In some of my user folder there is a big file call spam (ISPconfig 2.2.17) drwxr-xr-x 5 domain.com_mhf web1 4096 2007-04-01 02:29 . drwxr-xr-x 5 domain.com_postmaster web1 4096 2007-03-25 00:49 .. -rw-r--r-- 1 root root 103 2007-09-26 11:56 .antivirus.rc -rw-r--r-- 1 root root 798 2007-09-26 11:56 .autoresponder.rc -rw------- 1 domain.com_mhf web1 24 2007-09-26 11:56 .forward -rw-r--r-- 1 root root 67866 2007-09-26 11:56 .html-trap.rc -rw-r--r-- 1 root root 3889 2007-09-26 11:56 .local-rules.rc drwx------ 6 domain.com_mh web1 4096 2007-06-24 12:47 Maildir -rw-r--r-- 1 root root 204 2007-09-26 11:56 .mailsize.rc -rw-r--r-- 1 root root 508 2007-09-26 11:56 .procmailrc -rw-r--r-- 1 root root 656 2007-09-26 11:56 .quota.rc -rw------- 1 domain.com_mhf web1 11995618 2007-10-04 23:09 spam drwx------ 2 domain.com_mhf web1 4096 2007-10-05 01:29 .spamassassin -rw-r--r-- 1 root root 1155 2007-09-26 11:56 .spamassassin.rc -rw-r--r-- 1 root root 2029 2007-09-26 11:56 .user_prefs -rw-r--r-- 1 root root 32 2007-09-26 11:56 .vacation.msg drwxrwxr-x 2 domain.com_mhf web1 4096 2007-03-25 00:46 web In the file there is some spam mail whit higher required score in ispconfig admin Spamfilter: x Antivirus: x Spam Strategy: accept Spam Hits: 3.0 spam file: with SpamAssassin (version 3.0.3); Thu, 04 Oct 2007 23:09:47 +0200 From: "Rosario 77" <[email protected]> To: "Bobbie" <[email protected]> Subject: Rosario 77 these would look so good on you Date: Thu, 04 Oct 2007 19:27:17 -0200 Message-Id: <[email protected]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on isp01.pertex.net X-Spam-Level: *************** X-Spam-Status: Yes, score=15.3 required=5.0 tests=BAYES_99,HTML_10_20, HTML_MESSAGE,MIME_BASE64_TEXT,MIME_HTML_ONLY,RCVD_IN_DSBL,RCVD_IN_XBL, URIBL_OB_SURBL,URIBL_SBL autolearn=no version=3.0.3 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_4705569B.C1BA7D43" This is a multi-part message in MIME format. Where come the file from and have to remove its? If I delete the file its come again Please help!
Her is the .spamassassin.rc Code: # SpamAssassin sample procmailrc # # Pipe the mail through spamassassin (replace 'spamassassin' with 'spamc' # if you use the spamc/spamd combination) # The condition line ensures that only messages smaller than 250 kB # (250 * 1024 = 256000 bytes) are processed by SpamAssassin. Most spam # isn't bigger than a few k and working with big messages can bring # SpamAssassin to its knees. :0fw * < 256000 | /home/admispconfig/ispconfig/tools/spamassassin/usr/bin/spamassassin --prefs-file=/var/www/web1/user/domain.com_mhf/.user_prefs # Mails with a score of 15 or higher are almost certainly spam (with 0.05% # false positives according to rules/STATISTICS.txt). Let's put them in a # different mbox. (This one is optional.) #:0: #* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\* #/dev/null # All mail tagged as spam (eg. with a score higher than the set threshold) # is moved to "/dev/null". #:0: #* ^X-Spam-Status: Yes #/dev/null # Work around procmail bug: any output on stderr will cause the "F" in "From" # to be dropped. This will re-add it. :0 * ^^rom[ ] { LOG="*** Dropped F off From_ header! Fixing up. " :0 fhw | sed -e '1s/^/F/' } But I found this file /etc/procmailrc Code: DROPPRIVS=yes :0fw | /usr/bin/spamassassin :0 * ^X-Spam-Status: Yes $HOME/spam
This file explains your "spam" file. Please remove this from procmailrc, the file is not from ISPConfig.
Hi Stpe, Has removing the procmailrc solved your problem? The code: Code: DROPPRIVS=yes :0fw | /usr/bin/spamassassin :0 * ^X-Spam-Status: Yes $HOME/spam Is creating and populating your 'spam' file.
Yes, this has solved my problem. But now I get a lot of spam, I like example to delete all mail with score on 6 and higher and mark subject ****SPAM**** for mail with score 3 to 6. How?
You can add additional rules to your procmail recipe like this to delete spam with score > 6: Code: :0: * ^X-Spam-Level: \*\*\*\*\*\* /dev/null This rule must be listed in the file before you move the spam to the spam folder. To mark spam in the subject will work similar, have a look at the procmail recipes generated by ISPconfig.
Where should I put the code for spam > 6 for single user? Where should I put the code for spam > 6 if this should work for all domains? Please send me some example. The .procmailrc Code: MAILDIR=$HOME/Maildir/ DEFAULT=$MAILDIR ORGMAIL=$MAILDIR INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.mailsize.rc ## INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.quota.rc INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.antivirus.rc INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.local-rules.rc INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.html-trap.rc INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.spamassassin.rc ## INCLUDERC=/var/www/web1/user/pertex.dk_mhfrolund/.autoresponder.rc The .user_prefs Code: # SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf' # for details of what can be tweaked. #* #* Note: this file is not read by SpamAssassin until copied into the user #* directory. At runtime, if a user has no preferences in their home directory #* already, it will be copied for them, allowing them to perform personalised #* customisation. If you want to make changes to the site-wide defaults, #* create a file in /etc/spamassassin or /etc/mail/spamassassin instead. ########################################################################### # How many hits before a mail is considered spam. required_score 5.0 rewrite_header Subject ***SPAM*** # Whitelist and blacklist addresses are now file-glob-style patterns, so # "[email protected]", "*@isp.com", or "*.domain.net" will all work. # whitelist_from [email protected] # whitelist_from # blacklist_from # URIBL support (see http://www.uribl.com) urirhssub URIBL_BLACK multi.uribl.com. A 2 body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK') describe URIBL_BLACK Contains an URL listed in the URIBL blacklist tflags URIBL_BLACK net score URIBL_BLACK 3.0 # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin rules files, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.org/tests.html . # # score SYMBOLIC_TEST_NAME n.nn # Speakers of Asian languages, like Chinese, Japanese and Korean, will almost # definitely want to uncomment the following lines. They will switch off some # rules that detect 8-bit characters, which commonly trigger on mails using CJK # character sets, or that assume a western-style charset is in use. # # score HTML_COMMENT_8BITS 0 # score UPPERCASE_25_50 0 # score UPPERCASE_50_75 0 # score UPPERCASE_75_100 0 score AWL -100.0
The global SpamAssassin configuration is in /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf.
