ISPsystem.com Forums

ISPsystem.com Forums (http://forum.ispsystem.com//index.php)
-   Troubleshooting (http://forum.ispsystem.com//forumdisplay.php?f=11)
-   -   too much spam (http://forum.ispsystem.com//showthread.php?t=2548)

magus 06-22-2016 02:34 PM
too much spam
 
Hi

I am getting huge amounts of spam being passed through the mail server. I have checked the incoming headers and can see that they are being spam tested, but rather than being filtered and the header re-written they are being sent straight through.

I can no longer find any way to change the spamassassin settings via the web interface, and according to the settings in the local.conf for spamassassin all mail with a score over 5 should be rewritten as spam.

As this is not happening I can only surmise that spamassassin is no longer working.

The web interface is showing that the service itself is running so there must be a configuration error somewhere.

Could you give me some ideas on where to start looking

Thanks

ispmanager version: 5.56.0-2016.05.05_12:51

magus 06-24-2016 11:58 AM
More info in case it helps.

I have exim/dkim, clam and spamassassin enabled on all mail domains, and spamassassin enabled on all mailboxes.

local.conf
Code:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

score USER_IN_WHITELIST_TO        -5000

bayes_path /var/spamassassin/bayes
This should rewrite the mail header on detected spam.

Excert from my mail log
Code:
Jun 24 04:55:45 svr1 postgrey[12346]: action=pass, reason=recipient whitelist, client_name=mail13.currentstore.cc, client_address=103.205.5.74, sender=www-19-1219133.LmhvdHNhbGU4LmNsdWI-pm-1-1-330-22-ktcddd9337@currentstore.cc, recipient=billing@********.co.uk
Jun 24 04:55:46 svr1 spamd[19877]: spamd: connection from localhost [127.0.0.1] at port 38000
Jun 24 04:55:46 svr1 spamd[19877]: spamd: setuid to root succeeded
Jun 24 04:55:46 svr1 spamd[19877]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jun 24 04:55:46 svr1 spamd[19877]: spamd: checking message <741669cd496fb794c4e24f020b3172aa@currentstore.cc> for root:99
Jun 24 04:55:48 svr1 spamd[19877]: spamd: identified spam (7.9/5.0) for root:99 in 1.7 seconds, 9147 bytes.
Jun 24 04:55:48 svr1 spamd[19877]: spamd: result: Y 7 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RP_MATCHES_RCVD,TO_IN_SUBJ,URIBL_BLOCKED,URIBL_DBL_SPAM scantime=1.7,size=9147,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38000,mid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>,autolearn=no
Jun 24 04:55:48 svr1 spamd[19869]: prefork: child states: II
Jun 24 04:55:49 svr1 dovecot: lda(billing@********.co.uk): msgid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>: saved mail to INBOX
As you can see, the message is being detected as spam and then transferred to the inbox.

Message header
Code:
Subject: The crisis has finished! Work with us!
Message-ID: <741669cd496fb794c4e24f020b3172aa@currentstore.cc>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.52)
Content-type: multipart/alternative; boundary="Alt-Boundary-00298.6444300"
X-Scanned-By: ClamAV 0.99.1; Fri, 24 Jun 2016 09:42:26 +0100
X-Spam_score: 11.3
X-Spam_score_int: 113
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "svr1.********.co.uk", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
Here you can plainly see that the header is not being re-written for spam. I would like eventually to be able to set spamassassin to delete spam over a certain level but cannot risk that until I can verify that spamassassin is reading the correct configuration file.

Or is it reading the user.pref in the root .spamassassin folder?

ANY help would be good.

usaafko 07-04-2016 02:31 AM
Sorry, ISPmanager can't configure spam assassin. But you can reconfigure exim&spamassassin as you want. Maybe some other forum users can help you with manual configuration.

dragon 07-25-2016 08:24 PM
RBL blocking just went from ubuntu/ispmanager

on ubuntu

root@panel:/etc/exim4# ls -la dnsbllist
-rw------- 1 Debian-exim Debian-exim 116 Jul 25 20:13 dnsbllist

file exists

root@panel:/etc/exim4# grep -r dnsbllist *
root@panel:/etc/exim4#

but exim in not aware of that

on Debian installation

-rw------- 1 Debian-exim Debian-exim 93 Feb 25 11:41 dnsbllist

file exists also, and it's reference in configuration

root@hosting0:/etc/exim4# grep -r dnsbllist *
exim4.conf.template: dnslists = ${readfile {/etc/exim4/dnsbllist}{:}}

So, You've missed something in ubuntu release

dragon 07-25-2016 09:11 PM
something strange, I've another ubuntu installation, where is RBL still works
and there is difference in size of exim4.conf.template

good one have

-rw-r--r-- 1 root mail 14226 May 17 15:10 exim4.conf.template

and the bad one

-rw-r--r-- 1 root mail 14051 May 17 03:11 exim4.conf.template

Looks like some "glitch" on upgrade, both ubuntus have same ispmanager version - ISPmanager Lite 5.64.1

Got good version, changed IP, looks good... question for support, do I need to check anything else (related to exim4.conf.template)?


All times are GMT +2. The time now is 11:29 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.