[Mimedefang] Strip DOC with macros

2015-02-25 Thread Justin Edmands 
Hey Mimedefang listers,
I wanted to know if I could use mimedefang to strip out .DOC, .DOCX, .XLS, and 
.XLSX files (or any applicable file type) if they contain a macro.


--Justin
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] learner indicated ham

2014-08-11 Thread Justin Edmands 
On Sat, Aug 9, 2014 at 1:41 PM, G.W. Haywood
 wrote:

> It wasn't all that vague. :)
>
> You guys do REJECT your spam, don't you?
>
> --
>
> 73,
> Ged.


Bill,
Thank you very much for the response. The detail is much appreciated.
As Ged mentioned, not vague, helpful to say the least. The part about
highly trusted rules caught my attention:

"Another way to increase autolearning without going all the way to the
"learn on error" behavior is to flag rules that you trust highly as
"autolearn_force" so that messages matching them won't ever be
excluded from autolearning based on the existing Bayes DB disagreeing
with the deterministic rules."

I think these will get me started:

tflags URIBL_DBL_SPAM autolearn_force
tflags URIBL_JP_SURBL autolearn_force
tflags URIBL_BLACK autolearn_force
tflags INVALID_DATE autolearn_force

Any others that are definites?
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] learner indicated ham

2014-08-08 Thread Justin Edmands 
Aug  8 12:00:53.067 [19948] dbg: learn: auto-learn: message score:
13.934, computed score for autolearn: 17.583
Aug  8 12:00:53.067 [19948] dbg: learn: auto-learn? ham=0, spam=7,
body-points=7.448, head-points=5.511, learned-points=-1.9
Aug  8 12:00:53.067 [19948] dbg: learn: auto-learn: autolearn_force
not flagged for a rule. Body Only Points: 7.448 (3 req'd) / Head Only
Points: 5.511 (3 req'd)
Aug  8 12:00:53.067 [19948] dbg: learn: auto-learn? no: scored as spam
but learner indicated ham (-1.9 < -1)


Is this something that I can fix? I want stuff to be trained as spam
but it doesn't seem to make it. I am thinking it's either a setting I
am not aware of or I need to retrain my bayes DB ham. Any help would
be great.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Mimedefang/Multiplexor wrong score. Stops running tests randomly

2014-07-18 Thread Justin Edmands 
Steffen and Stephen,
>From a combination of your responses I was able to shed some light on
a few things. Firewall outbound was blocking Pyzor/Razor and
Spamassassin for a few IPs. I originally allowed the traffic during
testing, but to one external IP that connects to spamassassin.

The command run as defang, adding a shell, was the most helpful. I was
able to see the score that defang would see. Thanks for that tip.

su defang -s /bin/bash -c 'spamassassin -x -p
/etc/mail/sa-mimedefang.cf -D' < spam.eml


Thanks again for your help. It has been greatly appreciated.

On Fri, Jul 18, 2014 at 10:54 AM, Stephen Johnson (DIS)
 wrote:
> On Thu, 2014-07-17 at 18:51 -0400, Justin Edmands wrote:
>> Hey,
>> Mimedefang is not appending the appropriate score to our messages.
>>
>> An example would be a message manually run through spamassassin
>> produces a 17.6 score. This same message processed by the mimedefang
>> filter only produces a 0.698. This is all run on the same server. What
>> the heck? It only runs those tests? It runs random tests sometimes. I
>> have no idea why. Does it have a max process time or something causing
>> it to stop running tests after X time? Anyways...
>
> You are misunderstanding how Mimedefang uses spamassassin.
> Spamassassins's rewriting of e-mail headers is done when it's used after
> the MTA has accepted delivery of the e-mail. Mimedefang runs as a milter
> (mail filter) within sendmail itself. That means that an incoming e-mail
> is still in the processing of being received when Mimedefang get's
> called be sendmail. The e-mail can't be rewritten by spamassassin.
>
> The only way to modify the incoming e-mails is via milter API calls. And
> only Mimedefang itself has to do the rewrites. Spamassassin in this
> scenario is only used to run the tests. If you are using the default
> Mimedefang filter (/etc/mail/mimedefang-filter), you will see some
> rewriting code happening in the fitler_end() function.
>
> And in terms of how spamassassin works espceically inside run within
> Mimedefang. Spamassassin data (e.g. bayes filter database, autowhitelist
> database, etc), the data is stored on a per user basis. That means the
> spamassassin runs its tests using data stored in the user id that
> Mimedefang runs under. Running the same e-mail on a different user it
> will result in different test scores. If you want a semi-accurate
> spamassasin check of an e-mail as Mimedefang sees it, it has to be done
> under the Mimedefang user id.
>
>
> --
> Stephen L Johnson  
> Unix Systems Administrator / DNS Hostmaster
> Department of Information Systems
> State of Arkansas
> 501-682-4339
> ___
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] how do I train bayes MySQL when relayed

2014-06-26 Thread Justin Edmands 
Hey,
Seems like lots of spam is slipping past. In turn, I would like to
train/retrain my bayes database for the defang user. This is certainly
just a relay so the mail is in and out without being stored. How do I
train the database when it's MySQL. Do I need to go to my MDA and pull
the .msg files and feed them to the sa-learn program?

Also, in the actual database I wanted to see the spam and ham count.
Seems like so much ham and not much spam collected. Any reason this is
incorrect?:

mysql> select id,username,spam_count,ham_count,token_count from
spamassassin.bayes_vars;
++--++---+-+
| id | username | spam_count | ham_count | token_count |
++--++---+-+
|  1 | defang   |404 | 15794 |  203108 |
++--++---+-+

These might be dumb questions...sorry if RTFM is the only solution and
I missed it somehow.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] multiplexor - No DNS servers available!

2014-06-04 Thread Justin Edmands 
I am trying to fix our setup.

What needs to exist for this to work?


Jun  4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041:
Slave 1 stderr: plugin: eval failed: available_nameservers: No DNS
servers available!
Jun  4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041:
Slave 1 stderr: rules: failed to run NO_DNS_FOR_FROM RBL test,
skipping:
Jun  4 23:49:49 relay2 mimedefang-multiplexor[2199]: s553nbRf003041:
Slave 1 stderr: (available_nameservers: No DNS servers available!)
Jun  4 23:49:50 relay2 mimedefang-multiplexor[2199]: s553nbRf003041:
Slave 1 stderr: spf: lookup failed: available_nameservers: No DNS
servers available!
Jun  4 23:49:50 relay2 mimedefang-multiplexor[2199]: s553nbRf003041:
Slave 1 stderr: spf: lookup failed: available_nameservers: No DNS
servers available!


and another request for  DKIM stuff:

Jun  4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: plugin: eval failed: available_nameservers: No DNS
servers available!
Jun  4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: rules: failed to run NO_DNS_FOR_FROM RBL test,
skipping:
Jun  4 23:59:29 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: (available_nameservers: No DNS servers available!)
Jun  4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: rules: failed to run DKIM_ADSP_DISCARD test, skipping:
Jun  4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: (available_nameservers: No DNS servers available!
Jun  4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: )
Jun  4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: spf: lookup failed: available_nameservers: No DNS
servers available!
Jun  4 23:59:30 relay2 mimedefang-multiplexor[2199]: s553xJiS003650:
Slave 0 stderr: spf: lookup failed: available_nameservers: No DNS
servers available!
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] mimedefang with spamassassin -- incorrect score assessed

2014-05-21 Thread Justin Edmands 
Mimedefang list,
We currently use mimedefang and spamassassin on our relays. It appears
that recently the relays stopped assessing a proper spam score. Some
spam will get through, while others with the same format and will be
blocked. I am making an assumption about wrong score based on a spam
message not being detected and then copying the source(headers etc) to
http://spamcheck.postmarkapp.com/ to test the score. I'll see some
messages pass that are in the 10's. super spam, but still gets
through.

I have everything setup in /etc/mail/sa-mimedefang.cf. Originally it
appeared that I needed to flush out the
/etc/mail/spamassassin/bayes_{toks,seen,journal} files to allow it to
regenerate a new DB for spam scores.

All files in /etc/mail/spamassassin are defang:defang. I have to fix
these on the bayes_ files from time to time. Any idea why these change
to root:root every night? I assume cron job, etc. Not sure outside of
that.



/etc/mail/sa-mimedefang.cf:

required_score 3.4
ok_locales en
skip_rbl_checks 0
skip_uribl_checks 0

#Custom Rules
score ALL_TRUSTED 0.0 0.0 0.0 0.0
score AWL 0.0 0.0 0.0 0.0


#Bayesian auto-learn config
bayes_path /etc/mail/spamassassin/bayes
auto_whitelist_path /etc/mail/spamassassin/auto-whitelist
bayes_file_mode 0644
auto_whitelist_file_mode 0644
bayes_learn_to_journal 1
bayes_journal_max_size 102400
bayes_ignore_header X-Spam-Score
bayes_ignore_header X-Scanned-By
bayes_auto_learn_threshold_nonspam 0.0
bayes_auto_learn_threshold_spam 7.0
...
...
whitelist stuff
...
...
blacklist stuff
...


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang