SpamAssassin, OTRS, and Filtering...
Hello, I have SpamAssassin on my mail server. Anything that scores a 6.0 or higher is flagged as spam and "***SPAM***" gets added to the beginning of the subject line. I have tried numerous filtering techniques, including keeping a mail client (such as Thunderbird or MacMail) open to help take out the spam before OTRS gets it. This, while it has helped, can't possibly be the solution, I've got to be missing something. Right now, my Generic Agent filter for spam is as follows: If: Subject = [SPAM] X-Spam-Flag = Yes X-Spam-Status = Yes Then: X-OTRS-Ignore = Trash However, this doesn't help. I've tried changing Queues with it (i.e. X-OTRS-Queue = Trash), changed the "Subject" setting (i.e. Subject = [S][P][A][M], Subject = SPAM, Subject = "***SPAM***" - which turns out to be invalid) and other options that I just can't remember them anymore. I've been working on trying different tricks for the past 6 months (OTRS was implemented on 1/1/07) and I just can't think of anything else to try. I've read the following resources with no avail to a solution: http://doc.otrs.org/2.1/en/html/x1020.html http://doc.otrs.org/2.1/en/html/x1215.html#email-receiving-filter Does anyone have any suggestions? I'm open to try anything. Thank you so much! -Jeff
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jeff,
I have SpamAssassin on my mail server. Anything that scores a 6.0 or higher is flagged as spam and "***SPAM***" gets added to the beginning of the subject line. I have tried numerous filtering techniques, including keeping a mail client (such as Thunderbird or MacMail) open to help take out the spam before OTRS gets it. This, while it has helped, can't possibly be the solution, I've got to be missing something.
Right now, my Generic Agent filter for spam is as follows:
If: Subject = [SPAM] X-Spam-Flag = Yes X-Spam-Status = Yes
Then: X-OTRS-Ignore = Trash
...shouldn't X-OTRS-Ignore be set to 'yes' - more like this: X-OTRS-Ignore => 'yes', ...-just an idea. Anyway, have you tried to create a PostMaster filter in the admin-area (webinterface), it's more comfortable and should suite your requirement. I have a similar situation the filter setting looks like this: Match: Header 1: Subject Value: ***SPAM***(.*) Set: Header 1: X-OTRS-Queue Value: Junk ...or to stick with your example... Header 1: X-OTRS-Ignore Value: yes regards, Torsten Thau - -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 pgp-key: 0x292F987D fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFGY+abvXo8m5PgoXQRAg2IAKCCPX21n6ICSHE21aA7bYRPPDGUQACaAlZj Ox9acK5RHTT06H2X54xVkkU= =yR/D -----END PGP SIGNATURE-----
Hi Torsten, I do use the PostMaster filter, I don't know why I said Generic Agent. In any case, I tried the options you selected: Header 1: Subject Value: ***SPAM***(.*) But this returns "invalid" for the value. Is there a way to have OTRS take the value literal and not use the 'splat' as a wildcard? I use SME 7 for the mail server. So I do use qmail as well. Anything that scores a 12 or higher is automatically deleted. I have to be fairly forgiving with the limits because we have a lot of customers who's email from residential IP's. The sales team gets really mad when I lower the limits, so I keep them where they are to make them happy. :) Thanks again. -Jeff On Jun 4, 2007, at 3:17 AM, Torsten Thau wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Jeff,
I have SpamAssassin on my mail server. Anything that scores a 6.0 or higher is flagged as spam and "***SPAM***" gets added to the beginning of the subject line. I have tried numerous filtering techniques, including keeping a mail client (such as Thunderbird or MacMail) open to help take out the spam before OTRS gets it. This, while it has helped, can't possibly be the solution, I've got to be missing something.
Right now, my Generic Agent filter for spam is as follows:
If: Subject = [SPAM] X-Spam-Flag = Yes X-Spam-Status = Yes
Then: X-OTRS-Ignore = Trash
...shouldn't X-OTRS-Ignore be set to 'yes' - more like this:
X-OTRS-Ignore => 'yes',
...-just an idea. Anyway, have you tried to create a PostMaster filter in the admin-area (webinterface), it's more comfortable and should suite your requirement. I have a similar situation the filter setting looks like this:
Match: Header 1: Subject Value: ***SPAM***(.*)
Set: Header 1: X-OTRS-Queue Value: Junk ...or to stick with your example... Header 1: X-OTRS-Ignore Value: yes
regards, Torsten Thau
- -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 pgp-key: 0x292F987D fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFGY+abvXo8m5PgoXQRAg2IAKCCPX21n6ICSHE21aA7bYRPPDGUQACaAlZj Ox9acK5RHTT06H2X54xVkkU= =yR/D -----END PGP SIGNATURE----- _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
I think that I may have found the answer for those out there that use SpamAssassin. If you go to: SysConfig: Ticket -> Core::PostMaster You'll find that there are two pre-filter modules that are for SpamAssassin specifically. This allows you to set the settings that you'd like to do for all messages that SpamAssassin specifically flags. I set this up this morning and I've gotten a grand total of two spam messages into OTRS, I usually get about 150 during business hours and when I come in the next morning there would be about 200-400 more. I thought that I would share this with everyone. Thank you for your help Torsten. -Jeff On Jun 4, 2007, at 8:40 AM, Jeff Shepherd wrote:
Hi Torsten, I do use the PostMaster filter, I don't know why I said Generic Agent. In any case, I tried the options you selected:
Header 1: Subject Value: ***SPAM***(.*)
But this returns "invalid" for the value. Is there a way to have OTRS take the value literal and not use the 'splat' as a wildcard?
I use SME 7 for the mail server. So I do use qmail as well. Anything that scores a 12 or higher is automatically deleted. I have to be fairly forgiving with the limits because we have a lot of customers who's email from residential IP's. The sales team gets really mad when I lower the limits, so I keep them where they are to make them happy. :)
Thanks again.
-Jeff
On Jun 4, 2007, at 3:17 AM, Torsten Thau wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Jeff,
I have SpamAssassin on my mail server. Anything that scores a 6.0 or higher is flagged as spam and "***SPAM***" gets added to the beginning of the subject line. I have tried numerous filtering techniques, including keeping a mail client (such as Thunderbird or MacMail) open to help take out the spam before OTRS gets it. This, while it has helped, can't possibly be the solution, I've got to be missing something.
Right now, my Generic Agent filter for spam is as follows:
If: Subject = [SPAM] X-Spam-Flag = Yes X-Spam-Status = Yes
Then: X-OTRS-Ignore = Trash
...shouldn't X-OTRS-Ignore be set to 'yes' - more like this:
X-OTRS-Ignore => 'yes',
...-just an idea. Anyway, have you tried to create a PostMaster filter in the admin-area (webinterface), it's more comfortable and should suite your requirement. I have a similar situation the filter setting looks like this:
Match: Header 1: Subject Value: ***SPAM***(.*)
Set: Header 1: X-OTRS-Queue Value: Junk ...or to stick with your example... Header 1: X-OTRS-Ignore Value: yes
regards, Torsten Thau
- -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 pgp-key: 0x292F987D fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFGY+abvXo8m5PgoXQRAg2IAKCCPX21n6ICSHE21aA7bYRPPDGUQACaAlZj Ox9acK5RHTT06H2X54xVkkU= =yR/D -----END PGP SIGNATURE----- _______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jeff, Jeff Shepherd schrieb:
Header 1: Subject Value: ***SPAM***(.*)
But this returns "invalid" for the value.
...yes, you're right - I should have copy-pasted it rather than typed... Header 1: Subject Value: \*\*\*SPAM\*\*\*(.*) ...now, this works :) regards, Torsten Thau - -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 pgp-key: 0x292F987D fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFGZYGIvXo8m5PgoXQRArkrAJ47AxCeot84ygF+smHuqePT0O0XZACgiogt wsYvVadcHcMmgiT1wHqfAhs= =4iaw -----END PGP SIGNATURE-----
Jeff Shepherd wrote:
I have SpamAssassin on my mail server. Anything that scores a 6.0 or higher is flagged as spam and "***SPAM***" gets added to the beginning of the subject line. I have tried numerous filtering techniques, including keeping a mail client (such as Thunderbird or MacMail) open to help take out the spam before OTRS gets it. This, while it has helped, can't possibly be the solution, I've got to be missing something.
Right now, my Generic Agent filter for spam is as follows:
If: Subject = [SPAM] X-Spam-Flag = Yes X-Spam-Status = Yes
Then: X-OTRS-Ignore = Trash
However, this doesn't help. I've tried changing Queues with it (i.e. X-OTRS-Queue = Trash), changed the "Subject" setting (i.e. Subject = [S][P][A][M], Subject = SPAM, Subject = "***SPAM***" - which turns out to be invalid) and other options that I just can't remember them anymore. I've been working on trying different tricks for the past 6 months (OTRS was implemented on 1/1/07) and I just can't think of anything else to try.
I've read the following resources with no avail to a solution:
http://doc.otrs.org/2.1/en/html/x1020.html http://doc.otrs.org/2.1/en/html/x1215.html#email-receiving-filter
Does anyone have any suggestions? I'm open to try anything.
We run qmail with qmail-scanner and configured qmail-scanner to delete any mail with a SpamAssassin score over X. Works just fine. I don't know which MTA you're using, but I guess there's similar software available that allows you to specify when to delete mail. You could also take a look at procmail. Nils Breunese.
participants (3)
-
Jeff Shepherd -
Nils Breunese (Lemonbit Internet) -
Torsten Thau