Questions regarding SpamAssassin

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-17 17:31

Hi,

I have an hMailServer setup that processes about 500,000 legitimate emails a week. We have configured the built in Anti-Spam settings in the past and they are not working. I have been working for about a week on implementing SpamAssassin via the Jam SpamAssassin-in-a-box as per viewtopic.php?t=28133 and it has been extremely helpful.

The spam is still getting through, we get atleast 10 an hour to various emails. I have SpamAssassin running in a command prompt window at the moment to try to see when hMailServer sends it emails for processing. My though is that all inbound emails should be processed by it. I have went as far in the last hour as disabling all of hMailServer built-in Anti-Spam options in the first two tabs disabled (General and Spam tests) and checks and only leaving SpamAssassin active.

From what I can see, no messages are being sent to SpamAssassin. I have been looking for hours to see what causes or trips hMailServer to send an email to SpamAssassin for processing and can't find anything on this. This is what led me to disabling the options on the built-in hMailServer Anti-Spam figuring it would then send all inbound email messages to SpamAssassin and this is not the case.

Any insight into this issue would be greatly appreciated.

Thanks ahead of time for reading and helping out!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-17 17:36

tab 3 - "USe Spamassassin" - ticked.

Then Hmailserver sends the messages to spamassassin spamd SERVICE (there is nothing to view in any 'window' you speak of). To view if it is receiving and processing then view the SPAMD.LOG file.

If you have followed my setup guide then all should be working just fine for you.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-17 17:49

Hi jimimaseye,

Thanks for getting back so soon! Not that I am trying to make an argument, but I am running the SpamD program in a command window which shows you live activity that you would also see in the log - just in a live command window. I have attached the image to show you this.

I do have the Use SpamAssassin button ticked and yet the only message that goes to SpamD is the test message. This is why I have reached out via the forum.

Any other information you can provide would be greatly helpful and appreciated.

Thanks!
Capture.PNG

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-17 18:08

Please run this script and post the results here
viewtopic.php?f=20&t=30914
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-17 18:21

Thanks again for your very fast response!! The text is below as requested. I have removed IP addresses and some other sensitive information.[code]2/17/2017 11:12:21 AM Hmailserver: 5.4.2-B1964

IP: xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx Priority: 1000 Name: xxxxx
Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - False


IP: xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx Priority: 700 Name: xxxxx

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - False


IP: xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx Priority: 100 Name: My LAN

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True


IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True


IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True


------------------------------------------------------
AUTOBANNED Local Addresses:
No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 10
Minutes Before Reset: 15
Minutes to Autoban: 15
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: False - 3 Use Spamassassin: True
Add X-HmailServer-Spam: False Check HELO host: False - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: False Check MX records: False - 2 Port: 783
Add X-HmailServer-Subject: False Verify DKIM: False - 4 Use SA score: True

Spam delete threshold: 100 Maximum message size: 1024

GREYLISTING:
Greylisting: False

DNSBL ENTRIES:
No entries

SURBL ENTRIES:
No entries
-----------------------------------------------------------------------------------------------

WHITELISTING
0.0.0.0 to 255.255.255.255 XXXXX
0.0.0.0 to 255.255.255.255 XXXXX
0.0.0.0 to 255.255.255.255 XXXXX
0.0.0.0 to 255.255.255.255 XXXXX
0.0.0.0 to 255.255.255.0 XXXXX
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx to 255.255.255.255
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
When found - Delete Attachments

Max Message Size: 0
CLAM AV: False
CLAMWIN: False
CUSTOMAV: False
-----------------------------------------------------------------------------------------------

SSL/TLS
SslCipherList :

-----------------------------------------------------------------------------------------------

TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP -
0.0.0.0 / 110 / POP3 -
0.0.0.0 / 143 / IMAP -
0.0.0.0 / 144 / IMAP -
0.0.0.0 / 587 / SMTP -
-----------------------------------------------------------------------------------------------

LOGGING Logging Enabled: True

Paths:- Current: D:\Program Files (x86)\hMailServer\Logs\hmailserver_2017-02-17.log
Error: D:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-02-17.log
Event: D:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log
Awstats: D:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - .
SMTP - True
POP3 - .
IMAP - .
TCPIP - .
DEBUG - True
AWSTATS - .
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

Backup directory \\Backup\ is writable.

Relative message paths are stored in the database for all messages.

No problems were found in the IP range configuration.

-----------------------------------------------------------------------------------------------

Error 438. Out-dated version. Some fields or objects missing.

[/code]
Generated by HMSSettingsDiagnostics v1.40, Hmailserver Forum.

User avatar
mattg
Moderator
Moderator
Posts: 20123
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Questions regarding SpamAssassin

Post by mattg » 2017-02-17 23:21

Hard to tell with what you've redacted, but if ALL of the redacted IP ranges / incoming relays etc have the same lower and upper IP like
123.123.123.123 to 123.123.123.123 and
124.124.124.124 to 124.124.124.124 etc

then that looks OK.

What does your debug logging show?
Are there any error logs created?


And all messages are sent to your server via SMTP? None are downloaded via External Account POP3?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-18 02:31

mattg wrote:Hard to tell with what you've redacted,....
I simply dont understand some people. How are we supposed to judge if settings are suitable if they redact it. What possible sensitive information can there be in an ip range? (Answer: none.) What do they think someone is going to do by knowing your internally allowed ip adresses?! (Answer: absolutely nothing!) I mean it's not as though any emails that come from this server to the outside world recipients has any ip addresses in it, is it. Or that dns records are visible to the world's Internet.

(And clearly the instruction on use to not format it when posting is not clear enough.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 20123
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Questions regarding SpamAssassin

Post by mattg » 2017-02-18 02:36

I think perhaps the IP ranges that were redacted were the static public IP of business client networks

I do this....

If I have a client who I don't want to ever block or autoban any connection from, because there are multiple users at that client location, then I will create a static IP range for their public IP that is higher than any Autoban.

It may well be that the poster just didn't want to publicly show thier business clients public IP address, and I get that.
But yes, it does limit how effective help offered can be.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-18 02:41

No doubt. And so what? (The clue there is its public). I still don't get it. What's the problem in it being posted above? What can possibly happen even if someone sees it?

(There was a reason I didn't want to display the name though)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 13:16

Although the IP addresses are public, I do not want to disclose them on a public support forum. What could the IP ranges have to do with another program that is running locally on the machine to begin with - really a rhetorical question that doesn't need to be answered.

The IP ranges are all configured correctly and are all communicating and processing email properly - and hMailserver DOES send some, but very very few emails to the SpamAssassin program on the same machine - the question was under what circumstances does hMailserver forward emails to SpamAssassin if there are any as only a very limited select few are sent and processed, not all of them, which in theory is how it should work.

So again, the question is this: How does hMailServer decide if it sends an incoming email via SMTP to SpamAssassin for processing - and if all are supposed to be processed which is my thought, is there anything above in the configuration that is incorrect without regard to the blocked out IP ranges.


How about we stick to helping out rather than bashing because I simply wanted to be a bit discreet with client and internal information.

Thanks again for helping out.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 13:30

In order to answer you question we need to know some facts.
anthonyatech wrote:Although the IP addresses are public, I do not want to disclose them on a public support forum. What could the IP ranges have to do with another program that is running locally on the machine to begin with
Spamassassin settings dictate what message size is accepted for checking.
IP RANGES dictate when emails are sent to spamasassin, and when they are not.
anthonyatech wrote:The IP ranges are all configured correctly and are all communicating and processing email properly
Says you. And yet, here you are with a thread saying they dont.
anthonyatech wrote:the question was under what circumstances does hMailserver forward emails to SpamAssassin if there are any as only a very limited select few are sent and processed, not all of them, which in theory is how it should work.
Spamassassin settings dictate what message size is accepted for checking.
IP RANGES dictate when emails are sent to spamasassin, and when they are not.

anthonyatech wrote:How does hMailServer decide if it sends an email to SpamAssassin for processing - and if all are supposed to be processed which is my thought, is there anything above in the configuration that is incorrect without regard to the blocked out IP ranges.
Unless you disclose the IP ranges we will never know.
anthonyatech wrote: How about we stick to helping out rather than bashing because I simply wanted to be a bit discreet with client and internal information.
How about sticking to answering the replies to your cries for help. We are not interested in you or your company and we only ask for certain information to help diagnose the problem. Be aware, though, that if you choose to ignore those responses to your pleaing for help then you will never get the help your crave for.


(And for discussion sake: Again, WHO CARES and how on earth could anyone do anything with IP RANGES. How is any of this a security issue. (Feel free to stick to your guns and not disclose them.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 14:00

Here is the code as requested. As you can see, all of the ranges are set to utilize the AntiSpam service.

[code]2/17/2017 11:12:21 AM Hmailserver: 5.4.2-B1964

IP: 10.162.120.1 - 10.162.126.255 Priority: 1000 Name: NETTED

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - False


IP: 108.29.44.1 - 108.29.44.162 Priority: 700 Name: TASTY

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - False


IP: 172.16.0.1 - 172.16.0.255 Priority: 100 Name: My LAN

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True


IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True


IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True
IMAP: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True


------------------------------------------------------
AUTOBANNED Local Addresses:
No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 10
Minutes Before Reset: 15
Minutes to Autoban: 15
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
108.29.44.1 - 108.29.44.162
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: False - 3 Use Spamassassin: True
Add X-HmailServer-Spam: False Check HELO host: False - 2 Hostname: 127.0.0.1
Add X-HmailServer-Reason: False Check MX records: False - 2 Port: 783
Add X-HmailServer-Subject: False Verify DKIM: False - 4 Use SA score: True

Spam delete threshold: 100 Maximum message size: 1024

GREYLISTING:
Greylisting: False

DNSBL ENTRIES:
No entries

SURBL ENTRIES:
No entries
-----------------------------------------------------------------------------------------------

WHITELISTING
0.0.0.0 to 255.255.255.255
0.0.0.0 to 255.255.255.255
0.0.0.0 to 255.255.255.255
0.0.0.0 to 255.255.255.255
0.0.0.0 to 255.255.255.0
10.162.120.127 to 10.162.120.127
65.204.0.67 to 255.255.255.255
68.237.161.12 to 68.237.161.12
69.254.116.149 to 69.254.116.149
71.250.0.12 to 71.250.0.12
108.29.44.1 to 108.29.44.162
206.29.160.0 to 206.29.191.255
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
When found - Delete Attachments

Max Message Size: 0
CLAM AV: False
CLAMWIN: False
CUSTOMAV: False
-----------------------------------------------------------------------------------------------

SSL/TLS
SslCipherList :

-----------------------------------------------------------------------------------------------

TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP -
0.0.0.0 / 110 / POP3 -
0.0.0.0 / 143 / IMAP -
0.0.0.0 / 144 / IMAP -
0.0.0.0 / 587 / SMTP -
-----------------------------------------------------------------------------------------------

LOGGING Logging Enabled: True

Paths:- Current: D:\Program Files (x86)\hMailServer\Logs\hmailserver_2017-02-17.log
Error: D:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-02-17.log
Event: D:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log
Awstats: D:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - .
SMTP - True
POP3 - .
IMAP - .
TCPIP - .
DEBUG - True
AWSTATS - .
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

Backup directory \\BACKUP\Backup\Email Server is writable.

Relative message paths are stored in the database for all messages.

No problems were found in the IP range configuration.

-----------------------------------------------------------------------------------------------

Error 438. Out-dated version. Some fields or objects missing.

[/code]
Generated by HMSSettingsDiagnostics v1.40, Hmailserver Forum.

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 14:18

From looking at the SpamAssassin logs, it seems to be getting emails from legitimate sources such as a hosted domain on outlook.com, but to get an idea, out of 133379 emails processed by the server, only 9 have been marked as spam meanwhile a rule I have set has marked over 50 (based on keywords).

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 14:53

Ok, so this is different from what you originally said. Is spamassassin firing or not?

If it is a case of 'things not being detected' then thats a different problem. For that we need the full extent of your spamassassin setup (LOCAL.CF) (or even get help from Jam Support if you have paid for their Out The Box product).

(by the way - you are open to receiving spam such as "FROM: @yourdomain, TO: @yourdomain, SUBJECT: See my willy!)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 15:02

Thanks for getting back. Below is the spamassassin local.cf. SpamAssassin is firing and working, but not every message seems to be getting checked - only certain ones, for example, if I sent an email from my personal email account, I should see it as being processed in the SpamAssassin log and I am not. However, if I change my postfix settings on my other server to send directly instead of relay, then the message gets checked - just not sure what hMailServer uses to choose whether or not to send a message to SpamAssassin for checking and trying to find out if that is the problem. I am guessing there is no issue with the above posted hmailserver info you had asked for with the IP addresses?
jimimaseye wrote:Ok, (by the way - you are open to receiving spam such as "FROM: @yourdomain, TO: @yourdomain, SUBJECT: See my willy!)
How would I resolve this? When you say @yourdomain, are you meaning my actual domain or fake domains? This seems to be part of the spam issue... we get messages from Kohls for example but the domain is not matching and being checked by SpamAssassin.

Thanks!

Code: Select all

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

#   Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****
rewrite_header Subject *****SPAM*****


#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
# report_safe 1
report_safe 0
add_header all Report _REPORT_


#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.
#****** added by aadamo on 2/16/17 ******
trusted_networks 172.16.0. 10.162. 65.204.0.67

#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


#   Set the threshold at which a message is considered spam (default: 5.0)
#
# required_score 5.0
required_score 3.0

#   Use Bayesian classifier (default: 1)
#
# use_bayes 1
use_bayes 1

#   Bayesian classifier auto-learning (default: 1)
#
# bayes_auto_learn 1
bayes_auto_learn 1

#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status


#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
#   them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1

#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST       on
# shortcircuit USER_IN_DEF_WHITELIST   on
# shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST       on
# shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 15:18

if I sent an email from my personal email account, I should see it as being processed in the SpamAssassin log and I am not.
Depends what this 'personal account' is. Hmailserver account, external Gmail-type account, what? If you AUTHENTICATE to Hmailserver then mail does not get checked. Also, you have an INCOMING RELAY set (108.29.44.1 - 108.29.44.162) so this address may also be ignored (if thats where you sent from).

Also, in your LOCAL.CF you have

trusted_networks 172.16.0. 10.162. 65.204.0.67

Anything being relayed from those addresses will be ignored. That explains why inbound from internet OUTLOOK.com, for example, is checked correctly but anything sent from those networks (presumably internal) will not despite you saying 'yes' to Antispam checking in their IP RANGES.
How would I resolve this? When you say @yourdomain, are you meaning my actual domain or fake domains? This seems to be part of the spam issue... we get messages from Kohls for example but the domain is not matching and being checked by SpamAssassin.

Code: Select all

IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet    <<<<<<<  -------  WITH THIS

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                           

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False    <<<<<<<  -------  THE PROBLEM LIES HERE
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True
I am guessing there is no issue with the above posted hmailserver info you had asked for with the IP addresses?
Very helpful. With it I can now see that you have a match with one of your ranges (108.29.44.1 - 108.29.44.162) and Incoming Relays. And also the maching between your trusted_networks and your ip ranges. (We wouldnt have known that before due to your hiding the addresses - THAT is why we ask for them).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 15:25

Ok, so actually a funny story, a little while before I sent the local.cf to you, I added the trusted network of 65.204.0.67 thinking that it needed to be trusted to be checked - exactly reverse of what actually happens that I see now from your explanation.

So I now removed the trusted_networks line from the local.cf and sent a test message from my personal google email account to a local account on the server and it did not hit SpamAssassin - shouldn't I have seen it being processed? Or is this not checking the mail because the mail server is in the 127.0.0.* network that is trusted by default by SpamAssassin and if this is the case, how do I fix this?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 15:31

Enable SMTP and APPLICATION logging.
Send in a GMAIL email as before.
Wait until you receive it.
Then post the resultant log entries here (you may redact your gmail address if you wish :wink: .... but nothing else!).



(https://spamassassin.apache.org/full/3. ... _Conf.html)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 15:33

LOL thanks for letting me redact the email account :)

While I do that... for the internet network, should I change

Local To Local - False <<<<<<< ------- THE PROBLEM LIES HERE
to True?

Thanks!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 15:36

anthonyatech wrote:LOL thanks for letting me redact the email account :)

While I do that... for the internet network, should I change

Local To Local - False <<<<<<< ------- THE PROBLEM LIES HERE
to True?

Thanks!
Yes.

Otherwise you are letting any old joe connect to your system and send your users an email claiming to be from one of your own accounts.

You might want to complete DISABLE 'External To External' deliveries on all IP RANGES too.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 15:39

That's what I thought to be honest (this is a system I was thrown into fix a few weeks ago). If we do that for all networks, and we have mail coming from our 10. network, is that considered external to the server? The thinking may have been that it is external and should be selected to have external to external being true to send from these routed addresses...

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 15:42

https://www.hmailserver.com/documentati ... ce_iprange
Allow deliveries
These settings allow you to define whether hMailServer should allow SMTP deliveries for this IP range.

A person sending an email is considered local if the domain-part of his or her email address matches
  • a local domain or
    a route in which you have selected "When recipient matches route, treat recipient domain as a local domain"
A person is considered external in all other cases.

All users with accounts on your server will typically be considered local. All other people will be considered external.

If you select "External to external", people will be able to send email via the server even if the sender address does not match an account on the server. If you select this option you should make sure that you select the corresponding setting under "Require SMTP authentication" as well. Not doing so will open up your server for spammers.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 15:47

Thanks!

Here is the (not sure if this is all of it, but it seems to be complete) logging of the email from gmail to my account on the server - I have blocked out the domain of the mail server. The message does not get sent to SpamAssassin at all...

Code: Select all

"SMTPD"	7864	139365	"2017-02-20 08:34:59.091"	"74.125.82.54"	"SENT: 220 xxxx.com ESMTP"
"SMTPD"	3476	139365	"2017-02-20 08:34:59.177"	"74.125.82.54"	"RECEIVED: EHLO mail-wm0-f54.google.com"
"SMTPD"	3476	139365	"2017-02-20 08:34:59.178"	"74.125.82.54"	"SENT: 250-atu-taru.com[nl]250-SIZE 20480000[nl]250 AUTH LOGIN"
"SMTPD"	6124	139365	"2017-02-20 08:34:59.263"	"74.125.82.54"	"RECEIVED: MAIL FROM:<anthonyatech@gmail.com> SIZE=3116"
"SMTPD"	6124	139365	"2017-02-20 08:34:59.267"	"74.125.82.54"	"SENT: 250 OK"
"SMTPD"	4988	139365	"2017-02-20 08:34:59.359"	"74.125.82.54"	"RECEIVED: RCPT TO:<aadamo@xxxx.com>"
"SMTPD"	4988	139365	"2017-02-20 08:34:59.362"	"74.125.82.54"	"SENT: 250 OK"
"SMTPD"	4988	139365	"2017-02-20 08:34:59.447"	"74.125.82.54"	"RECEIVED: DATA"
"SMTPD"	4988	139365	"2017-02-20 08:34:59.448"	"74.125.82.54"	"SENT: 354 OK, send."
"SMTPD"	8168	139365	"2017-02-20 08:34:59.567"	"74.125.82.54"	"SENT: 250 Queued (0.110 seconds)"
"APPLICATION"	5024	"2017-02-20 08:34:59.569"	"SMTPDeliverer - Message 44576069: Delivering message from anthonyatech@gmail.com to aadamo@xxxx.com. File: D:\Program Files (x86)\hMailServer\Data\{179B1726-AE3A-482D-9976-E522A50AFCE2}.eml"
"SMTPD"	2156	139365	"2017-02-20 08:34:59.651"	"74.125.82.54"	"RECEIVED: QUIT"
"SMTPD"	2156	139365	"2017-02-20 08:34:59.652"	"74.125.82.54"	"SENT: 221 goodbye"

User avatar
mattg
Moderator
Moderator
Posts: 20123
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Questions regarding SpamAssassin

Post by mattg » 2017-02-20 16:00

What version of hMailserver is this machine running?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:06

5.4.2-B1964

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:07

mattg wrote:What version of hMailserver is this machine running?
His wonderful diag report says:

2/17/2017 11:12:21 AM Hmailserver: 5.4.2-B1964

:mrgreen:
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:11

jimimaseye wrote:
mattg wrote:What version of hMailserver is this machine running?
His wonderful diag report says:

2/17/2017 11:12:21 AM Hmailserver: 5.4.2-B1964

:mrgreen:
Hey Hey, I took great pride in NOT redacting the second one LMAO!!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:15

I remain baffled.

Lets do the test again but ALSO with DEBUG enabled. Then post the resultant logs back.

(You might want to then turn off debug very quickly otherwise you will end up with a log file longer than Donald Trump's "List of Delusions to Stick To").

EDIT:

Also please post the HEADERS of the received email.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3184
Joined: 2006-08-21 15:38
Location: Denmark

Re: Questions regarding SpamAssassin

Post by SorenR » 2017-02-20 16:18

Just to clarify...

SpamAssassin internal_networks + trusted_networks == hMailServer Incoming Relay :!:

I use it exclusively for mails from my Backup-MX.
Last edited by SorenR on 2017-02-20 16:20, edited 1 time in total.
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:19

SorenR wrote:Just to clarify...

SpamAssassin internal_networks + trusted_networks == hMailServer Incoming Relay :!:
Not sure I follow, can you detail a little more? sorry and thanks!

User avatar
SorenR
Senior user
Senior user
Posts: 3184
Joined: 2006-08-21 15:38
Location: Denmark

Re: Questions regarding SpamAssassin

Post by SorenR » 2017-02-20 16:24

anthonyatech wrote:
SorenR wrote:Just to clarify...

SpamAssassin internal_networks + trusted_networks == hMailServer Incoming Relay :!:
Not sure I follow, can you detail a little more? sorry and thanks!
A server like ASSP or any Cloud based AntiVirus/SPAM service...

I use it for mails from my Backup-MX as there is no point in checking my Backup-MX, I need to check the server BEFORE the Backup-MX so it is simply looking at the next Received: header.
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:25

Log as requested with SMTP, Application and Debug

Code: Select all

"DEBUG"	7332	"2017-02-20 09:13:40.431"	"Creating session 140748"
"SMTPD"	7332	140748	"2017-02-20 09:13:40.431"	"74.125.82.46"	"SENT: 220 xxx.com ESMTP"
"SMTPD"	5404	140748	"2017-02-20 09:13:40.515"	"74.125.82.46"	"RECEIVED: EHLO mail-wm0-f46.google.com"
"SMTPD"	5404	140748	"2017-02-20 09:13:40.515"	"74.125.82.46"	"SENT: 250-atu-taru.com[nl]250-SIZE 20480000[nl]250 AUTH LOGIN"
"SMTPD"	5200	140748	"2017-02-20 09:13:40.600"	"74.125.82.46"	"RECEIVED: MAIL FROM:<anthonyatech@gmail.com> SIZE=3051"
"SMTPD"	5200	140748	"2017-02-20 09:13:40.606"	"74.125.82.46"	"SENT: 250 OK"
"SMTPD"	96	140748	"2017-02-20 09:13:40.690"	"74.125.82.46"	"RECEIVED: RCPT TO:<aadamo@xxx.com>"
"SMTPD"	96	140748	"2017-02-20 09:13:40.696"	"74.125.82.46"	"SENT: 250 OK"
"SMTPD"	3620	140748	"2017-02-20 09:13:40.781"	"74.125.82.46"	"RECEIVED: DATA"
"SMTPD"	3620	140748	"2017-02-20 09:13:40.782"	"74.125.82.46"	"SENT: 354 OK, send."
"DEBUG"	8168	"2017-02-20 09:13:40.894"	"Saving message: {1C5B5A84-6A77-4471-8869-7F3DF54A47C6}.eml"
"DEBUG"	8168	"2017-02-20 09:13:40.898"	"Requesting SMTPDeliveryManager to start message delivery"
"SMTPD"	8168	140748	"2017-02-20 09:13:40.899"	"74.125.82.46"	"SENT: 250 Queued (0.110 seconds)"
"DEBUG"	5024	"2017-02-20 09:13:40.902"	"Delivering message..."
"APPLICATION"	5024	"2017-02-20 09:13:40.903"	"SMTPDeliverer - Message 44578203: Delivering message from anthonyatech@gmail.com to aadamo@xxx.com. File: D:\Program Files (x86)\hMailServer\Data\{1C5B5A84-6A77-4471-8869-7F3DF54A47C6}.eml"
"DEBUG"	5024	"2017-02-20 09:13:40.908"	"Saving message: {1C5B5A84-6A77-4471-8869-7F3DF54A47C6}.eml"
"APPLICATION"	7304	"2017-02-20 09:13:40.931"	"SMTPDeliverer - Message 44578202: Message delivery thread completed."
"SMTPD"	7332	140748	"2017-02-20 09:13:40.983"	"74.125.82.46"	"RECEIVED: QUIT"
"SMTPD"	7332	140748	"2017-02-20 09:13:40.983"	"74.125.82.46"	"SENT: 221 goodbye"
"DEBUG"	7672	"2017-02-20 09:13:40.983"	"Closing TCP/IP socket"
"DEBUG"	7672	"2017-02-20 09:13:40.984"	"Ending session 140748"
"DEBUG"	6124	"2017-02-20 09:13:41.124"	"Deleting message"
"DEBUG"	6124	"2017-02-20 09:13:41.125"	"Deleting message file."
"DEBUG"	7864	"2017-02-20 09:13:42.984"	"Closing TCP/IP socket"

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:26

SorenR wrote:Just to clarify...

SpamAssassin internal_networks + trusted_networks == hMailServer Incoming Relay :!:

I use it exclusively for mails from my Backup-MX.
https://spamassassin.apache.org/full/3. ... _Conf.html
trusted_networks ip.add.re.ss[/mask] ... (default: none)
  • If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter.
So the INTERNAL_NETWORKS setting, as it is alone, is being seen as the TRUSTED_NETWORKS.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:30

anthonyatech wrote:Log as requested with SMTP, Application and Debug

Code: Select all

.
.
.
Sorry. I remain baffled.

Now I would approach the not so obvious actions in an attempt to 'get things going'

a, Disable, reenable spamassassin.
b, Upgrade to latest HMS and try it all again

There is a significant detail missing out of that DEBUG logging.

eg,
"SMTPD" 4964 12616 "2017-02-20 14:31:01.162" "212.82.98.220" "SENT: 250 OK"
"SMTPD" 4804 12616 "2017-02-20 14:31:01.209" "212.82.98.220" "RECEIVED: DATA"
"DEBUG" 4804 "2017-02-20 14:31:01.209" "Executing event OnSMTPData"
"DEBUG" 4804 "2017-02-20 14:31:01.209" "Event completed"
"SMTPD" 4804 12616 "2017-02-20 14:31:01.209" "212.82.98.220" "SENT: 354 OK, send."
"DEBUG" 4964 "2017-02-20 14:31:01.287" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3160 "2017-02-20 14:31:01.287" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3160 "2017-02-20 14:31:01.287" "SURBL: Execute"
"DEBUG" 3160 "2017-02-20 14:31:01.287" "SURBL: Match not found"
"DEBUG" 3160 "2017-02-20 14:31:01.287" "Spam test: SpamTestSURBL, Score: 0"
"DEBUG" 3160 "2017-02-20 14:31:01.287" "Creating session 12741"
"DEBUG" 4964 "2017-02-20 14:31:01.287" "TCP connection started for session 12741"
"DEBUG" 4964 "2017-02-20 14:31:01.287" "Sending message to SpamAssassin. Session 12741, File: D:\Datastore\hMailData\{C9B79998-073A-4A4C-9F75-C732581880B6}.eml"
"DEBUG" 4804 "2017-02-20 14:31:01.864" "Parsing response from SpamAssassin. Session 12741"
"DEBUG" 1980 "2017-02-20 14:31:01.864" "SA - Copy+Delete used"
"DEBUG" 1980 "2017-02-20 14:31:01.864" "Ending session 12741"
"DEBUG" 3160 "2017-02-20 14:31:01.864" "Spam test: SpamTestSpamAssassin, Score: 0"
"DEBUG" 3160 "2017-02-20 14:31:01.864" "Total spam score: 0"
"DEBUG" 3160 "2017-02-20 14:31:01.864" "Executing event OnAcceptMessage"
"DEBUG" 3160 "2017-02-20 14:31:01.864" "Event completed"
"DEBUG" 3160 "2017-02-20 14:31:01.864" "Saving message: {C9B79998-073A-4A4C-9F75-C732581880B6}.eml"
"DEBUG" 3160 "2017-02-20 14:31:01.958" "Requesting SMTPDeliveryManager to start message delivery"

"SMTPD" 3160 12616 "2017-02-20 14:31:01.958" "212.82.98.220" "SENT: 250 Queued (0.640 seconds)"
"DEBUG" 4276 "2017-02-20 14:31:01.989" "Adding task DeliveryTask to work queue SMTP delivery queue"
"DEBUG" 2556 "2017-02-20 14:31:01.989" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 2556 "2017-02-20 14:31:01.989" "Delivering message..."
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:30

jimimaseye wrote:
SorenR wrote:Just to clarify...

SpamAssassin internal_networks + trusted_networks == hMailServer Incoming Relay :!:

I use it exclusively for mails from my Backup-MX.
https://spamassassin.apache.org/full/3. ... _Conf.html
trusted_networks ip.add.re.ss[/mask] ... (default: none)
  • If trusted_networks is not set and internal_networks is, the value of internal_networks will be used for this parameter.
So the INTERNAL_NETWORKS setting, as it is alone, is being seen as the TRUSTED_NETWORKS.
Ok from some previous posts, i believe this is the case as we spoke about this already.

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:34

jimimaseye wrote:
anthonyatech wrote:Log as requested with SMTP, Application and Debug

Code: Select all

.
.
.
Sorry. I remain baffled.

Now I would approach the not so obvious actions in an attempt to 'get things going'

a, Disable, reenable spamassassin.
b, Upgrade to latest HMS and try it all again
c, defer to other peoples thoughts and opinions.
Ok, good, so I am not going crazy then! lol .. I think I am going to start with this...

on the internet ip range
-under allow deliveries from
--uncheck external to external email addresses
-under require smtp authentication
--check local to local email addresses

and ensure this does not interrupt any required communications, from there I am going to do A and B as requested... as for C, this was my last ditch effort as I cannot find any documentation anywhere and have been searching for over a week lol.

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:35

The funny thing is, anything from a hosted office 365 email (anything from *.prod.outlook.com) gets sent to SpamAssassin for processing not other than that not much...

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:37

anthonyatech wrote:The funny thing is, anything from a hosted office 365 email (anything from *.prod.outlook.com) gets sent to SpamAssassin for processing not other than that not much...
Do you have an address from outlook to use as a test? (Like you did with the gmail test)? If so, please do the test again with it.

Also, do you have any ROUTES set up?

anthonyatech wrote: on the internet ip range
-under allow deliveries from
--uncheck external to external email addresses
-under require smtp authentication
--check local to local email addresses
yes
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:39

Yes I do have an outlook address to test from and we do have routes configured on our firewall, but nothing from the outlook hosted email... and no routes accept to give access to the email server from the other 10. networks

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:41

I meant ROUTES in hmailserver (not your firewall).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:42

Ok, so that email did not get sent to SA for processing.. which makes it even all more weird...

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:43

jimimaseye wrote:I meant ROUTES in hmailserver (not your firewall).
If the only place they can be added is the SMTP (that is all I can find), then no

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:51

anthonyatech wrote:Ok, so that email did not get sent to SA for processing.. which makes it even all more weird...
Yep.

I would do an upgrade to 5.6.6 if I were you (if for no other reason than it gives better logging.....hopefully).


viewtopic.php?f=21&t=29726
viewtopic.php?f=21&t=28914

(you are SURE that you dont have 2x spamassassin spamd's running? You defintiely dont have spamassassin running as a service, right?)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 16:55

SpamAssassin is running currently in a command windows with the service NOT started. From the output in the command prompt window, spam assassin is version 3.4.1. In addition, I have the checks from built in anti-spam turned off to make sure all messages go through spamassassin. Could that be why there is less log output than expected? Although it is still missing the SA entries so never mind...

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 16:59

WOAH!!!!!!!!!!!

Code: Select all

WHITELISTING
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.0               
              10.162.120.127     to    10.162.120.127               
              65.204.0.67        to    255.255.255.255             
              68.237.161.12      to    68.237.161.12               
              69.254.116.149     to    69.254.116.149               
              71.250.0.12        to    71.250.0.12                 
              108.29.44.1        to    108.29.44.162               
              206.29.160.0       to    206.29.191.255               
-----------------------------------------------------------------------------------------------

WTF?!??!!!


THATS your problem!

(https://www.hmailserver.com/documentati ... itelisting)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 17:01

jimimaseye wrote:WOOH!!!!!!!!!!!

Code: Select all

WHITELISTING
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.0               
              10.162.120.127     to    10.162.120.127               
              65.204.0.67        to    255.255.255.255             
              68.237.161.12      to    68.237.161.12               
              69.254.116.149     to    69.254.116.149               
              71.250.0.12        to    71.250.0.12                 
              108.29.44.1        to    108.29.44.162               
              206.29.160.0       to    206.29.191.255               
-----------------------------------------------------------------------------------------------

WTF?!??!!!


THATS your problem!
the whitelist? all or some?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 17:04

well....

a, for a start.....

Code: Select all

              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.0   
doesnt make sense! Why 4x entries all saying the same.

b,
0.0.0.0 to 255.255.255.255
means nothing is going to be SA processed outside of the other specific entries.

c, Why whitelist ranges that you have then said 'enable spamchecking' on?
10.162.120.127
108.29.44.x
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3184
Joined: 2006-08-21 15:38
Location: Denmark

Re: Questions regarding SpamAssassin

Post by SorenR » 2017-02-20 17:04

anthonyatech wrote:
jimimaseye wrote:WOOH!!!!!!!!!!!

Code: Select all

WHITELISTING
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.255             
              0.0.0.0            to    255.255.255.0               
              10.162.120.127     to    10.162.120.127               
              65.204.0.67        to    255.255.255.255             
              68.237.161.12      to    68.237.161.12               
              69.254.116.149     to    69.254.116.149               
              71.250.0.12        to    71.250.0.12                 
              108.29.44.1        to    108.29.44.162               
              206.29.160.0       to    206.29.191.255               
-----------------------------------------------------------------------------------------------

WTF?!??!!!


THATS your problem!
the whitelist? all or some?
Unless you have a very good reason NOT to spamcheck/viruscheck senders I would claim ALL!
SørenR.

“With age comes wisdom, but sometimes age comes alone.”
- Oscar Wilde

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 17:08

I removed the whitelists and its working!!! I didnt think the whitelist would be effective if I was using SA only and not built in Anti-Spam.. also is there a way to whitelist a domain?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 17:10

It is in the documentation.
Example 2: Whitelist all email from the domain example.com.

In this example you will use a wildcard to whitelist all senders on a specific domain.
  • Click Add to add a new white list record
    In the description field, specify "Whitelist of all at example.com"
    In the email address field, specify *@example.com.
    Click Save
Im done.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 17:14

Despite our initial head butting, thanks so much your freakin awesome!!!!!!

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 17:16

Cheers.

As you can see, my "head butting" was there for good reason.

(you are not the first person to have such paranoia, and you wont be the last one I have the objection about).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

anthonyatech
New user
New user
Posts: 26
Joined: 2017-02-17 17:25

Re: Questions regarding SpamAssassin

Post by anthonyatech » 2017-02-20 17:16

Yes thanks again so much!!

User avatar
mattg
Moderator
Moderator
Posts: 20123
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Questions regarding SpamAssassin

Post by mattg » 2017-02-20 23:28

I saw that, and wasn't sure that email addresses that were linked were just not shown or redacted...
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8125
Joined: 2011-09-08 17:48

Re: Questions regarding SpamAssassin

Post by jimimaseye » 2017-02-20 23:34

mattg wrote:I saw that, and wasn't sure that email addresses that were linked were just not shown or redacted...
Obviously with hindsight and experience of how this thread started and the paranoia shown, it is clear that he removed the email addresses completely. By doing so we will not know to what extent they interfered (being less than a TOTAL whitelisting of everything as it appears in his report) except to know that they did somehow. More reason why to just leave things well alone in these things (or at least TELL US that they have been removed).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply