RE: OT - Is XO a good ISP?

[Kurt Buff]

Just got back from vaca - take a look at the current issue of Network World.
It seems the XO is selling off their wireline stuff, and going wireless.


XO, a CLEC, is selling its national wireline telecommunications 
business for $700 million in cash to finance its transition to a 
fixed broadband wireless provider. The buyer is Elk Associates, 
an entity owned by XO's controlling stockholder, Carl Icahn, 
which has executed a definitive agreement to purchase the 
wireline business. 


I'd ask your sales geek about that before I made a committment...

Kurt

> -Original Message-
> From: Bret Miller [mailto:[EMAIL PROTECTED]
> Sent: Thursday, November 10, 2005 15:17
> To: users@spamassassin.apache.org
> Subject: OT - Is XO a good ISP?
> 
> 
> I wouldn't normally ask this, but perhaps I should more often. We're
> likely changing our ISP when we relocate soon and XO Communications
> seems to be the choice of management this time. Obviously, I'd like an
> ISP whose IP ranges aren't blocked by half the mail servers 
> in the U.S.
> We'll have T1 service with a static IP range, so we shouldn't have the
> obvious issues that you have on DSL or dial-up ranges. But, just in
> case, is XO a good ISP? Anyone?
> 
> Feel free to reply off-list.
> 
> Thanks,
> Bret
> E-mail: [EMAIL PROTECTED]
> Spam only to: [EMAIL PROTECTED]
> 
> 
> 


  

RE: SA Errors on --lint run

[Tracey Gates]

Thanks Craig,
It took someone else to point out that I didn't read the entire error
message.  On first glance I thought it was correct but I misspelled
spamassissin  (I spelled it "spamassisin" with one less "s").

DUH!!!  Thanks again!



Tracey Gates
Lead Developer
[EMAIL PROTECTED]

1350 South Boulder, Third Floor / Tulsa, OK 74119-3203
Phone 918-663-0991 / Fax 918-663-0840

This communication is intended only for the recipient(s) named above;
may be confidential and/or legally privileged; and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please reply to the sender and
then delete the message from your computer system immediately.



-Original Message-
From: Craig McLean [mailto:[EMAIL PROTECTED]
Sent: Monday, November 14, 2005 3:14 PM
To: Tracey Gates
Cc: users@spamassassin.apache.org
Subject: Re: SA Errors on --lint run


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tracey Gates wrote:
> I'm trying to run it as user root but I'm still getting these error
> messages:
>
> 
> [EMAIL PROTECTED] mail]# /usr/local/sbin/rules_du_jour
> mkdir: cannot create directory `/etc/mail/spamassasin/RulesDuJour': No

> such file or directory
[snip]

Do you actually *have* an /etc/mail/spamassassin directory? This error
is commonly seen when creating a directory /a/b/c/d when the directory
/a/b/c does not exist. If you are storing your local rules somewhere
other than /etc/mail/spamassassin, you should make the relevant change
in /etc/rulesdujour/config

C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDeP4fMDDagS2VwJ4RAhOOAKCeIw28G+6p22+w2CirDKEhShew0wCfZwrO
nuzZr8Ff6TPSG+oeJNCzfvY=
=OpYd
-END PGP SIGNATURE-

Re: SA Errors on --lint run

[Craig McLean]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tracey Gates wrote:
> I'm trying to run it as user root but I'm still getting these error
> messages:
> 
> 
> [EMAIL PROTECTED] mail]# /usr/local/sbin/rules_du_jour
> mkdir: cannot create directory `/etc/mail/spamassasin/RulesDuJour': No
> such file or directory
[snip]

Do you actually *have* an /etc/mail/spamassassin directory? This error
is commonly seen when creating a directory /a/b/c/d when the directory
/a/b/c does not exist.
If you are storing your local rules somewhere other than
/etc/mail/spamassassin, you should make the relevant change in
/etc/rulesdujour/config

C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDeP4fMDDagS2VwJ4RAhOOAKCeIw28G+6p22+w2CirDKEhShew0wCfZwrO
nuzZr8Ff6TPSG+oeJNCzfvY=
=OpYd
-END PGP SIGNATURE-

RE: SA Errors on --lint run

[Tracey Gates]

I'm trying to run it as user root but I'm still getting these error
messages:


[EMAIL PROTECTED] mail]# /usr/local/sbin/rules_du_jour
mkdir: cannot create directory `/etc/mail/spamassasin/RulesDuJour': No
such file or directory
/usr/local/sbin/rules_du_jour: line 675: cd:
/etc/mail/spamassasin/RulesDuJour: No such file or directory
***NOTICE***: Cannot write to /etc/mail/spamassasin.  Are you running as
the correct user?  No rulesets will be checked or updated.
***NOTICE***: Cannot write to /etc/mail/spamassasin/RulesDuJour.  Are
you running as the correct user?  No rulesets will be checked or
updated.
exec: curl -w %{http_code} --compressed -O -R -s -S -z
/etc/mail/spamassasin/RulesDuJour/rules_du_jour
http://sandgnat.com/rdj/rules_du_jour 2>&1
curl_output: 200
Performing preliminary lint (sanity check; does the CURRENT config
lint?).
No files updated; No restart required.


Rules Du Jour Run Summary:RulesDuJour Run Summary on yoursummit.com:

***NOTICE***: Cannot write to /etc/mail/spamassasin.  Are you running as
the correct user?  No rulesets will be checked or updated.

***NOTICE***: Cannot write to /etc/mail/spamassasin/RulesDuJour.  Are
you running as the correct user?  No rulesets will be checked or
updated.
[EMAIL PROTECTED] mail]# /etc/mail/submit.cf: line 528: fileclass: cannot
open '/etc/mail/trusted-users': Group writable directory
**




Tracey Gates
Lead Developer
[EMAIL PROTECTED]

1350 South Boulder, Third Floor / Tulsa, OK 74119-3203
Phone 918-663-0991 / Fax 918-663-0840

This communication is intended only for the recipient(s) named above;
may be confidential and/or legally privileged; and, must be treated as
such in accordance with state and federal laws. If you are not the
intended recipient, you are hereby notified that any use of this
communication, or any of its contents, is prohibited. If you have
received this communication in error, please reply to the sender and
then delete the message from your computer system immediately.



-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Monday, November 14, 2005 3:00 PM
To: Tracey Gates
Cc: users@spamassassin.apache.org
Subject: Re: SA Errors on --lint run


Tracey Gates wrote:
> Thanks Matt.
>
> What should the permissions & ownership be to run the Rules Du Jour
> script?  Getting the following:
>
>
>
> Rules Du Jour Run Summary:RulesDuJour Run Summary on
> yoursummit.com:
>
> ***NOTICE***: Cannot write to /etc/mail/spamassasin.  Are you
> running as the correct user?  No rulesets will be checked or
> updated.
>
> ***NOTICE***: Cannot write to /etc/mail/spamassasin/RulesDuJour.
> Are you running as the correct user?  No rulesets will be checked
or
> updated.
>
>
> I have the files set with *root:mail* and *777* for the permissions on

> the /etc/mail/spamassassin & all files and directories under there.
>
>


Depends on how yo're calling RDJ.. if you're running it as root, you
should be fine. However, if you have it in /etc/cron.daily/ then it will
likely run as the user "cron" instead of root.

Re: SA Errors on --lint run

[Matt Kettler]

Tracey Gates wrote:
> Thanks Matt.
> 
> What should the permissions & ownership be to run the Rules Du Jour
> script?  Getting the following:
> 
> 
> 
> Rules Du Jour Run Summary:RulesDuJour Run Summary on yoursummit.com:
> 
> ***NOTICE***: Cannot write to /etc/mail/spamassasin.  Are you
> running as the correct user?  No rulesets will be checked or updated.
> 
> ***NOTICE***: Cannot write to /etc/mail/spamassasin/RulesDuJour. 
> Are you running as the correct user?  No rulesets will be checked or
> updated.
> 
> 
> I have the files set with *root:mail* and *777* for the permissions on
> the /etc/mail/spamassassin & all files and directories under there.
> 
> 


Depends on how yo're calling RDJ.. if you're running it as root, you should be
fine. However, if you have it in /etc/cron.daily/ then it will likely run as the
user "cron" instead of root.

RE: Rule for this ??-LINT

[Jean-Paul Natola]

On Monday 14 November 2005 11:22, Casey King wrote:
>Okay,
>
>I have the rule in my local.cf as
>
>body L_DRUGS11 /([CVAXP] ){5}/
>header L_DRUGS12 MESSAGEID =~
>/^<[EMAIL PROTECTED]>/
>meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>score L_DRUGS1 5
>describe L_DRUGS1 Strange Message-ID and Spam signature in body
>
>
>Since it did not seem to get picked up by the rule.  I updated
>rulesdujour from the command line:
>
>./rules_du_jour
>
This sounds like a great idea.

If it works with 3.0.4, where can I get it?

>No errors were reported.
>
>Doing a spamassassin --lint returned no errors.
>
>To see if I could stop this type of message, I sent from one of my
> trash accounts, and this is what happens when the message comes
> through. Still not getting tagged with the new rule.
>
>
>-1.80  ALL_TRUSTED Did not pass through any untrusted hosts
>-2.71  AWL From: address is in the auto white-list
>0.50   HTML_40_50  Message is 40% to 50% HTML
>0.00   HTML_MESSAGEHTML included in message
>0.64   SARE_MSGID_LONG40   Message ID has suspicious length
>0.69   SARE_SPEC_LEO_LINE06
>5.00   SARE_URI_EQUALS Trying to hide the real URL with IE parsing bug
>0.00   UPPERCASE_25_50 message body is 25-50% uppercase
>
>-Original Message-
>From: Pierre Thomson [mailto:[EMAIL PROTECTED]
>Sent: Monday, November 14, 2005 9:19 AM
>To: Casey King; SpamAssassin Users
>Subject: RE: Rule for this ??
>
>Casey King wrote:
>>> body L_DRUGS11 /([CVAXP] ){5}/
>>> header L_DRUGS12 MESSAGEID =~
>>> /^<[EMAIL PROTECTED]>/
>>> meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>>> score L_DRUGS1 5
>>> describe L_DRUGS1 Strange Message-ID and Spam signature in body.
>>
>> This rule goes in the local.cf file right?  I added this rule, and
>> restarted MailScanner and it does not seem to be reading the rule.  I
>> am not so good with writing rules, but I was wondering
>>
>> Body L_DRUGS11
>> Score L_DRUGS1
>>
>> Are these supposed to be set this way, or do these both need to be
>> set
>>
>> to '1' or '11'???
>
>There are two sub-rules (L_DRUGS11 and L_DRUGS12) and one meta rule
>(L_DRUGS1) which gets the score and description.  But you might have a
>problem with the line wrap; the line starting with "header" should end
>in "+>/".  Run "spamassassin --lint" to check your configuration.
>
>Pierre



Hi all, I *believe* I have applied the following rule correctly, 

To verify I ran the --lint , it all checked out ok BUT its giving some errors
with respect to the whitelisted entries I  have in the local.cf that resides
in the SA directory

I know my whitelist works  as I had a previously rejected message resent ,
and it came through without a hitch;

Here's the output from lint

And no, I did NOT add the custom rule to the local.cf 



milter# spamassassin --lint
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is 
not
valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED]
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is
not valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd
[EMAIL PROTECTED]
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is 
not
valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED]
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is 
not
valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd [EMAIL PROTECTED]
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is
not valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd
[EMAIL PROTECTED]
[923] warn: config: SpamAssassin failed to parse line, "[EMAIL PROTECTED]" is
not valid for "whitelist_from_rcvd", skipping: whitelist_from_rcvd
[EMAIL PROTECTED]
[923] warn: lint: 6 issues detected, please rerun with debug enabled for more
information

Re: SA as a plug-in for Apple Mail?

[Vivek Khera]

On Nov 14, 2005, at 10:50 AM, David A. Roth wrote:

While the junk mail filter on Apple Mail is ok, SA is much better.  
Is there a way to run SA on the Mac OS X where the Apple Mail  
client can make use of SA?


you run SA on your mail server as normal, and tell Apple Mail to  
honor the SA results, presuming your SA config inserts the  
appropriate score headers into the mail message.


personally, I just turned off the Apple Mail junk filtering, because  
I can't tell it to ignore learning all these messages in the SA and  
spam-l lists as non-junk.  so it gets confused

[SARE] Changes in Spoof ruleset

[Fred]

I made changes to the spoof set, no more 104 points for any rules.

I added meta's to check for whitelist_from, if whitelist_from hits AND
sare_forged_(ebay|paypal|etc) then we score 100 points.  This way, if
people don't whitelist then the spoof will only score 4.0 from our
ruleset..  If it's a spoof and it's whitelisted, then we score 104 to
over-ride the whitelist.

Thank you,

Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
810-794-4400

RE: SA Errors on --lint run

[Tracey Gates]

Title: Message



Thanks Matt.What should the
permissions & ownership be to run the Rules Du Jour script?  Getting
the following:

  Rules Du Jour
  Run Summary:RulesDuJour Run Summary on yoursummit.com:***NOTICE***:
  Cannot write to /etc/mail/spamassasin.  Are you running as the correct
  user?  No rulesets will be checked or updated.***NOTICE***:
  Cannot write to /etc/mail/spamassasin/RulesDuJour.  Are you running as
  the correct user?  No rulesets will be checked or
updated.
I
have the files set with root:mail and 777 for
the permissions on the /etc/mail/spamassassin & all files and directories
under there.
Tracey GatesLead Developer[EMAIL PROTECTED]1350
South Boulder, Third Floor / Tulsa, OK 74119-3203Phone 918-663-0991 / Fax
918-663-0840This communication is intended only for the recipient(s)
named above; may be confidential and/or legally privileged; and, must be treated
as such in accordance with state and federal laws. If you are not the intended
recipient, you are hereby notified that any use of this communication, or any of
its contents, is prohibited. If you have received this communication in error,
please reply to the sender and then delete the message from your computer system
immediately.-Original Message-From: Matt Kettler [mailto:[EMAIL PROTECTED]]Sent:
Monday, November 14, 2005 1:49 PMTo: Tracey GatesCc:
users@spamassassin.apache.orgSubject: Re: SA Errors on --lint
runTracey Gates wrote:> I'm getting the following errors when
I run SpamAssassin --lint:> > I haven't touched my config
file for a very long time and SA seems to> have been working fine. 
I'm trying to run Rules Du Jour to update my> SARE rules and am getting
the following error.  I'm running> SpamAssassin version
3.0.2.In general your using old syntax that applies to very old versions
of SA..Did you use a web-form to generate your local.cf? if so, don't,
that site is valid for SA 2.50 only.> > [EMAIL PROTECTED]
SpamAssassin]# spamassassin --lint> config: SpamAssassin failed to parse
line, skipping: rewrite_subject 
0Deprecated as of SA 3.0.0 in favor of the more flexible rewrite_header
command Read the SA 3.0.x UPGRADE document for details.> config:
SpamAssassin failed to parse line, skipping:
report_header    1> config:
SpamAssassin failed to parse line, skipping:
use_terse_report 1> config: SpamAssassin failed
to parse line, skipping:
defang_mime  0All
of the above are deprecated in SA 2.60 and higher. See report_safe
instead.> config: SpamAssassin failed to parse line, skipping:
spam_level_stars 0Deprecated in SA 3.0.0 due to
redundancy with the report template commands.> config: SpamAssassin
failed to parse line, skipping:
auto_learn  
1auto_learn was deprecated for bayes_auto_learn in SA 2.60>
Net::DNS version is 0.31, but need 0.34dnsavailable-1 at>
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230.> lint:
6 issues detected.  please rerun with debug enabled for more>
information.> >> __>> *Tracey
Gates*> *Lead Developer*> __ [EMAIL PROTECTED]>>
*1350 South Boulder, Third Floor / Tulsa, OK 74119-3203> Phone
918-663-0991 / Fax 918-663-0840*>> This communication is intended
only for the recipient(s) named above;> may be confidential and/or
legally privileged; and, must be treated as> such in accordance with
state and federal laws. If you are not the> intended recipient, you are
hereby notified that any use of this> communication, or any of its
contents, is prohibited. If you have> received this communication in
error, please reply to the sender and> then delete the message from your
computer system
immediately.>> 

RE: Problems with DomainKeys

[Matt Rossiter]

Yeah that was it.

I got rid of most of the errors by installing the RSA Module 
# cd /usr/ports/security/p5-Crypt-OpenSSL-RSA.  
# make install

Then I got just this error message.


www# spamassassin --lint
[28576] warn: rules: failed to run DK_POLICY_SIGNALL test, skipping:
[28576] warn: _(Can't locate object method "header" via package
"Mail::DomainKeys::Message" at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/DomainKeys
.pm line 213.
[28576] warn: )
[28576] warn: lint: 1 issues detected, please rerun with debug enabled
for more information


I tried reinstall DomainKeys
cd /usr/ports/mail/p5-Mail-DomainKeys
make install

Still same problem.  It was suggested to me that I needed to apply a
patch.

So I did this.  Downloaded the patch
http://issues.apache.org/SpamAssassin/attachment.cgi?id=3210&action=view

cd /usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/
vi DomainKeys-patch
copy and paste the patch

Then
patch -p0 < DomainKeys-patch

'spamassassin --lint' now works with no error messages.

Thanks for all the help!

Matt



-Original Message-
From: Chris Stone [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 14, 2005 11:24 AM
To: users@spamassassin.apache.org
Subject: Re: Problems with DomainKeys


On Mon, November 14, 2005 12:09 pm, Matt Rossiter wrote:
> I am running FreeBSD 5.4 with the latest version of SpamAssassin
3.1.0.
> I'm also using Mimedefang 2.54.  Spamassassin was installed from a
> recently updated version of /usr/ports/mail/p5-Mail-SpamAssassin/.
>
> I am having a hard time figuring out how to fix this problem when I
run
> 'spamassassin -lint'
>
> www# spamassassin --lint
>
> [26996] warn: plugin: failed to parse plugin (from @INC): Can't locate
> Crypt/OpenSSL/RSA.pm in @INC (@INC contains: lib

Try installing Crypt::OpenSSL::RSA. You should be able to do that with:

perl -MCPAN -e 'install Crypt::OpenSSL::RSA'


-Chris

Re: SA Errors on --lint run

[Matt Kettler]

Tracey Gates wrote:
> I'm getting the following errors when I run SpamAssassin --lint:
>  
> I haven't touched my config file for a very long time and SA seems to
> have been working fine.  I'm trying to run Rules Du Jour to update my
> SARE rules and am getting the following error.  I'm running SpamAssassin
> version 3.0.2.

In general your using old syntax that applies to very old versions of SA..

Did you use a web-form to generate your local.cf? if so, don't, that site is
valid for SA 2.50 only.

>  
> [EMAIL PROTECTED] SpamAssassin]# spamassassin --lint
> config: SpamAssassin failed to parse line, skipping: rewrite_subject  0

Deprecated as of SA 3.0.0 in favor of the more flexible rewrite_header command
Read the SA 3.0.x UPGRADE document for details.

> config: SpamAssassin failed to parse line, skipping: report_header1
> config: SpamAssassin failed to parse line, skipping: use_terse_report 1
> config: SpamAssassin failed to parse line, skipping: defang_mime  0

All of the above are deprecated in SA 2.60 and higher. See report_safe instead.

> config: SpamAssassin failed to parse line, skipping: spam_level_stars 0

Deprecated in SA 3.0.0 due to redundancy with the report template commands.

> config: SpamAssassin failed to parse line, skipping: auto_learn   1

auto_learn was deprecated for bayes_auto_learn in SA 2.60

> Net::DNS version is 0.31, but need 0.34dnsavailable-1 at
> /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230.
> lint: 6 issues detected.  please rerun with debug enabled for more
> information.
>  
> 
> __
> 
> *Tracey Gates*
> *Lead Developer*
> __ [EMAIL PROTECTED]
> 
> *1350 South Boulder, Third Floor / Tulsa, OK 74119-3203
> Phone 918-663-0991 / Fax 918-663-0840*
> 
> This communication is intended only for the recipient(s) named above;
> may be confidential and/or legally privileged; and, must be treated as
> such in accordance with state and federal laws. If you are not the
> intended recipient, you are hereby notified that any use of this
> communication, or any of its contents, is prohibited. If you have
> received this communication in error, please reply to the sender and
> then delete the message from your computer system immediately.
> 
>  

Re: Problems with DomainKeys

[Chris Stone]

On Mon, November 14, 2005 12:09 pm, Matt Rossiter wrote:
> I am running FreeBSD 5.4 with the latest version of SpamAssassin 3.1.0.
> I'm also using Mimedefang 2.54.  Spamassassin was installed from a
> recently updated version of /usr/ports/mail/p5-Mail-SpamAssassin/.
>
> I am having a hard time figuring out how to fix this problem when I run
> 'spamassassin -lint'
>
> www# spamassassin --lint
>
> [26996] warn: plugin: failed to parse plugin (from @INC): Can't locate
> Crypt/OpenSSL/RSA.pm in @INC (@INC contains: lib

Try installing Crypt::OpenSSL::RSA. You should be able to do that with:

perl -MCPAN -e 'install Crypt::OpenSSL::RSA'


-Chris

SA Errors on --lint run

[Tracey Gates]

Title: Message



I'm getting the
following errors when I run SpamAssassin --lint:
 
I haven't touched my
config file for a very long time and SA seems to have been working fine. 
I'm trying to run Rules Du Jour to update my SARE rules and am getting the
following error.  I'm running SpamAssassin version
3.0.2.
 
[EMAIL PROTECTED] SpamAssassin]# spamassassin
--lintconfig: SpamAssassin failed to parse line, skipping:
rewrite_subject  0config: SpamAssassin failed
to parse line, skipping: report_header   
1config: SpamAssassin failed to parse line, skipping:
use_terse_report 1config: SpamAssassin failed to
parse line, skipping: spam_level_stars 0config:
SpamAssassin failed to parse line, skipping:
defang_mime  0config:
SpamAssassin failed to parse line, skipping:
auto_learn  
1Net::DNS version is 0.31, but need 0.34dnsavailable-1 at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 1230.lint: 6
issues detected.  please rerun with debug enabled for more
information.
 
Tracey GatesLead
Developer[EMAIL PROTECTED] 
1350 South Boulder, Third Floor / Tulsa, OK 74119-3203Phone
918-663-0991 / Fax 918-663-0840
This communication is intended only for the recipient(s) named above; may be
confidential and/or legally privileged; and, must be treated as such in
accordance with state and federal laws. If you are not the intended recipient,
you are hereby notified that any use of this communication, or any of its
contents, is prohibited. If you have received this communication in error,
please reply to the sender and then delete the message from your computer system
immediately.
 

Problems with DomainKeys

[Matt Rossiter]

I am running FreeBSD 5.4 with the latest version of SpamAssassin 3.1.0.  I’m also
using Mimedefang 2.54.  Spamassassin was installed from a recently updated
version of /usr/ports/mail/p5-Mail-SpamAssassin/.

 

I am having a hard time figuring out how
to fix this problem when I run ‘spamassassin –lint’

 

 

www# spamassassin --lint

[26996] warn: plugin: failed to parse plugin (from @INC):
Can't locate Crypt/OpenSSL/RSA.pm in @INC (@INC contains: lib
/usr/local/lib/perl5/site_perl/5.8.7/i386-freebsd
/usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/5.8.7/i386-freebsd
/usr/local/lib/perl5/5.8.7 /usr/local/lib/perl5/site_perl) at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Key/Public.pm line 130.

[26996] warn: BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Key/Public.pm line 130.

[26996] warn: Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Signature.pm line 153.

[26996] warn: BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Signature.pm line 153.

[26996] warn: Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Message.pm line 14.

[26996] warn: BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/DomainKeys/Message.pm line 14.

[26996] warn: Compilation failed in require at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/DomainKeys.pm
line 42.

[26996] warn: BEGIN failed--compilation aborted at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Plugin/DomainKeys.pm
line 42.

[26996] warn: Compilation failed in require at (eval 64)
line 1.

[26996] warn: plugin: failed to create instance of plugin
Mail::SpamAssassin::Plugin::DomainKeys: Can't locate object method
"new" via package "Mail::SpamAssassin::Plugin::DomainKeys"
at (eval 66) line 1.

 

 

I tried disabling the DomainKeys plugin in v310.pre, but I’m
still having a problem.

 

###

# experimental plugins

 

# DomainKeys - perform DomainKeys verification

#

# External modules required for use, see INSTALL for more
information.

#

#loadplugin Mail::SpamAssassin::Plugin::DomainKeys

 

Can somebody help?

 

Thanks.

 

Matt

Re: What countries to block ?

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Andrzej Adam Filip writes:
>Bowie Bailey wrote:
>> From: Andrzej Adam Filip [mailto:[EMAIL PROTECTED]
>> 
>>>Have you tried to use AS scoring instead of (or together with)
>>>country scoring? [AS = Autonoumous (Routing) System]
>>>
>>>IMHO it is not a bad idea to give incetives to good ISP in a bad
>>>countries.
>>  
>> That's an interesting idea.  Is there a plugin for it?
>
>I have not heard.
>
>IMHO the best path will be to
>1) create tool for converting  ris projects dumps (aggregated BGP routers 
>data) into rbldnsd files
>2) creating SA plugin similar to Mail::SpamAssassin::Plugin::RelayCountry 
>getting IP->AS via TXT DNS query
>
>I am ready to create working prototype of point 1 tool if a few people would 
>like to use/test it.

FWIW, I would suggest mailing Karsten M. Self --
http://kmself.home.netcom.com/ -- about this, too.   He's been working on
a form of that idea for quite a while, and would probably be very
interested in collaboration...

- --j.

>Comments:
>ris dumps as they are now will not deliver "full coverage" but sufficiently 
>high to start with
>
>URL(s):
>http://www.ris.ripe.net/dumps/
>
>-- 
>[en: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED]
>http://anfi.homeunix.net/  Netcraft Site Rank: 469320
>All that is necessary for the triumph of evil is that good men do nothing
>  -- Edmund Burke, 18th century
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFDeOAzMJF5cimLx9ARAuPMAKCYyYW9Fmk29q66oCPMcqk9iksgowCfRxXp
I/jYPnZ71WnR+s2c4TQN86E=
=DlN2
-END PGP SIGNATURE-

Re: GERMAN ruleset updated

[Dhawal Doshy]

Michael Monnerie writes: 


On Samstag, 12. November 2005 16:04 Dhawal Doshy wrote:

warning: description for ZMIfish_VOLKSBANK2 is over 50 chars
warning: rule 'ZMIde_EMAIL_CAREERBULLDER' is over 22 chars
warning: rule 'ZMIfish_NETBANKING_FROM' is over 22 chars


Oh sorry. I got a report once about some names being too large. That 
warnings are not displayed in 3.1 anymore, which is what I use. Either 
way, I'll fix it done. 


New update is in, should be without length warnings.


Thank you, worked fine this time.. 


- dhawal

Re: Rules Du Jour Script Error

[Chris Thielen]

Hi Tracey!


Tracey Gates wrote:

I have followed the installation steps from the Rules Du Jour site 
(_http://www.exit0.us/index.php?pagename=RulesDuJour_) and am trying 
to run the script manually but I get the following error:
 
[EMAIL PROTECTED] sbin]# ./rules_du_jour

: bad interpreter: No such file or directory



That is usually due to bad line endings.  Are you using cygwin?  Open 
the file in vi and do:


:set fileformat=unix
:wq

-or-

:set fileformat=dos
:wq

depending on cygwin or not (cygwin == dos, other == unix).

It doesn't see to like the #!/bin/bash line.  I haven't changed any of 
the script and have it executable.  I have my configuration 
file as /etc/rulesdujour/config as stated in the installation steps.  
I have also made sure that bash is located in the /bin directory and 
it is there.  I am trying to run the script at root so there shouldn't 
be any permissions problems.
 
I'm not sure why I'm getting this error or what to do to correct it.  
Can someone please help me?



HTH!

Chris


signature.asc
Description: OpenPGP digital signature

Re: What countries to block ?

[Andrzej Adam Filip]

Bowie Bailey wrote:

From: Andrzej Adam Filip [mailto:[EMAIL PROTECTED]


Have you tried to use AS scoring instead of (or together with)
country scoring? [AS = Autonoumous (Routing) System]

IMHO it is not a bad idea to give incetives to good ISP in a bad
countries.
 
That's an interesting idea.  Is there a plugin for it?


I have not heard.

IMHO the best path will be to
1) create tool for converting  ris projects dumps (aggregated BGP routers 
data) into rbldnsd files
2) creating SA plugin similar to Mail::SpamAssassin::Plugin::RelayCountry 
getting IP->AS via TXT DNS query


I am ready to create working prototype of point 1 tool if a few people would 
like to use/test it.


Comments:
ris dumps as they are now will not deliver "full coverage" but sufficiently 
high to start with


URL(s):
http://www.ris.ripe.net/dumps/

--
[en: Andrew] Andrzej Adam Filip : [EMAIL PROTECTED] : [EMAIL PROTECTED]
http://anfi.homeunix.net/  Netcraft Site Rank: 469320
All that is necessary for the triumph of evil is that good men do nothing
 -- Edmund Burke, 18th century

Rules Du Jour Script Error

[Tracey Gates]

Title: Message



I have followed the
installation steps from the Rules Du Jour site (http://www.exit0.us/index.php?pagename=RulesDuJour)
and am trying to run the script manually but I get the following
error:
 
[EMAIL PROTECTED]
sbin]# ./rules_du_jour: bad interpreter: No such file or
directory
 
It doesn't see to
like the #!/bin/bash line.  I haven't changed any of the script and have it
executable.  I have my configuration
file as /etc/rulesdujour/config as stated in the installation
steps.  I have also made sure that bash is located in the /bin directory
and it is there.  I am trying to run the script at root so there shouldn't
be any permissions problems.
 
I'm not sure why I'm
getting this error or what to do to correct it.  Can someone please help
me?
 
Thanks!
 
 
 
Tracey GatesLead
Developer[EMAIL PROTECTED] 
1350 South Boulder, Third Floor / Tulsa, OK 74119-3203Phone
918-663-0991 / Fax 918-663-0840
This communication is intended only for the recipient(s) named above; may be
confidential and/or legally privileged; and, must be treated as such in
accordance with state and federal laws. If you are not the intended recipient,
you are hereby notified that any use of this communication, or any of its
contents, is prohibited. If you have received this communication in error,
please reply to the sender and then delete the message from your computer system
immediately.
 

Re: Blocking on tld and/or HELO with own domain

[Craig McLean]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Kenneth Porter wrote:
> --On Sunday, November 13, 2005 11:26 PM + Craig McLean
> <[EMAIL PROTECTED]> wrote:
> 
>> Ok, well if you read my last message, I've indicated a better way than
>> appending the whole thing in. Just include it using a line like:
>>
>> include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl
>>
>> to your sendmail.mc, do a "make sendmail.cf" and then "service sendmail
>> restart".
> 
> I think you can replace that with:
> 
> HACK(block_bad_helo)dnl
> 
> See the macro definitions in cfhead.m4. HACK is essentially the same as
> FEATURE, except that it looks in the hack directory and doesn't check
> that a mailer is defined first.
> 

That's what I like about Unix/Linux, you learn something new every day ;-)

C.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDeMDlMDDagS2VwJ4RAswwAKDuxbK1QGGPcbcYI/CyIy8XI7P09wCg2dlU
9+SYWVvtmCN6QjMWlBtfO48=
=rBKv
-END PGP SIGNATURE-

RE: What countries to block ?

[Bowie Bailey]

From: Andrzej Adam Filip [mailto:[EMAIL PROTECTED]
> Have you tried to use AS scoring instead of (or together with)
> country scoring? [AS = Autonoumous (Routing) System]
> 
> IMHO it is not a bad idea to give incetives to good ISP in a bad
> countries.

That's an interesting idea.  Is there a plugin for it?

Bowie

Re: What countries to block ? and detectng Trojan attachments?

[Dave Pooser]

> That's fun, we're blocking each other! Most spam here in the Netherlands
> comes from the US.

Most spam in the US comes from the US too; it's a matter of blocking
countries that rarely or never send us legitimate email. After all, if my
only purpose were to never receive spam I'd just unplug my mail server.

I don't block *.nl, or any of western Europe, based on country, but they do
get a +2 on the SA score. It seems to work in my specific situation, which
is all I can ask for.
-- 
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
A computer lets you make more mistakes faster than any invention in
human history with the possible exceptions of handguns and tequila.

Re: What countries to block ? and detectng Trojan attachments?

[Menno van Bennekom]

> Currently I am blocking all mails from = *.nl *.br *.ch etc..
That's fun, we're blocking each other! Most spam here in the Netherlands
comes from the US..
We block almost everything from China, Korea and Taiwan in postfix based
on domain-name and on ip-range (mostly complete B-classes).
But also a lot of other domains/ips are blocked like comcast, rr, verizon,
brasialian ips, dynamic*, dialup*, indeed some .jp domains, etcetera.
And all dynamic/dialup addresses in dynablock.njabl.org and
dul.dnsbl.sorbs.net are blocked.
The spamstats from spamcop.net shows the popular spam ip-ranges:
http://www.spamcop.net/w3m?action=map;net=bmaxcnt;mask=16777215;sort=spamcnt

Regards
Menno van Bennekom

Re: Rule for this ??

[Gene Heskett]

On Monday 14 November 2005 11:22, Casey King wrote:
>Okay,
>
>I have the rule in my local.cf as
>
>body L_DRUGS11 /([CVAXP] ){5}/
>header L_DRUGS12 MESSAGEID =~
>/^<[EMAIL PROTECTED]>/
>meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>score L_DRUGS1 5
>describe L_DRUGS1 Strange Message-ID and Spam signature in body
>
>
>Since it did not seem to get picked up by the rule.  I updated
>rulesdujour from the command line:
>
>./rules_du_jour
>
This sounds like a great idea.

If it works with 3.0.4, where can I get it?

>No errors were reported.
>
>Doing a spamassassin --lint returned no errors.
>
>To see if I could stop this type of message, I sent from one of my
> trash accounts, and this is what happens when the message comes
> through. Still not getting tagged with the new rule.
>
>
>-1.80  ALL_TRUSTED Did not pass through any untrusted hosts
>-2.71  AWL From: address is in the auto white-list
>0.50   HTML_40_50  Message is 40% to 50% HTML
>0.00   HTML_MESSAGEHTML included in message
>0.64   SARE_MSGID_LONG40   Message ID has suspicious length
>0.69   SARE_SPEC_LEO_LINE06
>5.00   SARE_URI_EQUALS Trying to hide the real URL with IE parsing bug
>0.00   UPPERCASE_25_50 message body is 25-50% uppercase
>
>-Original Message-
>From: Pierre Thomson [mailto:[EMAIL PROTECTED]
>Sent: Monday, November 14, 2005 9:19 AM
>To: Casey King; SpamAssassin Users
>Subject: RE: Rule for this ??
>
>Casey King wrote:
>>> body L_DRUGS11 /([CVAXP] ){5}/
>>> header L_DRUGS12 MESSAGEID =~
>>> /^<[EMAIL PROTECTED]>/
>>> meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>>> score L_DRUGS1 5
>>> describe L_DRUGS1 Strange Message-ID and Spam signature in body.
>>
>> This rule goes in the local.cf file right?  I added this rule, and
>> restarted MailScanner and it does not seem to be reading the rule.  I
>> am not so good with writing rules, but I was wondering
>>
>> Body L_DRUGS11
>> Score L_DRUGS1
>>
>> Are these supposed to be set this way, or do these both need to be
>> set
>>
>> to '1' or '11'???
>
>There are two sub-rules (L_DRUGS11 and L_DRUGS12) and one meta rule
>(L_DRUGS1) which gets the score and description.  But you might have a
>problem with the line wrap; the line starting with "header" should end
>in "+>/".  Run "spamassassin --lint" to check your configuration.
>
>Pierre

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.36% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

RE: Rule for this ??

[Casey King]

Okay,

I have the rule in my local.cf as

body L_DRUGS11 /([CVAXP] ){5}/
header L_DRUGS12 MESSAGEID =~
/^<[EMAIL PROTECTED]>/
meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
score L_DRUGS1 5
describe L_DRUGS1 Strange Message-ID and Spam signature in body


Since it did not seem to get picked up by the rule.  I updated
rulesdujour from the command line:

./rules_du_jour

No errors were reported.

Doing a spamassassin --lint returned no errors.

To see if I could stop this type of message, I sent from one of my trash
accounts, and this is what happens when the message comes through.
Still not getting tagged with the new rule.


-1.80   ALL_TRUSTED Did not pass through any untrusted hosts
-2.71   AWL From: address is in the auto white-list
0.50HTML_40_50  Message is 40% to 50% HTML
0.00HTML_MESSAGEHTML included in message
0.64SARE_MSGID_LONG40   Message ID has suspicious length
0.69SARE_SPEC_LEO_LINE06 
5.00SARE_URI_EQUALS Trying to hide the real URL with IE parsing bug
0.00UPPERCASE_25_50 message body is 25-50% uppercase

-Original Message-
From: Pierre Thomson [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 14, 2005 9:19 AM
To: Casey King; SpamAssassin Users
Subject: RE: Rule for this ??


Casey King wrote:

>> body L_DRUGS11 /([CVAXP] ){5}/
>> header L_DRUGS12 MESSAGEID =~ 
>> /^<[EMAIL PROTECTED]>/
>> meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>> score L_DRUGS1 5
>> describe L_DRUGS1 Strange Message-ID and Spam signature in body.
>
> This rule goes in the local.cf file right?  I added this rule, and 
> restarted MailScanner and it does not seem to be reading the rule.  I 
> am not so good with writing rules, but I was wondering
> 
> Body L_DRUGS11
> Score L_DRUGS1
> 
> Are these supposed to be set this way, or do these both need to be set

> to '1' or '11'???
> 

There are two sub-rules (L_DRUGS11 and L_DRUGS12) and one meta rule
(L_DRUGS1) which gets the score and description.  But you might have a
problem with the line wrap; the line starting with "header" should end
in "+>/".  Run "spamassassin --lint" to check your configuration.

Pierre

Re: whitelist not recognized?

[Kris Deugau]

Thijs Koetsier wrote:
> I'm running spamassassin 3.0.4 on Debian-exim.
> 
> In my /etc/spamassassin/whitelist.cf I've this line:
> 
> whitelist_to [EMAIL PROTECTED]

OK;  inbound mail sent to this *EXACT* address will be whitelisted. 
Note that you're probably better off just not passing mail for this
account through SA.

> Today, this user recieved an e-mail marked as spam with the following
> header:

[snip]
> Envelope-to: [EMAIL PROTECTED]

Not the same as your whitelist_to...

[snip]
> Received: from Debian-exim by my.mailserver.nl with spam-scanned
> (Exim 4.52)
>  id 1Ebavm-0006E7-9j
>  for [EMAIL PROTECTED]; Mon, 14 Nov 2005 10:47:18 +0100
   ^
Not the same as your whitelist_to...

[snip]

> Does anyone know why this message wasn't whitelisted, which it should
> have?

I don't see any other record of the destination address in those
headers, other than the two instances I pointed out.  (Most messages
have a To: header;  was it really missing in the example?)

The SA whitelist_* and blacklist_* configuration options don't require a
perfect match to work as designed, but your usage *does* require an
exact match to avoid whitelisting *all* inbound mail.  You've
whitelisted [EMAIL PROTECTED], but your server is processing mail for
[EMAIL PROTECTED] - not even (apparently) the same domain!

You should probably look at whitelisting the sender, rather than the
recipient;  and if you *really* want the recipient to receive
everything, "just" stop passing their mail through SA.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!

SA as a plug-in for Apple Mail?

[David A . Roth]

While the junk mail filter on Apple Mail is ok, SA is much better. Is 
there a way to run SA on the Mac OS X where the Apple Mail client can 
make use of SA?


Thanks!

David Roth
rothmail (at) comcast (dot) net

Re: Blocking on tld and/or HELO with own domain

[Kenneth Porter]

--On Sunday, November 13, 2005 11:26 PM + Craig McLean 
<[EMAIL PROTECTED]> wrote:



Ok, well if you read my last message, I've indicated a better way than
appending the whole thing in. Just include it using a line like:

include(`/usr/share/sendmail-cf/hack/block_bad_helo.m4')dnl

to your sendmail.mc, do a "make sendmail.cf" and then "service sendmail
restart".


I think you can replace that with:

HACK(block_bad_helo)dnl

See the macro definitions in cfhead.m4. HACK is essentially the same as 
FEATURE, except that it looks in the hack directory and doesn't check that 
a mailer is defined first.

RE: Rule for this ??

[Pierre Thomson]

Casey King wrote:

>> body L_DRUGS11 /([CVAXP] ){5}/
>> header L_DRUGS12 MESSAGEID =~
>> /^<[EMAIL PROTECTED]>/
>> meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
>> score L_DRUGS1 5
>> describe L_DRUGS1 Strange Message-ID and Spam signature in body.
>
> This rule goes in the local.cf file right?  I added this rule, and
> restarted MailScanner and it does not seem to be reading the rule.  I
> am not so good with writing rules, but I was wondering
> 
> Body L_DRUGS11
> Score L_DRUGS1
> 
> Are these supposed to be set this way, or do these both need to be set
> to '1' or '11'???
> 

There are two sub-rules (L_DRUGS11 and L_DRUGS12) and one meta rule (L_DRUGS1) 
which gets the score and description.  But you might have a problem with the 
line wrap; the line starting with "header" should end in "+>/".  Run 
"spamassassin --lint" to check your configuration.

Pierre

RE: Rule for this ??

[Casey King]

This rule goes in the local.cf file right?  I added this rule, and
restarted MailScanner and it does not seem to be reading the rule.  I am
not so good with writing rules, but I was wondering

Body L_DRUGS11
Score L_DRUGS1

Are these supposed to be set this way, or do these both need to be set
to '1' or '11'???

thanks

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, November 14, 2005 3:01 AM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: RE: Rule for this ??




This one works like magic .. Also on the new variant which seems to have
been released this weekend.

body L_DRUGS11 /([CVAXP] ){5}/
header L_DRUGS12 MESSAGEID =~
/^<[EMAIL PROTECTED]>/
meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
score L_DRUGS1 5
describe L_DRUGS1 Strange Message-ID and Spam signature in body.

- Ríkharður

-Original Message-
From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] 
Sent: 11 November, 2005 7:59 PM
To: users@spamassassin.apache.org
Subject: Rule for this ??


Here's an intelligent html coder
 
I viewed the source of the code because I was curious as to how these
words flew right through my SA ,
 
You will note that if turned into plain text  , he used a bunch of
tables and cells to produce the following;
 
 



From: Firoz Granger [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 11, 2005 4:49 AM
To: Jean-Paul Natola
Subject: Glen: interesting information
 
Hi,
Qui ing f ications - vis aExpres op 
t overpayor your Meddit our Pharms Sh 

 
P V C X V Ar I I a A mo A A n L bz G L a I ia R I x U ec A S  
M n
 69,95  99,95  
 85,45   

 
 
What rule, if any , can combat this?

Re: User_Scores SQL database not working??

[JamesDR]

Matthew Yette wrote:

I currently am using SA 3.1.0 with ClamAV 0.87.1 and Qmail-scanner 1.25st.

I use SQL for my bayes as well as my user scores preferences databases. When
testing the whitelist_from preference, mail comes through just fine and is
recognized to be part of that preference and is scored accordingly. However,
when I enter a blacklist_from preference, mail blacklisted seemingly is
ignored? Running it thought spamassasssin -D < msg.msg doesn't seem to work,
as it apparently isnt testing against the scores preferences database- as
even the whitelist_from senders aren't getting tagged as in the whitelist -
I only see that when sending actual mail through the server.

Any thoughts as to what might be going wrong??

Matt 
Can you tell us what the username the preference is under? Also, when 
you do `spamassassin -D < msg.msg' what is the user you are testing as. 
Do the whitelist and blacklist usernames match? Were you testing as the 
same user for both? This smells to me like when sending through the mail 
server, there is a different user being passed to the sql engine for the 
user. So... What is the setup to call SA from the mail server?


Kinda vague on details (there could be many, many things going wrong 
here), we need more info :-D


--
Thanks,
James

Re: User_Scores SQL database not working??

[Matthew Yette]

On 11/11/05 1:35 PM, "Matthew Yette" <[EMAIL PROTECTED]> wrote:

> I currently am using SA 3.1.0 with ClamAV 0.87.1 and Qmail-scanner 1.25st.
> 
> I use SQL for my bayes as well as my user scores preferences databases. When
> testing the whitelist_from preference, mail comes through just fine and is
> recognized to be part of that preference and is scored accordingly. However,
> when I enter a blacklist_from preference, mail blacklisted seemingly is
> ignored? Running it thought spamassasssin -D < msg.msg doesn't seem to work,
> as it apparently isnt testing against the scores preferences database- as
> even the whitelist_from senders aren't getting tagged as in the whitelist -
> I only see that when sending actual mail through the server.
> 
> Any thoughts as to what might be going wrong??
> 
> Matt 

No thoughts on this??

Re: Blocking on tld and/or HELO with own domain

[List Mail User]

>...
>List Mail User a écrit :
>
>>  You're a lot more polite than I am.  I prefer:
>>
>>my_domain.tld 550 You're lying - Trying to use my host
>>.my_domain.tld550 You're lying - Trying to use my host
>>  
>>
>I don't wanna risk being sued/beaten by some angry guy:)
>
Its very hard to make any case where using one of my domains
or hosts (or IP addresses) as the HELO/EHLO argument is valid;  It is
probably not possible, but I'm willing to consider that for some site's
configurations it might be.  The number of spam/ratware machines that
attempt this approaches the number with DUL or no rDNS IPs (also a
luxury in which I feel free to indulge my site, but one that clearly
not everybody can use), though most often these groups overlap and
the same machines that attempt to use my own addresses are DUL boxes
and/or have no rDNS.

>>  It is also good to use similar checks for the senders as well
>>as the HELO - i.e.
>>
>>[EMAIL PROTECTED] 550 You are a liar - Sender is not you!
>>[EMAIL PROTECTED] 550 You are a liar - Sender is not you!
>>  
>>
>the issue is that this breaks forwarding, so not everybody wants to do it.
>
Um, I forward from other locations' mail servers to accounts
at my site all the time - Just the forwarder should use the email
account being forwarded from as the sender or the original sender.
As for the case of a local user sending mail out to a foreign email
account and having it forwarded back, it is just not allowed.  I do
have the luxury of only having a few dozen users (though a couple of
hundred accounts), all of whom I know very well, and on a typical day
less than 12 besides myself receive email (i.e. a quite small site).
But forwarding out and back without sender rewriting is commonly
disallowed - try it on most "freemail" accounts and watch it get
refused.  Also if the original sender has published SPF, you have
to do the "re-write" dance already (since SPF doesn't allow arbitrary
forwarding without rewriting the sender unless you're willing to
count allowing softfail and/or "~all" cases).

Again, the amount of ratware that forges mainly role accounts
or sets the sender and recipient to the same value is a very large
portion or the email I refuse each day (and the trickier/smarter ones
set the sender to a role account from a different domain than the
recipient's, but still one of mine:( ).

>If you really want that, why not also protect others against that and 
>set SPF records for your domain (and use SPF).
>
I do for most but not all domains (many are actually "receive-only"
domains, so forwarding is not an issue), and the SPF ends in "-all", not
any wishy-washy "~all".  Unfortunately not everybody (i.e. every site)
which I allow to relay for/to me strictly enforces SPF (they do all either
enforce it, or add headers, so I can and do refuse to accept relayed mail
which has been labeled as failing SPF - "hard" fail, not "soft" fail).
I still end up with cases where an email has been refused either for SPF
or forging a local account's ID for the sender (think of the MAILER-DAEMON
for the silliest case) and then the sending site, which is some usually
poorly run ISP or a company operating an open relay sends a DSN to my
forged account about the refused mail (yes I get often see DSNs sent to
[EMAIL PROTECTED] in my log files, as ludicious as that might
be - of course, they are refused since no outgoing mail is ever labeled
with a sender of MAILER-DAEMON and the MTA sending outbound mail disallows
forwarding of that or most mail originated by many role accounts - i.e.
many role accounts are also "receive-only", basically any not required
by RFCs or published in registration, DNS or other public records).

>>  Of course this is much simpler (fewer special cases) when you use
>>separate machines/MTAs for incoming and outgoing mail or if your network
>>is (relatively) small.
>>  
>>
>or multiple instances on same box. but of course, multiple boxes are 
>better.
>
Effectively the same for this argument, but separate boxes (even
virtual machines) allow the use of different policies (e.g. my incoming
machines are prevented by firewalls from sending any mail out, or using
nearly any other service either other than relaying to the machine which
does delivery to user accounts).  The same effect could be created by
binding to different IPs and using firewall rules, but binding to only
different ports would not be as effective (read as "strict") for this.
That is why you can see by examining the headers that this message will
have been sent using sendmail, but if you telnet to any on-site 'MX'
for any of my domains, you'll see Postfix running on all incoming servers;
You'll also see a very strict "220" message there - probably enough to
prevent anyone from suing me (successfully) because they are called a
"liar", but IANAL, and people can and will sue over nearly anything.


Paul Shupak
[EMAIL

Re: whitelist not recognized?

[Steven Stern]

Use "all_spam_to" instead of "whitelist_to".

Thijs Koetsier wrote:

Hi all,
 
I'm running spamassassin 3.0.4 on Debian-exim.
 
In my /etc/spamassassin/whitelist.cf I've this line:
 
whitelist_to [EMAIL PROTECTED] 
 
Today, this user recieved an e-mail marked as spam with the following 
header:
 
Return-path: <[EMAIL PROTECTED] >

Envelope-to: [EMAIL PROTECTED] 
Delivery-date: Mon, 14 Nov 2005 10:47:18 +0100
Received: from Debian-exim by _my.mailserver.nl _with spam-scanned (Exim
4.52)
 id 1Ebavm-0006E7-9j
 for [EMAIL PROTECTED] ; Mon, 14 Nov 
2005 10:47:18 +0100

Received: from localhost by _my.mailserver.nl_
 with SpamAssassin (version 3.0.4);
 Mon, 14 Nov 2005 10:47:18 +0100
From: "pmec" <[EMAIL PROTECTED] >
Subject: {Spam} November's New Training Programs
Date: Mon, 14 Nov 2005 11:47:47 +0200
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on 
_my.mailserver.nl_

X-Spam-Level: ***
X-Spam-Status: Yes, score=11.6 required=3.0 tests=AWL,BAYES_50,DOMAIN_RATIO,
 FAKE_HELO_MAIL_COM_DOM,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,
 FORGED_YAHOO_RCVD,HTML_90_100,HTML_IMAGE_RATIO_02,HTML_MESSAGE,
 MIME_HTML_ONLY,MISSING_HEADERS autolearn=no version=3.0.4
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="--=_43785D26.1D7B5742"
Message-Id: <[EMAIL PROTECTED] 
>

Does anyone know why this message wasn't whitelisted, which it should have?
 
Thanks in advance,

Thijs



--

  Steve

Re: Blocking on tld and/or HELO with own domain

[Andy Pieters]

Hi List

Thank you all for your contributions.


With kind regards


Andy


-- 
Now listening to Alphaville - Forever Young on amaroK
Geek code: www.vlaamse-kern.com/geek
Registered Linux User No 379093
If life was for sale, what would be its price?
www.vlaamse-kern.com/sas/ for free php utilities
--


pgpp1IxOtPfmU.pgp
Description: PGP signature

whitelist not recognized?

[Thijs Koetsier]

Hi 
all,
 
I'm running 
spamassassin 3.0.4 on Debian-exim.
 
In my 
/etc/spamassassin/whitelist.cf I've this line:
 
whitelist_to [EMAIL PROTECTED]
 
Today, this user 
recieved an e-mail marked as spam with the following header:
 
Return-path: <[EMAIL PROTECTED]>Envelope-to: [EMAIL PROTECTED]
Delivery-date: Mon, 
14 Nov 2005 10:47:18 +0100Received: from Debian-exim by my.mailserver.nl with spam-scanned 
(Exim4.52) id 1Ebavm-0006E7-9j for [EMAIL PROTECTED]; Mon, 14 Nov 2005 
10:47:18 +0100Received: from localhost by my.mailserver.nl
 with 
SpamAssassin (version 3.0.4); Mon, 14 Nov 2005 10:47:18 +0100From: 
"pmec" <[EMAIL PROTECTED]>Subject: {Spam} 
November's New Training ProgramsDate: Mon, 14 Nov 2005 11:47:47 
+0200X-Spam-Flag: YESX-Spam-Checker-Version: SpamAssassin 3.0.4 
(2005-06-05) on my.mailserver.nlX-Spam-Level: 
***X-Spam-Status: Yes, score=11.6 required=3.0 
tests=AWL,BAYES_50,DOMAIN_RATIO, FAKE_HELO_MAIL_COM_DOM,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML, FORGED_YAHOO_RCVD,HTML_90_100,HTML_IMAGE_RATIO_02,HTML_MESSAGE, MIME_HTML_ONLY,MISSING_HEADERS 
autolearn=no version=3.0.4MIME-Version: 1.0Content-Type: 
multipart/mixed; boundary="--=_43785D26.1D7B5742"Message-Id: <[EMAIL PROTECTED]>
Does anyone know why this message wasn't whitelisted, 
which it should have?
 
Thanks in 
advance,
Thijs

Re: Blocking on tld and/or HELO with own domain

[mouss]

List Mail User a écrit :


You're a lot more polite than I am.  I prefer:

my_domain.tld   550 You're lying - Trying to use my host
.my_domain.tld  550 You're lying - Trying to use my host
 


I don't wanna risk being sued/beaten by some angry guy:)


It is also good to use similar checks for the senders as well
as the HELO - i.e.

[EMAIL PROTECTED]   550 You are a liar - Sender is not you!
[EMAIL PROTECTED]   550 You are a liar - Sender is not you!
 


the issue is that this breaks forwarding, so not everybody wants to do it.

If you really want that, why not also protect others against that and 
set SPF records for your domain (and use SPF).



Of course this is much simpler (fewer special cases) when you use
separate machines/MTAs for incoming and outgoing mail or if your network
is (relatively) small.
 

or multiple instances on same box. but of course, multiple boxes are 
better.

RE: Rule for this ??

[Rikhardur.EGILSSON]

This one works like magic .. Also on the new variant which seems to have been
released this weekend.

body L_DRUGS11 /([CVAXP] ){5}/
header L_DRUGS12 MESSAGEID =~
/^<[EMAIL PROTECTED]>/
meta L_DRUGS1 L_DRUGS11 && L_DRUGS12
score L_DRUGS1 5
describe L_DRUGS1 Strange Message-ID and Spam signature in body.

- Ríkharður

-Original Message-
From: Jean-Paul Natola [mailto:[EMAIL PROTECTED] 
Sent: 11 November, 2005 7:59 PM
To: users@spamassassin.apache.org
Subject: Rule for this ??


Here's an intelligent html coder
 
I viewed the source of the code because I was curious as to how these words
flew right through my SA ,
 
You will note that if turned into plain text  , he used a bunch of tables and
cells to produce the following;
 
 



From: Firoz Granger [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 11, 2005 4:49 AM
To: Jean-Paul Natola
Subject: Glen: interesting information
 
Hi,
Qui ing f ications - vis aExpres op 
t overpayor your Meddit our Pharms Sh 

 
P V C X V Ar I I a A mo A A n L bz G L a I ia R I x U ec A S  
M n
 69,95  99,95  
 85,45   

 
 
What rule, if any , can combat this?