bypass spamassassin on ongoing messages

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
zeki
Forum Regular
Forum Regular
Posts: 120
Joined: Sat Aug 12, 2006 8:14 am

bypass spamassassin on ongoing messages

Unread post by zeki »

hello
i tryed now for hours, but dont found a solution...

my mail users send emails via the server with smtp auth and sometime get tagged as spam.... what i want to implement is, to bypass spamassassin for users who make smtp auth (only spamassassin, not clamav)

what i tryed, without success is (it scans the mail...)

- env = QS_SPAMASSASSIn="on" in /etc/xinetd.d/smtp_psa



... another idea i read is to give -10 SA points to mails that have a X-SMTP-Auth= yes -> how i can add this to the outgoing emails?

how are your systems configured to solve this problem?


thanks
zeki
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: bypass spamassassin on ongoing messages

Unread post by Troy McClure »

I tried to get this working before too, but couldn't ever get it to skip scanning with Spamassassin. I would like to see if anyone has had any success doing this. I even tried to use the alternate smtp port, but it still scans the messages.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: bypass spamassassin on ongoing messages

Unread post by biggles »

Yeah, this is really strange. I have tried to turn scanning of outgoing mail off several times but haven't been able to find a way. It doesn't matter which port I use (25, 587 or 465) or adding QS_SPAMASSASSIN="off" or QS_SPAMASSASSIN=0 to /etc/xinetd.d/smtp_psa or /etc/xinetd.d/smtpa_psa or /etc/xinetd.d/submission_psa

Ig anyone could explain how the mail queue really works I might be able to dig something up...
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: bypass spamassassin on ongoing messages

Unread post by scott »

Its definitely possible if you can manipulate what qmail-queue binary gets invoked. In the context of tcpserver, thats what that whole "qmailqueue" patch you may have heard about. A combination of that, plus tcpserver would let you define the alternate qmail-queue to use. I'd implement that by binding it to port 587. Plesk of course uses xinetd, and qmail without this patch applied. I do seem to recall seeing something in the past where someone figured out how to manipulate it in an xinetd context.
danami
Forum User
Forum User
Posts: 16
Joined: Wed Feb 21, 2007 7:56 pm

Re: bypass spamassassin on ongoing messages

Unread post by danami »

Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code: Select all

# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0
Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!
zeki
Forum Regular
Forum Regular
Posts: 120
Joined: Sat Aug 12, 2006 8:14 am

Re: bypass spamassassin on ongoing messages

Unread post by zeki »

thanks danami
thats what i search for weeks....

i run qmail-scanner on my system . maybe custom rules dont get applied with qmail-scanner?
i tryed your rule and other test rules in local.cf and xy.cf in /etc/mail/spamassassin

in spamassasin --lint -D i see, that local.cf and my xy.cf gets read...but no effect.
a tip?

thanks
zeki
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: bypass spamassassin on ongoing messages

Unread post by biggles »

danami wrote:Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code: Select all

# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0
Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!
Thanks a lot for the tip! I have one problem though. My server randomly choses one of the domains which I host on the server for "yourhostname\.yourdomain\.com". Anyone got any idea how to fix that?
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: bypass spamassassin on ongoing messages

Unread post by biggles »

Fixed it! I had a PTR-record for every domain on the server. Seems to be the default for a the Plesk DNS-template. Really shouldn't be...

Once again thanks a lot for the script/rules!
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: bypass spamassassin on ongoing messages

Unread post by faris »

Yeah, the default PTR issue is a PITA unless you remember to remove it in the template :-)

danami - thanks for this. I didn't think of it. Brilliant.

zeki - check the headers to see what rules trigger on messages marked as spam. if the new one in local.cf does not trigger it may just be that your hostname is not set correctly in the regex or that you also have multiple PTRs. Rememer that the regex isn't looking for the domain name as such - it is looking for the full hostname (e.g. myservername.hostingcompany-corp-ltd.com) and which basically correspoinds to the PTR record for the main IP of your server (at least I think so.. .. I'm easily confused these days).

Bottom line is, as danami says, look in the email headers to see what is actually being used by your server, and put that in.

Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
zeki
Forum Regular
Forum Regular
Posts: 120
Joined: Sat Aug 12, 2006 8:14 am

Re: bypass spamassassin on ongoing messages

Unread post by zeki »

hey faris
thanks for the tip. i tryed a simple rule and it gets ignored. it has nothing to do with the title of this thread ...
i have to find out why my rules gets ignored first .....-

thanks all
zeki
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: bypass spamassassin on ongoing messages

Unread post by biggles »

Have you restarted spamassassin? And re-run qmail-reconfigure? It feels like you have to do it some times...
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: bypass spamassassin on ongoing messages

Unread post by Troy McClure »

Yep, this works great. Thanks for the rules.
zeki
Forum Regular
Forum Regular
Posts: 120
Joined: Sat Aug 12, 2006 8:14 am

Re: bypass spamassassin on ongoing messages

Unread post by zeki »

after a restart of the server now the SA rules are active...

when i authenticate on SMTP i dont get in the header:

by server with xy encrypted with SMTP

i only get

by server with SMTP (even i use smtp auth with TLS)


any tips?

thanks
zeki

ps: i run spamdyke,qmail-scanner,qmail of plesk9.01
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: bypass spamassassin on ongoing messages

Unread post by faris »

just remove \(.* encrypted\) from the regex. Same here, incidentally.

Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
zeki
Forum Regular
Forum Regular
Posts: 120
Joined: Sat Aug 12, 2006 8:14 am

Re: bypass spamassassin on ongoing messages

Unread post by zeki »

That's what I tryed... Then it matches on every incoming mail... with -10 point.....
Post Reply