Re: Trusted or internal networks not recognized
Am Mittwoch, 29. März 2006 09:20 schrieb mouss: > This somewhat defeats the "minimum surprise" principle. > > In "old practice", 10.1=10.0.0.1 (a.b = 256^3 * a + b), and not > 10.1.0.0. ping 127.1 still works on (some|most) platforms. (telnet 127.1 > works less). > > > Wouldn't it be better to just ignore such IPs (with a warning)? That would really be nice. If you guys weren't as helpful as you are I would probably already be quite disappointed about all this. The way I see it, there is little need for "10" being recognized as "10.0.0.1" when specifying IP ranges. You may offer it but a warning in this case would be very helpful. We had several people here doing that mistake independent from each other. The initial config was done by our IT guys and I did it again since I wanted to be sure it is OK before I start debugging the problem. All versions I've seen contain this 'error' so it can't be this rare. Greetings... Stephan pgp4fQwwM8uMs.pgp Description: PGP signature
Re: 2nd mail server problem
Joshua, C.S. Chen asiaa.sinica.edu.tw> writes: > > Hi folks, > I am using spamassassin 3.1.0 and it works well. Now in my institute, we > have 2 mx (mail servers) see it's dns record > > myinstitute.edu.tw. 300 IN MX 100 mail2.myinstitute.edu.tw. > myinstitute.edu.tw. 300 IN MX 2 mail1.myinstitute.edu.tw. > > Now in most cases, spam goes to mail1 and got dropped. This is great. > But then the spam tries to go ahead for mail2, and I did not enable > mail2 for spamassassin (because it is mainly for redundancy, and not > powerful enough). This makes mail2 extremely busy to send reply to the > spammer of user unknown or other reporting messages. > > My question is, if I don't want mail2 to run spamassassin, just for > relaying messages to mail1 (as it's main purpose--redundancy), how can I > configure mail2 "NOT TO" reply the spammer for the undelivery? > > Thanks in advance > Joshua C.S. Chen > > Can this just hint to you? http://wiki.apache.org/spamassassin/OtherTricks Fake MX Records ... So I set my highest MX record to point to an IP address that always returns a temporary "Come Back Later" error. ... but you need to spend time to collect ip addresses
Re: Trusted or internal networks not recognized
Am Mittwoch, 29. März 2006 05:12 schrieb Matt Kettler: > Stephan, If you want to do an implied mask to cover a whole, you MUST > end in a . ie: you must use "10." not "10". If you fail to include a > trailing dot, SA will expand with zeros, but it will treat it as a > single IP address, not a ranged mask. Hi Matt, thank you so much! It works fine now, including my modifications. Greetings... Stephan pgpe4x9AyV9hw.pgp Description: PGP signature
Re: Trusted or internal networks not recognized
Matt Kettler wrote: While daryl's comment here isn't entirely on the mark, it is close. Daryl, read the docs closer. SA does accept this format. Stephan, If you want to do an implied mask to cover a whole, you MUST end in a . ie: you must use "10." not "10". If you fail to include a trailing dot, SA will expand with zeros, but it will treat it as a single IP address, not a ranged mask. This somewhat defeats the "minimum surprise" principle. In "old practice", 10.1=10.0.0.1 (a.b = 256^3 * a + b), and not 10.1.0.0. ping 127.1 still works on (some|most) platforms. (telnet 127.1 works less). Wouldn't it be better to just ignore such IPs (with a warning)?
Re: Trusted or internal networks not recognized
Daryl C. W. O'Shea wrote: > Stephan Menzel wrote: >> Hi there, >> >> I'm currently about to customize a local (gentoo~) 3.1 installation >> to our specific needs. >> One of the first steps there was a special regex to catch our very >> own Received: headers >> >> To check if this works I modified some other SA code parts and >> enabled debug out. > > Why is the output from "spamassassin -Dreceived-header" not > sufficient for this? > > >> But here I had to realize that the Received line seems to be parsed >> correctly but the values are never recognized as part of either our >> trusted or internal network. Both are set like this (I simplyfied the >> example a bit) >> >> /etc/spamassassin/local.cf >> >> ---snip--- >> clear_trusted_networks >> trusted_networks 127.0.0 192.168 10 ... more networks to come here >> clear_internal_networks >> internal_networks 10.1.71.0/24 10.1.3.0/24 10.1.76.29/24 ... here too >> ---snip--- > > Reading the documentation we see that your configuration doesn't match > what you want to do. "127.0.0", "192.168" and "10" are taken as the > IPs "127.0.0", "192.168", and "10". Which are some of the funkiest > IPs that I've ever seen. Most IPs have 32 or 128 bits. While daryl's comment here isn't entirely on the mark, it is close. Daryl, read the docs closer. SA does accept this format. Stephan, If you want to do an implied mask to cover a whole, you MUST end in a . ie: you must use "10." not "10". If you fail to include a trailing dot, SA will expand with zeros, but it will treat it as a single IP address, not a ranged mask. ie: trusted_networks 10 is the same as 10.0.0.0/32 trusted_networks 10. is the same as 10.0.0.0/8 Fix your trusted networks to read: trusted_networks 127.0.0. 192.168. 10. The relevant part of the manpage: If a |/mask| is specified, it's considered a CIDR-style 'netmask', specified in bits. If it is not specified, but less than 4 octets are specified with a trailing dot, that's considered a mask to allow all addresses in the remaining octets. If a mask is not specified, and there is not trailing dot, then just the single IP address specified is used, as if the mask was |/32|.
Re: Trusted or internal networks not recognized
Stephan Menzel wrote:
Hi there,
I'm currently about to customize a local (gentoo~) 3.1 installation to our
specific needs.
One of the first steps there was a special regex to catch our very own
Received: headers
To check if this works I modified some other SA code parts and enabled debug
out.
Why is the output from "spamassassin -Dreceived-header" not sufficient
for this?
But here I had to realize that the Received line seems to be parsed correctly
but the values are never recognized as part of either our trusted or internal
network. Both are set like this (I simplyfied the example a bit)
/etc/spamassassin/local.cf
---snip---
clear_trusted_networks
trusted_networks 127.0.0 192.168 10 ... more networks to come here
clear_internal_networks
internal_networks 10.1.71.0/24 10.1.3.0/24 10.1.76.29/24 ... here too
---snip---
Reading the documentation we see that your configuration doesn't match
what you want to do. "127.0.0", "192.168" and "10" are taken as the IPs
"127.0.0", "192.168", and "10". Which are some of the funkiest IPs that
I've ever seen. Most IPs have 32 or 128 bits.
[EMAIL PROTECTED] ~]$ perldoc Mail::SpamAssassin::Conf | grep "trusted_networks
ip" -A31
trusted_networks ip.add.re.ss[/mask] ... (default: none)
What networks or hosts are âtrustedâ in your setup. Trusted in
this case means that relay hosts on these networks are considered
to not be potentially operated by spammers, open relays, or open
proxies. A trusted host could conceivably relay spam, but will not
originate it, and will not forge header data. DNS blacklist checks
will never query for hosts on these networks.
MXes for your domain(s) and internal relays should also be speci-
fied using the "internal_networks" setting. When there are
âtrustedâ hosts that are not MXes or internal relays for your
domain(s) they should only be specified in "trusted_networks".
If a "/mask" is specified, itâs considered a CIDR-style ânetmaskâ,
specified in bits. If it is not specified, but less than 4 octets
are specified with a trailing dot, thatâs considered a mask to
allow all addresses in the remaining octets. If a mask is not
specified, and there is not trailing dot, then just the single IP
address specified is used, as if the mask was "/32".
If a network or host address is prefaced by a "!" the network or
host will be excluded (or included) in a first listed match fash-
ion.
Examples:
trusted_networks 192.168/16 127/8 # all in
192.168.*.* and 127.*.*.*
trusted_networks 212.17.35.15 # just that host
trusted_networks 127. # all in 127.*.*.*
trusted_networks !10.0.1.5 10.0.1/24# all in 10.0.1.*
but not 10.0.1.5
trusted_networks 10.0.1/24 !10.0.1.5# all in 10.0.1.*
including 10.0.1.5
[EMAIL PROTECTED] ~]$
To configure 127.0.0/24, 192.168/16 and 10/8 in non-CIDR notation, you'd
need to use trailing dots, like with Sendmail, or like the documentation
for SpamAssassin says. :)
As far as I can see, (($ip & $net->{mask}) == $net->{ip}) never gives true,
even when $ip == $net->{ip}
It does if the $ip in question with the mask of the configured network
applied to it, matches the network address configured. That is if the
$ip in question is in the configured subnet it will be true.
I debugged through it with many different IPs and subnet settings and it
didn't give true even once.
Like this?
[EMAIL PROTECTED] ~]$ perl -e '$ip = 0b01110001;
$net = 0b01110001;
$mask = 0b;
if (($ip & $mask) == $net) { print "matches\n"; } else { print "no
match\n"; }'
matches
[EMAIL PROTECTED] ~]$
I'm about to prepare a workaround and a different implementation for this
method but I'm no good in perl so it still gives me headaches.
Workaround what?
Daryl
Re: 3.1.1 Upgrade Problems [solved]
Dale Blount wrote: On Fri, Mar 17, 2006 at 08:18:35PM -0800, Dan Kohn wrote: Anything else to try? Nothing comes to mind. It looks like a bug in IO::Zlib or perl on your platform. Anyone else on FreeBSD having simliar problems? I'm having this problem on Arch Linux with IO::Zlib 1.0.4. Replying to myself... I upgraded Archive::Tar and the error is gone now. To what version? Daryl
Re: How to: Nightly per-user batch training??
Many thanks to everyone for the helpful suggestions so far! I've managed to patch together a Bash script that is close to what I'd like. Currently it's just dumping out the magic data, for testing purposes. As a note, simplying using the -u doesn't work as sa-learn attempts to use the bayes database for 'root' and not for . So I tried the additional command line switches. (see the 'sudo' command in the code below) Are you sure? I do something similar to what you're doing - using a script running as root to traverse user spam directories and learn from messages - and there's no entry in my bayes_vars table for root. I use this to invoke it: sa-learn -u $username --prefs-file=/dev/null --spam --no-sync $file I'm using SA 3.1.1 with a MySQL 5.0 database, if it makes a difference.
RE: How to: Nightly per-user batch training??
Many thanks to everyone for the helpful suggestions so far! I've managed to
patch together a Bash script that is close to what I'd like. Currently it's
just dumping out the magic data, for testing purposes.
As a note, simplying using the -u doesn't work as sa-learn attempts
to use the bayes database for 'root' and not for . So I tried the
additional command line switches. (see the 'sudo' command in the code below)
The easier method, since I'm running as root, is the 'su -u -c "cmd"'
suggestion. It's clean and simple.
Here's what I've used so far with some success. There will be more changes
tomorrow:
===
#!/bin/bash
for myfile in /home/*
do
if [ -d "$myfile" ]
then
username=${myfile##*/}
# the user must have the learning folders
# .Junk.learnspam
# .Junk.learnham
if [ ! -d "$myfile/Maildir/.Junk.learnspam" ] &&
[ ! -d "$myfile/Maildir/.Junk.learnham" ];
then
echo "$username does not have the learning folders"
continue
fi
# omit certain users from this process
if [ $username != 'www' ] &&
[ $username != 'mysql' ] &&
[ $username != 'sysadmin' ];
then
echo "$username is learning"
su - $username -c "sa-learn --dump magic"
#sudo -u $username sa-learn --username=$username
--prefs-file=/home/$username/.spamassassin/user_prefs --dbpath
/home/$username/.spamassassin --dump magic
fi
fi
done
===
Thanks!
Jason Morrill
IT Manager
Child & Family Agency of Southeastern Connecticut
(860) 443-2896 x1422
Re: bayes still does not seem to work
> If you trained your bayes engine with the root account (for instance) > but amavisd is running as the user amavis, then the bayes_* files won't > be used. > You need to make sure amavisd use the correct files. > Cheers, This could be right. My /etc/spamassassin/local.cf is now: required_score 5.5 use_dcc 0 use_razor2 0 use_pyzor 0 use_bayes 1 bayes_path /var/spool/amavis/.spamassassin/ bayes_file_mode 0666 skip_rbl_checks 1 ok_languagesall ok_locales all score BAYES_99 6.5 Theline bayes_file_mode was missing, so all files in /var/spool/amavis/.spamassassin were -rw- with owner root. Let's see what happens... :) Thank you for your help! Gabor Sipos You should give ownership back to your amavis user. If you have a bayes_path statement and are using amavisd-new, don't run sa-learn or spamassassin commands as root, always run them as your amavis user to prevent root from taking ownership. Even if you don't have a bayes_path statment, always run the commands as the amavis user so you will read or update the correct database. Amavisd-new expects the amavis user to own those files. Gary V _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: How to: Nightly per-user batch training??
I'm hoping that somebody here has done what I'm attempting to do. My users use a web-mail front end for reading email. There is an option to Mark-As-Spam which moves the message into a SPAM folder and removes it from their current folder. Very easy to train even the most inexperienced users to do this! The tricky part comes when training Spam Assassin. I'd like a nightly script to run for every user without the need for a cron job for every single user. This ideal single script would train Spam Assassin as if it were each user in turn and sync their personal database. Something like this pseudo-script: for each user in /home sa-learn --ham the-ham-folder sa-learn --spam the-spam-folder sa-learn --sync next user It seems so simple but I'm having all kinds of trouble getting sa-learn to understand that I'm changing users and databases. It sounds like you need to use the -u flag to sa-learn. I also specify this on the sa-learn command line: --prefs-file=/dev/null so that it doesn't try to create a .spamassassin directory for the user. You might also consider using find or some other utility to isolate users who have spam or ham to be scanned, rather than trying it for every single user; that might save some processor cycles.
RE: How to: Nightly per-user batch training??
Jason Morrill wrote: > I'm hoping that somebody here has done what I'm attempting to do. > > My users use a web-mail front end for reading email. There is an > option to Mark-As-Spam which moves the message into a SPAM folder and > removes it from their current folder. Very easy to train even the > most inexperienced users to do this! > > The tricky part comes when training Spam Assassin. I'd like a nightly > script to run for every user without the need for a cron job for > every single user. This ideal single script would train Spam Assassin > as if it were each user in turn and sync their personal database. > > Something like this pseudo-script: > for each user in /home > sa-learn --ham the-ham-folder > sa-learn --spam the-spam-folder > sa-learn --sync > next user > > It seems so simple but I'm having all kinds of trouble getting > sa-learn to understand that I'm changing users and databases. > > I've tried using 'sudo' and 'sa-learn' with limited success. > > I've also tried Mail::SpamAssassin but I can't get it to spit back > anything. Instead I get messages like this: > "Can't call method "dump_bayes_db" on an undefined value at > /usr/share/perl5/Mail/SpamAssassin.pm line 538." > > All suggestions are appreciated. Here's the technical info if you'd > like: Debian Woody > SpamAssassin version 3.0.4 > Exim version 3.35 > MailScanner version 4.40.11 If these are real users, then the script should be fairly simple. For each user do this: su - username -c sa-learn --ham /path/to/ham su - username -c sa-learn --spam /path/to/spam For virtual users, it's a bit more complicated. You should be able to do something like this for each user: $HOME=/virtual/home/directory $SADIR=$HOME/spamassassin sa-learn --ham --dbpath $SADIR/bayes --prefs-file=$SADIR/user_prefs --dir $HOME/path/to/ham sa-learn --spam --dbpath $SADIR/bayes --prefs-file=$SADIR/user_prefs --dir $HOME/path/to/spam The sa-learn commands should be all on one line... Make sure you are logged on as the user who owns the databases. You may be able to leave off the --prefs-file option, I'm not sure. -- Bowie
How to: Nightly per-user batch training??
I'm hoping that somebody here has done what I'm attempting to do. My users use a web-mail front end for reading email. There is an option to Mark-As-Spam which moves the message into a SPAM folder and removes it from their current folder. Very easy to train even the most inexperienced users to do this! The tricky part comes when training Spam Assassin. I'd like a nightly script to run for every user without the need for a cron job for every single user. This ideal single script would train Spam Assassin as if it were each user in turn and sync their personal database. Something like this pseudo-script: for each user in /home sa-learn --ham the-ham-folder sa-learn --spam the-spam-folder sa-learn --sync next user It seems so simple but I'm having all kinds of trouble getting sa-learn to understand that I'm changing users and databases. I've tried using 'sudo' and 'sa-learn' with limited success. I've also tried Mail::SpamAssassin but I can't get it to spit back anything. Instead I get messages like this: "Can't call method "dump_bayes_db" on an undefined value at /usr/share/perl5/Mail/SpamAssassin.pm line 538." All suggestions are appreciated. Here's the technical info if you'd like: Debian Woody SpamAssassin version 3.0.4 Exim version 3.35 MailScanner version 4.40.11 Thanks! Jason Morrill IT Manager Child & Family Agency of Southeastern Connecticut (860) 443-2896 x1422
RE: Any windows users try the new Active Perl with SA?
Notes below... > -Original Message- > From: Bret Miller [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 28, 2006 8:51 AM > To: users@spamassassin.apache.org > Subject: RE: Any windows users try the new Active Perl with SA? > > > I tried this as a sink on an exchange box and it doesn't fork. It > > processes one emai at a time. It can take from 15-30 seconds per > > email depending on the size and speed of your system. So, Whose sink are you running? My sink processes in no more than 5 seconds on a P4 with adequate memory.. And similar results (no more than 6-7 seconds) on a underpowered P3. Truth be told, I only upgraded to the P4 because I was paging constantly with my wimpy P3 (maxxed at 768MB physical RAM) > it didn't > > take vary long before the incoming queue was getting backed up. I > > ended up disabling the sing and flushing the queue 2-3 > times a day. > > Better to run it on a linux or bsd gateway box infront of > your windows > > based email server. > > That's the Exchange Sink's fault, not SA's. I use SA with > CGPSA on CommuniGate Pro and it forks just fine on Windows. > Convincing the Sink author to not single-thread the requests > might be the hardest part... Exchange Event sinks by nature of the model are single-threaded.. In order to get a multi-threaded Exchange sink, you have to write some serious C code (and I'm not up for that task), and haven't found anyone that is. And even then, I'm not sure if it's possible, because my research into that aspect of it was over 2 years ago, and iffy at best on that particular area since I couldn't write that C-code to begin with. Steven > It's not very efficient to fork on Windows, but it's better > than single-threading the requests if you've got the hardware > to handle multiple SA processes. > > Bret > > > > >> I am wondering if anyone running Windows and SA has > tried the new > > >> ActivePerl with 3.1.1? > > > > > > Now running ActivePerl 5.8.8.816 with SA 3.1.1 on Windows > > Server 2003. > > > My SpamAssassin won't lint... Ugh. > > > > > > "EADDRINUSE" is not exported by the Errno module Can't continue > > > after import errors at > > > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45 BEGIN > > > failed--compilation aborted at > > > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45. > > Compilation > > > failed in require at C:\Perl\site\lib/Mail/SpamAssassin.pm > > > line 75. > > > BEGIN failed--compilation aborted at > > > C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. Compilation > > failed in > > > require at spamassassin line 78. BEGIN failed--compilation > > aborted at > > > spamassassin line 78. > > > > > > > > > It doesn't have the same problem on Windows XP... Wonder what the > > > difference is? I used the same install procedure on both. > The funny > > > part is that the module interface still works fine and > it's running > > > correctly under CGPSA, so it works, but doesn't --lint. Go figure. > > > I'll do some more digging. Anyone else have an idea where to look? > > > > >
Re: socket SA is not fast enough, help
Matt Kettler wrote: Kenneth Kim wrote: I've found that SpamAssassin will not return a score until I close socket writing. Once i've closed the writing, in order to get a score for the next message, I have to reopen the connection in php to send another message to SA. I hope I'm wrong about this, but currently I'm bottle necking at because I have to reopen the connection. Is there anyway for me to get a score w/o having to close socket writing? Possibly a command I can send at the end/after each message? You should switch to using spamd directly if you want to do this with sockets. You can find the protocol that spamd speaks on it's TCP socket in the PROTOCOL docs that come with SA. http://spamassassin.apache.org/full/3.1.x/dist/spamd/PROTOCOL The "spamassassin" command line script is particularly inefficent for this kind of thing, and can handle only one message per call. Spamc has the same one-message-per-call limit. My understanding is that he is talking about spamd, which doesn't allow socket reuse. The protocol doc says: After each side is done writing, it shuts down its side of the connection. I don't know if there are hard design issues, but the socket could be used, that would be good. Another thing is that I can't find a way to get the SA headers (as they would be added by spamassassin) without having the full message sent back (SYMBOLS doesn't return the score of each test). or am I missing something?
RE: Any windows users try the new Active Perl with SA?
> I tried this as a sink on an exchange box and it doesn't > fork. It processes one emai at a time. It can take from > 15-30 seconds per email depending on the size and speed of > your system. So, it didn't take vary long before the > incoming queue was getting backed up. I ended up disabling > the sing and flushing the queue 2-3 times a day. Better to > run it on a linux or bsd gateway box infront of your windows > based email server. That's the Exchange Sink's fault, not SA's. I use SA with CGPSA on CommuniGate Pro and it forks just fine on Windows. Convincing the Sink author to not single-thread the requests might be the hardest part... It's not very efficient to fork on Windows, but it's better than single-threading the requests if you've got the hardware to handle multiple SA processes. Bret > >> I am wondering if anyone running Windows and SA has tried the new > >> ActivePerl with 3.1.1? > > > > Now running ActivePerl 5.8.8.816 with SA 3.1.1 on Windows > Server 2003. > > My SpamAssassin won't lint... Ugh. > > > > "EADDRINUSE" is not exported by the Errno module > > Can't continue after import errors at > > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45 BEGIN > > failed--compilation aborted at > > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45. > Compilation > > failed in require at C:\Perl\site\lib/Mail/SpamAssassin.pm > > line 75. > > BEGIN failed--compilation aborted at > > C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. Compilation > failed in > > require at spamassassin line 78. BEGIN failed--compilation > aborted at > > spamassassin line 78. > > > > > > It doesn't have the same problem on Windows XP... Wonder what the > > difference is? I used the same install procedure on both. The funny > > part is that the module interface still works fine and it's running > > correctly under CGPSA, so it works, but doesn't --lint. Go figure. > > I'll do some more digging. Anyone else have an idea where to look?
RE: Any windows users try the new Active Perl with SA?
> > I am wondering if anyone running Windows and SA has tried the new > > ActivePerl with 3.1.1? > > Now running ActivePerl 5.8.8.816 with SA 3.1.1 on Windows > Server 2003. My SpamAssassin won't lint... Ugh. > > "EADDRINUSE" is not exported by the Errno module > Can't continue after import errors at > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45 > BEGIN failed--compilation aborted at > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45. > Compilation failed in require at C:\Perl\site\lib/Mail/SpamAssassin.pm > line 75. > BEGIN failed--compilation aborted at > C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. Compilation > failed in require at spamassassin line 78. BEGIN > failed--compilation aborted at spamassassin line 78. > > > It doesn't have the same problem on Windows XP... Wonder what > the difference is? I used the same install procedure on both. > The funny part is that the module interface still works fine > and it's running correctly under CGPSA, so it works, but > doesn't --lint. Go figure. I'll do some more digging. Anyone > else have an idea where to look? OK... I found it. ActivePerl's nice PPM install utility found ERRNO as a dependency to Mail-IMAPClient, which I use for bayes learning. I removed Mail-IMAPClient and ERRNO and SpamAssassin would then --lint correctly. Then I manually downloaded and installed Mail-IMAPClient, which then found the built-in ERRNO function and everything is happy. :) So, if you're using ActivePerl 5.8.8.816, then don't ppm install Mail-IMAPClient or it will break SA. Time to update the wiki... Bret
RE: Any windows users try the new Active Perl with SA?
I tried this as a sink on an exchange box and it doesn't fork. It processes one emai at a time. It can take from 15-30 seconds per email depending on the size and speed of your system. So, it didn't take vary long before the incoming queue was getting backed up. I ended up disabling the sing and flushing the queue 2-3 times a day. Better to run it on a linux or bsd gateway box infront of your windows based email server. Eric >> I am wondering if anyone running Windows and SA has tried the new >> ActivePerl with 3.1.1? > > Now running ActivePerl 5.8.8.816 with SA 3.1.1 on Windows Server 2003. > My SpamAssassin won't lint... Ugh. > > "EADDRINUSE" is not exported by the Errno module > Can't continue after import errors at > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45 > BEGIN failed--compilation aborted at > C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45. > Compilation failed in require at C:\Perl\site\lib/Mail/SpamAssassin.pm > line 75. > BEGIN failed--compilation aborted at > C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. > Compilation failed in require at spamassassin line 78. > BEGIN failed--compilation aborted at spamassassin line 78. > > > It doesn't have the same problem on Windows XP... Wonder what the > difference is? I used the same install procedure on both. The funny part > is that the module interface still works fine and it's running correctly > under CGPSA, so it works, but doesn't --lint. Go figure. I'll do some > more digging. Anyone else have an idea where to look? > > Bret > > > >
RE: Any windows users try the new Active Perl with SA?
> I am wondering if anyone running Windows and SA has tried the new > ActivePerl with 3.1.1? Now running ActivePerl 5.8.8.816 with SA 3.1.1 on Windows Server 2003. My SpamAssassin won't lint... Ugh. "EADDRINUSE" is not exported by the Errno module Can't continue after import errors at C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45 BEGIN failed--compilation aborted at C:\Perl\site\lib/Mail/SpamAssassin/DnsResolver.pm line 45. Compilation failed in require at C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. BEGIN failed--compilation aborted at C:\Perl\site\lib/Mail/SpamAssassin.pm line 75. Compilation failed in require at spamassassin line 78. BEGIN failed--compilation aborted at spamassassin line 78. It doesn't have the same problem on Windows XP... Wonder what the difference is? I used the same install procedure on both. The funny part is that the module interface still works fine and it's running correctly under CGPSA, so it works, but doesn't --lint. Go figure. I'll do some more digging. Anyone else have an idea where to look? Bret
Re: Trusted or internal networks not recognized
Am Dienstag, 28. März 2006 16:40 schrieb Bowie Bailey:
> > [32116] dbg: received-header: relay 10.1.76.29 trusted? no internal?
> > no
>
> Ok. Show us the entire debug section where it parses the headers.
> Keep in mind that the interpretation of each header is influenced by
> the headers that precede it. Once SA finds one untrusted relay,
> everything else is untrusted by definition.
Of course. That's why I mostly took emails for the test that only contain
internal or trusted hops. This way I wanted to make sure not to be caught by
this effect. However, I also places debug out into this section where this is
checked. You see the message "Untrusted relay found"
Here is where I put this:
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Message/Metadata/Received.pm:124
# trusted_networks matches?
$DB::single=2;
if ($in_trusted && $did_user_specify_trust && !$relay->{auth} && !
$trusted->contains_ip ($relay->{ip}))
{
dbg("moep: untrusted relay found $relay->{ip}");
$in_trusted = 0; # we're in deep water now
}
# internal_networks matches?
if ($did_user_specify_internal) {
if (!$relay->{auth} && !$internal->contains_ip ($relay->{ip})) {
dbg("moep: user did specify internal but $relay->{ip} is not in it");
$in_internal = 0;
}
} else {
# if the user didn't specify it, assume we immediately transition
# to the external network (the internet) once we leave this host.
dbg("moep: user did not specify internal");
$in_internal = 0;
}
[6250] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8bbd81c)
implements 'finish_parsing_end'
[6250] dbg: replacetags: replacing tags
[6250] dbg: replacetags: done replacing tags
[6250] dbg: config: score set 0 chosen.
[6250] dbg: dns: dns_available set to no in config file, skipping test
[6250] dbg: moep: use trusted for internal
[6250] dbg: received-header: parsed as [ ip=10.1.76.29 rdns=
helo=mp029.v300.gmx.net by=ih001.v300.gmx.net ident= envfrom= intl=0 id=
auth= ]
[6250] dbg: moep: untrusted relay found 10.1.76.29
[6250] dbg: moep: user did specify internal but 10.1.76.29 is not in it
[6250] dbg: received-header: relay 10.1.76.29 trusted? no internal? no
[6250] dbg: received-header: parsed as [ ip=212.227.35.113 rdns= helo=
by=www1.gmx.net ident= envfrom= intl=0 id= auth= ]
[6250] dbg: received-header: relay 212.227.35.113 trusted? no internal? no
[6250] dbg: metadata: X-Spam-Relays-Trusted:
[6250] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=10.1.76.29 rdns=
helo=mp029.v300.gmx.net by=ih001.v300.gmx.net ident= envfrom= intl=0 id=
auth= ] [ ip=212.227.35.113 rdns= helo= by=www1.gmx.net ident= envfrom=
intl=0 id= auth= ]
[6250] dbg: message: MIME PARSER START
[6250] dbg: message: main message type: text/plain
[6250] dbg: message: parsing normal part
[6250] dbg: message: added part, type: text/plain
[6250] dbg: message: MIME PARSER END
[6250] dbg: message: decoding other encoding type (8bit), ignoring
[6250] dbg: rules: local tests only, ignoring RBL eval
Yow the way I see it, contains_ip() doesn't work.
I postet some debugging results on dev@spamassassin.apache.org
Here's what I thought yesterday:
Mail::SpamAssassin::NetSet::contains_ip(/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/NetSet.pm:146)
sub contains_ip {
my ($self, $ip) = @_;
if (!defined $self->{nets}) { return 0; }
if ($ip !~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) { return 0; }
$ip = Mail::SpamAssassin::Util::my_inet_aton($ip);
foreach my $net (@{$self->{nets}}) {
return !$net->{exclude} if (($ip & $net->{mask}) == $net->{ip})
}
0;
}
As far as I can see, (($ip & $net->{mask}) == $net->{ip}) never gives true,
even when $ip == $net->{ip}
I debugged through it with many different IPs and subnet settings and it
didn't give true even once.
I'm about to prepare a workaround and a different implementation for this
method but I'm no good in perl so it still gives me headaches.
Greetings...
Stephan
pgpERkC5IPw9J.pgp
Description: PGP signature
Re: errors in postgres database queries
Michael Parker wrote: > Ingo Freund wrote: > >>The system worked well with mySQL. > > > WARNING: Bayes SQL does indeed work best with MySQL. Feel free to > search the users/dev list in the past for more information. > > That might be, but where should be the need to let two different databases work if one could do it? On the servers here high performance ist not the important question. -Ingo.
RE: Trusted or internal networks not recognized
Stephan Menzel wrote: > > /etc/spamassassin/local.cf > > ---snip--- > clear_trusted_networks > trusted_networks 127.0.0 192.168 10 ... more networks to come here > > clear_internal_networks > internal_networks 10.1.71.0/24 10.1.3.0/24 10.1.76.29/24 ... here too > ---snip--- Looks good so far. > However, if the lines are parsed I only see stuff like this: > > [32116] dbg: moep: untrusted relay found 10.1.76.29 > [32116] dbg: received-header: relay 10.1.76.29 trusted? no internal? > no Ok. Show us the entire debug section where it parses the headers. Keep in mind that the interpretation of each header is influenced by the headers that precede it. Once SA finds one untrusted relay, everything else is untrusted by definition. -- Bowie
Shell Script SA-BOGO
Hi !I need help writing a shell script ( other langage possible ? ) wich uses incoming mail, class then with SP in 2 groups -> spam & ham, then send then to a bogofilter.my os is debian sarge.. Please helpThx
Re: 3.1.1 Upgrade Problems [solved]
> > On Fri, Mar 17, 2006 at 08:18:35PM -0800, Dan Kohn wrote: > >> Anything else to try? > > > > Nothing comes to mind. It looks like a bug in IO::Zlib or perl on > > your platform. > > > > Anyone else on FreeBSD having simliar problems? > > > I'm having this problem on Arch Linux with IO::Zlib 1.0.4. Replying to myself... I upgraded Archive::Tar and the error is gone now. Dale
Trusted or internal networks not recognized
Hi there, I'm currently about to customize a local (gentoo~) 3.1 installation to our specific needs. One of the first steps there was a special regex to catch our very own Received: headers To check if this works I modified some other SA code parts and enabled debug out. But here I had to realize that the Received line seems to be parsed correctly but the values are never recognized as part of either our trusted or internal network. Both are set like this (I simplyfied the example a bit) /etc/spamassassin/local.cf ---snip--- clear_trusted_networks trusted_networks 127.0.0 192.168 10 ... more networks to come here clear_internal_networks internal_networks 10.1.71.0/24 10.1.3.0/24 10.1.76.29/24 ... here too ---snip--- Then I changed the code in /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Conf.pm to see if the values are actually read in. Which is the case. However, if the lines are parsed I only see stuff like this: [32116] dbg: moep: untrusted relay found 10.1.76.29 [32116] dbg: received-header: relay 10.1.76.29 trusted? no internal? no Now the way I see it, the IP of our internal relay as well as other values inside the Received line are parsed correctly. My own debug output confirmed this. And the SA code later on should only check if the ip shown there is within the trusted or internal network. Which it should be bit SA always says "no" to both checks no matter what I specify in /etc/spamassassin/local.cf I tried all different mails, all different configurations, I tried using spamd or piping through SA directly, I never saw any 'yes' there. I'm not the perl expert so I'm finally stuck here with my own debugging efforts and don't know what to change or check anymore. But I would really need those internal networks to be recognized. Any suggestions? Greetings... Stephan pgpAgDVHtG2u7.pgp Description: PGP signature
Re: bayes still does not seem to work
>> Hello everyone, >> >> first of all, the setup: debian/sarge, amavisd-new, spamassassin >> 3.0.3, clamav-daemon, postfix. The server is a relay only, no mail is >> delivered >> locally, everything is sent to a "real" mail server. >> >> I have trained bayes with some 500 to 600 spams and about 300 hams, so >> spamassassin -D --lint says that bayes will be used. Still, there is >> NO sign of bayes working, even amavisd's reports don't mention it, >> only the default SA rules being hit. >> >> If I run SA from command line with one of the spam messages that made >> it to my mailbox, it gives them a pretty high score, and I can see that >> the bayes_99 rule was hit. >> >> Is this an issue with amavis, or what? >> >> Any clues will be appreciated. > Make sure the .spamassassin folder is linked/located correctly. > If you trained your bayes engine with the root account (for instance) > but amavisd is running as the user amavis, then the bayes_* files won't > be used. > You need to make sure amavisd use the correct files. > Cheers, This could be right. My /etc/spamassassin/local.cf is now: required_score 5.5 use_dcc 0 use_razor2 0 use_pyzor 0 use_bayes 1 bayes_path /var/spool/amavis/.spamassassin/ bayes_file_mode 0666 skip_rbl_checks 1 ok_languagesall ok_locales all score BAYES_99 6.5 Theline bayes_file_mode was missing, so all files in /var/spool/amavis/.spamassassin were -rw- with owner root. Let's see what happens... :) Thank you for your help! Gabor Sipos
