Re: Milter no longer rejects spam (postfix

spamass-milt-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Milter no longer rejects spam (postfix

From:	Damian Menscher
Subject:	Re: Milter no longer rejects spam (postfix
Date:	Wed, 15 Jun 2011 08:25:19 -0700

The test message used by milter_watch contains both eicar (blocked by
all antivirus scanners) and gtube (blocked by all spam scanners).  So
if you want to get ClamAV to let it through, you'll have to send the
message without the base64-encoded eicar piece.

In any case, your test output shows spamassassin did try blocking the
message with an explicit rejection, so I'd guess any problem is with
the postfix config.  That said, it's possible your spam-blocking
thresholds are just really high (eg, it won't block unless the score
is 100).

Damian

On Wed, Jun 15, 2011 at 3:33 AM, J4K <address@hidden> wrote:
>
> Hi Damian,
>
> Thank-you for the perl script. The milter does reject when hit on the
> socket. Ugly output below.
>
>
> When I tried to send this email with the full debug o/p my mail server
> did reject it:
> "5.7.1 Detected virus detected in your email : Eicar-Test-Signature..
> Please check the message and try again."
> But this is a red herring because it was caused from ClamAV milter with
> SaneSecurity. However it shows that a milter was called.
> I wonder if postfix ignores the other milters when the first one is
> passed? Unsure.
>
>
> # milter_watch -d local:/var/spool/postfix/spamass/spamass.sock
> D milter_watch-0.6 by Damian Menscher <address@hidden>
> D Submit_message called with """
> SNIP- REMOVED
> SNIP- REMOVED
> """
> D Sending: O ?
> D Milter returned 0xd bytes: O
> D Requested actions: 0x1; Undesired content 0x0
> D Sending: DCjlocalhost.localdomain_localhost.localdomain
> [127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
> D Sending: Clocalhost.localdomain4' 127.0.0.1
> D Milter returned 0x1 bytes: a
> D Sending: DH
> D Sending:
> address@hidden
> D Sending: address@hidden
> D Milter returned 0x1 bytes: c
> D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
> D Sending: Rvictim
> D Milter returned 0x1 bytes: c
> D Sending: N
> D Milter returned 0x1 bytes: c
> D Sending: BTo: victim
> Subject: milter test message
> Content-Transfer-Encoding: BASE64
>
> SNIP- REMOVED
>
> SNIP- REMOVED
>
> D Milter returned 0x1 bytes: c
> D Sending: E
> D Milter returned 0x1 bytes: c
> D Sending: Q
> I Milter properly allowed clean mail through
> D Submit_message called with """
> SNIP- REMOVED
>
> SNIP- REMOVED
> """
> D Sending: O ?
> D Milter returned 0xd bytes: O
> D Requested actions: 0x1; Undesired content 0x0
> D Sending: DCjlocalhost.localdomain_localhost.localdomain
> [127.0.0.1]{daemon_name}MTA{if_name}localhost.localdomain{if_addr}127.0.0.1
> D Sending: Clocalhost.localdomain4' 127.0.0.1
> D Milter returned 0x1 bytes: a
> D Sending: DH
> D Sending:
> address@hidden
> D Sending: address@hidden
> D Milter returned 0x1 bytes: c
> D Sending: DR{rcpt_mailer}local{rcpt_host}{rcpt_addr}victim
> D Sending: Rvictim
> D Milter returned 0x1 bytes: c
> D Sending: N
> D Milter returned 0x1 bytes: c
> D Sending: BTo: victim
> Subject: milter test message
> Content-Transfer-Encoding: BASE64
>
> SNIP- REMOVED
>
> SNIP- REMOVED
>
> D Milter returned 0x1 bytes: c
> D Sending: E
> D Milter returned 0x23 bytes: y550 5.7.1 Blocked by SpamAssassin
> D Sending: Q
> I Milter blocked a spam/virus
>
>
> On 06/14/2011 08:49 PM, Damian Menscher wrote:
>> Just a thought, but you can also confirm the milter is working
>> correctly by sending it test requests with milter_watch:
>> http://www.itg.uiuc.edu/itg_software/milter_watch/
>>
>> That at least lets you isolate the problem to being in the
>> milter/spamassassin config, or in the postfix config.
>>
>> Damian
>>
>> On Tue, Jun 14, 2011 at 5:07 AM, J4K <address@hidden> wrote:
>>> Hi there everyone,
>>>
>>>    I noticed that my spamass-milter was not rejecting spam over the
>>> threshold and I wonder if someone might help me with some debug options
>>> on the spamass-milter.
>>>
>>> ****  My  question ****
>>> What debug options should I use to enable logging to try and find out
>>> why it did not either be called by postfix or reject the email?
>>>    -d debugflags
>>>             Enables logging.  debugflags is a comma-separated list of
>>> tokens:
>>>             func    Entry and exit of internal functions.
>>>             misc    Other non-verbose logging.
>>>             net     Lookups of the ignored netblocks list.
>>>             poll    Low-level I/O to the child spamc process.
>>>             rcpt    Recipient processing.
>>>             spamc  High-level I/O to the child spamc process.
>>>             str     Calls to field lookup and string comparison functions.
>>>             uori    Calls to the update_or_insert function.
>>>             1       (historical) Same as func,misc.
>>>             2       (historical) Same as func,misc,poll.
>>>             3       (historical) Same as func,misc,poll,str,uori.
>>>
>>>
>>>
>>> **** Some backup info in case someone thinks that I am barking up the
>>> wrong tree ****
>>>
>>> Spamass-milter is called as a before milter in Postfix:-
>>>    # postconf -n  | grep milter
>>>    milter_default_action = tempfail
>>>    non_smtpd_milters = unix:/dkim-filter/dkim-filter.sock
>>>    smtpd_milters = unix:/clamav/clamav-milter.ctl,
>>> unix:/spamass/spamass.sock, unix:/dkim-filter/dkim-filter.sock
>>>
>>> The spamass trigger threshold is 11 and the emails getting through often
>>> have sigh scores like 15, and I would like to check that spamass-milter
>>> is even receiving any email to check.  I did not see anything being
>>> rejected.
>>>
>>> The process runs as :
>>> /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f -p
>>> /var/spool/postfix/spamass/spamass.sock -u nobody -M -r 11 -i 127.0.0.1
>>>
>>> And the socket is there:-
>>> srw-rw---- 1 postfix postfix 0 Jun 14 13:48
>>> /var/spool/postfix/spamass/spamass.sock
>>>
>>> I did not read any errors about milters in the postfix logs
>>> (/var/log/mail.*),  other than the usual macro complaint which I think
>>> can be ignored.
>>> mail.log:Jun 14 13:50:05 logout spamass-milter[21468]: Could not
>>> retrieve sendmail macro "i"!.  Please add it to
>>> confMILTER_MACROS_ENVFROM for better spamassassin results
>>>
>>>
>>>
>>> Best regards, Simon.
>>>
>>>
>>>
>>> _______________________________________________
>>> Spamass-milt-list mailing list
>>> address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
>>>
>>
>>
>
>
> _______________________________________________
> Spamass-milt-list mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/spamass-milt-list
>



-- 
http://www.uiuc.edu/~menscher/

[Prev in Thread]

Current Thread

[Next in Thread]

Milter no longer rejects spam (postfix, J4K, 2011/06/14
- Re: Milter no longer rejects spam (postfix, Damian Menscher, 2011/06/14
  - Re: Milter no longer rejects spam (postfix, J4K, 2011/06/15
    - Re: Milter no longer rejects spam (postfix, Damian Menscher <=
    - Re: Milter no longer rejects spam (postfix, J4K, 2011/06/16

Prev by Date: Re: Milter no longer rejects spam (postfix
Next by Date: Re: Milter no longer rejects spam (postfix
Previous by thread: Re: Milter no longer rejects spam (postfix
Next by thread: Re: Milter no longer rejects spam (postfix
Index(es):
- Date
- Thread