Page 1 of 3

bypass spamassassin on ongoing messages

Posted: Sun Jan 31, 2010 12:02 pm
by zeki
hello
i tryed now for hours, but dont found a solution...

my mail users send emails via the server with smtp auth and sometime get tagged as spam.... what i want to implement is, to bypass spamassassin for users who make smtp auth (only spamassassin, not clamav)

what i tryed, without success is (it scans the mail...)

- env = QS_SPAMASSASSIn="on" in /etc/xinetd.d/smtp_psa



... another idea i read is to give -10 SA points to mails that have a X-SMTP-Auth= yes -> how i can add this to the outgoing emails?

how are your systems configured to solve this problem?


thanks
zeki

Re: bypass spamassassin on ongoing messages

Posted: Tue Feb 02, 2010 5:28 pm
by Troy McClure
I tried to get this working before too, but couldn't ever get it to skip scanning with Spamassassin. I would like to see if anyone has had any success doing this. I even tried to use the alternate smtp port, but it still scans the messages.

Re: bypass spamassassin on ongoing messages

Posted: Wed Feb 03, 2010 1:42 pm
by biggles
Yeah, this is really strange. I have tried to turn scanning of outgoing mail off several times but haven't been able to find a way. It doesn't matter which port I use (25, 587 or 465) or adding QS_SPAMASSASSIN="off" or QS_SPAMASSASSIN=0 to /etc/xinetd.d/smtp_psa or /etc/xinetd.d/smtpa_psa or /etc/xinetd.d/submission_psa

Ig anyone could explain how the mail queue really works I might be able to dig something up...

Re: bypass spamassassin on ongoing messages

Posted: Wed Feb 03, 2010 2:28 pm
by scott
Its definitely possible if you can manipulate what qmail-queue binary gets invoked. In the context of tcpserver, thats what that whole "qmailqueue" patch you may have heard about. A combination of that, plus tcpserver would let you define the alternate qmail-queue to use. I'd implement that by binding it to port 587. Plesk of course uses xinetd, and qmail without this patch applied. I do seem to recall seeing something in the past where someone figured out how to manipulate it in an xinetd context.

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 9:45 am
by danami
Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code: Select all

# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0
Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 12:45 pm
by zeki
thanks danami
thats what i search for weeks....

i run qmail-scanner on my system . maybe custom rules dont get applied with qmail-scanner?
i tryed your rule and other test rules in local.cf and xy.cf in /etc/mail/spamassassin

in spamassasin --lint -D i see, that local.cf and my xy.cf gets read...but no effect.
a tip?

thanks
zeki

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 1:05 pm
by biggles
danami wrote:Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code: Select all

# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0
Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!
Thanks a lot for the tip! I have one problem though. My server randomly choses one of the domains which I host on the server for "yourhostname\.yourdomain\.com". Anyone got any idea how to fix that?

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 2:00 pm
by biggles
Fixed it! I had a PTR-record for every domain on the server. Seems to be the default for a the Plesk DNS-template. Really shouldn't be...

Once again thanks a lot for the script/rules!

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 4:24 pm
by faris
Yeah, the default PTR issue is a PITA unless you remember to remove it in the template :-)

danami - thanks for this. I didn't think of it. Brilliant.

zeki - check the headers to see what rules trigger on messages marked as spam. if the new one in local.cf does not trigger it may just be that your hostname is not set correctly in the regex or that you also have multiple PTRs. Rememer that the regex isn't looking for the domain name as such - it is looking for the full hostname (e.g. myservername.hostingcompany-corp-ltd.com) and which basically correspoinds to the PTR record for the main IP of your server (at least I think so.. .. I'm easily confused these days).

Bottom line is, as danami says, look in the email headers to see what is actually being used by your server, and put that in.

Faris.

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 4:30 pm
by zeki
hey faris
thanks for the tip. i tryed a simple rule and it gets ignored. it has nothing to do with the title of this thread ...
i have to find out why my rules gets ignored first .....-

thanks all
zeki

Re: bypass spamassassin on ongoing messages

Posted: Sat Feb 06, 2010 5:26 pm
by biggles
Have you restarted spamassassin? And re-run qmail-reconfigure? It feels like you have to do it some times...

Re: bypass spamassassin on ongoing messages

Posted: Mon Feb 08, 2010 1:51 pm
by Troy McClure
Yep, this works great. Thanks for the rules.

Re: bypass spamassassin on ongoing messages

Posted: Tue Feb 09, 2010 6:35 pm
by zeki
after a restart of the server now the SA rules are active...

when i authenticate on SMTP i dont get in the header:

by server with xy encrypted with SMTP

i only get

by server with SMTP (even i use smtp auth with TLS)


any tips?

thanks
zeki

ps: i run spamdyke,qmail-scanner,qmail of plesk9.01

Re: bypass spamassassin on ongoing messages

Posted: Tue Feb 09, 2010 7:23 pm
by faris
just remove \(.* encrypted\) from the regex. Same here, incidentally.

Faris.

Re: bypass spamassassin on ongoing messages

Posted: Tue Feb 09, 2010 7:34 pm
by zeki
That's what I tryed... Then it matches on every incoming mail... with -10 point.....