Spam is marked but delivered anyway

[ma...@fanime.com]

I recently took over admin duty for a mailserver. The system I'm taking
over is a FreeBSD mailserver with SpamAssassin 3.0.2 running.
Unfortunately, a significant amount of spam gets through, and I think I
know the reason.

The spam that gets through is marked with [Suspected Spam]. Spamassasin
says that it is possible spam and attaches the actual message as an
attachment. The number of points is always ridiculously high-- generally
20+ -- but since it is marked as BAYES_99, it goes through. I guess the
old sysadmin assumed that BAYES_99 could be legit email so he let them
through... But there's a DCC_CHECK and lots of other rules that match the
spam, and it definitely should go in the trash.

However, I perused through the configuration files for SA (local.cf and
user_prefs), and I can't find out how he set this up. I'd like to change
it to let through BAYES_99 only if it isn't accompanied by any other
high-value rules. Any idea where I can find the configuration information
for the setup and how I can change it to how I want it?

Re: Spam is marked but delivered anyway

[Evan Platt <ev...@espphotography.com>]

At 11:42 AM 4/7/2005, you wrote:
>so I would think that SpamAssassin is the one deciding
>on which spam to drop and which spam to let through.

SpamAssassin is only a filter. SpamAssassin cannot 'drop' mail or reject mail.

>If that isn't the case, any idea what file I need to edit to block the 
>BAYES_99 spam?

A procmail recipe perhaps? 

RE: Spam is marked but delivered anyway

[Rakesh <ra...@netcore.co.in>]

-----Original Message-----
From: mailings@fanime.com [mailto:mailings@fanime.com] 
Sent: Friday, April 08, 2005 12:13 AM
To: users@spamassassin.apache.org
Subject: Re: Spam is marked but delivered anyway

> On Thursday 07 April 2005 09:38, mailings@fanime.com typed:
>
>
> SpamAssassin is only a tagging filter, not a delivery agent.  You need
> something else in the pipeline that checks the status lines after SA is
> finished and routes the mail appropriately.
>
> There is the chance that bayes_99 will trip on legit mail, but normally
> this only occurs if you haven't trained the bayesian database properly so
> that it has a good set of tokens representing ham and spam.
>
I see. So you're saying that the BAYES_99 mail that is being delivered is
due to the configuration of my MTA (Postfix), not SpamAssassin?

I checked my Postfix config files (main.cf, master.cf) and neither have
anything about it, so I would think that SpamAssassin is the one deciding
on which spam to drop and which spam to let through. If that isn't the
case, any idea what file I need to edit to block the BAYES_99 spam?




Are you using any content filter like Amavis or MailScanner in your setup ? 
If no and you are directly delivering the mail to spamd using postfix then
don't expect the spams to be stopped or quarantined it will be tagged as
spamassassin is just a tagging agent and not a filtering agent.

Usually people do put in a content filter (e.g Amavis ) after their MTA
which scans the mails for viruses and spams by invoking spamassassin. Can
you please confirm whether are you using any content filter or not ?

Re: Spam is marked but delivered anyway

[ma...@fanime.com]

> On Thursday 07 April 2005 09:38, mailings@fanime.com typed:
>
>> I recently took over admin duty for a mailserver. The system I'm taking
>>  over is a FreeBSD mailserver with SpamAssassin 3.0.2 running.
>> Unfortunately, a significant amount of spam gets through, and I think I
>>  know the reason.
>>
>> The spam that gets through is marked with [Suspected Spam]. Spamassasin
>>  says that it is possible spam and attaches the actual message as an
>> attachment. The number of points is always ridiculously high--
>> generally
>
> SpamAssassin is only a tagging filter, not a delivery agent.  You need
> something else in the pipeline that checks the status lines after SA is
> finished and routes the mail appropriately.
>
> There is the chance that bayes_99 will trip on legit mail, but normally
> this only occurs if you haven't trained the bayesian database properly so
> that it has a good set of tokens representing ham and spam.
>
I see. So you're saying that the BAYES_99 mail that is being delivered is
due to the configuration of my MTA (Postfix), not SpamAssassin?

I checked my Postfix config files (main.cf, master.cf) and neither have
anything about it, so I would think that SpamAssassin is the one deciding
on which spam to drop and which spam to let through. If that isn't the
case, any idea what file I need to edit to block the BAYES_99 spam?

Re: Spam is marked but delivered anyway

[Duncan Hill <sa...@nacnud.force9.co.uk>]

On Thursday 07 April 2005 09:38, mailings@fanime.com typed:
> I recently took over admin duty for a mailserver. The system I'm taking
> over is a FreeBSD mailserver with SpamAssassin 3.0.2 running.
> Unfortunately, a significant amount of spam gets through, and I think I
> know the reason.
>
> The spam that gets through is marked with [Suspected Spam]. Spamassasin
> says that it is possible spam and attaches the actual message as an
> attachment. The number of points is always ridiculously high-- generally

SpamAssassin is only a tagging filter, not a delivery agent.  You need 
something else in the pipeline that checks the status lines after SA is 
finished and routes the mail appropriately.

There is the chance that bayes_99 will trip on legit mail, but normally this 
only occurs if you haven't trained the bayesian database properly so that it 
has a good set of tokens representing ham and spam.