Re: [Mimedefang] RE: Testing mailing list headers
On Fri, 9 Apr 2004, Alex S Moore wrote:
> I want to skip the SpamAssassin check for a specific set of mailing lists,
> like this one.
For this one:
if ($Sender ne '<[EMAIL PROTECTED]>') {
# Do the SpamAssassin checks
}
> How do I refer to a header value, such as X-BeenThere or
> List-Id?
You can open the file ./HEADERS, which contains all headers, one per line.
Multi-line headers are "unwrapped" to be on a single line for convenience.
--
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD, SpamAssassin and Bayes...
Gordon, For sitewide Bayesian, i have the bayes stuff running as user 'defang', i guess since SA runs as defang. Here are the relevant lines from my sa-mimedefang.cf: #Enable bayes use_bayes 1 bayes_auto_learn 1 bayes_path /sendmail/mqueue/MIMEDefang/bayes/bayes bayes_file_mode 0666 The bayes_path dir has these permissions: drwxr-xr-x2 defang defang 0 Apr 9 19:55 /sendmail/mqueue/MIMEDefang/bayes/ And the contents of: [EMAIL PROTECTED] root]# ls -l /sendmail/mqueue/MIMEDefang/bayes/ total 15024 -rw-rw-rw-1 defang defang 71890 Apr 9 19:55 bayes_journal -rw-r--r--1 defang defang 10522624 Apr 9 19:55 bayes_seen -rw-rw-rw-1 defang defang4788224 Apr 9 19:55 bayes_toks Supposedly bayesian is more effective with a per-user bayes db, as opposed to a sitewide db. This would be much more complicated though. I believe this is a feature of Can-It Pro? ray On Sat, 10 Apr 2004, Gordon Henderson wrote: > > This is probably a dumb question, but I can't find an obvious answer... > > I've been using MD+SA for some time with good effect, but I want to use > the Bayesian tests in SA. But which 'user' do I load up its database with? > Is it the destination user of the email, or root, or maybe daemon or > smmsp? Preferably I want all mail that goes through the site to pass > through the Bayesian filters as well as the normal ones, not just mail > delivered to a particular user. > > Any help appreicated... > > Gordon > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MD, SpamAssassin and Bayes...
This is probably a dumb question, but I can't find an obvious answer... I've been using MD+SA for some time with good effect, but I want to use the Bayesian tests in SA. But which 'user' do I load up its database with? Is it the destination user of the email, or root, or maybe daemon or smmsp? Preferably I want all mail that goes through the site to pass through the Bayesian filters as well as the normal ones, not just mail delivered to a particular user. Any help appreicated... Gordon ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter in & out
adding the MX_SENDER_CHECK=yes was the final change to make it all work!
Thanks to all for the advice and syntax help.
:) i think mimedefang is a great program
On Fri, 2004-04-09 at 17:03, kamal wrote:
> Also make sure that MX_RELAY_CHECK=yes is set in case you do it in
> filter_relay and MX_SENDER_CHECK=yes is set in case you do this in
> filter_sender.
> These settings go in /etc/sysconfig/mimedefang or /etc/init.d/mimedefang
> depending on your installation
> Yes, filter_relay makes more sense, sorry for wrong advice earlier.
> Though filter_sender serves the purpose equally well :-)
>
> david wrote:
> > My perl is not great, but I added the below.
> > Have not had luck yet. Could I be putting this in the wrong section
> > of the mimedefang-filter ? I ran the reread. I have tried different
> > kinds of re's without luck, including filtering on hostname sender and
> > IP. also adding "^ and $" eg. /^some-text$/ and /n+ (note: syntax may be
> > wrong in this email just going from memory)
> >
> > sub filter_sender {
> > my ($sender, $ip, $hostname, $helo) = @_;
> > if ($ip =~ /192.168.1.*/i) {
> > return ('ACCEPT_AND_NO_MORE_FILTERING');
> > }
> > }
All information contained in this email is confidential and may be used by the
intended recipient only.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: OT: Re: [Mimedefang] What controls which RBL's are tested and in what order?
Thanks Ben! I stand corrected but reiterate that RBLs are best instituted
in SpamAssassin and I love Slaven B.'s Rule for additive RBL usage:
# Slaven B. Rule
# Commented out for those who don't use RBLs. Just uncomment to use.
meta CUSTOM_RCVD_IN_MANY ( RCVD_IN_BL_SPAMCOP_NET + RCVD_IN_SBL +
RCVD_IN_SORBS + RCVD_IN_NJABL + RCVD_IN_DYNABLOCK + RCVD_IN_DSBL +
RCVD_IN_NJABL_SPAM + RCVD_IN_NJABL_PROXY + RCVD_IN_RFCI + RCVD_IN_OPM +
RCVD_IN_SORBS_HTTP + RAZOR2_CHECK) > 2
describe CUSTOM_RCVD_IN_MANY Message received in more than 2 RBLs
score CUSTOM_RCVD_IN_MANY 3.0
Regards,
KAM
> I believe you can use relay_is_blacklisted() in your filter to check an
> RBL. From the mimedefang-filter(5) man page:
>
> if (relay_is_blacklisted($RelayAddr, "inputs.orbs.org")) {
> action_add_header("X-Blacklist-Warning",
> "Relay $RelayAddr is blacklisted by ORBS");
> }
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RE: Testing mailing list headers
--On Friday, April 09, 2004 03:21:09 PM -0500 Jim McCullars
<[EMAIL PROTECTED]> wrote:
There's not a built-in way to do this, you have to read the HEADERS
file, something like this in filter_end() before calling SpamAssassin:
if(open(HDRS, "./HEADERS")) {
while() {
if(m/^X-BeenThere:/) {
close(HDRS);
return
}
}
close(HDRS);
}
Thanks Jim. This is what I needed.
Alex
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter in & out
Also make sure that MX_RELAY_CHECK=yes is set in case you do it in
filter_relay and MX_SENDER_CHECK=yes is set in case you do this in
filter_sender.
These settings go in /etc/sysconfig/mimedefang or /etc/init.d/mimedefang
depending on your installation
Yes, filter_relay makes more sense, sorry for wrong advice earlier.
Though filter_sender serves the purpose equally well :-)
david wrote:
My perl is not great, but I added the below.
Have not had luck yet. Could I be putting this in the wrong section
of the mimedefang-filter ? I ran the reread. I have tried different
kinds of re's without luck, including filtering on hostname sender and
IP. also adding "^ and $" eg. /^some-text$/ and /n+ (note: syntax may be
wrong in this email just going from memory)
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if ($ip =~ /192.168.1.*/i) {
return ('ACCEPT_AND_NO_MORE_FILTERING');
}
}
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] RE: Testing mailing list headers
On Fri, 9 Apr 2004, Alex S Moore wrote:
> I want to skip the SpamAssassin check for a specific set of mailing lists,
> like this one. How do I refer to a header value, such as X-BeenThere or
> List-Id?
There's not a built-in way to do this, you have to read the HEADERS
file, something like this in filter_end() before calling SpamAssassin:
if(open(HDRS, "./HEADERS")) {
while() {
if(m/^X-BeenThere:/) {
close(HDRS);
return
}
}
close(HDRS);
}
Note that in my example, I just do a return if the header is found, so
nothing else in filter_end() will get checked. You may want to approach
it a little differently, but that's how you examine headers.
HTH...
Jim McCullars
University of Alabama in Huntsville
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: OT: Re: [Mimedefang] What controls which RBL's are tested and in what order?
Kevin A. McGrail wrote:
MIMEDefang does not use RBLs.
I believe you can use relay_is_blacklisted() in your filter to check an
RBL. From the mimedefang-filter(5) man page:
if (relay_is_blacklisted($RelayAddr, "inputs.orbs.org")) {
action_add_header("X-Blacklist-Warning",
"Relay $RelayAddr is blacklisted by ORBS");
}
Regards,
KAM
- Ben
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] filter in & out
Hello David,
>
> sub filter_sender {
> my ($sender, $ip, $hostname, $helo) = @_;
> if ($ip =~ /192.168.1.*/i) {
> return ('ACCEPT_AND_NO_MORE_FILTERING');
> }
> }
>
Doesn't this or shouldn't this be in filter_relay? You do have access to
$ip in filter_sender, but filter_relay makes more sense for this. Also,
your regex might be better as
$ip=~ /^192\.168\.1\./
Note the escaping for the dots. Finally, try using
return ('ACCEPPT_AND_NO_MORE_FILTERING',"ok")
Instead of what you had.
Hope this helps,
Stefano
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter in & out
On Fri, 9 Apr 2004, david wrote:
> sub filter_sender {
> my ($sender, $ip, $hostname, $helo) = @_;
> if ($ip =~ /192.168.1.*/i) {
> return ('ACCEPT_AND_NO_MORE_FILTERING');
> }
> }
I would do this in filter_relay, clean the regexp up a bit, and add a
second value to your return code, something like this:
sub filter_relay {
my ($ip, $name, $helo) = @_;
if ($ip =~ /^192\.168\.1/) {
return('ACCEPT_AND_NO_MORE_FILTERING', "ok")
}
}
HTH...
Jim McCullars
University of Alabama in Huntsville
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter in & out
My perl is not great, but I added the below.
Have not had luck yet. Could I be putting this in the wrong section
of the mimedefang-filter ? I ran the reread. I have tried different
kinds of re's without luck, including filtering on hostname sender and
IP. also adding "^ and $" eg. /^some-text$/
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if ($ip =~ /192.168.1.*/i) {
return ('ACCEPT_AND_NO_MORE_FILTERING');
}
}
On Thu, 2004-04-08 at 05:09, kamal wrote:
> > I was wondering what to change to only filter incoming messages. Does
> > this have to do with the multiplexar function?
>
> One way is to compare IP of sender to the IPs of your internal senders.
> This will work in some network setups. This check can go in filter_sender
> Second way is to check the "mailer". It will be "local" if mail is for a
> local user. This check can go in filter_recipient
>
> I wonder if there's an easier way than this.
All information contained in this email is confidential and may be used by the
intended recipient only.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RE: Testing mailing list headers
Apparently I am overlooking the obvious and cannot find the answer. I want to skip the SpamAssassin check for a specific set of mailing lists, like this one. How do I refer to a header value, such as X-BeenThere or List-Id? Alex ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter in & out
My perl is not great, but I added the below.
Have not had luck yet. Could I be putting this in the wrong section
of the mimedefang-filter ? I ran the reread. I have tried different
kinds of re's without luck, including filtering on hostname sender and
IP. also adding "^ and $" eg. /^some-text$/ and /n+ (note: syntax may be
wrong in this email just going from memory)
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if ($ip =~ /192.168.1.*/i) {
return ('ACCEPT_AND_NO_MORE_FILTERING');
}
}
On Thu, 2004-04-08 at 05:09, kamal wrote:
> > I was wondering what to change to only filter incoming messages. Does
> > this have to do with the multiplexar function?
>
> One way is to compare IP of sender to the IPs of your internal senders.
> This will work in some network setups. This check can go in filter_sender
> Second way is to check the "mailer". It will be "local" if mail is for a
> local user. This check can go in filter_recipient
>
> I wonder if there's an easier way than this.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
OT: Re: [Mimedefang] What controls which RBL's are tested and in what order?
MIMEDefang does not use RBLs. You could be using RBLs in your sendmail configuration (not my recommendation) or you could be using RBLs in SpamAssassin. In SpamAssassin, I don't think you can control the order of testing however you can disable them by figuring out what the test is named and configuring that test to a score of 0.0. For example, when OsiruSoft went offline, you could have disabled that RBL test with this line in your mimedefang config file: score RCVD_IN_OSIRUSOFT_COM 0.0 Regards, KAM > Which file would I edit to change the RBL's tested and/or the order in which > they are tested? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RAMdisk on solaris
If anyone is interested...there is a much better way to run a RAMDISK on solaris than is in the FAQ. However it requires an up-to-date version (12/03 or 04/04 I believe). (older versions didnt seem to include ramdiskadm) There is a very limited number of inodes available from the tmpfs file system. And you can't change it. It's not uncommon to run out of inodes on /tmp - often a situation that can kill the machine, since there are many processes that need to "scribble" on /tmp. If you are interested, please email me off the list and I will be happy to help. Jeff -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] What controls which RBL's are tested and in what order?
Which file would I edit to change the RBL's tested and/or the order in which they are tested? Thanks! Ken Morley ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Extremism or just leveling the playing field..
On Apr 8, 2004, at 6:41 PM, Ben Kamen wrote: Boy, as I sit here and watch the spammers try to A: use me as a relay (same IP, multiple tries) B: scan for usernames C: try and deliver to bogus names I've used on the net I would love to have a hook in mimedefang to auto-blackhole these IP's... kinda like the greylisting where the entry times out after a while.. but after so many misses, the IP gets null-routed... I know there's probably ways to do this.. I'd just have to sit down and do it.. but don't have the time... If you're running your mail server on Linux, you can actually do this fairly easily - although it is outside of MD or Sendmail. grep your maillog for repetitive instances of an ip address attempting connections to unknown users and via shell scripts put offending numbers into your iptables file with -j REJECT. Those bozos won't even get close to your mail server after that [0]. But don't you guys and gals get mad when you see some pathetic loser try and bash the doors down to your mail server?? Don't get mad, get even. Block them before they can even connect to you. This may be "Extremism" and YMMV; But for our situation at my orkplace [1], it's part of an overall solution that is working well. -Loren [0] Don't forget to script a restart of iptables. D'Oh! [1] We do not host mail for others. Fairly low volume: ~ 25,000 msg/day -Loren K Louthan | tel: 818 786 2110 | AIM: LorenSRAR -Data Communications Engineer - CRISNet Regional MLS Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it." -Ronald Wilson Reagan ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Extremism or just leveling the playing field..
That's pretty funny... actually.. Now that I think about it, I might have a TCL script that with some modification could probably do this for me... I think I might look into it this weekend... heheh.. thanks! -Ben Stefano McGhee wrote: I would love to have a hook in mimedefang to auto-blackhole these IP's... kinda like the greylisting where the entry times out after a while.. but after so many misses, the IP gets null-routed... I know there's probably ways to do this.. I'd just have to sit down and do it.. but don't have the time... Hello Ben, Take a look at http://lists.roaringpenguin.com/pipermail/mimedefang/2003-March/013811.html . Chad Stalvey got annoyed with this too awhile back and I remember thinking it was quite an interesting solution. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Extremism or just leveling the playing field..
> I would love to have a hook in mimedefang to auto-blackhole these > IP's... kinda like the greylisting where the entry times out after a > while.. but after so many misses, the IP gets null-routed... > > I know there's probably ways to do this.. I'd just have to > sit down and > do it.. but don't have the time... > Hello Ben, Take a look at http://lists.roaringpenguin.com/pipermail/mimedefang/2003-March/013811.html . Chad Stalvey got annoyed with this too awhile back and I remember thinking it was quite an interesting solution. Cheers, Stefano ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Extremism or just leveling the playing field..
Ben Kamen wrote: Boy, as I sit here and watch the spammers try to A: use me as a relay (same IP, multiple tries) B: scan for usernames C: try and deliver to bogus names I've used on the net I would love to have a hook in mimedefang to auto-blackhole these IP's... kinda like the greylisting where the entry times out after a while.. but after so many misses, the IP gets null-routed... I have thought about this too, especially when I was watching this poor sod with an infected machine out in NY hitting me with dozens of virus e-mails yesterday. A temporary IP blackhole, say with a variable timeout ranging up to about a month, would be good. It could probably be done with the existing greylist code. I don't think I could deploy something like that at work (yet), but at home it would be sweet. I know there's probably ways to do this.. I'd just have to sit down and do it.. but don't have the time... But don't you guys and gals get mad when you see some pathetic loser try and bash the doors down to your mail server?? Yeah, just want to route them out of existence. Yeesh. I'd like to rub the nose of my local legislative reps in this stuff... Bad idea, but it would be nice to be able to call the cops on folks trying to break into your servers just like you would if they were trying to break into your office. But who would you call? -- Daniel Taylor VP OperationsVocal Laboratories, Inc. [EMAIL PROTECTED] http://www.vocalabs.com/(952)941-6580x203 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] COMMAND not found with inline jpg
On Tue, 2004-04-06 at 11:12, Serge van Thillo wrote: > If Have a problem when I receive or send messages containing a jpg as > inline image. Is there no-one with this problem? or don't my messages arrive on the list? With kind regards, Serge van Thillo ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
