Re: Which DB is actually used?
jdow skrev: From: "Logan Shaw" <[EMAIL PROTECTED]> On Fri, 8 Sep 2006, Bo Mellberg wrote: It seems like the exim-users database is being touched regularly, so I'm guessing that it has been set up by apt-get in some "auto-learning" state. Yes, you might want to check whatever's running SpamAssassin and see what user it's running as and also check the configuration files (probably in /etc/mail/spamassassin) to see where it's storing the database. I have earlier trained spam and ham as user "bosse", which is why there is a working db there as well. As I am the only user on my system, it really doesn't matter if I use site-wide or not, but rather how I invoke sa-learn. Lets say I remove the databases for "bosse" and "root". Is this the proper >> way to invoke sa-learn: 1. Log on as user "bosse" 2. sa-learn --showdots --sync --dbpath /var/spool/exim4/.spamassassin --spam /home/bosse/Maildir/.MissedSpam/cur Probably not, or at least not the best way. Absolutely not. The database under "bosse" is quite apparently not being used except for his misplaced training. He needs to "su -l exim4" and then run sa-learn. I thought that this was what --dbpath was meant for. To tell sa-learn what database to actually update. In the case above, the exim DB is trained with spam from the "bosse"-user. So IF the exim DB is the one used for spam control, it would with the above command be the one trained, no? A better solution is ofcourse to tell SA to use "per user" databases and log on as bosse and train normally. I'll do some RTFM and googling to see how the setup for Debian is actually made. /Bo
ZMI
what is the current home of the ZMI (german) ruleset? Wolfgang Hamann
Re: Bayes Test runs sometimes and sometimes it doesn't
David Reta wrote: > > I am running spamassassin 3.1.5 which is being called from mimedefang. > I am using bayes over nfs which is shared between 2 mail relays. > Not that it's causing your problem.. but Ouch. Why share over NFS? use a mysql database, you'll get substantially better performance, and fewer opportunities for database corruption. > > We have been having some issues with some spam getting through. I did > some investigating and found out that the spam that is getting through > is not running the bayes test. Even if nothing in the bayes database > is found shouldn’t at least BAYES_00 show up? > > Do you think maybe that the bayes might be timing out? If so how can > the timeout be increased. Any ideas will help. > No, there's no such thing as a bayes timeout that would affect message scanning. Autolearning, yes.. scanning, no. > > Here is the output of the MSG.0 file from the quarantined message. As > you can see the bayes test is not run. I ran the message manually as > the same user that runs mimedefang which is shown right after and the > Bayes test is run. > In general, your problem sounds very much like the two runs are getting their bayes DBs from different spots. Be sure to check mimedefang specific files like sa-mimedefang.cf for explicit bayes_path declarations. If there is one, it will cause mimedefang to use a different bayes DB than any other SA command-line tools are using, as they will not parse this file. Put your site-wide configuration options in local.cf, not sa-mimedefang.cf
Re: Rule help needed
From: "Theo Van Dinter" <[EMAIL PROTECTED]> On Tue, Sep 12, 2006 at 08:47:19PM -0700, jdow wrote: I've been contemplating that to a degree. It would be nice if I could use the standard rule paths and designate one extra directory for included rules from it. Then I could run, for a two user installation, a pair of spamd processes with a minimalist number of children and optimize the filtering. But from the aesthetic standpoint is there a way right now to perform this hack? Hrm. You'd have to run the other spamd on a different port (or different IP), but you could have a different site config path (spamd --siteconfigpath). If you want to share between the two instances, you can symlink config files and such. That's the first thing that comes to mind anyway. <> I was thinking that if an 'include' directive existed that could accept the -u username parameter value as one of its components the idea would be a slam dunk. {^_^}
Re: Rule help needed
On Tue, Sep 12, 2006 at 08:47:19PM -0700, jdow wrote: > I've been contemplating that to a degree. It would be nice if I could > use the standard rule paths and designate one extra directory for > included rules from it. Then I could run, for a two user installation, > a pair of spamd processes with a minimalist number of children and > optimize the filtering. > > But from the aesthetic standpoint is there a way right now to perform > this hack? Hrm. You'd have to run the other spamd on a different port (or different IP), but you could have a different site config path (spamd --siteconfigpath). If you want to share between the two instances, you can symlink config files and such. That's the first thing that comes to mind anyway. -- Randomly Generated Tagline: "I can shoot the manager while I'm at it ... kind of like a bonus." - Shawshank Redemption pgpf0z6M4MIBO.pgp Description: PGP signature
Re: Setting up DKIM and DomainKeys mail signing and verification
From: "SM" <[EMAIL PROTECTED]> # DKIM and DK-based whitelisting may be used reliably: score USER_IN_DKIM_WHITELIST -3.0 whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dk [EMAIL PROTECTED] This approach is better. While I am in a silly mood something like this might be nice whitelist_from_dkim [EMAIL PROTECTED] -0.5 Now, I would not want to give "bigisp" MUCH of a break. But some gubbage "bigisp" places on the bottom of messages triggers rules from time to time that tip list mail into spam buckets. {^_^}
Re: Rule help needed
From: "Theo Van Dinter" <[EMAIL PROTECTED]> It's also worth noting that allow_user_rules makes spamd less efficient, at a minimum because it has to rebuild all of the rule eval strings for every message. IMO, don't enable allow_user_rules unless you really need to do it. I've been contemplating that to a degree. It would be nice if I could use the standard rule paths and designate one extra directory for included rules from it. Then I could run, for a two user installation, a pair of spamd processes with a minimalist number of children and optimize the filtering. The only reason I've not explored it is "why bother?" At the moment SpamAssassin is not using much machine at all for two people with under a dozen mail accounts. But from the aesthetic standpoint is there a way right now to perform this hack? {^_-}<- Yeah, she does get silly now and then.
Re: Anyone get the Sa coach outlook plugin to work?
on a related note: How do you make spamd listen on port 783 - when I telnet to that port it times out - I get no answer. Michael Scheidell wrote: And how did you do it? Thunderbird plugin works, verified I can PING SPAMC/1.0 (pong) the server. Tcpdump on port 783 doesn't even show the outlook plugin even attempting to talk to server. No error messages, no diagnostics messages, no indication that spam was learnt/unlearnt, forgotten or ignored. No indication of dlls' missing, or permission errors. Tried it on three different networks, ranging from outlook 2000 to outlook xp. So, anyone get it to work and how did you do it? (readme file does not yield the deep dark secrets in getting this to work)
Re: Rule help needed
On Tue, Sep 12, 2006 at 11:24:37PM -0400, Matt Kettler wrote: > might discover and publish and exploit for. Keeping allow_user_rules off > protects you from future exploits in this area if you have untrusted users. It's also worth noting that allow_user_rules makes spamd less efficient, at a minimum because it has to rebuild all of the rule eval strings for every message. IMO, don't enable allow_user_rules unless you really need to do it. -- Randomly Generated Tagline: "We had no idea that part of our AAA dues were being spent on lobbyists who oppose just about everything having to do with public transportation. If AAA thinks that it's a good idea for every single person to get to work in 3000 pounds of iron, we sure don't want to help support such a silly idea. Cars stink. Everybody knows that."- Tom Magliozzi pgpiWXcJ78RjK.pgp Description: PGP signature
Re: Rule help needed
Bowie Bailey wrote: > kavaXtreme wrote: > >> I've read and read and read till my mind feels like spaghetti puree. >> I'm really hoping someone here can help with my question. >> >> My main question is, why doesn't the following rule work: >> header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i >> score ROMPE_BADRECIPS 4.5 >> describe ROMPE_BADRECIPS Spam trap recipient >> >> (Background: used on a Cpanel account in a manually-edited user_prefs >> file.) >> > > Make sure you have allowed user rules. By default, you cannot create > rules in a user_prefs file. To allow it, add this to your local.cf > file: > > allow_user_rules 1 > Clarification: Currently this only applies if you're using spamd/spamc, which most folks do use. However, if you test using the "spamassassin" script, the rules will run, so be aware of the difference. Note: the user rule restriction is done to prevent security holes where a user constructs a malicious rule with a regex that tries to execute shell commands. SA tries to prevent this by checking the regexes, and being strict about setuid'ing spamd before running the rules. However, you never know what might have slipped through the cracks that someone might discover and publish and exploit for. Keeping allow_user_rules off protects you from future exploits in this area if you have untrusted users. > >> Secondary questions. If this rule can be made to work: >> 1. Will the Bayes filter learn from msgs this rule flags? >> > > Yes. > Clarification: First, I assume you're talking about bayes autolearning. In which case, Yes this rule will contribute to triggering autolearning. However, be aware that you don't just need points to cause spam autolearning. You need at least 3.0 header rule points AND 3.0 body rule points. This rule would contribute to the header rule tally, but you'll need other rules to cover the body criteria.
Re: Why these errors
Theo Van Dinter wrote: > On Tue, Sep 12, 2006 at 04:10:40PM -0500, Igor Chudov wrote: > >> Sep 12 16:07:47 manifold spamd[4270]: spamd: still running as root: user not >> specified with -u, not found, or set to root, falling back to nobody at >> /usr/bin/spamd line 1147, line 4. >> >> how would I get rid of them. >> > > Stop calling spamd (via spamc) as root. > > Or create a dedicated user for spamd to run as, and pass that to spamd with the -u parameter.
Anyone get the Sa coach outlook plugin to work?
And how did you do it? Thunderbird plugin works, verified I can PING SPAMC/1.0 (pong) the server. Tcpdump on port 783 doesn't even show the outlook plugin even attempting to talk to server. No error messages, no diagnostics messages, no indication that spam was learnt/unlearnt, forgotten or ignored. No indication of dlls' missing, or permission errors. Tried it on three different networks, ranging from outlook 2000 to outlook xp. So, anyone get it to work and how did you do it? (readme file does not yield the deep dark secrets in getting this to work) -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Real time security alerts: http://www.secnap.com/news
Re: Rule help needed
header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i Bowie has answered your questions. A couple of comments on the regex above. You should be using (?: instead of just ( to introduce the group. Without the ?: it is a capturing group that will capture the text found. But you aren't using the captured text, so this just considerably slows down the regex processing. You also should escape the dot in .com. What you have now will match any character, not just a dot. You should probably also make sure that there is a word break before the username, so that you don't inadvertantly hit on mymajordomo or similar. So you end up with: To =~ /\b(?:uucp|majordomo|root)[EMAIL PROTECTED]/i Loren
Re: Why these errors
On Tue, Sep 12, 2006 at 04:10:40PM -0500, Igor Chudov wrote: > Sep 12 16:07:47 manifold spamd[4270]: spamd: still running as root: user not > specified with -u, not found, or set to root, falling back to nobody at > /usr/bin/spamd line 1147, line 4. > > how would I get rid of them. Stop calling spamd (via spamc) as root. -- Randomly Generated Tagline: "From what I'd seen of British TV, some shows use the word bastard like I use a comma." - J. Michael Straczynski pgpngMSiRjgik.pgp Description: PGP signature
Why these errors
I am running FC5, spamassassin 3.1.4 installed via cpan (ie not the stock RPM). I get these errors and I am a little tired of them. Sep 12 16:07:47 manifold spamd[4270]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody at /usr/bin/spamd line 1147, line 4. Sep 12 16:07:47 manifold spamd[4270]: spamd: processing message <[EMAIL PROTECTED]> for root:99 Sep 12 16:07:47 manifold spamd[4270]: bayes: cannot write to /root/.spamassassin/bayes_journal, bayes db update ignored: Permission denied how would I get rid of them. Also, I am suspicious that after upgrade to 3.1.4, some networks tests are no longer working, as I get a lot more junk. Any news that I have missed? Thanks i
Re: Setting up DKIM and DomainKeys mail signing and verification
Hi Mark, At 07:59 12-09-2006, Mark Martinec wrote: At the time of this writing it appears the dkim-milter is more reliable and better maintained than dk-milter, which is slowly fading into oblivion. Similar holds true in the world of Perl modules: there are Both milters are being maintained and are similar in reliability. dk-milter is not fading in oblivion as there are more domains signing with DomainKeys than DKIM. The following SpamAssassin rules (in local.cf) work fairly well, giving verified mail a little bit of advantage and slightly favourize mail from some popular domains, and encourage people to start signing their mail. Possible signed spam can be counterbalanced by other measures (see below). score DK_VERIFIED -1.5 score DK_POLICY_SIGNSOME 0 score DK_POLICY_TESTING 0 score DKIM_VERIFIED -1.5 Note that some spam is DK signed. # DKIM and DK-based whitelisting may be used reliably: score USER_IN_DKIM_WHITELIST -3.0 whitelist_from_dkim [EMAIL PROTECTED] whitelist_from_dk [EMAIL PROTECTED] This approach is better. * both the dkim-milter 0.5.1 and the dk-milter 0.4.1 need a patch as described in the Postfix documentation file MILTER_README. The dkim-milter already supplies a required patch in its bug tracking system under "[1537905] delayed queue ID"; which will be included in the next release; IIRC, the Workarounds section of the Postfix documentation file is being read incorrectly. Dkim-milter and dk-milter do not require any patch. Regards, -sm
RE: Rule help needed
Bowie Bailey wrote: > kavaXtreme wrote: > > I've read and read and read till my mind feels like spaghetti puree. > > I'm really hoping someone here can help with my question. > > > > My main question is, why doesn't the following rule work: > > header ROMPE_BADRECIPS To =~ > > /(uucp|majordomo|root)[EMAIL PROTECTED]/i score ROMPE_BADRECIPS > > 4.5 > > describe ROMPE_BADRECIPS Spam trap recipient > > > > (Background: used on a Cpanel account in a manually-edited > > user_prefs file.) > > Make sure you have allowed user rules. By default, you cannot create > rules in a user_prefs file. To allow it, add this to your local.cf > file: > > allow_user_rules 1 > > > Secondary questions. If this rule can be made to work: > > 1. Will the Bayes filter learn from msgs this rule flags? > > Yes. > > > 2. Can I make it apply to Cc and Bcc too? How? > > Yes. ToCc =~ Forgot to mention BCC. BCC information is not in the headers, so SA cannot check it. -- Bowie
RE: Rule help needed
kavaXtreme wrote: > I've read and read and read till my mind feels like spaghetti puree. > I'm really hoping someone here can help with my question. > > My main question is, why doesn't the following rule work: > header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i > score ROMPE_BADRECIPS 4.5 > describe ROMPE_BADRECIPS Spam trap recipient > > (Background: used on a Cpanel account in a manually-edited user_prefs > file.) Make sure you have allowed user rules. By default, you cannot create rules in a user_prefs file. To allow it, add this to your local.cf file: allow_user_rules 1 > Secondary questions. If this rule can be made to work: > 1. Will the Bayes filter learn from msgs this rule flags? Yes. > 2. Can I make it apply to Cc and Bcc too? How? Yes. ToCc =~ -- Bowie
Rule help needed
I've read and read and read till my mind feels like spaghetti puree. I'm really hoping someone here can help with my question. My main question is, why doesn't the following rule work: header ROMPE_BADRECIPS To =~ /(uucp|majordomo|root)[EMAIL PROTECTED]/i score ROMPE_BADRECIPS 4.5 describe ROMPE_BADRECIPS Spam trap recipient (Background: used on a Cpanel account in a manually-edited user_prefs file.) Secondary questions. If this rule can be made to work: 1. Will the Bayes filter learn from msgs this rule flags? 2. Can I make it apply to Cc and Bcc too? How? If you are able to help, you have my thanks in advance! -- View this message in context: http://www.nabble.com/Rule-help-needed-tf2260084.html#a6270175 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Bayes test in spamassassin.bat
Ok thanks John, I might have resolved my problemI now see the Bayes_XX in the log file. I did what you said which was to put an exclusive path to the database folder on the C: drive. Earlier I thought since I was logged on as administrator it was searching for the database directly in the home folder of the administrator. When I run the file at the command prompt it knows where to find the home folder of the administrator, but it wasn't doing that automatically. Now that the file is located in a general folder of the root, it is more accessible. Thanks again and cheers, John D. Hardin wrote: > > On Tue, 12 Sep 2006, Floyd wrote: > >> As I explained in my previous post that I am running as one user >> and one user only which is administrator > > Windows system services may NOT be running as the Administrator user. > It's possible that the SA process is running as the SYSTEM user. > >> the database is in the home folder of the administrator. > > You should be able to put an explicit bayes path into the > configuration file if you don't want to implement per-user Bayes, and > that should resolve the which-user-is-it problem. > > -- > John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > ...to announce there must be no criticism of the President or to > stand by the President right or wrong is not only unpatriotic and > servile, but is morally treasonous to the American public. > -- Theodore Roosevelt, 1918 > --- > 5 days until The 219th anniversary of the signing of the U.S. > Constitution > > > -- View this message in context: http://www.nabble.com/Bayes-test-in-spamassassin.bat-tf2252897.html#a6269328 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: Setting up DKIM and DomainKeys mail signing and verification
Good article -- and thanks for posting it! For what it's worth, I think it's likely that DomainKeys will be around for quite a while yet, with plenty of inertia regarding switching to DKIM; but currently the text makes it sound like DK is already obsolete. It might be worth de-emphasising that. Someday I'll have the tuits to set up signing on our server ;) --j. Mark Martinec writes: > I'm finishing up writing what I have learned in the last > couple of weeks on setting up a DKIM/DK signing/verifying > mail system using Postfix, milters, amavisd-new and > SpamAssassin. The following text will be part of the > documentation for amavisd-new (text is also available > at http://www.ijs.si/software/amavisd/amavisd-new-docs.html ), > but may be general enough so I hope it can be of interest > to the SpamAssassin community. > > Comments, experience, suggestions and further discussion > on the topic is most welcome. If considered off-topic, > off-list mail would be welcome too. > > Mark > > > Setting up DKIM and DomainKeys mail signing and verification > > > The goals of DKIM and DomainKeys are: > * assurance of sender identities > * protection against message tampering. > > A DKIM draft states the following, which applies to its predecessor > DomainKeys as well: > > DomainKeys Identified Mail (DKIM) defines a mechanism by which email > messages can be cryptographically signed, permitting a signing domain > to claim responsibility for the introduction of a message into the mail > stream. Message recipients can verify the signature by querying the > signer's domain directly to retrieve the appropriate public key, and > thereby confirm that the message was attested to by a party in > possession of the private key for the signing domain. > > A gentle introduction and deployment guide is available at: > http://antispam.yahoo.com/domainkeys. Except for some minor details, it > applies to DKIM system as well. > > With added support in Postfix 2.3 for a milter protocol, it became > possible to use with Postfix many of existing milters (mail filters) that > were originally developed with sendmail in mind. It was hoped that a > widespread use of milters with sendmail offered a fertile ground for > software development, producing software of sufficient quality to be able > to use it with Postfix. It remains to be seen whether quality of freely > available milters comes anywhere close to high standards we are accustomed > to with Postfix, but with a bit of luck and reasonable expectations, some > of it can be put to good use. > > Two of such milters are dkim-milter offering support for DomainKeys > Identified Mail (DKIM) Signatures, and dk-milter, offering support for > Domain-based Email Authentication (DomainKeys). The DomainKeys (DK) is a > predecessor of DKIM, as recognized by draft-delany-domainkeys-base-06: > > The DomainKeys specification was a primary source from which the > DomainKeys Identified Mail [DKIM] specification has been derived. The > purpose in submitting this document is as an historical reference for > deployed implementations written prior to the DKIM specification. > > At the time of this writing it appears the dkim-milter is more reliable > and better maintained than dk-milter, which is slowly fading into > oblivion. Similar holds true in the world of Perl modules: there are > modules Mail::DomainKeys and Mail::DKIM, both of which can be used by > SpamAssassin. Again the Mail::DKIM seems to be of higher quality than an > older Mail::DomainKeys. SpamAssassin makes it very easy to use each or > both of them (for verification only), just by enabling the already > provided plugins. > > Despite DomainsKeys slowly giving grounds to DKIM, the DomainsKeys is > currently still in use by several large players in the Internet world, so > this section will describe how to integrate both of them with Postfix and > amavisd-new (an after-queue content filter) into a mail system. > > Mail signing and verification is a two-part job: signing of originating > mail (or mail being redistributed) from our domain, and verifying > signatures of incoming mail. Both tasks can be done by the same program, > or they can be performed by separate entities. Traditionally with > sendmail, both tasks are performed by the same milter, which may be easier > to maintain, but has certain disadvantages. > > Verifying signatures should be performed early, before any local mail > transformations get a chance of invalidating signature, e.g. by performing > MIME conversions to quote-printable, by fixing syntactically invalid mail > header, by editing/inserting/removing certain header fields, or by a local > mailing list modifying mail text, e.g. by appending footnotes. > > Signing outgoing mail should be performed late, after mail sanitation, > after conversion to 7-bit characters (to avoid later uncontrollable > changes by a relayin
Re: Bayes test in spamassassin.bat
On Tue, 12 Sep 2006, Floyd wrote: > As I explained in my previous post that I am running as one user > and one user only which is administrator Windows system services may NOT be running as the Administrator user. It's possible that the SA process is running as the SYSTEM user. > the database is in the home folder of the administrator. You should be able to put an explicit bayes path into the configuration file if you don't want to implement per-user Bayes, and that should resolve the which-user-is-it problem. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...to announce there must be no criticism of the President or to stand by the President right or wrong is not only unpatriotic and servile, but is morally treasonous to the American public. -- Theodore Roosevelt, 1918 --- 5 days until The 219th anniversary of the signing of the U.S. Constitution
Re: Help with maillog errors
On Tue, 12 Sep 2006, Facundo Barrera wrote: > my maillog is fully with this error messages, i dont know how > to solute it, could help? or at less tell why are them for? > Sep 12 01:33:44 mail spamd[1259]: mkdir /home/spamd/.spamassassin: > Permission denied at It wants to write files into that directory, but that directory does not exist and spamd cannot create it. Make that directory and grant the spamd user full rights. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...to announce there must be no criticism of the President or to stand by the President right or wrong is not only unpatriotic and servile, but is morally treasonous to the American public. -- Theodore Roosevelt, 1918 --- 5 days until The 219th anniversary of the signing of the U.S. Constitution
Setting up DKIM and DomainKeys mail signing and verification
I'm finishing up writing what I have learned in the last couple of weeks on setting up a DKIM/DK signing/verifying mail system using Postfix, milters, amavisd-new and SpamAssassin. The following text will be part of the documentation for amavisd-new (text is also available at http://www.ijs.si/software/amavisd/amavisd-new-docs.html ), but may be general enough so I hope it can be of interest to the SpamAssassin community. Comments, experience, suggestions and further discussion on the topic is most welcome. If considered off-topic, off-list mail would be welcome too. Mark Setting up DKIM and DomainKeys mail signing and verification The goals of DKIM and DomainKeys are: * assurance of sender identities * protection against message tampering. A DKIM draft states the following, which applies to its predecessor DomainKeys as well: DomainKeys Identified Mail (DKIM) defines a mechanism by which email messages can be cryptographically signed, permitting a signing domain to claim responsibility for the introduction of a message into the mail stream. Message recipients can verify the signature by querying the signer's domain directly to retrieve the appropriate public key, and thereby confirm that the message was attested to by a party in possession of the private key for the signing domain. A gentle introduction and deployment guide is available at: http://antispam.yahoo.com/domainkeys. Except for some minor details, it applies to DKIM system as well. With added support in Postfix 2.3 for a milter protocol, it became possible to use with Postfix many of existing milters (mail filters) that were originally developed with sendmail in mind. It was hoped that a widespread use of milters with sendmail offered a fertile ground for software development, producing software of sufficient quality to be able to use it with Postfix. It remains to be seen whether quality of freely available milters comes anywhere close to high standards we are accustomed to with Postfix, but with a bit of luck and reasonable expectations, some of it can be put to good use. Two of such milters are dkim-milter offering support for DomainKeys Identified Mail (DKIM) Signatures, and dk-milter, offering support for Domain-based Email Authentication (DomainKeys). The DomainKeys (DK) is a predecessor of DKIM, as recognized by draft-delany-domainkeys-base-06: The DomainKeys specification was a primary source from which the DomainKeys Identified Mail [DKIM] specification has been derived. The purpose in submitting this document is as an historical reference for deployed implementations written prior to the DKIM specification. At the time of this writing it appears the dkim-milter is more reliable and better maintained than dk-milter, which is slowly fading into oblivion. Similar holds true in the world of Perl modules: there are modules Mail::DomainKeys and Mail::DKIM, both of which can be used by SpamAssassin. Again the Mail::DKIM seems to be of higher quality than an older Mail::DomainKeys. SpamAssassin makes it very easy to use each or both of them (for verification only), just by enabling the already provided plugins. Despite DomainsKeys slowly giving grounds to DKIM, the DomainsKeys is currently still in use by several large players in the Internet world, so this section will describe how to integrate both of them with Postfix and amavisd-new (an after-queue content filter) into a mail system. Mail signing and verification is a two-part job: signing of originating mail (or mail being redistributed) from our domain, and verifying signatures of incoming mail. Both tasks can be done by the same program, or they can be performed by separate entities. Traditionally with sendmail, both tasks are performed by the same milter, which may be easier to maintain, but has certain disadvantages. Verifying signatures should be performed early, before any local mail transformations get a chance of invalidating signature, e.g. by performing MIME conversions to quote-printable, by fixing syntactically invalid mail header, by editing/inserting/removing certain header fields, or by a local mailing list modifying mail text, e.g. by appending footnotes. Signing outgoing mail should be performed late, after mail sanitation, after conversion to 7-bit characters (to avoid later uncontrollable changes by a relaying or receiving MTA), and after adding header fields by a content filter. Similar applies to local mailing lists, which may be rewriting messages, requiring them to be re-signed by the domain hosting a mailing list, just before being sent out. Since SpamAssassin only provides signature verification but not signing, one obvious choice for signing is to use dkim-milter and dk-milter in signing-only mode, invoked by a Postfix smtpd service which is receiving content-checked mail from a content filter such as amavisd-new. As this second-stage smtpd service does not
Re: Bayes test in spamassassin.bat
As I explained in my previous post that I am running as one user and one user only which is administrator on this exchange box regardles of me using spamassassin -t and sa-learn and the database is in the home folder of the administrator. I have never used another login on this box ever before. I have other users in active directory for which this exchange box receives email to their individual addresses. That's about as far as other user login is concerned. What ''strange stuff in the box'' are your talking about?? What configuration files should I dig into to further help my cause. jdow wrote: > > As someone else replied - you MUST run spamassassin -t and sa-learn > as the same user that owns the BAYES database. You have enough > strange stuff in the box I'm not sure what user that might be. But > I bet you could dig through configuration files to find out how > spamc or spamassassin is run and as which user. Then you can train > as THAT user. and get it all together. Clearly the user it runs > as cannot find a trained Bayes database or cannot gain write > permission so that it can auto-train. > > {^_^} > - Original Message - > From: "Floyd" <[EMAIL PROTECTED]> >> >> Ok here is the message again for those who found the previous post >> unclearsorry about that >> >> I have an exchange 2000 server and I am using spamassassin to filter the >> mail. I am using the exchange sink written by >> Chris Lewis to filter mail on each incoming message. The problem i have >> is >> that it gives me a low spam score on spam mail because it >> does not include the bayes_XX tests. Here is an example from the log file >> >> XSpamStatus: No, score=0.0 required=6.0 tests=AWL,HTML_MESSAGE >> autolearn=disabled version=3.1.4 >> >> If I run the same mail message through spamassassin -t in a MS Command >> Terminal, it gives me a different spam score since it includes the >> bayes_XX >> test >> >> X-Spam-Status: No, score=-2.0 required=6.0 tests=BAYES_00,HTML_40_50, >> HTML_MESSAGE,HTML_TEXT_AFTER_BODY autolearn=disabled version=3.1.4 >> >> Why is that so? Is there a setting that I have missed somewhere?? >> >> I deleted my bayes database thru sa-learn -- clear and restablished it by >> learning the 4000 hams and 1000 spams that I have collected. >> >> I am running my exchange server with full rights and logged on as >> administrator. There are no other user home folders on this system except >> for the administrator's!!! >> >> >> >> jdow wrote: >>> >>> Regardless - clean up that original message and resend. It is utterly >>> unreadable. >>> >>> {^_^} >>> - Original Message - >>> From: "Floyd" <[EMAIL PROTECTED]> I am trying this without an MUA. I am using Dos to check the headers of the incoming mail with spamassassin. Usually I use MS Outlook but in this case I am checking the headers on the server. There is no mail client on the server. Raul Dias wrote: > > Hi, > > What MUA are you using? > > Your MUA seems to be unable to send HTML mail, so I suggest you > configure it to send only text/plain formatted text. > > []s > Raul Dias > > On Mon, 2006-09-11 at 07:50 -0700, Floyd wrote: >> Hi, I am using Spamassassin with Exchange and i noticed I was getting >> different scores using spamassassin.bat(There was a previous post by >> me to this question) I have done some addtional tests and I noticed >> that when spamassassin.bat is run automatically on every incoming >> message there are no tests for bayes e.g Start - ID: PreFile: C:\ESA >> \NEW\msg060911101328_51EC4.in.eml PostFile: C:\ESA\NEW >> \msg060911101328_51EC4.out.eml SpamAssassin:C:\PERL\BIN >> \SPAMASSASSIN.BAT "C:\ESA\NEW\msg060911101328_51EC4.in.eml" "C:\ESA >> \NEW\msg060911101328_51EC4.out.eml" SpamAssassin result: 0 Checking >> for PERL in Path... Reloading Stream... Reading OUT file XSpamFlag: >> XSpamStatus: No, score=0.0 required=6.0 tests=AWL,HTML_MESSAGE >> autolearn=disabled version=3.1.4 Added header >> urn:schemas:mailheader:X-Spam-Checker-Version SpamAssassin 3.1.4 >> (2006-07-25) Exchange SpamAssassin Sink (www.christopherlewis.com) >> 1.2.76 on myserver SPAM: False SpamAssassin Value: 0 File: >> msg060911101328_51EC4 Moving to HAM : End But when I run >> spamassassin.bat manually there is a test for bayes in addition to >> the >> other testse.g. X-Spam-Checker-Version: SpamAssassin 3.1.4 >> (2006-07-25) on my server X-Spam-Level: X-Spam-Status: No, score=-2.0 >> required=6.0 tests=BAYES_00,HTML_40_50, >> HTML_MESSAGE,HTML_TEXT_AFTER_BODY autolearn=disabled version=3.1.4 >> thread-index: AcbVrHRGLevRi+gCSJenNtqXgv1xTA== Could someone please >> help me with this is there a setting somewhere i missed in local.cf >> maybe?? Thanks for your help in advance >> >> __
Re: [Bump] No log to syslog after upgrade
Sorry I took so long to respond to this. Of course it was me who should RTFM :-P Since we are using CGPSA we are not using SPAMD if I understand it right. From the CGPSA website ( http:// www.tffenterprises.com/cgpsa/ ): "The filter works efficiently, by directly using the SpamAssassin API. It does not rely on a daemon process such as spamd or on the execution of shell scripts (as the usual process for utilizing SpamAssassin with CommuniGate servers does)." I guess what I saw in our old logs must have been from tests with SPAMD, unless something changed between versions (I upgraded CGPSA and SA at the same time). Thanks for your help Theo and John, much appreciated. I also got to agree with Kurt about the possibility for SA to write to syslog. It would help to analyze and adjust SA if you could pull out some statistics (or is that possible another way?). Thomas 7 sep 2006 kl. 18.33 skrev Theo Van Dinter: On Thu, Sep 07, 2006 at 09:11:22AM -0700, John D. Hardin wrote: [server]spamassassin --lint -D [22110] dbg: logger: adding facilities: all [22110] dbg: logger: logging level is DBG Is your syslog daemon configured to discard debug-level messages? [...] At last check, spamassassin doesn't log to syslog. spamd does. -- Randomly Generated Tagline: "... advise the users that although it can help, they are known problems ..." - Stanislav Meduna Here's our setup: OSX 10.3.9, Communigate 4.2.8, CGPSA 1.4, SA 3.1.3
Help with maillog errors
hi list: my maillog is fully with this error messages, i dont know how to solute it, could help? or at less tell why are them for? Sep 12 01:33:44 mail spamd[1259]: locker: safe_lock: cannot create tmp lockfile /home/spamd/.spamassassin/auto-whitelist.lock.mail.kmmnet.net. 1259 for /home/spamd/.spamassassin/auto-whitelist.lock: No such file or directory Sep 12 01:33:44 mail spamd[1259]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /home/spam d/.spamassassin/auto-whitelist.lock.mail.kmmnet.net.1259 for /home/spamd/.spamassassin/auto-whitelist.lock: No such file or directory Sep 12 01:33:44 mail spamd[1259]: bayes: locker: safe_lock: cannot create tmp lockfile /home/spamd/.spamassassin/bayes.lock.mail.kmmnet.net.12 59 for /home/spamd/.spamassassin/bayes.lock: No such file or directory Sep 12 01:33:39 mail spamd[1259]: mkdir /home/spamd/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin.pm li ne 1486 Sep 12 01:33:39 mail spamd[1259]: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassi n/Plugin/SPF.pm line 288, line 30. Sep 12 01:33:39 mail spamd[1259]: Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassi n/Plugin/SPF.pm line 288, line 30. Sep 12 01:33:44 mail spamd[1259]: mkdir /home/spamd/.spamassassin: Permission denied at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin.pm li ne 1486 Many thanks. -- Facundo Agustin Barrera IT Management. Buenos Aires - Argentina.
RE: postcard exploit email
> -Original Message- > From: John D. Hardin [mailto:[EMAIL PROTECTED] > Sent: Monday, September 11, 2006 11:12 AM > To: SpamAssassin Users List > Subject: postcard exploit email > > > > Maybe we need a base rule for URL links directly to > executable content... > > href="http://www.canaltv.org/postcard.gif.exe";>http://www.e-ca rds.com/view/CR3090Ztyw5g527673XzW > And if anyone knows the people at clamav, I have submitted this nasty thing several times to them and they still don't have a sig for it.
Re: Need help with SA and Received headers...
How does the mail from your ISP get back into your system? Does it go through SA? If not, I would try to figure out how to make it do that. If it is going through SA it isn't clear to me why it would have a lower score than mail delivered directly to you. You might be able to do something like extending the trust path to include you ISP. Loren
Re: Spam with score 0.1 are bypassing my mail filters.
X-Spam-Status: No, hits=-2.8 tagged_above=-999.0 required=2.0 tests=ALL_TRUSTED If this wasn't sent FROM your server it indicates you have a problem in you trust path setup. You should never see ALL_TRUSTED on mail (spam or otherwise) coming in from some random system in the outside world. You probably need to configure trusted_hosts correctly to start with. Loren
Re: filtering by time
points if the message arrives between, say, 1:00 and 6:00 (I should set it from 21:00 to 8:00 since this is an office and I don't think someone is going to send anything work-related at this time, but just to be careful... ). Do you know how can this be done? Do you think it could give too many false positives? I would be nervous about such a rule with any appreciable score, but you might be able to get away with adding a couple of points for receipt at an odd time of day. While I'm not sitting in an office at the moment (left there an hour ago) I do deal in a sideline business with people literally all over the world. So it isn't the slightest unusual to get mail at 4AM from the UK or the middle of the night from China. Actually writing the rule is likely to be a bit messy unless you do it as a plugin. A normal regex can only test for equality. So you would have to write a regex that would match a selection of times in the top received header, which is presumably supplied by your system and has the correct local time. Loren
sa-learn question
Heya guys! (and girls!) Quick question about spamassassin's sa-learn feature. I am running spamassassin on a semi-large webhosting server, and I can't seem to find rather or not when I run sa-learn, if what it learns it will apply to only that email address it was ran on, or the entire domain, or all of the domains hosted on the box. Example of what I am running: sa-learn --no-sync --spam /home/username/Maildir/.INBOX.spam/cur The ideal way I would like to do is setup a [EMAIL PROTECTED] email address, get that receiving a good amount of spam, and have spamassassin run on that account and when I seperate the ham from spam, have the information it learns from that account apply to EVERY account it checks. It is running on CentOS 4.3. I am running spamassassin version 3.1.4. I am making use of spamd. Thanks for your help!
Re: Need help with SA and Received headers...
thekillerbean schrieb: Matthias Haegele-2 wrote: Perhaps a better solution would be to use the same antispam-checks at your second box/mx?. I have only one e-mail server is my domain - it is only used by 3 people at any one time. The secondary MX points to my ISP's email server and it really only needs be used when my server is offline for whatever reason. I have no control of this server so I really can't do anything on it. I guess my other option would to stop paying for mail relay to my ISP and just live with lost email whenever my server happens to be offline for whatever reason for an an extended periodof time. Oh sorry, i "overread" this. Since "modern" mailservers try to resend messages it is not as bad as it looks at the first glance: The standard for postfix is: try delivery for 5 days, that is enough time to fix it (or to get other problems meantime ;-) ). maximal_queue_lifetime = 5d Cheers, tkb. hth MH