[Mimedefang] Strip DOC with macros
Hey Mimedefang listers, I wanted to know if I could use mimedefang to strip out .DOC, .DOCX, .XLS, and .XLSX files (or any applicable file type) if they contain a macro. --Justin ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] learner indicated ham
On Sat, Aug 9, 2014 at 1:41 PM, G.W. Haywood wrote: > It wasn't all that vague. :) > > You guys do REJECT your spam, don't you? > > -- > > 73, > Ged. Bill, Thank you very much for the response. The detail is much appreciated. As Ged mentioned, not vague, helpful to say the least. The part about highly trusted rules caught my attention: "Another way to increase autolearning without going all the way to the "learn on error" behavior is to flag rules that you trust highly as "autolearn_force" so that messages matching them won't ever be excluded from autolearning based on the existing Bayes DB disagreeing with the deterministic rules." I think these will get me started: tflags URIBL_DBL_SPAM autolearn_force tflags URIBL_JP_SURBL autolearn_force tflags URIBL_BLACK autolearn_force tflags INVALID_DATE autolearn_force Any others that are definites? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] learner indicated ham
Aug 8 12:00:53.067 [19948] dbg: learn: auto-learn: message score: 13.934, computed score for autolearn: 17.583 Aug 8 12:00:53.067 [19948] dbg: learn: auto-learn? ham=0, spam=7, body-points=7.448, head-points=5.511, learned-points=-1.9 Aug 8 12:00:53.067 [19948] dbg: learn: auto-learn: autolearn_force not flagged for a rule. Body Only Points: 7.448 (3 req'd) / Head Only Points: 5.511 (3 req'd) Aug 8 12:00:53.067 [19948] dbg: learn: auto-learn? no: scored as spam but learner indicated ham (-1.9 < -1) Is this something that I can fix? I want stuff to be trained as spam but it doesn't seem to make it. I am thinking it's either a setting I am not aware of or I need to retrain my bayes DB ham. Any help would be great. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang/Multiplexor wrong score. Stops running tests randomly
Steffen and Stephen, >From a combination of your responses I was able to shed some light on a few things. Firewall outbound was blocking Pyzor/Razor and Spamassassin for a few IPs. I originally allowed the traffic during testing, but to one external IP that connects to spamassassin. The command run as defang, adding a shell, was the most helpful. I was able to see the score that defang would see. Thanks for that tip. su defang -s /bin/bash -c 'spamassassin -x -p /etc/mail/sa-mimedefang.cf -D' < spam.eml Thanks again for your help. It has been greatly appreciated. On Fri, Jul 18, 2014 at 10:54 AM, Stephen Johnson (DIS) wrote: > On Thu, 2014-07-17 at 18:51 -0400, Justin Edmands wrote: >> Hey, >> Mimedefang is not appending the appropriate score to our messages. >> >> An example would be a message manually run through spamassassin >> produces a 17.6 score. This same message processed by the mimedefang >> filter only produces a 0.698. This is all run on the same server. What >> the heck? It only runs those tests? It runs random tests sometimes. I >> have no idea why. Does it have a max process time or something causing >> it to stop running tests after X time? Anyways... > > You are misunderstanding how Mimedefang uses spamassassin. > Spamassassins's rewriting of e-mail headers is done when it's used after > the MTA has accepted delivery of the e-mail. Mimedefang runs as a milter > (mail filter) within sendmail itself. That means that an incoming e-mail > is still in the processing of being received when Mimedefang get's > called be sendmail. The e-mail can't be rewritten by spamassassin. > > The only way to modify the incoming e-mails is via milter API calls. And > only Mimedefang itself has to do the rewrites. Spamassassin in this > scenario is only used to run the tests. If you are using the default > Mimedefang filter (/etc/mail/mimedefang-filter), you will see some > rewriting code happening in the fitler_end() function. > > And in terms of how spamassassin works espceically inside run within > Mimedefang. Spamassassin data (e.g. bayes filter database, autowhitelist > database, etc), the data is stored on a per user basis. That means the > spamassassin runs its tests using data stored in the user id that > Mimedefang runs under. Running the same e-mail on a different user it > will result in different test scores. If you want a semi-accurate > spamassasin check of an e-mail as Mimedefang sees it, it has to be done > under the Mimedefang user id. > > > -- > Stephen L Johnson > Unix Systems Administrator / DNS Hostmaster > Department of Information Systems > State of Arkansas > 501-682-4339 > ___ > NOTE: If there is a disclaimer or other legal boilerplate in the above > message, it is NULL AND VOID. You may ignore it. > > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] how do I train bayes MySQL when relayed
Hey, Seems like lots of spam is slipping past. In turn, I would like to train/retrain my bayes database for the defang user. This is certainly just a relay so the mail is in and out without being stored. How do I train the database when it's MySQL. Do I need to go to my MDA and pull the .msg files and feed them to the sa-learn program? Also, in the actual database I wanted to see the spam and ham count. Seems like so much ham and not much spam collected. Any reason this is incorrect?: mysql> select id,username,spam_count,ham_count,token_count from spamassassin.bayes_vars; ++--++---+-+ | id | username | spam_count | ham_count | token_count | ++--++---+-+ | 1 | defang |404 | 15794 | 203108 | ++--++---+-+ These might be dumb questions...sorry if RTFM is the only solution and I missed it somehow. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] multiplexor - No DNS servers available!
I am trying to fix our setup. What needs to exist for this to work? Jun 4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041: Slave 1 stderr: plugin: eval failed: available_nameservers: No DNS servers available! Jun 4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041: Slave 1 stderr: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Jun 4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041: Slave 1 stderr: (available_nameservers: No DNS servers available!) Jun 4 23:49:50 relay2 mimedefang-multiplexor[2199]: s553nbRf003041: Slave 1 stderr: spf: lookup failed: available_nameservers: No DNS servers available! Jun 4 23:49:50 relay2 mimedefang-multiplexor[2199]: s553nbRf003041: Slave 1 stderr: spf: lookup failed: available_nameservers: No DNS servers available! and another request for DKIM stuff: Jun 4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: plugin: eval failed: available_nameservers: No DNS servers available! Jun 4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: rules: failed to run NO_DNS_FOR_FROM RBL test, skipping: Jun 4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: (available_nameservers: No DNS servers available!) Jun 4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: rules: failed to run DKIM_ADSP_DISCARD test, skipping: Jun 4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: (available_nameservers: No DNS servers available! Jun 4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: ) Jun 4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: spf: lookup failed: available_nameservers: No DNS servers available! Jun 4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650: Slave 0 stderr: spf: lookup failed: available_nameservers: No DNS servers available! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] mimedefang with spamassassin -- incorrect score assessed
Mimedefang list, We currently use mimedefang and spamassassin on our relays. It appears that recently the relays stopped assessing a proper spam score. Some spam will get through, while others with the same format and will be blocked. I am making an assumption about wrong score based on a spam message not being detected and then copying the source(headers etc) to http://spamcheck.postmarkapp.com/ to test the score. I'll see some messages pass that are in the 10's. super spam, but still gets through. I have everything setup in /etc/mail/sa-mimedefang.cf. Originally it appeared that I needed to flush out the /etc/mail/spamassassin/bayes_{toks,seen,journal} files to allow it to regenerate a new DB for spam scores. All files in /etc/mail/spamassassin are defang:defang. I have to fix these on the bayes_ files from time to time. Any idea why these change to root:root every night? I assume cron job, etc. Not sure outside of that. /etc/mail/sa-mimedefang.cf: required_score 3.4 ok_locales en skip_rbl_checks 0 skip_uribl_checks 0 #Custom Rules score ALL_TRUSTED 0.0 0.0 0.0 0.0 score AWL 0.0 0.0 0.0 0.0 #Bayesian auto-learn config bayes_path /etc/mail/spamassassin/bayes auto_whitelist_path /etc/mail/spamassassin/auto-whitelist bayes_file_mode 0644 auto_whitelist_file_mode 0644 bayes_learn_to_journal 1 bayes_journal_max_size 102400 bayes_ignore_header X-Spam-Score bayes_ignore_header X-Scanned-By bayes_auto_learn_threshold_nonspam 0.0 bayes_auto_learn_threshold_spam 7.0 ... ... whitelist stuff ... ... blacklist stuff ... ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang