savemail: cannot save rejected email anywhere
 

Hi,
I'm getting this in my logwatch logs, and as a result, I'm missing some
system "logwatch" emails which, apparently, are getting swatted by
SpamAssassin, which is running directly as a sendmail milter.
Logwatch runs under /etc/cron.hourly as root.

Can someone please tell me where I can either configure sendmail to
save these somewhere for me, or how I can get SpamAssassin to not drop
these system "logwatch" emails (and *only* these logwatch emails) on the
floor.

I am getting a number of these emails (sometimes) being marked as
[SPAM] but still being sent to me, and I keep feeding these messages to
sa-learn as HAM under both my user id and as root, but I'm still getting
some dropped immediately, and I still see many of my logwatch emails
being marked as [SPAM]. I assume because they are reporting on some
other SPAM email handling that contains some text of such a high SPAM
rating that they exceed the obvious SPAM threshold I have set up.

--
Kevin J. Cummings
kjchome@rcn.com
cummings@kjchome.homeip.net
cummings@kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/14/2010 07:29 PM, Kevin J. Cummings wrote:
>
> Can someone please tell me where I can either configure sendmail to
> save these somewhere for me, or how I can get SpamAssassin to not drop
> these system "logwatch" emails (and *only* these logwatch emails) on the
> floor.

Check the man page for Mail::SpamAssassin::Conf. Locate the
whitelist_from_rcvd option. That option will help you whitelist only
your logwatch messages. You'll need the "From" address and the hostname
of the machine which sends them, as recorded in the headers of a message
that you successfully received.

Your other option is to simply not run SpamAssassin on messages that you
receive from hosts under your control, but since you haven't told us how
you run SA, I don't know how you'd do that.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

Gordon,
Thanks for your rely.

On 08/15/2010 03:20 AM, Gordon Messmer wrote:
> On 08/14/2010 07:29 PM, Kevin J. Cummings wrote:
>>
>> Can someone please tell me where I can either configure sendmail to
>> save these somewhere for me, or how I can get SpamAssassin to not drop
>> these system "logwatch" emails (and *only* these logwatch emails) on the
>> floor.
>
> Check the man page for Mail::SpamAssassin::Conf. Locate the
> whitelist_from_rcvd option. That option will help you whitelist only
> your logwatch messages. You'll need the "From" address and the hostname
> of the machine which sends them, as recorded in the headers of a message
> that you successfully received.

The "From" address is: root@kjc386.framingham.ma.us
which makes sense since it is being run directly as a cron.hourly
script. I have added this whitelist_from_rcvd to
/etc/mail/spamassassin/local.cf. I guess I'll have to wait and see what
happens on its next few runs. The last of these emails that got tagged
as [SPAM] was 3:00 this morning. And the last one I missed was on 8/13
at 07:00 in the morning. I have restarted spamassassin after the changes.

> Your other option is to simply not run SpamAssassin on messages that you
> receive from hosts under your control, but since you haven't told us how
> you run SA, I don't know how you'd do that.

I had already tried to do that by adding this line to my
/etc/mail/spamassassin/local.cf file:

trusted_networks 192.168.6/24

and my mail server is on that network.... Do I need to do the same for
127.0.0.1? (since the email is originating on the same system as the
mail server?)

And, yes, I did state that spamassassin is running directly as a
sendmail milter, but you neglected to quote that in your reply.

--
Kevin J. Cummings
kjchome@rcn.com
cummings@kjchome.homeip.net
cummings@kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/15/2010 04:40 PM, Kevin J. Cummings wrote:
>
> The "From" address is: root@kjc386.framingham.ma.us
> which makes sense since it is being run directly as a cron.hourly
> script. I have added this whitelist_from_rcvd to
> /etc/mail/spamassassin/local.cf.

whitelist_from_rcvd also requires the hostname of the sending system, as
recorded in the Received: header. Take a look at one of the messages
that you've received to get this value.

>> Your other option is to simply not run SpamAssassin on messages that you
>> receive from hosts under your control, but since you haven't told us how
>> you run SA, I don't know how you'd do that.
>
> I had already tried to do that by adding this line to my
> /etc/mail/spamassassin/local.cf file:
>
> trusted_networks 192.168.6/24

That's not quite what I meant. That still filters mail from your
internal hosts through spamassassin, but tells it to lower the message
scores from those hosts. If that didn't work, you'd probably need to
snag one of the messages marked as SPAM, save the complete set of
headers to a file, and send it to the list. Don't modify anything in
the headers. Don't exclude any of the headers. If you do, no one will
be able to tell you what your host wasn't affected by the
trusted_networks setting.

> and my mail server is on that network.... Do I need to do the same for
> 127.0.0.1? (since the email is originating on the same system as the
> mail server?)

I'm not entirely sure, honestly. If the message was submitted with
SMTP, you probably should.

> And, yes, I did state that spamassassin is running directly as a
> sendmail milter, but you neglected to quote that in your reply.

Yes, somehow I missed that. Sorry. :)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/16/2010 12:00 AM, Gordon Messmer wrote:
> On 08/15/2010 04:40 PM, Kevin J. Cummings wrote:
>>
>> The "From" address is: root@kjc386.framingham.ma.us
>> which makes sense since it is being run directly as a cron.hourly
>> script. I have added this whitelist_from_rcvd to
>> /etc/mail/spamassassin/local.cf.
>
> whitelist_from_rcvd also requires the hostname of the sending system, as
> recorded in the Received: header. Take a look at one of the messages
> that you've received to get this value.

Oops, I missed that when reading the documentation. Fixed. Added
framingham.ma.us as the hostname.

>>> Your other option is to simply not run SpamAssassin on messages that you
>>> receive from hosts under your control, but since you haven't told us how
>>> you run SA, I don't know how you'd do that.
>>
>> I had already tried to do that by adding this line to my
>> /etc/mail/spamassassin/local.cf file:
>>
>> trusted_networks 192.168.6/24
>
> That's not quite what I meant. That still filters mail from your
> internal hosts through spamassassin, but tells it to lower the message
> scores from those hosts. If that didn't work, you'd probably need to
> snag one of the messages marked as SPAM, save the complete set of
> headers to a file, and send it to the list. Don't modify anything in
> the headers. Don't exclude any of the headers. If you do, no one will
> be able to tell you what your host wasn't affected by the
> trusted_networks setting.

My 11:00 email got marked as [SPAM], here are the email headers:

> Return-Path: <root@kjc386.framingham.ma.us>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
> kjc386.framingham.ma.us
> X-Spam-Level:
> X-Spam-Status: No, score=0.3 required=4.0 tests=ALL_TRUSTED,BAYES_00,
> FRT_ADOBE2,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,SPF _PASS,URI_HEX autolearn=no
> version=3.3.1
> Received-SPF: pass (kjc386.framingham.ma.us: domain of root@kjc386.framingham.ma.us designates 127.0.0.1 as permitted sender) receiver=kjc386.framingham.ma.us; client-ip=127.0.0.1; helo=kjc386.framingham.ma.us; envelope-from=root@kjc386.framingham.ma.us; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
> X-Virus-Status: Clean
> X-Virus-Scanned: clamav-milter 0.96 at kjc386.framingham.ma.us
> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
> by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7G312re009755
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
> for <root@kjc386.framingham.ma.us>; Sun, 15 Aug 2010 23:01:02 -0400
> Received: (from root@localhost)
> by kjc386.framingham.ma.us (8.14.4/8.14.4/Submit) id o7G312a1009752
> for root; Sun, 15 Aug 2010 23:01:02 -0400
> From: root <root@kjc386.framingham.ma.us>
> Message-Id: <201008160301.o7G312a1009752@kjc386.framingham.ma. us>
> Date: Sun, 15 Aug 2010 23:01:02 -0400
> To: root@kjc386.framingham.ma.us
> Subject: [SPAM] kjc386.framingham.ma.us 08/15/10:23.01 system check
> User-Agent: Heirloom mailx 12.4 7/29/08
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (kjc386.framingham.ma.us [127.0.0.1]); Sun, 15 Aug 2010 23:01:02 -0400 (EDT)

[I'm wondering *why* it says [SPAM] if the X-Spam-Status score is 0.3?]

Do I need to use localhost or kjc386.framingham.ma.us as the hostname
for the whitelist_from_rcvd line?

>> and my mail server is on that network.... Do I need to do the same for
>> 127.0.0.1? (since the email is originating on the same system as the
>> mail server?)
>
> I'm not entirely sure, honestly. If the message was submitted with
> SMTP, you probably should.

I added 127.0.0/24 as a trusted network as well.

BTW, I get all of root's emails sent to me through a sendmail alias. If
that matters....

--
Kevin J. Cummings
kjchome@rcn.com
cummings@kjchome.homeip.net
cummings@kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/15/2010 09:15 PM, Kevin J. Cummings wrote:
>
> My 11:00 email got marked as [SPAM], here are the email headers:
...
>> X-Spam-Status: No, score=0.3 required=4.0 tests=ALL_TRUSTED,BAYES_00,
>> FRT_ADOBE2,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,SPF _PASS,URI_HEX autolearn=no
>> version=3.3.1
>> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
>> by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7G312re009755
>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
>> for<root@kjc386.framingham.ma.us>; Sun, 15 Aug 2010 23:01:02 -0400
>> Received: (from root@localhost)
>> by kjc386.framingham.ma.us (8.14.4/8.14.4/Submit) id o7G312a1009752
>> for root; Sun, 15 Aug 2010 23:01:02 -0400
...
> [I'm wondering *why* it says [SPAM] if the X-Spam-Status score is 0.3?]

We can see that the ALL_TRUSTED rule matched and the spam-status is
"no", so I think what's happening is that the milter is being run twice.
The first run isn't hitting ALL_TRUSTED and is setting the standard
SpamAssassin headers and modifying Subject: while the second run
replaces the previous SpamAssassin headers with new results.

We can also see that you've got to Received lines. The second indicates
ESMTP transport and assigns a new queue ID.

> Do I need to use localhost or kjc386.framingham.ma.us as the hostname
> for the whitelist_from_rcvd line?

I think you want localhost. If I'm reading it correctly, you're hitting
the trusted_networks setting, but not the whitelist_from_rcvd that
you've set.

> BTW, I get all of root's emails sent to me through a sendmail alias. If
> that matters....

Out of curiosity, what does the alias look like? Re-sending the message
by SMTP and running the milter twice is pretty inefficient. I wonder if
that's done by the milter in order to allow per-user configuration
settings? I don't know enough about the implementation of the SA milter
to say...
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/17/2010 11:33 AM, Gordon Messmer wrote:
> On 08/15/2010 09:15 PM, Kevin J. Cummings wrote:
>>
>> My 11:00 email got marked as [SPAM], here are the email headers:
> ...
>>> X-Spam-Status: No, score=0.3 required=4.0 tests=ALL_TRUSTED,BAYES_00,
>>> FRT_ADOBE2,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,SPF _PASS,URI_HEX autolearn=no
>>> version=3.3.1
>>> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
>>> by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7G312re009755
>>> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
>>> for<root@kjc386.framingham.ma.us>; Sun, 15 Aug 2010 23:01:02 -0400
>>> Received: (from root@localhost)
>>> by kjc386.framingham.ma.us (8.14.4/8.14.4/Submit) id o7G312a1009752
>>> for root; Sun, 15 Aug 2010 23:01:02 -0400
> ...
>> [I'm wondering *why* it says [SPAM] if the X-Spam-Status score is 0.3?]
>
> We can see that the ALL_TRUSTED rule matched and the spam-status is
> "no", so I think what's happening is that the milter is being run twice.
> The first run isn't hitting ALL_TRUSTED and is setting the standard
> SpamAssassin headers and modifying Subject: while the second run
> replaces the previous SpamAssassin headers with new results.
>
> We can also see that you've got to Received lines. The second indicates
> ESMTP transport and assigns a new queue ID.
>
>> Do I need to use localhost or kjc386.framingham.ma.us as the hostname
>> for the whitelist_from_rcvd line?
>
> I think you want localhost. If I'm reading it correctly, you're hitting
> the trusted_networks setting, but not the whitelist_from_rcvd that
> you've set.

I did that yesterday. No new SPAM markings on my hourly emails, though
some of my other admin emails are now getting marked as [SPAM], like a
couple of denyhosts reports. One of them had a -2.6 SPAM level....

>> BTW, I get all of root's emails sent to me through a sendmail alias. If
>> that matters....
>
> Out of curiosity, what does the alias look like? Re-sending the message
> by SMTP and running the milter twice is pretty inefficient. I wonder if
> that's done by the milter in order to allow per-user configuration
> settings? I don't know enough about the implementation of the SA milter
> to say...

The alias is the one that Fedora has me set up. In /etc/aliases:

# Person who should get root's mail
root: cummings

Very simple.

--
Kevin J. Cummings
kjchome@rcn.com
cummings@kjchome.homeip.net
cummings@kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/17/2010 09:50 AM, Kevin J. Cummings wrote:
>
> I did that yesterday. No new SPAM markings on my hourly emails, though
> some of my other admin emails are now getting marked as [SPAM], like a
> couple of denyhosts reports. One of them had a -2.6 SPAM level....

I suppose you could post those headers as well, so we could offer
further advise.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/20/2010 12:16 PM, Gordon Messmer wrote:
> On 08/17/2010 09:50 AM, Kevin J. Cummings wrote:
>>
>> I did that yesterday. No new SPAM markings on my hourly emails, though
>> some of my other admin emails are now getting marked as [SPAM], like a
>> couple of denyhosts reports. One of them had a -2.6 SPAM level....
>
> I suppose you could post those headers as well, so we could offer
> further advise.

OK, I have been playing with whitelist_from_rcvd trying to get this one
right as well, but for now, here is the last Denyhosts report I got that
was marked as [SPAM].

> Return-Path: <nobody@kjc386.framingham.ma.us>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
> kjc386.framingham.ma.us
> X-Spam-Level:
> X-Spam-Status: No, score=-102.9 required=4.0 tests=ALL_TRUSTED,BAYES_00,
> SPF_PASS,USER_IN_WHITELIST autolearn=ham version=3.3.1
> Received-SPF: pass (kjc386.framingham.ma.us: domain of nobody@localhost designates 127.0.0.1 as permitted sender) receiver=kjc386.framingham.ma.us; client-ip=127.0.0.1; helo=kjc386.framingham.ma.us; envelope-from=nobody@localhost; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
> X-Virus-Status: Clean
> X-Virus-Scanned: clamav-milter 0.96 at kjc386.framingham.ma.us
> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
> by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7JGobga013007
> for <root>; Thu, 19 Aug 2010 12:50:37 -0400
> Message-Id: <201008191650.o7JGobga013007@kjc386.framingham.ma. us>
> From: DenyHosts <nobody@kjc386.framingham.ma.us>
> To: root@kjc386.framingham.ma.us
> Subject: [SPAM] DenyHosts Report from kjc386.framingham.ma.us
> Date: Thu, 19 Aug 2010 12:50:37 -0400
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (kjc386.framingham.ma.us [127.0.0.1]); Thu, 19 Aug 2010 12:50:37 -0400 (EDT)

SCORE=-102.9
USER_IN_WHITELIST

and yet the subject line was re-written with [SPAM]

In case it matters, here is the /var/log/maillog of the entire
processing of the message:

> Aug 19 12:50:37 kjc386 milter-greylist: smfi_getsymval failed for {daemon_port}, using default smtp port
> Aug 19 12:50:37 kjc386 milter-greylist: o7JGobga013007: skipping greylist because address 127.0.0.1 is whitelisted, (from=<nobody@localhost>, rcpt=<root>, addr=localhost[127.0.0.1]) ACL 158
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: from=<nobody@localhost>, size=304, class=0, nrcpts=1, msgid=<201008191650.o7JGobga013007@kjc386.framingh am.ma.us>, proto=ESMTP, daemon=MTA-v6, relay=localhost [127.0.0.1]
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (0): header: Received-SPF: pass (kjc386.framingham.ma.us: domain of nobody@localhost designates 127.0.0.1 as permitted sender) receiver=kjc386.framingham.ma.us; client-ip=127.0.0.1; helo=kjc386.framingham.ma.us; envelope-from=nobody@localhost; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (kjc386.framingham.ma.us [127.0.0.1]); Thu, 19 Aug 2010 12:50:37 -0400 (EDT)
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (1): header: X-Virus-Scanned: clamav-milter 0.96 at kjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (1): header: X-Virus-Status: Clean
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: connection from localhost [127.0.0.1] at port 40578
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: setuid to sa-milt succeeded
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: processing message (unknown) for sa-milt:492
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: identified spam (6.2/5.0) for sa-milt:492 in 0.8 seconds, 1139 bytes.
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: result: Y 6 - ALL_TRUSTED,BAYES_99,FH_FROMEML_NOTLD,MISSING_MID, SPF_PASS,TO_MALFORMED scantime=0.8,size=1139,user=sa-milt,uid=492,required_score=5.0,rhost=localhost,ra ddr=127.0.0.1,rport=40578,mid=(unknown),bayes=1.00 0000,autolearn=no
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Flag: YES
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Status: Yes, score=6.2 required=5.0 tests=ALL_TRUSTED,BAYES_99,
FH_FROMEML_NOTLD,MISSING_MID,SPF_PASS,TO_MALFORMED autolearn=no version=3.3.1
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Report:
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* 2.1 TO_MALFORMED To: has a malformed address
* 1.1 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.)
* -0.0 SPF_PASS SPF: sender matches SPF record
* 0.5 MISSING_MID Missing Message-Id: header
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Level: ******
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
kjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter change: header Subject: from DenyHosts Report from kjc386.framingham.ma.us to [SPAM] DenyHosts Report from kjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter message: body replaced
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: connection from localhost [127.0.0.1] at port 40580
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: setuid to cummings succeeded
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: processing message <201008191650.o7JGobga013007@kjc386.framingham.ma. us> for cummings:1630
> Aug 19 12:50:38 kjc386 spamd[32460]: prefork: child states: IB
> Aug 19 12:50:39 kjc386 spamd[10563]: spamd: clean message (-102.9/4.0) for cummings:1630 in 1.2 seconds, 1905 bytes.
> Aug 19 12:50:39 kjc386 spamd[10563]: spamd: result: . -102 - ALL_TRUSTED,BAYES_00,SPF_PASS,USER_IN_WHITELIST scantime=1.2,size=1905,user=cummings,uid=1630,requ ired_score=4.0,rhost=localhost,raddr=127.0.0.1,rpo rt=40580,mid=<201008191650.o7JGobga013007@kjc386.f ramingham.ma.us>,bayes=0.000000,autolearn=ham
> Aug 19 12:50:39 kjc386 sendmail[13015]: o7JGobga013007: to=cummings, ctladdr=<nobody@localhost> (99/99), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31779, dsn=2.0.0, stat=Sent
> Aug 19 12:50:39 kjc386 spamd[32460]: prefork: child states: II

It looks like sa-milt is getting a-hold of the message first, and
marking it as [SPAM] with a score of 6.2. Then it looks like its
getting run again????

Probably my bad configuration, but how can I keep the spamass-milter
from marking this kind of email as spam if changing
/etc/mail/spamassassin/local.cf doesn't do it?

BTW, my /etc/sysconfig/spamass-milter file uses:

> EXTRA_FLAGS="-r 10"

so, now I can see how any email marks 10 or greater will be dropped on
the floor....

Do I need to add the -m option here as well?

--
Kevin J. Cummings
kjchome@rcn.com
cummings@kjchome.homeip.net
cummings@kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

savemail: cannot save rejected email anywhere
 

On 08/20/2010 09:39 AM, Kevin J. Cummings wrote:
> It looks like sa-milt is getting a-hold of the message first, and
> marking it as [SPAM] with a score of 6.2. Then it looks like its
> getting run again????

Yeah, I'm not terribly sure. Honestly, I haven't run Sendmail on a mail
server in close to a decade. I use Courier and pythonfilter (actually,
I wrote pythonfilter) these days. After looking through this milter
stuff, I'm really glad that I do. Courier and pythonfilter are far simpler.

I installed the spamass-milter package from EPEL, assuming that's what
you use, to look at it more closely. As far as I can tell, the milter
is running before Sendmail adds its Received: header, which means that
you can't use whitelist_from_rcvd (or at least, that it's not effective
early on). Furthermore, I'm not sure if spamc is being run a second
time because the milter is called again after alias expansion, or if
you're simply calling spamc from your procmailrc.

spamass-milter has an option to exclude IP ranges from filtering.
You'll probably want to configure that *in addition to* the rules you've
already set up. You should be adding those options in
/etc/sysconfig/spamass-milter.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines