Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: SA issue on email  (Read 3548 times)

d2d4j

  • Kitizen
  • ****
  • Posts: 1034
SA issue on email
« on: February 26, 2019, 07:53:39 PM »

Hi

I hope I have posted in correct area. Please move as needed

I am just letting those who use our platforms that we have received 2 reports of an issue with email

Support have identified this to SA, which was updated this morning and after just speaking with them, I said I would look when I am back later tonight (still have a couple of hours driving a head of me) or tomorrow morning

In the meantime, we have decided to turn off SA to allow email flows through

The issue is the new SA appears to be scoring very high, so most email was not been accepted.

This decision will mean some spam been allowed through (note Antivirus scanning is unaffected)

Please accept my apologies for this brief issue

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3929
Re: SA issue on email
« Reply #1 on: February 26, 2019, 08:00:31 PM »

Hi John,

I'm guessing SA is Spam Assasin. I've not noticed any issues, perhaps a facebook email in my spam but one could argue that belongs there.

Thanks for letting us know.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

atkinsong

  • Reg Member
  • ***
  • Posts: 119
Re: SA issue on email
« Reply #2 on: February 26, 2019, 10:01:38 PM »

Hi John. As you know, I was responsible for one of the problem reports this afternoon, so thank you very much for this update.
Logged
ISP:BT 80/20; Cab:ECI; Router:Draytek Vigor 2760

vic0239

  • Reg Member
  • ***
  • Posts: 436
Re: SA issue on email
« Reply #3 on: February 26, 2019, 10:07:36 PM »

... and I the second. Still not receiving some email and concerned that earlier rejections are lost!
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #4 on: February 26, 2019, 11:27:12 PM »

I've just (@23:00:07) received an email marked as spam with a score of 25.4. The email was from my NAS box to notify me of the availability of an App update. It's an email I receive fairly regularly and has never been marked as spam before. The headers show it has gone through Spam Assassin 3.4.2 (2018-09-13).

John, I'll PM you the full headers.
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #5 on: February 26, 2019, 11:29:58 PM »

Just spotted this in the headers in the X-Spam-Report section:

Code: [Select]
24 AWL AWL: Adjusted score from AWL reputation of From: address
Could somebody explain please?
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

d2d4j

  • Kitizen
  • ****
  • Posts: 1034
Re: SA issue on email
« Reply #6 on: February 26, 2019, 11:43:40 PM »

Hi

Sorry just arrived back but tired

@jelv - many thanks and if you look at header just received, you will see the figures do not add up

The earlier intervention appears to be working and I will have a think overnight and look at it tommorow refreshed sorry if thatís alright

@vic, I will pull of the log and let you know

It is a little strange though, as all appears to work lovely but the scores are way to high

I have also just emailed IW but I do know they are behind uk time, so will see tommorow

Once again I apologise for any inconvenience this has caused and we have acted very quickly from the 2 reports received this afternoon

Once fully resolved I will update the thread.

Many thanks

John
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #7 on: February 26, 2019, 11:45:54 PM »

Just seen another set of stupid headers for a Facebook notification email:

Code: [Select]
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on haveworx.co.uk
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=305.9 required=7.0 tests=AWL,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_FONT_LOW_CONTRAST,
HTML_MESSAGE,RDNS_NONE,SPF_HELO_PASS,UNPARSEABLE_RELAY,
USER_IN_DEF_DKIM_WL autolearn=disabled version=3.4.2
X-Spam-Report:
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM
*      white-list
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
*      identical to background
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
*      author's domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
*  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
*       valid
*  1.0 RDNS_NONE Delivered to internal network by a host with no rDNS
*  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
*      lines
* -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender
*  312 AWL AWL: Adjusted score from AWL reputation of From: address
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

d2d4j

  • Kitizen
  • ****
  • Posts: 1034
Re: SA issue on email
« Reply #8 on: February 26, 2019, 11:47:22 PM »

Hi jelv

Sorry soo tired so just realised you asked what awl is re SA

AWL Authorised white list and should not score that high

Many thanks

John
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #9 on: February 27, 2019, 08:07:08 AM »

In the meantime, we have decided to turn off SA to allow email flows through

SA still appears to be running as I've had further false positive emails overnight. One of these is an emails that I get every day from the overnight daily virus scan on my NAS box.

There is a very significant difference in the headers on the good email I received yesterday and the one I received this morning. (Apart from the date/time, the body of the emails is identical).

Yesterdays good email:
Quote
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on haveworx.co.uk
X-Spam-Level:
X-Spam-Status: No, score=0.9 required=7.0 tests=ALL_TRUSTED,HTML_MESSAGE,
   HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_MID autolearn=disabled
   version=3.4.2

Today's false positive:
Quote
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on haveworx.co.uk
X-Spam-Flag: YES
X-Spam-Level: *************
X-Spam-Status: Yes, score=13.1 required=7.0 tests=ALL_TRUSTED,AWL,HTML_MESSAGE,   <-------------
   HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_MID autolearn=disabled
   version=3.4.2
X-Spam-Report:
   * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
   *  0.0 HTML_MESSAGE BODY: HTML included in message
   *  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
   *  0.1 MISSING_MID Missing Message-Id: header
   *  0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
   *      tag
   *   12 AWL AWL: Adjusted score from AWL reputation of From: address

The update seems to have turned on AutoWhiteList and it is the high score that is giving that is causing the false positive.
« Last Edit: February 27, 2019, 08:10:50 AM by jelv »
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #10 on: February 27, 2019, 08:16:34 AM »

I've now compared headers on emails that are not being marked as spam and am consistently seeing the same difference. AWL was not in the string of tests before the update and it is now and they are now getting much higher scores (although not enough to be marked as spam).
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3929
Re: SA issue on email
« Reply #11 on: February 27, 2019, 08:19:51 AM »

I emptied my spam folder last night, this morning I have three emails in there that shouldn't be, one from my nas, one from Facebook and another.

At least I know to check in there.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #12 on: February 27, 2019, 08:20:16 AM »

Just found this:

The Auto-WhiteList
In March 2014 (rev 1579980), SpamAssassin introduced the TxRep plugin. The new plugin enhances the functionality of AWL, and works around some of its shortcomings.
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile

d2d4j

  • Kitizen
  • ****
  • Posts: 1034
Re: SA issue on email
« Reply #13 on: February 27, 2019, 08:28:41 AM »

Hi

@jelv and @ronski - many thanks

Yes I know AWL is appearing to score high mostly and AWL has been around for many years, even in the earlier version 3.3.2.

I am looking into this and the control panel has gone into a maintenance mode

I believe we had the earlier SA about right and the new SA, which upgraded 3.3.2 to 3.4.2 should not have changed the rules but it appears something is not right

If I cannot see why/whatís gone wrong I will open a ticket with IW, which I did email IW last night, but not heard back as yet

Many thanks

John
Logged

jelv

  • Helpful
  • Kitizen
  • *
  • Posts: 1711
Re: SA issue on email
« Reply #14 on: February 27, 2019, 08:36:01 AM »

John,

According to https://wiki.apache.org/spamassassin/TxRep, TxRep replaces AWL so shouldn't AWL be turned off (as it was before the upgrade)?
Logged
Line rental: Pulse8, Broadband: AAISP Home::1 FTTC 80/20, Mobile: id Mobile
Pages: [1] 2