SpamAssassin - pronto para desistir - extremamente não confiável, marcando spam como presunto

3

Eu corro um VPS, e tenho que dizer que, de longe, ter o SpamAssassin funcionando corretamente foi a coisa mais frustrante de todas. Ele continua perdendo emails de spam e vejo autolearn=ham no cabeçalho, mas quando encontro a mensagem em /var/vmail no servidor e executo spamassassin -t para testá-la, ela gera uma pontuação acima de 100 (porque o remetente está ativado minha lista negra). Não faz nenhum sentido.

Este é o X-Spam-Status no cabeçalho do email:

X-Spam-Status: No, score=-0.5 required=3.4 tests=BAYES_05,HTML_MESSAGE,
    NO_RECEIVED,NO_RELAYS autolearn=ham version=3.3.2

Por que a pontuação aqui seria de -0,5 e por que ela está sendo autopreenchida como presunto? No entanto, a execução de spamassassin -t nesta mensagem gera:

Content analysis details:   (103.0 points, 3.4 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 100 USER_IN_BLACKLIST      From: address is in the user's black-list
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                            (advertise.bz222hwpxo[at]gmail.com)
-0.0 NO_RELAYS              Informational: message was not relayed via SMTP
 3.0 BAYES_95               BODY: Bayes spam probability is 95 to 99%
                            [score: 0.9502]
 0.0 T_OBFU_HTML_ATTACH     BODY: HTML attachment with non-text MIME type
 0.0 T_HTML_ATTACH          HTML attachment to bypass scanning?
-0.0 NO_RECEIVED            Informational: message has no Received headers

Estou completamente confuso. Qualquer ajuda seria muito apreciada!

Arquivos de configuração

/etc/postfix/master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=spamassassin
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       -       -       -       smtpd
  -o content_filter=spamassassin
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

dovecot      unix   -        n      n       -       -   pipe
        flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)

spamassassin unix   -        n      n       -       -   pipe
        user=spamd argv=/usr/bin/spamc -f -e
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}

#sp-order     unix   -        n      n       -       -   pipe
#        user=sara argv=/home/sara/order-notify -f ${sender} -- ${recipient}

/etc/spamassassin/local.cf

# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################

bayes_path /var/lib/spamassassin/.spamassassin/bayes

#   Add *****SPAM***** to the Subject header of spam e-mails
#
rewrite_header Subject [***** SPAM _SCORE_ *****]


#   Save spam messages as a message/rfc822 MIME attachment instead of
#   modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 0


#   Set which networks or hosts are considered 'trusted' by your mail
#   server (i.e. not spammers)
#
# trusted_networks 212.17.35.


#   Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock


# Network checks
skip_rbl_checks 0
use_razor2 0
#use_dcc 0
use_pyzor 0

#   Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 3.4


#   Use Bayesian classifier (default: 1)
#
use_bayes 1
use_bayes_rules 1

#   Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1


#   Set headers which may provide inappropriate cues to the Bayesian
#   classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status


#   Some shortcircuiting, if the plugin is enabled
# 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
#   default: strongly-whitelisted mails are *really* whitelisted now, if the
#   shortcircuiting plugin is active, causing early exit to save CPU load.
#   Uncomment to turn this on
#
# shortcircuit USER_IN_WHITELIST       on
# shortcircuit USER_IN_DEF_WHITELIST   on
# shortcircuit USER_IN_ALL_SPAM_TO     on
# shortcircuit SUBJECT_IN_WHITELIST    on

#   the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST       on
# shortcircuit USER_IN_BLACKLIST_TO    on
# shortcircuit SUBJECT_IN_BLACKLIST    on

#   if you have taken the time to correctly specify your "trusted_networks",
#   this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED             on

#   and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99                spam
# shortcircuit BAYES_00                ham

endif # Mail::SpamAssassin::Plugin::Shortcircuit

blacklist_from [email protected]
blacklist_from advertise*@gmail.com
    
por CaptSaltyJack 07.01.2014 / 16:47

1 resposta

2

Suspeito que você esteja executando seu spamassassin -t test como um usuário diferente do que o postfix está invocando como. Se o postfix já tiver feito downgrade de privilégios do root, ele poderá não ser executado como qualquer outro usuário além dele mesmo.

Como parece que você está executando todas as mensagens do SpamAssassin como o mesmo usuário, não é necessário ter contas separadas no SpamAssassin. Tente usar /etc/spamassassin/local.cf (ou qualquer que seja a configuração do sistema) em vez de ~/.spamassassin/user_prefs para sua lista negra e, se isso funcionar, certifique-se de que outros itens por usuário sejam feitos globalmente também, especialmente bayes de todo o site . (A única outra em que consigo pensar é AWL .)

Se você quiser itens por usuário, terá que descobrir com qual usuário está sendo executado. Explore seus logs ou talvez você possa executar top e assistir à mensagem de teste (embora seja rápido ...).

    
por 25.02.2014 / 00:47