SA Forwarding

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

SA Forwarding

Post by michaeljwyo » 2020-02-13 19:52

Hello - I have been trying to solve this for a few hours now. I have a distribution list. I have SA implemented here on my hmailserver. Last night I had a spam message come through...it was addressed to the distribution list. (abdx@abdx.org). So...SA worked great. It caught it. It put its header on it about "Spam detection software, running on the system "mail-pc" has identified...." and then turned around and sent THAT message to the whole list. All I'm trying to do is get SA to send that email to me, and not to the whole list. I set up a rule so that if the header contains the above text, it will forward it to me. I tested it by sending a message that contains spam words and stuff....and it did the same thing. SA caught it and turned around and sent the message to the whole list. I added a rule that says if the message contains the above text AND is being sent TO "abdx@abdx.org", foward it to me. Tested again and got the same result. It's almost like SA has its own ideas on how to send stuff that it detects as spam and is ignoring my rules about NOT sending its "I caught it" message to the list and instead sending it to just me. I am getting errors about the loop counts being reached - forward loop count and rule loop count. Even if the loop counts are being reached because of the forwarding, it still should NOT be sending this message (tagged with SA's stuff) back to the whole list, right? I guess I don't get why it's even sending things back to the whole list in the first place. Maybe because that is who the original receiver is on the original post? I am just not understanding the process and the chain of events when an email comes in and is run through the filter.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SA Forwarding

Post by mattg » 2020-02-14 03:09

Are you using hmailerver rules to catch this message?

In addition to forward, you should also delete the original message
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-14 03:43

Thanks Matt. Yes I'm using the hmailserver rules. I got a chance to see the looping that the server logs were talking about. It IS looping. I wonder if it may have something to do with the fact that the address I want the spam-tagged email (after it goes through SA) sent to, is also a member of the email list. Or is it that when it goes to forward it, hmailserver's SMTP server also runs things through SA and again it gets tagged as spam and that tries to get sent to me and when it does it gets tagged as spam.... Maybe? Then again, if it's going through the SMTP server when it sends them back out to everyone on the list, wouldn't that cause a loop too? Still, though...the rules should keep the spam-tagged mail from going back out to everyone on the list if all I am doing is forwarding it to myself. It's crazy...and maybe I didn't write the rules right. I deleted them because I didn't want the looping to continue and my inbox filling up with all the repetitive emails looping. Does SA do its own forwarding and have its own rules and so forth?

Michael

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SA Forwarding

Post by mattg » 2020-02-14 07:16

if you forward a message with a rule, the forwarded message will then also get forwarded UNLESS you specifically exclude it with rule conditions
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-14 17:29

Hmmmm. Sounds like I need to play around with the rules some more, then. But what you're telling me then is that the answer is NO, SA does not maintain its own rulebook as to what to do once it flags something as spam and re-writes it with the spam tag. Right? Everything is done there in hmailserver. I was hoping it was simpler than that...as in changing one setting that says "when something is found to be spam, do this: " and give multiple choice. Doesn't sound like it, though.
Thanks again

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SA Forwarding

Post by mattg » 2020-02-15 00:12

hMailserver anti-spam settings are like that

example
Mark threshold = 4
delete threshold = 10

If a message scores less than 4, no changes to message

If a message scores from 4 to less than 10, then a 'spam header' is added to the message, so that email clients like Outlook or Thunderbird can warn users. SpamAssassin headers are added here too.

If a message scores more than 10 it is rejected


SpamAssassin has it's own 'mark as SPAM' scoring. If the score is less than the SA score than the headers are not modified.

look for 'required_score' in your main cf file
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: SA Forwarding

Post by jimimaseye » 2020-02-15 00:49

mattg wrote:
2020-02-15 00:12
SpamAssassin has it's own 'mark as SPAM' scoring. If the score is less than the SA score than the headers are not modified.

look for 'required_score' in your main cf file
Not sure thats quite right. The spamassassin 'report' (score) header is included anyway and the rule headers (with score) are added (according to config) even when the scoring is a pass.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: SA Forwarding

Post by mattg » 2020-02-15 07:02

just checking - you may be right
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-18 18:07

Thanks guys for the insight. Not a problem with the scoring...I get that part. What I am trying to do is to keep the email from going out to my list and get sent to only me.
This is what is happening right now:

Message comes in...it's addressed to the list (abdx@abdx.org)
SpamAssassin grabs it because it is spam.
SpamAssassin tags it as spam and adds the header to it.
SpamAssassin sends it out to all the list members with the Spam tag on it.

What I would like to do is modify the last step so that if it is spam, it does NOT send it out to the list members and instead just sends it to me.

Sorry...hope I am not being repetitive. Tried several different tweaks with the rules and nothing seems to work and many times forms a loop. Especially when my email address is also a "member" of the list.
So...would it help if I created an email address (lets say spam@abdx.org) and then have something that is spam forwarded to it? Since that email address will NOT be a member of the list, would that maybe stop the loop. I want to say I tried that, and it did send the message there, but also still sent it out to the list. Maybe I still haven't got the rules right.

Does that help any?

User avatar
SorenR
Senior user
Senior user
Posts: 3826
Joined: 2006-08-21 15:38
Location: Denmark

Re: SA Forwarding

Post by SorenR » 2020-02-18 18:32

On my server I have a user SPAM@mydomain.tld and I have two levels of SPAM handling...

"Light SPAM (Rule 1)" the user is allowed to see but "serious SPAM (Rule 2)" never reaches the user.

Code: Select all

Rule 1:

IF 
    Custom header field "X-hMailServer-LoopCount" < 1
    AND
    Custom header field "X-hMailServer-Reason-Score" > 2
THEN
    Forward email "SPAM@mydomain.tld"
    Move to IMAP folder "JUNK"
    Stop rule processing

Rule 2:

IF 
    Custom header field "X-hMailServer-LoopCount" < 1
    AND
    Custom header field "X-hMailServer-Reason-Score" > 6
THEN
    Forward email "SPAM@mydomain.tld"
    Delete email
    Stop rule processing
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-20 17:36

Thank you Soren for your response. I decided to try to make rules that are identical to yours, of course with a different forwarding address. Still doesn't work. I just don't understand why the rules don't work. I have my little "test" distribution list set up. There are 3 members of that distribution list. And of course the idea is for me to send a spam message to the list, and then it will NOT go out to those members but instead will just end up in my "spam@abdx.org" account.
I am still stumped.

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: SA Forwarding

Post by palinka » 2020-02-21 02:01

Are you sure your test message is getting marked as spam? Is the sender or recipient whitelisted?

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-21 19:21

Yes it gets marked as spam...and gets sent out to the list members. However, you did make a good point and yes the email address it's sent from is a good point. I just tried to send the spam message using an email address that is not part of or listed anywhere in the script as an allowed address. It apparently didn't even make the list, which is a good thing. So that of course was the other point of concern - how did the original message (the one that started all of this) make it to the list in the first place? Otherwise, seeing this happen with my "Test" distribution list, it's actually a good thing by not making it to the list. Otherwise with all the testing I have been doing, you are right. I have been sending it from a "list member". If that's the case, then why would we need spam filtering at all? Spam filtering is supposed to work for list members who post spam or whose email addresses get spoofed. So I guess we're still at the point we were. I have no one on the white-list list.

palinka
Senior user
Senior user
Posts: 2178
Joined: 2017-09-12 17:57

Re: SA Forwarding

Post by palinka » 2020-02-21 23:53

I only whitelist addresses that are known to both a) not send spam and b) trip a spam filter due to poor setup on the sender's end. Therefore, there are very few addresses on my whitelist. Only 3 or 4. All other messages get processed for spam filtering.

michaeljwyo
New user
New user
Posts: 13
Joined: 2020-02-11 19:02
Location: Evanston, WY
Contact:

Re: SA Forwarding

Post by michaeljwyo » 2020-02-22 01:02

I am using for my distribution list so basically "only list members" can post anyway. That part seems to make it work fine and not let anyone else post anyway. I am just not sure how that one got through. I am using the event handlers script that someone here on the list created so it's more like a list-server....which works great. So I don't know if something in the scripting there allowed the spam post to get through anyway. I may have to just leave it the way it is, and know that in most cases no spam is going to get through. I can probably live with "once in a great while" a post will get through and it'll get forwarded to all the members tagged as spam. I just was hoping there was something easy to do to tell SA itself just to forward the message to an address when it encounters spam and not forward it to the list. It may just be that because it was technically addressed to the list's address (abdx@abdx.org) that it's going to tag it and send it to that address.
I really appreciate all the replies and still up for other suggestions if anyone's got anything.

Post Reply