ApacheCon SpamAssassin BOF 11/16 9pm

[Michael Parker]

Hi All,

If you're traveling to ApacheCon next week be sure to come by the
SpamAssassin BOF session.  It is currently scheduled for November 16th
from 9-10pm, not sure on the physical location, so be sure check the
session schedule.

Michael

-- 
ApacheCon November 13-17 2004 http://www.apachecon.com/
See three SpamAssassin sessions & more
Birds of a Feather Session: November 16th, 9-10pm


pgp6loOzpyeEC.pgp
Description: PGP signature

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Troels Walsted Hansen]

Justin Mason wrote:
I was going to, but then I found Bug #3389: "Request for ability to add 
arbitrary headers from plugins" 

I think that covers it pretty well..?
   

yep; noted.  I've added a note.
 

Thanks.
Also, putting the plugin code into the Wiki would be great ;)  There's
a CustomPlugins page, iirc.
 

Will do.
   

cheers!
 

http://wiki.apache.org/spamassassin/CustomPlugins has been updated with 
a reference to http://wiki.apache.org/spamassassin/ClamAVPlugin

As a bonus for anyone going there, I cleaned up the 
headers_spam/headers_ham code a little and added detection of a new (if 
unlikely) error case. :-)

Troels

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Troels Walsted Hansen writes:
> Justin Mason wrote:
> 
> >>I was expecting a $permsgstatus->add_header() function or similar, and
> >>when I didn't find I grepped the SA source until I found an alternative
> >>way to add headers to the mail.
> >>
> >>
> >This is definitely an interesting feature idea.  Could you open a bug
> >on the bugzilla for that?
> >  
> >
> I was going to, but then I found Bug #3389: "Request for ability to add 
> arbitrary headers from plugins" 
> 
> 
> I think that covers it pretty well..?

yep; noted.  I've added a note.

> >Also, putting the plugin code into the Wiki would be great ;)  There's
> >a CustomPlugins page, iirc.
> >  
> >
> Will do.

cheers!

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBko5tMJF5cimLx9ARApRzAKCjEmfXuIUNkZnrcj6TWK/9o0ATtgCeImlF
lUvsvaHv2vrClxeJpNaF6OQ=
=VorP
-END PGP SIGNATURE-

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Troels Walsted Hansen]

Justin Mason wrote:
I was expecting a $permsgstatus->add_header() function or similar, and
when I didn't find I grepped the SA source until I found an alternative
way to add headers to the mail.
   

This is definitely an interesting feature idea.  Could you open a bug
on the bugzilla for that?
 

I was going to, but then I found Bug #3389: "Request for ability to add 
arbitrary headers from plugins" 


I think that covers it pretty well..?
Also, putting the plugin code into the Wiki would be great ;)  There's
a CustomPlugins page, iirc.
 

Will do.
Troels

RE: SPF fails now

[Martin]

 |-Original Message-
|From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
|Sent: 10 November 2004 19:42
|To: Raymond Dijkxhoorn
|Cc: marti; Spamassassin
|Subject: Re: SPF fails now 
|
|-BEGIN PGP SIGNED MESSAGE-
|Hash: SHA1
|
|
|Raymond Dijkxhoorn writes:
|> Hi!
|> 
|> > Since I have moved my mailserver/spamassassin onto my gateway, SPF 
|> > now fails on most messages, of which most are forwarded from my 
|> > ISP's mailerver. Mail sent direct to my mailserver get SPF_PASS.
|> >
|> > E.g. marti.mine.nu saw a message coming from the IP address 
|> > 62.253.162.47 which is mta07-svc.ntlworld.com; the sender 
|claimed to 
|> > be [EMAIL PROTECTED]
|> > However, spamassassin.apache.org has announced using SPF that it 
|> > does not send mail out through 62.253.162.47.
|> >
|> > Is there anyway to fix this or do I need to turn SPF off?
|> 
|> If you forward mail if breaks SPF, please check the SPF 
|dokumentation 
|> about that.
|
|how's the forwarding set up?   If that's what's happening, you 
|should fix
|it to resend the message with a new MAIL FROM address, e.g. by doing
|
|"|/usr/lib/sendmail [EMAIL PROTECTED]"
|
|in ~/.forward.   However I doubt NTLWorld give you access to a 
|~/.forward
|;)
|
Unfortunately I can't see NTL doing that for me ;)

I have found a way to stop the forwarded email failing the SPF rule, by
putting the NTL mailservers as trusted network and the spf rule still works
ok when I send from my hotmail address direct to the mailserver. But not
sure if that might break anything else, seems ok so far :)

Sorry for the duplicate post on this, the first one got lost for 24 hours in
NTL's wonderfull email servers, shame this mailing don't allow me to send
direct from my own mailserver.

Martin

Re: sa-learn

[hamann . w]

>> 
>> I want to integrate sa-learn to learn what is spam and what is non spam.
>> I use SA 2.64 and procmail.
>> 
>> Is it OK if I have two users that each move there SPAM and HAM to
>> local IMAP folders ?.
>> 
>> Like FALSE-SPAM and SPAM
>> How do I specfy to sa-learn to go look in a certain imap folder ?.
>> 
>> /Hitete
>> 

Hi,

I have a similar setup and came up with the attached program (of course I would 
like to see
it integrated into the mainstream development :)

It works for me.
Beware: when I tried NetxAP module from CPAN first time, about a year ago, it 
did not work
and required some patching. 

Wolfgang Hamann

begin 644 sa-learn-imap
M(R$O=7-R+V)I;B]P97)L("U4("UW"@IE=F%L("=E>&5C("]U7)I9VAT(#(P,[EMAIL PROTECTED](%-O9G1W87)E
M($9O=6YD871I;VX*(R`*(R!,:6-E;G-E9"!U;F1E2!O8G1A:[EMAIL PROTECTED];W!Y(&]F('1H92!,
M:6-E;G-E(&%T"B,@"B,@("`@(&AT='`Z+R]W=W2!A<'!L
M:6-A8FQE(&QA=R!O2`D3$]#04Q?4E5,15-?1$E2
M(#T@)R]E=&,O;6%I;"]S<&%M87-S87-S:6XG.R`@(R!S=6)S=&ET=71E9"!A
M="`G;6%K92<@=&EM90H*=7-E(&QI8B`G+W5SPH@(",@3&]C871E(&QO8V%L;'D@:6YS=&%L
M;&5D(%-!(&QI8G)A2!`8FEN([EMAIL PROTECTED]
M4W!E8RT^2`D8FEN([EMAIL PROTECTED]"1B:6Y;,%T@/R!&
M:6QE.CI3<&5C+3YC871P871H*$!B:6Y;,"XN,5TI(#H@)&)I;ELQ72D@(",@
M+VAO;64O:FTO9F]O("T^("]H;VUE+VIM"B`@("`@("`@("`@('Q\($9I;&4Z
M.E-P96,M/F-U2X*
M("`C(&YO=&[EMAIL PROTECTED]&AA="`N+VQI8B]-86EL+U-P86U!71EPH@("`@("!U;G-H:69T*$!)3D,L("PH@("`@("`@(&UY("1D:7(@
M/2!&:6QE.CI3<&5C+3YC871D:7(H)&)I;BP@6]U(&-A;B!P=70@>6]U2`D;6%I;&)O>"`]("))3D)/6"Y3<&%M(CL*;7D@)&5R
M87-E(#T@,3L*"D=E=$]P=&EO;G,H"B`@)W-P86TG("`@("`@("`]/B!S=6(@
M>R`D:7-S<&%M(#T@,[EMAIL PROTECTED]("`G:&%M?&YO;G-P86TG(#T^('-U8B![("1I
MR=PR=L;V-A;"=]+`H*
M("`G'QM/7,G("`@("`]/B!<)&UA
M:6QB;[EMAIL PROTECTED]"B`@)W5S97)N86UE)R`@("`@("`@/[EMAIL 
PROTECTED]"1O<'1[)W5S97)N86UE
M)WTL"B`@)V5R87-E)R`@("`@("`@("`@/[EMAIL PROTECTED]"1EPH@('5S86=E*"`P+"`B1F]R(&UO
M&ET(#`["GT*"B1I;6%PEPN7RU=*RDD+RD["@HC(&EN:71I
M86QI>F4@:6UA<`IM>2`D:6UA<"`](&YE=R!.970Z.DE-05`H)&EM87!S97)V
M97(L(%-Y;F-H"`D;6%I;&)O>"!D;V5S(&YO="!E>&ES="!O0HD
M2`@("`]/B`Q
M+`H@("[EMAIL PROTECTED]&]N=%]C;W!Y7W!R969S("`@("`]/B`Q+`H@("[EMAIL 
PROTECTED])%1DE8("`@
M("`@("`@("`@("`]/B`D4%)%1DE8+`H@("[EMAIL PROTECTED]&7U)53$537T1)4B`@("`@
M("`]/B`D1$5&7U)53$537T1)4BP*("`@($Q/0T%,7U)53$537T1)4B`@("`@
M/3X@)$Q/0T%,7U)53$537T1)4BP*("!]"BD["@HD65S7V1B(&]P
M97)A=&EO;@II9B`H(&1E9FEN960@)&)A>65S7V]V97)R:61E7W!A=&@@*2![
M"@H@(",@061D(&[EMAIL PROTECTED]&5F875L="!PPH@
M("`@)&)A>65S7V]V97)R:61E7W!A=&@@/2!&:6QE.CI3<&5C+3YC871F:6QE
M*"`D8F%Y97-?;W9E65S)R`I.PH@('T*"B`@(R!I
M;FET*"[EMAIL PROTECTED])[EMAIL PROTECTED]&EEW5S95]B87EE<[EMAIL PROTECTED]"[EMAIL 
PROTECTED];B`B15)23U(Z(&-O;F9I9W5R871I;VX@
MPH@
M("[EMAIL PROTECTED]:7)E("`@("`@/3X@)&]P='LG9F]R8V4M97AP:7)E)WTL
M"B`@("!L96%R;E]T;U]J;W5R;F%L("`]/B`Q+`DC('=E(&%L=V%YR=U6YC('1H92!J;W5R;F%L(&9I71H:6YG(&)E9F]R92!D;VEN9R!A;GET:&EN9R!E;'[EMAIL PROTECTED]"FEF("@@
M(21O<'1[;F]S>6YC?2`I('L*("`D2`D;2`]("1X+3Y[37-G;G5M?3L*"6UY("1M
MR=B;V1Y6VAE861ER=B;V1Y
M6W1E>'1=)WT["B`@("!M>2`D;6$@/2!-86EL.CI3<&%M07-S87-S:6XM/G!A
M2`D;B`](#$@
M.R`D;B`\("1M87AM5MH96%D97)=)RP@)V)O9'E;=&5X=%TG*3L*"7!R:6YT(")P
M&US9UQN(CL*"21I;6%P+3YS=&[EMAIL PROTECTED];BP@(BMF
M;&%GR!V97)B;W-E(#T^
M(#%]*3L*)'-P86UT97-T+3YF:6YI&ET(#`["@HC(R,C(R,C(R,C(R,C(R,C
M(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C(R,C
M(R,C(R,C(R,C(R,C(R,*"G-U8B!K:6QL960@>PH@("1S<&%M=&5S="T^9FEN
M:7-H7VQE87)N97(H*3L*("!D:64@(FEN=&5R2`H("1V97)B;W-E+"`D;65S65S7VEG;F]R95]T;[EMAIL PROTECTED]>6YC"0D)"2`@(%-Y;F-R;VYI>F4@
M=&AE(&1A=&%B87-E(&%N9"!T:&4@:F]U6YC(&%N9"!E>'!I
M65S($1"(&9R;VT*("TM9'5M<"!;86QL?&1A=&%\
M;6%G:6-=("`@("`@("`@("!$:7-P;&%Y('1H92!C;VYT96YT'`@/')E/B`@("`@("`@("`@("`@("`@("[EMAIL PROTECTED](&1U
M;7`@;VYL>2P@[EMAIL PROTECTED]:6QE("`@("`@("`@("`@
M("`@("`@("`@("`@("`@($EG;F]R960[(&AI[EMAIL PROTECTED]("`@("`@("`@("`@("`@("`@("`@("`@("`@($EN<'5T
M('-O=7)C97,@87)E(&EN(&UB;W@@9F]R;6%T"B`M+6UB>"`@("`@("`@("`@
M("`@("`@("`@("`@("`@("[EMAIL PROTECTED]@6YC("`@("`@("`@("`@("`@
M("`@("`@("`@(%-K:7`@2P@
M;F\@;F5T=V]R:R!A8V-E[EMAIL PROTECTED]2!T;PIM96%N(&AA;2X*"E-I;7!L>2!R=6X@
M=&AI6]U2!F;VQD97(@
M=&AA="!M871C:&[EMAIL PROTECTED];4%S[EMAIL PROTECTED]('=I;&P@
M;F]T"G)E+6QE87)N('1H;W-E(&UE6]U
M('5S92!T:&[EMAIL PROTECTED]6]U(&UA:[EMAIL 
PROTECTED]:7-T86ME(&%N9"!S8V%N
M(&$@;6%I;"!A<[EMAIL PROTECTED];B!I="!I65S:6%N('[EMAIL PROTECTED];'ES:7,L(&EN"G1H92!F
M;W)M(&]F('1H92!"05E%4R!R=6QE<[EMAIL PROTECTED]&AI7-I6]U2!E87-Y('1O('5N9&5R7-I7,*:70@:7,@;&EK
M96QY(&%S('1H:7,@9F%L;',@:6YT;R!A('!R;V)A8FQI6]U2!T:&[EMAIL PROTECTED]"!T:&[EMAIL PROTECTED](&EN"G1H:7,@8V%S92!I2X*"E1H92!D871A8F%S97,@:70@;6%I;G1A:6YS
M('1A:V4@<75I=&[EMAIL PROTECTED];W0@;V8@&[EMAIL PROTECTED]"!Y;[EMAIL PROTECTED]"!H86YD+7-O<[EMAIL 
PROTECTED]&AI
M2P@;&]W97)I;F<@=&AE"G=E:6=H=&EN9R!O9B!T:&4@2!I9B!T:&%T(&UE6YC(&UA:6QM97-S86=E"@I4:&ES(&ES
M(&AA;F1Y(&9O6]U(')U;B!W:71H('1H
M92!#/"TM6]U(&1O;B=T(&[EMAIL PROTECTED];W)P=7,@
M;V8@;6%I;"!S879E9"!T;R!L96%R;BP@>6]U(&-A;B!L970*4W!A;4%S6]U(&[EMAIL PROTECTED]&[EMAIL PROTECTED]')A:[EMAIL 
PROTECTED]&AE;2!W:71H(&YE=PIM
M97-S86=E[

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Troels Walsted Hansen writes:
> Daryl C. W. O'Shea wrote:
> 
> > Well sort of.  The headers only get set if the message ends up being 
> > classified as spam.  If you receive a virus from a whitelisted user, or 
> > in a message that would otherwise score less than -5.0 (at least with 
> > the default score CLAMAV 10), the X-Spam-Virus: Yes ($virus) header 
> > won't be added since the headers are only added to %headers_spam.  Of 
> > course, clean messages won't have a header added in ham messages either.
> > 
> > Adding the "Virus" headers to the headers_ham hash, as in the attached 
> > file, correct this.
> 
> You're perfectly right, of course. I did notice this problem, but I
> wasn't aware of headers_ham so I didn't find a way to fix it. In fact I
> was wondering about the legality of manipulating
> $permsgstatus->{main}->{conf} from a plugin. Is it considered bad practice?
> 
> I was expecting a $permsgstatus->add_header() function or similar, and
> when I didn't find I grepped the SA source until I found an alternative
> way to add headers to the mail.
> 
> Thanks for your fix!

This is definitely an interesting feature idea.  Could you open a bug
on the bugzilla for that?

Also, putting the plugin code into the Wiki would be great ;)  There's
a CustomPlugins page, iirc.

> > Otherwise a pretty cool plugin for those who can't for whatever reason 
> > do it another way.
> 
> Thank you.
> 
> Troels
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBkoGMMJF5cimLx9ARAhaFAKCuOPx452TTmRB7/lgM5QSOrdtYcgCfRogD
PvulDnCbe6kDRztv/L6Nnw4=
=L2OG
-END PGP SIGNATURE-

Re: non-dns based load balancing spamd

[Jeremy Rumpf]

On Wednesday 10 November 2004 13:33 pm, [EMAIL PROTECTED] wrote:
> I am looking for some help finding a proxy/load balancer that will work
> with spamc->group of spamd machines
>
> Does anyone have any tips on what to use?
>
> I tried balance (http://www.inlab.de/balance.html) and pen
> (http://siag.nu/pen/) both return identical results, spamc sending to
> machine directly marks up a test spam, sending to the load balancer, it
> comes back unchanged, the logs show balance reaching the remote machine and
> it processing the spam correctly, pen doesn't fare as well, tpcdump don't
> show it trying to connect to another machine, the return code when running
> with -x switch is "74" for both proxies.
>
> Any help is appreciatated, I was unable to find any answers in the mail
> archives or wiki.
>
> Thank you,
> brian


The best bet if you're using linux is to use LVS.

http://www.linuxvirtualserver.org/

I have two directors that balance mail, ftp and www. They run in Direct 
Routing mode, which is essentially layer 2 load balancing (done at the 
ethernet mac layer).

They both use VRRP failover incase on dies. Using keepalived,

http://www.keepalived.org

This type of setup can be difficult to get right and you will have to 
recompile your kernel. If that makes one uneasy, stick with DNS round robin. 

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Troels Walsted Hansen]

Daryl C. W. O'Shea wrote:
Well sort of.  The headers only get set if the message ends up being 
classified as spam.  If you receive a virus from a whitelisted user, or 
in a message that would otherwise score less than -5.0 (at least with 
the default score CLAMAV 10), the X-Spam-Virus: Yes ($virus) header 
won't be added since the headers are only added to %headers_spam.  Of 
course, clean messages won't have a header added in ham messages either.

Adding the "Virus" headers to the headers_ham hash, as in the attached 
file, correct this.
You're perfectly right, of course. I did notice this problem, but I
wasn't aware of headers_ham so I didn't find a way to fix it. In fact I
was wondering about the legality of manipulating
$permsgstatus->{main}->{conf} from a plugin. Is it considered bad practice?
I was expecting a $permsgstatus->add_header() function or similar, and
when I didn't find I grepped the SA source until I found an alternative
way to add headers to the mail.
Thanks for your fix!
Otherwise a pretty cool plugin for those who can't for whatever reason 
do it another way.
Thank you.
Troels

Re: not scanning for virus after spamscan

[Matt Kettler]

At 04:46 AM 11/10/2004, Roel Bindels wrote:
Hello List
I'm using amavis (old version) wich does the spam scanning and I'm using
amavis for virus scan.
When a virus is marked as spam no virusscan takes place.
Does anyone kwon why this is and how this can be fixed
greetings Roel Bindels
(config files can be send on request)

*shrug*. Might I suggest asking on the amavis list? There will be more 
amavis-savvy people there than here.


p.s. misdirected To: for Bob Proulx removed.
Misdirected references headers caused by abusing a reply not removed.
(References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>)
In the future, be aware that editing the subject and content of a message 
will not fool the list archives or any thread-aware mail readers that 
understand the References: header. These tools will keep track of your 
message as a reply, not a subject of it's own, despite the changes to the 
subject line and body.)

Re: non-dns based load balancing spamd

[Matt Kettler]

At 01:33 PM 11/10/2004, [EMAIL PROTECTED] wrote:
I am looking for some help finding a proxy/load balancer that will work with
spamc->group of spamd machines
Does anyone have any tips on what to use?
May I ask why you don't want to do a DNS based load balancing and spamc -H?
Quite frankly, it sounds like you're doing a lot of work trying to avoid 
using the simplest solution. There's got to be a reason why you want to 
avoid it, but it's not particularly clear why. 

Re: SPF fails now

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Raymond Dijkxhoorn writes:
> Hi!
> 
> > Since I have moved my mailserver/spamassassin onto my gateway, SPF now fails
> > on most messages, of which most are forwarded from my ISP's mailerver. Mail
> > sent direct to my mailserver get SPF_PASS.
> >
> > E.g. marti.mine.nu saw a message coming from the IP address 62.253.162.47
> > which is mta07-svc.ntlworld.com; the sender claimed to be
> > [EMAIL PROTECTED]
> > However, spamassassin.apache.org has announced using SPF that it does not
> > send mail out through 62.253.162.47.
> >
> > Is there anyway to fix this or do I need to turn SPF off?
> 
> If you forward mail if breaks SPF, please check the SPF dokumentation 
> about that.

how's the forwarding set up?   If that's what's happening, you should fix
it to resend the message with a new MAIL FROM address, e.g. by doing

"|/usr/lib/sendmail [EMAIL PROTECTED]"

in ~/.forward.   However I doubt NTLWorld give you access to a ~/.forward
;)

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBkm73MJF5cimLx9ARAio/AJwKfERB28fjib1YeCMkrsq7jiJgXACdFl1J
TJU2UhhPoi7bk4g+8sTOJdI=
=EfAT
-END PGP SIGNATURE-

non-dns based load balancing spamd

[brianmas]

I am looking for some help finding a proxy/load balancer that will work with
spamc->group of spamd machines

Does anyone have any tips on what to use?

I tried balance (http://www.inlab.de/balance.html) and pen (http://siag.nu/pen/)
both return identical results, spamc sending to machine directly marks up a test
spam, sending to the load balancer, it comes back unchanged, the logs show
balance reaching the remote machine and it processing the spam correctly, pen
doesn't fare as well, tpcdump don't show it trying to connect to another
machine, the return code when running with -x switch is "74" for both proxies.

Any help is appreciatated, I was unable to find any answers in the mail archives
or wiki.

Thank you,
brian

Re: SPF fails now

[Raymond Dijkxhoorn]

Hi!
Since I have moved my mailserver/spamassassin onto my gateway, SPF now fails
on most messages, of which most are forwarded from my ISP's mailerver. Mail
sent direct to my mailserver get SPF_PASS.
E.g. marti.mine.nu saw a message coming from the IP address 62.253.162.47
which is mta07-svc.ntlworld.com; the sender claimed to be
[EMAIL PROTECTED]
However, spamassassin.apache.org has announced using SPF that it does not
send mail out through 62.253.162.47.
Is there anyway to fix this or do I need to turn SPF off?
If you forward mail if breaks SPF, please check the SPF dokumentation 
about that.

Bye,
Raymond.

SPF fails now

[marti]

Since I have moved my mailserver/spamassassin onto my gateway, SPF now fails
on most messages, of which most are forwarded from my ISP's mailerver. Mail
sent direct to my mailserver get SPF_PASS.

E.g. marti.mine.nu saw a message coming from the IP address 62.253.162.47
which is mta07-svc.ntlworld.com; the sender claimed to be
[EMAIL PROTECTED]
However, spamassassin.apache.org has announced using SPF that it does not
send mail out through 62.253.162.47. 

Is there anyway to fix this or do I need to turn SPF off?

Strangley when the mail was forwarded from the origanal gateway mailserver
to this box they used to get SPF_HELO_PASS

Martin

RE: Sitewide SA implementation question

[Bowie Bailey]

From: Kang, Joseph S. [mailto:[EMAIL PROTECTED]
> 
> At this point, I've made scanning of messages for my users to be
> entirely opt-in.  All mail users (about 30 total) have local server
> accounts but the messages get sent on to an internal MS Exchange
> server via .forward files.  So, those users who do opt to have
> their messages scanned by SA get a "canned" .procmailrc that I've
> created placed into their homedirs.
> 
> So, now I want to move to a configuration where I could
> surreptitiously scan ALL incoming messages and, via
> /etc/procmailrc, dump those that score above a certain threshold
> before handing off to the user's .procmailrc.
> 
> What I'm worried about is that by doing this I will hit the
> condition where messages get scanned twice.  
> 
> And, I'd like to avoid having to require any user intervention
> (editing their .procmailrc files) to make this happen.  Most of my
> users' .procmailrc files are under my control.  A few users,
> including myself, are more advanced.

I would suggest that you scan and tag all incoming messages.  Don't
make any subject or body changes, just let SA add the headers.  Then
your global procmailrc can drop the high-scoring spam and your users
.procmailrc can use the same headers for further processing if they
want to sort out the spam or drop more of it.  This way the headers
are always there and the users can either take advantage of the spam
scan or ignore the headers.

Bowie

Sitewide SA implementation question

[Kang, Joseph S.]

All:

It's been awhile since I actually had a question about SA.  Also, I'm not
sure if this is a SA question or more a Procmail question.  I think it's a
bit of both...

So, I'm running sendmail and have implemented SA 2.64 (spamc/spamd) via
procmail.  SA is set up with sitewide Bayes and NO per users SA prefs.  

At this point, I've made scanning of messages for my users to be entirely
opt-in.  All mail users (about 30 total) have local server accounts but the
messages get sent on to an internal MS Exchange server via .forward files.
So, those users who do opt to have their messages scanned by SA get a
"canned" .procmailrc that I've created placed into their homedirs.

So, now I want to move to a configuration where I could surreptitiously scan
ALL incoming messages and, via /etc/procmailrc, dump those that score above
a certain threshold before handing off to the user's .procmailrc.

What I'm worried about is that by doing this I will hit the condition where
messages get scanned twice.  

And, I'd like to avoid having to require any user intervention (editing
their .procmailrc files) to make this happen.  Most of my users' .procmailrc
files are under my control.  A few users, including myself, are more
advanced.

Is this possible?  Or, no matter what, will it require some sort of end user
PROCMAILRC file editing?

Or am I thinking about this all wrong?  

Thanks in advance!

Joe K.
Systems Administrator
Network Executive Software, Inc.
888-604-5573 / postmaster(at)netex(dot)com 

Re: not scanning for virus after spamscan

[Bob Proulx]

Roel,

Roel Bindels wrote:
> To: users@spamassassin.apache.org, Bob Proulx <[EMAIL PROTECTED]>
> Hello List

I am NOT the mailing list!

This is a great example of why doing a group reply to a message and
just changing the subject is not good.  You replied to my last message
about "Badly formatted HTML- best practices?".  Please don't do that
unless you have something to say about that topic.

To start a new topic start a NEW message.  Please see the discussion
about this just a few days ago.

Thanks
Bob

Beeing nice to Chinese Mails

[Peter Guhl]

Hello all

We have got some customers who want to get their mails in Chinese. Now
the bayes filter happened to block them because the only Chinese mails
it ever saw where spam (Chinese customers, but no Chinese employees...).
Now I am looking for a way to control the treatment of Chinese mails (a
bit less strict at the moment) but I don't know how a
Chinese-detection-rule should be made... do you have any ideas?

Thanks and kind regards
Peter

Re: whitelist_from not working, sometimes

[hitete]

I use :

whitelist_from [EMAIL PROTECTED]


and it works good.
/Hitete

Re: whitelist_from not working, sometimes

[Matt Kettler]

At 10:53 AM 11/10/2004, Michael Weber wrote:
I have a file, local-names.cf, in the /etc/mail/spamassassin directory
which is a list of addresses I need to whitelist.  It seems to work,
except for one sender.  Here is the line from the .cf file:
whitelist_from   LABONE.com
This never triggers when I receive mail with a header that looks like
the one below.  I have seen emails with all caps like the line above, I
have also seen emails with LabOne.com or labone.com in the header.  I
have tried all of these variations and it really looks like my
local-names.cf file is being ignored.  Except that other emails from
other domains have spam headers that say the whitelist rule triggered
just like it should.  Any ideas on where to look?
I'd suggest looking at man Mail::SpamAssassin::Conf, section on 
whitelist_from
If you want to match [EMAIL PROTECTED] you need to put that in your 
whitelist_from. Otherwise, it should only match mail that is literally 
"From: labone.com"

There's no implicit sub-string matching in whitelist_from that I'm aware 
of. You need to insert file-glob style wildcards where you need them. 

Sa-LEARN error, and no debuggibg messages.

[hitete]

I have 2 users which classify their messages a ham and spam.

Two new directories have been created :

SPAM-NON-DETECTED
HAM

The non detected spam is transfered (no bounce no forward) to SPAM-NON-DETECTED

The detected spam which isn't in fact SPAM is transfered (no bounce no forward)
to HAM

What sa learn linen do I have to run in order for sa-learn to perform correctly
?.

I'm asking this because I get an ERROR line at the end. Even if I ad a "-D" in
the sa-learn line, i still get the error WHITHOUT any debugging messages !!!.
-

Another question regarding sa-learn : it is sad that you have to specify the
path to the directory...BUT the HAM and SPAM-NON-DETECTED Folders are
files..

/hitete

whitelist_from not working, sometimes

[Michael Weber]

Greetings!

I have a file, local-names.cf, in the /etc/mail/spamassassin directory
which is a list of addresses I need to whitelist.  It seems to work,
except for one sender.  Here is the line from the .cf file:

whitelist_from   LABONE.com

This never triggers when I receive mail with a header that looks like
the one below.  I have seen emails with all caps like the line above, I
have also seen emails with LabOne.com or labone.com in the header.  I
have tried all of these variations and it really looks like my
local-names.cf file is being ignored.  Except that other emails from
other domains have spam headers that say the whitelist rule triggered
just like it should.  Any ideas on where to look?

Return-path: <[EMAIL PROTECTED]>
Received: from web-2.alliednational.com [172.16.30.32]
by mail.alliednational.com; Tue, 09 Nov 2004 16:51:07 -0600
Received: (from [EMAIL PROTECTED])
by web-2.alliednational.com (8.11.6/8.11.6) id iA9Mp7h13278
for [EMAIL PROTECTED]; Tue, 9 Nov 2004 16:51:07 -0600
X-Authentication-Warning: web-2.alliednational.com: filter set sender
to [EMAIL PROTECTED] using -f
Received: from hades.labone.com (unknown [198.70.194.2])
by web-2.alliednational.com (Postfix) with ESMTP id C8E6CBBF7
for <[EMAIL PROTECTED]>; Tue,  9 Nov 2004 16:51:03 -0600
(CST)
Received: from smsrv.1.24.172.in-addr.arpa by hades.labone.com
  via smtpd (for h-66-166-36-212.chcgilgm.covad.net
[66.166.36.212]) with ESMTP; Tue, 9 Nov 2004 16:51:03 -0600
From: "Support LabOne" <[EMAIL PROTECTED]>
Reply-To: "LabOne Transmission System" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] 
Subject: %%SPAM%% (5.3) HIPAA
Date: Tue Nov  9 16:50:53 2004
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Prev-Subject: HIPAA
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on 
web-2.alliednational.com
X-Spam-Report: 
*  1.0 _YM_HS_BAGLE_A _YM_HS_BAGLE_A
*  0.6 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before
Received: date
*  1.8 MSGID_FROM_MTA_ID Message-Id for external message added
locally
*  0.5 MY_UHVRCV BODY: Your have received this spam
*  1.6 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
*  [score: 0.5187]
* -0.0 AWL AWL: From: address is in the auto white-list
X-Spam-Status: Yes, score=5.3 required=5.0 tests=AWL,BAYES_50,
DATE_IN_PAST_12_24,MSGID_FROM_MTA_ID,MY_UHVRCV,_YM_HS_BAGLE_A 
autolearn=no version=3.0.1
X-Spam-Level: *

What gives?

TIA!

-Michael




CONFIDENTIALITY NOTICE:  This communication and any 
attached or enclosed files may contain information 
that is privileged, confidential, proprietary and/or 
otherwise protected from disclosure under applicable 
law ("Confidential Information").  Any review, 
retransmission, publication, dissemination, 
distribution, forwarding, printing, copying, storing, saving 
or other use or disclosure of this communication and/or the 
Confidential Information, or taking any action in reliance 
thereon, by an individual or entity other than the intended 
recipient(s) is strictly prohibited.  

This communication and the Confidential Information are 
intended solely for the use of the individual(s) and/or 
entity(ies) to which this communication is addressed. 
If you are not the intended recipient(s) (or responsible 
for delivery to said recipient(s)), please be advised 
that you have received this communication in error and 
have an obligation to promptly inform the sender by reply 
e-mail or facsimile and to permanently delete, shred or 
otherwise destroy, in its entirety, this original communication 
and all copies thereof, whether in electronic or hard copy format. 

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Daryl C. W. O'Shea]

Troels Walsted Hansen wrote:
You're perfectly right, of course. I did notice this problem, but I 
wasn't aware of headers_ham so I didn't find a way to fix it. In fact 
I was wondering about the legality of manipulating 
$permsgstatus->{main}->{conf} from a plugin. Is it considered bad 
practice?
As far as I know it's the only way, although I haven't really looked 
into it.  Not much to go by example wise since plugins are new for v3.

I was expecting a $permsgstatus->add_header() function or similar, and 
when I didn't find I grepped the SA source until I found an 
alternative way to add headers to the mail.
That would make sense as it would prevent you from overwriting another 
plugins (arbitrarily defined / self chosen) headers.  You make want to 
make a request in the bugzilla at bugzilla.spamassassin.org if nobody 
else on the list has a better idea.

Thanks for your fix!
No problem.
Daryl

Re: [SURBL-Discuss] Probable new data source: DNS queries hittingspamhaus lists

[Jeff Chan]

On Wednesday, November 10, 2004, 5:25:43 AM, Rob McEwen wrote:
> 1st, if you are converting domains to IPs and then checking these IPs
> against spamhaus, you may have to make sure your system can whitelist the
> domains **before** conversion to IP since the IPs can change without notice.

Interesting.  I was going to whitelist after detection.
Whitelisting first would prevent some processing.

Note that we're not proposing making a list of IP addresses.
The output is still mostly a list of domains.

> 2nd, SpamHaus keeps listing the following:
> msn.click-url.com, (& variations)
> (These show up FREQUENTLY in hams, so I'd Whitelist these up front. They
> seem to go in an out of SpamHaus intermittently.)
> FOR EXAMPLE:
> msn.click-url.com = 216.39.69.75
> http://www.spamhaus.org/query/bl?ip=216.39.69.75
> ...points to...
> http://www.spamhaus.org/sbl/sbl.lasso?query=SBL20705

click-url.com is already manually whitelisted so it would not be
on our version of the lists.  We would likely apply the SURBL
whitelisting to these lists.

> 3rd, in fact, SpamHaus is going to list a lot of greymarketers that
> shouldn't be listed in SURBL (flowgo, euniverse, etc)

That is one area where we disagee with Spamhaus, and we've
whitelisted most of those since they appear in legitimate
newsletters, etc.  However our whitelists of those domains
may not be complete.

> 4th, most of the FPs I find in SpamHaus are XBL listings where the data
> source for that particular FP was http://cbl.abuseat.org/

> CBL catches a LOT of spam... but it also periodically will list the
> mailserver for respected IPS where that ISP had one user who send out a
> bunch of spam and then CBL listed the IP address of that server.
> Unfortunately, this creates a lot of collateral damage. Recently, I
> experienced this with one of my clients's customer's BellSouth E-mail
> services. (I don't know the ratio of XBL stuff via CBL versus XBL stuff from
> other sources. I'd be curious to know this.)

Queries into our DNS servers almost never match domains that
resolve into XBL, which makes sense since those are mostly zombies.
However a domain list of XBL hits may be a useful early warning of
spammers starting to use zombies for hosting, DNS, etc, which
fortunately they haven't done much yet.  In practical terms the
XBL hits are so few now as to be a non-issue.

(Really I just included XBL for completeness; SBL is generally
more relevant for URIs, which is why it's what's used by uridnsbl
in SapmAssasisn by default.  uridnsbl was probably designed with
SBL in mind.  If we do this, the SBL and XBL lists would be
separate.)

> Jeff, very likely, (I have a feeling) I've misunderstood your original
> intended use of SpamHaus? But maybe this information will be helpful anyway?
> I would definitely recommend NOT using the strategy I've described as an
> **automatic** way to get listed in SURBL. This would defeat MOST of the hard
> work we've done to minimize FPs. But, on the other hand, there are many
> great possibilities here for using this as a tool for evaluating URIs or as
> a honeypot for queuing URIs for evaluation where the URI wasn't already in
> SURBL.

> Rob McEwen

The reason for looking at this is a way to avoid the DNS
resolution on wild URI domains that urbdnsbl does in SA 3.
This process is an approximation of what uridnsbl does
with sbl.  I suspect that uridnsbl gets some false
positives similar to what you notice in your own
processing.  Presumably uridnsbl is scored lower than
SURBLs because of the FPs, and a SURBL version of the
sbl data should probably also be scored lower than other
SURBLs for similar reasons.  Our whitelists would tend
to reduce the FP rate somewhat, if applied, which seems
likely.

I share your concerns about FPs, but since we're doing
something very similar to what uridnsbl does but with
much less DNS overhead, the same concerns apply to FPs
with uridnsbl, it's just that this new way of doing
things would be much faster.

We have not turned this data into lists yet, but the reasons
for considering it are as I describe: to bypass the very
time consuming name resolution that urndnsbl does against
domains in wild messages.  It's meant to be a potential
speedup/replacement for uridnsbl.

We should definitely discuss this more, and I'd like to
hear from the SA developers.

Jeff C.
--
"If it appears in hams, then don't list it."

Fwd: [SURBL-Discuss] Probable new data source: DNS queries hitting spamhaus lists

[Jeff Chan]

This is a forwarded message
From: Jeff Chan <[EMAIL PROTECTED]>
To: SURBL Discuss <[EMAIL PROTECTED]>
Date: Tuesday, November 9, 2004, 11:34:19 PM
Subject: [SURBL-Discuss] Probable new data source: DNS queries hitting spamhaus 
lists

===8<==Original message text===
At Daniel Quinlan's suggestion, we've started to check a sampling
of SURBL name server queries against sbl and xbl.spamhaus.org.
His interest is as a potential replacement for the very time
consuming NS record lookups done with uridnsbl.

We haven't turned these into a SURBL yet, but probably will
eventually.  So far this has resulted in about 11k SBL domains
with about 60% overlap with existing SURBLs.  The fun thing
is that this catches at a very early stage spams from scumbags
like "Media Dreamland" that has been spamming free computer
monitors, etc. lately.  Some of these type of operations that
reuse the same name server IPs, but register and change domains
frequently are caught this way, just like uridnsbl does, but
with perhaps a few missed due to sampling effects on the
DNS queries.  This method also features a much lower global
DNS overhead since the lookups are done once in a centralized
way, and not repeatedly in a gazillion SpamAssassin installations
on the same domains in a very distributed and redundant way.

The way this works is that we sample DNS queries from SURBL
lookups and compare new wild domains (i.e. domains found
in general email URIs), against xbl and sbl and build up
lists of the matches.  (To be more correct, it's the wild
domain name server "NS" record resolved ip addresses which
are checked against sbl and xbl.)  Along with this will need
to be expiration runs, which I haven't built yet.  (In other
words, domains should come off the lists when they no longer
resolve or no longer resolve to name servers in sbl or xbl.)

The main downside is that domains matching name servers
listed in sbl or xbl definitely has more false positives
than our other SURBL lists.  We'll want to do some testing,
but it may be as high as 1%, so they'd need to be used
carefully.

Some perhaps other interesting stats after about two weeks:

  unique queries logged so far about 250k
(These are reduced to base domains where easy)
  SBL matches so far about 11k
  XBL matches so far about 400

SBL are checked for NS records only
XBL are checked for NS, www, base domain against XBL
(but not MX)

Questions?  Comments?  Suggestions?

Jeff C.
--
"If it appears in hams, then don't list it."

IMAP folder with sa-learn

[hitete]

Quoting [EMAIL PROTECTED]:

> I want to integrate sa-learn to learn what is spam and what is non spam.
> I use SA 2.64 and procmail.
>
> Is it OK if I have two users that each move there SPAM and HAM to
> local IMAP folders ?.
>
> Like FALSE-SPAM and SPAM
> How do I specfy to sa-learn to go look in a certain imap folder ?.
>
> /Hitete

Re: sa-learn

[hitete]

I want to integrate sa-learn to learn what is spam and what is non spam.
I use SA 2.64 and procmail.

Is it OK if I have two users that each move there SPAM and HAM to
local IMAP folders ?.

Like FALSE-SPAM and SPAM
How do I specfy to sa-learn to go look in a certain imap folder ?.

/Hitete

not scanning for virus after spamscan

[Roel Bindels]

Hello List

I'm using amavis (old version) wich does the spam scanning and I'm using
amavis for virus scan.

When a virus is marked as spam no virusscan takes place.
Does anyone kwon why this is and how this can be fixed

greetings Roel Bindels

(config files can be send on request)

Re: Badly formatted HTML- best practices?

[Bob Proulx]

Loren Wilton wrote:
> > Should we inform them that their mails are likely to be caught be email
> > filters or should we let them live on in blissful ignorance?
> 
> I personally try to suggest ways to fix things occasionally.
> It almost invariably has no results, but I figure it is worth trying now and
> then.

Me too.  When I am motivated I try to educate people.  But rarely does
it do any good.  But keep fighting the good fight just the same.

Bob

Re: [SURBL-Discuss] Please test MailPolice Fraud list

[Jeff Chan]

On Monday, September 20, 2004, 3:20:52 PM, Jeff Chan wrote:
> Please test the MailPolice Fraud list as Bill described earlier
> (copied below).  We would like to include this data in our
> PH anti-phishing list, but request your help in testing it
> first.

> We're particularly interested in any false positives.

> Jeff C.
> __

> This is a list that MailPolice hosts and I have been running it for a few
> hours and it has already flagged some phish and fraud e-mails.  Here is some
> info about the list:  http://rhs.mailpolice.com/#rhsfraud

> This is my configuration for SA 2.64 with the SpamCopURI plug-in:

> uri   MP_URI_RBL
> eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2')
> describe  MP_URI_RBL URI's domain appears in MailPolice fraud list
> tflagsMP_URI_RBL net
> score MP_URI_RBL 2.0

> And for SA 3.0 with the URIDNSBL plug-in:

> urirhsbl URIBL_MP fraud.rhs.mailpolice.com.   A
> header   URIBL_MP eval:check_uridnsbl('URIBL_MP')
> describe URIBL_MP URI's domain appears in MailPolice fraud list
> tflags   URIBL_MP net
> scoreURIBL_MP 2.0

> Bill

Does anyone have any more testing of the fraud.rhs.mailpolice.com
data to share?

SpamAssassin corpus checkers, would you please test it for FPs?

Shall we add it to ph.surbl.org?

Jeff C.
--
"If it appears in hams, then don't list it."

Re: Rules List

[Jeff Chan]

On Tuesday, November 9, 2004, 11:53:13 AM, Greg Earle wrote:
> I've got Mail::SpamAssassin::SpamCopURI installed on 2.63 now.

> But, since 2.63 didn't come with 3.01's rules like 25_uribl.cf,
> there's nothing in my 2.63 setup to utilize SpamCopURI, as far
> as I can tell.
[...]

> This won't work under 2.63, right?  There's no "ifplugin" stuff
> in 2.63, is there?  I haven't been following the list religiously
> but I thought the plug-in stuff was a SpamAssassin 3-ism ...

The rules for SpamCopURI under SpamAssassin 2.63 and 2.64
are not the same as the rules for urirhssub or urirhsbl
under SpamAssassin 3.

SpamCopURI should ship with sample rules, but I recommend
that you use the updated rules at:

  http://www.surbl.org/spamcop_uri.cf.022-updated.txt

which are mentioned at:

  http://www.surbl.org/

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: Clam AntiVirus plugin for SpamAssassin 3.x

[Daryl C. W. O'Shea]

Troels Walsted Hansen wrote:
I created a small plugin using the new plugin API in SpamAssassin 3.x. 
The plugin connects to a local ClamAV server (through TCP) and checks 
the email for virus. If a virus is found, it returns a positive return 
code to indicate spam and sets the header "X-Spam-Virus: Yes 
($virusname)".
Well sort of.  The headers only get set if the message ends up being 
classified as spam.  If you receive a virus from a whitelisted user, or 
in a message that would otherwise score less than -5.0 (at least with 
the default score CLAMAV 10), the X-Spam-Virus: Yes ($virus) header 
won't be added since the headers are only added to %headers_spam.  Of 
course, clean messages won't have a header added in ham messages either.

Adding the "Virus" headers to the headers_ham hash, as in the attached 
file, correct this.

Otherwise a pretty cool plugin for those who can't for whatever reason 
do it another way.

Daryl
package ClamAV;
use strict;
use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
use File::Scan::ClamAV;
our @ISA = qw(Mail::SpamAssassin::Plugin);

sub new {
  my ($class, $mailsa) = @_;
  $class = ref($class) || $class;
  my $self = $class->SUPER::new($mailsa);
  bless ($self, $class);
  $self->register_eval_rule ("check_clamav");
  return $self;
}

sub check_clamav {
  my ($self, $permsgstatus, $fulltext) = @_;
  my $av = new File::Scan::ClamAV(port => 3310);
  my ($code, $virus) = $av->streamscan(${$fulltext});
  if(!$code) {
my $errstr = $av->errstr();
Mail::SpamAssassin::Plugin::dbg("ClamAV: Error scanning: $errstr");
$permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "Error 
($errstr)";
$permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "Error ($errstr)";
  } elsif($code eq 'OK') {
Mail::SpamAssassin::Plugin::dbg("ClamAV: No virus detected");
$permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "No";
$permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "No";
  } elsif($code eq 'FOUND') {
Mail::SpamAssassin::Plugin::dbg("ClamAV: Detected virus: $virus");
$permsgstatus->{main}->{conf}->{headers_spam}->{"Virus"} = "Yes ($virus)";
$permsgstatus->{main}->{conf}->{headers_ham}->{"Virus"} = "Yes ($virus)";
return 1;
  } 
  return 0;
}

1;

Rule hits entry in syslog

[Chris]

Is there currently a way to set SA 'not' to display the rules that were hit 
on a message in the syslog?  Or could this possibly be coded into a future 
version?  Running SA 3.0.1

-- 
Chris
Registered Linux User 283774 http://counter.li.org
7:35pm up 6 days, 1 min, 1 user, load average: 0.64, 0.64, 0.42

Maybe Jesus was right when he said that the meek shall inherit the
earth -- but they inherit very small plots, about six feet by three.
-- Lazarus Long

Live - From Virgin Radio UK Virgin Radio Classic Rock - The original classic 
rock station

Re: New header rule syntax question

[Robert Menschel]

Hello Scot,

Tuesday, November 9, 2004, 2:57:27 PM, you wrote:

SH> I have a rule for a client that causes all of his Movable Type comment
SH> emails NOT  to be tagged as spam even if SA thinks they are:

SH> # Allow blog comments to be delivered
SH> header MT_SUBMISSION Subject =~ /somestring//
SH> describe MT_SUBMISSION Subject: blog comment
SH> score MT_SUBMISSION -20

SH> This rule does not seem to be working in SA3 -- some comment
SH> emails are being tagged as spammy and he's missing them. How would
SH> I rewrite this rule to work under SA3?

Have you tried "spamassassin --lint" on the rule?

That ending // appears to be invalid.

Bob Menschel

Proper config to handle idalup users?

[John Goggan]

What is the proper way to configure SpamAssassin (and/or sendmail for that 
matter, possibly) to handle dial-up users that use our machine as their 
primary SMTP server?

Basically, I have some users that are on dialup (or, at least, dynamic) 
services out there now and then.  They connect directly to our machine for 
sending out email (either actually to us on the machine -- or relaying back 
out to the world).  To do this, I have added some of their IP ranges to the 
sendmail "access" file with permission to "RELAY".  I realize that this might 
allow a few unauthorized people to relay off of me -- but it should be a 
fairly small likelihood, so we've decided to live with that for now until we 
can get them moved to a static IP.

The problem is that all of their mail to us is being tagged with 
RCVD_IN_NJABL_DIALUP and RCVD_IN_DYNABLOCK.  Is there anything that I can do 
to prevent this?  Something to configure to tell them that I am their primary 
SMTP server and that therefore, as far as our server is concerned, it isn't a 
problem that they were on a dynamic and/or dialup IP?

Either that -- or is there a better way to solve this?  Unfortunately, due to 
circumstances outside my control, I cannot make them switch to only 
authenticated SMTP nor can I move them to static IPs at this time.

Any thoughts?  Thanks...
 - John...

Re: Question From A Newbie.

[multimedia-fan]

On Tue, 09 Nov 2004 19:51:21 -0500, Matt Kettler <[EMAIL PROTECTED]>
wrote:

>At 07:39 PM 11/9/2004, [EMAIL PROTECTED] wrote:
>>I have a question regarding installing additional rules.
>>How to install the new rules?
>>
>>Do I just copy them to /etc/mail/spamassassin?
>
>Yep that's all.
>
>Well, I'd also suggest running spamassassin --lint to check for parsing errors.
>
>If you used spamc/spamd you'd need to restart spamd, but you call 
>spamassassin directly so there's no need. (less efficient, but easier to 
>manage because spamassassin reparses the configfiles from scratch for every 
>message)
>

Thank you very much for the help and the explanation.

Re: Question From A Newbie.

[Matt Kettler]

At 07:39 PM 11/9/2004, [EMAIL PROTECTED] wrote:
I have a question regarding installing additional rules.
How to install the new rules?
Do I just copy them to /etc/mail/spamassassin?
Yep that's all.
Well, I'd also suggest running spamassassin --lint to check for parsing errors.
If you used spamc/spamd you'd need to restart spamd, but you call 
spamassassin directly so there's no need. (less efficient, but easier to 
manage because spamassassin reparses the configfiles from scratch for every 
message)

Re: Question From A Newbie.

[multimedia-fan]

On Tue, 09 Nov 2004 19:49:48 -0500, Rick Macdougall <[EMAIL PROTECTED]>
wrote:

>
>
>[EMAIL PROTECTED] wrote:
>> Newbie alert.
>> 
>> I have successfully installed  SpamAssassin 3.0.1 for Red Hat Linux 7.1
>> server that I was assigned to work on.
>> 
>> 
>> 
>> I use SpamAssassin as a system wide filter through procmail (small
>> domain with less than 150 email boxes.
>> 
>> 
>> ## Send to Spam Assassin
>> :0fw
>> | /usr/bin/spamassassin
>> 
>> 
>> 
>> I have a question regarding installing additional rules.
>> How to install the new rules?
>> 
>> Do I just copy them to /etc/mail/spamassassin?
>> 
>
>Hi,
>
>You can just copy the rules into /etc/mail/spamassassin and voila.
>
>You should look into using /usr/bin/spamc instead of 
>/usr/bin/spamassassin for speed.
>

Hi Rick,

Thank you very much for your kind help and advice.

Re: Question From A Newbie.

[Rick Macdougall]

[EMAIL PROTECTED] wrote:
Newbie alert.
I have successfully installed  SpamAssassin 3.0.1 for Red Hat Linux 7.1
server that I was assigned to work on.

I use SpamAssassin as a system wide filter through procmail (small
domain with less than 150 email boxes.
## Send to Spam Assassin
:0fw
| /usr/bin/spamassassin

I have a question regarding installing additional rules.
How to install the new rules?
Do I just copy them to /etc/mail/spamassassin?
Hi,
You can just copy the rules into /etc/mail/spamassassin and voila.
You should look into using /usr/bin/spamc instead of 
/usr/bin/spamassassin for speed.

Regards,
Rick

Question From A Newbie.

[multimedia-fan]

Newbie alert.

I have successfully installed  SpamAssassin 3.0.1 for Red Hat Linux 7.1
server that I was assigned to work on.



I use SpamAssassin as a system wide filter through procmail (small
domain with less than 150 email boxes.


## Send to Spam Assassin
:0fw
| /usr/bin/spamassassin



I have a question regarding installing additional rules.
How to install the new rules?

Do I just copy them to /etc/mail/spamassassin?

Or is there something else that I missed.

Thank you for your help.

Re: New header rule syntax question

[Theo Van Dinter]

On Tue, Nov 09, 2004 at 02:57:27PM -0800, Scot Hacker wrote:
> header MT_SUBMISSION Subject =~ /somestring//
> 
> This rule does not seem to be working in SA3 -- some comment emails are
> being tagged as spammy and he's missing them. How would I rewrite this rule
> to work under SA3?

You have one too many "/" in there.  Remove the second one on the end.

-- 
Randomly Generated Tagline:
"Communist revolutionaries taking over the server room and demanding
 all the computers in the building or they shoot the sysadmin."
 - Today's BOFH Excuse


pgpT0KIKFuOTh.pgp
Description: PGP signature