spamassassin interview questions
Top spamassassin frequently asked interview questions
I have a powermta SMTP ready. Whenever I try to send HTML email, Razor2 gives me confidence above 50%.
I tried with different content, my IP is not blacklisted neither the domain. But Razor2 always gives me bad score, but if I send email with plain text and no html, then Razor2 check passes. I have all my headers properly set, I am using mail-tester.com to see the email score.
My question is how can I improve my email to get pass through Razor2. My email scores and header are on this link http://www.mail-tester.com/web-M5O2Ps
Source: (StackOverflow)
I am sending single letters of notifications, yet they are being marked as spam by almost every server.
I've got detailed report from "is not spam" service, but can't really understand what lines of it are important. From what I have gathered by googling, everything looks moderately OK, yet emails end up in spam anyway.
Please tell me, what am I missing.
http://isnotspam.com/dreport.php?id=42159&email=gouf@4otaku.ru
Source: (StackOverflow)
Email sent from JamesServer are marked as spam. I am using JavaMail to connect to JamesServer to send emails.
To test spam, I am using the mail-tester.com site. This site tells me the email are marked as spam with a negative threshold for below:
-3.603 HELO_LOCALHOST HELO_LOCALHOST
I came across helo and ehlo parameter based on the site. To override helo and ehlo, I have used "mail.smtp.localhost" property. But I was able to change ehlo but I am not able to change helo value.
How do I change value of helo parameter?
Here is my java sample code:
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Date;
import java.util.Properties;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
public class TestSendMail {
private String fromEmail = "admin@xxxxxxxxxx.com";
public void sendmail() {
Properties properties = new Properties();
final String smtpHost = "xxxxxxxxxx.com";
String port = "25";
String strHostName = smtpHost;
try {
strHostName = InetAddress.getLocalHost().getHostName();
System.out.println(strHostName);
} catch (UnknownHostException e) {
}
properties.put("helo", strHostName );
properties.put("mail.host", strHostName );
properties.put("mail.smtp.localhost", strHostName );
properties.put("mail.smtps.localhost", strHostName);
properties.put("mail.smtp.host", smtpHost);
properties.put("mail.smtp.port", port);
properties.put("mail.smtp.auth", "true");
properties.put("mail.transport.protocol", "smtp");
Session session = Session.getInstance(properties,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(fromEmail,"Welcome123!");
}
});
String toEmail = "web-3a2Lxc@mail-tester.com";
String replyTo = "noreply@" + smtpHost;
String messageBody = "<html><body>Test body</body></html>";
try {
MimeMessage message = new MimeMessage(session);
message.setSentDate(new Date());
message.setFrom(new InternetAddress(fromEmail));
message.addRecipient(javax.mail.Message.RecipientType.TO, new InternetAddress(toEmail));
message.setSubject("Test");
message.setReplyTo(new javax.mail.Address[]
{
new InternetAddress(replyTo)
});
message.setContent(messageBody, "text/html");
Transport.send(message);
System.out.println("Message sent successfully....");
} catch (MessagingException mex) {
mex.printStackTrace();
System.out.println(mex.getMessage());
}
}
public static void main(String[] args) {
TestSendMail send = new TestSendMail();
send.sendmail();
}
}
Here is my email log which I got it from mail-tester.com
Received: by mail-tester.com (Postfix, from userid 500) id F01C8A0C53;
Fri, 5 Jun 2015 14:01:09 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail-tester.com
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes/6.0/5.0
X-Spam-Test-Scores: FSL_HELO_NON_FQDN_1=0.001,HELO_LOCALHOST=3.603,
HTML_MESSAGE=0.001,MIME_HTML_ONLY=1.105,RDNS_NONE=1.274
X-Spam-Last-External-IP: 128.199.181.189
X-Spam-Last-External-HELO: localhost
X-Spam-Last-External-rDNS:
X-Spam-Date-of-Scan: Fri, 05 Jun 2015 14:01:09 +0200
X-Spam-Report: * 3.6 HELO_LOCALHOST No description available. * 0.0
FSL_HELO_NON_FQDN_1 No description available. * 1.1 MIME_HTML_ONLY BODY:
Message only has text/html MIME parts * 0.0 HTML_MESSAGE BODY: HTML
included in message * 1.3 RDNS_NONE Delivered to internal network by a
host with no rDNS
Received-SPF: None (no SPF record) identity=mailfrom;
client-ip=128.199.181.189; helo=localhost;
envelope-from=admin@xxxxxxxxxx.com; receiver=web-3a2lxc@mail-tester.com
Authentication-Results: mail-tester.com; dmarc=none
header.from=xxxxxxxxxx.com
Received: from localhost (unknown [128.199.181.189])
by mail-tester.com (Postfix) with ESMTP id 2B6E09F862
for <web-3a2Lx@mail-tester.com>; Fri, 5 Jun 2015 14:01:07 +0200 (CEST)
MIME-Version: 1.0
X-UserIsAuth: true
Received: from 122.175.7.239 (EHLO USER-PC) ([122.175.7.239])
by xxxxxxxxxx-01 (JAMES SMTP Server ) with ESMTPA ID 1021366912
for <web-3a2Lx@mail-tester.com>;
Fri, 05 Jun 2015 08:02:40 -0400 (EDT)
Date: Fri, 5 Jun 2015 17:32:44 +0530 (IST)
From: admin@xxxxxxxxxx.com
Reply-To: noreply@xxxxxxxxxx.com
To: web-3a2Lx@mail-tester.com
Message-ID: <17905416.0.1433505764473.JavaMail.USER@USER-PC>
Subject: Test
Return-Path: admin@xxxxxxxxxx.com
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html><body>Test body</body></html>
Any help is appreciated.
Source: (StackOverflow)
My Amavis which i run in a Ubuntu 14.04.1 LTS sends me every day about 4 Mails with following content:
"pyzor: check failed: internal error, python traceback seen in response"
Well since i didnt see any traceback and wasnt able to find it, i googled...
First Hint was "pyzor ping". I ran it as User amavis and the result was "public.pyzor.org:24441 (200, 'OK')"
So that seems fine. Its alive. Then i tested if its "working".
Input:
spamassassin -D pyzor <1415394952.V54I4460799M230590.h2063374.stratoserver.net\:2\,Sa
Feedback:
Nov 25 08:48:16.182 [13757] dbg: pyzor: network tests on, attempting Pyzor
Nov 25 08:48:30.944 [13757] dbg: pyzor: pyzor is available: /usr/bin/pyzor
Nov 25 08:48:30.945 [13757] dbg: pyzor: opening pipe: /usr/bin/pyzor --homedir /etc/mail/spamassassin check < /tmp/.spamassassin13757wvlpQJtmp
Nov 25 08:48:30.992 [13757] dbg: pyzor: [13759] finished successfully
Nov 25 08:48:30.992 [13757] dbg: pyzor: got response: public.pyzor.org:24441 (200, 'OK') 1 0
After further searching in google without any helping results i thought "look into the Content of /usr/sbin/amavisd-new-cronjob!"
#!/bin/bash
# amavisd-new cronjob helper
#
# Run it as the amavis user
#
# First parameter specifies which cronjob routine to run:
# sa-sync: spamassassin fast sync
# sa-clean: spamassassin cleanup
test -e /usr/bin/sa-learn || exit 0
test -e /usr/sbin/amavisd-new || exit 0
if [ "$(id --name -u)" != "amavis" ]
then
echo "Please run this cronjob as user amavis"
exit 1
fi
set -e
umask 022
if ! perl -MMail::SpamAssassin -e "my \$spamtest = Mail::SpamAssassin->new();
\$spamtest->compile_now (); \$spamtest->{conf}->{use_bayes} ? exit 0 : exit 1"
then
#bayes is disabled - just exit
exit
fi
case $1 in
sa-sync)
/usr/bin/sa-learn --sync 2>&1 >/dev/null
;;
sa-clean)
/usr/bin/sa-learn --sync --force-expire 2>&1 >/dev/null
;;
*)
echo "$0: unknown cron routine $1" >&2
exit 1
;;
esac
exit 0
I was able to succsessfully execute
"sa-sync" and "sa-clean" as User Amavis so the error has to be somewhere further up.
I commented following lines and was suddenly able to execute the amavisd-new-cronjob as User amavis without any errors...
#if ! perl -MMail::SpamAssassin -e "my \$spamtest = Mail::SpamAssassin->new();
#\$spamtest->compile_now (); \$spamtest->{conf}->{use_bayes} ? exit 0 : exit 1"
#then
# #bayes is disabled - just exit
# exit
#fi
I dont feel well leaving it as it is, since i am not sure what those lines do or which permissons the User amavis needs to successfully run them.
Has anybody a hint for me how to solve this Problem?
Source: (StackOverflow)
I would like to understand how can I capture emails sent to different random email ids generated by server in one inbox to run analysis on those emails something like this website does : https://www.mail-tester.com/
Here , with each page referesh, you would notice a new random email id is generated. If an email is sent to this random email id, the mail-tester server captures that email, assesses it using spamassassin and generates a report. I want to understand how can we capture emails sent to so many different random email ids in a single inbox so that they can be assessed by spamassassin or any other utility.
Source: (StackOverflow)
I am trying to build a SpamAssassin test that uses ClamAV's CLI tool, sigtool, to detect when an attached MS Office legacy file like an .xls or .doc that MAY have a macro, actually has an executable macro.
It is easy enough to call sigtool in perl and pass it a filename to be scanned like this
my $filename = "email_attach";
my $scan = `/usr/bin/sigtool --vba="$filename"`;
if ($scan =~ /autoopen/i ) {
print "Scanning $file: INFECTED VBA\n";
}
However, as a SpamAssassin test I already have the email attachments in memory as variables passed to my test. So I do not want to take the time to write each attachment to disk and then tell sigtool to go read it.
I have researched the entire Ch 16 of Programming Perl and Perl Cookbook on Interprocess Communications and Process Management and Communication, and there is a TON of info there, but I did not see anything that addressed streaming your internal perl program data as input to an external application that is looking for a path/filename to be passed as a command line argument.
Thank you for any thoughts on how to accomplish this. Or if anyone knows of a simpler way to detect a VBA macro or executable in the MS Office legacy files, that would be fine as well.
Source: (StackOverflow)
Im sending out mails that spamassasin are quite harsh on - one of the biggest minusses it gives is:
0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000]
1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
**1.9 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
I look it up and it says:
SpamAssassin Rule: MISSING_MIMEOLE
Standard description: Message has X-MSMail-Priority, but no X-MimeOLE
Explanation
The message is pretending to be generated by a Microsoft email program
which uses the extension header X-MSMail-Priority, but is missing the
extension header X-MimeOLE which is characteristic of Microsoft email.
This suggests that the sender is using badly-written mailout software,
rather than a genuine Microsoft email program.
I use htmlmimemail5 on apache servers on ubuntu - and I dont want to use freaking microsoft mailsendout software - how do I avoid getting those 1.9 points? (i need under 2 points to not go into spam filter)
Source: (StackOverflow)
Spamassasin gives the following flag on my emails:
*
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
"This test checks to see if there is a reverse DNS entry
for the last untrusted relay. Note that this may be done by
interpreting information in the relevant Received header - if reverse
DNS checks are not performed by the first trusted relay, or if they
are not recorded in the Received header, this test will be triggered
(regardless of the actual rDNS status)."
*
The only ip I can see on my emails are 94.143.11.2 -> which you can reverse dns to trophymanager.com. Google and hotmail have no problems with this - but Spamassassin gives it a flag - what am I missing here?
Source: (StackOverflow)
Yesterday i've tried to configure spamassassin on my debian server through this tutorial: https://www.rosehosting.com/blog/install-and-setup-spamassassin-in-debian-6/.
Today i noticed that my e-mail gets queued with this error: mail transport unavailable
postfix/qmgr[6666]: warning: connect to transport private/spamassassin: No such file or directory
I've removed all the things from that tutorial and removed spamassassin from my server. Everything is now working, except the mail queue.
When I use postqueue -f, I still get the same error. Is there a way to resend the mail from the queue with the new settings?
In my master.cf nor main.cf from postfix i can find the private/spamassassin directory.
Regards
Source: (StackOverflow)
newbie asking first question :)
I'm running a mail server (Ubuntu/Postfix/Dovecot) with SpamAssassin. Most of the known spam is flagged (RBLs, and obvious UCE) except for this particular malspam in attached zip files like "order_info_654321.zip", "paymet_document_123456.zip", and so on, when it doesn't fit any other SA rules. I'd like to procure a rule which drops the matching offenders into oblivion.
After fiddling with regex101.com, I've come up with an expression that matches these patterns exclusively:
/\w+[_][0-9]{6}.zip$/img
Question is... How to format it all, get it to work, and where to put it? So far, I edited /etc/spamassassin/local.cf
, added this to the bottom, and restarted:
mimeheader TROJAN_ATTACHED Content-Type =~ /\w+[_][0-9]{6}.zip$/img
describe ZIP_ATTACHED email contains a zip trojan attachment
score TROJAN_ATTACHED 99.
But it doesn't seem to do the magic. Where else can I look for this?
Thank you all,
Keijo.-
Source: (StackOverflow)
we are an ESP provider from Czech Republic, Europe. Our clients are regular Czech companies with their own client DB. From yesterday we have a problem with our domains used in emails for online version, logout link and tracking the links. We are receiving a bad score because of these domain names.
The score is e.g.:
RAZOR2_CF_RANGE_51_100 = 0.365
RAZOR2_CF_RANGE_E8_51_100 = 2.43
RAZOR2_CHECK = 1.729
We found out that one of our client probably sent a campaign on bought DB (100.000 addresses), so we blocked him, but now we need to solve this issue.
To buy a new domains is a solution, but not long-term solution. Do you have any idea how to solve it?
Would it help, that every user of our system would have (for these links in email) a subdomain like username.redirectdomain.com Or another solution - registering to some whitelist?
There should be a solution when you from 95% do not send spam and you don't want to replace your domains every week. HW and IP addresses we have solved well, we have problem with this penalization in email body - especially for domain names used for tracking the links (oficial links are replaced with ours).
Thank you, for help.
Ondrej
Source: (StackOverflow)
This is my first post here and I am a bit of a nub. I am looking to pass text from a MySQL database through spamassains spamc
client. I can do it by writing to a file and then passing this file into spamc as in spamc < 'textfile.txt'
but this is slow, due to the disk read/writes.
Does anyone know how to do this directly?
Source: (StackOverflow)
I wanted to build a spamassassin
URL that matches:
"inform that the security key has expired"
and variations, where there can be 1 to 3 words before the word "has"
and it still has to match.
I keep trying and testing in online regex tool. I used .\w
but can make it work only partially with just one word before word "has"
. I want from 1 to 3 words.
Source: (StackOverflow)
I have a PHP application which is used by clients to send emails to their customers. There is a page that lets client user build email templates to send to their customers.
I want to add a functionality called 'Spam check'. This will allow client users to check their email template pass spam filter or not.
I have spamassassin installed on the server. How do I use it to check spam contents in the email template before it is sent to the customers ?
Source: (StackOverflow)