Re: Milter no longer rejects spam (postfix

spamass-milt-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Milter no longer rejects spam (postfix

From:	J4K
Subject:	Re: Milter no longer rejects spam (postfix
Date:	Thu, 16 Jun 2011 09:37:26 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Lightning/1.0b2 Thunderbird/3.1.10

Threshold of the milter is set to 11. 


On 06/15/2011 05:25 PM, Damian Menscher wrote:
> The test message used by milter_watch contains both eicar (blocked by
> all antivirus scanners) and gtube (blocked by all spam scanners).  So
> if you want to get ClamAV to let it through, you'll have to send the
> message without the base64-encoded eicar piece.
>
> In any case, your test output shows spamassassin did try blocking the
> message with an explicit rejection, so I'd guess any problem is with
> the postfix config.  That said, it's possible your spam-blocking
> thresholds are just really high (eg, it won't block unless the score
> is 100).
>
> Damian
>
> On Wed, Jun 15, 2011 at 3:33 AM, J4K <address@hidden> wrote:
>> Hi Damian,
>>
>> Thank-you for the perl script. The milter does reject when hit on the
>> socket. Ugly output below.
>>
>>
>> When I tried to send this email with the full debug o/p my mail server
>> did reject it:
>> "5.7.1 Detected virus detected in your email : Eicar-Test-Signature..
>> Please check the message and try again."
>> But this is a red herring because it was caused from ClamAV milter with
>> SaneSecurity. However it shows that a milter was called.
>> I wonder if postfix ignores the other milters when the first one is
>> passed? Unsure.
>>
>>
>> # milter_watch -d local:/var/spool/postfix/spamass/spamass.sock
>> D milter_watch-0.6 by Damian Menscher <address@hidden>
>> D Submit_message called with """
>> SNIP- REMOVED
>> SNIP- REMOVED
>> """
>> D Sending: O ?
>> D Milter returned 0xd bytes: O
>> D Requested actions: 0x1; Undesired content 0x0
>> D Sending: DCjlocalhost.localdomain_localhost.localdomain
>> [127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
>> D Sending: Clocalhost.localdomain4' 127.0.0.1
>> D Milter returned 0x1 bytes: a
>> D Sending: DH
>> D Sending:
>> address@hidden
>> D Sending: address@hidden
>> D Milter returned 0x1 bytes: c
>> D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
>> D Sending: Rvictim
>> D Milter returned 0x1 bytes: c
>> D Sending: N
>> D Milter returned 0x1 bytes: c
>> D Sending: BTo: victim
>> Subject: milter test message
>> Content-Transfer-Encoding: BASE64
>>
>> SNIP- REMOVED
>>
>> SNIP- REMOVED
>>
>> D Milter returned 0x1 bytes: c
>> D Sending: E
>> D Milter returned 0x1 bytes: c
>> D Sending: Q
>> I Milter properly allowed clean mail through
>> D Submit_message called with """
>> SNIP- REMOVED
>>
>> SNIP- REMOVED
>> """
>> D Sending: O ?
>> D Milter returned 0xd bytes: O
>> D Requested actions: 0x1; Undesired content 0x0
>> D Sending: DCjlocalhost.localdomain_localhost.localdomain
>> [127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
>> D Sending: Clocalhost.localdomain4' 127.0.0.1
>> D Milter returned 0x1 bytes: a
>> D Sending: DH
>> D Sending:
>> address@hidden
>> D Sending: address@hidden
>> D Milter returned 0x1 bytes: c
>> D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
>> D Sending: Rvictim
>> D Milter returned 0x1 bytes: c
>> D Sending: N
>> D Milter returned 0x1 bytes: c
>> D Sending: BTo: victim
>> Subject: milter test message
>> Content-Transfer-Encoding: BASE64
>>
>> SNIP- REMOVED
>>
>> SNIP- REMOVED
>>
>> D Milter returned 0x1 bytes: c
>> D Sending: E
>> D Milter returned 0x23 bytes: y550 5.7.1 Blocked by SpamAssassin
>> D Sending: Q
>> I Milter blocked a spam/virus
>>
>>
>> On 06/14/2011 08:49 PM, Damian Menscher wrote:
>>> Just a thought, but you can also confirm the milter is working
>>> correctly by sending it test requests with milter_watch:
>>> http://www.itg.uiuc.edu/itg_software/milter_watch/
>>>
>>> That at least lets you isolate the problem to being in the
>>> milter/spamassassin config, or in the postfix config.
>>>
>>> Damian
>>>
>>> On Tue, Jun 14, 2011 at 5:07 AM, J4K <address@hidden> wrote:
>>>> Hi there everyone,
>>>>
>>>>    I noticed that my spamass-milter was not rejecting spam over the
>>>> threshold and I wonder if someone might help me with some debug options
>>>> on the spamass-milter.
>>>>
>>>> ****  My  question ****
>>>> What debug options should I use to enable logging to try and find out
>>>> why it did not either be called by postfix or reject the email?
>>>>    -d debugflags
>>>>             Enables logging.  debugflags is a comma-separated list of
>>>> tokens:
>>>>             func    Entry and exit of internal functions.
>>>>             misc    Other non-verbose logging.
>>>>             net     Lookups of the ignored netblocks list.
>>>>             poll    Low-level I/O to the child spamc process.
>>>>             rcpt    Recipient processing.
>>>>             spamc  High-level I/O to the child spamc process.
>>>>             str     Calls to field lookup and string comparison functions.
>>>>             uori    Calls to the update_or_insert function.
>>>>             1       (historical) Same as func,misc.
>>>>             2       (historical) Same as func,misc,poll.
>>>>             3       (historical) Same as func,misc,poll,str,uori.
>>>>
>>>>
>>>>
>>>> **** Some backup info in case someone thinks that I am barking up the
>>>> wrong tree ****
>>>>
>>>> Spamass-milter is called as a before milter in Postfix:-
>>>>    # postconf -n  | grep milter
>>>>    milter_default_action = tempfail
>>>>    non_smtpd_milters = unix:/dkim-filter/dkim-filter.sock
>>>>    smtpd_milters = unix:/clamav/clamav-milter.ctl,
>>>> unix:/spamass/spamass.sock, unix:/dkim-filter/dkim-filter.sock
>>>>
>>>> The spamass trigger threshold is 11 and the emails getting through often
>>>> have sigh scores like 15, and I would like to check that spamass-milter
>>>> is even receiving any email to check.  I did not see anything being
>>>> rejected.
>>>>
>>>> The process runs as :
>>>> /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
>>>> /var/spool/postfix/spamass/spamass.sock -u nobody -M -r 11 -i 127.0.0.1
>>>>
>>>> And the socket is there:-
>>>> srw-rw---- 1 postfix postfix 0 Jun 14 13:48
>>>> /var/spool/postfix/spamass/spamass.sock
>>>>
>>>> I did not read any errors about milters in the postfix logs
>>>> (/var/log/mail.*),  other than the usual macro complaint which I think
>>>> can be ignored.
>>>> mail.log:Jun 14 13:50:05 logout spamass-milter[21468]: Could not
>>>> retrieve sendmail macro "i"!.  Please add it to
>>>> confMILTER_MACROS_ENVFROM for better spamassassin results
>>>>
>>>>
>>>>
>>>> Best regards, Simon.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Spamass-milt-list mailing list
>>>> address@hidden
>>>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
>>>>
>>>
>>
>> _______________________________________________
>> Spamass-milt-list mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
>>
>
>

[Prev in Thread]

Current Thread

[Next in Thread]

Milter no longer rejects spam (postfix, J4K, 2011/06/14
- Re: Milter no longer rejects spam (postfix, Damian Menscher, 2011/06/14
  - Re: Milter no longer rejects spam (postfix, J4K, 2011/06/15
    - Re: Milter no longer rejects spam (postfix, Damian Menscher, 2011/06/15
    - Re: Milter no longer rejects spam (postfix, J4K <=

Prev by Date: Re: Milter no longer rejects spam (postfix
Previous by thread: Re: Milter no longer rejects spam (postfix
Index(es):
- Date
- Thread