US: 1-941-4621-069
  
Cyprus: 3-572-2052-781

Go Back   ISPsystem.com Forums > ISPmanager > Troubleshooting


Reply
 
Thread Tools
Old 06-22-2016, 02:34 PM   #1
Junior Member
 
Join Date: Dec 2015
Posts: 2
magus is on a distinguished road
Default too much spam

Hi

I am getting huge amounts of spam being passed through the mail server. I have checked the incoming headers and can see that they are being spam tested, but rather than being filtered and the header re-written they are being sent straight through.

I can no longer find any way to change the spamassassin settings via the web interface, and according to the settings in the local.conf for spamassassin all mail with a score over 5 should be rewritten as spam.

As this is not happening I can only surmise that spamassassin is no longer working.

The web interface is showing that the service itself is running so there must be a configuration error somewhere.

Could you give me some ideas on where to start looking

Thanks

ispmanager version: 5.56.0-2016.05.05_12:51
magus is offline   Reply With Quote
Old 06-24-2016, 11:58 AM   #2
Junior Member
 
Join Date: Dec 2015
Posts: 2
magus is on a distinguished road
Default

More info in case it helps.

I have exim/dkim, clam and spamassassin enabled on all mail domains, and spamassassin enabled on all mailboxes.

local.conf
Code:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

score USER_IN_WHITELIST_TO	-5000

bayes_path /var/spamassassin/bayes
This should rewrite the mail header on detected spam.

Excert from my mail log
Code:
Jun 24 04:55:45 svr1 postgrey[12346]: action=pass, reason=recipient whitelist, client_name=mail13.currentstore.cc, client_address=103.205.5.74, sender=www-19-1219133.LmhvdHNhbGU4LmNsdWI-pm-1-1-330-22-ktcddd9337@currentstore.cc, recipient=billing@********.co.uk
Jun 24 04:55:46 svr1 spamd[19877]: spamd: connection from localhost [127.0.0.1] at port 38000
Jun 24 04:55:46 svr1 spamd[19877]: spamd: setuid to root succeeded
Jun 24 04:55:46 svr1 spamd[19877]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody
Jun 24 04:55:46 svr1 spamd[19877]: spamd: checking message <741669cd496fb794c4e24f020b3172aa@currentstore.cc> for root:99
Jun 24 04:55:48 svr1 spamd[19877]: spamd: identified spam (7.9/5.0) for root:99 in 1.7 seconds, 9147 bytes.
Jun 24 04:55:48 svr1 spamd[19877]: spamd: result: Y 7 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,RCVD_IN_SBL,RCVD_IN_SBL_CSS,RP_MATCHES_RCVD,TO_IN_SUBJ,URIBL_BLOCKED,URIBL_DBL_SPAM scantime=1.7,size=9147,user=root,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38000,mid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>,autolearn=no
Jun 24 04:55:48 svr1 spamd[19869]: prefork: child states: II
Jun 24 04:55:49 svr1 dovecot: lda(billing@********.co.uk): msgid=<741669cd496fb794c4e24f020b3172aa@currentstore.cc>: saved mail to INBOX
As you can see, the message is being detected as spam and then transferred to the inbox.

Message header
Code:
Subject: The crisis has finished! Work with us!
Message-ID: <741669cd496fb794c4e24f020b3172aa@currentstore.cc>
Priority: normal
X-mailer: Pegasus Mail for Windows (4.52)
Content-type: multipart/alternative; boundary="Alt-Boundary-00298.6444300"
X-Scanned-By: ClamAV 0.99.1; Fri, 24 Jun 2016 09:42:26 +0100
X-Spam_score: 11.3
X-Spam_score_int: 113
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "svr1.********.co.uk", has
 identified this incoming email as possible spam.  The original message
 has been attached to this so you can view it (if it isn't spam) or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
Here you can plainly see that the header is not being re-written for spam. I would like eventually to be able to set spamassassin to delete spam over a certain level but cannot risk that until I can verify that spamassassin is reading the correct configuration file.

Or is it reading the user.pref in the root .spamassassin folder?

ANY help would be good.
magus is offline   Reply With Quote
Old 07-04-2016, 02:31 AM   #3
Support team
 
Join Date: Oct 2013
Posts: 44
usaafko is on a distinguished road
Default

Sorry, ISPmanager can't configure spam assassin. But you can reconfigure exim&spamassassin as you want. Maybe some other forum users can help you with manual configuration.
usaafko is offline   Reply With Quote
Old 07-25-2016, 08:24 PM   #4
Member
 
Join Date: Jan 2013
Posts: 38
dragon is on a distinguished road
Default

RBL blocking just went from ubuntu/ispmanager

on ubuntu

root@panel:/etc/exim4# ls -la dnsbllist
-rw------- 1 Debian-exim Debian-exim 116 Jul 25 20:13 dnsbllist

file exists

root@panel:/etc/exim4# grep -r dnsbllist *
root@panel:/etc/exim4#

but exim in not aware of that

on Debian installation

-rw------- 1 Debian-exim Debian-exim 93 Feb 25 11:41 dnsbllist

file exists also, and it's reference in configuration

root@hosting0:/etc/exim4# grep -r dnsbllist *
exim4.conf.template: dnslists = ${readfile {/etc/exim4/dnsbllist}{:}}

So, You've missed something in ubuntu release
dragon is offline   Reply With Quote
Old 07-25-2016, 09:11 PM   #5
Member
 
Join Date: Jan 2013
Posts: 38
dragon is on a distinguished road
Default

something strange, I've another ubuntu installation, where is RBL still works
and there is difference in size of exim4.conf.template

good one have

-rw-r--r-- 1 root mail 14226 May 17 15:10 exim4.conf.template

and the bad one

-rw-r--r-- 1 root mail 14051 May 17 03:11 exim4.conf.template

Looks like some "glitch" on upgrade, both ubuntus have same ispmanager version - ISPmanager Lite 5.64.1

Got good version, changed IP, looks good... question for support, do I need to check anything else (related to exim4.conf.template)?
dragon is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 09:33 PM.