store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sat Aug 23, 2014 3:27 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 41 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: bypass spamassassin on ongoing messages
Unread postPosted: Sun Jan 31, 2010 12:02 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Aug 12, 2006 8:14 am
Posts: 119
hello
i tryed now for hours, but dont found a solution...

my mail users send emails via the server with smtp auth and sometime get tagged as spam.... what i want to implement is, to bypass spamassassin for users who make smtp auth (only spamassassin, not clamav)

what i tryed, without success is (it scans the mail...)

- env = QS_SPAMASSASSIn="on" in /etc/xinetd.d/smtp_psa



... another idea i read is to give -10 SA points to mails that have a X-SMTP-Auth= yes -> how i can add this to the outgoing emails?

how are your systems configured to solve this problem?


thanks
zeki


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Tue Feb 02, 2010 5:28 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
I tried to get this working before too, but couldn't ever get it to skip scanning with Spamassassin. I would like to see if anyone has had any success doing this. I even tried to use the alternate smtp port, but it still scans the messages.


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Wed Feb 03, 2010 1:42 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 770
Location: Sweden
Yeah, this is really strange. I have tried to turn scanning of outgoing mail off several times but haven't been able to find a way. It doesn't matter which port I use (25, 587 or 465) or adding QS_SPAMASSASSIN="off" or QS_SPAMASSASSIN=0 to /etc/xinetd.d/smtp_psa or /etc/xinetd.d/smtpa_psa or /etc/xinetd.d/submission_psa

Ig anyone could explain how the mail queue really works I might be able to dig something up...


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Wed Feb 03, 2010 2:28 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7888
Location: earth
Its definitely possible if you can manipulate what qmail-queue binary gets invoked. In the context of tcpserver, thats what that whole "qmailqueue" patch you may have heard about. A combination of that, plus tcpserver would let you define the alternate qmail-queue to use. I'd implement that by binding it to port 587. Plesk of course uses xinetd, and qmail without this patch applied. I do seem to recall seeing something in the past where someone figured out how to manipulate it in an xinetd context.


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 9:45 am 
Offline
Forum User
Forum User

Joined: Wed Feb 21, 2007 7:56 pm
Posts: 16
Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code:
# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0


Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 12:45 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Aug 12, 2006 8:14 am
Posts: 119
thanks danami
thats what i search for weeks....

i run qmail-scanner on my system . maybe custom rules dont get applied with qmail-scanner?
i tryed your rule and other test rules in local.cf and xy.cf in /etc/mail/spamassassin

in spamassasin --lint -D i see, that local.cf and my xy.cf gets read...but no effect.
a tip?

thanks
zeki


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 1:05 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 770
Location: Sweden
danami wrote:
Here is a little tutorial for how you do it. Its actually pretty simple:

Plesk's qmail does not set the mail header "ESMTOA" correctly as per RFC3848 (http://www.fehcom.de/rfc/rfc3848.txt). To get around this you can create your own spamassassin custom rule to detect your own mail server tag match to LOCAL_AUTH_RCVD and apply a negative score if need be.

Edit your local spamassassin config (/etc/mail/spamassassin/local.cf) file and add the rule and new negative score there (sa-updates will never overwrite it in local.cf).

Code:
# custom rules
header LOCAL_AUTH_RCVD Received =~ /by yourhostname\.yourdomain\.com with \(.* encrypted\) SMTP/
score LOCAL_AUTH_RCVD -10.0


Substitute your hostname and server name with your own.

The first line is just a Perl regex to match your own server hostname . The wildcard match will match different authentication schemes (CRAM MD5 etc). You can look at your own mail headers when you send authenticated to see what they look like. A good regex tester is here : http://www.spaweditor.com/scripts/regex/index.php

References: http://wiki.apache.org/spamassassin/DynablockIssues

I hope this helps people!


Thanks a lot for the tip! I have one problem though. My server randomly choses one of the domains which I host on the server for "yourhostname\.yourdomain\.com". Anyone got any idea how to fix that?


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 2:00 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 770
Location: Sweden
Fixed it! I had a PTR-record for every domain on the server. Seems to be the default for a the Plesk DNS-template. Really shouldn't be...

Once again thanks a lot for the script/rules!


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 4:24 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
Yeah, the default PTR issue is a PITA unless you remember to remove it in the template :-)

danami - thanks for this. I didn't think of it. Brilliant.

zeki - check the headers to see what rules trigger on messages marked as spam. if the new one in local.cf does not trigger it may just be that your hostname is not set correctly in the regex or that you also have multiple PTRs. Rememer that the regex isn't looking for the domain name as such - it is looking for the full hostname (e.g. myservername.hostingcompany-corp-ltd.com) and which basically correspoinds to the PTR record for the main IP of your server (at least I think so.. .. I'm easily confused these days).

Bottom line is, as danami says, look in the email headers to see what is actually being used by your server, and put that in.

Faris.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 4:30 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Aug 12, 2006 8:14 am
Posts: 119
hey faris
thanks for the tip. i tryed a simple rule and it gets ignored. it has nothing to do with the title of this thread ...
i have to find out why my rules gets ignored first .....-

thanks all
zeki


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Sat Feb 06, 2010 5:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 770
Location: Sweden
Have you restarted spamassassin? And re-run qmail-reconfigure? It feels like you have to do it some times...


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Mon Feb 08, 2010 1:51 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
Yep, this works great. Thanks for the rules.


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Tue Feb 09, 2010 6:35 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Aug 12, 2006 8:14 am
Posts: 119
after a restart of the server now the SA rules are active...

when i authenticate on SMTP i dont get in the header:

by server with xy encrypted with SMTP

i only get

by server with SMTP (even i use smtp auth with TLS)


any tips?

thanks
zeki

ps: i run spamdyke,qmail-scanner,qmail of plesk9.01


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Tue Feb 09, 2010 7:23 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
just remove \(.* encrypted\) from the regex. Same here, incidentally.

Faris.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: bypass spamassassin on ongoing messages
Unread postPosted: Tue Feb 09, 2010 7:34 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Aug 12, 2006 8:14 am
Posts: 119
That's what I tryed... Then it matches on every incoming mail... with -10 point.....


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 41 posts ]  Go to page 1, 2, 3  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group