[SOLVED]Which Filter/filters moved the spam mail to Junk Mail folder? and Q related to SpamAssassin\Overal Spam Score

Discussion forum for Enterprise Edition.
Post Reply
poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

[SOLVED]Which Filter/filters moved the spam mail to Junk Mail folder? and Q related to SpamAssassin\Overal Spam Score

Post by poweredge »

Note: "SpamAssassin" is a custom glogal filter I've created, "Where the message fails SpamAssassin verification" > Mark as Spam


Case A: Does the following removed by RBL Score High (Mark as Spam by system filter?) or ME's spam score High (1005) or by SpamAssassin (SA) filter?
==============================================================
Trace: Tracing message with Message ID [21EF1937482F49C096373FFC34D7CE90.MAI] from the SMTP

Inbound Queue
Status: Message ID [21EF1937482F49C096373FFC34D7CE90.MAI] was routed by the MTA from the SMTP

Inbound Queue to 1 destination queue(s)
06/15/21 15:51:26 Queue Route: Message ID [21EF1937482F49C096373FFC34D7CE90.MAI] was routed by

the MTA from the SMTP Inbound Queue to the Postoffice Connector (SF) Outbound Queue with a

Message ID of [A6FF58815F7E4FB8A3A0ACC27D2CEBC9.MAI]
06/15/21 15:51:27 [A6FF58815F7E4FB8A3A0ACC27D2CEBC9.MAI] Delivered message from

[SMTP:no_reply@newedgecs.com] to PO=domain.com MBX=info FLD=\Junk E-mail


Email Header
X-RBL-Result: Generic, Fail
X-ME-Content: Deliver-To=Junk
X-ME-Bayesian: 0.000000
X-ME-Spam: High (1005)


MTAFilter log
06/15/21 15:51:26 Executed 21EF1937482F49C096373FFC34D7CE90.MAI SMTP [System

Spam Filter] ADD_HEADER [SMTP:no_reply@newedgecs.com] 180.214.238.19 High

(1005) Next Of Kin Beneficiary
06/15/21 15:51:26 Executed 21EF1937482F49C096373FFC34D7CE90.MAI SMTP

SpamAssassin ADD_HEADER [SMTP:no_reply@newedgecs.com] 180.214.238.19

CRITERIA=SPAMASSASSIN, DATA=<PASS>1</PASS> Next Of Kin Beneficiary



Case B: Does the following removed by SA or ME's spam score High (960)?
==============================================================
Email Header
Message-ID: <20210615005938.87DA0C6E75F1ADF7@aw.com>
X-ME-Bayesian: 0.000000
X-ME-Spam: High (960)
X-MEFilter: 1


Trace: Tracing message with Message ID [EA51243D826C43F7913AD2DC9E2A43A0.MAI] from the SMTP

Inbound Queue
Status: Message ID [EA51243D826C43F7913AD2DC9E2A43A0.MAI] was routed by the MTA from the SMTP

Inbound Queue to 1 destination queue(s)
06/15/21 16:08:30 Queue Route: Message ID [EA51243D826C43F7913AD2DC9E2A43A0.MAI] was routed by

the MTA from the SMTP Inbound Queue to the Postoffice Connector (SF) Outbound Queue with a

Message ID of [34F1C33570004E929A845C4B56FC730B.MAI]
06/15/21 16:08:30 [34F1C33570004E929A845C4B56FC730B.MAI] Delivered message from [SMTP:no-

reply.sharepointonline@aw.com] to domain.com MBX=account FLD=\Junk E-mail


MTAFilter log
06/15/21 16:08:30 Executed EA51243D826C43F7913AD2DC9E2A43A0.MAI SMTP [System

Spam Filter] ADD_HEADER [SMTP:no-reply.sharepointonline@aw.com] 103.21.183.32

High (960) You have a new file to review
06/15/21 16:08:30 Executed EA51243D826C43F7913AD2DC9E2A43A0.MAI SMTP

SpamAssassin ADD_HEADER [SMTP:no-reply.sharepointonline@aw.com] 103.21.183.32

CRITERIA=SPAMASSASSIN, DATA=<PASS>1</PASS> You have a new file to review


SpamAssassin SPAMD log (Y 12) Means Spam Status = Yes and Score is 12 (very high, anything higher than default 5 will be treated as spam in SA)
Tue Jun 15 16:08:27 2021 [-13132] info: spamd: checking message

<20210615005938.87DA0C6E75F1ADF7@aw.com> for (unknown):0
Tue Jun 15 16:08:29 2021 [-13132] info: spamd: identified spam (12.7/5.0) for (unknown):0 in 5.0 seconds, 211899 bytes.
Tue Jun 15 16:08:29 2021 [-13132] info: spamd: result: Y 12 -
BAYES_00,FREEMAIL_FORGED_REPLYTO,FSL_BULK_SIG,HTML_MESSAGE,HTML_OFF_PAGE,HTML_TAG_BALANCE_HEAD,JA
M_LARGE_FONT_SIZE,JAM_SMALL_FONT_SIZE,MIME_HTML_ONLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RDNS_NONE,SPF_HELO_NONE,TO_NO_BRKTS_HTML_IMG,T_HTML_ATTACH scantime=5.0,size=211899,user=
(unknown),uid=0,required_score=5.0,rhost=mewebmail.localhost,raddr=127.0.0.1,rport=51376,mid=<202
10615005938.87DA0C6E75F1ADF7@aw.com>,bayes=0.000000,autolearn=no autolearn_force=no,shortcircuit=no
==============================================================


2. How come X-ME-Spam: High (1005) or (960) is so high? I thought ME Overall Spam Score is within the range of Low (40) Medium (60) and High (100), as 100 is 100% the highest score?


3. Duplicated Filter?
a. "SpamAssassin" is a custom glogal filter I created, "Where the message fails SpamAssassin verification" > Mark as Spam
b. Spam Protection already has "Fails SpamAssassin" Positive Weighting > Mark as Spam, hence trigger the above [System Spam Filter]

So did I just create a duplicated filter? as Fails SA rule in Spam Protection will already Mark as Spam>Junk Mail folder.


4. Does the alternative Filter still recommended to use for v10.34? while SpamAssassin in a box installed already
http://www.mailenable.com/kb/content/view.asp?ID=ME020493


5. ME striped the SA tag from header? and simply add Mark as Spam > Junk mail folder, why not keeping them along with ME's header?
All of the following useful SA header information are gone.

X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on JetWeb
X-Spam-Level:
X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,AWL,DKIM_SIGNED,
DKIM_VERIFIED,HTML_MESSAGE,URIBL_BLACK autolearn=disabled
version=3.2.5
X-Spam-Report:
* -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -0.0 DKIM_VERIFIED Domain Keys Identified Mail: signature passes
* verification
* 0.0 DKIM_SIGNED Domain Keys Identified Mail: message has a
signature
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
* [URIs: websitehere.com]
* -0.9 AWL AWL: From: address is in the auto white-list


6. Seems X-Spam-Flag isn't used in "SA in a box" version anymore, but apply to normal SpamAssassin version?
http://www.mailenable.com/kb/content/article.asp?ID=ME020462

The article specify "This article only applies when you are using an external SpamAssassin filter that adds the X-Spam-Flag header. " but I am using SA in a box as local 127.0.0.1, so I guess this article doesn't apply to my case?


7. If SA already have enabled Beyesian, do we Still need to enable the ME's Beyesian? Is running two separated Beyesian together recommended? Only con is More load on system is one of the effect I can think of.


8. Last but not least, most importantly, does the overall spam score (Low40/Medium60/High80) get Mark as Spam automatically? I couldn't find any information regarding this. If not how do we enable the filter if spam score is 80 or above, Mark as Spam > hence send to Junk Mail box

Many thanks again!
Last edited by poweredge on Thu Jun 24, 2021 8:16 am, edited 6 times in total.

poweredge
Posts: 157
Joined: Sat May 29, 2021 11:16 am

Re: Which Filter/filters moved the spam mail to Junk Mail folder? and Q related to SpamAssassin\Overal Spam Score

Post by poweredge »

After hours of reading, I think I've figured out all the answers to the above.

Answer:
1.
Case A: It was removed by RBL only and also the customized filter "SpamAssassin", which one move the spam mail to junk folder, that I really don't know.

Case B: Definitely by "SpamAssassin" filter, as ME's spam score High (960) is just showing information, and there is no action related to it, except if we create a global filter for it.

2. Actually what matter is the score Low/Medium/High, any number after it doesn't matter. As we can utilize Low/Medium/High to customize our global filter.

3. My guess is NO, as the "Fails SpamAssassin" Positive Weighting > Mark as Spam" in Spam protection only Add Header and does not move spam to Junk folder.

4. I really don't know the answer to this, my guess is it does not as that KB article could be outdated. Please kindly confirm.

5. I still can't figure out why Mailenable stripped out all the useful header added by default SpamAssassin action. Please kindly let us know.

6. It doesn't apply to default internal SpamAssassin integration, as it only apply to connecting to external SpamAssassin server.

7. I finally understand these are two different Bayes. ME's Bayesian is an important part in calculating the overall spam score, so it shouldn't be disabled. The only downside is two Bayes add loading to email server, so there is no harm to enable both, but training Spam/Ham will be done twice probably.

8. No it doesn't Mark as Spam and Add any header, so we still need to create a customized global filter to catering overall spam score (Low40/Medium60/High80)
Last edited by poweredge on Thu Jun 24, 2021 8:15 am, edited 1 time in total.

Post Reply