Skip to main content

Emails Bypassing RBL Reject and SpamAssassin Bounce

Comments

5 comments

  • cPanelLauren
    HI @DigitalEssence A couple things: 1:
    Apache SpamAssassin": bounce spam score threshold set to 20.

    20 is really high, this means that mail with a spamscore of 20 or lower you're allowing - personally I set mine to 2-3 2: I see the following in your exim_mainlog output: 2018-12-06 07:34:06.216 [29495] cwd=/var/spool/MailScanner/incoming 5 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1gUoAV-0007aK-Oz
    This indicates to me that you're using mailscanner and mail isn't even being scanned by SpamAssassin it's all being handled through MailScanner There's nothing wrong with using this software but I do want to point out that configuration for spam needs to all be handled from within the application, and it's been known to be problematic with our Exim/Mail configurations.
    0
  • DigitalEssence
    Hi Lauren, thanks for your reply. 1) In Mailscanner, legitimate emails can have a score up to about 5 or 6 so 20 is a good threshold for High Probability spam. 2) Doh! Yes, I'm using Mailscanner. But I thought that used Spamassassin hence me using that threshold setting. Let me go off and do some checking. Looks like that's the reason. I've actually been able to reduce the spam by adding a couple of extra RBLs. I've added Baracuda, SEMFresh from Spameatingmonkey (Gotta love the name) and uribl but this one isn't working yet. I used multi.uribl.com but that may be the wrong address. So far this has had a great impact on spam which hopefully should keep my customers happy.
    0
  • cPanelLauren
    Hi @DigitalEssence If you're using the scores we use 1,2, 3 etc. that's really really high its = to 200. Spam Assassin's actual score for our 2 is 20(based on the scoring in the header). I'm really not sure if that's how MailScanner does it or not. The RBL's will be great because they reject/accept at SMTP time before MailScanner or anything else has a chance to process. The only one you want to be careful in my experience is Barracuda as they tend to be overly cautious and end I ended up with a lot of false positives.
    0
  • DigitalEssence
    Thanks Lauren, I'm going to disable the bouncing based on the SA score as it seems that MailScanner is scoring these differently. I do though have an issue with emails listed on the URIBL not being blocked. I've got multi.uribl.com in my list of custom RBL's and then Custom RBL: URIBL [?] set to On but emails are still being received. There's also no sign of URIBL in the exim_reject log either. MailScanner is showing me the following SpamAssassin Score: URIBL_BLACK 20.00 Contains an URL listed in the URIBL blacklist And I see the following in the header: Received: from mta53.mhmail.co.uk ([78.129.159.18]:52650) by hostname.domainname.net with esmtp (Exim 4.91) (envelope-from ) id 1gWKeK-00087L-Qf for email@customeremail.co.uk; Mon, 10 Dec 2018 12:27:00 +0000
    If I look up this url at URIBL.COM - Realtime URI Blacklist it shows as listed. I'd quite like to get this resolved as URIBL has a 100% hit rate for spam senders so seems pretty robust. All of the other RBL's I've added to Exim Configuration Manager " Manage Custom RBLs are working and showing in the reject log except for URIBL.
    0
  • cPanelLauren
    Hi @DigitalEssence It looks like you had this same issue previously I found the thread here: Which indicated that your dns resolvers may have been the issue? This thread also goes over the perl script you can add for surbl
    0

Please sign in to leave a comment.