seems to fix the problem. > I also have a question: > Do i really need to check for the size of email? Should I just remove the > size check? spamc also has a size limit; that you aren't specifying it means it's using its internal default. See the spamc documentation for what that is and how to set it. You should probably have your procmail rule set to the same size limit as spamc is using, and make both explicit. That will minimize overhead for messages larger than the limit and make it clear what is going on. The size limit is generally set to 400-500KB. If you have an underpowered MTA/SA box you might want to set it smaller to reduce scanning load. Also take into consideration whether what you set it to lets an unacceptable amount of large spams to get through. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@... FALaholic #11174 pgpk -a jhardin@... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...in the 2nd amendment the right to arms clause means you have the right to choose how many arms you want, and the militia clause means that Congress can punish you if the answer is "none." -- David Hardy, 2nd Amendment scholar ----------------------------------------------------------------------- 14 days since President Obama won the Nobel "Not George W. Bush" prize
	Re: Spamassassin not tagging some emails by d.hill :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting Angus Dunn <angus.dunn@...>: > 2. I am using procmailrc to invoke spamassassin. > Here is the /etc/procmailrc: > DROPPRIVS=yes > :0fw > * < 25600 > \| /usr/bin/spamc > > :0 > * ^X-Spam-Level: \\\\\\\\\\ > /dev/null > ~ > > As someone suggested, this may be due to size of the email. It looks like > spamassassion will not be invoked if email is larger than 25600 bytes. > > I changed the above to the following: > > DROPPRIVS=yes > :0fw > * < 102400 > \| /usr/bin/spamc > > :0 > * ^X-Spam-Level: \\\\\\\\\\ > /dev/null > > > That seems to fix the problem. > I also have a question: > Do i really need to check for the size of email? Should I just remove the > size check? spamc documentation shows the default scan size is 500Kb. If you have the system resources, you could eliminate the size restriction. I'm calling spamc directly from the MTA and have the size set to 256Kb.
	Re: Spamassassin not tagging some emails by Karsten Bräckelmann-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 2009-10-23 at 15:12 -0700, Angus Dunn wrote: > Thank you for the useful tips. I have tried the following: > 1. trusted_networks/internal_networks - I checked the conf file for > spamassassin /etc/mail/spamassassin/local.cf, there is no reference to > trusted_networks or internal_networks. I also clear those two setting just > in case with the following settings: As has been clarified, this is not your issue. No way it will skip scanning. > clear_trusted_networks > clear_internal_networks > > trusted_networks > internal_networks Please check the Conf docs. If you don't have any need to specifically set them, just leave out all those options and let the magic work. > But this does not help. The spam emails still did not get tag. > > 2. I am using procmailrc to invoke spamassassin. > Here is the /etc/procmailrc: > DROPPRIVS=yes > :0fw > * < 25600 > \| /usr/bin/spamc That's 25 kByte! Yes, that is your problem. Any mail larger than that will NOT be processed by SA. The default has been 500 kByte for a long time, and was 250 kByte before. That line looks like an obvious typo to me. An ancient one. > As someone suggested, this may be due to size of the email. It looks like > spamassassion will not be invoked if email is larger than 25600 bytes. > > I changed the above to the following: > > DROPPRIVS=yes > :0fw > * < 102400 > \| /usr/bin/spamc 100 kByte, still really low. > That seems to fix the problem. > I also have a question: > Do i really need to check for the size of email? Should I just remove the > size check? man spamc. Without that procmail condition, spamc simply will return any messages exceeding the (default) size limit unprocessed. Using an explicit limit here will spare the unnecessary filter, since spamc won't even be called. I recommend setting it to the limit you want enforced -- and hence setting it to 500 kByte if you don't want to change the spamc default. -- char t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=t++,x=t+2h,c,i,l=x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=++x); c&128 && (s+=h); if (!(h>>=1)\|\|!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
	Re: Spamassassin not tagging some emails by d.hill :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting Karsten Bräckelmann <guenther@...>: >> But this does not help. The spam emails still did not get tag. >> >> 2. I am using procmailrc to invoke spamassassin. >> Here is the /etc/procmailrc: >> DROPPRIVS=yes >> :0fw >> * < 25600 >> \| /usr/bin/spamc > > That's 25 kByte! Yes, that is your problem. Any mail larger than that > will NOT be processed by SA. > > The default has been 500 kByte for a long time, and was 250 kByte > before. That line looks like an obvious typo to me. An ancient one. Add another zero and it would have been about 256Kb.
	Re: Spamassassin not tagging some emails by John Hardin :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 23 Oct 2009, d.hill@... wrote: > Quoting Karsten Bräckelmann <guenther@...>: > >> > But this does not help. The spam emails still did not get tag. >> > >> > 2. I am using procmailrc to invoke spamassassin. >> > Here is the /etc/procmailrc: >> > DROPPRIVS=yes >> > : 0fw >> > * < 25600 >> > \| /usr/bin/spamc >> >> That's 25 kByte! Yes, that is your problem. Any mail larger than that >> will NOT be processed by SA. >> >> The default has been 500 kByte for a long time, and was 250 kByte >> before. That line looks like an obvious typo to me. An ancient one. > > Add another zero and it would have been about 256Kb. That's why we think it's a fossilized typo. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhardin@... FALaholic #11174 pgpk -a jhardin@... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- An entitlement beneficiary is a person or special interest group who didn't earn your money, but demands the right to take your money because they want it. -- John McKay, _The Welfare State: No Mercy for the Middle Class_ ----------------------------------------------------------------------- 14 days since President Obama won the Nobel "Not George W. Bush" prize
	Re: Spamassassin not tagging some emails by Karsten Bräckelmann-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 2009-10-23 at 16:11 -0700, John Hardin wrote: > On Fri, 23 Oct 2009, d.hill@... wrote: > > Quoting Karsten Bräckelmann <guenther@...>: > > > > : 0fw > > > > * < 25600 > > > > \| /usr/bin/spamc > > > > > > That's 25 kByte! Yes, that is your problem. Any mail larger than that > > > will NOT be processed by SA. > > > > > > The default has been 500 kByte for a long time, and was 250 kByte > > > before. That line looks like an obvious typo to me. An ancient one. > > > > Add another zero and it would have been about 256Kb. Which would be exactly why I claimed this to look like a... > That's why we think it's a fossilized typo. Err, right, thanks. ;-) -- char t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=t++,x=t+2h,c,i,l=x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=++x); c&128 && (s+=h); if (!(h>>=1)\|\|!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
	Re: Spamassassin not tagging some emails by Angus Dunn :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks everyone for your help! I have changed procmailrc to the following: DROPPRIVS=yes :0fw * < 512000 \| /usr/bin/spamc :0 * ^X-Spam-Level: \\\\\\\\\\ /dev/null It is now working fine. Someone mentioned that i can actually invoke spamassassin directly from sendmail. What will be the advantage/disadvantage to do that? Also any docs on how to do that? Thanks, Angus d.hill wrote: Quoting Karsten Bräckelmann <guenther@rudersport.de>: >> But this does not help. The spam emails still did not get tag. >> >> 2. I am using procmailrc to invoke spamassassin. >> Here is the /etc/procmailrc: >> DROPPRIVS=yes >> :0fw >> * < 25600 >> \| /usr/bin/spamc > > That's 25 kByte! Yes, that is your problem. Any mail larger than that > will NOT be processed by SA. > > The default has been 500 kByte for a long time, and was 250 kByte > before. That line looks like an obvious typo to me. An ancient one. Add another zero and it would have been about 256Kb.
	Re: Spamassassin not tagging some emails by d.hill :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Quoting Angus Dunn <angus.dunn@...>: > Thanks everyone for your help! > > I have changed procmailrc to the following: > DROPPRIVS=yes > :0fw > * < 512000 > \| /usr/bin/spamc > > :0 > * ^X-Spam-Level: \\\\\\\\\\ > /dev/null > > It is now working fine. > > Someone mentioned that i can actually invoke spamassassin directly from > sendmail. What will be the advantage/disadvantage to do that? Also any docs > on how to do that? Seeing as you responded to my message, I don't recall seeing anyone mentioning a particular MTA. I could be wrong as I jumped into the conversation late. I invoke SA directly from Postfix, myself.
	Re: Spamassassin not tagging some emails by David B Funk :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 23 Oct 2009, Angus Dunn wrote: > > Thanks everyone for your help! > > I have changed procmailrc to the following: > DROPPRIVS=yes > :0fw > * < 512000 > \| /usr/bin/spamc > > :0 > * ^X-Spam-Level: \\\\\\\\\\ > /dev/null > > It is now working fine. > > Someone mentioned that i can actually invoke spamassassin directly from > sendmail. What will be the advantage/disadvantage to do that? Also any docs > on how to do that? > > Thanks, > > Angus Check the SA wiki for "IntegradedInMta" http://wiki.apache.org/spamassassin/IntegratedInMta There are multiple sendmail 'milters' (EG spamas-milter, milterassassin) which will do that, other kinds of more exotic integration systems (EG MIMEDefang, amavis2, etc). General advantages: can filter all mail passing thru your system not just locally delivered messages, only need to call once per message not per recipient, can do SMTP rejects of high-scoring spam, etc General disadvantage: harder to do per-user customization of rules etc. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{