You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bruno Costacurta <te...@costacurta.org> on 2011/12/03 19:18:00 UTC
USER_IN_BLACKLIST identified but not reported as spam
Hello,
note : spamassassin version = 3.3.1, called from Postfix as spamd,
platform is Debian stable Squeeze
I configured a test blacklist user in /etc/spamassassin/local.cf.
Indeed the blacklist user is identified as below via process spamd in
Postfix mail.info :
..etc..
spamd: result: Y 97 -
BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
..etc..
However the header do not mention it, and the score is negative so the
email is considered as a non-spam.
X-Spam-Status: No, score=-2.6 required=2.0
tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
autolearn=ham version=3.3.1
In file /usr/share/spamassassin/50_scores.cf :
score USER_IN_BLACKLIST 100.000
In /etc/spamassassin/local.cf
blacklist_from here-a-test-email-address@gmail.com
Something is missing ?
Do I need to configure more than the local.cf file ?
--
Linux Counter # 353844
https://linuxcounter.net/user/353844.html
[SOLVED] Re: USER_IN_BLACKLIST identified but not reported as spam
Posted by Bruno Costacurta <te...@costacurta.org>.
Quoting "Kevin A. McGrail" <KM...@PCCC.com>:
> On 12/3/2011 1:46 PM, Bruno Costacurta wrote:
>>>> note : spamassassin version = 3.3.1, called from Postfix as
>>>> spamd, platform is Debian stable Squeeze
>>>>
>>>> I configured a test blacklist user in /etc/spamassassin/local.cf.
>>>> Indeed the blacklist user is identified as below via process
>>>> spamd in Postfix mail.info :
>>>>
>>>> ..etc..
>>>> spamd: result: Y 97 -
>>>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
>>>> ..etc..
>>>>
>>>> However the header do not mention it, and the score is negative
>>>> so the email is considered as a non-spam.
>>>>
>>>> X-Spam-Status: No, score=-2.6 required=2.0
>>>> tests=BAYES_00,FREEMAIL_FROM,
>>>> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
>>>> autolearn=ham version=3.3.1
>>>>
>>>> In file /usr/share/spamassassin/50_scores.cf :
>>>> score USER_IN_BLACKLIST 100.000
>>>>
>>>> In /etc/spamassassin/local.cf
>>>> blacklist_from here-a-test-email-address@gmail.com
>>>>
>>>> Something is missing ?
>>>> Do I need to configure more than the local.cf file ?
>>>
>>> Looks like you are calling spamassassin more than once on the same
>>> email. And a required score of 2.0 is not a very good idea IMO.
>>>
>>> Regards,
>>> KAM
>>
>>
>> Hummm...log mail.info only reflect more than one treatment by spamassassin.
>> See processes hereafter.
>>
>> ...
>> Dec 3 19:36:55 vps622 postfix/smtpd[7541]: 8D3653574419:
>> client=mail-pz0-f47.google.com[209.85.210.47]
>> Dec 3 19:36:55 vps622 postfix/cleanup[7543]: 8D3653574419:
>> message-id=<CA...@mail.gmail.com>
>> Dec 3 19:36:55 vps622 postfix/qmgr[19645]: 8D3653574419:
>> from=<ba...@zzzz.com>, size=1476, nrcpt=1 (queue active)
>> Dec 3 19:36:55 vps622 spamd[1165]: spamd: connection from
>> localhost [127.0.0.1] at port 60247
>> Dec 3 19:36:55 vps622 spamd[1165]: spamd: setuid to spamfilter succeeded
>> Dec 3 19:36:55 vps622 spamd[1165]: spamd: processing message
>> <CA...@mail.gmail.com> for
>> spamfilter:5001
>> Dec 3 19:36:56 vps622 spamd[1165]: spamd: identified spam
>> (97.5/2.0) for spamfilter:5001 in 1.0 seconds, 1512 bytes.
>> Dec 3 19:36:56 vps622 spamd[1165]: spamd: result: Y 97 -
>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST scantime=1.0,size=1512,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=60247,mid=<CA...@mail.gmail.com>,bayes=0.000000,autolearn=no Dec 3 19:36:57 vps622 spamd[1164]: prefork: child states:
>> II
>> Dec 3 19:36:57 vps622 postfix/pipe[7544]: 8D3653574419:
>> to=<xx...@yyyyyyy.org>, relay=myprocmail, delay=2.4,
>> delays=1.3/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via
>> myprocmail service)
>
> Well this one is a score of 97.5 and indicates user_in_blacklist worked:
> spamd: result: Y 97 -
> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
> ..etc..
>
> This header indicates a different score and not spam and no
> user_in_blacklist:
>
> X-Spam-Status: No, score=-2.6 required=2.0
> tests=BAYES_00,FREEMAIL_FROM,
> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
> autolearn=ham version=3.3.1
>
> That header is coming from somewhere...
>
> However, the required=2.0 is highly odd. Try changing to
> required=2.1 or something similar in your local.cf and see if you
> get two different required scores.
>
> regards,
> KAM
Solved.
Indeed it was already working previously.
My confusion came from my reading of the file mail.info
In fact for USER_IN_BLACKLIST there is *no* indication like the following :
For a real spam the following is indicated in the log file.
Obviously this is not the case for USER_IN_BLACKLIST.
...
spamd: identified spam (5.0/2.0) for spamfilter:5001 in 0.6 seconds,
1451 bytes.
...
Thanks for your attention.
Bye,
Bruno
Re: USER_IN_BLACKLIST identified but not reported as spam
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 12/3/2011 1:46 PM, Bruno Costacurta wrote:
>>> note : spamassassin version = 3.3.1, called from Postfix as spamd,
>>> platform is Debian stable Squeeze
>>>
>>> I configured a test blacklist user in /etc/spamassassin/local.cf.
>>> Indeed the blacklist user is identified as below via process spamd
>>> in Postfix mail.info :
>>>
>>> ..etc..
>>> spamd: result: Y 97 -
>>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
>>> ..etc..
>>>
>>> However the header do not mention it, and the score is negative so
>>> the email is considered as a non-spam.
>>>
>>> X-Spam-Status: No, score=-2.6 required=2.0
>>> tests=BAYES_00,FREEMAIL_FROM,
>>> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
>>> autolearn=ham version=3.3.1
>>>
>>> In file /usr/share/spamassassin/50_scores.cf :
>>> score USER_IN_BLACKLIST 100.000
>>>
>>> In /etc/spamassassin/local.cf
>>> blacklist_from here-a-test-email-address@gmail.com
>>>
>>> Something is missing ?
>>> Do I need to configure more than the local.cf file ?
>>
>> Looks like you are calling spamassassin more than once on the same
>> email. And a required score of 2.0 is not a very good idea IMO.
>>
>> Regards,
>> KAM
>
>
> Hummm...log mail.info only reflect more than one treatment by
> spamassassin.
> See processes hereafter.
>
> ...
> Dec 3 19:36:55 vps622 postfix/smtpd[7541]: 8D3653574419:
> client=mail-pz0-f47.google.com[209.85.210.47]
> Dec 3 19:36:55 vps622 postfix/cleanup[7543]: 8D3653574419:
> message-id=<CA...@mail.gmail.com>
> Dec 3 19:36:55 vps622 postfix/qmgr[19645]: 8D3653574419:
> from=<ba...@zzzz.com>, size=1476, nrcpt=1 (queue active)
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: connection from localhost
> [127.0.0.1] at port 60247
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: setuid to spamfilter succeeded
> Dec 3 19:36:55 vps622 spamd[1165]: spamd: processing message
> <CA...@mail.gmail.com>
> for spamfilter:5001
> Dec 3 19:36:56 vps622 spamd[1165]: spamd: identified spam (97.5/2.0)
> for spamfilter:5001 in 1.0 seconds, 1512 bytes.
> Dec 3 19:36:56 vps622 spamd[1165]: spamd: result: Y 97 -
> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
> scantime=1.0,size=1512,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=60247,mid=<CA...@mail.gmail.com>,bayes=0.000000,autolearn=no
>
> Dec 3 19:36:57 vps622 spamd[1164]: prefork: child states: II
> Dec 3 19:36:57 vps622 postfix/pipe[7544]: 8D3653574419:
> to=<xx...@yyyyyyy.org>, relay=myprocmail, delay=2.4,
> delays=1.3/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via
> myprocmail service)
Well this one is a score of 97.5 and indicates user_in_blacklist worked:
spamd: result: Y 97 -
BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
..etc..
This header indicates a different score and not spam and no
user_in_blacklist:
X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00,FREEMAIL_FROM,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
autolearn=ham version=3.3.1
That header is coming from somewhere...
However, the required=2.0 is highly odd. Try changing to required=2.1
or something similar in your local.cf and see if you get two different
required scores.
regards,
KAM
Re: USER_IN_BLACKLIST identified but not reported as spam
Posted by Bruno Costacurta <te...@costacurta.org>.
>> note : spamassassin version = 3.3.1, called from Postfix as spamd,
>> platform is Debian stable Squeeze
>>
>> I configured a test blacklist user in /etc/spamassassin/local.cf.
>> Indeed the blacklist user is identified as below via process spamd
>> in Postfix mail.info :
>>
>> ..etc..
>> spamd: result: Y 97 -
>> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
>> ..etc..
>>
>> However the header do not mention it, and the score is negative so
>> the email is considered as a non-spam.
>>
>> X-Spam-Status: No, score=-2.6 required=2.0
>> tests=BAYES_00,FREEMAIL_FROM,
>> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
>> autolearn=ham version=3.3.1
>>
>> In file /usr/share/spamassassin/50_scores.cf :
>> score USER_IN_BLACKLIST 100.000
>>
>> In /etc/spamassassin/local.cf
>> blacklist_from here-a-test-email-address@gmail.com
>>
>> Something is missing ?
>> Do I need to configure more than the local.cf file ?
>
> Looks like you are calling spamassassin more than once on the same
> email. And a required score of 2.0 is not a very good idea IMO.
>
> Regards,
> KAM
Hummm...log mail.info only reflect more than one treatment by spamassassin.
See processes hereafter.
...
Dec 3 19:36:55 vps622 postfix/smtpd[7541]: 8D3653574419:
client=mail-pz0-f47.google.com[209.85.210.47]
Dec 3 19:36:55 vps622 postfix/cleanup[7543]: 8D3653574419:
message-id=<CA...@mail.gmail.com>
Dec 3 19:36:55 vps622 postfix/qmgr[19645]: 8D3653574419:
from=<ba...@zzzz.com>, size=1476, nrcpt=1 (queue active)
Dec 3 19:36:55 vps622 spamd[1165]: spamd: connection from localhost
[127.0.0.1] at port 60247
Dec 3 19:36:55 vps622 spamd[1165]: spamd: setuid to spamfilter succeeded
Dec 3 19:36:55 vps622 spamd[1165]: spamd: processing message
<CA...@mail.gmail.com>
for spamfilter:5001
Dec 3 19:36:56 vps622 spamd[1165]: spamd: identified spam (97.5/2.0)
for spamfilter:5001 in 1.0 seconds, 1512 bytes.
Dec 3 19:36:56 vps622 spamd[1165]: spamd: result: Y 97 -
BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
scantime=1.0,size=1512,user=spamfilter,uid=5001,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=60247,mid=<CA...@mail.gmail.com>,bayes=0.000000,autolearn=no
Dec 3 19:36:57 vps622 spamd[1164]: prefork: child states: II
Dec 3 19:36:57 vps622 postfix/pipe[7544]: 8D3653574419:
to=<xx...@yyyyyyy.org>, relay=myprocmail, delay=2.4,
delays=1.3/0.01/0/1.2, dsn=2.0.0, status=sent (delivered via
myprocmail service)
...
Bye,
Bruno
Re: USER_IN_BLACKLIST identified but not reported as spam
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
> note : spamassassin version = 3.3.1, called from Postfix as spamd,
> platform is Debian stable Squeeze
>
> I configured a test blacklist user in /etc/spamassassin/local.cf.
> Indeed the blacklist user is identified as below via process spamd in
> Postfix mail.info :
>
> ..etc..
> spamd: result: Y 97 -
> BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID,USER_IN_BLACKLIST
>
> ..etc..
>
> However the header do not mention it, and the score is negative so the
> email is considered as a non-spam.
>
> X-Spam-Status: No, score=-2.6 required=2.0
> tests=BAYES_00,FREEMAIL_FROM,
> HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,TVD_SPACE_RATIO,T_DKIM_INVALID
> autolearn=ham version=3.3.1
>
> In file /usr/share/spamassassin/50_scores.cf :
> score USER_IN_BLACKLIST 100.000
>
> In /etc/spamassassin/local.cf
> blacklist_from here-a-test-email-address@gmail.com
>
> Something is missing ?
> Do I need to configure more than the local.cf file ?
Looks like you are calling spamassassin more than once on the same
email. And a required score of 2.0 is not a very good idea IMO.
Regards,
KAM
Re: USER_IN_BLACKLIST identified but not reported as spam
Posted by Benny Pedersen <me...@junc.org>.
On Sat, 03 Dec 2011 19:18:00 +0100, Bruno Costacurta wrote:
> Something is missing ?
restarted spamd after edit local.cf ?
> Do I need to configure more than the local.cf file ?
feel free :-)
just remember that spamd/spamc only tags, not blocking