Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: thallanor on May 24, 2007, 08:11:39 PM

Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 24, 2007, 08:11:39 PM
I have been trying different anti-spam settings but seem to be having problems getting things to work the way that I would like.

The first thing that I did was changed the spam sensitivity to custom because I did not know what the pre-defined settings did.  (i.e. What level does it mark an e-mail, what level does it reject an e-mail, if any?)  After experimenting, I found that level 5 seems to be about right.  No false-positives, yet it catches most spam messages.  But knowing that this is accurate, I want this e-mail rejected at level 5 or higher.  The problem is that there is no way to disable marking the e-mail.  Set it to 0, all of my e-mail is marked, set it to 20, and the REAL obvious e-mail is still marked.  The biggest concern though is that nothing seems to get rejected.  I get the same number of spam messages in my inbox now than when I had it mark them and move them into junkmail.  (I told it to not sort into junkmail after I made the change to reject at level 5, since I wouldn't need the junkmail folder anymore and I hate seeing an extra folder in my mail program.)

I am including a screenshot of my configuration and would appreciate any input that you can give.  (You can click on it for a larger version.)  Essentially, I want anything level 5 or higher rejected outright, and to not go into any folder, but to just disappear.

I'd appreciate any help.  Thanks!

(http://fn.boarral.com/tmp/thumbs/sme-spam1a.jpg) (http://fn.boarral.com/tmp/sme-spam1b.jpg)
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: shell on May 25, 2007, 12:06:22 AM
With the Spam Sensitivity set to custom and the custom spam tagging level and spam rejection level set to equal number no spam will go to junkmail folder, and all spam achieving a level of 5 or above will be rejected.  So your settings appear to be right for what you want to achieve.
Quote
Essentially, I want anything level 5 or higher rejected outright, and to not go into any folder, but to just disappear


Now you might want to spend some time searching for spam associated discussions in the SME Server 7.x Contribs forum as there are some excellent addons to the base spamassassin functionality you are currently using- including spamfilter-stats (which will email you each night with spam statistics) and instructions for customising / adding additional spam lists, learnasspam - the list goes on...

Also of interest to you for testing is the additional headers added to all emails checked by spamassassin
 (i use webmail to view the messages and the show all header toggle link is available when viewing any received message)
This will show you what score your mail did receive and give you a list (can be a bit cryptic!!) of tests that the mail scored on (is this a pass or a fail?? :? - this logic query hurts and its not even monday!)

Hope this helps.
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 25, 2007, 12:18:58 AM
Quote from: "shell"
With the Spam Sensitivity set to custom and the custom spam tagging level and spam rejection level set to equal number no spam will go to junkmail folder, and all spam achieving a level of 5 or above will be rejected.  So your settings appear to be right for what you want to achieve.

Now I need to find out why it is not working as such.  I continue to get dozens of spam e-mails sent to me each day, and I can guarantee that if I switch from reject to simply marking, that I will get approximately the same number of spam e-mails per day, simply marked as such.  I will experiment with this tonight, though.
Quote from: "shell"
Now you might want to spend some time searching for spam associated discussions in the SME Server 7.x Contribs forum as there are some excellent addons to the base spamassassin functionality you are currently using- including spamfilter-stats (which will email you each night with spam statistics) and instructions for customising / adding additional spam lists, learnasspam - the list goes on...

I will explore some of these addons tonight.  I searched contribs.org earlier but was unable to find much regarding my specific concern, but it is possible that some of these addons will allow me to fine-tune my setup into something workable.

Thank you for your assistance.  I'll see what I can do!
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: del on May 25, 2007, 12:56:10 AM
Hi thallanor,

Maybe this will help: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32 not sure but it could be worth a look.

Regards,
Del
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: shell on May 25, 2007, 01:10:58 AM
Quote
Also of interest to you for testing is the additional headers added to all emails checked by spamassassin
(i use webmail to view the messages and the show all header toggle link is available when viewing any received message)


Have you checked the headers of the emails still coming thru on the dozens of spam emails.  You may consider them spam, but if your checks are only giving them 4.9 out of 5 then they aren't considered spam.

Here is an example of the header information on a mail marked as spam
Quote
X-Spam-Status:      Yes, hits=4.0 required=3.0 tests=FORGED_HOTMAIL_RCVD,FROM_HAS_ULINE_NUMS,HTML_MESSAGE,MAILTO_TO_SPAM_ADDR,MISSING_SUBJECT,SPF_PASS,UPPERCASE_25_50

 And one that hasn't been considered spam
Quote
X-Spam-Status:      No, hits=0.5 required=3.0 tests=NO_REAL_NAME,SPF_PASS


I tend to set the custom level lower then use
Code: [Select]
db spamassassin setprop wbl.global emailaddress@domain.com White
expand-template /etc/mail/spamassassin/local.cf

to allow any legitimate emails through.  
Note you can also use *@domain.com

So I would have 8 as my custom reject level and 3 as my spam level for tagging, choose to mark as spam and move to junkmail folder.  That was any mail achieving 8+ would be automagically rejected and any gaining a score between 3 and <8 would be marked and moved to the junkmail folder.
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 25, 2007, 03:42:26 AM
Quote from: "del"
Maybe this will help: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49&Itemid=32 not sure but it could be worth a look.

This is one of the web sites that helped me catch up to speed on SpamAssassin in the first place and is very informative.  Unfortunately, I set things the way they suggested, and I still seem to be in a bind. :(
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 25, 2007, 03:45:49 AM
Quote from: "shell"
Have you checked the headers of the emails still coming thru on the dozens of spam emails.  You may consider them spam, but if your checks are only giving them 4.9 out of 5 then they aren't considered spam.

I never thought to check the headers and just assumed that the spam getting through was the same spam that was previously being moved to the junk folder.  I checked as you suggested though, and this is an example of what I found:

Quote
X-Spam-Status: Yes, hits=20.1 required=5.0 tests=DIGEST_MULTIPLE,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL


Unfortunately, it appears that I am experiencing the very problem I thought.  That these e-mails should be rejected, according to my settings, but are still getting through.  I'm not sure what would cause it, as it is a clean install of SME Server 7.1.3 with all of the latest updates.

Where is the .conf file for this?  I have a little bit of experience with Amavais and SpamAssassin.  Not much, but enough to be able to see if the .conf file jives with what I see in the web interface.

Thanks again for your help.  I'm going to keep at this.
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: shell on May 25, 2007, 04:16:47 AM
What are the results to :
Code: [Select]
config show spamassassin

Do these match your settings?

I recall when i added the spamfilter-stats to a recent sme install i had to install logterse to get the stats correct.

I hadn't come across the sonoracom site before but the info looks good to me.  The howto referenced at the bottom of the sonoracom site showed me heaps of new info too.

Some things that suggest themselves for testing after looking at the sonoracom site are:

Look at
Code: [Select]
config show qpsmtpd

this will give you other spam list details, as these are (i believe) processed by mail before going to spamassassin.

Did you do a
Code: [Select]

signal-event email-update
svc -t /service/qpsmtpd

after changing your settings?

I'm starting to get way out of my depth here, but hope the suggestions have been helpful.  having said that here is the answers (as i see them) to your request for config info.

I could be VERY wrong and am by no means an expert, and wouldn't advise directly working with these without better understanding:

The spamassassin service is governed by the sme database.  I believe all the files governing spamassassin settings are in /etc/mail/spamassassin.  the spamassassin program in /usr/bin.  
The SME template system plays a part and /etc/e-smith/templates/etc/mail/spamassassin holds templates.  if you want to alter these you will need to cp the specific template file into a matching directory in /etc/e-smith/custom-templates/etc/mail/spamassassin then make your alterations.
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 25, 2007, 04:30:01 AM
Quote from: "shell"
What are the results to :
Code: [Select]
config show spamassassin

Do these match your settings?

That is very cool!  I just learned something new. :)

Unfortunately, it seems that everything is in order:

Code: [Select]

spamassassin=service
    DNSAvailable=yes
    MessageRetentionTime=90
    OkLanguages=all
    OkLocales=all
    RejectLevel=5
    ReportSafe=0
    Sensitivity=custom
    SkipRBLChecks=0
    SortSpam=disabled
    Subject=[SPAM]
    SubjectTag=enabled
    TagLevel=4
    UseBayes=0
    status=enabled


Quote from: "shell"
Look at
Code: [Select]
config show qpsmtpd

this will give you other spam list details, as these are (i believe) processed by mail before going to spamassassin.


This is what that got me:

Code: [Select]

qpsmtpd=service
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=8
    MaxScannerSize=25000000
    RBLList=sbl-xbl.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=dsn.rfc-ignorant.org
    access=public
    status=enabled


Quote from: "shell"
Did you do a
Code: [Select]

signal-event email-update
svc -t /service/qpsmtpd

after changing your settings?


I did that at your request and am monitoring things now.  I'm keeping my fingers crossed.

Quote from: "shell"
I'm starting to get way out of my depth here, but hope the suggestions have been helpful.  having said that here is the answers (as i see them) to your request for config info.

I could be VERY wrong and am by no means an expert, and wouldn't advise directly working with these without better understanding:

The spamassassin service is governed by the sme database.  I believe all the files governing spamassassin settings are in /etc/mail/spamassassin.  the spamassassin program in /usr/bin.  
The SME template system plays a part and /etc/e-smith/templates/etc/mail/spamassassin holds templates.  if you want to alter these you will need to cp the specific template file into a matching directory in /etc/e-smith/custom-templates/etc/mail/spamassassin then make your alterations.


I appreciate all of your help and I am learning a lot, even if I am still experiencing my original problem.  I read the warning when I opened the spamassassin.cf and did not edit it.  I went the route you recommended with the restart, especially since the settings seem to match what the web interface is set to, and we'll see if that fixes it.

Thanks again!
Title: SME Server 7.1.3 SpamAssassin clarification and assistance
Post by: thallanor on May 25, 2007, 08:37:55 AM
Quote from: "shell"
Did you do a
Code: [Select]

signal-event email-update
svc -t /service/qpsmtpd

after changing your settings?

This seems to have done it!  I have only received two spam e-mails since I restarted the service, and when checking their full headers, I can see that they are not flagged as spam.  (One had a rating of 0.4, the other had a rating of 3.5.)  In addition, I used the SME Server web interface to view the spamd logs and I can see it now rejecting numerous spam e-mails with ratings exceeding 5.0.

Thank you so much!  I thought that restarting the service would not be necessary and would be part of the process SME Server does when changing settings, but I assumed wrong.  Perhaps it will be changed in a future release or perhaps I have something buggy with my system.  Regardless, I know how to deal with this situation now and am grateful for everyone's assistance.

Thanks tons!