You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Andrew Wilkinson <aj...@charter.net> on 2008/03/19 03:34:31 UTC
Ensuring Custom Rules Are Scored Properly
I'm experimenting with Fedora 8 and a miltered sendmail configuration
running as a mail gateway (smf-sav, smf-spf, milter-greylist,
clamav-milter, spamass-milter). I've configured spamassassin's local.cf
with a custom rule. It's a simple regex which checks the 'Received'
header on inbound mail for any IP in a specific Class C range, and
negatively scores the message with -100 (probably extreme). I'm just
trying to ensure these messages are never tagged as spam. I've
--lint-ed the rule and I receive no syntax errors. However, messages
coming in from an IP in the specified range don't appear to be
negatively scored. In fact, the test messages being sent were scored
as, say, 2.8 before AND after the rule was put into place. Spamass and
spamassassin (as I'm running spamassassin daemonized) were both
restarted after rule creation. I've verified the regex is correct,
running it though a couple regex testers.
So, I guess I'd be expecting the X-Spam header on these messages to
indicate a score of -97.2. Am I assuming incorrectly?
thanks
Re: Ensuring Custom Rules Are Scored Properly
Posted by Kris Deugau <kd...@vianet.ca>.
Andrew Wilkinson wrote:
> I'm experimenting with Fedora 8 and a miltered sendmail configuration
> running as a mail gateway (smf-sav, smf-spf, milter-greylist,
> clamav-milter, spamass-milter). I've configured spamassassin's local.cf
> with a custom rule. It's a simple regex which checks the 'Received'
> header on inbound mail for any IP in a specific Class C range,
You may be trying to check a header that doesn't exist by the time the
message reaches SA. A stock sendmail/milter setup will not pass in the
Received: header that would be generated on that machine; that header
is added *after* milter processing. Several smarter milters generate a
pseudoheader to work around this.
IP-based whitelisting like this is usually best done at higher levels;
I'm not sure what criteria you can use to limit which messages get
passed to SA.
-kgd
Re: Ensuring Custom Rules Are Scored Properly
Posted by Matt Kettler <mk...@verizon.net>.
Andrew Wilkinson wrote:
> I'm experimenting with Fedora 8 and a miltered sendmail configuration
> running as a mail gateway (smf-sav, smf-spf, milter-greylist,
> clamav-milter, spamass-milter). I've configured spamassassin's
> local.cf with a custom rule. It's a simple regex which checks the
> 'Received' header on inbound mail for any IP in a specific Class C
> range, and negatively scores the message with -100 (probably
> extreme). I'm just trying to ensure these messages are never tagged
> as spam. I've --lint-ed the rule and I receive no syntax errors.
> However, messages coming in from an IP in the specified range don't
> appear to be negatively scored. In fact, the test messages being sent
> were scored as, say, 2.8 before AND after the rule was put into
> place. Spamass and spamassassin (as I'm running spamassassin
> daemonized) were both restarted after rule creation. I've verified
> the regex is correct, running it though a couple regex testers.
> So, I guess I'd be expecting the X-Spam header on these messages to
> indicate a score of -97.2. Am I assuming incorrectly?
Well, first, stop looking at total score, and start looking at the list
of rules that hit. Is your rule in the list? If not, it didn't match.
After all, if the message matched your rule, and matched
USER_IN_BLACKLIST (which scores +100), they'd offset completely.
However, generally speaking I would expect that to be a rare
combination, so I'd expect it to be low scoring.
My guess is your rule is in error in some way.
Did you run spamassassin --lint? (this should run quietly if all is
well, otherwise it will complain)
If you use spamd, did you restart it (local.cf is only parsed when spamd
starts).
if yes to both above or if addressing both doesn't help:
What does your rule look like? (change the numbers of the IPs if you
like..)?
What does the header you're trying to match look like (again, change the
numbers if you like.. but be consistent.. )?