Spam actions don't deliver spams ...

Questions and answers about how to do stuff
Post Reply
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Spam actions don't deliver spams ...

Post by anti-spam »

Hello,

i have configured Mailscanner to :

Spam Actions = deliver header "X-Spam-Status:Yes"

As i understand, it should deliver the (low rating) spams wit the {Spam?} at the begin of the subject.
But our EFA's don't do that. I see the spams in the Recent messahes and in the Quarantine, but there is no notification ...
What can be that wrong ?
Thanks
Regards
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

Is your mail server doing something based on the X-Spam-Status header?
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

hi,

thanks. Did not know that we have to "limit" the options.
I changed to : Spam Actions = deliver

The first spam received, i don't see a deliver of it...
What are the correct options to :

- store the received spam
- mark the subject as {Spam?}
- deliver it to the destination email

Thanks a lot.
Regards
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

/etc/MailScanner/MailScanner.conf

Code: Select all

Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = {Spam?}

Code: Select all

sudo service MailScanner restart
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

that's what i have actually ...

Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = [Spam?]

I can't imagine that the [ and ] instead of { and } can be the problem ...
I see alot of Spams (NOT High score spams) in the Recent Messages, but not anymore a delivery with the [Spam?] .... subject ...
The same in the maillog, nothing found with [Spam?]

Did i broke MailScanner or something else ?
Regards
:arrow: always fighting spams ... :hand:
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

hi,

i did a try to setup a other (new) EFA with :

Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = {Spam?}

but the Spams are not delivered ...
Please, help :pray:
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

Is localhost (127.0.0.1) in the whitelist? I wonder if EFA is having trouble with delivery.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

hmm...

Just tried it on my end and it is working...
Oct 24 05:31:04 efa MailScanner[28108]: Message B6A94120198.A5DD5 from 209.85.160.181 (shawniverson@gmail.com) to openvsa-project.org is spam, SpamAssassin (not cached, score=5.269, required 4, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, PYZOR_CHECK 1.98, RCVD_IN_DNSWL_LOW -0.70, RCVD_IN_MSPIKE_H3 -0.01, RCVD_IN_MSPIKE_WL -0.01, SPAM_TEST_RULE 3.00, SPF_PASS -0.00, TRACKER_ID 1.10, TVD_SPACE_RATIO 0.00)
Oct 24 05:31:04 efa MailScanner[28108]: Spam Checks: Found 1 spam messages
Oct 24 05:31:04 efa MailScanner[28108]: Spam Actions: message B6A94120198.A5DD5 actions are store,deliver,header
Oct 24 05:31:04 efa MailScanner[28108]: Requeue: B6A94120198.A5DD5 to EF5D7120217
Oct 24 05:31:04 efa postfix/qmgr[28045]: EF5D7120217: from=<shawniverson@gmail.com>, size=1879, nrcpt=1 (queue active)
Oct 24 05:31:04 efa MailScanner[28108]: Uninfected: Delivered 1 messages
Oct 24 05:31:04 efa MailScanner[28108]: Deleted 1 messages from processing-database
Oct 24 05:31:04 efa MailScanner[28108]: Logging message B6A94120198.A5DD5 to SQL
Oct 24 05:31:04 efa postfix/smtp[28216]: EF5D7120217: to=<shawniverson@openvsa-project.org>, relay=10.1.0.43[10.1.0.43]:25, delay=6.1, delays=6/0.03/0/0.02, dsn=2.0.0, status=sent (250 OK id=1ZpvBt-0001nd-Su)
Oct 24 05:31:04 efa postfix/qmgr[28045]: EF5D7120217: removed
Date: Sat, 24 Oct 2015 05:30:56 -0400
From: Shawn Iverson <shawniverson@gmail.com>
To: shawniverson@openvsa-project.org
Subject: {Spam?} test2
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

grrrr ... I did a search in the logs for : grep 'Spam Actions' /var/log/maillog

found a lot :

Code: Select all

Oct 24 11:08:19 mx3 MailScanner[19921]: Spam Actions: message 78B6812005B.AA86F actions are store,deliver
Oct 24 11:12:40 mx3 MailScanner[16835]: Spam Actions: message C0F8712005B.A3E39 actions are store
Oct 24 11:13:50 mx3 MailScanner[15816]: Spam Actions: message 8A29F12005B.A04CC actions are store
Oct 24 11:27:08 mx3 MailScanner[19921]: Spam Actions: message 148A012005B.AFD6D actions are store
Oct 24 11:34:01 mx3 MailScanner[21175]: Spam Actions: message 99D5312005B.A129A actions are store
Oct 24 11:37:29 mx3 MailScanner[20846]: Spam Actions: message C100412005B.AF459 actions are store,deliver
Oct 24 11:39:06 mx3 MailScanner[21026]: Spam Actions: message DC4FC12005B.A8011 actions are store,deliver
Then i did a search on : grep 'DC4FC12005B.A8011' /var/log/maillog

Code: Select all

Oct 24 11:39:04 mx3 MailScanner[21026]: <A> tag found in message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:04 mx3 MailScanner[21026]: HTML Img tag found in message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:06 mx3 MailScanner[21026]: Message DC4FC12005B.A8011 from 62.210.29.168 (bounce-98576-34340996-5756-860@arxms24.com) to one-of-our-domains.com is spam, SpamAssassin (not cached, score=5.307, required 4, BAYES_50 0.80, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, URIBL_BLACK 1.70, URIBL_JP_SURBL 1.25)
Oct 24 11:39:06 mx3 MailScanner[21026]: Delivery of spam: message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com to mparis@one-of-our-domains.com with subject Offre Sp?ciale : Jusqu'? -20%% sur Votre S?jour
Oct 24 11:39:06 mx3 MailScanner[21026]: Spam Actions: message DC4FC12005B.A8011 actions are store,deliver
Oct 24 11:39:06 mx3 MailScanner[21979]: Found phishing fraud from http://arxms24.com/tl.php?p=157/159/rs/3mnu/sk/rs//http%%3A%%2F%%2Fadtrack.adleadevent.com%%2Fadtckcm.php%%3Fidc%%3D10680%%26idctr%%3D1%%26idp%%3D1519%%26idm%%3D1611%%26email%%3Dmparis%%40one-of-our-domains.com%%26rdr%%3Dhttp%%3A%%2F%%2Fwww.adleadevent.com%%2Fpierreetvacances%%2Ffr%%2Fc%%2Fclick2mail%%2F16062015%%2Femail%%3Dmparis%%40one-of-our-domains.com%%26idp%%3D1519 claiming to be www.one-of-our-domains.com in DC4FC12005B.A8011
Oct 24 11:39:06 mx3 MailScanner[21026]: Content Checks: Detected and have disarmed web bug, phishing tags in HTML message in DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
Oct 24 11:39:06 mx3 MailScanner[21026]: Logging message DC4FC12005B.A8011 to SQL
Oct 24 11:39:06 mx3 MailScanner[21338]: DC4FC12005B.A8011: Logged to MailWatch SQL

This incoming email is reported in Mailwatch, but NOT the deliver. What i see in Mailwatch :

Code: Select all

[#] 	24/10/15 11:42:10 	fjkls@other-domains.com 	195.238.20.129 (mailrelay102.------------) 	lfjkls@other-domains.com 	Fw: Transférer  	9.8Kb 	-1.62 	Clean
[#] 	24/10/15 11:41:14 	fjkls@other-domains.com 	157.55.234.99 (mail-db3on0099.outbound.protection.outlook.com) 	fjkls@other-domains.com 	RE: Dossier : Mr & Mme  	8.4Kb 	-1.90 	Clean
[#] 	24/10/15 11:39:06 	bounce-98576-34340996-5756-860@arxms24.com 	62.210.29.168 (smtp.arxms24.com) 	mparis@one-of-our-domains.com 	Offre Spéciale : Jusqu'à -20% sur Votre Séjour 	11.8Kb 	5.31 	Spam

The last line is the incoming spam. There is no trace of the deliver ...
Is my Mailwatch configuration wrong ?
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
I see this in your log, but nothing appears to be happening?

Looks like it is stuck in the queue? I think something may up in postfix...

Anything else in the log with id 00A5712005E?
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

here it is

Code: Select all

grep '00A5712005E' /var/log/maillog
Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
Oct 24 11:39:06 mx3 postfix/qmgr[31149]: 00A5712005E: from=<bounce-98576-34340996-5756-860@arxms24.com>, size=11410, nrcpt=1 (queue active)
Oct 24 11:39:07 mx3 postfix/smtp[20695]: 00A5712005E: to=<mparis@one-of-our-domains.com>, relay=cp3.our-servers[19x.y.z.23]:25, delay=7, delays=6.5/0/0.06/0.39, dsn=2.0.0, status=sent (250 OK id=1ZpvI1-0000jn-Oc)
Oct 24 11:39:07 mx3 postfix/qmgr[31149]: 00A5712005E: removed
:arrow: always fighting spams ... :hand:
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

ok, the spams? are delivered, but why is it not listed in Mailwatch ?
Regards
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

You cannot see the spam in MailWatch? What about high spam and non-spam?
anti-spam
Posts: 40
Joined: 06 Oct 2015 14:32
Contact:

Re: Spam actions don't deliver spams ...

Post by anti-spam »

hi,

i see the spams and high score spams incoming, but not anymore the spams delivery emails.
They are in the logs and are delivered, but they are not into Mailwatch.
If we change the spam actions to send a notification (the email with the link to unblock a spam), then this email delivery to the senders are showed in Mailwatch.

Is there not a way to make tha Mailwatch show us more?
Because Mailwatch don't show everything.
If we tail maillog, there are ALOT more in the logs ...

Thanks
:arrow: always fighting spams ... :hand:
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Spam actions don't deliver spams ...

Post by shawniverson »

I'm a little confused because I have no trouble seeing the spam in mailwatch...
Capture.png
Capture.png (7.53 KiB) Viewed 11165 times
You are not seeing these entries for spam?
Post Reply