PDA

View Full Version : Spam still comin in although it's tagged



firebirdfan
07-25-2004, 07:43 PM
I've got spamassasin installed, set it to a low score. But somehow it stills get in even with the score of 10.5 when i checked the headers.

Any reference/solutions to this thanks.

wildjokerdesign
07-25-2004, 08:59 PM
SpamAssasin only marks the mail for you then have to set up something like procmail to read the spamassasin tag in the header and do with it what you want. You can also set most programs like Outlook to catch it once it gets to your computer if you want and move it to a different folder. The easiest is to have SA change the subject line then create a rule based on what you had it change it to.

firebirdfan
07-25-2004, 09:07 PM
Thanks Shawn. Sorry I forgot to mention that i did set procmail to delete it for good if there's any marked as spam.
So what could be the reason.

ccwebb
07-25-2004, 09:21 PM
To elaborate on Wildjokers response - here is the code in my user_prefs file to set the level at which email is considered spam and then to rewrite the subject identifying it as such:


# How many hits before a mail is considered spam.
required_hits 4
rewrite_subject 1
subject_tag **POSSIBLE SPAM**


Then in procmail I have this to delete any spam with 25 stars (25 points):



:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


All other spam with less than 25 stars comes into outlook express where I catch it with a subject of **POSSIBLE SPAM**

Hopes this helps....

Charlie

firebirdfan
07-25-2004, 09:37 PM
Thanks for the alternative rule. For me I'm using this rule instead. So any mail that is tagged by Spamassasin it will automatically deleted.

But my main question is, how could the email tagged by Spamassasin still pass through.

:0:
* ^X-Spam-Flag: YES
/dev/null

wildjokerdesign
07-25-2004, 09:51 PM
Not real familiar with this but the one difference other then the rule that I see between the two is the you have used :0: and ccwebb has used :0

I think it makes a difference but not sure why. Do you see the difference? Droping the : after the 0

firebirdfan
07-25-2004, 10:08 PM
Hmm. as I can remember : denotes locking the file/folder while procmail is processing 1 mail at a time. It's only applicable if you want to set it on a rule other than sending it to null.

I'll remove it & see what happens.

Thanks guys.

FZ
07-26-2004, 11:13 AM
Try some basic troubleshooting: make sure the Procmail recipes are being run against mail for the account in question. Example: forward all mail to another account (using Procmail), or store a copy of it in a file. If that works, then you know your rule is messed up (since you have confirmed that SpamAssassin is marking spam correctly with its headers - or haven't you?)

Lashito
09-15-2004, 08:30 AM
I'm having the same problem. Just upgraded to SpamAssassin 2.64, which works GREAT at marking SPAM. Now, I want to automatically delete any SPAM with a score of 10 or higher. Following Jalal's Gnomedia site, I have added the following into my /etc/procmailrc:

# 10 stars or more...
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/dev/null

All mail still gets through. Tried changing the :0: to just :0, didn't work either.

Anyone have any ideas? I get a couple 100 SPAM a day, the having the 10+ scored mail deleted on the server would really be cool.

Thanks,

ccwebb
09-15-2004, 09:00 AM
Mine works with 0: (I am on 2.63)


:0
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


Is the spam that is getting thru marked as spam?

Have you possibly introduced errors into procmailrc?

Charlie

Lashito
09-15-2004, 12:47 PM
Charlie - Thanks!

I didn't think I had a problem with the procmailrc, and was going to post the contents. To do so, I turned on logging in my ssh session, and vi procmail. When I went to the sshlog.txt, my ^X didn't look correct. Apparently, I carelessly hit Ctrl-X instead of ^X when inputting the code. While it looked the same in vi, that's obviously incorrect. Can you tell I'm a MS guy?

So, thanks for prompting me to get to a point where I can fix. Just sent several test messages through, and the rule is working like a charm. My life just got better.

Cheers...

john_collins
09-16-2004, 12:03 PM
I would like to forward all email tagged by Spamassassin into a spam-trap@.. mailbox so I can inspect it before deleting it. Therefore I don't have to waste download time (dialup) collecting it all.
I have a couple of domains I need to move to WH, but this is holding me back.
Is there a hidden setting somewhere for spam forwarding?
I do not want to automatically delete as Spamassisin has labeled some very important client mail (worth $$$).

wildjokerdesign
09-16-2004, 12:08 PM
Not real knowleagble about this but I do know that others use a variation of the above rule in procmail to send the mail to a mailbox as opposed to sending it to /dev/null. I think it is a simple process of changeing /dev/null to the location of the mailbox you want it moved to but not sure.

There is no way to do it via your Site Manager that I know of you have to edit the procmail file.

Lashito
09-16-2004, 12:16 PM
Hey John,

Use the following code in procmailrc:

:0
* ^X-Spam-Flag: YES
/var/spool/mail/spam-trap

I think that should move everything tagged as SPAM into the "spam-trap" mailbox. Hope that helps!

Lashito
09-16-2004, 12:18 PM
I need to give props to Jalal again. For more info, check out: http://codeworks.gnomedia.com/westhost/index.php

wildjokerdesign
09-16-2004, 12:19 PM
Thanks for the detail Lahito. I wasn't sure.

John I do think you have to create the user spam-trap first via your Site Manager to use this at least it would set up that as an email user so you can check the mail in it.

j103c
09-16-2004, 12:29 PM
If dial-up is an issue, and you don't want to have to download the e-mail to review it, you could just SSH in with your admin account and view it that way.

Per Jalal's example, this is what I use:


# Delete / SpamAssassin 8+ Stars
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*
/dev/null

# Move / Spamassassin 6+ Stars
:0:
* ^X-Spam-Level: \*\*\*\*\*\*
/mail/rejected

This automatically creates a 'rejected' folder when a match is processed. Then, I can log in to a console (SSH) with my admin account, then open pine, then view the folder list to find 'rejected'.

From there I can view the summary From/Subject listing and open those that are possibly not spam to view the body and headers.

If I want to keep it, I transfer it (still in pine) to my inbox, then download it with my e-mail client. Then I can save or send it on to whomever I need to. Usually then I try to adjust my custom rules for spamassassin as well.

That process might save you some time downloading message bodies that are for sure spam e-mails.