RE: [Mimedefang] Some spam tests not running Timeout maybe
Jan-Pieter, Thanks, putting the includes of all the SARE rules in my sa-mimedefang.cf did the trick. Thanks, David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jan-Pieter Cornet Sent: Wednesday, January 24, 2007 3:34 AM To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Some spam tests not running Timeout maybe On Tue, Jan 23, 2007 at 06:24:53PM -0800, David Reta wrote: I am having an issue with some spam slipping through. When I check the MSG.0 file from the quarantine against a manual run of the ENTIRE_MESSAGE file from the quarantine there are rules that are not hit. I am running them manually as the same user as mimedefang so I don't think it could be a permission issue. Is there a timeout setting or something else I could be missing that could be causing this? Any help is appreciated. spamassassin as a standalone binary uses another configuration file as the spamassassin integrated into mimedefang does. That is likely your problem... try to compare with: spamassassin -p /etc/mail/sa-mimedefang.cf ENTIRE_MESSAGE Then possibly tweak your sa-mimedefang.cf Here is an example from the quarantine [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ more MSG.0 [...] Content analysis details: (0.6 points, 5.0 required) 0.603 5 BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_DNS_FOR_FROM Here is the output from when it manually [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ spamassassin ENTIRE_MESSAGE [...] X-Spam-Status: Yes, score=5.8 required=5.0 tests=BAYES_50,DBL_12_LETTER_FLDR, DBL_12_LETTER_PGIMG,HTML_MESSAGE,MIME_HTML_ONLY,SARE_FORGED_PAYPAL, SARE_FORGED_PAYPAL_C,SARE_SPOOF_BADURL,SPF_HELO_PASS autolearn=no version=3.1.7 Note that you also use a different bayes database, apparently. Compare the configs of sa-mimedefang.cf and all *.cf files under /etc/mail/spamassassin. You could if you like put something like include /etc/mail/spamassassin/local.cf in your sa-mimedefang.cf, along with any other *.cf files you want to use. (This assumes spamassassin actually uses /etc/mail/spamassassin, and mimedefang uses /etc/mail. Substitute the appropriate paths for your setup, if necessary) -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This email and attachments may contain Narus, Inc. confidential material. If you are not the intended recipient, contact the sender immediately and delete all instances of this email and attachments. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Some spam tests not running Timeout maybe
@lists.roaringpenguin.com Subject: Re: [Mimedefang] Some spam tests not running Timeout maybe On Tue, Jan 23, 2007 at 06:24:53PM -0800, David Reta wrote: I am having an issue with some spam slipping through. When I check the MSG.0 file from the quarantine against a manual run of the ENTIRE_MESSAGE file from the quarantine there are rules that are not hit. I am running them manually as the same user as mimedefang so I don't think it could be a permission issue. Is there a timeout setting or something else I could be missing that could be causing this? Any help is appreciated. spamassassin as a standalone binary uses another configuration file as the spamassassin integrated into mimedefang does. That is likely your problem... try to compare with: spamassassin -p /etc/mail/sa-mimedefang.cf ENTIRE_MESSAGE Then possibly tweak your sa-mimedefang.cf Here is an example from the quarantine [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ more MSG.0 [...] Content analysis details: (0.6 points, 5.0 required) 0.603 5 BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_DNS_FOR_FROM Here is the output from when it manually [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ spamassassin ENTIRE_MESSAGE [...] X-Spam-Status: Yes, score=5.8 required=5.0 tests=BAYES_50,DBL_12_LETTER_FLDR, DBL_12_LETTER_PGIMG,HTML_MESSAGE,MIME_HTML_ONLY,SARE_FORGED_PAYPAL, SARE_FORGED_PAYPAL_C,SARE_SPOOF_BADURL,SPF_HELO_PASS autolearn=no version=3.1.7 Note that you also use a different bayes database, apparently. Compare the configs of sa-mimedefang.cf and all *.cf files under /etc/mail/spamassassin. You could if you like put something like include /etc/mail/spamassassin/local.cf in your sa-mimedefang.cf, along with any other *.cf files you want to use. (This assumes spamassassin actually uses /etc/mail/spamassassin, and mimedefang uses /etc/mail. Substitute the appropriate paths for your setup, if necessary) -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang This email and attachments may contain Narus, Inc. confidential material. If you are not the intended recipient, contact the sender immediately and delete all instances of this email and attachments. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Some spam tests not running Timeout maybe
I am having an issue with some spam slipping through. When I check the MSG.0 file from the quarantine against a manual run of the ENTIRE_MESSAGE file from the quarantine there are rules that are not hit. I am running them manually as the same user as mimedefang so I don't think it could be a permission issue. Is there a timeout setting or something else I could be missing that could be causing this? Any help is appreciated. Thanks, David I am running on RHEL 4 and my setup is sendmail(8.13.2)-mimedefang(2.57)-spamassassin(3.1.7) Here is an example from the quarantine [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ more MSG.0 Spam detection software, running on the system , has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Limited Account Access Details PayPal Security Center Dear PayPal Member, We recently reviewed your account, and we need more information about your business to allow us to provide uninterrupted service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible. We apologize for the inconvenience. [...] Content analysis details: (0.6 points, 5.0 required) pts rule name description -- -- -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 3.2 NO_DNS_FOR_FROMDNS: Envelope sender has no MX or A DNS records 0.603 5 BAYES_00,HTML_MESSAGE,MIME_HTML_ONLY,NO_DNS_FOR_FROM Here is the output from when it manually [EMAIL PROTECTED] qdir-2007-01-23-16.27.29-001]$ spamassassin ENTIRE_MESSAGE [15334] warn: Subroutine new redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 116. [15334] warn: Subroutine parse_config redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 126. [15334] warn: Subroutine dummy_check redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 223. [15334] warn: Subroutine fuzzyocr_check redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 227. [15334] warn: Subroutine load_global_words redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 237. [15334] warn: Subroutine load_personal_words redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 255. [15334] warn: Subroutine parse_scansets redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 278. [15334] warn: Subroutine max redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 285. [15334] warn: Subroutine reorder redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 293. [15334] warn: Subroutine pipe_io redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 298. [15334] warn: Subroutine handle_error redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 410. [15334] warn: Subroutine logfile redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 416. [15334] warn: Subroutine check_image_hash_db redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 435. [15334] warn: Subroutine add_image_hash_db redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 475. [15334] warn: Subroutine calc_image_hash redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 497. [15334] warn: Subroutine debuglog redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 537. [15334] warn: Subroutine wrong_ctype redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 543. [15334] warn: Subroutine corrupt_img redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 562. [15334] warn: Subroutine known_img_hash redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 587. [15334] warn: Subroutine check_fuzzy_ocr redefined at /etc/mail/spamassassin/FuzzyOcr.pm line 602. Received: from localhost by mx1.narus.com with SpamAssassin (version 3.1.7); Tue, 23 Jan 2007 16:53:20 -0800 From: PayPal [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: *SPAM* Please update your information Date: Tue, 23 Jan 2007 18:14:31 -0500 Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mx1.narus.com X-Spam-Level: * X-Spam-Status: Yes, score=5.8 required=5.0 tests=BAYES_50,DBL_12_LETTER_FLDR, DBL_12_LETTER_PGIMG,HTML_MESSAGE,MIME_HTML_ONLY,SARE_FORGED_PAYPAL, SARE_FORGED_PAYPAL_C,SARE_SPOOF_BADURL,SPF_HELO_PASS autolearn=no version=3.1.7 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--=_45B6AE00.466443F3 This is a multi-part message in MIME format. =_45B6AE00.466443F3 Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Spam detection software, running on the system , has identified this
[Mimedefang] Help with removing files with names defined in bad_exts
I would like to remove certain named zip files from emails but I don't wan't to discard all zip files since we use them. I tried to add the whole filename to bad_exts but this does not work. Is there somewhere else in the filter I can add this or do I need to add my own code to the re_match function. Thanks, David ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
