Re: Myway.com and RFC-ignorant.org
Hi, Michael Scheidell wrote: -Original Message- From: Anthony Peacock [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 04, 2006 5:06 AM To: SpamAssassin Users Subject: Myway.com and RFC-ignorant.org balance these scores out? I understand that SPF is not a sign of hammy/spammyness, but would I be openening up my system too much by But maybe ignoring emails to postmaster@ and abuse@ and having no valid whois contacts IS a sign of spammyness, and that they don't care if their users spam, have viruses or pass along phishing emails. Absolutely agreed! I wasn't questioning their listing in the rfc-ignorant.org RBLs. I was just wondering out loud if anyone had tried to convince Myway to fix their ways. Personally I have no qualms about dropping these emails, but you know users... Since you use SPF, you could use whitelist from spf to make sure that you aren't allowing in forged myway.com spam. Put this in local.cf in ../etc/spamassassin directory where local config files are. This is now what I have done on an individual user basis. There is no way I would whitelist the whole of myway. I generally try to avoid whitelisting if at all possible as I think it is a very blunt instrument and without SPF easy to fool, and adds an administrative overhead. On top of this I use SA via MailScanner so at the moment any whitelisting was done through the MailScanner rules, which provided me with consistent log analysis, adding a whitelist_from_spf into the SA config messes up the reporting and creates another file that needs maintaining. I could whitelist these addresses in the standard MailScanner method, but I like the idea of the extra protection against fraud that SPF provides. or whitelist_from_spf[EMAIL PROTECTED] (which would be the safest) This is what I am doing now. However, $$$ is the best way to get myway.com to act. Tell your user to get another ISP. If myway.com doesn't care about spam, viruses, network abuse then they don't care about the internet. Vote with your feet. Hmm! I would love to do this. I doubt whether my user would be happy to move him and his family. -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
Hello , Im new on spamassassin, but learning. I have a little error on startup sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.sock missing But the file is there?! It look likes sendmail is starting up first before the socket is made. Is there a sulution to prevent this? The second error is: localhost spamd: [2513] error: persistent_udp: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 : : The line = $self-{res}-persistent_udp(0); # bug 3997 : : Thanks for reply -- View this message in context: http://www.nabble.com/sendmail%3A-WARNING%3A-Xspamassassin%3A-local-socket-name--var-run-spamass.soc-tf1893556.html#a5178524 Sent from the SpamAssassin - Users forum at Nabble.com.
Warnings in procmail log
Hi, I'm getting the following three warning in my procmail log (machine name removed, just in case!), I assume I'm missing some configuration somewhere but don't know where! Can someone advise? Thanks, Geoff [8162] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory [8162] warn: config: failed to create default user preference file //.spamassassin/user_prefs [8162] warn: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.machine_name.8162 for //.spamassassin/auto-whitelist.lock: No such file or directory
Re: sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
On Wed, 5 Jul 2006, hansje2000 wrote: hEllo, Im new on spamassassin, but learning. I have a little error on startup sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.sock missing But the file is there?! It look likes sendmail is starting up first before the socket is made. Is there a sulution to prevent this? change the order when spamd and sendmail will be startet, in your /etc/rc directories: /etc/rc2.d/S70spamd /etc/rc2.d/S80sendmail for example. so spamd will start on bootup first, maybe enough time to create socket files, before sendmail is looking for them. The second error is: localhost spamd: [2513] error: persistent_udp: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 : : The line = $self-{res}-persistent_udp(0); # bug 3997 : : Thanks for reply havnt seen this on our setup, but the bug code could be found at bugzilla: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3997 not sure, if it fits your problem. worth a try. regrads, Matthias
Re: Warnings in procmail log
On Wed, 5 Jul 2006, Geoff Soper wrote: Hi, I'm getting the following three warning in my procmail log (machine name removed, just in case!), I assume I'm missing some configuration somewhere but don't know where! Can someone advise? Thanks, Geoff [8162] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory [8162] warn: config: failed to create default user preference file //.spamassassin/user_prefs [8162] warn: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.machine_name.8162 for //.spamassassin/auto-whitelist.lock: No such file or directory should look like: /home/$USER/.spamassassin/auto-whitelist.lock looks like the users home is missing somehow; would be of great help to analyze, if u would send your procmailrc. regards, Matthias
Re: Inappropriate ioctl for device
On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote:hello, I ran spamd as normal user and it gave me the below error [20405] error: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for devicedoes the directory /home/kaushal/spamass/ exists? if not create it first.found this while googling for Inappropriate ioctl for device. maybe it helps you too.regards,Matthias Hi Matthias The directory exists in my linux box, I have done a lot of search on Inappropriate ioctl for device but could not find any relevant answer, I believe you can help me in fixing this issue Thanks and Regards Kaushal
RE: SpamAssassin Howto
Andrew wrote: I've written a Howto document describing my SpamAssassin setup. I have a site-wide configuration using spamd/spamc with Bayesian and auto-whitelist data in a MySQL database. If anyone is interested in having a look, you can find it here: http://www.arda.homeunix.net/spamassassin.html Of course, constructive feedback is always welcome. I scanned through the document and found it to be good overall. I do have just a few comments. 1) The default value for required_score is 5, not 8. 2) I highly recommend enabling DCC and Razor2. 3) This may be a difference between FreeBSD and CentOS, but sa-update ran just fine for me with no other arguments. 4) Since this is meant to be a howto, you might want to mention that sa-update will frequently fail on the first attempt leaving a crippled SA install. A second attempt will download the rules properly. (or has this problem been fixed now?) 5) Also, the rule files from sa-update have a minor problem with a variable not being set properly. To fix this, you should specify report_contact in your local.cf file. Apart from these minor points, it is a good howto. I'm sure it will come in handy for new users. Is there a place on the wiki for posting links to howto documents? -- Bowie
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Kaushal Shriyan wrote: On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote: hello, I ran spamd as normal user and it gave me the below error [20405] error: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device does the directory /home/kaushal/spamass/ exists? if not create it first. found this while googling for Inappropriate ioctl for device. maybe it helps you too. regards, Matthias Hi Matthias The directory exists in my linux box, I have done a lot of search on Inappropriate ioctl for device but could not find any relevant answer, I believe you can help me in fixing this issue i'm not sure about auto_whitelist_path at all, so path means directories only and files will be created as: /home/kaushal/spamass/auto-whitelist/awl-file ?! if so, create auto-whitelist too :) well, we didnt issued auto_whitelist_path and sa creates auto-whitelist db-file in ~$USER/.spamassassin/auto-whitelist. regards, Matthias
RE: Spamassassin doing 20% of Job
Steve Downes wrote: Hi All, I'm using spamassassin v 3.03 perl 5.8.4 as supplied with Debian stable in conjuction with a postfix-procmail-dovecot setup. It is picking up about 20% of receives spam the general setup (procmail etc) appears to be OK. I am getting error messages in syslog of which the example below is typical. I have looked at the locations given in the error messages I'm afraid they are beyond my simple brain. Can anybody give me any pointers please? I can't help much with the error messages. They are Perl runtime errors and seem to indicate that your install is screwed up in some manner. I can give you a couple of general suggestions. 1) Install a newer version of SA. The current version is 3.1.3. You can either build the current version yourself, get it from CPAN, or get a newer version from debian-unstable. Spam is changing constantly. As with a virus checker, it is important to keep your SA installation up to date. Whichever update method you choose, you should probably remove your current version first. This will avoid have a double installation which can cause some REALLY frustrating problems. It will also help avoid migrating your current problems to the new install. 2) Enable URIDNSBL, Razor2, and DCC. These network tests will dramatically increase the effectiveness of SA. 3) Install some rules from www.rulesemporium.com. These rules fill in some gaps in the default rules. -- Bowie
Re: Inappropriate ioctl for device
On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote: On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote:On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Kaushal Shriyan wrote: hello, I ran spamd as normal user and it gave me the below error [20405] error: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device does the directory /home/kaushal/spamass/ exists? if not create it first. found this while googling for Inappropriate ioctl for device. maybe ithelps you too. regards,Matthias Hi Matthias The directory exists in my linux box, I have done a lot of search on Inappropriate ioctl for device but could not find any relevant answer, I believe you can help me in fixing this issue i'm not sure about auto_whitelist_path at all, so path means directories only and files will be created as: /home/kaushal/spamass/auto-whitelist/awl-file ?! if so, create auto-whitelist too :) well, we didnt issued auto_whitelist_path and sa creates auto-whitelist db-file in ~$USER/.spamassassin/auto-whitelist. regards, Matthias Hi Matthias Its there in [EMAIL PROTECTED] spamass]# pwd /home/kaushal/spamass [EMAIL PROTECTED] spamass]# ls auto-whitelist [EMAIL PROTECTED] spamass]#i was wrong with my installation, we have in local.cf:auto_whitelist_path/var/milter/.spamassassin/auto-whitelistauto_whitelist_file_mode 0600 and the result is:-rw--- 1 milter unixag 672022528 Jul5 16:11 /var/milter/.spamassassin/auto-whitelist are you using a dedicated user to run spamassassin? our is calledmilter, so milter must be able to read/write the awl file. look at the permissions of the directories, so your dedicated user can access the file.regards,Matthias Hi Mathias I have the below permissions and i also tested it running as normal user, I get [28976] error: auto-whitelist: cannot open auto_whitelist_path /var/lib/spamass/auto-whitelist: Inappropriate ioctl for device[28976] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /var/lib/spamass/auto-whitelist: Inappropriate ioctl for device [EMAIL PROTECTED] spamass]# lltotal 8-rw--- 1 root root 12288 Jul 5 18:58 auto-whitelist[EMAIL PROTECTED] spamass]#
Re: sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
Thaks for reply Matthias, First of all there is no spamd in /etc/rc2.d/, just a S80spamassassin, but i gues its the same. There is also a S80sendmail in /etc/rc2.d/ like you said. The bothe files are also in ?etc/rc1.d, rc3.d, rc4.d and rc5.d.. but i gues this is normal. So now the question: how to change the sequence of ordering in startup.? Can i just chance the S80 to a lower number. thanks and best regards -- View this message in context: http://www.nabble.com/sendmail%3A-WARNING%3A-Xspamassassin%3A-local-socket-name--var-run-spamass.soc-tf1893556.html#a5182925 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Matthias Fuhrmann wrote: /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device found another hint (http://www.wlug.org.nz/SpamAssassinNotes): [...] debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for device You're using old format database files. The perl version change effected a change of the BDB version being used. The bayes_seen and bayes_toks fixes are BDB files and can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and you can install the db4.2-util package. with HTML [...] Fix: apt-get install db4.3-util Go to where you Bayes DB's lie. db4.3_upgrade bayes_seen db4.3_upgrade bayes_toks Restart spamassassin, and voila! [...] try to investigate this issue. fix is for debian based linux distributions. db_upgrade is part of db4-utils package. but before upgrading, save your current files on safe place. regards, Matthias
Re: sendmail: WARNING: Xspamassassin: local socket name /var/run/spamass.soc
On Wed, 5 Jul 2006, hansje2000 wrote: Hi, Thaks for reply Matthias, np :) First of all there is no spamd in /etc/rc2.d/, just a S80spamassassin, but i gues its the same. There is also a S80sendmail in /etc/rc2.d/ like you said. yes, names can differ. The bothe files are also in ?etc/rc1.d, rc3.d, rc4.d and rc5.d.. but i gues this is normal. just have had a look in man init. so it depends on your default runlevel, defined in /etc/inittab: id:5:initdefault: on my setup its 5, so in my case i had to change SXX in rc5.d. but there is an issue of init, which goes through lower runlevel as well, but i'm not sure. so, to ensure it works on any runlevel, change all /etc/rcX.d/S80spamassassin to /etc/rcX.d/S60spamassassin So now the question: how to change the sequence of ordering in startup.? Can i just chance the S80 to a lower number. yes, lowering the number will give it an earlier start. regards, Matthias
Re: Bayes autolearn configuration
Steven Stern wrote: It appears that you do not yet have enough spam and ham in your database to enable learning. You need to use sa-learn to push some spam and ham through the system. That's not quite correct. There are no number of learned spam/ham thresholds for autolearning; the threshold is a combination of a basic score (check the Mail::SpamAssassin::Conf man page for the defaults on your system - IIRC it's 12 for spam, 0.1 for ham) and a requirement that at least 3 points come from header rules, and 3 from body rules. Again, check your local man page for the specific details on your local install. (This doesn't seem to have changed since Bayes was introduced.) The Bayes subsystem will not *return* a score until the numer of messages thresholds are passed - by default 200 each ham and spam. Manual training is still highly recommended early on, to make sure you get *accurate* training. I've got a number of systems I paid fairly close attention to early on, when I upgraded to SA2.54 and introduced them to Bayes support. I've *never* had to wipe and retrain any of them. (I *do* get customer missed-spam reports that occasionally show BAYES_{00,01,10} scores, but that's pretty rare, and I feed those messages back ASAP to keep things on track. Checking those messages afterward usually shows BAYES_50 or better.) Richard E. Bewley, Jr. wrote: SARE_OEM_PRODS_1,SARE_OEM_PRODS_FEW,SARE_OEM_PRO_DOL,SARE_PRODUCTS_02, SARE_PRODUCTS_03,UNPARSEABLE_RELAY,URIBL_JP_SURBL,URIBL_OB_SURBL, URIBL_SBL,URIBL_SC_SURBL,URI_NOVOWEL autolearn=no version=3.1.1 Richard, your system didn't autolearn this particular message because there weren't enough hits on header rules (UNPARSEABLE_RELAY is it, I think; network tests (eg, URIRBL*) are also ignored for determining which scoreset to use to decide whether to autolearn). The SARE rulesets look mostly at the message bodies IIRC. (from man Mail::SpamAssassin::Conf) Note that certain tests are ignored when determining whether a message should be trained upon: - rules with tflags set to 'learn' (the Bayesian rules) - rules with tflags set to 'userconf' (user white/black-listing rules, etc) - rules with tflags set to 'noautolearn' Also note that auto-training occurs using scores from either scoreset 0 or 1, depending on what scoreset is used during message check. It is likely that the message check and auto-train scores will be different. -kgd
Re: Inappropriate ioctl for device
On 7/5/06, Matthias Fuhrmann [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Matthias Fuhrmann wrote:/home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device [20405] warn: auto-whitelist: open of auto-whitelist file failed:auto-whitelist: cannot open auto_whitelist_path/home/kaushal/spamass/auto-whitelist: Inappropriate ioctl for device found another hint (http://www.wlug.org.nz/SpamAssassinNotes):[...]debug: open of AWL file failed: Cannot open auto_whitelist_path /root/.spamassassin/auto-whitelist: Inappropriate ioctl for deviceYou're using old format database files.The perl version change effected a change of the BDB version being used.The bayes_seen and bayes_toks fixes are BDB files and can be fixed by doing an db4.x_upgrade on them. sarge/hoary use Berkely DB 4.2, and youcan install the db4.2-util package. with HTML[...]Fix:apt-get install db4.3-utilGo to where you Bayes DB's lie.db4.3_upgrade bayes_seendb4.3_upgrade bayes_toksRestart spamassassin, and voila![...]try to investigate this issue. fix is for debian based linuxdistributions. db_upgrade is part of db4-utils package. but before upgrading, save your current files on safe place.regards,Matthias Hi Matthias I did db41_upgrade /var/lib/spamass/auto-whitelist and also deleted auto-whitelist also restarted the spamd but I am still able to reproduce the error Jul 5 19:52:17 smaapworld spamd[28976]: auto-whitelist: cannot open auto_whitel ist_path /var/lib/spamass/auto-whitelist: Inappropriate ioctl for device Jul 5 19:52:17 smaapworld spamd[28976]: auto-whitelist: open of auto-whitelist file failed: auto-whitelist: cannot open auto_whitelist_path /var/lib/spamass/au to-whitelist: Inappropriate ioctl for device Regards Kaushal
Re: decrease DNSBL timepout
On Tuesday, July 4, 2006, 7:52:39 AM, Jeff Chan wrote: On Tuesday, July 4, 2006, 5:01:21 AM, Pezhman Lali wrote: Hi else SURBL, neither of other DNSBL, not answer me, 1-why? 2- how can I decrease these 12 sec? best Pezhman Is there a recent version of Net::DNS installed on your system? If not you should install one. If the version is old, you should update it. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
spamd permision denied for non root user
hi before it, I used this comand to run spamassassin, with root permision. #spamd -u mail -dnow, spamd must be ran from local web page, (httpd ran as nobody) so spamd can not run, because of this error: [21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission deniedspamd: could not create INET socket on 127.0.0.1:784: Permission denied let me know how i can run spamd -u mail , with non root user? Best thanks for your reply and help Pezhman Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
Re: Myway.com and RFC-ignorant.org
On Wed, 5 Jul 2006, Anthony Peacock wrote: John D. Hardin wrote: On Tue, 4 Jul 2006, Anthony Peacock wrote: Myway.com seem to publish a proper SPF record. The default score for SPF_PASS is -0.0. Would anyone recommend lowering that slightly to help balance these scores out? I understand that SPF is not a sign of hammy/spammyness, but would I be openening up my system too much by lowering the SPF_PASS score? Do it just for myway. Something like (off the top of my head, syntax is probably off): header __MYWAY Received =~ /myway\.com/ metaMYWAY_TWEAK __MYWAY SPF_PASS score MYWAY_TWEAK -2.0 Hmm! This looks interesting. I will try this out. Mind you I am still not sure that I want to trust all Myway users in this way :-) I'm also not at all sure this is any different in effect from whitelist_from_spf [EMAIL PROTECTED] - but it *will* let you finely tune just *how much* you trust myway.com emails... -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --
Installation issues
Hello everybody. I have installed spamassassin 3.1.3 on redhat Linux Enterprise 3. I'm getting this error messages: spamassassin --lint returns: [17919] warn: config: SpamAssassin failed to parse line, "/usr/bin/pyzor" is not valid for "pyzor_path", skipping: pyzor_path /usr/bin/pyzor[17919] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc[17919] warn: config: warning: score set for non-existent rule ST_m_singlesitepam[17919] warn: lint: 3 issues detected, please rerun with debug enabled for more information i checked the system and it seems pyzor and dccproc are not installed (installation did not ask for them), how can i be sure of this??.. do i have to install these scrpits??.. where can i find them??.. another issue: when execute /etc/init.d/spamassassin (start or stop, whatever option), it returns this message: [18333] warn: archive-iterator: unable to open status: No such file or directory. How can i fix this?.. eventhough these issues, spamassasin is working good and integrated with MailScanner. Thanks and regards.
RE: sa-update question
Jerry Bell wrote: I'm running 3.1.3 on a FreeBSD server. I just found out about sa-update which looks like a great tool. My question is this: how can I take advantage of the updated configs? The problem that I see is that Freebsd uses completely non standard directories for everything, so I don't have much confidence that the updates are being picked up. I added include /var/lib/spamassassin/3.001003/updates_spamassassin_org.cf to local.cf. Don't do that. How can I tell that those files are actually being included? I added include x to the end of update_spamassassin_org.cf, and there were no errors. The files referenced in update_spamassassin_org.cf are relative to /var/lib/spamassassin/3.001003, but I'm not seeing where spamassassin would know to look in that directory based on some path style setting. You don't need to include the directory. SA will automatically use it if it exists. Run SA in debug mode to see which directory it uses. spamassassin -D config --lint -- Bowie
Re: spamd permision denied for non root user
On Wed, 5 Jul 2006, Pezhman Lali wrote: before it, I used this comand to run spamassassin, with root permision. #spamd -u mail -d now, spamd must be ran from local web page, (httpd ran as nobody) so spamd can not run, because of this error: [21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission denied spamd: could not create INET socket on 127.0.0.1:784: Permission denied let me know how i can run spamd -u mail , with non root user? Edit your spamd and spamc configs to use a port number 1024 (for example, 7840). Only root can listen on port numbers 1024. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Look at the people at the top of both efforts. Linus Torvalds is a university graduate with a CS degree. Bill Gates is a university dropout who bragged about dumpster-diving and using other peoples' garbage code as the basis for his code. Maybe that has something to do with the difference in quality/security between Linux and Windows. -- anytwofiveelevenis on Y! SCOX --
Re: spamd permision denied for non root user
Dear JohnThanks for your great help. sorry because of my linux weakness.now , there is another problem: all of things are good till, spamassassin wants to build a child , and non end loop:spamd: setuid to uid 200 failed[25233] info: spamd: server successfully spawned child process, pid 25488[25233] dbg: prefork: child 25488: entering state 0[25233] dbg: prefork: new lowest idle kid: none[25233] dbg: prefork: child closed connection[25233] info: prefork: child states: SS[25233] dbg: prefork: adjust: increasing, not enough idle children (0 1)[25233] info: spamd: server successfully spawned child process, pid 25489[25489] dbg: spamd: initial attempt to change real uid failed, trying BSD workaround[25489] error: spamd: setuid to uid 200 failedspamd: setuid to uid 200 failed where is the problem?thanks Pezhman"John D. Hardin" [EMAIL PROTECTED] wrote: On Wed, 5 Jul 2006, Pezhman Lali wrote: before it, I used this comand to run spamassassin, with root permision. #spamd -u mail -d now, spamd must be ran from local web page, (httpd ran as nobody) so spamd can not run, because of this error: [21152] error: spamd: could not create INET socket on 127.0.0.1:784: Permission denied spamd: could not create INET socket on 127.0.0.1:784: Permission denied let me know how i can run spamd -u mail , with non root user?Edit your spamd and spamc configs to use a port number 1024 (forexample, 7840). Only root can listen on port numbers 1024.--John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79---Look at the people at the top of both efforts. Linus Torvalds is auniversity graduate with a CS degree. Bill Gates is a universitydropout who bragged about dumpster-diving and using other peoples'garbage code as the basis for his code. Maybe that has something todo with the difference in quality/security between Linux andWindows. -- anytwofiveelevenis on Y! SCOX-- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail Beta. Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
can'nt build child
the system runs th spamassassin as nobody user on port 1100, in debug mode ,there is a non end loop:contained: Thanks for your great help. sorry because of my linux weakness.now , there is another problem: all of things are good till, spamassassin wants to build a child , and non end loop:spamd: setuid to uid 200 failed[25233] info: spamd: server successfully spawned child process, pid 25488[25233] dbg: prefork: child 25488: entering state 0[25233] dbg: prefork: new lowest idle kid: none[25233] dbg: prefork: child closed connection[25233] info: prefork: child states: SS[25233] dbg: prefork: adjust: increasing, not enough idle children (0 1)[25233] info: spamd: server successfully spawned child process, pid 25489[25489] dbg: spamd: initial attempt to change real uid failed, trying BSD workaround[25489] error: spamd: setuid to uid 200 failedspamd: setuid to uid 200 failed where is the problem?thanks Pezhman Sneak preview the all-new Yahoo.com. It's not radically different. Just radically better.
Re: Spamassassin doing 20% of Job
Yes, I was thinking of that. There are a few things on this server that need an update most notably a 2.6 kernel. Trouble is it's a server it's my business. I will build up another machine swop over. Many thanks Steve On Wed, 5 Jul 2006 09:28:58 -0400 Bowie Bailey [EMAIL PROTECTED] wrote: Steve Downes wrote: Hi All, I'm using spamassassin v 3.03 perl 5.8.4 as supplied with Debian stable in conjuction with a postfix-procmail-dovecot setup. It is picking up about 20% of receives spam the general setup (procmail etc) appears to be OK. I am getting error messages in syslog of which the example below is typical. I have looked at the locations given in the error messages I'm afraid they are beyond my simple brain. Can anybody give me any pointers please? I can't help much with the error messages. They are Perl runtime errors and seem to indicate that your install is screwed up in some manner. I can give you a couple of general suggestions. 1) Install a newer version of SA. The current version is 3.1.3. You can either build the current version yourself, get it from CPAN, or get a newer version from debian-unstable. Spam is changing constantly. As with a virus checker, it is important to keep your SA installation up to date. Whichever update method you choose, you should probably remove your current version first. This will avoid have a double installation which can cause some REALLY frustrating problems. It will also help avoid migrating your current problems to the new install. 2) Enable URIDNSBL, Razor2, and DCC. These network tests will dramatically increase the effectiveness of SA. 3) Install some rules from www.rulesemporium.com. These rules fill in some gaps in the default rules. -- Bowie
Spam success stats
Does anyone have a source for statistics on spam victims, ie. the number of people who actually click on the "Remove Me" line, or who "update their banking information", or who actually buy those pencil enlargement pills?
RE: sa-update question
-Original Message- From: Jerry Bell [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 05, 2006 12:40 PM To: users@spamassassin.apache.org Subject: sa-update question I'm running 3.1.3 on a FreeBSD server. I just found out about sa-update which looks like a great tool. My question Best thing to do is: sa-update --updatedir /usr/local/share/spamassassin (assuming you used fbsd ports to install with defaults) Then restart SA.
Looking for Turn-key SA solution
Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus). -- Burton Windle [EMAIL PROTECTED]
Re: Spam success stats
Joe Zitnik wrote: Does anyone have a source for statistics on spam victims, ie. the number of people who actually click on the Remove Me line, or who update their banking information, or who actually buy those pencil enlargement pills? Not as such but there was one client who hadn't payed his bills so no updates were done on his system, which was then compromised and had a fake banking site installed on it. I noticed it pretty quickly but during the time it was up (about 2 hours) there were 12 people who obviously gotten a bank spam/scam and had entered in their private PIN and bank account information. We contacted the bank the next day and they took care of those clients but I was still amazed to see 12 people enter their private information in 2 hours. Regards, Rick
Re: spamd permision denied for non root user
On Wed, 5 Jul 2006, Pezhman Lali wrote: [25489] dbg: spamd: initial attempt to change real uid failed, trying BSD workaround [25489] error: spamd: setuid to uid 200 failed spamd: setuid to uid 200 failed Non-root users cannot change the user-id on a running process. Take a look at the parts of your config file that talk about which user to run spamd as, and try setting them to the user that is actually running the programs (e.g. you). Having the daemon change to another user is a security feature intended to not expose root-level permissions through any bugs in the program. If you're not running as root you already have a lower level of permissions, so there's little point to changing the userid. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- What nuts do with guns is terrible, certainly. But what evil or crazy people do with *anything* is not a valid argument for banning that item. -- John C. Randolph [EMAIL PROTECTED] ---
Re: Inappropriate ioctl for device
On Wed, 5 Jul 2006, Kaushal Shriyan wrote: [...] are some of your partitions mounted via nfs? if so, try using in your local.cf: lock_method nfssafe this should the default value if you didnt set lock_method flock which is not nfs safe. i can reproduces the message, when i access a nfs mounted directory using: lsattr -d /nfs-mounted-directory lsattr: Inappropriate ioctl for device so investigate the nfs mounts on your system. hopefully they exists, so we come closer to a solution :) didnt got an answer by Kaushal yet; so can anyone confirm this behavior of db files in a nfs mounted directory? regards, Matthias
Re: Looking for Turn-key SA solution
Burton Windle wrote: Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus). One option would be Can-It, from Roaring Penguin (http://www.roaringpenguin.com). They sell pre-built appliances with Can-It installed. Can-It is Sendmail + MIMEDefang + SpamAssassin + ClamAV + some proprietary features including GUI quarantine, etc. We've been using the open setup (Sendmail + MIMEDefang + SpamAssassin + ClamAV) with great success. Nels Lindquist
Re: Looking for Turn-key SA solution
On 5-Jul-06, at 3:37 PM, [EMAIL PROTECTED] wrote:Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus).-- Burton Windle [EMAIL PROTECTED] Mac OS X Server 10.4.x comes with Postfix-Cyrus-Amavis-Spamassassin-ClamAV-SquirrelMail-Mailman pre-installed with a nice GUI to configure the basic settings. More advanced settings are still done through config files at the command line.Mac OS X Server web page: http://www.apple.com/server/macosx/Info about mail services (includes a look at the spam and virus configuration panel): http://www.apple.com/server/macosx/features/mailservices.html--Gino CerulloPixel Point Studios21 Chesham DriveToronto, ON M3M 1W6T: 416-247-7740F: 416-247-7503 smime.p7s Description: S/MIME cryptographic signature
Re: Warnings in procmail log
From: Geoff Soper [EMAIL PROTECTED] Hi, I'm getting the following three warning in my procmail log (machine name removed, just in case!), I assume I'm missing some configuration somewhere but don't know where! Can someone advise? Thanks, Geoff [8162] warn: config: cannot write to //.spamassassin/user_prefs: No such file or directory [8162] warn: config: failed to create default user preference file //.spamassassin/user_prefs [8162] warn: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.machine_name.8162 for //.spamassassin/auto-whitelist.lock: No such file or directory Somehow you have spamassassin's user setup to have a home directory of /. Fix that and you'll be happier. This may be in procmail since that seems to be how you call SA. Are you intending to run as a global Bayes and rules or are you intending to run individual rules and Bayes? Discussion below presumes individual rules and Bayes. You need DROPPRIVS=yes somewhere near the front of your .procmailrc. Then you need to call spamc. The sum total would look like this below. Be sure to replace username with the actual user or a macro that is defined as the the user id.: ===8--- DROPPRIVS=yes # Other procmail rules to preprocess email before SpamAssassin # go here. # Then we run SpamAssassin via spamc. I run it this way because I # sometimes put additional procmail rules inside the braces, I don't # scan files larger than 500k, and I do not scan files to any of the # spamassassin mailing lists. :0 * 50 * !^List-Id: .*(spamassassin\.apache.\org) { :0 fw: spamassassin.lock | /usr/bin/spamc -t 150 -u username } ===8--- The spamc part can be reduced to this at it's simplest: ===8--- :0 fw: spamassassin.lock | /usr/bin/spamc -t 150 -u username ===8--- I included the version I use for such educational value as it might have. {^_^}
Re: Looking for Turn-key SA solution
On 7/5/06, Burton Windle [EMAIL PROTECTED] wrote: Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus). It's not exactly a vendor solution, but: http://www.vmware.com/vmtn/appliances/directory/255
Re: Warnings in procmail log
On 7/5/06, jdow [EMAIL PROTECTED] wrote: You need DROPPRIVS=yes somewhere near the front of your .procmailrc. No, you don't. By the time the .procmailrc is read, privileges have already been dropped. The only place you need DROPPRIVS=yes is in /etc/procmailrc in the event that you want to give up privileges before the end of that file has been reached. You should not have an /etc/procmailrc file at all unless you have carefully studied what belongs there.
Realy mixed up
Realy mixed up. Okey i have read some post at this topic and seems to be a more than i person have the same problem. first of all i gonna tel whate i have in the box. ---redhat 9 ---sendmail ---today YUM update have root permission, and maked a usr for spamassassin like spambucked Downloaded some things like: spamass-milter-0.3.0-1.rf.src.rpm and --rebuilt it Mail-SpamAssassin-3.1.3.tar and --rebuilt is. So lets look if redhat9 is cool! rpms hmmm easy, installs looks fine. Okey lets fire thinks up. problem? hmmm yes [EMAIL PROTECTED] root]# spamd -u spambucket [3470] error: persistent_udp: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 [3470] warn: dns: Net::DNS version is 0.31, but need 0.34 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 589. [3470] info: spamd: server started on port 783/tcp (running version 3.1.3) [3470] info: spamd: server pid: 3470 [3470] info: spamd: server successfully spawned child process, pid 3472 [3470] info: spamd: server successfully spawned child process, pid 3473 [3470] info: prefork: child states: II Okey and lets look whate is done bij the mail-log after sent some spam to myself: Jul 6 00:08:19 localhost sendmail[3533]: k65M8JTm003533: from=[EMAIL PROTECTED], size=2946, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=smtp-vbr1.xs4all.nl [194.109.24.21] Jul 6 00:08:19 localhost spamd[3525]: spamd: connection from localhost.localdomain [127.0.0.1] at port 33410 Jul 6 00:08:19 localhost spamd[3525]: mkdir /root/.spamassassin: Toegang geweigerd at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1486 Jul 6 00:08:19 localhost spamd[3525]: spamd: processing message [EMAIL PROTECTED] for root:508 Jul 6 00:08:19 localhost spamd[3525]: mkdir /root/.spamassassin: Toegang geweigerd at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1486 Jul 6 00:08:19 localhost spamd[3525]: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.ProdecoBoy.3525 for /root/.spamassassin/auto-whitelist.lock: Toegang geweigerd Jul 6 00:08:19 localhost spamd[3525]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.ProdecoBoy.3525 for /root/.spamassassin/auto-whitelist.lock: Toegang geweigerd Jul 6 00:08:19 localhost spamd[3525]: spamd: identified spam (1001.3/5.0) for root:508 in 0.1 seconds, 3255 bytes. Jul 6 00:08:19 localhost spamd[3525]: spamd: result: Y 1001 - GTUBE,HTML_MESSAGE,MISSING_SUBJECT scantime=0.1,size=3255,user=root,uid=508,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=33410,mid=[EMAIL PROTECTED],autolearn=no Jul 6 00:08:19 localhost sendmail[3533]: k65M8JTm003533: Milter add: header: X-Spam-Flag: YES Jul 6 00:08:19 localhost sendmail[3533]: k65M8JTm003533: Milter add: header: X-Spam-Status: Yes, score=1001.3 required=5.0 tests=GTUBE,HTML_MESSAGE,\r\n\tMISSING_SUBJECT autolearn=no version=3.1.3 Jul 6 00:08:19 localhost sendmail[3533]: k65M8JTm003533: Milter: data, reject=550 5.7.1 Blocked by SpamAssassin Jul 6 00:08:19 localhost sendmail[3533]: k65M8JTm003533: to=[EMAIL PROTECTED], delay=00:00:00, pri=32946, stat=Blocked by SpamAssassin Jul 6 00:08:19 localhost spamd[3470]: prefork: child states: II Problem 1: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 Problem 2: dns: Net::DNS version is 0.31, but need 0.34 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 589. Problem 3: mkdir /root/.spamassassin: Toegang geweigerd at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1486 Problem 4: mkdir locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.ProdecoBoy.3525 for /root/.spamassassin/auto-whitelist.lock: Toegang geweigerd Problem 5: etc... etc.. Whate went wrong? Thaks and best regards Henco de Keijzer -- View this message in context: http://www.nabble.com/Realy-mixed-up-tf1897643.html#a5191063 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Realy mixed up
hansje2000 wrote: Realy mixed up. Okey i have read some post at this topic and seems to be a more than i person have the same problem. first of all i gonna tel whate i have in the box. ---redhat 9 ---sendmail ---today YUM update have root permission, and maked a usr for spamassassin like spambucked snip Problem 1: no such method at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/DnsResolver.pm line 98 Problem 2: dns: Net::DNS version is 0.31, but need 0.34 at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Dns.pm line 589. Both 1 and 2 can be solved by upgrading the perl Net::DNS module to 0.34 or higher. Check your distro packages, or update it from CPAN. Odds are you'll have to go the CPAN path.. RedHat 9 is pretty ancient, and is weakly supported by fedora legacy for critical security issues only. Problem 3: mkdir /root/.spamassassin: Toegang geweigerd at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1486 Care to translate Toegang geweigerd? I don't speak Dutch. That said, it looks like it's still trying to access /root/.spamassassin, despite running as spambucket. What's spambucket's home dir in /etc/passwd? Does this user have a /home/spambucket, and is it correctly mentioned in the passwd config? Do you have a bayes_path statement in any of your config files? Problem 4: mkdir locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.ProdecoBoy.3525 for /root/.spamassassin/auto-whitelist.lock: Toegang geweigerd Problem 5: etc... etc.. Repeats of 3..
Re: Looking for Turn-key SA solution
http://www.fsl.com/defender5.html Ken Pacific.Net Burton Windle wrote: Does anybody know of a vendor that sells boxes with SpamAssassin pre-installed, with a pretty GUI with quarantine ability? (My company won't allow home-brewed solutions, as they want a vendor to call if I get hit by a spam bus).
Re: Realy mixed up
Heute (06.07.2006/01:20 Uhr) schrieb Matt Kettler, Problem 3: mkdir /root/.spamassassin: Toegang geweigerd at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1486 Care to translate Toegang geweigerd? I don't speak Dutch. ;) Access/Permission denied or so That said, it looks like it's still trying to access /root/.spamassassin, despite running as spambucket. What's spambucket's home dir in /etc/passwd? Does this user have a /home/spambucket, and is it correctly mentioned in the passwd config? Do you have a bayes_path statement in any of your config files? Problem 4: mkdir locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.ProdecoBoy.3525 for /root/.spamassassin/auto-whitelist.lock: Toegang geweigerd Problem 5: etc... etc.. Repeats of 3.. -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Bücher sind oft die besten Freunde. Aber sie sollten nicht die einzigen in unserem Leben sein. (Marie von Ebner- Eschenbach) -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1645 Build 7626 05.07.2006
false positive with dialup to gmx, problem with HELO_DYNAMIC?
Hi! SpamAssassin version 3.1.3 is reporting a false positive if the sender (gmx address) has a dialup connection and the recepiant (also gmx address) uses fetchmail to pull the message from pop.gmx.net (see example below). The HELO_DYNAMIC rules apply because mail.gmx.net does not add authentication tokens to the recieved header, and because mail.gmx.net does not relay the message. Is there a way to tell SA that I'm positive about mail.gmx.net to only allow authenticated connections, similar to trusted_networks? Adding mail.gmx.net to trusted_networks does not help. Or have I missed the point of HELO_DYNAMICs? Cheers Raimar Sandner === example [9097] dbg: dns: is DNS available? 1 [9097] dbg: received-header: found fetchmail marker outside trusted area, ignored [9097] dbg: dns: looking up PTR record for '84.56.243.215' [9097] dbg: dns: PTR for '84.56.243.215': 'dslb-084-056-243-215.pools.arcor-ip.net' [9097] dbg: received-header: parsed as [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] [9097] dbg: received-header: relay 84.56.243.215 trusted? no internal? no [9097] dbg: metadata: X-Spam-Relays-Trusted: [9097] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] [9097] dbg: metadata: X-Spam-Relays-Internal: [9097] dbg: metadata: X-Spam-Relays-External: [ ip=84.56.243.215 rdns=dslb-084-056-243-215.pools.arcor-ip.net helo=dslb-084-056-243-215.pools.arcor-ip.net by=mail.gmx.net ident= envfrom= intl=0 id= auth= ] snip [9097] dbg: check: is spam? score=7.755 required=5.0 [9097] dbg: check: tests=BAYES_00,HELO_DYNAMIC_DHCP,HELO_DYNAMIC_IPADDR,RCVD_IN_NJABL_DUL,SPF_FAIL [9097] dbg: check: subtests=__CD,__CT,__CTYPE_HAS_BOUNDARY,__ENV_AND_HDR_FROM_MATCH,__HAS_MSGID,__HAS_RCVD,__HAS_SUBJECT,__MIME_VERSION,__MSGID_OK_DIGITS,__NONEMPTY_BODY,__RCVD_IN_NJABL,__SANE_MSGID,__SARE_BODY_BLANKS_5_100,__SARE_BODY_BLNK_5_100,__SARE_HEAD_HDR_XGMXAV,__SARE_HEAD_MIME_VALID,__SARE_HEAD_RECV_GMX,__SARE_WHITELIST_FLAG,__TOCC_EXISTS,__USER_AGENT Content analysis details: (7.8 points, 5.0 required) pts rule name description -- -- 4.2 HELO_DYNAMIC_IPADDRRelay HELO'd using suspicious hostname (IP addr 1) 3.1 HELO_DYNAMIC_DHCP Relay HELO'd using suspicious hostname (DHCP) 1.1 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/why.html?sender=...%40gmx.deip=84.56.243.215receiver=localhost] -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [84.56.243.215 listed in combined.njabl.org] Return-Path: [EMAIL PROTECTED] X-Flags: Delivered-To: GMX delivery to [EMAIL PROTECTED] Received: from pop.gmx.net [213.165.64.22] by localhost with POP3 (fetchmail-6.3.4) for [EMAIL PROTECTED] (single-drop); Thu, 06 Jul 2006 00:03:40 +0200 (CEST) Received: (qmail invoked by alias); 05 Jul 2006 22:03:21 - Received: from dslb-084-056-243-215.pools.arcor-ip.net (EHLO localhost) [84.56.243.215] by mail.gmx.net (mp039) with SMTP; 06 Jul 2006 00:03:21 +0200 X-Authenticated: #3609755 Date: Thu, 6 Jul 2006 00:03:12 +0200 From: Raimar Sandner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Test Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary=nFreZHaLTZJo0R7j Content-Disposition: inline User-Agent: Mutt/1.5.11 X-GMX-Antivirus: -1 (not scanned, may not use virus scanner) X-GMX-Antispam: -2 (not scanned, spam filter disabled) X-GMX-UID: TEbFK1cPMydyFcxBXWpl/+5raGRhZtpE === end example
Re: false positive with dialup to gmx, problem with HELO_DYNAMIC?
Raimar Sandner wrote: Hi! SpamAssassin version 3.1.3 is reporting a false positive if the sender (gmx address) has a dialup connection and the recepiant (also gmx address) uses fetchmail to pull the message from pop.gmx.net (see example below). The HELO_DYNAMIC rules apply because mail.gmx.net does not add authentication tokens to the recieved header, and because mail.gmx.net does not relay the message. Is there a way to tell SA that I'm positive about mail.gmx.net to only allow authenticated connections, similar to trusted_networks? Adding mail.gmx.net to trusted_networks does not help. Removing mail.gmx.net from your trusted networks will work. Of course you can only do that if both 213.165.64.21 and 213.165.64.20 don't appear in mail relayed via your (or gmx.net's) MXes. Daryl