Spamassassin läuft unzuverlässig

kdt
Posts: 20
Joined: 2007-08-15 19:00

Spamassassin läuft unzuverlässig

Post by kdt »

Hallo,

ich hatte bisher einen V-Server jetzt einen Root-Server bei Server4You. Auf dem V-Server lief das alles ganz toll, nur auf dem neuen Server macht mit der Spamassassin Ärger.

Er filtert, ja, dass habe ich alles überprüft, nur kommen jetzt fast jede Mail als SPAM durch und das nervt gewaltig.

Daten:
Suse 10.1, Spamassassin 3.1.8 mit Procmail

Konfig:

/etc/procmailrc:

Code: Select all

DROPPRIVS=yes
:0fw: spamassassin.lock
* < 256000
| /usr/bin/spamc
:0
* ^^rom[ ]
{
  LOG="*** Dropped F off From_ header! Fixing up. "

  :0 fhw
  | sed -e '1s/^/F/'
}

MAILDIR=$HOME/Maildir/
DEFAULT=$HOME/Maildir/


/etc/mail/spamassassin/local.cf

Code: Select all

required_score           5.0
rewrite_header subject  ***SPAM***
report_safe             0
add_header spam Report _REPORT_
use_bayes               1
bayes_auto_learn        1
bayes_auto_learn_threshold_nonspam      0.1
bayes_auto_learn_threshold_spam         12.0
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1
ok_languages            all
ok_locales              all
allow_user_rules 1


/usr/share/spamassassin/ ist via sa-update gefüttert worde, auch testweise habe ich die Dateien vom alten Server übernommen:

Code: Select all

drwxr-xr-x  3 root root 4,0K 2007-08-15 16:09 ./
drwxr-xr-x 91 root root 4,0K 2007-08-08 12:03 ../
-rw-r--r--  1 root root 5,6K 2007-08-15 12:45 10_default_prefs.cf
-rw-r--r--  1 root root 7,4K 2007-08-15 12:45 20_advance_fee.cf
-rw-r--r--  1 root root 6,7K 2007-08-15 12:45 20_body_tests.cf
-rw-r--r--  1 root root 1,9K 2007-08-15 12:45 20_compensate.cf
-rw-r--r--  1 root root  15K 2007-08-15 12:45 20_dnsbl_tests.cf
-rw-r--r--  1 root root  15K 2007-08-15 12:45 20_drugs.cf
-rw-r--r--  1 root root  11K 2007-08-15 12:45 20_dynrdns.cf
-rw-r--r--  1 root root 8,2K 2007-08-15 12:45 20_fake_helo_tests.cf
-rw-r--r--  1 root root  25K 2007-08-15 12:45 20_head_tests.cf
-rw-r--r--  1 root root  11K 2007-08-15 12:45 20_html_tests.cf
-rw-r--r--  1 root root 5,2K 2007-08-15 12:45 20_imageinfo.cf
-rw-r--r--  1 root root 3,3K 2007-08-15 12:45 20_meta_tests.cf
-rw-r--r--  1 root root 2,5K 2007-08-15 12:45 20_net_tests.cf
-rw-r--r--  1 root root 8,5K 2007-08-15 12:45 20_phrases.cf
-rw-r--r--  1 root root 2,1K 2007-08-15 12:45 20_porn.cf
-rw-r--r--  1 root root  16K 2007-08-15 12:45 20_ratware.cf
-rw-r--r--  1 root root 5,4K 2007-08-15 12:45 20_uri_tests.cf
-rw-r--r--  1 root root  18K 2007-08-15 12:45 20_vbounce.cf
-rw-r--r--  1 root root 2,6K 2007-08-15 12:45 23_bayes.cf
-rw-r--r--  1 root root 1,6K 2007-08-15 12:45 25_accessdb.cf
-rw-r--r--  1 root root 1,6K 2007-08-15 12:45 25_antivirus.cf
-rw-r--r--  1 root root 1,6K 2007-08-15 12:45 25_asn.cf
-rw-r--r--  1 root root 1,3K 2007-08-15 12:45 25_dcc.cf
-rw-r--r--  1 root root 2,2K 2007-08-15 12:45 25_dkim.cf
-rw-r--r--  1 root root 2,1K 2007-08-15 12:45 25_domainkeys.cf
-rw-r--r--  1 root root 2,9K 2007-08-15 12:45 25_hashcash.cf
-rw-r--r--  1 root root 1,3K 2007-08-15 12:45 25_pyzor.cf
-rw-r--r--  1 root root 3,4K 2007-08-15 12:45 25_razor2.cf
-rw-r--r--  1 root root 7,5K 2007-08-15 12:45 25_replace.cf
-rw-r--r--  1 root root 2,9K 2007-08-15 12:45 25_spf.cf
-rw-r--r--  1 root root 1,8K 2007-08-15 12:45 25_textcat.cf
-rw-r--r--  1 root root 7,5K 2007-08-15 12:45 25_uribl.cf
-rw-r--r--  1 root root  30K 2007-08-15 12:45 30_text_de.cf
-rw-r--r--  1 root root  22K 2007-08-15 12:45 30_text_fr.cf
-rw-r--r--  1 root root 1,9K 2007-08-15 12:45 30_text_it.cf
-rw-r--r--  1 root root  24K 2007-08-15 12:45 30_text_nl.cf
-rw-r--r--  1 root root  19K 2007-08-15 12:45 30_text_pl.cf
-rw-r--r--  1 root root 3,3K 2007-08-15 12:45 30_text_pt_br.cf
-rw-r--r--  1 root root  49K 2007-08-15 12:45 50_scores.cf
-rw-r--r--  1 root root 1,3K 2007-08-15 12:45 60_awl.cf
-rw-r--r--  1 root root 2,8K 2007-08-15 12:45 60_shortcircuit.cf
-rw-r--r--  1 root root 5,1K 2007-08-15 12:45 60_whitelist.cf
-rw-r--r--  1 root root 2,5K 2007-08-15 12:45 60_whitelist_dk.cf
-rw-r--r--  1 root root 2,6K 2007-08-15 12:45 60_whitelist_dkim.cf
-rw-r--r--  1 root root 3,6K 2007-08-15 12:45 60_whitelist_spf.cf
-rw-r--r--  1 root root 1,9K 2007-08-15 12:45 60_whitelist_subject.cf
-rw-r--r--  1 root root 118K 2007-08-15 12:45 72_active.cf
-rw-r--r--  1 root root 100K 2007-08-15 12:45 languages
-rw-r--r--  1 root root 3,3K 2007-08-15 12:45 sa-update-pubkey.txt
drwxr-xr-x  2 root root 4,0K 2007-08-15 16:09 updates_spamassassin_org/
-rw-r--r--  1 root root 2,2K 2007-08-15 16:09 updates_spamassassin_org.cf
-rw-r--r--  1 root root   43 2007-08-15 16:09 updates_spamassassin_org.pre
-rw-r--r--  1 root root 1,9K 2007-08-15 12:45 user_prefs.template


Gibt es hier nen Spamassassin Fachmann ??


VG
Axel
Top

Roger Wilco
Administrator
Administrator
Posts: 6001
Joined: 2004-05-23 12:53

Re: Spamassassin läuft unzuverlässig

Post by Roger Wilco »

SpamAssassin ist i. d. R. sehr gesprächig, welche Regeln genau zur Einstufung einer E-Mail als Spam geführt haben. Schau doch einfach mal bei zwei, drei Mails die angegebenen Regeln durch. Vielleicht fällt dir ja was auf.
Top

kdt
Posts: 20
Joined: 2007-08-15 19:00

Re: Spamassassin läuft unzuverlässig

Post by kdt »

Du meinst den Header der Mails ansehen ??

Heute am Vormittag wurde EINE einzige Mail gefiltert:

Code: Select all

X-KENRecTime: 1187179818
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on alpha123.server4you.de
X-Spam-Level: **********
X-Spam-Status: Yes, score=11.0 required=5.0 tests=FAKE_OUTBLAZE_RCVD,
   HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_20_30,HTML_MESSAGE,
   RCVD_NUMERIC_HELO autolearn=no version=3.1.8
X-Spam-Report: =?ISO-8859-1?Q?
   *  2.5 FAKE_OUTBLAZE_RCVD "mr.outblaze.com" in "Received"-Kopfzeile ist
   *      gef=e4lscht
   *  2.9 HELO_DYNAMIC_SPLIT_IP HELO-Rechnername verd=e4chtig (getrennte
   *      IP-Adresse)
   *  3.3 HELO_DYNAMIC_IPADDR2 HELO-Rechnername verd=e4chtig (IP-Adresse 2)
   *  1.4 RCVD_NUMERIC_HELO "Received"-Kopfzeilen enthalten numerische
   *      HELO-Identifikation
   *  0.9 HTML_20_30 BODY: Nachricht besteht zu 20-30% aus HTML
   *  0.0 HTML_MESSAGE BODY: Nachricht enth=e4lt HTML?=


Und hier mal ne Mail, die früher als SPAM gekommen wäre:

Code: Select all

Return-Path: <Perry@nisursystems.com>
Received: from ----)
   by KEN (4.00.87-v070131) with POP3
   ; Wed, 15 Aug 2007 12:00:01 +0200
Received: from nisursystems.com (unknown [87.253.36.140])
   by alpha123.server4you.de (Postfix) with SMTP id 682DE2701C3
   for <lala@lala.la>; Wed, 15 Aug 2007 11:59:51 +0200 (CEST)
Date: Wed, 15 Aug 2007 02:56:09 -0700
From: "TOFFLER SERVICES COMPANY" <Perry@nisursystems.com>
Subject: Gehen Sie einen neuen Weg!
To: MAIL LALA
Message-Id: <001a01c7dee8$5961d070$00be871c@FACTORY>
Mime-Version: 1.0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_000_0017_01C7DEE8.5961D070"
X-KENRecTime: 1187172001
X-Priority: 3
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
   alpha123.server4you.de
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=5.0 tests=HTML_50_60,HTML_MESSAGE
   autolearn=no version=3.1.8
X-Original-To: LALA
Delivered-To: web1p1@alpha123.server4you.de
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180


Es steht in jeder Mail was vom SA drinne, aber irgend wie stimmt der "score" nicht, ich erwarte mehr.

Hier noch ne Mail con Eurem Forum (lese ja schon seit Jahren heimlich mit ;-)

Code: Select all

Return-Path: <noreply@rootforum.de>
Received: from XX)
   by KEN (4.00.87-v070131) with POP3
   ; Wed, 15 Aug 2007 19:00:30 +0200
Received: from mail.rootservice.org (h767358.rootservice.org [81.169.171.113])
   by alpha123.server4you.de (Postfix) with ESMTP id 6F3862701A0
   for <kdt>; Wed, 15 Aug 2007 19:00:04 +0200 (CEST)
Received: from mail.rootservice.org (h687458.rootservice.org [81.169.138.221])
   by mail.rootservice.org (Postfix) with SMTP id D63A91050E40
   for <ak>; Wed, 15 Aug 2007 19:00:00 +0200 (CEST)
Date: Wed, 15 Aug 2007 19:00:00 +0200
From: noreply@rootforum.de
Subject: Willkommen auf RootForum.de
To: kdt
Reply-To: noreply@rootforum.de
Message-Id: <7483b7450d18a359698986838d0c6939@www.rootforum.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-KENRecTime: 1187197230
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
   alpha123.server4you.de
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham
   version=3.1.8
X-Original-To: ak
Delivered-To: web1p1@alpha123.server4you.de
X-RF-Type:
Top