Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Mon Jun 19, 2017 1:07 am 
Offline
Senior Newbie

Joined: Wed Jun 24, 2015 9:57 am
Posts: 14
Hi,

I'm trying to work out how to get around this error:
Code:
X-Spam-Score: 0
X-Spam-Bar: /
X-Spam-Report: Spam detection software, running on the system "admin.newbyhost.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 
 Content preview:  new car? compare the best deals. --> the epic way to finance
    your new car. the epic way to finance your new car [1] apply now › car
   loans from £1,000to £100,000* [...] 
 
 Content analysis details:   (-0.0 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                             See
                             http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                              for more information.
                             [URIs: bmetrack.com]
 -0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
                             [207.8.97.3 listed in wl.mailspike.net]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                             domain
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                             domains are different
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
  0.0 LOTS_OF_MONEY          Huge... sums of money
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
It's a basic setup using VestaCP, but I can't work out why it gives that error. There is no way my server is sending too much traffic to the RBL checks to warrant a blocking, so it must be something else?

Cheers

Andy


Top
   
PostPosted: Mon Jun 19, 2017 2:27 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 24, 2016 4:30 am
Posts: 226
Everyone using linode's DNS servers has this problem and linode has decided not to address the issue.

Basically, the URIBL service is free for a few emails (like personal use), but anything above that requires some kind of payment. Linode does not want to pay for such a service to offer to us, so any requests to URIBL (via spamassassin or other similar tool) fail with URIBL_BLOCKED.

There are two things you can do:

1) Keep using linode's DNS servers and just ignore URIBL (you can even disable the check in spamassassin)

2) Setup your own DNS servers, if you have a normal amount of emails then you'll get free service from URIBL, but if you exceed their threshold then you will also be blocked.

_________________
:idea: I love my computer... all my friends live there.


Top
   
PostPosted: Mon Jun 19, 2017 2:47 am 
Offline
Senior Newbie

Joined: Wed Jun 24, 2015 9:57 am
Posts: 14
Hi,

Thanks for the reply. Mmm yeah, not too sure I like the idea of setting up my own DNS server. Seems a bit of a faff :( Maybe I will just have to deal with it then.

What is confusing me though, is why these both match, but don't hold any "score" ?
Code:
  0.0 LOTS_OF_MONEY          Huge... sums of money
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
I would have thought the fact that they matched, would mean it needs to give them some kind of negative score.

Cheers

Andy


Top
   
PostPosted: Mon Jun 19, 2017 7:23 am 
Offline
Senior Member

Joined: Wed Oct 20, 2010 12:11 pm
Posts: 170
Some tests match only to give output in the headers. I assume this is for people to filter on matched text in their email clients.


Top
   
PostPosted: Mon Jun 19, 2017 8:59 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 24, 2016 4:30 am
Posts: 226
Indeed as the above user mentioned, some are matched but do not have a score. For example, if you are a banker and talk about "huge sums of money" then you may not want a negative score on your emails.

T_DKIM_INVALID is there to tell people that their DKIM implementation is broken. In my servers I always reject emails with an invalid DKIM. In addition, I don't use spamassassin for DKIM checking, but I prefer the check to happen earlier in the process via OpenDKIM milter during postfix processing. Thus, emails will be rejected earlier and spamassassin will have to do less work.

If you want, you can give T_DKIM_INVALID a score of 100 to just block those broken emails.

In OpenDKIM I use the following settings:
Code:
On-BadSignature		reject
On-KeyNotFound		reject
On-Security		reject

_________________
:idea: I love my computer... all my friends live there.


Top
   
PostPosted: Mon Jun 19, 2017 9:12 am 
Offline
Senior Newbie

Joined: Wed Jun 24, 2015 9:57 am
Posts: 14
Thanks everyone. Where would I go about editing the score for T_DKIM_INVALID? I'm assuming its part of the core, so I would need to overwrite it in local.cf maybe?

Cheers

Andy


Top
   
PostPosted: Mon Jun 19, 2017 4:17 pm 
Offline
Senior Member
User avatar

Joined: Sun Jan 24, 2016 4:30 am
Posts: 226
Yes, you can edit the local.cf, in CentOS its under /etc/mail/spamassassin and add a line like:

score T_DKIM_INVALID 100

In CentOS, you can look at the rules under /var/lib/spamassassin/

_________________
:idea: I love my computer... all my friends live there.


Top
   
PostPosted: Tue Jun 20, 2017 1:18 am 
Offline
Senior Newbie

Joined: Wed Jun 24, 2015 9:57 am
Posts: 14
Awesome, thanks :)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
RSS

Powered by phpBB® Forum Software © phpBB Group