spamassassin/bayesian: central repository problmes
hi all, I'm trying to set up spamassassin to have a central repository under /var/spamassassin , so each user does not have a ~/$HOME/.spamassassin/ dir in there home dir. I know this is not the best solution, and can potentially confuse SA, but under my circumstances, I think this will be easier in the long run. I'm trying to follow the directions here: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/spamd/README and set up a system wide Bayesian db: I have modified /etc/mail/spamassassin/local.cf to use a shared database of tokens, by setting the 'bayes_path' setting to a path all users can read and write to. I have also set the 'bayes_file_mode' setting to 0666 so that created files are shared I'm running on a FC3 system Spamassassin Version: spamassassin-3.0.4-1.fc3 spamass-milter Version: spamass-milter-0.3.0-1 both get started via /etc/rc3.d/... here is my /etc/mail/spamassassin/local.conf: required_hits 5 report_safe 0 rewrite_header Subject [SPAM] bayes_path /var/spamassassin/ bayes_file_mode 0666 auto_learn 1 ok_languages en ok_locales en My spam ham learn script: #!/bin/sh # autolearn.sh CONFIG=/etc/mail/spamassassin/ SPLOC=/var/spamassassin/ MYUSER="user1" MYHOME="/home/$MYUSER" USER_MAILSPOOL="/var/spool/mail/$MYUSER" SPAM="$MYHOME/mail/spam" echo "Spamassassin Learning spam: $SPAM" sa-learn --dbpath $SPLOC --spam --mbox $SPAM echo "Spamassassin Learning ham: $USER_MAILSPOOL" sa-learn --dbpath $SPLOC --ham --mbox $USER_MAILSPOOL my /var/log/maillog errors: Oct 6 08:57:57 localhost spamd[3014]: Creating default_prefs [/root/.spamassassin/user_prefs] Oct 6 08:57:57 localhost spamd[3014]: Cannot write to /root/.spamassassin/user_prefs: Permission denied my /etc/sysconfig/spamassassin SPAMDOPTIONS="-d -c -m5 -H -u nobody -- spamc --dbpath /var/spamassassin" I've stopped and restarted both spamassassin and spamass-milter after all changes were made... and it still trying to access the /root/.spamassassin/ for the tokens. Any ideas, I'm lost Scott
Managing a personal SURBL list
Hi all, We are running spamassassin 3.1 with Mailscanner. The SURBL checks are very efficient in catching spams ( without risk of FP's). Sometimes we get a lot of spam with URI's not listed in SURBL's , probably because they are too specific to our domain / locality. To make sure that these spams too get caught .. we plan to run our own SURBL list. Whats the best way of achieving this ? Any inputs ? Thanks Ram
Rules Du Jour missing rulesets?
No index found for ruleset named SARE_SPAMCOP_TOP200. Check that this ruleset is still valid. No index found for ruleset named SARE_WHITELIST. Check that this ruleset is still valid. No index found for ruleset named SARE_URI0. Check that this ruleset is still valid. Most of my rulesets work but these 3 do not. Does anybody else have this problem? TIA,
Re: executing spamassassin at remote host?
From Matt Kettler, > Depending on what MTA you use there will be a variety of MTA integration > tools for you to choose from. Popular ones include qmail-scanner (for > qmail), mimedefang (sendmail), exiscan (exim), MailScanner (multiple) and > amavisd-new (multiple). ... > For what it's worth, I use MailScanner, but mostly because of my "bursty" > mail loads that the double-queue setup of MailScanner works well with. Btw, the same applies to amavisd-new: in a typical Postfix setup the mail is queued by MTA before and after a content filter, with a controlled pipe width to amavisd-new, so such a setup is never subject to problems caused by bursty load or high peaks / mail storms, it just hovers at its admin-controlled (tunable) setting for the number of parallel streams to achieve consistent optimum overall mail throughput. Mark
Re: Rules Du Jour missing rulesets?
I'm getting a missing SARE_URI2 error... I'm using rules du jour 1.21. - Original Message - Date: Tue, 18 Oct 2005 09:04:45 -0600 >No index found for ruleset named SARE_SPAMCOP_TOP200. >Check that this ruleset is still valid. No index found for >ruleset named SARE_WHITELIST. Check that this ruleset is >still valid. No index found for ruleset named SARE_URI0. >Check that this ruleset is still valid. > >Most of my rulesets work but these 3 do not. Does anybody >else have this problem? = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca ---
RE: spamassassin/bayesian: central repository problmes
From: R. Scott Baer [mailto:[EMAIL PROTECTED] > > I have modified /etc/mail/spamassassin/local.cf to use a shared > database of tokens, by setting the 'bayes_path' setting to a path > all users can read and write to. I have also set the > 'bayes_file_mode' setting to 0666 so that created files are shared > > I'm running on a FC3 system > Spamassassin Version: spamassassin-3.0.4-1.fc3 > spamass-milter Version: spamass-milter-0.3.0-1 > > both get started via /etc/rc3.d/... > > here is my /etc/mail/spamassassin/local.conf: > required_hits 5 > report_safe 0 > rewrite_header Subject [SPAM] > bayes_path /var/spamassassin/ > bayes_file_mode 0666 > auto_learn 1 > ok_languages en > ok_locales en Bayes_path should end with a filename stub. Try this: bayes_path /var/spamassassin/bayes Bowie
Re: spamassassin/bayesian: central repository problmes
Bowie Bailey wrote: From: R. Scott Baer [mailto:[EMAIL PROTECTED] I have modified /etc/mail/spamassassin/local.cf to use a shared database of tokens, by setting the 'bayes_path' setting to a path all users can read and write to. I have also set the 'bayes_file_mode' setting to 0666 so that created files are shared I'm running on a FC3 system Spamassassin Version: spamassassin-3.0.4-1.fc3 spamass-milter Version: spamass-milter-0.3.0-1 both get started via /etc/rc3.d/... here is my /etc/mail/spamassassin/local.conf: required_hits 5 report_safe 0 rewrite_header Subject [SPAM] bayes_path /var/spamassassin/ bayes_file_mode 0666 auto_learn 1 ok_languages en ok_locales en Bayes_path should end with a filename stub. Try this: bayes_path /var/spamassassin/bayes Bowie Bowie, Thanks for your reply... I made the modification, though I'm still getting the same errors in my log file. Scott
RE: spamassassin/bayesian: central repository problmes
From: R. Scott Baer [mailto:[EMAIL PROTECTED] > > Bowie Bailey wrote: > > >From: R. Scott Baer [mailto:[EMAIL PROTECTED] > > > > > >>I have modified /etc/mail/spamassassin/local.cf to use a shared > >>database of tokens, by setting the 'bayes_path' setting to a path > >>all users can read and write to. I have also set the > >>'bayes_file_mode' setting to 0666 so that created files are shared > >> > >>I'm running on a FC3 system > >>Spamassassin Version: spamassassin-3.0.4-1.fc3 > >>spamass-milter Version: spamass-milter-0.3.0-1 > >> > >>both get started via /etc/rc3.d/... > >> > >>here is my /etc/mail/spamassassin/local.conf: > >>required_hits 5 > >>report_safe 0 > >>rewrite_header Subject [SPAM] > >>bayes_path /var/spamassassin/ > >>bayes_file_mode 0666 > >>auto_learn 1 > >>ok_languages en > >>ok_locales en > > > >Bayes_path should end with a filename stub. Try this: > > > >bayes_path /var/spamassassin/bayes > > Bowie, > Thanks for your reply... I made the modification, though I'm still > getting the same errors in my log file. Did you restart spamd and/or the spamass-milter after making the changes? (I don't use sendmail here, so I'm not sure exactly what you need to restart to make the changes take effect) Bowie
Re: spamassassin/bayesian: central repository problmes
R. Scott Baer wrote: >> > Bowie, > Thanks for your reply... I made the modification, though I'm still > getting the same errors in my log file. Wait a second... Going back to your first post, the messages you were complaining about were: Oct 6 08:57:57 localhost spamd[3014]: Creating default_prefs /root/.spamassassin/user_prefs] Oct 6 08:57:57 localhost spamd[3014]: Cannot write to /root/.spamassassin/user_prefs: Permission denied This has *NOTHING* to do with bayes. Nothing at all! This has to do with the fact that you started spamd with the -c option. If you don't want spamd to create user_prefs files auto-magically, drop this command-line option. In general, it looks like "nobody" has a home directory that points to /root/. When spamd setuid's to nobody (because you specified -u nobody), it has no privileges to create the user_prefs file in root's home directory. Really, I would strongly suggest creating a "spamd" user, and give it a home directory, if you want to use user_prefs file. Whatever you do, do NOT give "nobody" privileges to write to root's home directory. You will severely degrade the security of your system if you do.
Re: Managing a personal SURBL list
Ramprasad A Padmanabhan a écrit : Hi all, We are running spamassassin 3.1 with Mailscanner. The SURBL checks are very efficient in catching spams ( without risk of FP's). Sometimes we get a lot of spam with URI's not listed in SURBL's , probably because they are too specific to our domain / locality. To make sure that these spams too get caught .. we plan to run our own SURBL list. Whats the best way of achieving this ? Any inputs ? the surbl site explains how to run one with rbldnsd. http://www.surbl.org/links.html http://www.surbl.org/rbldnsd-bind-freebsd.html while this talks about rsyncing, the setup works for your own lists.
90_FVGT.cf obsolete?
I haven't paid much attention of late, as my job has headed away from IT and back towards engineering, but ran into a problem today where a FVGT rule (to be specific the FVGT_u_BZ_TLD) caused a false positive due to a http://www.usps.com tracking URL included in the email. Has the 90_FVGT.cf file been rendered obsolete? I can't seem to find an updated version of it anywhere, and the version I have is from January 2004. TIA. Carl Chipman Nomadics, Inc. http://www.nomadics.com
Creating Rules for specific domains
Hi People, I'm having some problems with the SpamAssassin Rules. I have to e-mails server (Enchange and Exim) and another server with SpamAssassin and Exim to delivery the messages. In my DNS server, I'd put the mx(10) poiting to the SPamAssassin server and it's delivery the messages to the users mailbox. My problem is, I don't know how to create specific rules for each domain that pass through the SpamAssassin server or maybe set different scores in the existent rules for each domain. Does anyone know how to do this? Thanks Jeff
Re: 90_FVGT.cf obsolete?
Carl Chipman a écrit : I haven't paid much attention of late, as my job has headed away from IT and back towards engineering, but ran into a problem today where a FVGT rule (to be specific the FVGT_u_BZ_TLD) caused a false positive due to a http://www.usps.com tracking URL included in the email. Has the 90_FVGT.cf file been rendered obsolete? I can't seem to find an updated version of it anywhere, and the version I have is from January 2004. Use the *_FVGT_* found in http://www.rulesemporium.com/other-rules.htm instead.
Re: dns resolver problems
On Saturday 15 October 2005 20:51, Tomasz Grobelny wrote: > When I try to start amavis with spam checking code enabled I get the > following error: > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: SpamControl: > initializing Mail::SpamAssassin > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: TROUBLE in > pre_loop_hook: Error creating a DNS resolver socket: > at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm line 202. > > My network (including DNS servers) seems to work just fine. I found a > bugreport (http://bugzilla.spamassassin.org/show_bug.cgi?id=4619) with > similar message but my system is IPv4/IPv6 enabled. In /etc/resolv.conf > file only IPv4 server is active. What may cause the problem? TIA Come on, someone must have written that code. Nobody had similar problems? -- Regards, Tomasz Grobelny
RE: Managing a personal SURBL list
> -Original Message- > From: Ramprasad A Padmanabhan [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 18, 2005 9:53 AM > To: Spamassassin > Subject: Managing a personal SURBL list > > > Hi all, > > We are running spamassassin 3.1 with Mailscanner. The SURBL > checks are > very efficient in catching spams ( without risk of FP's). >Sometimes we get a lot of spam with URI's not listed in SURBL's , > probably because they are too specific to our domain / locality. > To make sure that these spams too get caught .. we plan to run our own > SURBL list. Whats the best way of achieving this ? Any inputs ? > > Thanks > Ram At the risk of being flamed, try www.uribl.com as well. --Chris
Re: Managing a personal SURBL list
Chris Santerre writes: -Original Message- From: Ramprasad A Padmanabhan [mailto:[EMAIL PROTECTED] Subject: Managing a personal SURBL list Hi all, We are running spamassassin 3.1 with Mailscanner. The SURBL checks are very efficient in catching spams ( without risk of FP's). Sometimes we get a lot of spam with URI's not listed in SURBL's , probably because they are too specific to our domain / locality. To make sure that these spams too get caught .. we plan to run our own SURBL list. Whats the best way of achieving this ? Any inputs ? Thanks Ram At the risk of being flamed, try www.uribl.com as well. --Chris Folks, he appears to be asking about creating hiw own uribl data.. meaning run some script through confirmed spam (specific to his geographical location), extract the URIs and create a local zone to be used through rbldnsd (and preferably share it as well!!). - dhawal
RE: Managing a personal SURBL list
> -Original Message- > From: Dhawal Doshy [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 18, 2005 4:34 PM > To: Spamassassin > Subject: Re: Managing a personal SURBL list > > > Chris Santerre writes: > > >> -Original Message- > >> From: Ramprasad A Padmanabhan [mailto:[EMAIL PROTECTED] > >> Subject: Managing a personal SURBL list > >> > >> > >> Hi all, > >> > >> We are running spamassassin 3.1 with Mailscanner. The SURBL > >> checks are > >> very efficient in catching spams ( without risk of FP's). > >>Sometimes we get a lot of spam with URI's not listed in > SURBL's , > >> probably because they are too specific to our domain / locality. > >> To make sure that these spams too get caught .. we plan to > run our own > >> SURBL list. Whats the best way of achieving this ? Any inputs ? > >> > >> Thanks > >> Ram > > > > At the risk of being flamed, try www.uribl.com as well. > > > > --Chris > > Folks, he appears to be asking about creating hiw own uribl > data.. meaning > run some script through confirmed spam (specific to his geographical > location), extract the URIs and create a local zone to be > used through > rbldnsd (and preferably share it as well!!). > I understand that. But his reason is because surbl isn't catching everything. Using the two lists he will catch a lot more. And with URIBL he can contribute domains missed and have them added in minutes. Helping the entire community. No sense in him reinventing the wheel. I'll say no more on the subject. --Chris
Re: dns resolver problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tomasz Grobelny writes: > On Saturday 15 October 2005 20:51, Tomasz Grobelny wrote: > > When I try to start amavis with spam checking code enabled I get the > > following error: > > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: SpamControl: > > initializing Mail::SpamAssassin > > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: TROUBLE in > > pre_loop_hook: Error creating a DNS resolver socket: =A0 > > at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm line 202. > > > > My network (including DNS servers) seems to work just fine. I found a > > bugreport (http://bugzilla.spamassassin.org/show_bug.cgi?id=3D4619) with > > similar message but my system is IPv4/IPv6 enabled. In /etc/resolv.conf > > file only IPv4 server is active. What may cause the problem? TIA > Come on, someone must have written that code. Nobody had similar problems? you should (a) comment on bug 4619, instead of here, and (b) attempt to reproduce it with the "spamassassin" command line script instead of amavisd. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDVV4DMJF5cimLx9ARAp31AKC26JMuffBmhfCswjXjsmA+qAfuOgCbBM0H KpD446EZ8AkjHPUG300EO/k= =UhtT -END PGP SIGNATURE-
Re: dns resolver problems
On Tuesday 18 October 2005 22:41, Justin Mason wrote: > Tomasz Grobelny writes: > > On Saturday 15 October 2005 20:51, Tomasz Grobelny wrote: > > > When I try to start amavis with spam checking code enabled I get the > > > following error: > > > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: SpamControl: > > > initializing Mail::SpamAssassin > > > Oct 12 21:26:22 oswiecenia.net /usr/sbin/amavisd[29305]: TROUBLE in > > > pre_loop_hook: Error creating a DNS resolver socket: =A0 > > > at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/DnsResolver.pm line > > > 202. > > > > > > My network (including DNS servers) seems to work just fine. I found a > > > bugreport (http://bugzilla.spamassassin.org/show_bug.cgi?id=3D4619) > > > with similar message but my system is IPv4/IPv6 enabled. In > > > /etc/resolv.conf file only IPv4 server is active. What may cause the > > > problem? TIA > > > > Come on, someone must have written that code. Nobody had similar > > problems? > > you should (a) comment on bug 4619, instead of here, Message was the same but conditions different and that's why I didn't comment on that bug. But I'll try doing so next time. > and (b) attempt to reproduce it with the "spamassassin" command line script > instead of amavisd. > The same thing happened when using command line script as when using amavis. Anyway, after upgrading some packages everything works as expected. It must have been distribution specific problem (dependencies, package versions, etc) that was fixed just a few hours ago (so I haven't noticed). And I'll keep your advice for future bugreports, thanks. -- Regards, Tomasz Grobelny
Help with install and config
Hi, I have a couple of questions. I just installed SpamAssassin on one of our servers through: $ perl -MCPAN -e shell > install (the mod for Razor) which automatically installed SpamAssassin. After which I ran the test as suggested on the FAQ: $ spamassassin -tD < ./sample-spam.txt and I get pages of debugging and all seems to come out OK. But I send that message in an actual e-mail, and I look at the header, and there's no SpamAssassin additions to the header. What might be going on here? I can't find anything on the site/FAQ that goes beyond the installation than that test it mentions. Another question I have is on configuration. I ran $ man Mail::SpamAssassin::Conf and that's all real interesting, but I don't know Perl at all. How do I actually make the configuration changes, like the score level and how it tags the e-mail? Am I missing it in the MAN? I tried $ perl Mail::SpamAssassin::Conf but that does nothing. (Those of you who know Perl are probably saying DUH!) I guess one more question: I installed it on one of our smaller servers, less critical. Fedora Core 3. If we get this working OK, we're going to install it on our actual production server which is a ES2 with Sendmail. Is there any chance that installing SpamAssassin could screw up Sendmail at all, and in any way prevent mail from operating on the server? Or is worst-case scenario just mail won't get tagged with SpamAssassin scores? Thanks for any feedback!
False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Hi - We are receiving mail from a site that includes the headers: Received: from mail1..com (mail..com [xx.xx.xx.xx]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IM7qTG018418 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 18:07:52 -0400 Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx] by mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR This easily causes a very high spam score. I've never seen these tests be positive for non-spam mail. That last Received line definitely looks suspicious, but it's real. The rest of the header follows. Is this a deranged mail server, or is spamassassin at fault? Thanks. - Mark Date: Tue, 18 Oct 2005 14:36:54 -0700 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_009F_01C5D3F1.633A6E80" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <[EMAIL PROTECTED]> X-Declude-Spoolname: 424328766399.EML X-Declude-Note: Scanned by Declude 2.0.6.16 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [-5] at 15:37:16 on 18 Oct 2005 X-Declude-Fail: None X-Country-Chain: UNITED STATES->destination X-NOTE: hpcsystems.com X-Scanned-By: MIMEDefang 2.45
Re: Help with install and config
Liam-PrintingAutomation wrote: Another question I have is on configuration. I ran $ man Mail::SpamAssassin::Conf and that's all real interesting, but I don't know Perl at all. How do I actually make the configuration changes, like the score level and how it tags the e-mail? Am I missing it in the MAN? I tried $ perl Mail::SpamAssassin::Conf but that does nothing. (Those of you who know Perl are probably saying DUH!) Nevermind that question, I found: /etc/mail/spamassassin/local.cf which appears to have all the settings I can think of needing to change. But I'm still wondering why the e-mails coming in still aren't getting checked through SpamAssassin, and curious as to how badly a bad install could hurt the mail reception process. Thanks!
Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Mark London wrote: Hi - We are receiving mail from a site that includes the headers: Received: from mail1..com (mail..com [xx.xx.xx.xx]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IM7qTG018418 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 18:07:52 -0400 Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx] by mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR This easily causes a very high spam score. I've never seen these tests be positive for non-spam mail. That last Received line definitely looks suspicious, but it's real. The rest of the header follows. Is this a deranged mail server, or is spamassassin at fault? Thanks. - Mark You obfuscated all of the network addresses required to produce an intelligent response. You also didn't say at (after) which host (received header) the mail is being scanned. Daryl
Re: Help with install and config
Liam-PrintingAutomation wrote: But I'm still wondering why the e-mails coming in still aren't getting checked through SpamAssassin, and curious as to how badly a bad install could hurt the mail reception process. Thanks! You're probably not piping the mails to SpamAssassin for them to be checked. Daryl
Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Mark London wrote: > Hi - We are receiving mail from a site that includes the headers: > > Received: from mail1..com (mail..com [xx.xx.xx.xx]) > by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id > j9IM7qTG018418 > for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 18:07:52 -0400 > Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx] by > mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 > > This causes spamassassin to flag it with: > > HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR 1) do you have a trusted_networks setting? If so, does it include "mail1.xxx.com"? If so, are you sure you what to? 2) If you don't have a trusted_networks setting, what would the spamassassin system resolve the IP address of psfcsv1.psfc.mit.edu as? Is it a reserved address (ie: 10.*, 192.168.*, etc) due to split-dns? If it's a reserved address, you must manually declare a trusted_networks setting. You're suffering from a broken trust path caused by the "auto guesser" being confused. See: http://wiki.apache.org/spamassassin/TrustPath
Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Hi - spamassassin is running on psfcsv1.psfc.mit.edu (has been for several years, with same configuration)/ I don't use trusted_networks. If I change the 2nd received line to: Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net ([xx.xx.xx.xx]) by > mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 The problem goes away. Note the added (). This also works: Received: from FOOBAR (adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx]) by > mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 It doesn't like it when the HELLO is adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.netWhy? Mark At 7:29 PM -0400 10/18/05, Matt Kettler wrote: Mark London wrote: Hi - We are receiving mail from a site that includes the headers: Received: from mail1..com (mail..com [xx.xx.xx.xx]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IM7qTG018418 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 18:07:52 -0400 > Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx] by mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 > This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR 1) do you have a trusted_networks setting? If so, does it include "mail1.xxx.com"? If so, are you sure you what to? 2) If you don't have a trusted_networks setting, what would the spamassassin system resolve the IP address of psfcsv1.psfc.mit.edu as? Is it a reserved address (ie: 10.*, 192.168.*, etc) due to split-dns? If it's a reserved address, you must manually declare a trusted_networks setting. You're suffering from a broken trust path caused by the "auto guesser" being confused. See: http://wiki.apache.org/spamassassin/TrustPath
Fwd: Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Mark London wrote: Mark London wrote: Hi - We are receiving mail from a site that includes the headers: Received: from mail1..com (mail..com [xx.xx.xx.xx]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IM7qTG018418 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 18:07:52 -0400 Received: from adsl-xx-xx-xx-xx.dsl.pltn13.pacbell.net [xx.xx.xx.xx] by mail1..com with SMTP; Tue, 18 Oct 2005 15:36:54 -0600 This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR This easily causes a very high spam score. I've never seen these tests be positive for non-spam mail. That last Received line definitely looks suspicious, but it's real. The rest of the header follows. Is this a deranged mail server, or is spamassassin at fault? Thanks. - Mark You obfuscated all of the network addresses required to produce an intelligent response. You also didn't say at (after) which host (received header) the mail is being scanned. I believe (although I could be wrong), that none of the below spam tests rely on what I removed, except that you need to know that xx represents a number. 20_fake_helo_tests.cf:header HELO_DYNAMIC_DHCP X-Spam-Relays-Untrusted =~ /^[^\] ]+ helo=\S*(?:cm|catv|docsis|cable|dsl|dhcp|cpe|node)\S*\d+[^\d\s]+\d+/i 20_fake_helo_tests.cf:header HELO_DYNAMIC_HCC X-Spam-Relays-Untrusted =~ /^[^\ ]]+ helo=\S*\d+[^\d\s]+\d+\S*\.(?:docsis|cable|dsl|adsl|dhcp|cpe)\./i 20_fake_helo_tests.cf:header HELO_DYNAMIC_IPADDR X-Spam-Relays-Untrusted =~ /^[^ \]]+ helo=[a-z]\S*\d+[^\d\s]\d+[^\d\s]\d+[^\d\s]\d+[^\d\s][^\.]*\.\S+\.\S+/i spamassassin is running on psfcsv1.psfc.mit.edu - Mark Nope, the actual numbers and which host is doing the scanning make a huge difference in positively identifying a trust path issue. Received: from mail1.easyasphosting.com (mail.easyasphosting.com [72.18.128.5]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IFVi4u011453 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 11:31:44 -0400 Received: from adsl-69-233-55-246.dsl.pltn13.pacbell.net (adsl-69-233-55-246.dsl .pltn13.pacbell.net [69.233.55.246]) by mail1.easyasphosting.com with SMTP; Tue, 18 Oct 2005 09:30:50 -0600
Re: Help with install and config
Rick Macdougall wrote: Liam-PrintingAutomation wrote: Liam-PrintingAutomation wrote: Another question I have is on configuration. I ran $ man Mail::SpamAssassin::Conf and that's all real interesting, but I don't know Perl at all. How do I actually make the configuration changes, like the score level and how it tags the e-mail? Am I missing it in the MAN? I tried $ perl Mail::SpamAssassin::Conf but that does nothing. (Those of you who know Perl are probably saying DUH!) Nevermind that question, I found: /etc/mail/spamassassin/local.cf which appears to have all the settings I can think of needing to change. But I'm still wondering why the e-mails coming in still aren't getting checked through SpamAssassin, and curious as to how badly a bad install could hurt the mail reception process. Thanks! Hi, How are you calling spamassassin (or spamc)? What mail server software are you using ? More details required please. spamassassin, not spamc. Sorry, I thought I'd mentioned it earlier. We're using Sendmail. Actually, we are using Sendmail on the ES2 server SpamAssassin will be going on, but I'm only 90% sure we're using Sendmail on the FedoraCore3 server I'm testing it on. I'm not at work now, so I can't check, but we're using the FC3 "out of the box," so I guess it's using Sendmail. Sorry. Liam
Re: Help with install and config
Liam-PrintingAutomation,Inc. wrote: Rick Macdougall wrote: Hi, How are you calling spamassassin (or spamc)? What mail server software are you using ? More details required please. spamassassin, not spamc. Sorry, I thought I'd mentioned it earlier. We're using Sendmail. Actually, we are using Sendmail on the ES2 server SpamAssassin will be going on, but I'm only 90% sure we're using Sendmail on the FedoraCore3 server I'm testing it on. I'm not at work now, so I can't check, but we're using the FC3 "out of the box," so I guess it's using Sendmail. Sorry. Liam Hi, Well you need to call spamassassin (or spamc, that's a better option) somehow. You'll need amavis, mail-scanner, procmail or some other method of calling SA. Can't be much more help than that I'm afraid as I don't run sendmail. Regards, Rick
Re: Help with install and config
On Tue, Oct 18, 2005 at 07:14:46PM -0500, Liam-PrintingAutomation,Inc. wrote: > >How are you calling spamassassin (or spamc)? What mail server > >software are you using ? > > we're using the FC3 "out of the box," so I guess it's using Sendmail. So the question still remains -- how are you having sendmail call spamassassin? -- Randomly Generated Tagline: "There ought to be limits to freedom." - George W. Bush (Gov. of Texas) pgpmyLJUXiVc0.pgp Description: PGP signature
Re: Help with install and config
Theo Van Dinter wrote: On Tue, Oct 18, 2005 at 07:14:46PM -0500, Liam-PrintingAutomation,Inc. wrote: How are you calling spamassassin (or spamc)? What mail server software are you using ? we're using the FC3 "out of the box," so I guess it's using Sendmail. So the question still remains -- how are you having sendmail call spamassassin? Well, that IS the question, then isn't it. Because I don't know. Evidently I'm not. I need to know how to. I don't seem to be finding anything on the site, so I must be missing it. I installed spamassassin, ran the test, found the config file, and that's it. If I need to do something else, I can't find it. A hint, a clue, a URL, is all I'm asking. Thanks! Liam
Re: Help with install and config
Rick Macdougall wrote: Hi, Well you need to call spamassassin (or spamc, that's a better option) somehow. You'll need amavis, mail-scanner, procmail or some other method of calling SA. Can't be much more help than that I'm afraid as I don't run sendmail. Ah, OK. I'll look into those things and see what I can find. Thanks for the tips! Liam
Re: Fwd: Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Mark London wrote: Mark London wrote: Mark London wrote: Hi - We are receiving mail from a site that includes the headers: This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR Received: from mail1.easyasphosting.com (mail.easyasphosting.com [72.18.128.5]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IFVi4u011453 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 11:31:44 -0400 Received: from adsl-69-233-55-246.dsl.pltn13.pacbell.net (adsl-69-233-55-246.dsl .pltn13.pacbell.net [69.233.55.246]) by mail1.easyasphosting.com with SMTP; Tue, 18 Oct 2005 09:30:50 -0600 71/8 and 72/8, which used to be unassigned, were assigned and are causing the trust path "guesser" to guess wrong. You have two options: 1) Configure trusted_networks manually (you should do this anyway); or 2) Upgrade to SA 3.0.4 or SA 3.1.0 (another good idea) Daryl
Re: Fwd: Re: False positive for HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC & HELO_DYNAMIC_IPADDR
Thanks for the info! Daryl C. W. O'Shea wrote: Mark London wrote: Mark London wrote: Mark London wrote: Hi - We are receiving mail from a site that includes the headers: This causes spamassassin to flag it with: HELO_DYNAMIC_DHCP HELO_DYNAMIC_HCC HELO_DYNAMIC_IPADDR Received: from mail1.easyasphosting.com (mail.easyasphosting.com [72.18.128.5]) by psfcsv1.psfc.mit.edu (8.13.1/8.13.1) with ESMTP id j9IFVi4u011453 for <[EMAIL PROTECTED]>; Tue, 18 Oct 2005 11:31:44 -0400 Received: from adsl-69-233-55-246.dsl.pltn13.pacbell.net (adsl-69-233-55-246.dsl .pltn13.pacbell.net [69.233.55.246]) by mail1.easyasphosting.com with SMTP; Tue, 18 Oct 2005 09:30:50 -0600 71/8 and 72/8, which used to be unassigned, were assigned and are causing the trust path "guesser" to guess wrong. You have two options: 1) Configure trusted_networks manually (you should do this anyway); or 2) Upgrade to SA 3.0.4 or SA 3.1.0 (another good idea) Daryl
Re: Rules Du Jour missing rulesets?
> No index found for ruleset named SARE_SPAMCOP_TOP200. Check that this ruleset is still valid. You should do exactly what the error message recommends. Loren
Re: Managing a personal SURBL list
Chris Santerre a écrit : I understand that. But his reason is because surbl isn't catching everything. Using the two lists he will catch a lot more. And with URIBL he can contribute domains missed and have them added in minutes. Helping the entire community. No sense in him reinventing the wheel. One might blocks URIs on a site basis. an example is the geocities case, when one may want to block it until yahoo solve the problem. but there are other cases. I get spam from some NLs that have bad/inexistent optin/optout, but that other people may want to receive, so these won't be listed. of course, I can add rules to do so, but this is less manageable than a local dnsbl (modifying rules require restarting daemons that use SA, ... etc).
