bypass spamassassin on ongoing messages
bypass spamassassin on ongoing messages
hello
i tryed now for hours, but dont found a solution...
my mail users send emails via the server with smtp auth and sometime get tagged as spam.... what i want to implement is, to bypass spamassassin for users who make smtp auth (only spamassassin, not clamav)
what i tryed, without success is (it scans the mail...)
- env = QS_SPAMASSASSIn="on" in /etc/xinetd.d/smtp_psa
... another idea i read is to give -10 SA points to mails that have a X-SMTP-Auth= yes -> how i can add this to the outgoing emails?
how are your systems configured to solve this problem?
thanks
zeki
i tryed now for hours, but dont found a solution...
my mail users send emails via the server with smtp auth and sometime get tagged as spam.... what i want to implement is, to bypass spamassassin for users who make smtp auth (only spamassassin, not clamav)
what i tryed, without success is (it scans the mail...)
- env = QS_SPAMASSASSIn="on" in /etc/xinetd.d/smtp_psa
... another idea i read is to give -10 SA points to mails that have a X-SMTP-Auth= yes -> how i can add this to the outgoing emails?
how are your systems configured to solve this problem?
thanks
zeki
-
- Forum Regular
- Posts: 196
- Joined: Tue May 10, 2005 1:24 pm
Re: bypass spamassassin on ongoing messages
I tried to get this working before too, but couldn't ever get it to skip scanning with Spamassassin. I would like to see if anyone has had any success doing this. I even tried to use the alternate smtp port, but it still scans the messages.
Re: bypass spamassassin on ongoing messages
Yeah, this is really strange. I have tried to turn scanning of outgoing mail off several times but haven't been able to find a way. It doesn't matter which port I use (25, 587 or 465) or adding QS_SPAMASSASSIN="off" or QS_SPAMASSASSIN=0 to /etc/xinetd.d/smtp_psa or /etc/xinetd.d/smtpa_psa or /etc/xinetd.d/submission_psa
Ig anyone could explain how the mail queue really works I might be able to dig something up...
Ig anyone could explain how the mail queue really works I might be able to dig something up...
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: bypass spamassassin on ongoing messages
Its definitely possible if you can manipulate what qmail-queue binary gets invoked. In the context of tcpserver, thats what that whole "qmailqueue" patch you may have heard about. A combination of that, plus tcpserver would let you define the alternate qmail-queue to use. I'd implement that by binding it to port 587. Plesk of course uses xinetd, and qmail without this patch applied. I do seem to recall seeing something in the past where someone figured out how to manipulate it in an xinetd context.
Re: bypass spamassassin on ongoing messages
Here is a little tutorial for how you do it. Its actually pretty simple:
Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.
Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).
Substitute your hostname and server name with your own.
The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php
References: http://wiki.apache.org/spamassassin/DynablockIssues
I hope this helps people!
Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.
Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).
Code: Select all
# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0
The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php
References: http://wiki.apache.org/spamassassin/DynablockIssues
I hope this helps people!
Re: bypass spamassassin on ongoing messages
thanks danami
thats what i search for weeks....
i run qmail-scanner on my system . maybe custom rules dont get applied with qmail-scanner?
i tryed your rule and other test rules in local.cf and xy.cf in /etc/mail/spamassassin
in spamassasin --lint -D i see, that local.cf and my xy.cf gets read...but no effect.
a tip?
thanks
zeki
thats what i search for weeks....
i run qmail-scanner on my system . maybe custom rules dont get applied with qmail-scanner?
i tryed your rule and other test rules in local.cf and xy.cf in /etc/mail/spamassassin
in spamassasin --lint -D i see, that local.cf and my xy.cf gets read...but no effect.
a tip?
thanks
zeki
Re: bypass spamassassin on ongoing messages
Thanks a lot for the tip! I have one problem though. My server randomly choses one of the domains which I host on the server for "yourhostname\.yourdomain\.com". Anyone got any idea how to fix that?danami wrote:Here is a little tutorial for how you do it. Its actually pretty simple:
Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.
Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).
Substitute your hostname and server name with your own.Code: Select all
# custom rules header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/ score LOCAL_AUTH_RCVD -10.0
The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php
References: http://wiki.apache.org/spamassassin/DynablockIssues
I hope this helps people!
Re: bypass spamassassin on ongoing messages
Fixed it! I had a PTR-record for every domain on the server. Seems to be the default for a the Plesk DNS-template. Really shouldn't be...
Once again thanks a lot for the script/rules!
Once again thanks a lot for the script/rules!
Re: bypass spamassassin on ongoing messages
Yeah, the default PTR issue is a PITA unless you remember to remove it in the template
danami - thanks for this. I didn't think of it. Brilliant.
zeki - check the headers to see what rules trigger on messages marked as spam. if the new one in local.cf does not trigger it may just be that your hostname is not set correctly in the regex or that you also have multiple PTRs. Rememer that the regex isn't looking for the domain name as such - it is looking for the full hostname (e.g. myservername.hostingcompany-corp-ltd.com) and which basically correspoinds to the PTR record for the main IP of your server (at least I think so.. .. I'm easily confused these days).
Bottom line is, as danami says, look in the email headers to see what is actually being used by your server, and put that in.
Faris.
danami - thanks for this. I didn't think of it. Brilliant.
zeki - check the headers to see what rules trigger on messages marked as spam. if the new one in local.cf does not trigger it may just be that your hostname is not set correctly in the regex or that you also have multiple PTRs. Rememer that the regex isn't looking for the domain name as such - it is looking for the full hostname (e.g. myservername.hostingcompany-corp-ltd.com) and which basically correspoinds to the PTR record for the main IP of your server (at least I think so.. .. I'm easily confused these days).
Bottom line is, as danami says, look in the email headers to see what is actually being used by your server, and put that in.
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: bypass spamassassin on ongoing messages
hey faris
thanks for the tip. i tryed a simple rule and it gets ignored. it has nothing to do with the title of this thread ...
i have to find out why my rules gets ignored first .....-
thanks all
zeki
thanks for the tip. i tryed a simple rule and it gets ignored. it has nothing to do with the title of this thread ...
i have to find out why my rules gets ignored first .....-
thanks all
zeki
Re: bypass spamassassin on ongoing messages
Have you restarted spamassassin? And re-run qmail-reconfigure? It feels like you have to do it some times...
-
- Forum Regular
- Posts: 196
- Joined: Tue May 10, 2005 1:24 pm
Re: bypass spamassassin on ongoing messages
Yep, this works great. Thanks for the rules.
Re: bypass spamassassin on ongoing messages
after a restart of the server now the SA rules are active...
when i authenticate on SMTP i dont get in the header:
by server with xy encrypted with SMTP
i only get
by server with SMTP (even i use smtp auth with TLS)
any tips?
thanks
zeki
ps: i run spamdyke,qmail-scanner,qmail of plesk9.01
when i authenticate on SMTP i dont get in the header:
by server with xy encrypted with SMTP
i only get
by server with SMTP (even i use smtp auth with TLS)
any tips?
thanks
zeki
ps: i run spamdyke,qmail-scanner,qmail of plesk9.01
Re: bypass spamassassin on ongoing messages
just remove \(.* encrypted\) from the regex. Same here, incidentally.
Faris.
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: bypass spamassassin on ongoing messages
That's what I tryed... Then it matches on every incoming mail... with -10 point.....