You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Geert Haustraete <ge...@telenet.be> on 2011/08/16 18:29:13 UTC
spamassassin rule not firing
Hello,
I'm running 2 mail servers where one is a backup server in case the
primary is unreachable. Both are set to include the SPF result in the
mail header. I have put these rules into my local.cf file.
#Check for SPF headers
header LOCAL_SPF_PASS Received-SPF =~ /^pass/
header LOCAL_SPF_NEUTRAL Received-SPF =~ /^neutral/
header LOCAL_SPF_SOFTFAIL Received-SPF =~ /^softfail/
header LOCAL_SPF_FAIL Received-SPF =~ /^fail/
score LOCAL_SPF_PASS -0.001
score LOCAL_SPF_NEUTRAL 2.500
score LOCAL_SPF_SOFTFAIL 5.000
score LOCAL_SPF_FAIL 8.000
# Check if mail came first from the secundary mailserver, then there are
2 SPF records, one pass and one fail, so recalc accordingly
header __SPF_PASS Received-SPF =~ /^pass \((server|srv2)\.ehealth\.be:/
header __SPF_NEUTRAL Received-SPF =~ /^neutral \(server3:/
header __SPF_SOFTFAIL Received-SPF =~ /^softfail \(server3:/
header __SPF_FAIL Received-SPF =~ /^fail \(server3:/
header __RECEIVED_MXSECONDARY Received =~ /mail\.srv2\.ehealth\.be/
meta LOCAL_SPF_PASS2 (__SPF_PASS)
score LOCAL_SPF_PASS2 -0.001
meta LOCAL_SPF_NEUTRAL2 (__SPF_NEUTRAL)
score LOCAL_SPF_NEUTRAL2 -0.001
meta LOCAL_SPF_SOFTFAIL2 (__SPF_SOFTFAIL)
score LOCAL_SPF_SOFTFAIL2 -0.001
meta LOCAL_SPF_FAIL2 (__SPF_FAIL)
score LOCAL_SPF_FAIL2 -0.001
meta LOCAL_SPF_MX2 (__RECEIVED_MXSECONDARY)
score LOCAL_SPF_MX2 -0.001
meta LOCAL_SPF_MXSECUNDARY_PASS_NEUTRAL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_NEUTRAL)
score LOCAL_SPF_MXSECUNDARY_PASS_NEUTRAL -2.500
meta LOCAL_SPF_MXSECUNDARY_PASS_SOFTFAIL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_SOFTFAIL)
score LOCAL_SPF_MXSECUNDARY_PASS_SOFTFAIL -5.000
meta LOCAL_SPF_MXSECUNDARY_PASS_FAIL (__RECEIVED_MXSECONDARY &&
__SPF_PASS && __SPF_FAIL)
score LOCAL_SPF_MXSECUNDARY_PASS_FAIL -8.000
But I still receive mails tagged as SPAM if they have been relayed by
the secondary mx, because one rule is not firing as expected. For
example, in this mail header:
Return-Path: <x....@ehealth.be>
Delivered-To: x.y@ehealth.be
Received: (qmail 13361 invoked by uid 89); 15 Aug 2011 23:00:30 -0000
DomainKey-Status: no signature
Received: by simscan 1.3.1 ppid: 13309, pid: 13339, t: 15.0550s
scanners: attach: 1.3.1 clamav: 0.93/m:46 spam: 3.2.4
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
server3.higis.eu.org
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.1 required=5.0
tests=AWL,BAYES_00,LOCAL_SPF_FAIL,
LOCAL_SPF_FAIL2,LOCAL_SPF_MX2,MIME_QP_LONG_LINE,RCVD_NUMERIC_HELO,RDNS_NONE
autolearn=no version=3.2.4
X-Spam-Report:
* 8.0 LOCAL_SPF_FAIL LOCAL_SPF_FAIL
* 2.1 RCVD_NUMERIC_HELO Received: contains an IP address used
for HELO
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.0000]
* 1.4 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than
76 chars
* -0.0 LOCAL_SPF_FAIL2 LOCAL_SPF_FAIL2
* 0.1 RDNS_NONE Delivered to trusted network by a host with no
rDNS
* -0.0 LOCAL_SPF_MX2 LOCAL_SPF_MX2
* -3.8 AWL AWL: From: address is in the auto white-list
Received: from unknown (HELO mail.srv2.ehealth.be) (67.219.63.204)
by server3 with (DHE-RSA-AES256-SHA encrypted) SMTP; 15 Aug 2011
23:00:14 -0000
Received-SPF: fail (server3: SPF record at bgc.spf.secure-mail.be does
not designate 67.219.63.204 as permitted sender)
Received: (qmail 13983 invoked from network); 15 Aug 2011 22:13:21 +0200
Received: from relaygateway01.edpnet.net (212.71.1.210)
by server.ehealth.be with SMTP; 15 Aug 2011 22:13:21 +0200
Received-SPF: pass (server.ehealth.be: SPF record at edpnet.net
designates 212.71.1.210 as permitted sender)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result:
AkIAAKJ9SU5NbWcu/2dsb2JhbAAMNoRIlACOZIMhAQEDAQEjVgULCw4DBAEBAQICIwMCAkYJCAYTh3AEqAaRVoEshAsxXwSkCQ
X-IronPort-AV: E=Sophos;i="4.67,375,1309730400";
d="scan'208";a="26553513"
Received: from 77.109.103.46.adsl.dyn.edpnet.net (HELO [192.168.2.66])
([77.109.103.46])
by relaygateway01.edpnet.net with ESMTP; 15 Aug 2011 22:13:25 +0200
References: <FE...@Gris>
<90...@GBCOCG220M.eu.Corp.Car.com>
<3c...@www.ehealth.be>
<13...@Gris>
In-Reply-To: <13...@Gris>
Mime-Version: 1.0 (iPad Mail 8J2)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Message-Id: <70...@ehealth.be>
Cc: X Y <x....@ehealth.be>,
A B <a....@ehealth.be>
X-Mailer: iPad Mail (8J2)
From: X Y <x....@ehealth.be>
Subject: ***SPAM(5.1)*** Re: Offerte JV
Date: Mon, 15 Aug 2011 22:14:39 +0200
To: J V <jv...@telenet.be>
X-Spam-Prev-Subject: Re: Offerte JV
I wonder why I didn't get the metarule LOCAL_SPF_PASS2 and hence also
the metarule LOCAL_SPF_MXSECUNDARY_PASS_FAIL? The expressions seems
valid to me but I could be wrong of course.
thx,
Geert
Re: spamassassin rule not firing
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 16.08.11 18:29, Geert Haustraete wrote:
>I'm running 2 mail servers where one is a backup server in case the
>primary is unreachable. Both are set to include the SPF result in the
>mail header. I have put these rules into my local.cf file.
>
>#Check for SPF headers
>header LOCAL_SPF_PASS Received-SPF =~ /^pass/
>header LOCAL_SPF_NEUTRAL Received-SPF =~ /^neutral/
>header LOCAL_SPF_SOFTFAIL Received-SPF =~ /^softfail/
>header LOCAL_SPF_FAIL Received-SPF =~ /^fail/
>
>score LOCAL_SPF_PASS -0.001
>score LOCAL_SPF_NEUTRAL 2.500
>score LOCAL_SPF_SOFTFAIL 5.000
>score LOCAL_SPF_FAIL 8.000
I wonder why do you want to use it this way. I think that proper
setting of internal_network should just make spamassassion do the SPF
checks properly.
If not, maybe the SA is confused by Received-SPF: headers provided by
those servers, which should be easily fixed by setting
ignore_received_spf_header to 1.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
Re: spamassassin rule not firing
Posted by Benny Pedersen <me...@junc.org>.
On Tue, 16 Aug 2011 18:29:13 +0200, Geert Haustraete wrote:
> I'm running 2 mail servers where one is a backup server in case the
> primary is unreachable. Both are set to include the SPF result in the
> mail header. I have put these rules into my local.cf file.
(snip-rules)
perldoc Mail::SpamAssassin::Plugin::SPF
perldoc Mail::SpamAssassin::Conf
how did you configure the plugin ?
do you use Mail::SPF perl module direct in mta ?
if so the received-spf header can be reused, but make sure you do not
add own rules to catch it, since this header can be multiple put in by
the remote spammer, this is avoided by SPF plugin if used correct