Page 1 of 1
Spam actions don't deliver spams ...
Posted: 22 Oct 2015 21:50
by anti-spam
Hello,
i have configured Mailscanner to :
Spam Actions = deliver header "X-Spam-Status:Yes"
As i understand, it should deliver the (low rating) spams wit the {Spam?} at the begin of the subject.
But our EFA's don't do that. I see the spams in the Recent messahes and in the Quarantine, but there is no notification ...
What can be that wrong ?
Thanks
Regards
Re: Spam actions don't deliver spams ...
Posted: 23 Oct 2015 01:35
by shawniverson
Is your mail server doing something based on the X-Spam-Status header?
Re: Spam actions don't deliver spams ...
Posted: 23 Oct 2015 05:01
by anti-spam
hi,
thanks. Did not know that we have to "limit" the options.
I changed to : Spam Actions = deliver
The first spam received, i don't see a deliver of it...
What are the correct options to :
- store the received spam
- mark the subject as {Spam?}
- deliver it to the destination email
Thanks a lot.
Regards
Re: Spam actions don't deliver spams ...
Posted: 23 Oct 2015 09:26
by shawniverson
/etc/MailScanner/MailScanner.conf
Code: Select all
Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = {Spam?}
Re: Spam actions don't deliver spams ...
Posted: 23 Oct 2015 10:00
by anti-spam
that's what i have actually ...
Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = [Spam?]
I can't imagine that the [ and ] instead of { and } can be the problem ...
I see alot of Spams (NOT High score spams) in the Recent Messages, but not anymore a delivery with the [Spam?] .... subject ...
The same in the maillog, nothing found with [Spam?]
Did i broke MailScanner or something else ?
Regards
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 07:19
by anti-spam
hi,
i did a try to setup a other (new) EFA with :
Spam Actions = store deliver
Spam Modify Subject = start
Spam Subject Text = {Spam?}
but the Spams are not delivered ...
Please, help
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 09:22
by shawniverson
Is localhost (127.0.0.1) in the whitelist? I wonder if EFA is having trouble with delivery.
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 09:35
by shawniverson
hmm...
Just tried it on my end and it is working...
Oct 24 05:31:04 efa MailScanner[28108]: Message B6A94120198.A5DD5 from 209.85.160.181 (
shawniverson@gmail.com) to openvsa-project.org is spam, SpamAssassin (not cached, score=5.269, required 4, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, FREEMAIL_FROM 0.00, HTML_MESSAGE 0.00, PYZOR_CHECK 1.98, RCVD_IN_DNSWL_LOW -0.70, RCVD_IN_MSPIKE_H3 -0.01, RCVD_IN_MSPIKE_WL -0.01, SPAM_TEST_RULE 3.00, SPF_PASS -0.00, TRACKER_ID 1.10, TVD_SPACE_RATIO 0.00)
Oct 24 05:31:04 efa MailScanner[28108]: Spam Checks: Found 1 spam messages
Oct 24 05:31:04 efa MailScanner[28108]: Spam Actions: message B6A94120198.A5DD5 actions are store,deliver,header
Oct 24 05:31:04 efa MailScanner[28108]: Requeue: B6A94120198.A5DD5 to EF5D7120217
Oct 24 05:31:04 efa postfix/qmgr[28045]: EF5D7120217: from=<
shawniverson@gmail.com>, size=1879, nrcpt=1 (queue active)
Oct 24 05:31:04 efa MailScanner[28108]: Uninfected: Delivered 1 messages
Oct 24 05:31:04 efa MailScanner[28108]: Deleted 1 messages from processing-database
Oct 24 05:31:04 efa MailScanner[28108]: Logging message B6A94120198.A5DD5 to SQL
Oct 24 05:31:04 efa postfix/smtp[28216]: EF5D7120217: to=<
shawniverson@openvsa-project.org>, relay=10.1.0.43[10.1.0.43]:25, delay=6.1, delays=6/0.03/0/0.02, dsn=2.0.0, status=sent (250 OK id=1ZpvBt-0001nd-Su)
Oct 24 05:31:04 efa postfix/qmgr[28045]: EF5D7120217: removed
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 09:54
by anti-spam
grrrr ... I did a search in the logs for : grep 'Spam Actions' /var/log/maillog
found a lot :
Code: Select all
Oct 24 11:08:19 mx3 MailScanner[19921]: Spam Actions: message 78B6812005B.AA86F actions are store,deliver
Oct 24 11:12:40 mx3 MailScanner[16835]: Spam Actions: message C0F8712005B.A3E39 actions are store
Oct 24 11:13:50 mx3 MailScanner[15816]: Spam Actions: message 8A29F12005B.A04CC actions are store
Oct 24 11:27:08 mx3 MailScanner[19921]: Spam Actions: message 148A012005B.AFD6D actions are store
Oct 24 11:34:01 mx3 MailScanner[21175]: Spam Actions: message 99D5312005B.A129A actions are store
Oct 24 11:37:29 mx3 MailScanner[20846]: Spam Actions: message C100412005B.AF459 actions are store,deliver
Oct 24 11:39:06 mx3 MailScanner[21026]: Spam Actions: message DC4FC12005B.A8011 actions are store,deliver
Then i did a search on : grep 'DC4FC12005B.A8011' /var/log/maillog
Code: Select all
Oct 24 11:39:04 mx3 MailScanner[21026]: <A> tag found in message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:04 mx3 MailScanner[21026]: HTML Img tag found in message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:06 mx3 MailScanner[21026]: Message DC4FC12005B.A8011 from 62.210.29.168 (bounce-98576-34340996-5756-860@arxms24.com) to one-of-our-domains.com is spam, SpamAssassin (not cached, score=5.307, required 4, BAYES_50 0.80, DCC_CHECK 1.10, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, URIBL_BLACK 1.70, URIBL_JP_SURBL 1.25)
Oct 24 11:39:06 mx3 MailScanner[21026]: Delivery of spam: message DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com to mparis@one-of-our-domains.com with subject Offre Sp?ciale : Jusqu'? -20%% sur Votre S?jour
Oct 24 11:39:06 mx3 MailScanner[21026]: Spam Actions: message DC4FC12005B.A8011 actions are store,deliver
Oct 24 11:39:06 mx3 MailScanner[21979]: Found phishing fraud from http://arxms24.com/tl.php?p=157/159/rs/3mnu/sk/rs//http%%3A%%2F%%2Fadtrack.adleadevent.com%%2Fadtckcm.php%%3Fidc%%3D10680%%26idctr%%3D1%%26idp%%3D1519%%26idm%%3D1611%%26email%%3Dmparis%%40one-of-our-domains.com%%26rdr%%3Dhttp%%3A%%2F%%2Fwww.adleadevent.com%%2Fpierreetvacances%%2Ffr%%2Fc%%2Fclick2mail%%2F16062015%%2Femail%%3Dmparis%%40one-of-our-domains.com%%26idp%%3D1519 claiming to be www.one-of-our-domains.com in DC4FC12005B.A8011
Oct 24 11:39:06 mx3 MailScanner[21026]: Content Checks: Detected and have disarmed web bug, phishing tags in HTML message in DC4FC12005B.A8011 from bounce-98576-34340996-5756-860@arxms24.com
Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
Oct 24 11:39:06 mx3 MailScanner[21026]: Logging message DC4FC12005B.A8011 to SQL
Oct 24 11:39:06 mx3 MailScanner[21338]: DC4FC12005B.A8011: Logged to MailWatch SQL
This incoming email is reported in Mailwatch, but NOT the deliver. What i see in Mailwatch :
Code: Select all
[#] 24/10/15 11:42:10 fjkls@other-domains.com 195.238.20.129 (mailrelay102.------------) lfjkls@other-domains.com Fw: Transférer 9.8Kb -1.62 Clean
[#] 24/10/15 11:41:14 fjkls@other-domains.com 157.55.234.99 (mail-db3on0099.outbound.protection.outlook.com) fjkls@other-domains.com RE: Dossier : Mr & Mme 8.4Kb -1.90 Clean
[#] 24/10/15 11:39:06 bounce-98576-34340996-5756-860@arxms24.com 62.210.29.168 (smtp.arxms24.com) mparis@one-of-our-domains.com Offre Spéciale : Jusqu'à -20% sur Votre Séjour 11.8Kb 5.31 Spam
The last line is the incoming spam. There is no trace of the deliver ...
Is my Mailwatch configuration wrong ?
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 10:02
by shawniverson
Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
I see this in your log, but nothing appears to be happening?
Looks like it is stuck in the queue? I think something may up in postfix...
Anything else in the log with id 00A5712005E?
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 10:07
by anti-spam
here it is
Code: Select all
grep '00A5712005E' /var/log/maillog
Oct 24 11:39:06 mx3 MailScanner[21026]: Requeue: DC4FC12005B.A8011 to 00A5712005E
Oct 24 11:39:06 mx3 postfix/qmgr[31149]: 00A5712005E: from=<bounce-98576-34340996-5756-860@arxms24.com>, size=11410, nrcpt=1 (queue active)
Oct 24 11:39:07 mx3 postfix/smtp[20695]: 00A5712005E: to=<mparis@one-of-our-domains.com>, relay=cp3.our-servers[19x.y.z.23]:25, delay=7, delays=6.5/0/0.06/0.39, dsn=2.0.0, status=sent (250 OK id=1ZpvI1-0000jn-Oc)
Oct 24 11:39:07 mx3 postfix/qmgr[31149]: 00A5712005E: removed
Re: Spam actions don't deliver spams ...
Posted: 24 Oct 2015 10:26
by anti-spam
ok, the spams? are delivered, but why is it not listed in Mailwatch ?
Regards
Re: Spam actions don't deliver spams ...
Posted: 25 Oct 2015 11:23
by shawniverson
You cannot see the spam in MailWatch? What about high spam and non-spam?
Re: Spam actions don't deliver spams ...
Posted: 25 Oct 2015 13:46
by anti-spam
hi,
i see the spams and high score spams incoming, but not anymore the spams delivery emails.
They are in the logs and are delivered, but they are not into Mailwatch.
If we change the spam actions to send a notification (the email with the link to unblock a spam), then this email delivery to the senders are showed in Mailwatch.
Is there not a way to make tha Mailwatch show us more?
Because Mailwatch don't show everything.
If we tail maillog, there are ALOT more in the logs ...
Thanks
Re: Spam actions don't deliver spams ...
Posted: 25 Oct 2015 20:55
by shawniverson
I'm a little confused because I have no trouble seeing the spam in mailwatch...
- Capture.png (7.53 KiB) Viewed 15084 times
You are not seeing these entries for spam?