06-22-2016, 02:34 PM | #1 |
Junior Member
Join Date: Dec 2015
Posts: 2
|
too much spam
Hi
I am getting huge amounts of spam being passed through the mail server. I have checked the incoming headers and can see that they are being spam tested, but rather than being filtered and the header re-written they are being sent straight through. I can no longer find any way to change the spamassassin settings via the web interface, and according to the settings in the local.conf for spamassassin all mail with a score over 5 should be rewritten as spam. As this is not happening I can only surmise that spamassassin is no longer working. The web interface is showing that the service itself is running so there must be a configuration error somewhere. Could you give me some ideas on where to start looking Thanks ispmanager version: 5.56.0-2016.05.05_12:51 |
06-24-2016, 11:58 AM | #2 |
Junior Member
Join Date: Dec 2015
Posts: 2
|
More info in case it helps.
I have exim/dkim, clam and spamassassin enabled on all mail domains, and spamassassin enabled on all mailboxes. local.conf Code:
required_hits 5 report_safe 0 rewrite_header Subject [SPAM] score USER_IN_WHITELIST_TO -5000 bayes_path /var/spamassassin/bayes Excert from my mail log Code:
Jun 24 04:55:45 svr1 postgrey[12346]: action=pass, reason=recipient whitelist, client_name=mail13.currentstore.cc, client_address=103.205.5.74, sender=www-19-1219133.LmhvdHNhbGU4LmNsdWI-pm-1-1-330-22-ktcddd9337@currentstore.cc, recipient=billing@********.co.uk Jun 24 04:55:46 svr1 spamd[19877]: spamd: connection from localhost [127.0.0.1] at port 38000 Jun 24 04:55:46 svr1 spamd[19877]: spamd: setuid to root succeeded Jun 24 04:55:46 svr1 spamd[19877]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jun 24 04:55:46 svr1 spamd[19877]: spamd: checking message <741669cd496fb794c4e24f020b3172aa@currentstore.cc> for root:99 Jun 24 04:55:48 svr1 spamd[19877]: spamd: identified spam (7.9/5.0) for root:99 in 1.7 seconds, 9147 bytes. Jun 24 04:55:48 svr1 spamd[19877]: spamd: result: Y 7 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RP_MATCHES_RCVD,TO_IN_SUBJ,URIBL_BLOCKED,URIBL_DBL_SPAM scantime=1.7,size=9147,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38000,mid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>,autolearn=no Jun 24 04:55:48 svr1 spamd[19869]: prefork: child states: II Jun 24 04:55:49 svr1 dovecot: lda(billing@********.co.uk): msgid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>: saved mail to INBOX Message header Code:
Subject: The crisis has finished! Work with us! Message-ID: <741669cd496fb794c4e24f020b3172aa@currentstore.cc> Priority: normal X-mailer: Pegasus Mail for Windows (4.52) Content-type: multipart/alternative; boundary="Alt-Boundary-00298.6444300" X-Scanned-By: ClamAV 0.99.1; Fri, 24 Jun 2016 09:42:26 +0100 X-Spam_score: 11.3 X-Spam_score_int: 113 X-Spam_bar: +++++++++++ X-Spam_report: Spam detection software, running on the system "svr1.********.co.uk", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Or is it reading the user.pref in the root .spamassassin folder? ANY help would be good. |
07-25-2016, 08:24 PM | #4 |
Member
Join Date: Jan 2013
Posts: 38
|
RBL blocking just went from ubuntu/ispmanager
on ubuntu root@panel:/etc/exim4# ls -la dnsbllist -rw------- 1 Debian-exim Debian-exim 116 Jul 25 20:13 dnsbllist file exists root@panel:/etc/exim4# grep -r dnsbllist * root@panel:/etc/exim4# but exim in not aware of that on Debian installation -rw------- 1 Debian-exim Debian-exim 93 Feb 25 11:41 dnsbllist file exists also, and it's reference in configuration root@hosting0:/etc/exim4# grep -r dnsbllist * exim4.conf.template: dnslists = ${readfile {/etc/exim4/dnsbllist}{:}} So, You've missed something in ubuntu release |
07-25-2016, 09:11 PM | #5 |
Member
Join Date: Jan 2013
Posts: 38
|
something strange, I've another ubuntu installation, where is RBL still works
and there is difference in size of exim4.conf.template good one have -rw-r--r-- 1 root mail 14226 May 17 15:10 exim4.conf.template and the bad one -rw-r--r-- 1 root mail 14051 May 17 03:11 exim4.conf.template Looks like some "glitch" on upgrade, both ubuntus have same ispmanager version - ISPmanager Lite 5.64.1 Got good version, changed IP, looks good... question for support, do I need to check anything else (related to exim4.conf.template)? |
|
|