Spam filter inquiry

purdofolte · January 23, 2025, 2:58pm

Hi

I’m not sure if the spam filter is working or not, when I checked the spam filter rule in the mailbox it is set to move message to Inbox.spam. However there’s no spam folder created, only Junk folder.

And in dovecot configuration

mailbox Spam {
        auto = subscribe
        special_use = \Junk
    }
mailbox Junk {
        auto = no
        special_use = \Junk
    }

I checked several emails header in my inbox and didn’t find the below records although they are exist in EXIM configuration:

add_header     = X-Spam-Score: $spam_score_int
add_header     = X-Spam-Bar: $spam_bar
add_header     = X-Spam-Report: $spam_report
add_header     = X-Spam-Status: Yes

purdofolte · January 25, 2025, 12:38pm

Hi @sahsanu if you have time please

sahsanu · January 25, 2025, 3:21pm

Hi @purdofolte

Please, show the output of these commands:

dpkg -l | grep exim4
grep -i spam /etc/exim4/exim4.conf.template

If you are using Debian:

systemctl status spamd

If you are using Ubuntu:

systemctl status spamassassin

purdofolte · January 26, 2025, 9:51am

HYG

root@hcp:~#
root@hcp:~# dpkg -l | grep exim4
ii  exim4                                  4.93-13ubuntu1.12                            all          metapackage to ease Exim MTA (v4) installation
ii  exim4-base                             4.93-13ubuntu1.12                            arm64        support files for all Exim MTA (v4) packages
ii  exim4-config                           4.93-13ubuntu1.12                            all          configuration for the Exim MTA (v4)
ii  exim4-daemon-heavy                     4.93-13ubuntu1.12                            arm64        Exim MTA (v4) daemon with extended features, including exiscan-acl
root@hcp:~#
root@hcp:~#

root@hcp:~#
root@hcp:~# grep -i spam /etc/exim4/exim4.conf.template
SPAMASSASSIN = yes
SPAM_SCORE = 50
SPAM_REJECT_SCORE = 100
hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf
acl_smtp_connect = acl_check_spammers
.ifdef SPAMASSASSIN
spamd_address = 127.0.0.1 783
acl_check_spammers:
          hosts         = +spammers
.ifdef SPAMASSASSIN
  warn    condition     = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}}
warn    condition     = ${if exists {/etc/exim4/domains/$domain/reject_spam}{yes}{no}}
.ifdef SPAMASSASSIN
         spam           = debian-spamd:true/defer_ok
         add_header     = X-Spam-Score: $spam_score_int
         add_header     = X-Spam-Bar: $spam_bar
         add_header     = X-Spam-Report: $spam_report
         set acl_m2     = $spam_score_int
         condition      = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}}
         add_header     = X-Spam-Status: Yes
        message        = SpamAssassin detected spam (from $sender_address to $recipients).
  # Deny spam at high score if spam score > SPAM_REJECT_SCORE and delete_spam is enabled
  deny   message        = This message scored $spam_score spam points
          spam           = debian-spa d:true
          condition      = ${if >{$spam_score_int}{SPAM_REJECT_SCORE}{1}{0}}localuser_spam:
  transport = local_spam_delivery
      {eq{$acl_m_spam}{yes}} \
      {eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} \
local_spam_delivery:
  directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam"
root@hcp:~#
root@hcp:~#

root@hcp:~#
root@hcp:~# systemctl status spamassassin
● spamassassin.service - Perl-based s>     Loaded: loaded (/lib/systemd/sys>     Active: active (running) since S>    Process: 2796 ExecStart=/usr/sbin>   Main PID: 3304 (spamd)
      Tasks: 3 (limit: 9358)
     Memory: 90.5M
     CGroup: /system.slice/spamassass>             ├─3304 /usr/bin/perl -T >             ├─3635 spamd child
             └─3636 spamd child

sahsanu · January 26, 2025, 6:18pm

I see no obvious problem.

Are you testing it sending a mail from an external domain like gmail to one of your mail domains?
Did you enable anti-spam for your mail domain? (Replace YourUser and YourDomain with the actual data.)

v-list-mail-domain YourUser YourDomain json | jq -r 'to_entries[] | "\(.key): ANTISPAM=\(.value.ANTISPAM)"'

If you want an email to be marked as spam when testing your system, send an email to one of your mail users with exactly this body (it’s a spam test called GTUBE):

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

purdofolte · January 26, 2025, 9:18pm

sahsanu:

If you want an email to be marked as spam when testing your system, send an email to one of your mail users with exactly this body (it’s a spam test called GTUBE):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

I tried this way between internal users on hestia and the mail was received in inbox. I then sent an email from hotmail to hestia account and the email was rejected as below

Remote server returned '550 5.7.520 Message blocked because it contains content identified as spam. AS(4810)'

I would like that any email “internal or external” to land in Junk folder.

sahsanu · January 26, 2025, 10:27pm

I don’t know how to do what you want. I thought I did, but I’ve modified my Exim configuration and haven’t managed to achieve it, so I can’t help you with this.

purdofolte · January 26, 2025, 11:43pm

No worries. Thank you @sahsanu