savemail: cannot save rejected email anywhere

Kevin J. Cummings cummings at kjchome.homeip.net
Fri Aug 20 16:39:46 UTC 2010


On 08/20/2010 12:16 PM, Gordon Messmer wrote:
> On 08/17/2010 09:50 AM, Kevin J. Cummings wrote:
>>
>> I did that yesterday.  No new SPAM markings on my hourly emails, though
>> some of my other admin emails are now getting marked as [SPAM], like a
>> couple of denyhosts reports.  One of them had a -2.6 SPAM level....
> 
> I suppose you could post those headers as well, so we could offer 
> further advise.

OK, I have been playing with whitelist_from_rcvd trying to get this one
right as well, but for now, here is the last Denyhosts report I got that
was marked as [SPAM].

> Return-Path: <nobody at kjc386.framingham.ma.us>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
> 	kjc386.framingham.ma.us
> X-Spam-Level: 
> X-Spam-Status: No, score=-102.9 required=4.0 tests=ALL_TRUSTED,BAYES_00,
> 	SPF_PASS,USER_IN_WHITELIST autolearn=ham version=3.3.1
> Received-SPF: pass (kjc386.framingham.ma.us: domain of nobody at localhost designates 127.0.0.1 as permitted sender) receiver=kjc386.framingham.ma.us; client-ip=127.0.0.1; helo=kjc386.framingham.ma.us; envelope-from=nobody at localhost; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
> X-Virus-Status: Clean
> X-Virus-Scanned: clamav-milter 0.96 at kjc386.framingham.ma.us
> Received: from kjc386.framingham.ma.us (localhost [127.0.0.1])
> 	by kjc386.framingham.ma.us (8.14.4/8.14.4) with ESMTP id o7JGobga013007
> 	for <root>; Thu, 19 Aug 2010 12:50:37 -0400
> Message-Id: <201008191650.o7JGobga013007 at kjc386.framingham.ma.us>
> From: DenyHosts <nobody at kjc386.framingham.ma.us>
> To: root at kjc386.framingham.ma.us
> Subject: [SPAM] DenyHosts Report from kjc386.framingham.ma.us
> Date: Thu, 19 Aug 2010 12:50:37 -0400
> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (kjc386.framingham.ma.us [127.0.0.1]); Thu, 19 Aug 2010 12:50:37 -0400 (EDT)

SCORE=-102.9
USER_IN_WHITELIST

and yet the subject line was re-written with [SPAM]

In case it matters, here is the /var/log/maillog of the entire
processing of the message:

> Aug 19 12:50:37 kjc386 milter-greylist: smfi_getsymval failed for {daemon_port}, using default smtp port
> Aug 19 12:50:37 kjc386 milter-greylist: o7JGobga013007: skipping greylist because address 127.0.0.1 is whitelisted, (from=<nobody at localhost>, rcpt=<root>, addr=localhost[127.0.0.1]) ACL 158
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: from=<nobody at localhost>, size=304, class=0, nrcpts=1, msgid=<201008191650.o7JGobga013007 at kjc386.framingham.ma.us>, proto=ESMTP, daemon=MTA-v6, relay=localhost [127.0.0.1]
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (0): header: Received-SPF: pass (kjc386.framingham.ma.us: domain of nobody at localhost designates 127.0.0.1 as permitted sender) receiver=kjc386.framingham.ma.us; client-ip=127.0.0.1; helo=kjc386.framingham.ma.us; envelope-from=nobody at localhost; x-software=spfmilter 0.97 http://www.acme.com/software/spfmilter/ with libspf2-1.0.0;
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (kjc386.framingham.ma.us [127.0.0.1]); Thu, 19 Aug 2010 12:50:37 -0400 (EDT)
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (1): header: X-Virus-Scanned: clamav-milter 0.96 at kjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter insert (1): header: X-Virus-Status: Clean
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: connection from localhost [127.0.0.1] at port 40578
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: setuid to sa-milt succeeded
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: processing message (unknown) for sa-milt:492
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: identified spam (6.2/5.0) for sa-milt:492 in 0.8 seconds, 1139 bytes.
> Aug 19 12:50:37 kjc386 spamd[9721]: spamd: result: Y 6 - ALL_TRUSTED,BAYES_99,FH_FROMEML_NOTLD,MISSING_MID,SPF_PASS,TO_MALFORMED scantime=0.8,size=1139,user=sa-milt,uid=492,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=40578,mid=(unknown),bayes=1.000000,autolearn=no
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Flag: YES
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Status: Yes, score=6.2 required=5.0 tests=ALL_TRUSTED,BAYES_99,\n\tFH_FROMEML_NOTLD,MISSING_MID,SPF_PASS,TO_MALFORMED autolearn=no version=3.3.1
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Report: \n\t* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP\n\t*  3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%\n\t*      [score: 1.0000]\n\t*  2.1 TO_MALFORMED To: has a malformed address\n\t*  1.1 FH_FROMEML_NOTLD E-mail address doesn't have TLD (.com, etc.)\n\t* -0.0 SPF_PASS SPF: sender matches SPF record\n\t*  0.5 MISSING_MID Missing Message-Id: header
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Level: ******
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on\n\tkjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter change: header Subject: from  DenyHosts Report from kjc386.framingham.ma.us to [SPAM] DenyHosts Report from kjc386.framingham.ma.us
> Aug 19 12:50:37 kjc386 sendmail[13007]: o7JGobga013007: Milter message: body replaced
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: connection from localhost [127.0.0.1] at port 40580
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: setuid to cummings succeeded
> Aug 19 12:50:38 kjc386 spamd[10563]: spamd: processing message <201008191650.o7JGobga013007 at kjc386.framingham.ma.us> for cummings:1630
> Aug 19 12:50:38 kjc386 spamd[32460]: prefork: child states: IB
> Aug 19 12:50:39 kjc386 spamd[10563]: spamd: clean message (-102.9/4.0) for cummings:1630 in 1.2 seconds, 1905 bytes.
> Aug 19 12:50:39 kjc386 spamd[10563]: spamd: result: . -102 - ALL_TRUSTED,BAYES_00,SPF_PASS,USER_IN_WHITELIST scantime=1.2,size=1905,user=cummings,uid=1630,required_score=4.0,rhost=localhost,raddr=127.0.0.1,rport=40580,mid=<201008191650.o7JGobga013007 at kjc386.framingham.ma.us>,bayes=0.000000,autolearn=ham
> Aug 19 12:50:39 kjc386 sendmail[13015]: o7JGobga013007: to=cummings, ctladdr=<nobody at localhost> (99/99), delay=00:00:02, xdelay=00:00:02, mailer=local, pri=31779, dsn=2.0.0, stat=Sent
> Aug 19 12:50:39 kjc386 spamd[32460]: prefork: child states: II

It looks like sa-milt is getting a-hold of the message first, and
marking it as [SPAM] with a score of 6.2.  Then it looks like its
getting run again????

Probably my bad configuration, but how can I keep the spamass-milter
from marking this kind of email as spam if changing
/etc/mail/spamassassin/local.cf doesn't do it?

BTW, my /etc/sysconfig/spamass-milter file uses:

> EXTRA_FLAGS="-r 10"

so, now I can see how any email marks 10 or greater will be dropped on
the floor....

Do I need to add the -m option here as well?

-- 
Kevin J. Cummings
kjchome at rcn.com
cummings at kjchome.homeip.net
cummings at kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)


More information about the users mailing list