RE: [Mimedefang] compare mimedefang to mailscanner
I have been using mimedefang for a couple of years now and just today ran across the mailscanner program. On first glance it appears that the 2 do about the same thing. Have some of the experts here tried both of these and have a comparison as to how they differ? Is it worth my while to spend time trying to configure mailscanner? The biggest difference between the two is that MIMEDefang, being a milter, can act on a message DURING the original SMTP conversation thus allowing rejections, grey/black/whitelisting, and other actions to be taken before the entire message is even accepted. If you REJECT a connection while it is in progress, there's no need to generate a separate bounce notification after the fact, which will likely just clog up your outbound mail queue. You just send a rejection to the connecting server, and drop the connection, effectively slamming the door on the spammer. This brings up the mail reason I'm not using MailScanner. Mail rejected during the SMTP conversation goes back to the sending server. Mail bounced afterwards goes wherever the spammer wants it to go. Google 'backscatter spam'. -- Tim Boyer Director Information Systems and Engineering Projects Denman Tire Corporation [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Spamassassin detailed score in message header
action_change_header(X-Spam-Score, $hits ($score) $names); works great, and gives me the total score. It would be great, however, if I could get more detail, e.g., X-Spam-Score: 8.152 () AWL,BAYES_99 (5.38),DCC_CHECK (2.10),DNS_FROM_RFC_ABUSE (0.32),DNS_FROM_RFC_POST (0.22),FORGED_RCVD_HELO (1.23),UNDISC_RECIPS (0.01) Is there an easy way to do this? Or could someone point me to where it's spelled out in excruciating detail in the docs and I missed it completely? Thanks much, -- Tim Boyer Director IT and Engineering Projects Denman Tire Corporation (330) 675-4249 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Spamassassin detailed score in message header
Actually, somebody had a quite similar question recently ;-( have a look at this thread: http://marc.theaimsgroup.com/?t=11646654946r=1w=2 hope that helps! Certainly does. I searched the archives, but missed this thread. Thanks much! -- tim -- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Scoring inconsistency question
I've been using MIMEDefang / SpamAssassin for years. I'm running 3.1.6 on a Red Hat box, and 99% of the time, all is well. Last week I added a rule to tag those annoying .gif pump-and-dump emails. Nothing fancy: rawbody IMG_SRC_CID /src\=(\c|c)id\:/i score IMG_SRC_CID 2.0 Most of the time it works fine. However, occasionally, I'll get an email that ONLY sees that rule. I'm using MimeDefang to rewrite the headers, and all it shows is X-Spam-Score: 2 (**) IMG_SRC_CID But when I do a spamassassin --debugtest with the message, it finds all kinds of fun things: Content analysis details: ( 6.6 points, 9.0 required) pts rule name description -- -- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO -0.3 BAYES_40 BODY: Bayesian spam probability is 20 to 40% [score: 0.2631] 1.9 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.0 IMG_SRC_CIDRAW: cid in body The very next message is the same kind of scam, but sees everything: X-Spam-Score: 7.967 (***) BAYES_00,DNS_FROM_RFC_ABUSE,FORGED_RCVD_HELO,HTML_ 00_10,HTML_MESSAGE,IMG_SRC_CID,MIME_HTML_ONLY,RCVD_NUMERIC_HELO So what obvious mistake am I making? Thanks for any help... -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Inconsistent scoring problem
I've been using SA for years. I'm running 3.1.6 on a Red Hat box, and 99% of the time, all is well. Last week I added a rule to tag those annoying .gif pump-and-dump emails. Nothing fancy: rawbody IMG_SRC_CID /src\=(\c|c)id\:/i score IMG_SRC_CID 2.0 Most of the time it works fine. However, occasionally, I'll get an email that ONLY sees that rule. I'm using MimeDefang to rewrite the headers, and all it shows is X-Spam-Score: 2 (**) IMG_SRC_CID But when I do a spamassassin --debugtest with the message, it finds all kinds of fun things: Content analysis details: ( 6.6 points, 9.0 required) pts rule name description -- -- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO -0.3 BAYES_40 BODY: Bayesian spam probability is 20 to 40% [score: 0.2631] 1.9 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 1.4 HTML_10_20 BODY: Message is 10% to 20% HTML 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.0 IMG_SRC_CIDRAW: cid in body The very next message is the same kind of scam, but sees everything: X-Spam-Score: 7.967 (***) BAYES_00,DNS_FROM_RFC_ABUSE,FORGED_RCVD_HELO,HTML_ 00_10,HTML_MESSAGE,IMG_SRC_CID,MIME_HTML_ONLY,RCVD_NUMERIC_HELO So what obvious mistake am I making? Thanks for any help... -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Wed, 04 Jan 2006 21:17:04 -0500, David F. Skoll [EMAIL PROTECTED] wrote: Tim Boyer wrote: return action_drop_with_warning(\n.\n\n); [...] I've changed action_drop_with_warning to action_bounce. Instead of bouncing, however, I'm getting the set_reply returned MI_FAILURE in logs, and the message is not being rejected. You can't have newlines (\n) in the text part of a bounce message. That's probably the problem. David, I'll give that a try - thanks much! But just FYI, that's what's in the stock mimedefang-filter in 2.54: if (filter_bad_filename($entity)) { md_graphdefang_log('bad_filename', $fname, $type); action_notify_administrator(A MULTIPART attachment of type $type, named $fname was dropped.\n); return action_drop_with_warning(An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If yourequire this document, please contact\nthe sender and arrange an alternate means of receiving it.\n); } # eml is bad if it's not message/rfc822 if (re_match($entity, '\.eml') and ($type ne message/rfc822)) { md_graphdefang_log('non_rfc822',$fname); return action_drop_with_warning(A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n); } -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Wed, 04 Jan 2006 21:17:04 -0500, David F. Skoll [EMAIL PROTECTED] wrote: Tim Boyer wrote: return action_drop_with_warning(\n.\n\n); [...] I've changed action_drop_with_warning to action_bounce. Instead of bouncing, however, I'm getting the set_reply returned MI_FAILURE in logs, and the message is not being rejected. You can't have newlines (\n) in the text part of a bounce message. That's probably the problem. That was it. Thanks much - and I'll submit a bug report. The default filter won't work, either. -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: set_reply returned MI_FAILURE
On Thu, 05 Jan 2006 08:32:35 -0500, David F. Skoll [EMAIL PROTECTED] wrote: Tim Boyer wrote: That was it. Thanks much - and I'll submit a bug report. The default filter won't work, either. Sure it will. action_drop_with_warning can have a multiline message, but action_bounce can't. My mistake if I misled you with my previous mail. Regards, David. Ah - that make sense. I _thought_ it was rather odd that I was the first person to notice this! :) Thanks much... -- tim boyer [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] canonicalize_email error
I tried putting in one of the subroutines that David presented at the Lisa '03 session. It's got the line $recipient = canonicalize_email($recipient); in filter_recipient. But when I run it, I get this in the logs: May 4 21:57:52 melbourne mimedefang-multiplexor[3916]: Slave 0 stderr: Undefined subroutine main::canonicalize_email called at /etc/mail/mimedefang-filter line 245, STDIN line 6. Have I typed it wrong? Spelled it wrong? -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: syslog: invalid level/facility
On Mon, 07 Feb 2005 09:48:13 -0500, Dave O'Neill [EMAIL PROTECTED] wrote: Tim Boyer wrote: I'm getting the following in the log file when receiving mail: Feb 6 21:10:32 tolstoy mimedefang-multiplexor[28288]: Slave 0 stderr:syslog: invalid level/facility: good at /usr/local/bin/mimedefang.pl line 553 The error invalid level/facility: good is the clue here. It looks like somewhere in your filter, md_syslog() is being called with a first argument of good. This will fail, as there's no such log level. Cheers, Dave Hmm. Absolutely correct. But I wonder why it's working on the 2.44 system, and fails on the 2.49? Ah, well - sometime when I get really bored, I'll find out. In the meantime, that fixed it. Thanks much, Dave! -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] syslog: invalid level/facility
I'm getting the following in the log file when receiving mail: Feb 6 21:10:32 tolstoy mimedefang-multiplexor[28288]: Slave 0 stderr:syslog: invalid level/facility: good at /usr/local/bin/mimedefang.pl line 553 That's in the middle of the md_syslog routine. I made sure Unix::Syslog was installed and up to date. It looks like it's failing on the line syslog($facility, %s, $msg); This is a reinstall on a RHE3 machine - we moved machines, and went from 2.44 to 2.49. Syslog-ng.conf and the other configuration files are identical to a known good working 2.44 system. Commenting out if ($Features{Unix::Syslog}) { my $num_fac = convert_log_facility_to_number($facility); syslog($num_fac, %s, $msg); } else { syslog($facility, %s, $msg); } allows the system to receive mail - but is not, I understand, an optimal solution. Thanks much for any assistance... -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Sun, 14 Nov 2004 08:54:55 -0500, Kevin A. McGrail [EMAIL PROTECTED] wrote: Ah! I forgot. I'm accessing this list thorugh gmane.mail.mimedefang. It lets you access mailing lists as if they were usenet groups, complete with threading, etc. So of course, you're seeing these posts as though they're running through an nntp mailer. It's merely because they are. :) I've copied both of you with a copy of this message running through my 'real' mailer. Well, just trying to solve the mystery of the original content type header and I've exhausted my ideas if gmane isn't the culprit. Regards, KAM Thanks for the ideas. I'll keep at it. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 12 Nov 2004 12:22:38 -0500, Jeff Rife [EMAIL PROTECTED] wrote: On 12 Nov 2004 at 8:52, Kevin A. McGrail wrote: Well your emails are the only emails that show up in my inbox with newsgroup features ;-) And I'm pretty sure I'm not nuts because I can definitely see headers like this: X-Complaints-To: [EMAIL PROTECTED] X-Gmane-NNTP-Posting-Host: dhcp065-025-111-053.neo.rr.com X-Newsreader: Forte Agent 2.0/32.652 Same headers here, so it's not something on your end. Ah! I forgot. I'm accessing this list thorugh gmane.mail.mimedefang. It lets you access mailing lists as if they were usenet groups, complete with threading, etc. So of course, you're seeing these posts as though they're running through an nntp mailer. It's merely because they are. :) I've copied both of you with a copy of this message running through my 'real' mailer. Sorry about the confusion... -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Wed, 10 Nov 2004 08:28:08 -0500, Kevin A. McGrail [EMAIL PROTECTED] wrote: Tim, Your emails come through what looks to me like an NNTP to SMTP conversion system. Is that possibly munging your headers? Regards, KAM Shouldn't be - it's straight Sendmail Switch. No nntp around. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Mon, 8 Nov 2004 21:37:01 +0100, No Six [EMAIL PROTECTED] wrote: On Fri, Nov 05, 2004 at 11:24:17AM -0500, Dan Tulovsky wrote: My sa-mimedefang file has this: # By default, spamassassin will change the Content-type: header of # suspected spam to text/plain. This is a safety feature. If you # prefer to leave the Content-type header alone, set this to 0. # # defang_mime 0 Maybe your defang_mime is set to 1? Another possible explanation ... Are you using a procmail recipe such as html-trap.procmail : http://www.impsec.org/email-tools/html-trap.procmail http://www.math.rutgers.edu/procmail/pm/html-trap.rc Check for /etc/procmailrc, $HOME/.procmailrc Number Six Not using procmail, so that's not it - but thanks. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 18:07:03 -0500, Dan Tulovsky [EMAIL PROTECTED] wrote: Does your sa-mimedefang config file contain this line: Defang 1 That would do it... Dan Nope; in fact, it doesn't have defang_mime anywhere in it. I'll try setting it to 0, just in case it's getting inherited from somewhere else. Thanks! -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 07:11:23 +, Rob MacGregor [EMAIL PROTECTED] wrote: On Thu, 04 Nov 2004 18:45:17 -0500, Tim Boyer [EMAIL PROTECTED] wrote: I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and SpamAssassin 3.0.1. Somewhere in there a very few html messages are having their content type changed to text/plain, and an 'Original-Content-Type' line inserted, like so: I'd say the most likely is MIMEDefang (and the least likely Sendmail). It depends however on what's in your mimedefang-filter... Also, are you 100% sure that they're not arriving at you like that? I've got nothing in mimedefang-filter that's rewriting that, and I'm sure they're arriving like that - only because I did some rudimentary debugging of my own in mimedefang-filter: if ($type eq text/html) { md_graphdefang_log('html', $Subject, $RelayAddr); so I can see where it came in as html: Nov 4 16:12:09 melbourne2 mimedefang.pl[23152]: MDLOG,iA4LC9H5007402,html,Rubber Plastics News E-mail for November 03,2004,216.35.77.117 So it's getting here as html, but _something_ is changing it. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Original-Content-Type in header
On Fri, 5 Nov 2004 08:13:15 -0500 (EST), David F. Skoll [EMAIL PROTECTED] wrote: On Fri, 5 Nov 2004, Rob MacGregor wrote: On Thu, 04 Nov 2004 18:45:17 -0500, Tim Boyer [EMAIL PROTECTED] wrote: I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and SpamAssassin 3.0.1. Somewhere in there a very few html messages are having their content type changed to text/plain, and an 'Original-Content-Type' line inserted, like so: I'd say the most likely is MIMEDefang (and the least likely Sendmail). It depends however on what's in your mimedefang-filter... MIMEDefang itself doesn't have anything referring to Original-Content-Type, and neither does MIME-tools. It must be an explicit filter decision, or something else is munging the messages. Thanks, David - that at least narrows it down. It's nothing I'm doing in MIMEDefang, so it's either SpamAssassin or Sendmail. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Fri, 01 Oct 2004 09:07:07 -0700, Kelson [EMAIL PROTECTED] wrote: Tim Boyer wrote: It's bouncing: Sep 30 21:14:43 melbourne2 sm-mta[17694]: i911EUd5017694: Milter: data, reject=554 5.7.1 SpamAssassin has identified this email as possible spam. Please see http://www.denmantire.com/blocklist.html if you think this is incorrect. ... but never remailing. Are you running a client queue runner? What does mailq -Ac tell you? mailq -Ac /var/spool/clientmqueue is empty Total requests: 0 -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Fri, 1 Oct 2004 09:20:57 -0700, [EMAIL PROTECTED] wrote: I imagine the remail is also bouncing, as it is also being detected as spam. I worry that each remail is spawning another remail... so every spam is spawning its own infinite loop. (uh-oh!) Try this... Instead of if ($hits = $req) { do this (untested:) if ($hits = $req and $RelayAddr ne 127.0.0.1) { This will allow the remailed items to skip over the action_bounce. I was getting a loop, so that sounds _very_ likely. I'll give it a shot. Thanks much... -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Wed, 29 Sep 2004 16:35:29 -0700, Kelson [EMAIL PROTECTED] wrote: Tim Boyer wrote: Is there any way for the same message to be bounced, AND send a copy to postmaster? Until I get comfortable with SpamAssassin, I'd like Postmaster to take a look at what's bouncing. Call resend_message('[EMAIL PROTECTED]') before action_bounce. That should do it, as long as you (a) have the client queue-runner active and (b) avoid running locally-generated mail through SpamAssassin. Hmmm, either that didn't work, or (much more likely) I'm doing it wrong: resend_message('[EMAIL PROTECTED]'); action_bounce(SpamAssassin has identified this email as possible spam); return (); I can see it in the logs - it's bouncing, but not sending me a copy. Alternatively, you can quarantine the message (using quarantine_entire_message) instead of sending it to your postmaster. But can I quarantine _and_ bounce? -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Bounce AND send a copy?
On Thu, 30 Sep 2004 07:19:25 -0400 (EDT), David F. Skoll [EMAIL PROTECTED] wrote: On Thu, 30 Sep 2004, Tim Boyer wrote: Hmmm, either that didn't work, or (much more likely) I'm doing it wrong: resend_message('[EMAIL PROTECTED]'); You want: resend_message_one_recipient('[EMAIL PROTECTED]'); But can I quarantine _and_ bounce? Yes, sure. Regards, David. Hmmm... apologies, but I must be doing something stupid. Here's what I've got: if ($Features{SpamAssassin}) { snip if ($hits = $req) { md_graphdefang_log('spam', $hits, $RelayAddr); action_add_part($entity, text/plain, -suggest, $report\n, SpamAssassinReport.txt, inline); # Add a header with original recipients, just for info action_add_header(X-Orig-Rcpts, join(, , @Recipients)); foreach $recip (@Recipients) { delete_recipient($recip); } resend_message_one_recipient('[EMAIL PROTECTED]'); action_bounce(SpamAssassin has identified this email as possible spam); return (); } It's bouncing: Sep 30 21:14:43 melbourne2 sm-mta[17694]: i911EUd5017694: Milter: data, reject=554 5.7.1 SpamAssassin has identified this email as possible spam. Please see http://www.denmantire.com/blocklist.html if you think this is incorrect. ... but never remailing. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: URIDNSBL not running
On Fri, 1 Oct 2004 10:34:25 +1000, Matt Smith [EMAIL PROTECTED] wrote: Nathan Martinez [EMAIL PROTECTED] wrote: would give URIDNSBL a try, but I can't seem to get its rules to run. I have $SALocalTestsOnly = 0 in my mimedefang-filter. Hi Nathan, Having just enabled this feature myself (MD v2.41/2.38 + SA 2.63), and experienced the frustration when it didn't work, make sure that your $SALocalTestsOnly variable is set before the SpamAssassin init routine (as below) in your mimedefang-filter. $SALocalTestsOnly = 0; if ($Features{SpamAssassin}) { spam_assassin_init()-compile_now(1) if defined(spam_assassin_init()); Also, make sure that in your sa-mimedefang.cf file, you don't have the line skip_rbl_checks 0 as that will undo the above. Hope this helps, or gives you somewhere to look! There was a bit of activity on this list within the past month or two regarding enabling this, I couldn't find any specific reference off-hand, but give it a search if you get stuck. Regards, Matt I'll also add my recent experience. Test it, using a piece of email you _think_ should be blocked: su -c spamassassin --test -D defang email.test .. and make sure your permissions on the modules are correct. -- Tim Boyer [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Bounce AND send a copy?
Is there any way for the same message to be bounced, AND send a copy to postmaster? Until I get comfortable with SpamAssassin, I'd like Postmaster to take a look at what's bouncing. It's easy to do one or the other - I've done add_recipient('[EMAIL PROTECTED]'); return (); and action_bounce(SpamAssassin has identified this email as possible spam); return (); but is it possible to do both? Thanks much, -- Tim Boyer Director Information Systems and Engineering Projects Denman Tire Corporation [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RE: MIMEDefang, SpamAssassin and URIDNSBLs
Hi, Why the heck would I get one score when called from MIMEDefang, and another when done 'by hand'? Sounds like you have two or more spamassassin config files. The one from spamassassin is residing in /usr/local/etc/mail/local.cf, the other is the mimedefang one in /docsis/etc/mimedefang/sa-mimedefang.cf. One of them has network tests disabled. Martin That was my first guess, so a week ago I changed a score to try to track it: score BIZ_TLD 3.141 Both the MIMEDefang and the 'by hand' examples show: 3.1 BIZ_TLDURI: Contains an URL in the BIZ top-level domain so they've got to be using the same config file - right? -- tim -- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] RE: MIMEDefang, SpamAssassin and URIDNSBLs
On Fri, 24 Sep 2004, Tim Boyer wrote: Why the heck would I get one score when called from MIMEDefang, and another when done 'by hand'? Because MIMEDefang doesn't do network tests unless you ask it to. This is in the FAQ: http://www.mimedefang.org/node.php?id=15 -- David. It's in there: $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = Tim Boyer; $SALocalTestsOnly = 0; ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang