I don't have an answer to your specific question, but I would like to recommend against having a spam folder.

In my experience it's far better to simply reject borderline mail at SMTP time. That way, the sender gets an immediate notice that it didn't go through and why. If such mail instead went into a spam folder, it could languish unnoticed for days or weeks or forever, while the sender believes it got through. Such silent failure is the worst-case scenario.

@Xan:

I don't have an answer to your specific question, but I would like to recommend against having a spam folder.

In my experience it's far better to simply reject borderline mail at SMTP time. That way, the sender gets an immediate notice that it didn't go through and why. If such mail instead went into a spam folder, it could languish unnoticed for days or weeks or forever, while the sender believes it got through. Such silent failure is the worst-case scenario.

Thanks for your reply.

My problem is that I think that some mail doesn't reach the spam folder at all because the mail is discarded before they reach the folder.

Don't think. Know. Check your SMTP logs for the mails you "think" are being rejected. Find out why. Adjust your rules accordingly.

> Don't think. Know. Check your SMTP logs for the mails you "think" are being rejected. Find out why. Adjust your rules accordingly.
Having faced exactly this question–is something I don't want to miss being rejected?--I created the following script to dump in /etc/cron.daily. It parses /var/log/maillog to provide a daily summary of different events, so I can see what's being rejected. It's already helped me find a misconfigured Postfix virtualhost.

I still need to install logtail, so I can ONLY check new errors each day, instead of getting all errors since last rotation.

I'd also recommend using warnifreject for a while when adding new restrictions.

#!/bin/bash
#
# Script to parse postfix logs for issues to report
# Created: 2009-12-30
# Changed: 2009-12-31 Added more detail: relaying, RBLs 

LOGFILE=${logfile:-/var/log/maillog}
echo "Checking for relaying"
relay=`egrep "postfix\/smtpd?\[[0-9]*\]: [NOQUA-F]+:"  ${LOGFILE} | egrep -v "due to listing in|Sender address rejected|Client host rejected|Recipient address rejected" | sed '/Relay access denied/s/^\(.*\) postfix\/smtpd.*from=\([^ ]*\) to=\([^ ]*\) proto=.*/From: \2 To: \3 On: \1/' | sed -e 's/ To:/\nTo:/g' -e 's/ On:/\nOn:/g'`

echo "Relaying denied from:"
echo "$relay" | grep "^From: " | sed 's/^From: //g' | sort | uniq -c | sort -rn
echo "Relaying denied to:"
echo "$relay" | grep "^To: " | sed 's/^To: //g' | sort | uniq -c | sort -rn

rbl=`egrep "postfix\/smtpd?\[[0-9]*\]: [NOQUA-F]+:"  ${LOGFILE}\
   | egrep -v "Relay access denied|Sender address rejected|Client host rejected|Recipient address rejected" \
   | sed '/due to listing in/s/.*due to listing in \([^:]*\):.*from=\([^ ]*\).* to=\([^ ]*\).*/From: \2 To: \3 RBL: \1/g' \
   | sed -e 's/ To:/\nTo:/g' -e 's/ RBL:/\nRBL:/g'`

echo -n "Total RBL blocks: "
echo "$rbl" | grep "^To: " | wc -l
echo "RBL blocked email to:"
echo "$rbl" | grep "^To: " | sed 's/^To: //g' | sort | uniq -c | sort -rn
echo "RBLs:"
echo "$rbl" | grep "^RBL: " | sed 's/^RBL: //g' | sort | uniq -c | sort -rn

echo "Checking for new postfix errors"
egrep "postfix\/smtpd?\[[0-9]*\]: NOQUEUE:" ${LOGFILE} | egrep -v "Relay access denied|due to listing in|Sender address rejected|Client host rejected|Recipient address rejected" || echo "      none."

echo "Statistics"
egrep 'postfix\/smtpd' ${LOGFILE} | egrep -v 'NOQUEUE:|connect from|client=' | sed -e 's/.*smtpd\[[0-9]*\]: //' -e 's/lost connection.*/lost connection/' -e 's/warning.*/warning/' -e 's/timeout.*/timeout/' -e 's/too many errors.*/too many errors/' -e 's/.*reject.*/other reject/' | sort | uniq -c | sort -rg

Here's an example output. The script also checks for NOQUEUE reasons other than the ones I already know about. I can also see which RBLs are catching spammers. If I'm concerned about whether an RBL is too aggressive, I can follow up to see what it's rejecting.

Checking for relaying
Relaying denied from:
      3 <spamery@tiscali.it>1 <mytestaddress@mydom.ain>Relaying denied to:
      3 <spamery@tiscali.it>1 <anothertest@mydom.ain>Total RBL blocks: 372
RBL blocked email to:
    212 <200403130913.36483.lfs-user@mydom.ain>
     57 <mailinglistuser@mydom.ain>29 <info@mydom.ain>28 <bikedc@mydom.ain>20 <user@mydom.ain>6 <200403140926.46641.lfs-user@mydom.ain>
      3 <jumanji@choicemedical.be>2 <zz@mail2000.com.tw>2 <sseenndd0622@yahoo.com.hk>2 <fedora-user@mydom.ain>1 <superedm001@yahoo.com.tw>1 <servicemagic-customer@mydom.ain>1 <poi@mail2000.com.tw>1 <lfs-user@mydom.ain>1 <myself@mydom.ain>1 <53363.lfs-user@mydom.ain>
      1 <41.lfs-user@mydom.ain>
      1 <200403141011.00740.lfs-user@mydom.ain>
      1 <200403122212.03348.lfs-user@mydom.ain>
      1 <200403122137.06415.lfs-user@mydom.ain>
      1 <200403122118.53363.lfs-user@mydom.ain>
RBLs:
    371 zen.spamhaus.org
      1 dul.dnsbl.sorbs.net
Checking for new postfix errors
      none.
Statistics
    163 lost connection
     89 warning
      2 timeout</myself@mydom.ain></lfs-user@mydom.ain></poi@mail2000.com.tw></servicemagic-customer@mydom.ain></superedm001@yahoo.com.tw></fedora-user@mydom.ain></sseenndd0622@yahoo.com.hk></zz@mail2000.com.tw></jumanji@choicemedical.be></user@mydom.ain></bikedc@mydom.ain></info@mydom.ain></mailinglistuser@mydom.ain></anothertest@mydom.ain></spamery@tiscali.it></mytestaddress@mydom.ain></spamery@tiscali.it> 

@Dahak:

> Don't think. Know. Check your SMTP logs for the mails you "think" are being rejected. Find out why. Adjust your rules accordingly.

Using your script I can't find any false positive.

I will check for a week to see better if some false positive is catched.

Thanks for your help.

PS: What do you think about zen.spamhaus.org ???

Is it good to use it?

Take a look at Logwatch. It provides detailed information re: postfix from your syslog.

@node_tux:

Take a look at Logwatch. It provides detailed information re: postfix from your syslog.

I often seen my logwatch but I never founded a false positive.

The strange things is that I often loss forums thread reply notifications also if there is no trace on logwatch of flase positive.

Could this be what's causing the false positives?

https://issues.apache.org/SpamAssassin/ … gi?id=6269">https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6269

SpamAssassin will bump up the spam score of any email dated this year.

@node_tux:

Take a look at Logwatch. It provides detailed information re: postfix from your syslog.

Unfortunately, I haven't figured out how to fix logwatch's parsing of postfix logs. I get a megabuttload of Unmatched Entries like

NOQUEUE: reject: RCPT from 118-168-138-33.dynamic.hinet.net[118.168.138.33]: 554
5.7.1 Mail from 118-168-138-33.dynamic.hinet.net[118.168.138.33] rejected based on
Client host due to listing in zen.spamhaus.org:
http://www.spamhaus.org/query/bl?ip=118.168.138.33; from= <t8.t8@msa.hinet.net>to= <poi@mail2000.com.tw>proto=SMTP helo=<70.85.16.115></poi@mail2000.com.tw></t8.t8@msa.hinet.net> 

instead of a useful summary of errors; hence the quick'n'dirty script as a stopgap. BTW, I've updated it some more if anybody is interested.

@sblantipodi:

What do you think about zen.spamhaus.org ???

Is it good to use it?
When I was looking into blacklists, that's the one that appeared the best, and the stats seem to show it. Zero false positives so far (3 months), and very few get past it to be caught by one of the other BLs I have configured (dul.dnsbl.sorbs.net, and warning on dsn.rfc-ignorant.org & bl.spamcop.net).

````
smtpdclientrestrictions = warnifreject rejectrblclient 1634435237.geobl.spameatingmonkey.net,
permitmynetworks, rejectunauthpipelining, rejectrblclient bl.spameatingmonkey.net, rejectrbl_client zen.spamhaus.org

````

I get maybe 1 or 2 false negatives, and an undetectable number of false positives.

I catched a FALSE Positive in my log,

I don't want to disable spam filter but I don't want to lose email in this way.

Can you help me with a lighter settings?

I also noticed that with the suggested configuration from the guide I posted on the first thread I lost many mail from various forum thread subscriptions.

What is the incriminated value of this false positive?

I added details to first post about my configuration, hope that someone will understand where is the problem and will be so kind to help me :)

Why are you asking us? Look at your logs and see what rules are rejecting mails you think you should be getting. Then adjust as you see fit.

In my experience the two HELO checks you can doing will generate a lot of false positives. I also found that spamcop generated an occasional false positive, and rarely caught anything that spamhaus missed.

There are no perfect solutions though. At the end of the day you will always have to balance the amount of spam coming through against the risk of false positives. You just have to decide your own personal preference as to how much of each you want to live with.

It's been my experience that the HELO checks work beautifully. And if an emailer sends a bad HELO, I'd be hard pressed to call that a false positive in any case.

@Xan:

It's been my experience that the HELO checks work beautifully. And if an emailer sends a bad HELO, I'd be hard pressed to call that a false positive in any case.
You'd change your tune when emails from your wife's workplace weren't getting through ;)

Or maybe not…

I agree that anyone who can't set their HELO greeting properly doesn't deserve to be running an email server, but I have had several cases where email I wanted to receive was rejected by HELO checks. That is how I define a false positive.

I have disabled all the REJECT option in MAIN.CF file

to make a try…

The emails continues to go into spam folder…

How this is possible?

Please help.

@sblantipodi:

I have disabled all the REJECT option in MAIN.CF file

to make a try…

The emails continues to go into spam folder…

How this is possible?

Please help.
Reject lines have nothing to do with a spam folder - they are two completely different things.

If you reject a message, it goes nowhere - the sender may get a reject notice, but you will receive nothing.

The spam folder is a result of your content filter. You haven't posted any details of it's settings, but that is where you should look.

Thanks for your reply,

I'm using amavisd-new with spamassassin,

where I need to see ?

please help :)

please help.

@sblantipodi:

I'm using amavisd-new with spamassassin,
Get rid of those. Set proper postfix checks as detailed here and elsewhere. Live with the few SPAM emails that still get through.

Then start again with those things if you MUST have them.

Good luck.

@kangaby:

@sblantipodi:

I'm using amavisd-new with spamassassin,
Get rid of those. Set proper postfix checks as detailed here and elsewhere. Live with the few SPAM emails that still get through.

Then start again with those things if you MUST have them.

Good luck.

so your suggestion is to not use Spamassassin with amavsd-new check for spam?

do you think that postfix is enough to trash spam with the lowest false postive?

bump…

Spam filtering isn't going to be perfect.

@Xan:

Spam filtering isn't going to be perfect.
If it were, then forum messages like "bump" and "please help" would be automatically rejected.

Oh wait, we were talking about email :oops:

Either you are worried about stuff going missing that shouldn't or you are worried about some SPAM getting through.

You can't have it both ways. Well maybe you can, with an extreme amount of work, I don't know. If this is what you want, expect to do a serious amount of research on your own, that involes more than asking questions on a forum. I don't believe anyone here has a 5 minute answer to get this result. I know I don't.

I'm not worried about the SPAM, I have no problem if I have some false negative, my problem is only in false positive.

Hi,

in /etc/amavisd.conf I have deleted the comments from this line

@bypassspamchecks_maps

it seems that false positive has been reduced a lot.

Can you tell me how it is possible that some mail continue to go to spam folder also if I disabled it in this way?

Thanks.

The only way to guarantee that you never get a false positive is to quit doing spam filtering.

Spam filtering isn't going to be perfect.

Ok Xan but if I have disabled spam filtering (@bypassspamchecks_maps

) in amavisd.conf

why I got spam in the spam folder?

who put the spam in that folder since?

my configuration uses:

Postfix,

dovecot,

amavisd-new,

spamassassin

Oh, I hadn't realized you were disabling the spam filter entirely (or trying to). Sorry.

Unfortunately I have no idea how amavis works.

Hi,

this is the email that my brother received from my server when he try to send me an email on my server.

How can I disable the CBL abuseat?

554 5.7.1 Service unavailable; Client host [151.81.11.38] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=151.81.11.38

You can either tell your mail server to not check the cbl.abuseat.org DNSBL by removing any mention of it from your mail server config (usually /etc/postfix/main.cf), or he can read what that page says about 151.81.11.38 being hijacked and fix the problem.

In short, there's two problems here: you're enabling DNSBLs without understanding the implications, and your brother's computer has been taken over by criminals. That said, if I had to pick one or the other, I'd say your problem is easier to fix than his :-)

@hoopycat:

You can either tell your mail server to not check the cbl.abuseat.org DNSBL by removing any mention of it from your mail server config (usually /etc/postfix/main.cf), or he can read what that page says about 151.81.11.38 being hijacked and fix the problem.

In short, there's two problems here: you're enabling DNSBLs without understanding the implications, and your brother's computer has been taken over by criminals. That said, if I had to pick one or the other, I'd say your problem is easier to fix than his :-)

it seems that the problem isn't mine and isn't of my brother but is related to the SMTP that my brothers is using since it got the same error also when sending email to gmail…

Here is how to set a whitelist in Postfix so that you can whitelist specific IP's against being checked in your RBL's:

http://www.howtoforge.com/how-to-whitel … in-postfix">http://www.howtoforge.com/how-to-whitelist-hosts-ip-addresses-in-postfix

I had to use it to whitelist a Xerox scanner at a school that sends you what you scanned in your email. It somehow ended up on zen.spamhaus.org. It works beautifully.

Other than that, I will reiterate what others have said, SpamAssassin and RBL's are not going to be perfect. The only false positive I have ever had using SpamAssassin + SpamHaus is that Xerox scanner, which probably wasn't a "false" positive to begin with.

It sounds like you are also still learning quite a bit about how to properly configure a mail server and its spam scanners and RBL's. I would recommend perhaps gutting your server and installing Virtualmin from scratch (http://www.virtualmin.com/). It will properly configure Postfix + SpamAssassin + ClamD for you, and give you a nice GUI interface to be able to whitelist different addresses and network ranges if you experience false positives.

In short, it will make your life easier.

thanks for your reply…

I have just setted up something similar.

In my main.cf I got:

checksenderaccess

hash:/etc/postfix/file

your guide told us to put:

checkclientaccess

hash:/etc/postfix/file

what is the difference between this two lines?

http://www.postfix.org/postconf.5.html

A sender is who sent the mail, for example user@example.com.

A client is what machine they sent it from, for example mail.example.com.

@Stever:

http://www.postfix.org/postconf.5.html

A sender is who sent the mail, for example user@example.com.

A client is what machine they sent it from, for example mail.example.com.

ok, thanks :)

@sblantipodi:

Ok Xan but if I have disabled spam filtering (@bypassspamchecks_maps

) in amavisd.conf

why I got spam in the spam folder?

who put the spam in that folder since?

my configuration uses:

Postfix,

dovecot,

amavisd-new,

spamassassin

I requote this question since I got other spam in spam folder…

Check your SpamAssassin configuration