spamassassin --D lint failing?
Hello List .. For some odd reason everytime I restart spamd or run spamassassin --D lint ; I get some odd parse errors. ### [25084] warn: config: failed to parse, now a plugin, skipping: ok_languages_all [25084] warn: config: failed to parse line, skipping: use_dcc_1 [25084] warn: config: failed to parse line, skipping: use_razor2_1 [25084] dbg: config: allowing user rules! [25084] warn: config: failed to parse, now a plugin, skipping: ok_languages_all [25084] warn: config: failed to parse line, skipping: use_dcc_1 [25084] warn: config: failed to parse line, skipping: use_razor2_1 From what i can see.. these are all that are failing.. i do have razor2 install and dcc .. I also get these errors.. spf: cannot get Envelope-From, cannot use SPF [25084] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [25084] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ff16a8)) [25084] dbg: rules: ran eval rule __UNUSABLE_MSGID == got hit [25084] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x903aa0c)) [25084] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x8ff16a8)) [25084] dbg: spf: spf_whitelist_from: could not find useable envelope sender ### Even considering those errors.. i still get DCC and RAZOR scoring in my headers.. so all is well, but id just like to know where the problem is at.. Any suggestions? Thanks in advance! Regards .. Leonard
Re: spamassassin --D lint failing?
Hello, Thats the funny thing.. i dont have any spaces.. but since i went into v310.pre .. i dont get the errors anymore and the test is now error free .. Thanks.. BTW .. how can i check to see if DCC and razor are working? i thought they were.. but now since i got bayes to start working today; im wondering if its whacked razor and dcc .. ## 0.9 URI_NOVOWELURI: URI hostname has long non-vowel sequence 0.0 HTML_MESSAGE BODY: HTML included in message 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.0997] 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [80.219.232.76 listed in dnsbl.sorbs.net] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [80.219.232.76 listed in combined.njabl.org] ### Regards .. Leonard - Original Message - From: Matt Kettler [EMAIL PROTECTED] To: Leonard SA [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Sent: Tuesday, November 29, 2005 4:05 PM Subject: Re: spamassassin --D lint failing? Leonard SA wrote: Hello List .. For some odd reason everytime I restart spamd or run spamassassin --D lint ; I get some odd parse errors. ### [25084] warn: config: failed to parse, now a plugin, skipping: ok_languages_all [25084] warn: config: failed to parse line, skipping: use_dcc_1 [25084] warn: config: failed to parse line, skipping: use_razor2_1 [25084] dbg: config: allowing user rules! [25084] warn: config: failed to parse, now a plugin, skipping: ok_languages_all [25084] warn: config: failed to parse line, skipping: use_dcc_1 [25084] warn: config: failed to parse line, skipping: use_razor2_1 From what i can see.. these are all that are failing.. i do have razor2 Ditch the extra underscores at the end. They should be spaces. ok_languages all not ok_languages_all use_dcc 1 not use_dcc_1 use_razor2 1 not use_razor2_1 Also, if you're using SA 3.1.0 you must edit v310.pre to load the appropriate plugins. Due to license restrictions on free use of the DCC and razor servers, the code for these addons is not loaded by default.
Block By Subject LIKE
Hello List.. Is it possible to reject, add weight (score), etc mail by subject LIKE rules? Regards .. Leonard
Re: Block By Subject LIKE
Thanks all for the suggestions..! Regards .. Leonard - Original Message - From: Jim Knuth [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, November 24, 2005 1:32 PM Subject: Re: Block By Subject LIKE Hallo und Guten Abend Leonard, Heute (am 24.11.2005 - 19:18 Uhr) schriebst Du: Hello List.. Is it possible to reject, add weight (score), etc mail by subject LIKE rules? Regards .. Leonard yes. With header_checks, like pcre or regexp -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 PGP: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F -- Zufalls-Zitat -- Die letzten Worte des früheren französischen Präsidenten Charles de Gaulle waren: Es schmerzt. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1304 Build 6390 24.11.2005
Re: spamcop.net tactics
Hello, I have had to remove spamcop from my rbl check list. they have had some legitimate mail servers listed recently. They had the gentoo mail list listed and some other important servers which i cant see why they were added. Regards .. Leonard - Original Message - From: Christopher X. Candreva [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Wednesday, November 23, 2005 2:29 AM Subject: Re: spamcop.net tactics On Tue, 22 Nov 2005, Chr. v. Stuckrad wrote: So simply by having users use 'vacation' or viruses/worms sending themselves from faked spam-trap-addresses and bouncing at your site, you can be blacklisted for 24 hours (for each?). By having users use vacation without a filter to stop it from replying to spam, or accepting virus mail then generating a new error, you are engaged in a DDOS against the people who's address is forged into the mail. We have users getting 3-6 THOUSAND such bounces a day. So yes, I'm glad SpamCop is blocking sites that do this. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: spamcop.net tactics
Jeff, Thanks again .. Regards .. Leonard - Original Message - From: Jeff Chan [EMAIL PROTECTED] To: Leonard SA [EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 9:13 AM Subject: Re: spamcop.net tactics On Wednesday, November 23, 2005, 5:39:05 AM, Leonard SA wrote: Jeff, I found this out yesterday after enabling the RBL lookups in the local.cf config file. Its great to get a high score slash because they are listed in the rbl list, but not rejected in case there are errors.. As being a cautious user; I still glance over my spam folders, so I would still catch these messages marked as spam as a result. Its not the best solution, but better then blockage at the MTA level. I still don't know how whitelisting works and where to configure this.. so until this time; I have to handle it this way. Thanks again for your insight Jeff. Regards .. Leonard Hi Leonard, Glad to help! Definitely check out the whitelisting feature. The SA Wiki may help, etc. Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: spamcop.net tactics
BTW list .. Can I use the whitelisting feature eventhough I use qmail-scanner? Where would this be configured? Regards .. Leonard - Original Message - From: Jeff Chan [EMAIL PROTECTED] To: Leonard SA [EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 9:13 AM Subject: Re: spamcop.net tactics On Wednesday, November 23, 2005, 5:39:05 AM, Leonard SA wrote: Jeff, I found this out yesterday after enabling the RBL lookups in the local.cf config file. Its great to get a high score slash because they are listed in the rbl list, but not rejected in case there are errors.. As being a cautious user; I still glance over my spam folders, so I would still catch these messages marked as spam as a result. Its not the best solution, but better then blockage at the MTA level. I still don't know how whitelisting works and where to configure this.. so until this time; I have to handle it this way. Thanks again for your insight Jeff. Regards .. Leonard Hi Leonard, Glad to help! Definitely check out the whitelisting feature. The SA Wiki may help, etc. Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: New Spammer?
Where are BLs setup at? Thanks in advance.. Regards .. Leonard Bernstein - | Email [EMAIL PROTECTED] | Mobile (917) 807-3883 | BlackBerry PIN 40082120 | Technology Consultant - - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 5:37 PM Subject: Re: New Spammer? From: Matt Kettler [EMAIL PROTECTED] At 09:56 AM 11/22/2005, Casey King wrote: This morning we have been getting drilled by spam/virus emails. Are they spam, or viruses? Not the same thing. 40 so far. I should be so lucky to see as few as 40/hour during any kind of outbreak Been getting a lot of phone calls from across the company about these emails. At least my mailscanner boxes are stripping the files, and tagging it as spam, but what worries me, is the low scores these messages are receiving. SpamAssassin is a spam scanner. It's official policy is to EXPLICITLY not care about virus emails. No effort is made to try to catch them, because doing so would dilute the scores of the spam ruleset. No effort is made to try to avoid tagging them either. They're just removed from the corpus and handled by the developers as if they don't exist. Heh, I use the ClamAV plugin for SA and give it a hefty score. That way I get the best of both worlds. Creative use of BLs also helps. {^_^}
Re: New Spammer?
J, sorry about that offline email .. :( Thanks for the answer also. I will definitely make some changes to adjust a more secure setup .. Regards .. Leonard - Original Message - From: jdow [EMAIL PROTECTED] To: Leonard SA [EMAIL PROTECTED] Sent: Tuesday, November 22, 2005 8:09 PM Subject: Re: New Spammer? That is the general format. I do not have your original message to know if the data is correct. It almost looks like you are trusting WAY too much at the 70.119. part. Trust only the mail server(s) from which you expect to never forge emails itself. In my case I trust the set of mail servers earthlink lumps as pop3.earthlink.net outside of the local network. {^_^} - Original Message - From: Leonard SA [EMAIL PROTECTED] To: jdow [EMAIL PROTECTED] Sent: 2005 November, 22, Tuesday 16:38 Subject: Re: New Spammer? J, Is the trusted_network your speaking of in the local.cf file as I have below? trusted_networks192.168.2. 127.0.0.1 70.119. I also use badmailfrom which will block mail at the SMTP level .. is SA able to stop spam with some sort of BL / WL rules? Regards .. Leonard - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 6:23 PM Subject: Re: New Spammer? Nowhere if he has no trusted network setup. That's his problem in a nutshell. He cannot usefully run network tests. {^_^} - Original Message - From: Leonard SA [EMAIL PROTECTED] Where are BLs setup at? Thanks in advance.. Regards .. Leonard Bernstein - | Email [EMAIL PROTECTED] | Mobile (917) 807-3883 | BlackBerry PIN 40082120 | Technology Consultant - - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 5:37 PM Subject: Re: New Spammer? From: Matt Kettler [EMAIL PROTECTED] At 09:56 AM 11/22/2005, Casey King wrote: This morning we have been getting drilled by spam/virus emails. Are they spam, or viruses? Not the same thing. 40 so far. I should be so lucky to see as few as 40/hour during any kind of outbreak Been getting a lot of phone calls from across the company about these emails. At least my mailscanner boxes are stripping the files, and tagging it as spam, but what worries me, is the low scores these messages are receiving. SpamAssassin is a spam scanner. It's official policy is to EXPLICITLY not care about virus emails. No effort is made to try to catch them, because doing so would dilute the scores of the spam ruleset. No effort is made to try to avoid tagging them either. They're just removed from the corpus and handled by the developers as if they don't exist. Heh, I use the ClamAV plugin for SA and give it a hefty score. That way I get the best of both worlds. Creative use of BLs also helps. {^_^}
Re: New Spammer?
J, Outstanding explanation :) Thank you.. I don't have the all_trusted setting; just the trusted_networks and the internal_networks .. I've made some adjustment to the other IP address with too much weight since this is a static IP and I can place the full address as a trusted network. This is my home static IP. the server is owned by me, runs publicly. is a qmail, apache, etc server.. so I can control it as necessary .. Thanks again for all of your help Regards .. Leonard - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 9:41 PM Subject: Re: New Spammer? The key to understanding trusted is that these are mail transfer agents that you can trust not to forge headers. If you fetch from an ISP then it is, perforce, the ISP's pop3 or imap client through which you fetch mail with the fetchmail utility or equivalent. Such is my case. If you run an smtp server yourself and receive from the world then that server, by all its known addresses, is the extent of your trusted network. These are NOT collections of addresses you trust not to spam you. They ARE a very few addresses that can be trusted not to forge headers and nothing more. That is why the bl tests throw up their hands and fail if trusted_networks is set wrong. It has to find at least ONE header, starting from the bottom, that it trusts. From the last address working upwards in the Received headers it can't trust so it performs the lookup. If I remember correctly you were hitting ALL_TRUSTED. That is an indication that you have this setup messed up. Misunderstanding the use of the trusted_network concept is usually the problem. If you CAN change the local.cf then with a little work Bob's your uncle. (I remember my fortunately brief struggle with this. At the moment mine looks much like this: trusted_networks 127/8 207.217.121/24 internal_networks 192.168/16 The 207 address space I accept is where Earthlink.net's pop3 servers live. I use fetchmail from them. I hope this helps. {^_^} - Original Message - From: Leonard SA [EMAIL PROTECTED] J, sorry about that offline email .. :( Thanks for the answer also. I will definitely make some changes to adjust a more secure setup .. Regards .. Leonard - Original Message - From: jdow [EMAIL PROTECTED] That is the general format. I do not have your original message to know if the data is correct. It almost looks like you are trusting WAY too much at the 70.119. part. Trust only the mail server(s) from which you expect to never forge emails itself. In my case I trust the set of mail servers earthlink lumps as pop3.earthlink.net outside of the local network. {^_^} - Original Message - From: Leonard SA [EMAIL PROTECTED] J, Is the trusted_network your speaking of in the local.cf file as I have below? trusted_networks192.168.2. 127.0.0.1 70.119. I also use badmailfrom which will block mail at the SMTP level .. is SA able to stop spam with some sort of BL / WL rules? Regards .. Leonard - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 6:23 PM Subject: Re: New Spammer? Nowhere if he has no trusted network setup. That's his problem in a nutshell. He cannot usefully run network tests. {^_^} - Original Message - From: Leonard SA [EMAIL PROTECTED] Where are BLs setup at? Thanks in advance.. Regards .. Leonard Bernstein - | Email [EMAIL PROTECTED] | Mobile (917) 807-3883 | BlackBerry PIN 40082120 | Technology Consultant - - Original Message - From: jdow [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Tuesday, November 22, 2005 5:37 PM Subject: Re: New Spammer? From: Matt Kettler [EMAIL PROTECTED] At 09:56 AM 11/22/2005, Casey King wrote: This morning we have been getting drilled by spam/virus emails. Are they spam, or viruses? Not the same thing. 40 so far. I should be so lucky to see as few as 40/hour during any kind of outbreak Been getting a lot of phone calls from across the company about these emails. At least my mailscanner boxes are stripping the files, and tagging it as spam, but what worries me, is the low scores these messages are receiving. SpamAssassin is a spam scanner. It's official policy is to EXPLICITLY not care about virus emails. No effort is made to try to catch them, because doing so would dilute the scores of the spam ruleset. No effort is made to try to avoid tagging them either. They're just removed from the corpus and handled by the developers as if they don't exist. Heh, I use the ClamAV plugin for SA and give it a hefty score. That way I get the best of both worlds. Creative use of BLs also helps. {^_^}