Quote from: leonp on May 21, 2018, 11:17:40 AM
1. ok_languages. I set this variable in /etc/mail/spamassassin as:
ok_languages en he ru
and expected to see only these 3 languages, but still I receive 2-3 mails a day in Chinese, not to mention Turkish and Portugal...
When I open the mail headers I can see the UTF-8 encoding used.
Take a look at these emails' headers and at the logs (qpsmtpd, spamd)
[/quote]
Thank you for your reply.
Here is the mail in Chinese.
I don't see any criminals in the logs, but...
Here are the message headers:
X-Spam-Status: No, score=3.5 required=5.0 autolearn=disabled
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on extern.plris.com
X-Spam-Details: * 0.0 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML obfuscation
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
* 2.0 PYZOR_CHECK Listed in Pyzor (
http://pyzor.sf.net/)
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Level: ***
X-HELO: myql.com.cn
And here is the qpsmtpd log:
2018-05-24 13:22:28.148280500 7744 Accepted connection 0/40 from 192.168.255.2 / Unknown
2018-05-24 13:22:28.148808500 7744 Connection from Unknown [192.168.255.2]
2018-05-24 13:22:29.666510500 7744 (connect) earlytalker: pass, not spontaneous
2018-05-24 13:22:29.668089500 7744 (connect) relay: skip, no match
2018-05-24 13:22:29.668943500 7744 220 extern.plris.com ESMTP
2018-05-24 13:22:29.958136500 7744 dispatching EHLO myql.com.cn
2018-05-24 13:22:29.959641500 7744 (ehlo) helo: pass
2018-05-24 13:22:29.960658500 7744 250-plris.com Hi Unknown [192.168.255.2]
2018-05-24 13:22:29.960723500 7744 250-PIPELINING
2018-05-24 13:22:29.960778500 7744 250-8BITMIME
2018-05-24 13:22:29.960840500 7744 250-SIZE 15000000
2018-05-24 13:22:29.960899500 7744 250 STARTTLS
2018-05-24 13:22:30.245168500 7744 dispatching MAIL FROM: <luznednvv@myql.com.cn>
2018-05-24 13:22:44.263275500 7744 (mail) resolvable_fromhost: pass, myql.com.cn has MX at mail.myql.com.cn
2018-05-24 13:22:45.270253500 7744 (mail) sender_permitted_from: skip, tolerated, none, myql.com.cn: No applicable sender policy available
2018-05-24 13:22:45.270479500 7744 (mail) naughty: pass
2018-05-24 13:22:45.271068500 7744 (mail) badmailfrom: pass
2018-05-24 13:22:45.271443500 7744 250 <luznednvv@myql.com.cn>, sender OK - how exciting to get mail from you!
2018-05-24 13:22:45.555421500 7744 dispatching RCPT TO: <leonp@plris.com>
2018-05-24 13:22:45.557149500 7744 (rcpt) badrcptto: pass
2018-05-24 13:22:45.557327500 7744 (rcpt) check_goodrcptto: stripping '-' extensions
2018-05-24 13:22:45.559450500 7744 (rcpt) rcpt_ok: pass: plris.com in rcpthosts
2018-05-24 13:22:45.559681500 7744 250 <leonp@plris.com>, recipient ok
2018-05-24 13:22:45.843338500 7744 dispatching DATA
2018-05-24 13:22:45.843910500 7744 354 go ahead
2018-05-24 13:22:46.156190500 7744 spooling message to disk
2018-05-24 13:22:50.643701500 7749 Accepted connection 1/40 from 192.168.255.2 / Unknown
2018-05-24 13:23:21.661600500 7744 (data_post_headers) dkim: pass, no signature, neutral policy
2018-05-24 13:23:22.001237500 7744 (data_post_headers) dmarc: skip, no policy
2018-05-24 13:23:22.002529500 7744 (data_post) bogus_bounce: pass, not a null sender
2018-05-24 13:23:22.003548500 7744 (data_post) headers: pass
2018-05-24 13:23:22.003745500 7744 (data_post) naughty: pass
2018-05-24 13:23:26.970336500 7744 (data_post) spamassassin: error, reject disabled (Ham, 3.5, learn=disabled)
2018-05-24 13:23:28.435059500 7744 (data_post) virus::clamdscan: pass, clean
2018-05-24 13:23:28.435061500 7744 (queue) logging::logterse: ` 192.168.255.2 Unknown myql.com.cn <luznednvv@myql.com.cn> <leonp@plris.com> queued <20180524182248103136@myql.com.cn> No, score=3.5 required=5.0 autolearn=disable
2018-05-24 13:23:28.441339500 7757 (queue) queue::qmail_2dqueue: (for 7744) Queuing to /var/qmail/bin/qmail-queue
2018-05-24 13:23:28.632819500 7744 250 Queued! 1527157408 qp 7757 <20180524182248103136@myql.com.cn>
2018-05-24 13:23:28.931403500 7744 dispatching QUIT
2018-05-24 13:23:28.931406500 7744 221 plris.com closing connection. Have a wonderful day.
2018-05-24 13:23:28.931409500 7744 click, disconnecting
2018-05-24 13:23:29.690700500 1882 cleaning up after 7744
And here is spamd log:
2018-05-24 13:23:22.037043500 May 24 13:23:22.037 [22370] info: spamd: connection from 127.0.0.1 [127.0.0.1]:41142 to port 783, fd 4
2018-05-24 13:23:22.126186500 May 24 13:23:22.126 [22370] info: spamd: checking message <20180524182248103136@myql.com.cn> for qpsmtpd:1005
2018-05-24 13:23:26.965591500 May 24 13:23:26.965 [22370] info: spamd: clean message (3.5/5.0) for qpsmtpd:1005 in 4.9 seconds, 449063 bytes.
2018-05-24 13:23:26.965989500 May 24 13:23:26.966 [22370] info: spamd: result: . 3 - HTML_FONT_FACE_BAD,HTML_MESSAGE,HTML_OBFUSCATE_05_10,PYZOR_CHECK,RDNS_NONE scantime=4.9,size=449063,user=qpsmtpd,uid=1005,required_score=5.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=41142,mid=<20180524182248103136@myql.com.cn>,autolearn=disabled
2018-05-24 13:23:27.057440500 May 24 13:23:27.057 [2048] info: prefork: child states: II