Help needed [SpamAssassin, still much spam]

Use this forum for discussions about SpamAssassin and anti-spam in general.
Post Reply
User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-22 12:15

Hey there,

i think i again hit the point where i need some help from you guys ;)
I'm running several hMailserver installations for me and my clients. They are configured very similar why i use my own testserver-config for example here.

I have trouble with a sepcific type of spam, all mails are looking quite similar. 95% are including bitcoin/crypto topics. I can't manage to get rid of them.
Example Screenshot from a spam-mail:
https://img2.picload.org/image/dolrllrl/mails.png

hMailServer diagnostic report:

Code: Select all

2018-05-22   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - pcxxxxxxxxxxxx.de              Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:        0                      Plus addressing: False
                   Max size of accounts:    0                    
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True
     POP3:   True                              Antivirus:   True
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:           30  (0,50 hours, 0,02 days)
                              Minutes to Autoban:             60  (1,00 hours, 0,04 days)

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:        False  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size:120480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                      EXTERNAL.TLD  (ok)       Disc. on invalid:   True  Delivered-To hdr: False
                     Port:  25                 Max number commands: 100  Loop limit:           5
                     Req Auth: True *User Entered*                       Recipient hosts:     15
                     Con. Sec.: StartTLS Required
  Routes:
    Domain1.com              - S: Local   R: Local  - Addr: All         (ok)

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:            True - 2    Use Spamassassin:    True
  Add X-HmailServer-Spam:     True    Check HELO host:   False        Hostname:       127.0.0.1
  Add X-HmailServer-Reason:   True    Check MX records:   True - 2    Port:                 783
  Add X-HmailServer-Subject: False    Verify DKIM:       False        Use SA score:        True

  Spam delete threshold: 20         Maximum message size: 99999

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 5     Result: 127.0.0.*
                    bl.spamcop.net      Score: 5     Result: 127.0.0.*
                  psbl.surriel.com      Score: 1     Result: 127.0.0.*
                virbl.dnsbl.bit.nl      Score: 1     Result: 127.0.0.*
            b.barracudacentral.org      Score: 2     Result: 127.0.0.*

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS

GENERAL:
  When found - Delete email. Notify Sender: False,  Notify Receiver: False

  Max Message Size: 0
     CLAM AV:   True       Hostname: localhost    Port: 3310
     CLAMWIN:   False
     CUSTOMAV:  False

  Block Attachments: False

-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 155   / POP3   -   SSL/TLS            
               0.0.0.0         / 225   / SMTP   -   SSL/TLS            
               0.0.0.0         / 243   / IMAP   -   None                
               0.0.0.0         / 687   / SMTP   -   None                

    !! No SMTP Port 25 defined. Direct external SMTP inbound not possible !!

-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: False

  Paths:-
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2018-05-22.log - !! ERRORS PRESENT !!
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

Backup directory C:\Mailserver Backup is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MSSQLCE
Username=           
PasswordEncryption=1
Port=              0
Server=             
Internal=          1
-----------------------------------------------------------------------------------------------

[size=80]Generated by HMSSettingsDiagnostics v1.92, Hmailserver [url=https://www.hmailserver.com/forum/viewtopic.php?f=20&t=30914]Forum[/url].[/size]
Here are my questions google could not really help me with:

1) How does SpamAssassin learning works? Do i need to store spam anywhere for that? It's pretty unclear for me how that works
2) How can i try to get rid of these spam mails?
3) Is it possible to use any sort of content filter, maybe that i could declare this mail als spam and the filter learns from it (or ist that the point SA will do?)?

Maybe i just read too much within the last days. I've read so many guides how to delete spam with hMailServer and every post/blog/etc. said "You're done now!", i think i'm just too confused for now. To prevent making any mistakes in the hMailSever config i think it's a good idea to ask here :)

Kind regards

Christian
Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Help needed [SpamAssassin, still much spam]

Post by jimimaseye » 2018-05-22 13:08

Hello again. (Long time no see... but I guess thats a good thing for you).

A few observations and questions:

1, Your 'Spam DELETE' threshold is VERY high. Im surprised anything gets removed (even with your extra HMS check scoring). You are using SA scoring - I myself consider anything over SA score 3 as spam and anything over 6 gets deleted immediately (definitely unwanted).

2, What do the Spamassassin headers in an email say? Can you post an example from one of the spam emails please.

3, BAYES - when you train the database with idetifiable spam emails it learns and then increases the probability of future emails being seen as spam (using the BAYES PROBABILITY rules/scoring). You will need to have a 'data base of both spam and Ham emails to begin with though. This will help you get started: viewtopic.php?f=20&t=26866 (read the thread for updates/modifications to the initial scripts)

4, FWIW My recommendations for SA setup and scoring is here: viewtopic.php?p=174991#p174991 Its a slightly different approach (I dont use the SA scoring directly and I use rules to control what gets deleted when) but I find extremely effective.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Re: Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-22 13:52

Hi jimimaseye!

Yeah it was a good thing, everything works perfectly :) Nice to see you :)
Your 'Spam DELETE' threshold is VERY high.
Yeah, you got me. No idea why i set it to 20. It's down to 6 now.
What do the Spamassassin headers in an email say? Can you post an example from one of the spam emails please.
Will do this with the next spam :)
BAYES - when you train the database with idetifiable spam emails it learns and then increases the probability of future emails being seen as spam (using the BAYES PROBABILITY rules/scoring). You will need to have a 'data base of both spam and Ham emails to begin with though. This will help you get started: viewtopic.php?f=20&t=26866 (read the thread for updates/modifications to the initial scripts)
Thank you, i will give it a try :)
FWIW My recommendations for SA setup and scoring is ghere: viewtopic.php?p=174991#p174991 Its a slightly different approach but I find extremely effective.
Thanks, looks like i have some work to do :)

BTW: Your backup-script still works fine :) Still running every night at a customers server proceeding backups with a size of ~45 GB without any problems :)
Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Re: Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-22 14:23

Mailheader from a spammail:

Code: Select all

Return-Path: info@quanpro.network
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on brutus
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,JAM_DO_STH_HERE,
	JAM_LONG_LINK,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED
	autolearn=no autolearn_force=no version=3.4.1
X-hMailServer-ExternalAccount: XXX
Return-Path: <SRS1=XsPT=ha01s008.org-dns.com==wISe=IJ=quanpro.network=bounce@ha01s021.org-dns.com>
X-Original-To: XXX
Delivered-To: XXX
Received: from sm-r-015.org-dns.com (sm-r-015.org-dns.com [92.79.61.110])
	by ha01s021.org-dns.com (Postfix) with ESMTPS id 9D57C1E8CBAD
	for <XXX>; Tue, 22 May 2018 11:28:39 +0200 (CEST)
Authentication-Results: ha01s021;
	spf=pass (sender IP is 92.79.61.110) smtp.mailfrom=srs0=wise=ij=quanpro.network=bounce@ha01s008.org-dns.com smtp.helo=sm-r-015.org-dns.com
Received-SPF: pass (ha01s021: domain of ha01s008.org-dns.com designates 92.79.61.110 as permitted sender) client-ip=92.79.61.110; envelope-from=srs0=wise=ij=quanpro.network=bounce@ha01s008.org-dns.com; helo=sm-r-015.org-dns.com;
Received: from smh01.org-dns.com (localhost [127.0.0.1])
	by smh01.org-dns.com (Postfix) with ESMTP id 383BC844EF
	for <XXX>; Tue, 22 May 2018 11:28:39 +0200 (CEST)
Received: by smh01.org-dns.com (Postfix, from userid 1001)
	id 29150844E5; Tue, 22 May 2018 11:28:39 +0200 (CEST)
Received: from ha01s008.org-dns.com (ha01s008.org-dns.com [62.108.32.128])
	by smh01.org-dns.com (Postfix) with ESMTPS id 2B7BE844EF
	for <XXX>; Tue, 22 May 2018 11:28:38 +0200 (CEST)
Received: by ha01s008.org-dns.com (Postfix, from userid 30)
	id 3057B1920AC0; Tue, 22 May 2018 11:28:38 +0200 (CEST)
X-Original-To: XXX
Delivered-To: XXX
Received: from finds5.ccccc.me (finds5.ccccc.me [179.61.162.164])
 by ha01s008.org-dns.com (Postfix) with ESMTP id C12CB1920AC0
 for <XXX>; Tue, 22 May 2018 11:28:33 +0200 (CEST)
Received-SPF: pass (ha01s008.org-dns.com: domain of quanpro.network designates
 179.61.162.164 as permitted sender) client-ip=179.61.162.164;
 envelope-from=bounce@quanpro.network; helo=finds5.ccccc.me; 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mail; d=quanpro.network;
 h=To:Subject:Message-ID:Date:From:Reply-To:MIME-Version:List-Unsubscribe:
 Content-Type:Content-Transfer-Encoding; i=info@quanpro.network;
 bh=2NhdZ2nrsoZ8p1sOjVslwl/IE3PURXZtYx/wy8V8Rvk=;
 b=IGPxDJe1thbFsvBrYSfDL5lO+IMxQwO4vS+uvNpGP9hAyGBaysBEwaxYnR/BbIpneI1IeffQyrDA
 smVRdAhuDHgiF3HOALT7WQO3qA9Tm5t5xFZF9fYovPraUlm0kBIu2k2D4Zb1I5hONK4hBRbMUPBu
 gkLqHoN+CEn9R3bYEBY=
Received: from quanpro.network (172.16.238.4) by finds5.ccccc.me for
 <XXX>;
 Tue, 22 May 2018 09:28:33 +0000 (envelope-from <bounce@quanpro.network>)
To: XXX
Subject: Cryptocurrencies Continue to Surge
Message-ID: <b048939993af7fbb864340fd08988c72@official-iphone-giveaway.com>
Date: Tue, 22 May 2018 09:27:04 +0000
From: "* Lina" <info@quanpro.network>
Reply-To: support@quanpro.network
MIME-Version: 1.0
X-Mailer-LID: 1,6
List-Unsubscribe: <http://official-iphone-giveaway.com/rb/7wx2U235003.d85M40d8f80168dacbf5313d805d6afcf99b/vYCW6/a9oB39.html>
X-Mailer-RecptId: 235003
X-Mailer-SID: 39
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8";
 boundary="b1_1d1cba9298d5b988f05da1b83ebfc7ec"
Content-Transfer-Encoding: 8bit
X-PPP-Message-ID: <20180522092837.9357.44914@ha01s008.org-dns.com>
X-PPP-Vhost: XXX
X-POWERED-BY: WIRCON - AV:CLEAN SPAM:OK

Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Help needed [SpamAssassin, still much spam]

Post by jimimaseye » 2018-05-22 14:38

DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,JAM_DO_STH_HERE,
JAM_LONG_LINK,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED
From the tests performed it looks like that this email would already have been caught in the SURBL checks within HMS - it has already been caught in SA under 'URIBL' test. However, the rest of the SA tests have resulted in a low score (0.8) so I suspect the source of this was quite new. Are you running the full complete set of SA rules? If so, you might want to add/increase the score for URIBL_BLOCKED test to something like +3 more than it is already. This will surely have pushed the score over 6 and the email would have been deleted now that you have lowered your delete threshold score. (Having it at 20 will undoubtedly be the reason you saw so many spams so now lowering it will help a lot).

If you plan to do BAYES training using sa-learn then you might want to reconsider what you do with spam emails - instead of deleting them you might want to stash them in a special folder to use against the training script.
PCE|Christian wrote:
2018-05-22 13:52
BTW: Your backup-script still works fine Still running every night at a customers server proceeding backups with a size of ~45 GB without any problems
Good to hear. Thanks. Did you note the recent minor corrections that I made to the script? Check the thread for information. viewtopic.php?f=21&t=28139
PCE|Christian wrote:
2018-05-22 13:52
FWIW My recommendations for SA setup and scoring is ghere: viewtopic.php?p=174991#p174991 Its a slightly different approach but I find extremely effective.
Thanks, looks like i have some work to do
Its not so bad really - it looks more complicated than it really is. (Im quite verbose in what I write in guides).
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Re: Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-22 15:50

If you plan to do BAYES training using sa-learn then you might want to reconsider what you do with spam emails - instead of deleting them you might want to stash them in a special folder to use against the training script.
Struggeling a bit here. First i try to explain my infrastructure:

1) Mailserver from my webspace, if a mail arrives there,
2) my hMailServer gets it with POP, then
3) my MailStore Proxy for archiving takes the mail and stores it to my MailStore Archive.
4) My Outlook connects to the proxy (POP), the proxy now grabs all mails from the hMailServer and sends them to Outlook - all with POP because IMAP is not supported/needed in this setup.

So, this is the scenario how i receive mails due to get everything correct for GDPR and local guidelines (i have to archive all mails before any client could touch and modify them).

My thoughts now:
I created a honeypot mailadress. With a rule i will send alle mails declared as spam to that adress. Further i can be sure that all mails which will arrive at this never published adress are 100% spam and unwanted. The point i can't figure out is how to let SpamAssassin learn from this. You linked a topic to me, but it is a solution for IMAP only. The second thing i just thought about: All the spam from my clients could be send to there, so that i could create a big own database which all SpamAssassin installations are using. Is that possible?
Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Help needed [SpamAssassin, still much spam]

Post by jimimaseye » 2018-05-22 16:04

Im running out the door right now but a quick look at that script should still be ok. Yes it uses IMAP to move the emails to an IMAP folder but (along with special headers) this is just for the purpose of the 'sorting' script later. also by moving it there it (hopefully) will move it out from being downloaded by the POP from outlook. If this is not required, the script could be changed to COPY the emails across leaving the source in place.

In any case, the pther scripts then read the contents of that folder and sort them in to SPAM and HAM folders physically on disk (from where they will be read an 'learned' from).

IOW this use of IMAP is of no concern to your POP3 clients as it is merely a vehicle for the other scripts that go to use it.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Re: Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-23 10:02

Good morning everyone :)
it has already been caught in SA under 'URIBL' test. However, the rest of the SA tests have resulted in a low score
Where can i modify the score for URIBL? Tried it with "score URIBL_BLOCKED 3" in local.cf from spamassassin. I think that is wrong because it is not working.
Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
mattg
Moderator
Moderator
Posts: 20144
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Help needed [SpamAssassin, still much spam]

Post by mattg » 2018-05-23 13:35

I do this to make the URIBL all score 0 in SpamAssassin ( I check them in hMailserver)

# don't score URIBL
score URIBL_BLACK 0
score URIBL_RED 0
score URIBL_GREY 0
score URIBL_BLOCKED 0


There is also URIBL_SBL and URIBL_SBL_A rule on my system, but I'm not sure where (I can search for them if you need)

http://uribl.com/usage.shtml
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Help needed [SpamAssassin, still much spam]

Post by jimimaseye » 2018-05-23 23:09

PCE|Christian wrote:
2018-05-23 10:02
Good morning everyone :)
it has already been caught in SA under 'URIBL' test. However, the rest of the SA tests have resulted in a low score
Where can i modify the score for URIBL? Tried it with "score URIBL_BLOCKED 3" in local.cf from spamassassin. I think that is wrong because it is not working.
Did you restart the spamassassin service after you made the change?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
PCE|Christian
Normal user
Normal user
Posts: 56
Joined: 2015-02-12 18:32
Location: Germany
Contact:

Re: Help needed [SpamAssassin, still much spam]

Post by PCE|Christian » 2018-05-25 10:45

Hi!

The restart did it :) But the URIBL-Test is quite strange for me. Every mail gets points from URIBL with the flag "URIBL_BLOCKED". Need to investigate why.
Regards, Christian

hMailserver 5.6-B2145 on Windows Server 2012 R2 Datacenter

User avatar
jimimaseye
Moderator
Moderator
Posts: 8132
Joined: 2011-09-08 17:48

Re: Help needed [SpamAssassin, still much spam]

Post by jimimaseye » 2018-05-25 11:02

Full explanation http://uribl.com/refused.shtml

and solution. Here you go: viewtopic.php?f=22&t=32648.

(In essence, use your own DNS Server or conditional forwarders to access the site directly instead of using your ISP DNS settings.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply