Hello there,
recently we have found that eFa e tagging too many messages for spam. Apparently some clean emails are being blocked. This started to happen since the last update and i cant find what changed since then.
Looking for some help.
This is the summary email from the update itself:
Installing:
spamassassin_eFa x86_64 3.4.6-1.eFa.el7 eFa4 1.1 M
replacing spamassassin.x86_64 3.4.4-2.eFa.el7
Updating:
dcc x86_64 1:2.3.167-2.eFa.el7 eFa4 985 k
eFa noarch 1:4.0.4-18.eFa.el7 eFa4 118 k
Does anyone have any clue?
Thanks
Too many emails blocked tagged with spam since spamassassin update
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Too many emails blocked tagged with spam since spamassassin update
I'm sure there were substanial spamassassin rule updates.
Do you have a spam report sample you could share?
Do you have a spam report sample you could share?
Re: Too many emails blocked tagged with spam since spamassassin update
Hello,
sorry for the late reply.
Here are 3 sample spam reports from 3 emails that shouldn't be blocked.
sorry for the late reply.
Here are 3 sample spam reports from 3 emails that shouldn't be blocked.
SpamAssassin Score: 4.54
Spam Report:
Score Matching Rule Description
0.00 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
0.10 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.10 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.00 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
0.25 GMD_PRODUCER_GPL PDF producer was GPL Ghostscript
0.00 HTML_MESSAGE HTML included in message
1.20 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
-0.00 RCVD_IN_DNSWL_NONE Sender listed at https://www.dnswl.org/, no trust
-0.00 RCVD_IN_MSPIKE_H2 Average reputation (+2)
1.27 RDNS_NONE Delivered to internal network by a host with no rDNS
0.92 SPF_FAIL SPF: sender does not match SPF record (fail)
1.38 SPOOFED_FREEMAIL
0.00 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
0.10 TO_IN_SUBJ To address is in Subject
-0.80 TXREP Score normalizing based on sender's reputation
0.01 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail
SpamAssassin Score: 4.30
Spam Report:
Score Matching Rule Description
0.10 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.10 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.19 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
0.00 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
1.28 HTML_IMAGE_ONLY_24 HTML: images with 2000-2400 bytes of words
0.00 HTML_MESSAGE HTML included in message
-0.00 RCVD_IN_DNSWL_NONE Sender listed at https://www.dnswl.org/, no trust
-0.00 RCVD_IN_MSPIKE_H2 Average reputation (+2)
1.27 RDNS_NONE Delivered to internal network by a host with no rDNS
0.92 SPF_FAIL SPF: sender does not match SPF record (fail)
0.00 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
-0.57 TXREP Score normalizing based on sender's reputation
SpamAssassin Score: 6.40
Spam Report:
Score Matching Rule Description
0.00 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED
0.10 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.10 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.00 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
1.00 FREEMAIL_REPLY From and body contain different freemails
1.50 HTML_FONT_TINY_NORDNS Font too small to read, no rDNS
0.00 HTML_MESSAGE HTML included in message
0.64 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.10 MIME_HTML_ONLY Message only has text/html MIME parts
1.20 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
-0.00 RCVD_IN_DNSWL_NONE Sender listed at https://www.dnswl.org/, no trust
-0.00 RCVD_IN_MSPIKE_H2 Average reputation (+2)
1.27 RDNS_NONE Delivered to internal network by a host with no rDNS
0.92 SPF_FAIL SPF: sender does not match SPF record (fail)
0.00 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
-0.45 TXREP Score normalizing based on sender's reputation
0.01 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail
0.01 T_REMOTE_IMAGE Message contains an external image
0.00 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/Dns ... nsbl-block for more information.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Too many emails blocked tagged with spam since spamassassin update
On second thought....
1.27 RDNS_NONE Delivered to internal network by a host with no rDNS
These senders are breaking a basic rule of email that a reverse dns record must be present. If you want these emails you should consider adjusting your scores for these senders.
1.27 RDNS_NONE Delivered to internal network by a host with no rDNS
These senders are breaking a basic rule of email that a reverse dns record must be present. If you want these emails you should consider adjusting your scores for these senders.
Re: Too many emails blocked tagged with spam since spamassassin update
Hi there,
thanks for the fast reply.
Could you elaborate a bit more on that rule and what exactly it means? I'm new to this platform and my understanding about spamassassin is not very good.
And wich files i have to edit to change the values for each rule individually?
Thanks once again.
thanks for the fast reply.
Could you elaborate a bit more on that rule and what exactly it means? I'm new to this platform and my understanding about spamassassin is not very good.
And wich files i have to edit to change the values for each rule individually?
Thanks once again.
Re: Too many emails blocked tagged with spam since spamassassin update
Put on local.cf eg:
score RDNS_NONE 0.0
But like shawn wrote above and i fully agree that "These senders are breaking a basic rule of email that a reverse dns record must be present"
What i suggest is just whitelist those senders domain, so another domain that do not have RDNS still get trap by spamassassin
score RDNS_NONE 0.0
But like shawn wrote above and i fully agree that "These senders are breaking a basic rule of email that a reverse dns record must be present"
What i suggest is just whitelist those senders domain, so another domain that do not have RDNS still get trap by spamassassin
Re: Too many emails blocked tagged with spam since spamassassin update
Take a look at your report.
This one:
Search this forum for
There will be quite some hits, but for a starter:
viewtopic.php?t=2565
This one:
It would make sense, to solve this asap..The "URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked"
Search this forum for
Code: Select all
URIBL_BLOCKED
viewtopic.php?t=2565
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams