Group: netwin.surgemail
From: Chris Ferebee <cf@ferebee.net>
Subject: Re: [SurgeMail List] Spam filtering email retrieved via popfetch
Date: Tue, 13 Dec 2016 02:08:39 +0100

It took me a while to close the loop with the client on this.

We are running

	SurgeMail Version 7.2a-1, Built Jun  1 2016 09:35:50, Platform OSX_intel (OS X 10.7.5)

on the server in the branch office, which is retrieving all email for a domain via popfetch.

Here are sample headers:

From: Waldeburg Konstantin <michelina.darco@comune.baronissi.sa.it>
Reply-To: Waldeburg Konstantin <michelina.darco@comune.baronissi.sa.it>
Subject: =?iso-8859-1?Q?M=C3=B6chtest_du_eine_Sch=C3=B6nheit_beim_ersten_Date_fick?=
 =?iso-8859-1?Q?en=3F?=
Message-ID: <9c378c4bd1d69a4352663e23a097d7ee@www.harmoniecroissance.com>
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="b1_9c378c4bd1d69a4352663e23a097d7ee"
Content-Transfer-Encoding: 8bit
Return-Path: michelina.darco@comune.baronissi.sa.it
X-OriginalArrivalTime: 13 Dec 2016 00:52:55.0195 (UTC) FILETIME=[3D67CEB0:01D254DB]
X-X-Originating-IP: 37.186.217.132
X-Rcpt-To: <xxxxx>
X-SPAM-FLAG: Yes
X-X-SpamDetect: ********: 8.0 sd=8.0  0.87((!X-Verify-Helo:+OK),(X-myrbl:unknown)) [nnot=0,ng=0,nsum=0,nb=0,nw=0,4.82]
X-NotAscii: charset=iso-8859-1
X-LangGuess: German
X-X-MyRbl: Color=Unknown ip=37.186.217.132
X-IP-stats: No info recorded yet ip=37.186.217.132
Status: U
X-Originating-IP: 
X-Rcpt-To: <xxxxx>
X-Rcpt-Original: <xxxxx>
X-SpamContent: IsSpam
X-LangGuess: German
X-Probe: +OK skipped, known ip address
X-Phrase: IsSpam score=1.00

On the server in the branch office, the affected user has the following in his friend.rul:

move:Spam-Mail:X-X-Spam-Detect:********
move:Spam-Mail:X-Spam-Detect:********

These rules do not fire.

If I put in a rule such as

move:Spam-Mail:From:baduser@example.com

it fires as expected.

Best,
Chris


> Am 30.11.2016 um 07:25 schrieb surgemail-support <surgemail-support@netwinsite.com>:
> 
> I ran a test and had no problem making them work. What version of surgemail are you using?  Feel free to email support directly, surgemail-support@netwinsite.com
> 
>    ChrisP
> 
> 
> On 29/11/2016 11:32 a.m., surgemail-list@netwinsite.com wrote:
>> I tried that, but the rule doesn’t appear to fire. I couldn’t get any filter rules to fire, so I was wondering whether they are applied at all to messages retrieved via popfetch. How can I debug that?
>> 
>> Chris
>> 
>>> Am 28.11.2016 um 23:28 schrieb surgemail-support <surgemail-support@netwinsite.com>:
>>> 
>>> I believe you can do this by adding a filter rule in the destination users account, set it to move a message with header
>>> 
>>> X-X-SpamDetect
>>> 
>>> containing
>>> 
>>> ********
>>> 
>>> to the spam folder.
>>> 
>>>    ChrisP.
>>> 
>>> On 28/11/2016 6:25 a.m., Chris Ferebee wrote:
>>>> I have a setup with a colocated SurgeMail server that handles email for multiple clients, and one client who runs his own SurgeMail server in his office.
>>>> 
>>>> The secondary server retrieves email for its domain via popfetch.
>>>> 
>>>> On the primary server, I have g_spam_subject set to 10 and mostly rely on zen.spamhaus.org to block spam.
>>>> 
>>>> On the secondary server, the client is complaining about a high level of spam which is originating from systems not easily blocked by any RBL, so we would like to use the Quarantine mechanism on his office server.
>>>> 
>>>> However, when I enable it, while it does quarantine messages containing a Spam:(10-asterisks) subject prefix as inserted by my primary server, I can’t get the Quarantine feature to filter messages with a score of 8 or higher, which is what we would like to achieve.
>>>> 
>>>> The headers of messages on the secondary server have no X-SpamDetect: line, instead I see  X-X-SpamDetect:. I suspect this is rewritten during popfetch?
>>>> 
>>>> How can I get the secondary server to apply its Quarantine rules based on the score listed in the X-X-SpamDetect: header line?
>>>> 
>>>> Thanks,
>>>> Chris
>>> 
>> 
> 
> 



From: surgemail-support <surgemail-support@netwinsite.com>
Date: Wed, 14 Dec 2016 14:14:46 +1300

I found a bug related to this issue, we'll send you a new binary shortly.

     ChrisP.



On 13/12/2016 2:08 p.m., Chris Ferebee wrote:
> It took me a while to close the loop with the client on this.
>
> We are running
>
> 	SurgeMail Version 7.2a-1, Built Jun  1 2016 09:35:50, Platform OSX_intel (OS X 10.7.5)
>
> on the server in the branch office, which is retrieving all email for a domain via popfetch.
>
> Here are sample headers:
>
> From: Waldeburg Konstantin <michelina.darco@comune.baronissi.sa.it>
> Reply-To: Waldeburg Konstantin <michelina.darco@comune.baronissi.sa.it>
> Subject: =?iso-8859-1?Q?M=C3=B6chtest_du_eine_Sch=C3=B6nheit_beim_ersten_Date_fick?=
>   =?iso-8859-1?Q?en=3F?=
> Message-ID: <9c378c4bd1d69a4352663e23a097d7ee@www.harmoniecroissance.com>
> X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="b1_9c378c4bd1d69a4352663e23a097d7ee"
> Content-Transfer-Encoding: 8bit
> Return-Path: michelina.darco@comune.baronissi.sa.it
> X-OriginalArrivalTime: 13 Dec 2016 00:52:55.0195 (UTC) FILETIME=[3D67CEB0:01D254DB]
> X-X-Originating-IP: 37.186.217.132
> X-Rcpt-To: <xxxxx>
> X-SPAM-FLAG: Yes
> X-X-SpamDetect: ********: 8.0 sd=8.0  0.87((!X-Verify-Helo:+OK),(X-myrbl:unknown)) [nnot=0,ng=0,nsum=0,nb=0,nw=0,4.82]
> X-NotAscii: charset=iso-8859-1
> X-LangGuess: German
> X-X-MyRbl: Color=Unknown ip=37.186.217.132
> X-IP-stats: No info recorded yet ip=37.186.217.132
> Status: U
> X-Originating-IP:
> X-Rcpt-To: <xxxxx>
> X-Rcpt-Original: <xxxxx>
> X-SpamContent: IsSpam
> X-LangGuess: German
> X-Probe: +OK skipped, known ip address
> X-Phrase: IsSpam score=1.00
>
> On the server in the branch office, the affected user has the following in his friend.rul:
>
> move:Spam-Mail:X-X-Spam-Detect:********
> move:Spam-Mail:X-Spam-Detect:********
>
> These rules do not fire.
>
> If I put in a rule such as
>
> move:Spam-Mail:From:baduser@example.com
>
> it fires as expected.
>
> Best,
> Chris
>
>
>> Am 30.11.2016 um 07:25 schrieb surgemail-support <surgemail-support@netwinsite.com>:
>>
>> I ran a test and had no problem making them work. What version of surgemail are you using?  Feel free to email support directly, surgemail-support@netwinsite.com
>>
>>     ChrisP
>>
>>
>> On 29/11/2016 11:32 a.m., surgemail-list@netwinsite.com wrote:
>>> I tried that, but the rule doesn’t appear to fire. I couldn’t get any filter rules to fire, so I was wondering whether they are applied at all to messages retrieved via popfetch. How can I debug that?
>>>
>>> Chris
>>>
>>>> Am 28.11.2016 um 23:28 schrieb surgemail-support <surgemail-support@netwinsite.com>:
>>>>
>>>> I believe you can do this by adding a filter rule in the destination users account, set it to move a message with header
>>>>
>>>> X-X-SpamDetect
>>>>
>>>> containing
>>>>
>>>> ********
>>>>
>>>> to the spam folder.
>>>>
>>>>     ChrisP.
>>>>
>>>> On 28/11/2016 6:25 a.m., Chris Ferebee wrote:
>>>>> I have a setup with a colocated SurgeMail server that handles email for multiple clients, and one client who runs his own SurgeMail server in his office.
>>>>>
>>>>> The secondary server retrieves email for its domain via popfetch.
>>>>>
>>>>> On the primary server, I have g_spam_subject set to 10 and mostly rely on zen.spamhaus.org to block spam.
>>>>>
>>>>> On the secondary server, the client is complaining about a high level of spam which is originating from systems not easily blocked by any RBL, so we would like to use the Quarantine mechanism on his office server.
>>>>>
>>>>> However, when I enable it, while it does quarantine messages containing a Spam:(10-asterisks) subject prefix as inserted by my primary server, I can’t get the Quarantine feature to filter messages with a score of 8 or higher, which is what we would like to achieve.
>>>>>
>>>>> The headers of messages on the secondary server have no X-SpamDetect: line, instead I see  X-X-SpamDetect:. I suspect this is rewritten during popfetch?
>>>>>
>>>>> How can I get the secondary server to apply its Quarantine rules based on the score listed in the X-X-SpamDetect: header line?
>>>>>
>>>>> Thanks,
>>>>> Chris
>>
>



From: Chris Ferebee <cf@ferebee.net>
Date: Tue, 3 Jan 2017 22:15:53 +0100

For the peanut gallery=E2=80=A6 :)

To filter based on spam score when email is retrieved from another =
SurgeMail server via popfetch, check for the X-X-SpamDetect header line =
as mentioned below by ChrisP. Specifically, to move email with a spam =
score of 8.0 or higher to a mailbox "Spam-Mail", use

move:Spam-Mail:X-X-SpamDetect:********

in the user's friend.rul file.

I had tried this, but it wasn't working for me due to a bug. The bug is =
fixed as of specials build 7.2f-2, and now filtering is working as =
expected. Thanks for the great support as always!

Best,
Chris

> Am 30.11.2016 um 22:44 schrieb Eric Vey <junker@ericvey.com>:
>=20
> If everything is handled directly, the peanut gallery doesn't learn
> anything. . .  Unless somebody writes up a little summary telling us =
what
> happened.
>=20
> Eric Vey
>=20
>=20
> On November 30, 2016 1:25:52 AM surgemail-support
> <surgemail-support@netwinsite.com> wrote:
>=20
>> I ran a test and had no problem making them work. What version of
>> surgemail are you using?  Feel free to email support directly,
>> surgemail-support@netwinsite.com
>>=20
>>     ChrisP
>>=20
>>=20
>> On 29/11/2016 11:32 a.m., surgemail-list@netwinsite.com wrote:
>>> I tried that, but the rule doesn=E2=80=99t appear to fire. I =
couldn=E2=80=99t get any
>>> filter rules to fire, so I was wondering whether they are applied at =
all to
>>> messages retrieved via popfetch. How can I debug that?
>>>=20
>>> Chris
>>>=20
>>>> Am 28.11.2016 um 23:28 schrieb surgemail-support
>>>> <surgemail-support@netwinsite.com>:
>>>>=20
>>>> I believe you can do this by adding a filter rule in the =
destination users
>>>> account, set it to move a message with header
>>>>=20
>>>> X-X-SpamDetect
>>>>=20
>>>> containing
>>>>=20
>>>> ********
>>>>=20
>>>> to the spam folder.
>>>>=20
>>>>    ChrisP.
>>>>=20
>>>> On 28/11/2016 6:25 a.m., Chris Ferebee wrote:
>>>>> I have a setup with a colocated SurgeMail server that handles =
email for
>>>>> multiple clients, and one client who runs his own SurgeMail server =
in his
>>>>> office.
>>>>>=20
>>>>> The secondary server retrieves email for its domain via popfetch.
>>>>>=20
>>>>> On the primary server, I have g_spam_subject set to 10 and mostly =
rely on
>>>>> zen.spamhaus.org to block spam.
>>>>>=20
>>>>> On the secondary server, the client is complaining about a high =
level of
>>>>> spam which is originating from systems not easily blocked by any =
RBL, so we
>>>>> would like to use the Quarantine mechanism on his office server.
>>>>>=20
>>>>> However, when I enable it, while it does quarantine messages =
containing a
>>>>> Spam:(10-asterisks) subject prefix as inserted by my primary =
server, I
>>>>> can=E2=80=99t get the Quarantine feature to filter messages with a =
score of 8 or
>>>>> higher, which is what we would like to achieve.
>>>>>=20
>>>>> The headers of messages on the secondary server have no =
X-SpamDetect: line,
>>>>> instead I see  X-X-SpamDetect:. I suspect this is rewritten during =
popfetch?
>>>>>=20
>>>>> How can I get the secondary server to apply its Quarantine rules =
based on
>>>>> the score listed in the X-X-SpamDetect: header line?
>>>>>=20
>>>>> Thanks,
>>>>> Chris
>>>>=20
>>>=20
>>=20
>>=20
>=20
>=20
>=20



From: Russ <russ@worldprism.net>
Date: Tue, 3 Jan 2017 12:49:34 -0900

Thanks from the peanut gallery. :)

Marshmallows to follow. ;)

> On Jan 3, 2017, at 12:15 PM, Chris Ferebee <cf@ferebee.net> wrote:
>=20
> For the peanut gallery=E2=80=A6 :)
>=20
> To filter based on spam score when email is retrieved from another SurgeMa=
il server via popfetch, check for the X-X-SpamDetect header line as mentione=
d below by ChrisP. Specifically, to move email with a spam score of 8.0 or h=
igher to a mailbox "Spam-Mail", use
>=20
> move:Spam-Mail:X-X-SpamDetect:********
>=20
> in the user's friend.rul file.
>=20
> I had tried this, but it wasn't working for me due to a bug. The bug is fi=
xed as of specials build 7.2f-2, and now filtering is working as expected. T=
hanks for the great support as always!
>=20
> Best,
> Chris
>=20
>> Am 30.11.2016 um 22:44 schrieb Eric Vey <junker@ericvey.com>:
>>=20
>> If everything is handled directly, the peanut gallery doesn't learn
>> anything. . .  Unless somebody writes up a little summary telling us what=

>> happened.
>>=20
>> Eric Vey
>>=20
>>=20
>> On November 30, 2016 1:25:52 AM surgemail-support
>> <surgemail-support@netwinsite.com> wrote:
>>=20
>>> I ran a test and had no problem making them work. What version of
>>> surgemail are you using?  Feel free to email support directly,
>>> surgemail-support@netwinsite.com
>>>=20
>>>    ChrisP
>>>=20
>>>=20
>>>> On 29/11/2016 11:32 a.m., surgemail-list@netwinsite.com wrote:
>>>> I tried that, but the rule doesn=E2=80=99t appear to fire. I couldn=E2=80=
=99t get any
>>>> filter rules to fire, so I was wondering whether they are applied at al=
l to
>>>> messages retrieved via popfetch. How can I debug that?
>>>>=20
>>>> Chris
>>>>=20
>>>>> Am 28.11.2016 um 23:28 schrieb surgemail-support
>>>>> <surgemail-support@netwinsite.com>:
>>>>>=20
>>>>> I believe you can do this by adding a filter rule in the destination u=
sers
>>>>> account, set it to move a message with header
>>>>>=20
>>>>> X-X-SpamDetect
>>>>>=20
>>>>> containing
>>>>>=20
>>>>> ********
>>>>>=20
>>>>> to the spam folder.
>>>>>=20
>>>>>   ChrisP.
>>>>>=20
>>>>>> On 28/11/2016 6:25 a.m., Chris Ferebee wrote:
>>>>>> I have a setup with a colocated SurgeMail server that handles email f=
or
>>>>>> multiple clients, and one client who runs his own SurgeMail server in=
 his
>>>>>> office.
>>>>>>=20
>>>>>> The secondary server retrieves email for its domain via popfetch.
>>>>>>=20
>>>>>> On the primary server, I have g_spam_subject set to 10 and mostly rel=
y on
>>>>>> zen.spamhaus.org to block spam.
>>>>>>=20
>>>>>> On the secondary server, the client is complaining about a high level=
 of
>>>>>> spam which is originating from systems not easily blocked by any RBL,=
 so we
>>>>>> would like to use the Quarantine mechanism on his office server.
>>>>>>=20
>>>>>> However, when I enable it, while it does quarantine messages containi=
ng a
>>>>>> Spam:(10-asterisks) subject prefix as inserted by my primary server, I=

>>>>>> can=E2=80=99t get the Quarantine feature to filter messages with a sc=
ore of 8 or
>>>>>> higher, which is what we would like to achieve.
>>>>>>=20
>>>>>> The headers of messages on the secondary server have no X-SpamDetect:=
 line,
>>>>>> instead I see  X-X-SpamDetect:. I suspect this is rewritten during po=
pfetch?
>>>>>>=20
>>>>>> How can I get the secondary server to apply its Quarantine rules base=
d on
>>>>>> the score listed in the X-X-SpamDetect: header line?
>>>>>>=20
>>>>>> Thanks,
>>>>>> Chris
>>>>>=20
>>>>=20
>>>=20
>>>=20
>>=20
>>=20
>>=20
>=20
>=20