Issue SpamAssassin blacklists have no effect on incoming mail

[Bitpalast]

Server operating system version

Alma 8

Plesk version and microupdate number

18.0.66 #2, but previous versions, too

Spamassassin is turned on with individual settings per mailbox.
For the mailbox in question, Spamassassin is turned on.
The blacklist contains entries like *@somedomain.tld.
The incoming mail is small enough that is is being handled by Spamassassin.
The sender is not whitelisted, neither in the individual settings, nor server-wide.

But all mails are delivered, including mails from somedomain.tld which is on the blacklist.
I can see in the maillog, that Spamassassin is asked by the mail server to handle the mail, but it returns a "PASS", although the sender domain is in the blacklist.

What could be the problem?

 

[Kaspar]

Is the SpamAssassin blacklist rule listed in the header (USER_IN_BLACKLIST or USER_IN_BLOCKLIST) of the email?

 

[Bitpalast]

X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on <hostname>
X-Spam-Level:  
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, 
    DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE, 
    RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, 
    RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, 
    SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED 
    autolearn=ham autolearn_force=no version=3.4.6

 

[Kaspar]

Does the /var/qmail/mailnames/example.com/mailbox_name/.spamassassin/user_prefs file exists and does it contain the blacklisted entry?

If it does, does restarting SpamAssassin sudo /usr/local/psa/admin/bin/spammng --restart fixes the issue?

 

[Kaspar]

Also, there might be the slightest possibility that the option the "Apply individual settings to spam filtering" isn't actually enabled even when it's checked (enabled) on the T&S > Spam Filter settings page. But I can't for the life of me figure out where on the server that specific configuration is actually stored.

 

[Achim Drees]

URIBL_BLOCKED!!!

 

[Bitpalast]

Does the /var/qmail/mailnames/example.com/mailbox_name/.spamassassin/user_prefs file exists and does it contain the blacklisted entry?

Yes.

If it does, does restarting SpamAssassin sudo /usr/local/psa/admin/bin/spammng --restart fixes the issue?

No.

Spamassassin becomes active, but it completely ignores the blacklist:

Jan 21 23:27:21 lahn spamd[3673607]: spamd: connection from 127.0.0.1 [127.0.0.1]:34050 to port 783, fd 5
Jan 21 23:27:21 lahn spamd[3673607]: spamd: using default config for [email protected]: /var/qmail/mailnames/recipient.tld/d_s/.spamassassin/user_prefs
Jan 21 23:27:21 lahn spamd[3673607]: spamd: processing message <trinity-4b6b9485-90e6-4ec2-a859-6facf50f4d64-1737498441023@msvc-mesg-web007> for [email protected]:30
Jan 21 23:27:21 lahn spamd[3673607]: spamd: clean message (0.5/2.0) for [email protected]:30 in 0.3 seconds, 3417 bytes.
Jan 21 23:27:21 lahn spamd[3673607]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_NONE,SPF_PASS scantime=0.3,size=3417,[email protected],uid=30,required_score=2.0,rhost=127.0.0.1,raddr=127.0.0.1,rport=34050,mid=<trinity-4b6b9485-90e6-4ec2-a859-6facf50f4d64-1737498441023@msvc-mesg-web007>,autolearn=no autolearn_force=no
Jan 21 23:27:21 lahn postfix-local[3675621]: 520D227C27FD: spam: stderr: PASS

The recipient's mail address is "d&s@...", so at first I thought this is a problem for Spamassassin, but Sebahat meant, the team could not reproduce it, so I guess we can rule that aspect out.

 

[Bitpalast]

... ok ... I do see this though:

... ient.tld,uid=30,required_score=2.0,rhost=127.0.0.1,raddr= ...

and that required score comes from the general server default value, not from the customer's mailbox setting. So there seems to be a chance that the individual setting is indeed not applied for that mailbox, but the server setting is. And in the server there is no blacklist.