Log shows spam score but no results

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
mtalent
New user
New user
Posts: 1
Joined: 2017-03-28 23:05

Log shows spam score but no results

Post by mtalent » 2017-03-28 23:28

Ok, new to hmailserver just moved one of our domains over for testing purposes.

Right away I was informed that people were getting unusual emails that they didn't get before.

So I implemented some of the spam options in the server. check spf, check host in the helo command and check dns mx record (also checked the boxes to have information added to the header). We cannot lose emails so I just opted for hmailserver to add the default [spam] to the subject and asked the people to report to me with the results.

So today we have an email that shouldn't be there. Nothing was added to the header and nothing added to the subject line. I searched the logs for the ip and found the transaction ----Below------- (changed mail server name, mail account name and local ip) if I left something that could cause me problems admins feel free to edit it out or let me know.

"DEBUG" 3740 "2017-03-27 23:20:17.255" "Creating session 110"
"TCPIP" 3740 "2017-03-27 23:20:17.271" "TCP - 138.99.204.14 connected to 172.xxx.xxx.xxx:xx."
"DEBUG" 3740 "2017-03-27 23:20:17.271" "TCP connection started for session 109"
"SMTPD" 3740 109 "2017-03-27 23:20:17.271" "138.99.204.14" "SENT: 220 mail.nunya.com ESMTP"
"SMTPD" 3692 109 "2017-03-27 23:20:17.505" "138.99.204.14" "RECEIVED: ehlo gregmar.pl"
"SMTPD" 3692 109 "2017-03-27 23:20:17.505" "138.99.204.14" "SENT: 250-mail.nunya.com[nl]250-SIZE 20480000[nl]250-AUTH LOGIN[nl]250 HELP"
"SMTPD" 3740 109 "2017-03-27 23:20:17.724" "138.99.204.14" "RECEIVED: mail from:<info@IMPERIL.com>"
"DEBUG" 3740 "2017-03-27 23:20:17.990" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 3740 "2017-03-27 23:20:18.412" "Spam test: SpamTestMXRecords, Score: 2"
"DEBUG" 3740 "2017-03-27 23:20:18.521" "Spam test: SpamTestSPF, Score: 0"
"DEBUG" 3740 "2017-03-27 23:20:18.521" "Total spam score: 4"
"SMTPD" 3740 109 "2017-03-27 23:20:18.537" "138.99.204.14" "SENT: 250 OK"
"SMTPD" 3716 109 "2017-03-27 23:20:18.755" "138.99.204.14" "RECEIVED: rcpt to:<account@domain.com>"
"SMTPD" 3716 109 "2017-03-27 23:20:18.771" "138.99.204.14" "SENT: 250 OK"
"SMTPD" 3704 109 "2017-03-27 23:20:19.427" "138.99.204.14" "RECEIVED: data"
"SMTPD" 3704 109 "2017-03-27 23:20:19.537" "138.99.204.14" "SENT: 354 OK, send."
"DEBUG" 3740 "2017-03-27 23:20:20.255" "Could not retrieve PTR record for IP (false)! 138.99.204.14"
"DEBUG" 3740 "2017-03-27 23:20:20.271" "Adding task AsynchronousTask to work queue Asynchronous task queue"
"DEBUG" 3548 "2017-03-27 23:20:20.271" "Executing task AsynchronousTask in work queue Asynchronous task queue"
"DEBUG" 3548 "2017-03-27 23:20:20.271" "Total spam score: 0"
"DEBUG" 3548 "2017-03-27 23:20:20.271" "Saving message: {CEF10E2E-A385-4E90-A7EF-2DB21AD855FB}.eml"
"DEBUG" 3548 "2017-03-27 23:20:20.287" "Requesting SMTPDeliveryManager to start message delivery"
"DEBUG" 3560 "2017-03-27 23:20:20.287" "Adding task DeliveryTask to work queue SMTP delivery queue"
"SMTPD" 3548 109 "2017-03-27 23:20:20.287" "138.99.204.14" "SENT: 250 Queued (0.734 seconds)"
"DEBUG" 3608 "2017-03-27 23:20:20.287" "Executing task DeliveryTask in work queue SMTP delivery queue"
"DEBUG" 3608 "2017-03-27 23:20:20.302" "Delivering message..."
"APPLICATION" 3608 "2017-03-27 23:20:20.302" "SMTPDeliverer - Message 13770: Delivering message from info@IMPERIL.com to account@domain.com. File: C:\Program Files (x86)\hMailServer\Data\{CEF10E2E-A385-4E90-A7EF-2DB21AD855FB}.eml"
"DEBUG" 3608 "2017-03-27 23:20:20.302" "Applying rules"
"DEBUG" 3608 "2017-03-27 23:20:20.302" "Performing local delivery"
"DEBUG" 3608 "2017-03-27 23:20:20.318" "Applying rules"
"DEBUG" 3608 "2017-03-27 23:20:20.318" "Saving message: {CEF10E2E-A385-4E90-A7EF-2DB21AD855FB}.eml"
"DEBUG" 3608 "2017-03-27 23:20:20.318" "AWStats::LogDeliverySuccess"
"DEBUG" 3608 "2017-03-27 23:20:20.333" "Local delivery completed"
"APPLICATION" 3608 "2017-03-27 23:20:20.333" "SMTPDeliverer - Message 13770: Message delivery thread completed."
"SMTPD" 3692 109 "2017-03-27 23:20:20.521" "138.99.204.14" "RECEIVED: quit"
"SMTPD" 3692 109 "2017-03-27 23:20:20.521" "138.99.204.14" "SENT: 221 goodbye"
"DEBUG" 3716 "2017-03-27 23:20:20.521" "Ending session 109"



I am going to add my mail config from your script in case you need it.

[code]3/28/2017 2:24:54 PM Hmailserver: 5.6.6-B2383

IP: 172.xxx.xxx.xxx - 172.xxx.xxx.xxx Priority: 15 Name: local

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: True

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - False


IP: 127.0.0.1 - 127.0.0.1 Priority: 15 Name: My computer

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - False
Local To External - True Local To External - False
External To Local - True External To Local - False
External To External - True External To External - True


IP: 0.0.0.0 - 255.255.255.255 Priority: 10 Name: Internet

Allow connections Other
SMTP: True Antispam : True
POP3: True Antivirus: True !! ANTIVIRUS NOT CONFIGURED !!
IMAP: True SSL/TLS: False

Allow Deliveries from Require Authentication from
Local To Local - True Local To Local - True
Local To External - True Local To External - True
External To Local - True External To Local - False
External To External - True External To External - True


------------------------------------------------------
AUTOBANNED Local Addresses:
No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
Autoban Enabled: True Max invalid logon attempts: 3
Minutes Before Reset: 30 (0.50 hours, 0.02 days)
Minutes to Autoban: 60 (1.00 hours, 0.04 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
No entries
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL SPAM TESTS Score SPAMASSASSIN
Spam Mark: 5 Use SPF: True - 3 Use Spamassassin: False
Add X-HmailServer-Spam: True Check HELO host: True - 2
Add X-HmailServer-Reason: True Check MX records: True - 2
Add X-HmailServer-Subject: True Verify DKIM: False - 5
Subject Text: "[SPAM]"
Spam delete threshold: 20 Maximum message size: 1024

GREYLISTING:
Greylisting: False

DNSBL ENTRIES:
No entries

SURBL ENTRIES:
No entries
-----------------------------------------------------------------------------------------------

WHITELISTING
No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS: No application configured.

Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL/TLS
SSL 3.0 : False
TLS 1.0 : True
TLS 1.1 : True
TLS 1.2 : True Verify Remote SSL/TLS Certs: True
SslCipherList :

ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384 - DHE-RSA-AES128-GCM-SHA256 - DHE-DSS-AES128-GCM-SHA256
kEDH+AESGCM - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA - ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES128-SHA256 - DHE-RSA-AES128-SHA - DHE-DSS-AES128-SHA256
DHE-RSA-AES256-SHA256 - DHE-DSS-AES256-SHA - DHE-RSA-AES256-SHA
AES128-GCM-SHA256 - AES256-GCM-SHA384 - ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA - AES128 - AES256
RC4-SHA - HIGH - !aNULL
!eNULL - !EXPORT - !DES
!3DES - !MD5 - !PSK;
-----------------------------------------------------------------------------------------------

TCPIP PORTS Connection Sec
0.0.0.0 / 25 / SMTP - None
0.0.0.0 / 110 / POP3 - None
0.0.0.0 / 143 / IMAP - None
0.0.0.0 / 587 / SMTP - None
-----------------------------------------------------------------------------------------------

LOGGING Logging Enabled: True

Paths:- Current: C:\Program Files (x86)\hMailServer\Logs\hmailserver_2017-03-28.log
Error: C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2017-03-28.log
Event: C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log
Awstats: C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
APPLICATION - True
SMTP - True
POP3 - True
IMAP - True
TCPIP - True
DEBUG - True
AWSTATS - True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

ERROR: Backup directory has not been specified.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

[/code]
Generated by HMSSettingsDiagnostics v1.48, Hmailserver Forum.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Log shows spam score but no results

Post by jimimaseye » 2017-03-28 23:38

You can see from your logs:
"DEBUG" 3740 "2017-03-27 23:20:17.990" "Spam test: SpamTestHeloHost, Score: 2"
"DEBUG" 3740 "2017-03-27 23:20:18.412" "Spam test: SpamTestMXRecords, Score: 2"
"DEBUG" 3740 "2017-03-27 23:20:18.521" "Spam test: SpamTestSPF, Score: 0"
"DEBUG" 3740 "2017-03-27 23:20:18.521" "Total spam score: 4"
Your spam settings are:
Spam Mark: 5
Spam delete threshold: 20
Hence no spam marking (and certainly no deleting. 20 is REALLY too high).

Its not necessary but you could really improve your antispam capabilities by using the integrated spamassassin functionality and setup (eg: viewtopic.php?f=21&t=28133). Alternatively its just a case of tinkering with your scores to suit.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply