You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Flanigan <da...@flanigan.net> on 2006/06/08 16:45:19 UTC
SA Checking user unknown e-mail?
Hello oh gurus of Spamassassin:
I have a, hopefully, quick question with regards to my implementation of Spamassassin.
In a nutshell it appears that Spamassassin is taking the time and energy to check user-
unknown e-mail.
I am running Spamassassin 3.1.1
Attached is my sendmail log showing a piece of e-mail (which is spam) coming in to an
unknown user account:
Jun 8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: <ka...@flanigan.net>... User unknown
Jun 8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: from=<dy...@netzero.com>,
size=15866, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=ns2.flanigan.net
[67.36.126.141]
Jun 8 10:13:57 ns1 sendmail[20493]: k58EDuQS020493: from=<>, size=19201, class=0,
nrcpts=1, msgid=<20...@ns2.flanigan.net>, proto=ESMTP,
daemon=MTA, relay=ns2.flanigan.net [67.36.126.141]
Then the following from my spamd log:
Jun 8 10:13:57 ns1 spamd[13477]: spamd: connection from ns1.flanigan.net [127.0.0.1]
at port 43625
Jun 8 10:13:57 ns1 spamd[13477]: spamd: processing message
<20...@ns2.flanigan.net> for root:505
Jun 8 10:14:00 ns1 spamd[13477]: spamd: identified spam (24.3/5.0) for root:505 in
2.3 seconds, 19499 bytes.
Jun 8 10:14:00 ns1 spamd[13477]: spamd: result: Y 24 -
ALL_TRUSTED,AWL,BAYES_99,HTML_90_100,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IM
G_1,MIME_HTML_MOSTLY,SARE_GIF_ATTACH,SARE_GIF_STOX,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_
OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL
scantime=2.3,size=19499,user=root,uid=505,required_score=5.0,rhost=ns1.flanigan.net,rad
dr=127.0.0.1,rport=43625,mid=<20...@ns2.flanigan.net>,bayes=0.999
657933165012,autolearn=no
Notice the same msgid <20...@ns2.flanigan.ne> from both sendmail
and spamd.
My question is why dose sendmail not just reject the message and leave it be? Why
process a message we have no intention of delivering to anyone? Or am I reading this
wrong?
My link between sendmail and spamd is though /etc/procmailrc which reads simply:
:0fw
| /usr/bin/spamc
This quest to track this down has all come from the fact that I am seeing over 900
spam messages an hour. (see spam stats: http://www.flanigan.net/spam/) and there are
only about a doze active mailboxes across my 3 or 4 domains.
Any wisdom would be greatly appreciated!
---
Kind Regards,
David
http://www.flanigan.net
Re: SA Checking user unknown e-mail?
Posted by Jonas Eckerman <jo...@frukt.org>.
David Flanigan wrote:
> Jun 8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: <ka...@flanigan.net>... User unknown
> Jun 8 10:13:56 ns1 sendmail[20493]: k58EDuQQ020493: from=<dy...@netzero.com>,
> size=15866, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=ns2.flanigan.net
> [67.36.126.141]
> Jun 8 10:13:57 ns1 sendmail[20493]: k58EDuQS020493: from=<>, size=19201, class=0,
> nrcpts=1, msgid=<20...@ns2.flanigan.net>, proto=ESMTP,
> daemon=MTA, relay=ns2.flanigan.net [67.36.126.141]
Those logs are for two different messages.
The mail to an unknown user has the queue ID "k58EDuQQ020493", while the one that's received has ID "k58EDuQS020493" and looks like a bounce (from <>).
> My question is why dose sendmail not just reject the message and leave it be?
To me the above log lines above *seems* to show sendmail rejectimg a mail to an unknown user.
Anyway, that's a sendmail issue.
/Jonas
--
Jonas Eckerman, FSDB & Fruktträdet
http://whatever.frukt.org/
http://www.fsdb.org/
http://www.frukt.org/