EzDevInfo.com

spamassassin interview questions

Top spamassassin frequently asked interview questions

SpamAssassin Razor2 always gives confidence level above 50%

I have a powermta SMTP ready. Whenever I try to send HTML email, Razor2 gives me confidence above 50%.

I tried with different content, my IP is not blacklisted neither the domain. But Razor2 always gives me bad score, but if I send email with plain text and no html, then Razor2 check passes. I have all my headers properly set, I am using mail-tester.com to see the email score.

My question is how can I improve my email to get pass through Razor2. My email scores and header are on this link http://www.mail-tester.com/web-M5O2Ps


Source: (StackOverflow)

Why email from my server is being marked as spam by popular clients?

I am sending single letters of notifications, yet they are being marked as spam by almost every server.

I've got detailed report from "is not spam" service, but can't really understand what lines of it are important. From what I have gathered by googling, everything looks moderately OK, yet emails end up in spam anyway.

Please tell me, what am I missing.

http://isnotspam.com/dreport.php?id=42159&email=gouf@4otaku.ru


Source: (StackOverflow)

Advertisements

JavaMail JamesServer: Email is marked as spam

Email sent from JamesServer are marked as spam. I am using JavaMail to connect to JamesServer to send emails.

To test spam, I am using the mail-tester.com site. This site tells me the email are marked as spam with a negative threshold for below:

  -3.603        HELO_LOCALHOST      HELO_LOCALHOST

I came across helo and ehlo parameter based on the site. To override helo and ehlo, I have used "mail.smtp.localhost" property. But I was able to change ehlo but I am not able to change helo value.

How do I change value of helo parameter?

Here is my java sample code:

    import java.net.InetAddress;
    import java.net.UnknownHostException;
    import java.util.Date;
    import java.util.Properties;

    import javax.mail.MessagingException;
    import javax.mail.PasswordAuthentication;
    import javax.mail.Session;
    import javax.mail.Transport;
    import javax.mail.internet.InternetAddress;
    import javax.mail.internet.MimeMessage;

    public class TestSendMail {
        private String fromEmail = "admin@xxxxxxxxxx.com";
        public void sendmail() {
            Properties properties = new Properties();

            final String smtpHost = "xxxxxxxxxx.com";
            String port = "25";
            String strHostName = smtpHost;
            try {
                strHostName = InetAddress.getLocalHost().getHostName();
                System.out.println(strHostName);
            } catch (UnknownHostException e) {
            }
            properties.put("helo", strHostName );
            properties.put("mail.host", strHostName );
            properties.put("mail.smtp.localhost", strHostName );
            properties.put("mail.smtps.localhost", strHostName);
            properties.put("mail.smtp.host", smtpHost);
            properties.put("mail.smtp.port", port);
            properties.put("mail.smtp.auth", "true");
            properties.put("mail.transport.protocol", "smtp");

            Session session = Session.getInstance(properties,
                    new javax.mail.Authenticator() {
                        protected PasswordAuthentication getPasswordAuthentication() {
                            return new PasswordAuthentication(fromEmail,"Welcome123!");
                        }
                    });

            String toEmail = "web-3a2Lxc@mail-tester.com";
            String replyTo = "noreply@" + smtpHost;
            String messageBody = "<html><body>Test body</body></html>";
            try {
                MimeMessage message = new MimeMessage(session);
                message.setSentDate(new Date());
                message.setFrom(new InternetAddress(fromEmail));
                message.addRecipient(javax.mail.Message.RecipientType.TO, new InternetAddress(toEmail));
                message.setSubject("Test");
                message.setReplyTo(new javax.mail.Address[]
                {
                    new InternetAddress(replyTo)
                });
                message.setContent(messageBody, "text/html");

                Transport.send(message);
                System.out.println("Message sent successfully....");
            } catch (MessagingException mex) {
                mex.printStackTrace();
                System.out.println(mex.getMessage());
            }
        }

        public static void main(String[] args) {
            TestSendMail send = new TestSendMail();
            send.sendmail();
        }
    }

Here is my email log which I got it from mail-tester.com

    Received: by mail-tester.com (Postfix, from userid 500) id F01C8A0C53;
        Fri,  5 Jun 2015 14:01:09 +0200 (CEST)
    X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail-tester.com
    X-Spam-Flag: YES
    X-Spam-Level: *****
    X-Spam-Status: Yes/6.0/5.0
    X-Spam-Test-Scores: FSL_HELO_NON_FQDN_1=0.001,HELO_LOCALHOST=3.603,
        HTML_MESSAGE=0.001,MIME_HTML_ONLY=1.105,RDNS_NONE=1.274
    X-Spam-Last-External-IP: 128.199.181.189
    X-Spam-Last-External-HELO: localhost
    X-Spam-Last-External-rDNS: 
    X-Spam-Date-of-Scan: Fri, 05 Jun 2015 14:01:09 +0200
    X-Spam-Report: *  3.6 HELO_LOCALHOST No description available.  *  0.0
     FSL_HELO_NON_FQDN_1 No description available.  *  1.1 MIME_HTML_ONLY BODY:
     Message only has text/html MIME parts  *  0.0 HTML_MESSAGE BODY: HTML
     included in message    *  1.3 RDNS_NONE Delivered to internal network by a
     host with no rDNS
    Received-SPF: None (no SPF record) identity=mailfrom;
     client-ip=128.199.181.189; helo=localhost;
     envelope-from=admin@xxxxxxxxxx.com; receiver=web-3a2lxc@mail-tester.com
    Authentication-Results: mail-tester.com; dmarc=none
     header.from=xxxxxxxxxx.com
    Received: from localhost (unknown [128.199.181.189])
        by mail-tester.com (Postfix) with ESMTP id 2B6E09F862
        for <web-3a2Lx@mail-tester.com>; Fri,  5 Jun 2015 14:01:07 +0200 (CEST)
    MIME-Version: 1.0
    X-UserIsAuth: true
    Received: from 122.175.7.239 (EHLO USER-PC) ([122.175.7.239])
        by xxxxxxxxxx-01 (JAMES SMTP Server ) with ESMTPA ID 1021366912
        for <web-3a2Lx@mail-tester.com>;
        Fri, 05 Jun 2015 08:02:40 -0400 (EDT)
    Date: Fri, 5 Jun 2015 17:32:44 +0530 (IST)
    From: admin@xxxxxxxxxx.com
    Reply-To: noreply@xxxxxxxxxx.com
    To: web-3a2Lx@mail-tester.com
    Message-ID: <17905416.0.1433505764473.JavaMail.USER@USER-PC>
    Subject: Test
    Return-Path: admin@xxxxxxxxxx.com
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    <html><body>Test body</body></html>

Any help is appreciated.


Source: (StackOverflow)

Error from amavisd-new-cronjob sa-sync

My Amavis which i run in a Ubuntu 14.04.1 LTS sends me every day about 4 Mails with following content:
"pyzor: check failed: internal error, python traceback seen in response"
Well since i didnt see any traceback and wasnt able to find it, i googled...

First Hint was "pyzor ping". I ran it as User amavis and the result was "public.pyzor.org:24441 (200, 'OK')"

So that seems fine. Its alive. Then i tested if its "working".

Input:
spamassassin -D pyzor <1415394952.V54I4460799M230590.h2063374.stratoserver.net\:2\,Sa

Feedback:
Nov 25 08:48:16.182 [13757] dbg: pyzor: network tests on, attempting Pyzor
Nov 25 08:48:30.944 [13757] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Nov 25 08:48:30.945 [13757] dbg: pyzor: opening pipe: /usr/bin/pyzor --homedir /etc/mail/spamassassin check < /tmp/.spamassassin13757wvlpQJtmp
Nov 25 08:48:30.992 [13757] dbg: pyzor: [13759] finished successfully
Nov 25 08:48:30.992 [13757] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 1 0

After further searching in google without any helping results i thought "look into the Content of /usr/sbin/amavisd-new-cronjob!"

#!/bin/bash

# amavisd-new cronjob helper
#
# Run it as the amavis user
#
# First parameter specifies which cronjob routine to run:
#               sa-sync:        spamassassin fast sync
#               sa-clean:       spamassassin cleanup

test -e /usr/bin/sa-learn || exit 0
test -e /usr/sbin/amavisd-new || exit 0

if [ "$(id --name -u)" != "amavis" ]
then
    echo "Please run this cronjob as user amavis"
    exit 1
fi

set -e
umask 022

if ! perl -MMail::SpamAssassin -e "my \$spamtest = Mail::SpamAssassin->new();
\$spamtest->compile_now (); \$spamtest->{conf}->{use_bayes} ? exit 0 : exit 1"
then
        #bayes is disabled - just exit
        exit
fi

case $1 in
        sa-sync)
                /usr/bin/sa-learn --sync 2>&1 >/dev/null
                ;;
        sa-clean)
                /usr/bin/sa-learn --sync --force-expire 2>&1 >/dev/null
                ;;
        *)
                echo "$0: unknown cron routine $1" >&2
                exit 1
                ;;
esac

exit 0

I was able to succsessfully execute "sa-sync" and "sa-clean" as User Amavis so the error has to be somewhere further up.

I commented following lines and was suddenly able to execute the amavisd-new-cronjob as User amavis without any errors...

#if ! perl -MMail::SpamAssassin -e "my \$spamtest = Mail::SpamAssassin->new();
#\$spamtest->compile_now (); \$spamtest->{conf}->{use_bayes} ? exit 0 : exit 1"
#then
#        #bayes is disabled - just exit
#        exit
#fi

I dont feel well leaving it as it is, since i am not sure what those lines do or which permissons the User amavis needs to successfully run them.

Has anybody a hint for me how to solve this Problem?


Source: (StackOverflow)

How Random email generation and capturing work

I would like to understand how can I capture emails sent to different random email ids generated by server in one inbox to run analysis on those emails something like this website does : https://www.mail-tester.com/

Here , with each page referesh, you would notice a new random email id is generated. If an email is sent to this random email id, the mail-tester server captures that email, assesses it using spamassassin and generates a report. I want to understand how can we capture emails sent to so many different random email ids in a single inbox so that they can be assessed by spamassassin or any other utility.


Source: (StackOverflow)

How in perl to pass string to a CLI program that expects file input

I am trying to build a SpamAssassin test that uses ClamAV's CLI tool, sigtool, to detect when an attached MS Office legacy file like an .xls or .doc that MAY have a macro, actually has an executable macro.

It is easy enough to call sigtool in perl and pass it a filename to be scanned like this

my $filename = "email_attach";
my $scan = `/usr/bin/sigtool --vba="$filename"`;
if ($scan =~ /autoopen/i ) {
  print "Scanning $file: INFECTED VBA\n";
}

However, as a SpamAssassin test I already have the email attachments in memory as variables passed to my test. So I do not want to take the time to write each attachment to disk and then tell sigtool to go read it.

I have researched the entire Ch 16 of Programming Perl and Perl Cookbook on Interprocess Communications and Process Management and Communication, and there is a TON of info there, but I did not see anything that addressed streaming your internal perl program data as input to an external application that is looking for a path/filename to be passed as a command line argument.

Thank you for any thoughts on how to accomplish this. Or if anyone knows of a simpler way to detect a VBA macro or executable in the MS Office legacy files, that would be fine as well.


Source: (StackOverflow)

SpamAssassin MISSING_MIMEOLE rule

Im sending out mails that spamassasin are quite harsh on - one of the biggest minusses it gives is:

  0.0 HTML_IMAGE_RATIO_06    BODY: HTML has a low ratio of text to image area
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
  1.6 HTML_IMAGE_ONLY_24     BODY: HTML: images with 2000-2400 bytes of words
  0.0 HTML_MESSAGE           BODY: HTML included in message
  0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
**1.9 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE

I look it up and it says:

SpamAssassin Rule: MISSING_MIMEOLE

Standard description: Message has X-MSMail-Priority, but no X-MimeOLE

Explanation

The message is pretending to be generated by a Microsoft email program which uses the extension header X-MSMail-Priority, but is missing the extension header X-MimeOLE which is characteristic of Microsoft email.

This suggests that the sender is using badly-written mailout software, rather than a genuine Microsoft email program.

I use htmlmimemail5 on apache servers on ubuntu - and I dont want to use freaking microsoft mailsendout software - how do I avoid getting those 1.9 points? (i need under 2 points to not go into spam filter)


Source: (StackOverflow)

spamassassin rdns reversedns

Spamassasin gives the following flag on my emails:

*

0.8 RDNS_NONE Delivered to internal network by a host with no rDNS

"This test checks to see if there is a reverse DNS entry for the last untrusted relay. Note that this may be done by interpreting information in the relevant Received header - if reverse DNS checks are not performed by the first trusted relay, or if they are not recorded in the Received header, this test will be triggered (regardless of the actual rDNS status)."

*

The only ip I can see on my emails are 94.143.11.2 -> which you can reverse dns to trophymanager.com. Google and hotmail have no problems with this - but Spamassassin gives it a flag - what am I missing here?


Source: (StackOverflow)

Postfix mail transport unavailable only in queue

Yesterday i've tried to configure spamassassin on my debian server through this tutorial: https://www.rosehosting.com/blog/install-and-setup-spamassassin-in-debian-6/. Today i noticed that my e-mail gets queued with this error: mail transport unavailable

postfix/qmgr[6666]: warning: connect to transport private/spamassassin: No such file or directory

I've removed all the things from that tutorial and removed spamassassin from my server. Everything is now working, except the mail queue.

When I use postqueue -f, I still get the same error. Is there a way to resend the mail from the queue with the new settings?

In my master.cf nor main.cf from postfix i can find the private/spamassassin directory.

Regards


Source: (StackOverflow)

Get spamassassin to drop emails containing a specific REGEX in attached filenames

newbie asking first question :)

I'm running a mail server (Ubuntu/Postfix/Dovecot) with SpamAssassin. Most of the known spam is flagged (RBLs, and obvious UCE) except for this particular malspam in attached zip files like "order_info_654321.zip", "paymet_document_123456.zip", and so on, when it doesn't fit any other SA rules. I'd like to procure a rule which drops the matching offenders into oblivion.

After fiddling with regex101.com, I've come up with an expression that matches these patterns exclusively:

/\w+[_][0-9]{6}.zip$/img

Question is... How to format it all, get it to work, and where to put it? So far, I edited /etc/spamassassin/local.cf, added this to the bottom, and restarted:

mimeheader TROJAN_ATTACHED Content-Type =~ /\w+[_][0-9]{6}.zip$/img
describe ZIP_ATTACHED email contains a zip trojan attachment
score TROJAN_ATTACHED 99.

But it doesn't seem to do the magic. Where else can I look for this?

Thank you all, Keijo.-


Source: (StackOverflow)

Why do SpamAssassin and Razor2 penalize for specific domain name in HTML body?

we are an ESP provider from Czech Republic, Europe. Our clients are regular Czech companies with their own client DB. From yesterday we have a problem with our domains used in emails for online version, logout link and tracking the links. We are receiving a bad score because of these domain names.

The score is e.g.:

RAZOR2_CF_RANGE_51_100 = 0.365

RAZOR2_CF_RANGE_E8_51_100 = 2.43

RAZOR2_CHECK = 1.729

We found out that one of our client probably sent a campaign on bought DB (100.000 addresses), so we blocked him, but now we need to solve this issue.

To buy a new domains is a solution, but not long-term solution. Do you have any idea how to solve it?

Would it help, that every user of our system would have (for these links in email) a subdomain like username.redirectdomain.com Or another solution - registering to some whitelist?

There should be a solution when you from 95% do not send spam and you don't want to replace your domains every week. HW and IP addresses we have solved well, we have problem with this penalization in email body - especially for domain names used for tracking the links (oficial links are replaced with ours).

Thank you, for help.

Ondrej


Source: (StackOverflow)

What's the most straightforward way to delete emails marked as spam by SpamAssassin?

I'm on Ubuntu Intrepid, using Postfix and SpamAssassin. I've seen approaches using procmail (like the one suggested @ Apache), but I'm looking for a solution that does not use procmail.

This is a programming question because the correct answer will be some form of code that accomplishes the task at hand (my response to the negative votes).

UPDATE to the situation: I used this tutorial and it worked out excellently: https://help.ubuntu.com/community/PostfixAmavisNew


Source: (StackOverflow)

Passing Text from MySQL into spamassassins Spamc Client

This is my first post here and I am a bit of a nub. I am looking to pass text from a MySQL database through spamassains spamc client. I can do it by writing to a file and then passing this file into spamc as in spamc < 'textfile.txt' but this is slow, due to the disk read/writes.

Does anyone know how to do this directly?


Source: (StackOverflow)

regex to capture any several words in a sentence

I wanted to build a spamassassin URL that matches:

"inform that the security key has expired"

and variations, where there can be 1 to 3 words before the word "has" and it still has to match.

I keep trying and testing in online regex tool. I used .\w but can make it work only partially with just one word before word "has". I want from 1 to 3 words.


Source: (StackOverflow)

Need to scan email contents for spam before sending to users

I have a PHP application which is used by clients to send emails to their customers. There is a page that lets client user build email templates to send to their customers.

I want to add a functionality called 'Spam check'. This will allow client users to check their email template pass spam filter or not.

I have spamassassin installed on the server. How do I use it to check spam contents in the email template before it is sent to the customers ?


Source: (StackOverflow)