general spamassassin qmail scanner question

[coolemail]

Thank you for this comment faris. Yes, you are absolutely right, certainly looking at my own maillog: all incoming AND outgoing mail has "plesk2.mydomain.com with SMTP" in the header and would satisfy that entry. Interestingly, there is even a Spam email we have received that is marked:

Received: (qmail 17091 invoked by uid 10113); 1 Jul 2010 11:38:12 +0100
Received: from mplsfe-mgate1.itg.state.mn.us by plesk2.mydomain.com (envelope-from <joe.richter@state.mn.us>, uid 2020) with qmail-scanner-2.08st
(clamdscan: 0.96.1/11301. spamassassin: 3.2.5. perlscan: 2.08st.
Clear:RC:0(156.99.119.33):SA:0(-1.0/3.0):.
Processed in 1.475942 secs); 01 Jul 2010 10:38:12 -0000
X-Spam-Status: No, hits=-1.0 required=3.0
Received: from mplsfe-mgate1.itg.state.mn.us (156.99.119.33)
by plesk2.mydomain.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 Jul 2010 11:38:10 +0100
Received: from ([156.99.119.42])
by mplsfe-mgate1.itg.state.mn.us with SMTP id KP-BRCTA.265146786;
Thu, 01 Jul 2010 05:37:12 -0500
Return-Path: <Joe.Richter@state.mn.us>
Received: from COBHUB02.ead.state.mn.us (COBHUB02.ead.state.mn.us [156.98.197.38]) by mail2.state.mn.us with ESMTP; Thu, 1 Jul 2010 05:36:10 -0500
Received: from MNMail02.ead.state.mn.us ([169.254.1.220]) by
COBHUB02.ead.state.mn.us ([156.98.197.38]) with mapi; Thu, 1 Jul 2010
05:36:09 -0500
From: "Richter, Joe G (DNR)" <Joe.Richter@state.mn.us>
To: "info@uknl.org" <info@uknl.org>
Date: Thu, 1 Jul 2010 05:36:08 -0500
Subject: Email Notification!
Thread-Topic: Email Notification!
Thread-Index: AQHLGQk3zNvc5mju9UqsVMZbqV0yBQ==
Message-Id: <8B0F99B816DD3B4E8C67345AFC7C669D29ED4241F8@MNMAIL02.ead.state.mn.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_8B0F99B816DD3B4E8C67345AFC7C669D29ED4241F8MNMAIL02eadst_"
MIME-Version: 1.0P

That suggests that encryption does not necessarily suggest that email is not Spam. But, should we be encrypting all my outgoing mail? And can someone tell me how to do that please?

[faris]

I don't know the specifics, but anytime two of my qmail/Plesk servers communicate *with each other*, the connection is always encrypted. This is not something I've done -- it just happens.

But messages from a third party, non-Plesk qmail server to any of my servers is not encrypted.

Faris.

[coolemail]

I'm missing something that is happening on Spamassassin and hope someone can help. A customer whose ISP gives out dynamic IPs is causing their emails to be marked as Spam from my server. I've tried to prevent this by adding their emails to my global config file and using the trusted_networks setting:

[plesk2.server.co.uk ~]# cat /etc/mail/spamassassin/local.cf
report_safe 0
rewrite_header subject *****SPAM*****
required_score 3
# whitelist domain1
whitelist_from *@domain1.com
whitelist_to *@domain1.com
# whitelist domain2
whitelist_from *@domain2.com
whitelist_to *@domain2.com
trusted_networks 82.197.79.4 127.0.0.1
# whitelist mycustomer
whitelist_from *@mycustomer@domain3.com
whitelist_from *@mycustomer@domain3.com
[plesk2.server.co.uk ~]#

http://wiki.apache.org/spamassassin/ManualWhitelist suggests that they should be given a score of -100 but clearly it is not working somehow.

Can someone help please and tell us what we have (not) done to make this work, or help us troubleshoot it and make it work? It is confusing me and frustrating customers whose emails are being tagged as Spam by our own servers!

[breun]

I don't know why trusted_networks isn't working for you (have you restarted SpamAssassin after the change?), but here are a couple of more options:

1. Let your clients use their ISP's SMTP server if possible.
2. Modify the scores for the rules that are triggering and shouldn't add (much) to the hits score as far as you're concerned: http://wiki.apache.org/spamassassin/AdjustRuleScore

[faris]

Just to add an additional suggestion for troubleshooting:

Instead of putting your whitelist in local.cf, why not put it in something like 01_whitelist.cf, then run:

spamassassin -D < test-email-with-headers.txt

where ideally the test email is a copy of one of the ones that currently gets sent by the customer and gets marked as spam.

Look to make sure that 01_whitelist.cf gets loaded - you should see it clearly in the debug output - and also examine the scores and the reasons for the scores at the end of the debug output.

Faris.