SPAM filter working ?

Discussion in 'General' started by muekno, May 2, 2016.

  1. muekno

    muekno Active Member HowtoForge Supporter

    I am not quite shure if the SPAM filter s working. I set policy to normal but it seams I have too much SPAM. Virusfilter is working, could test with ICAR. Is the a log or any other thing I can see how SPAM filter works, eventuelly to tune it. As I understand I should not manually change SPAMassasin etc.

    Thanks for help

    Rainer
     
    muekno, May 2, 2016
    #1
  2. lano

    lano Member

    lano, May 2, 2016
    #2
  3. sjau

    sjau Local Meanie Moderator

    yeah, add a few rbls, that cuts down spam considerably.

    Are you the only one using the server?
     
    sjau, May 2, 2016
    #3
  4. muekno

    muekno Active Member HowtoForge Supporter

    I have RDNS for the mail server and some RBLS too
    OK solution, to see what spamassassin is doing, was to add an email address under email/spamfilter/policy/qurantine/forward...
    There are round about 2 to 3 thousends of spam catched a day. Adjusting the Tag-level a litte bit was fine too.

    To stop the notifications I removed the email address, but I still got the notifications. How to stop them????
    Is there a bug in ISPConfig, that it does not remove the email address in spamassasin?
    Thanks for help

    Rainer
     
    muekno, May 6, 2016
    #4
  5. muekno

    muekno Active Member HowtoForge Supporter

    Can anyone tell me who to get rid of the SPAM notifivation.
    Thanks

    Rainer
     
    muekno, May 12, 2016
    #5
  6. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Would you have set that same quarantine address as Email > Spamfilter > Policy > Other > SPAM admin, by chance?

    Restart amavisd if you have not (though I don't know if that should be needed, I wouldn't guess so, but worth a quick try if nothing else).
     
    Jesse Norell, May 12, 2016
    #6
    muekno likes this.
  7. muekno

    muekno Active Member HowtoForge Supporter

    Thank you seams to work

    Rainer
     
    muekno, May 13, 2016
    #7
  8. xrstokes

    xrstokes Member

    Can someone please help me. I've set the spam admin email address, but spam is not getting sent to the email address I put in there. everything else about my setup seems to work perfectly except for this feature. The mailbox can send and receive fine. but when I use GTUBE test spam. it is just tagged as ***SPAM*** but no copy or message is sent to spam admin.
     

    Attached Files:

    xrstokes, Mar 6, 2017
    #8
  9. xrstokes

    xrstokes Member

    Here is some more info. in the ispconfig database it says the correct address next to "spam_quarantine_to"
    here is the relevant mail log.
    Code:
    Mar  6 21:33:22 ispc postfix/smtpd[8422]: connect from mail-qk0-f179.google.com[209.85.220.179]
Mar  6 21:33:23 ispc postfix/smtpd[8422]: NOQUEUE: filter: RCPT from mail-qk0-f179.google.com[209.85.220.179]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qk0-f179.google.com>
Mar  6 21:33:23 ispc postfix/smtpd[8422]: NOQUEUE: filter: RCPT from mail-qk0-f179.google.com[209.85.220.179]: <[email protected]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qk0-f179.google.com>
Mar  6 21:33:23 ispc postfix/smtpd[8422]: 75BBA1832FD: client=mail-qk0-f179.google.com[209.85.220.179]
Mar  6 21:33:23 ispc postfix/cleanup[8430]: 75BBA1832FD: message-id=<CAJ95apcAOYDvN9FNygFWBrNqdDc=V7WQK3FDYEgo7_ru5BLmoQ@mail.gmail.com>
Mar  6 21:33:23 ispc postfix/qmgr[1181]: 75BBA1832FD: from=<[email protected]>, size=3517, nrcpt=1 (queue active)
Mar  6 21:33:23 ispc postfix/smtpd[8422]: disconnect from mail-qk0-f179.google.com[209.85.220.179]
Mar  6 21:33:24 ispc amavis[8398]: (08398-01) Blocked SPAM {DiscardedInbound}, [209.85.220.179]:34847 [209.85.220.179] <[email protected]> -> <[email protected]>, Queue-ID: 75BBA1832FD, Message-ID: <CAJ95apcAOYDvN9FNygFWBrNqdDc=V7WQK3FDYEgo7_ru5BLmoQ@mail.gmail.com>, mail_id: vsfQwenIfcZ8, Hits: 999.882, size: 3517, dkim_sd=20161025:gmail.com, 561 ms
Mar  6 21:33:24 ispc postfix/smtp[8431]: 75BBA1832FD: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.98, delays=0.38/0.03/0.01/0.55, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08398-01 - spam)
Mar  6 21:33:24 ispc postfix/qmgr[1181]: 75BBA1832FD: removed
     
    xrstokes, Mar 6, 2017
    #9
  10. xrstokes

    xrstokes Member

    fixed it...
    Added these three lines into 50-user, I did a lot of things else it might have been. but i'm pretty sure it was this.
    Code:
    $banned_files_quarantine_method = 'smtp:localhost:10025';
$spam_quarantine_method = 'smtp:localhost:10025';
$bad_header_quarantine_method = 'smtp:localhost:10025';
     
    xrstokes, Mar 7, 2017
    #10
  11. concept21

    concept21 Active Member

    Install ConfigServer Security & Firewall and a subset of their spam black lists.
    Then, install this header check file.
    https://www.howtoforge.com/community/threads/postfix-guides-and-header-checks.75214/
    Plus my smart tips. All spam will become past tense. Of course, you also have to install the ISPConfig spamassasin as well. :)

    The focus is on the message's header check. Many mail exchange gateways have built-in spam stamps. They will leave them on the message. We just pick up all those stamps are blocked them. Better use command HOLD instead of REJECT. :D
     
    concept21, Mar 14, 2017
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPconfig uses amavisd-new for mail scanning which internally uses spamassassin to classify spam emails.
     
    till, Mar 16, 2017
    #12

Share This Page