RE: [Mimedefang] compare mimedefang to mailscanner
> > > I have been using mimedefang for a couple of years now and just today > > ran across the mailscanner program. On first glance it appears that the > > 2 do about the same thing. Have some of the experts here tried both of > > these and have a comparison as to how they differ? Is it worth my while > > to spend time trying to configure mailscanner? > > The biggest difference between the two is that MIMEDefang, being a milter, > can act on a message DURING the original SMTP conversation thus allowing > rejections, grey/black/whitelisting, and other actions to be taken before > the entire message is even accepted. > > If you REJECT a connection while it is in progress, there's no need to > generate a separate bounce notification after the fact, which will likely > just clog up your outbound mail queue. You just send a rejection to the > connecting server, and drop the connection, effectively slamming > the door on > the spammer. > This brings up the mail reason I'm not using MailScanner. Mail rejected during the SMTP conversation goes back to the sending server. Mail bounced afterwards goes wherever the spammer wants it to go. Google 'backscatter spam'. -- Tim Boyer Director Information Systems and Engineering Projects Denman Tire Corporation [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Spamassassin detailed score in message header
> Actually, somebody had a quite similar question recently ;-( > > have a look at this thread: > http://marc.theaimsgroup.com/?t=11646654946&r=1&w=2 > > hope that helps! Certainly does. I searched the archives, but missed this thread. Thanks much! -- tim -- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Spamassassin detailed score in message header
action_change_header("X-Spam-Score", "$hits ($score) $names");
works great, and gives me the total score. It would be great, however, if I
could get more detail, e.g.,
X-Spam-Score: 8.152 () AWL,BAYES_99 (5.38),DCC_CHECK
(2.10),DNS_FROM_RFC_ABUSE (0.32),DNS_FROM_RFC_POST (0.22),FORGED_RCVD_HELO
(1.23),UNDISC_RECIPS (0.01)
Is there an easy way to do this? Or could someone point me to where it's
spelled out in excruciating detail in the docs and I missed it completely?
Thanks much,
--
Tim Boyer
Director IT and Engineering Projects
Denman Tire Corporation
(330) 675-4249
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Scoring inconsistency question
I've been using MIMEDefang / SpamAssassin for years. I'm running 3.1.6 on a Red Hat box, and 99% of the time, all is well. Last week I added a rule to tag those annoying .gif pump-and-dump emails. Nothing fancy: rawbody IMG_SRC_CID /src\=(\"c|c)id\:/i score IMG_SRC_CID 2.0 Most of the time it works fine. However, occasionally, I'll get an email that ONLY sees that rule. I'm using MimeDefang to rewrite the headers, and all it shows is X-Spam-Score: 2 (**) IMG_SRC_CID But when I do a spamassassin --debughttp://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Inconsistent scoring problem
I've been using SA for years. I'm running 3.1.6 on a Red Hat box, and 99% of the time, all is well. Last week I added a rule to tag those annoying .gif pump-and-dump emails. Nothing fancy: rawbody IMG_SRC_CID /src\=(\"c|c)id\:/i score IMG_SRC_CID 2.0 Most of the time it works fine. However, occasionally, I'll get an email that ONLY sees that rule. I'm using MimeDefang to rewrite the headers, and all it shows is X-Spam-Score: 2 (**) IMG_SRC_CID But when I do a spamassassin --debughttp://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Thu, 05 Jan 2006 08:32:35 -0500, "David F. Skoll" <[EMAIL PROTECTED]> wrote: >Tim Boyer wrote: > >> That was it. Thanks much - and I'll submit a bug report. The default filter >> won't work, either. > >Sure it will. action_drop_with_warning can have a multiline message, but >action_bounce can't. > >My mistake if I misled you with my previous mail. > >Regards, > >David. > Ah - that make sense. I _thought_ it was rather odd that I was the first person to notice this! :) Thanks much... -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Wed, 04 Jan 2006 21:17:04 -0500, "David F. Skoll" <[EMAIL PROTECTED]>
wrote:
>Tim Boyer wrote:
>
>> return action_drop_with_warning("\n.\n\n");
>
>[...]
>
>> I've changed action_drop_with_warning to action_bounce.
>
>> Instead of bouncing, however, I'm getting the set_reply returned
>> MI_FAILURE in logs, and the message is not being rejected.
>
>You can't have newlines ("\n") in the text part of a bounce message.
>That's probably the problem.
That was it. Thanks much - and I'll submit a bug report. The default filter
won't work, either.
--
tim boyer
[EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Wed, 04 Jan 2006 21:17:04 -0500, "David F. Skoll" <[EMAIL PROTECTED]>
wrote:
>Tim Boyer wrote:
>
>> return action_drop_with_warning("\n.\n\n");
>
>[...]
>
>> I've changed action_drop_with_warning to action_bounce.
>
>> Instead of bouncing, however, I'm getting the set_reply returned
>> MI_FAILURE in logs, and the message is not being rejected.
>
>You can't have newlines ("\n") in the text part of a bounce message.
>That's probably the problem.
David, I'll give that a try - thanks much! But just FYI, that's what's in the
stock mimedefang-filter in 2.54:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
action_notify_administrator("A MULTIPART attachment of type $type,
named $fname was dropped.\n");
return action_drop_with_warning("An attachment of type $type, named
$fname was removed from this document as it\nconstituted a security hazard. If
yourequire this document, please contact\nthe sender and arrange an alternate
means of receiving it.\n");
}
# eml is bad if it's not message/rfc822
if (re_match($entity, '\.eml') and ($type ne "message/rfc822")) {
md_graphdefang_log('non_rfc822',$fname);
return action_drop_with_warning("A non-message/rfc822 attachment named
$fname was removed from this document as it\nconstituted a security hazard. If
you require this document, please contact\nthe sender and arrange an alternate
means of receiving it.\n");
}
--
tim boyer
[EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] set_reply returned MI_FAILURE
I've been running MIMEDefang for a while, but just recently started filtering
for bad filenames. I'm using the stock mimedefang-filter example file, with
one exception: rather than drop_with_warning here:
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nconstituted a security hazard. If you require this
document, please contact\nthe sender and arrange an alternate means of
receiving it.\n");
}
I've changed action_drop_with_warning to action_bounce.
Instead of bouncing, however, I'm getting the set_reply returned MI_FAILURE in
logs, and the message is not being rejected.
Jan 4 17:12:37 melbourne mimedefang.pl[10488]:
MDLOG,k04MCZHG013872,bad_filename,autoexec.crt,application/x-x509-ca-cert,<[EMAIL
PROTECTED]>,<[EMAIL PROTECTED]>,
Jan 4 17:12:37 melbourne mimedefang.pl[10488]: filter: k04MCZHG013872:
bounce=1
Jan 4 17:12:37 melbourne mimedefang[24489]: k04MCZHG013872: Bouncing because
filter instructed us to
Jan 4 17:12:37 melbourne mimedefang[24489]: k04MCZHG013872: set_reply returned
MI_FAILURE
It's doing everything absolutely correctly until that last failure.
I've got no idea what I'm doing wrong here - any help is appreciated. Thanks
much...
--
tim boyer
[EMAIL PROTECTED]
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] canonicalize_email error
I tried putting in one of the subroutines that David presented at the Lisa '03 session. It's got the line $recipient = canonicalize_email($recipient); in filter_recipient. But when I run it, I get this in the logs: May 4 21:57:52 melbourne mimedefang-multiplexor[3916]: Slave 0 stderr: Undefined subroutine &main::canonicalize_email called at /etc/mail/mimedefang-filter line 245, line 6. Have I typed it wrong? Spelled it wrong? -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: syslog: invalid level/facility
On Mon, 07 Feb 2005 09:48:13 -0500, "Dave O'Neill" <[EMAIL PROTECTED]> wrote: >Tim Boyer wrote: >> I'm getting the following in the log file when receiving mail: >> >> Feb 6 21:10:32 tolstoy mimedefang-multiplexor[28288]: Slave 0 >> stderr:syslog: invalid level/facility: good at >> /usr/local/bin/mimedefang.pl line 553 > >The error "invalid level/facility: good" is the clue here. It looks >like somewhere in your filter, md_syslog() is being called with a first >argument of "good". This will fail, as there's no such log level. > >Cheers, >Dave Hmm. Absolutely correct. But I wonder why it's working on the 2.44 system, and fails on the 2.49? Ah, well - sometime when I get really bored, I'll find out. In the meantime, that fixed it. Thanks much, Dave! -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] syslog: invalid level/facility
I'm getting the following in the log file when receiving mail:
Feb 6 21:10:32 tolstoy mimedefang-multiplexor[28288]: Slave 0
stderr:syslog: invalid level/facility: good at
/usr/local/bin/mimedefang.pl line 553
That's in the middle of the md_syslog routine. I made sure
Unix::Syslog was installed and up to date. It looks like it's failing
on the line
syslog($facility, "%s", $msg);
This is a reinstall on a RHE3 machine - we moved machines, and went
from 2.44 to 2.49. Syslog-ng.conf and the other configuration files
are identical to a known good working 2.44 system.
Commenting out
if ($Features{"Unix::Syslog"}) {
my $num_fac = convert_log_facility_to_number($facility);
syslog($num_fac, "%s", $msg);
} else {
syslog($facility, "%s", $msg);
}
allows the system to receive mail - but is not, I understand, an
optimal solution.
Thanks much for any assistance...
--
Tim Boyer
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Sun, 14 Nov 2004 08:54:55 -0500, "Kevin A. McGrail" <[EMAIL PROTECTED]> wrote: >> Ah! I forgot. >> >> I'm accessing this list thorugh gmane.mail.mimedefang. It lets you >> access mailing lists as if they were usenet groups, complete with >> threading, etc. >> >> So of course, you're seeing these posts as though they're running >> through an nntp mailer. It's merely because they are. :) >> >> I've copied both of you with a copy of this message running through my >> 'real' mailer. > >Well, just trying to solve the mystery of the original content type header >and I've exhausted my ideas if gmane isn't the culprit. > >Regards, >KAM Thanks for the ideas. I'll keep at it. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 12 Nov 2004 12:22:38 -0500, Jeff Rife <[EMAIL PROTECTED]> wrote: >On 12 Nov 2004 at 8:52, Kevin A. McGrail wrote: > >> Well your emails are the only emails that show up in my inbox with newsgroup >> features ;-) And I'm pretty sure I'm not nuts because I can definitely see >> headers like this: >> >> X-Complaints-To: [EMAIL PROTECTED] >> X-Gmane-NNTP-Posting-Host: dhcp065-025-111-053.neo.rr.com >> X-Newsreader: Forte Agent 2.0/32.652 > >Same headers here, so it's not something on your end. Ah! I forgot. I'm accessing this list thorugh gmane.mail.mimedefang. It lets you access mailing lists as if they were usenet groups, complete with threading, etc. So of course, you're seeing these posts as though they're running through an nntp mailer. It's merely because they are. :) I've copied both of you with a copy of this message running through my 'real' mailer. Sorry about the confusion... -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Wed, 10 Nov 2004 08:28:08 -0500, "Kevin A. McGrail" <[EMAIL PROTECTED]> wrote: >Tim, > >Your emails come through what looks to me like an NNTP to SMTP conversion >system. Is that possibly munging your headers? > >Regards, >KAM > Shouldn't be - it's straight Sendmail Switch. No nntp around. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Mon, 8 Nov 2004 17:02:19 -0800, <[EMAIL PROTECTED]> wrote: >Tim Boyer wrote: >> On Fri, 5 Nov 2004 18:07:03 -0500, "Dan Tulovsky" >> <[EMAIL PROTECTED]> wrote: >> >>> Does your sa-mimedefang config file contain this line: >>> >>> Defang 1 >>> >>> That would do it... >>> >>> Dan >>> >>> >> >> Nope; in fact, it doesn't have defang_mime anywhere in it. I'll try >> setting it to 0, just in case it's getting inherited from somewhere >> else. Thanks! > >Do you have Anomy::HTMLCleaner installed? If so, you will need to modify your >mimedefang-filter to NOT use it. It isn't installed by default. But if it is >installed, it IS used by default. > It's not installed, but just in case, I've got it commented out in mimedefang-filter. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 18:07:03 -0500, "Dan Tulovsky" <[EMAIL PROTECTED]> wrote: >Does your sa-mimedefang config file contain this line: > >Defang 1 > >That would do it... > >Dan > > Nope; in fact, it doesn't have defang_mime anywhere in it. I'll try setting it to 0, just in case it's getting inherited from somewhere else. Thanks! -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Mon, 8 Nov 2004 21:37:01 +0100, No Six <[EMAIL PROTECTED]> wrote: >On Fri, Nov 05, 2004 at 11:24:17AM -0500, Dan Tulovsky wrote: >> My sa-mimedefang file has this: >> >> # By default, spamassassin will change the Content-type: header of >> # suspected spam to "text/plain". This is a safety feature. If you >> # prefer to leave the Content-type header alone, set this to 0. >> # >> # defang_mime 0 >> >> Maybe your defang_mime is set to 1? >> >Another possible explanation ... >Are you using a procmail recipe such as html-trap.procmail : > >http://www.impsec.org/email-tools/html-trap.procmail >http://www.math.rutgers.edu/procmail/pm/html-trap.rc > >Check for /etc/procmailrc, $HOME/.procmailrc > >Number Six Not using procmail, so that's not it - but thanks. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 08:13:15 -0500 (EST), "David F. Skoll" <[EMAIL PROTECTED]> wrote: >On Fri, 5 Nov 2004, Rob MacGregor wrote: > >> On Thu, 04 Nov 2004 18:45:17 -0500, Tim Boyer <[EMAIL PROTECTED]> wrote: >> > I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and >> > SpamAssassin 3.0.1. Somewhere in there a very few html messages are >> > having their content type changed to text/plain, and an >> > 'Original-Content-Type' line inserted, like so: > >> I'd say the most likely is MIMEDefang (and the least likely Sendmail). >> It depends however on what's in your mimedefang-filter... > >MIMEDefang itself doesn't have anything referring to "Original-Content-Type", >and neither does MIME-tools. It must be an explicit filter decision, >or something else is munging the messages. Thanks, David - that at least narrows it down. It's nothing I'm doing in MIMEDefang, so it's either SpamAssassin or Sendmail. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 07:11:23 +, Rob MacGregor
<[EMAIL PROTECTED]> wrote:
>On Thu, 04 Nov 2004 18:45:17 -0500, Tim Boyer <[EMAIL PROTECTED]> wrote:
>> I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and
>> SpamAssassin 3.0.1. Somewhere in there a very few html messages are
>> having their content type changed to text/plain, and an
>> 'Original-Content-Type' line inserted, like so:
>
>I'd say the most likely is MIMEDefang (and the least likely Sendmail).
> It depends however on what's in your mimedefang-filter...
>
>Also, are you 100% sure that they're not arriving at you like that?
I've got nothing in mimedefang-filter that's rewriting that, and I'm
sure they're arriving like that - only because I did some rudimentary
debugging of my own in mimedefang-filter:
if ($type eq "text/html") {
md_graphdefang_log('html', $Subject, $RelayAddr);
so I can see where it came in as html:
Nov 4 16:12:09 melbourne2 mimedefang.pl[23152]:
MDLOG,iA4LC9H5007402,html,Rubber & Plastics News E-mail for November
03,2004,216.35.77.117
So it's getting here as html, but _something_ is changing it.
--
Tim Boyer
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Original-Content-Type in header
I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and SpamAssassin 3.0.1. Somewhere in there a very few html messages are having their content type changed to text/plain, and an 'Original-Content-Type' line inserted, like so: Content-Type: text/plain X-Spam-Score: -0.652 () AWL,BAYES_00,HTML_50_60,HTML_FONT_BIG,HTML_MESSAGE,HTML_TEXT_AFTER_BODY,HTML_TEXT_AFTER_HTML,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,OPTING_OUT X-Scanned-By: MIMEDefang 2.44 Original-Content-Type: text/html X-UIDL: DZR"!?_9!!3MS!!,c0"! ... but I'll be darned if I can figure out which program is mangling the headers. Does anyone know off the top of their head what could be doing this? Thanks much... -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Fri, 1 Oct 2004 09:20:57 -0700, <[EMAIL PROTECTED]>
wrote:
>I imagine the remail is also bouncing, as it is also being detected as spam.
>I worry that each remail is spawning another remail... so every spam is spawning its
>own infinite loop. (uh-oh!)
>Try this...
>
>Instead of
> if ($hits >= $req) {
>
>do this (untested:)
> if ($hits >= $req and $RelayAddr ne "127.0.0.1") {
>
>This will allow the remailed items to skip over the action_bounce.
I was getting a loop, so that sounds _very_ likely. I'll give it a
shot. Thanks much...
--
Tim Boyer
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Fri, 01 Oct 2004 09:07:07 -0700, Kelson <[EMAIL PROTECTED]> wrote: >Tim Boyer wrote: >> It's bouncing: >> >> Sep 30 21:14:43 melbourne2 sm-mta[17694]: i911EUd5017694: Milter: >> data, reject=554 5.7.1 SpamAssassin has identified this email as >> possible spam. Please see http://www.denmantire.com/blocklist.html >> if you think this is incorrect. >> >> ... but never remailing. > >Are you running a client queue runner? What does "mailq -Ac" tell you? mailq -Ac /var/spool/clientmqueue is empty Total requests: 0 -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: URIDNSBL not running
On Fri, 1 Oct 2004 10:34:25 +1000, "Matt Smith" <[EMAIL PROTECTED]>
wrote:
>"Nathan Martinez" <[EMAIL PROTECTED]> wrote:
>
>> would give URIDNSBL a try, but I can't seem to get its rules to run. I
>> have $SALocalTestsOnly = 0 in my mimedefang-filter.
>
>Hi Nathan,
>
>Having just enabled this feature myself (MD v2.41/2.38 + SA 2.63), and
>experienced the frustration when it didn't work, make sure that your
>$SALocalTestsOnly variable is set before the SpamAssassin init routine (as
>below) in your mimedefang-filter.
>
>$SALocalTestsOnly = 0;
>if ($Features{"SpamAssassin"}) {
>spam_assassin_init()->compile_now(1) if defined(spam_assassin_init());
>
>Also, make sure that in your sa-mimedefang.cf file, you don't have the line
>skip_rbl_checks 0
>as that will undo the above.
>
>Hope this helps, or gives you somewhere to look!
>There was a bit of activity on this list within the past month or two
>regarding enabling this, I couldn't find any specific reference off-hand,
>but give it a search if you get stuck.
>
>Regards,
>Matt
I'll also add my recent experience. Test it, using a piece of email
you _think_ should be blocked:
su -c "spamassassin --test -D" defang http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Thu, 30 Sep 2004 07:19:25 -0400 (EDT), "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
>On Thu, 30 Sep 2004, Tim Boyer wrote:
>
>> Hmmm, either that didn't work, or (much more likely) I'm doing it
>> wrong:
>>
>> resend_message('[EMAIL PROTECTED]');
>
>You want:
>
> resend_message_one_recipient('[EMAIL PROTECTED]');
>
>> But can I quarantine _and_ bounce?
>
>Yes, sure.
>
>Regards,
>
>David.
Hmmm... apologies, but I must be doing something stupid. Here's what
I've got:
if ($Features{"SpamAssassin"}) {
if ($hits >= $req) {
md_graphdefang_log('spam', $hits, $RelayAddr);
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
# Add a header with original recipients, just for info
action_add_header("X-Orig-Rcpts", join(", ",
@Recipients));
foreach $recip (@Recipients) {
delete_recipient($recip);
}
resend_message_one_recipient('[EMAIL PROTECTED]');
action_bounce("SpamAssassin has identified this email
as possible spam");
return ();
}
It's bouncing:
Sep 30 21:14:43 melbourne2 sm-mta[17694]: i911EUd5017694: Milter:
data, reject=554 5.7.1 SpamAssassin has identified this email as
possible spam. Please see http://www.denmantire.com/blocklist.html
if you think this is incorrect.
... but never remailing.
--
Tim Boyer
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Wed, 29 Sep 2004 16:35:29 -0700, Kelson <[EMAIL PROTECTED]> wrote:
>Tim Boyer wrote:
>> Is there any way for the same message to be bounced, AND send a copy to
>> postmaster? Until I get comfortable with SpamAssassin, I'd like Postmaster
>> to take a look at what's bouncing.
>
>Call "resend_message('[EMAIL PROTECTED]')" before action_bounce.
>That should do it, as long as you (a) have the client queue-runner
>active and (b) avoid running locally-generated mail through SpamAssassin.
>
Hmmm, either that didn't work, or (much more likely) I'm doing it
wrong:
resend_message('[EMAIL PROTECTED]');
action_bounce("SpamAssassin has identified this email
as possible spam");
return ();
I can see it in the logs - it's bouncing, but not sending me a copy.
>Alternatively, you can quarantine the message (using
>quarantine_entire_message) instead of sending it to your postmaster.
But can I quarantine _and_ bounce?
--
Tim Boyer
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Bounce AND send a copy?
Is there any way for the same message to be bounced, AND send a copy to
postmaster? Until I get comfortable with SpamAssassin, I'd like Postmaster
to take a look at what's bouncing.
It's easy to do one or the other - I've done
add_recipient('[EMAIL PROTECTED]');
return ();
and
action_bounce("SpamAssassin has identified this email as
possible spam");
return ();
but is it possible to do both?
Thanks much,
--
Tim Boyer
Director
Information Systems and Engineering Projects
Denman Tire Corporation
[EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RE: MIMEDefang, SpamAssassin and URIDNSBLs
> On Fri, 24 Sep 2004, Tim Boyer wrote: > > > > > Why the heck would I get one score when called from MIMEDefang, > > > and another > when done 'by hand'? > > Because MIMEDefang doesn't do network tests unless you ask it to. > This is in the FAQ: > > http://www.mimedefang.org/node.php?id=15 > > -- > David. > It's in there: $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Tim Boyer"; $SALocalTestsOnly = 0; ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RE: MIMEDefang, SpamAssassin and URIDNSBLs
> Hi, > > > Why the heck would I get one score when called from MIMEDefang, > and another > > when done 'by hand'? > > Sounds like you have two or more spamassassin config files. The one from > spamassassin is residing in /usr/local/etc/mail/local.cf, the other is the > mimedefang one in /docsis/etc/mimedefang/sa-mimedefang.cf. One of them > has network tests disabled. > > Martin > That was my first guess, so a week ago I changed a score to try to track it: score BIZ_TLD 3.141 Both the MIMEDefang and the 'by hand' examples show: 3.1 BIZ_TLDURI: Contains an URL in the BIZ top-level domain so they've got to be using the same config file - right? -- tim -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang, SpamAssassin and URIDNSBLs
I'm not quite sure where to begin debugging this one. I'm running MIMEDefang 2.44 with SpamAssassin 3, and everything is working great - except SpamAssassin's 'look up URLs against DNS blocklists' feature. The odd part is that it seems to be working when I run SpamAssassin in debug mode, but not when it's called from MIMEDefang. For instance, I just got spam advertising compprog.biz, listed in the SBL list. It originally got to me with only a score of 4.249 (but note the 'BIZ_TLD' check, which at least tells me it's scanning the body): X-Spam-Score: 4.249 () BIZ_TLD,FORGED_HOTMAIL_RCVD2,LOTS_OF_STUFF X-Scanned-By: MIMEDefang 2.44 When I copied the whole message to test2.email and ran 'spamassassin -D -thttp://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
