Completely disabling Spamassassin / Spamhaus


#1

I run a number of web apps and because I’m a masochist I choose to have all exceptions and other important system events emailed to me rather than just using a tool like Bugsnag. :slight_smile:

My approach has worked perfectly fine for years until recently when Google decided they would start marking system-generated emails as spam and, even worse, actually started dropping emails if the frequency was too high.

So I turned to mailinabox and all was good. I set up one obscure email address on one obscure domain and started happily receiving all of my exception emails. That was until one day when I stopped receiving emails because they were being marked as spam because of the Spamhaus SBLCSS.

Which brings me to my question: what do people think is the easiest way to completely whitelist a mail server in MiiB/Spamassassin? I realise this is 90% a spamassassin question, but I thought I would ask here for pointers anyway because you seem like quite a knowledgable bunch. :slight_smile:

Here are the things I have tried so far:

  1. Adding the mail server to /etc/postgrey/whitelist_clients. This is great because it stops the greylisting, but doesn’t seem to stop the mail being processed by spamassassin.

  2. Adding trusted networks/servers/addresses to /etc/spamassassin/local.cf using one or all of the trusted_networks, whitelist_from and whitelist_revd_from options.

  3. Changing the maxsize option in /etc/default/spampd to 0. (eg. ADDOPTS="--maxsize=0").

The third option seems to have done the trick, as there is no mention of spam scores in the incoming email headers any more and it appears from the mail logs as if spamassassin isn’t being called any more. This seems to have solved the problem, but of course it isn’t the ideal solution, because spammers will figure out my support email address eventually and will start spamming it.

The second option seems preferable because spam processing will still occur on all servers that aren’t in the white list. The problem is in the way that spamassassin actually deals with the white list. Rather than just skipping processing for all servers in the white list, it just seems to give them a -100 bonus, which means they’ll never be marked as spam by the internal filters.

HOWEVER: It looks like spamassassin will still send the email to spamhaus.org as part of its analysis and spamhaus seems to eventually decide that the email is spam, BLACK LISTS the IP address, tells spamassassin the IP address is on a black list and so spamassassin REJECTS the email! That is, it doesn’t just file it in the spam folder, it outright rejects it!

It seems highly counterintuitive that spamassassin could REJECT an email from a whitelisted mail server and the fact that it makes this decision based on a response from spamhaus that it caused by sending the emails from the whitelisted server to spamhaus in the first place is just crazy. And the upshot of all this is that now other email servers throughout the world will be rejecting emails from my web apps because MiiB/spamassassin essentially got my whitelisted email servers blacklisted for me. Awesome. :frowning:

Anyway, rant over… if anybody has any suggestions as to the best way to whitelist a server and avoid the issues with spamhaus they would be very much appreciated.


#2

Looking for an answer to this myself, having similar issues trying to send e-mails from local servers without domains, mainly for error notifications.


#3

I have been using option 3 ever since I wrote this post and it has been working fine. No more spamassassin, no more problems with spamhaus and no more getting my IP blacklisted. The only catch is that the installer will overwrite the manual change to the /etc/default/spampd file every time you upgrade, so you’ll need to remember to go and change ADDOPTS="–maxsize=2000" back to ADDOPTS="–maxsize=0" every time you run the installer. I ended up creating a soft link from the root folder to that file so that it was easy to remember which file I needed to edit each time.


#4

Did you have to reboot the server in order for this change to take effect? Changed the max size to 0 about an hour ago, and still seeing “blocked using spamhaus.org” show up in the logs every few mins. Example:

Dec 4 10:06:21 box postfix/smtpd[26159]: NOQUEUE: reject: RCPT from o4.pro.revue.email[168.245.104.220]: 554 5.7.1 Service unavailable; Client host [168.245.104.220] **blocked using zen.spamhaus.org** ; https://www.spamhaus.org/sbl/query/SBL423186; from=<bounces+7458214-3916-redacted=stoop.email@pro.revue.email> to=<redacted@stoop.email> proto=ESMTP helo=<o4.pro.revue.email>


#5

My usual process is as follows:

  1. Update mailinabox
  2. Edit the spamd config file to set maxsize=0
  3. Reboot the server

I figure a reboot is usually in order since many (if not all) of the services are probably updated with each upgrade anyway. Whilst you could probably be more selective about which services you restart, I would recommend simply rebooting instead, as it shouldn’t take more than a minute.