Testing simscan
Send a message mailtest.txt to a user and check the simscan's response:
> echo "This is a test message" > mailtest.txt > env QMAILQUEUE=/var/qmail/bin/simscan SIMSCAN_DEBUG=2 /var/qmail/bin/qmail-inject user@yourdomain.net < mailtest.txt simscan: cdb looking up simscan: cdb for found clam=yes,spam=yes,spam_hits=9.5,attach=.vbs:.lnk:.scr:.wsh:.hta:.pif <-- your simcontrol file simscan: pelookup clam = yes <-- clamav is ON simscan: pelookup spam = yes <-- spamassassin is ON simscan: pelookup spam_hits = 9.5 <-- msg with a spam scores > 9.5 will be rejected simscan: Per Domain Hits set to : 9.500000 simscan: pelookup attach = .vbs:.lnk:.scr:.wsh:.hta:.pif simscan: attachment flag attach = .vbs:.lnk:.scr:.wsh:.hta:.pif simscan: .vbs is attachment number 0 simscan: .lnk is attachment number 1 simscan: .scr is attachment number 2 simscan: .wsh is attachment number 3 simscan: .hta is attachment number 4 simscan: .pif is attachment number 5 simscan: starting: work dir: /var/qmail/simscan/1295021995.527275.16365 simscan: pelookup: called with root@mail.yourdomain.net simscan: pelookup: domain is mail.yourdomain.net simscan: cdb looking up mail.yourdomain.net simscan: pelookup: local part is root simscan: cdb looking up root@mail.yourdomain.net simscan: pelookup: called with user@yourdomain.net simscan: pelookup: domain is yourdomain.net simscan: cdb looking up yourdomain.net simscan: pelookup: local part is user simscan: cdb looking up user@yourdomain.net simscan: calling clamdscan <-- simscan is calling clamav simscan: normal clamdscan return code: 0 <-- no viruses found simscan: calling spamc <-- simscan is calling spamassassin simscan: calling /usr/bin/spamc spamc -u user@yourdomain.net <-- spamc will look for userprefs simscan:[16364]:CLEAN (3.00/9.50):1.5454s::(null):root@mail.yourdomain.net:user@yourdomain.net <-- the message is not spam simscan: done, execing qmail-queue <-- simscan is putting the message in the qmail queue simscan: qmail-queue exited 0
simscan and chkuser in action in the smtpd log
This is what you are going to see in the smtpd log with the following settings inside simcontrol:
spam=yes,spam_passthru=yes
Simscan will pass through the spam regardless of its score. Hopefully the spam will be stored in the Junk folder by a sieve rule.
@TIMESTAMP CHKUSER accepted sender: from <spammer@somewhere.net::> remote <xxxxxxxxxxxxxxxx> rcpt <> : sender accepted @TIMESTAMP CHKUSER accepted rcpt: from <spammer@somewhere.net::> remote <xxxxxxxxxxxx> rcpt <user@yourdomain.net> : found existing recipient @TIMESTAMP simscan:[26411]:PASSTHRU (16.60/5.00):4.3012s:Body text.:[remoteIP]:spammer@somewhere.net:user@yourdomain.net
spam=yes,spam_passthru=no,spam_hits=9.5
spam will be rejected in case its score is above 9.5, never passed to the user:
@TIMESTAMP CHKUSER accepted sender: from <spammer@somewhere.net::> remote <xxxxxxxxxxxxxxxx> rcpt <> : sender accepted @TIMESTAMP CHKUSER accepted rcpt: from <spammer@somewhere.net::> remote <xxxxxxxxxxxx> rcpt <user@yourdomain.net> : found existing recipient @TIMESTAMP simscan:[26411]:SPAM REJECT (16.60/5.00):4.3012s:Body text.:[remoteIP]:spammer@somewhere.net:user@yourdomain.net
spam=yes,spam_hits=9.5
I strongly suggest this configuration.
In the following case the score is between 5.0 and 9.5 the message will be passed through by simscan even though spamassassin has labeled it as spam:
@TIMESTAMP CHKUSER accepted sender: from <spammer@somewhere.net::> remote <xxxxxxxxxxxxxxxx> rcpt <> : sender accepted @TIMESTAMP CHKUSER accepted rcpt: from <spammer@somewhere.net::> remote <xxxxxxxxxxxx> rcpt <user@yourdomain.net> : found existing recipient @TIMESTAMP simscan:[26411]:SPAM CLEAN (6.40/9.50):4.3012s:Body text.:[remoteIP]:spammer@somewhere.net:user@yourdomain.net
And this should be the header of such a message:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-01-18) on mail.myserver.net X-Spam-Flag: YES X-Spam-Level: ****** X-Spam-Status: Yes, score=6.4 required=5.0 tests=BAYES_99,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RDNS_NONE autolearn=no version=3.3.1
Note that the message's status IS spam, but the score is below 9.5 and it was not rejected by simscan.
Troubleshooting
@400000004dd263d6378e6b74 qmail-smtpd: message delayed (mail server temporarily rejected message (#4.3.0)): xxxx@xxxxx.xx from y.y.y.y to zzzzzz@zzzz.zz helo mail.xxxxx.xx
I saw an error like this in a server where both spamd and clamd was stopped. The problem was solved simply running the servers again.
Italiano
EnglishRecent comments
- I'm not familiar with unison,
5 weeks 2 days ago - failover replication
5 weeks 2 days ago - There is a simple solution
6 weeks 1 day ago - Many thanks!
6 weeks 3 days ago - cram-md5 auth
6 weeks 4 days ago - SMTPAUTH
6 weeks 4 days ago - @Black list test
7 weeks 5 days ago - @Black list test
7 weeks 5 days ago - @Black list test
7 weeks 6 days ago - Black list test could not pass @@
7 weeks 6 days ago
Recent blog posts
- Browsers comparison
- Installing Dovecot and sieve on a vpopmail + qmail server
- Roundcube webmail
- Sieve interpreter & Dovecot ManageSieve
- Expunging expired Junk and Trash emails with dovecot
- Roundcube plugins
- Running two php/mysql/mariadb versions on the same apache web server
- Installing mariaDB from source
- Patching qmail
- Setting up and upgrading MySQL 5.x
Comments
simscan issue
Czy chodziło Ci o: mam taki problem z sim scan
I have a problem with simscan
simscan: check_spam detected spam refuse message
@400000004f6d08c5185a65dc simscan: exit error code: 82
@400000004f6d08c5185b8ad4 qmail-smtpd: message rejected (Your email is considered spam (1001.30 spam-hits)):
can you please provide
Mihoo, can you please provide the smapd.log details just to see why you got such an high spamassassin score? Do you have userprefs settings?