[Mimedefang] Question about base install from FreeBSD pkg system

Thu Oct 11 15:51:07 EDT 2018

On 11 Oct 2018, at 14:09, John Von Essen wrote:

> Let me preface, I started using MD back in 2002, and ran several mail 
> systems with it. Then in 2012, I moved to google, and forgot all my SA 
> and MD stuff. I am now setting up a personal VM to run my website and 
> email, and will migrate off gmail. Server is FreeBSD with Sendmail.
>
> So I thought I would try to build everything from pkg’s in FreeBSD 
> 11. According to what I read, this is as simple as doing “pkg 
> install mimedefang”
>
> That single pkg includes all the perl module dependencies including 
> SpamAssassin.
>
> Then you rebuild sendmail.cf to include the milter.
>
> So I did all that, and the system appears to sort of be working. The 
> issue is, I don’t think SA is being called or utilized. There is no 
> Spam-Score, and also tried sending some test emails with words that 
> would trigger something (male body parts and drugs). I did run 
> sa-update and sa-compile.
>
> When I send a test email to the server, and look at the header, I see 
> this:
>
> From: John Von Essen <john at essenz.com>
> Content-Type: text/plain;
> 	charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
> Subject: Email from desktop
> Message-Id: <39B1454B-507A-4853-9815-639D4CE9F9A3 at essenz.com>
> Date: Thu, 11 Oct 2018 13:38:17 -0400
> To: root at essenz.tilaa.cloud
> X-Mailer: Apple Mail (2.3445.9.1)
> X-Scanned-By: MIMEDefang 2.83
>
> From Gmail account.
>
> And I see this in the servers maillog:
>
> Oct 11 17:43:58 essenz sm-mta[3566]: STARTTLS=server, 
> relay=mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20:0:0:0:731], 
> version=TLSv1.2, verify=FAIL, cipher=AES128-GCM-SHA256, bits=128/128
> Oct 11 17:43:58 essenz sm-mta[3566]: w9BHhvcu003566: 
> from=<john at essenz.com>, size=2342, class=0, nrcpts=1, 
> msgid=<39B1454B-507A-4853-9815-639D4CE9F9A3 at essenz.com>, proto=ESMTPS, 
> daemon=IPv6, relay=mail-qk1-x731.google.com 
> [IPv6:2607:f8b0:4864:20:0:0:0:731]
> Oct 11 17:43:58 essenz mimedefang.pl[3438]: w9BHhvcu003566: 
> MDLOG,w9BHhvcu003566,mail_in,,,<john at essenz.com>,<root at essenz.tilaa.cloud>,Email 
> from desktop
> Oct 11 17:43:58 essenz sm-mta[3566]: w9BHhvcu003566: Milter delete 
> (noop): header: X-Spam-Score
> Oct 11 17:43:58 essenz sm-mta[3566]: w9BHhvcu003566: Milter add: 
> header: X-Scanned-By: MIMEDefang 2.83
> Oct 11 17:43:58 essenz sm-mta[3567]: w9BHhvcu003566: 
> to=<root at essenz.tilaa.cloud>, delay=00:00:00, xdelay=00:00:00, 
> mailer=local, pri=32701, relay=local, dsn=2.0.0, stat=Sent
>
> Any ideas?

The log line coming from "mimedefang.pl[3438]" is proof that you have 
Sendmail configured to consult MD and the following 2 lines from 
"sm-mta[3566]" prove that MD is telling Sendmail to make changes to the 
message that can only come from code in the "mimedefang-filter" file. In 
the default mimedefang-filter in the FreeBSD package, the "Milter delete 
(noop): header: X-Spam-Score" line is the result of code that runs when 
the SA hits are below the spam threshold.

You appear to be bad at faking spam :)

One solution is GTUBE: the Generic Test for Unsolicited Bulk Email. The 
line below, with whitespace removed, should be seen by any spam filter 
as unequivocal spamsign:

XJS*C4JDBQADN1  .NSBN3*2IDNEN*  GTUBE-STANDARD-ANTI-UBE-  
TEST-EMAIL*C.34X

-- 
Bill Cole
bill at scconsult.com or billcole at apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steadier Work: https://linkedin.com/in/billcole