MAILDIR=$HOME/Maildir/ DEFAULT=$MAILDIR ORGMAIL=$MAILDIR INCLUDERC=/var/www/web3/user/web3_spamtrap/.mailsize.rc ## INCLUDERC=/var/www/web3/user/web3_spamtrap/.quota.rc ## INCLUDERC=/var/www/web3/user/web3_spamtrap/.antivirus.rc INCLUDERC=/var/www/web3/user/web3_spamtrap/.local-rules.rc INCLUDERC=/var/www/web3/user/web3_spamtrap/.html-trap.rc ## INCLUDERC=/var/www/web3/user/web3_spamtrap/.spamassassin.rc ## INCLUDERC=/var/www/web3/user/web3_spamtrap/.autoresponder.rc ~
Please disable Mailscan in that user's ISPConfig settings. I'm not sure, but it is possible that Mailscan deletes the Eicar test virus.
Daisy, Small note on your main.cf (postfix), remove: Code: reject_rbl_client relays.ordb.org, ordb.org is no more (gone)!
Thanks for all the tips. Everything seems to be working well now. I've actually gotten complaints about it being TOO strict from friends who's stupid ISP's have gotten their mailservers blacklisted. One last question, I opted to have the subject rewritten but, instead of just getting a changed subject, I get a whole new email with the old email as an attachment. If I try to forward this on to my account at spamcop, they can't find the headers. Should the headers be changed so? What's going on?
Yep. mailscan and antivirus are disabled. only spamfilter, Rewrite Subject, and Use URIBL are checked. I just disabled all my rbl client rejects so I'll grab the next spam that comes in and post the headers. to show you what I mean.
ok, so here's what I get: Code: Received: from localhost by mysite.com with SpamAssassin (version 3.1.7); Wed, 24 Jan 2007 07:03:06 -0600 From: "CSS" <[email protected]> To: [email protected] Subject: ***SPAM*** All you favorite games Date: Wed, 24 Jan 2007 20:05:03 -0700 Message-Id: <[email protected]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mysite.com X-Spam-Level: ******************************* X-Spam-Status: Yes, score=31.6 required=5.0 tests=DATE_IN_FUTURE_12_24, DCC_CHECK,DIGEST_MULTIPLE,HELO_DYNAMIC_IPADDR,HTML_FONT_BIG, HTML_MESSAGE,MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK, RCVD_IN_NJABL_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam version=3.1.7 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_45B7590A.A8B2BAE2" This is a multi-part message in MIME format. ------------=_45B7590A.A8B2BAE2 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system "mysite.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Only from the most noble of all casinos you could except such a Regal gift: 300% Bonus on your First Deposit!!! Deposit 100 €/$ and Play with 400 €/$!!! And on top of that, a service at such a level you would not find in the best Royal Families of Europe. [...] Content analysis details: (31.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.4 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr 1) 2.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date 0.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_BIG BODY: HTML tag for a big font size 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [124.120.75.104 listed in combined.njabl.org] 1.1 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: royal-casinos.net] 3.3 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: royal-casinos.net] 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: royal-casinos.net] 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist [URIs: royal-casinos.net] 2.6 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: royal-casinos.net] 3.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist [URIs: royal-casinos.net] 0.2 DIGEST_MULTIPLE Message hits more than one network digest check The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. ------------=_45B7590A.A8B2BAE2 Content-Type: message/rfc822; x-spam-type=original Content-Description: original message before SpamAssassin Content-Disposition: attachment Content-Transfer-Encoding: 8bit Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104]) by mysite.com (Postfix) with ESMTP id 6D93728812D for <[email protected]>; Wed, 24 Jan 2007 07:02:54 -0600 (CST) From: "CSS" <[email protected]> To: [email protected] Subject: All you favorite games Date: Wed, 24 Jan 2007 20:05:03 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0004_01C73FF2.EF359450" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <[email protected]> ------=_NextPart_000_0004_01C73FF2.EF359450 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b> <font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br> casinos you could except such a Regal gift:</font><br><br> <font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br> <font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br> And on top of that, a service at such a<br> level you would not find in the best<br> Royal Families of Europe.<br><br> <a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br> If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a> </p> </BODY></HTML> ------=_NextPart_000_0004_01C73FF2.EF359450-- ------------=_45B7590A.A8B2BAE2-- if I click on the attachment and view that email, it shows this: Code: Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104]) by mysite.com (Postfix) with ESMTP id 6D93728812D for <[email protected]>; Wed, 24 Jan 2007 07:02:54 -0600 (CST) From: "CSS" <[email protected]> To: [email protected] Subject: All you favorite games Date: Wed, 24 Jan 2007 20:05:03 -0700 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0004_01C73FF2.EF359450" X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Message-Id: <[email protected]> ------=_NextPart_000_0004_01C73FF2.EF359450 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b> <font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br> casinos you could except such a Regal gift:</font><br><br> <font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br> <font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br> And on top of that, a service at such a<br> level you would not find in the best<br> Royal Families of Europe.<br><br> <a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br> If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a> </p> </BODY></HTML> ------=_NextPart_000_0004_01C73FF2.EF359450-- I forwarded both as an attachment to spamcop and the first, the one that had been altered got me the "No source IP address found, cannot proceed." error message from spamcop that I've been getting. The second parsed ok. Now, I'm thinking that having to open the email (not using a preview pane) and then opening an attached email, and then forwarding the now opened attachment of the email is a bit of a hassle. Is this working right or do I have some setting wrong?
I've never had this problem, so I don't know why it isn't working for you. Maybe some kind of encoding problem?
Hi Till I am not getting X-Spam headers and spam is ot being filtered. Spamassassin is on in ISPConfig. You mentioned that the path is - My install is not in that path but is this one - /home/admispconfig/ispconfig/tools/spamassassin/usr/local/bin/spamassassin Would that be why my Spamassassin is not working? If so, how do I fix it? If not, any suggestions as to what to check? One other thing. I am a bit confused as to whether a Spamassassin daemon should be running?? I get the impression it shouldn't be and that Spamassassin is called when an email arrives and needs to be scanned. Is that right? Thanks Cambo
Please open the file /root/ispconfig/isp/conf/spamassassin.rc.master and change the path to spamassassin from /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin to /home/admispconfig/ispconfig/tools/spamassassin/usr/local/bin/spamassassin Then edit your mailuser in ISPConfig (eg. change the quota valuse) and hit save so ISPConfig rewrites the user configuration with the new spamassassin.rc file. Then test if Spamassassin works now for you.
Hi Till Your solution was the correct one (as usual). I am not sure why my Spamassassin path was differerent as I just followed the Perfect Install, however it all works now, so its all good. Thanks for your help. Cambo