Re: User prefs in database - virtual accounts, solution
Hello! Thank you for help, the soultion is to use -u with spamc. For reference, I'm posting spamcheck transport from my exim configuration: = spamcheck: debug_print = T: spamassassin_pipe for [EMAIL PROTECTED] driver = pipe command = /usr/sbin/exim4 -oMr spam-scanned -bS use_bsmtp transport_filter = /usr/bin/spamc -u [EMAIL PROTECTED] home_directory = /tmp current_directory = /tmp user = Debian-exim group = Debian-exim return_fail_output = -- Jarek [EMAIL PROTECTED]
Re: KAM.cf ham
On Tue, 1 May 2007, Robert Fitzpatrick wrote: I had a reservation department not receive a confirmation notice at a hotel because the confirmation number in both the header and body started with 920 :\ Except for fixing this specific rule, I strongly advice you to write negative rules as well, for example, I barely receive dutch spam, but 99% of my ham is written in dutch: headerDUTCH_LANGX-Languages =~ /nl/ describe DUTCH_LANGE-Mail is written in dutch score DUTCH_LANG-0.50 You can define words which are often used in your sector to lower the score: body HOTEL_WORD/(yourcity|double room|breakfast)/i describe HOTEL_WORDBody contains a hotel related word scoreHOTEL_WORD-0.50 etc etc. Ofcourse implementation is only limited to your imagination :-) K.
ANNOUNCE: Apache SpamAssassin 3.2.0 available
Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200705021400 md5sum of archive files: 6840e3be132e2c3cbf66298b0227e880 Mail-SpamAssassin-3.2.0.tar.bz2 aed988bb6cf463afc868a64d4cd771a3 Mail-SpamAssassin-3.2.0.tar.gz 484045c69499b2fa59f024179f1f49c2 Mail-SpamAssassin-3.2.0.zip sha1sum of archive files: 2fb864f01fc1c287e6f6e62fab8338f32cd20fb1 Mail-SpamAssassin-3.2.0.tar.bz2 af3941ab4f9548107d06966780ba71f751ab0216 Mail-SpamAssassin-3.2.0.tar.gz bf785d7088371ad3beafe6084bf296ee3434038c Mail-SpamAssassin-3.2.0.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.1.8 Changes to the core code: * new behavior for trusted_networks/internal_networks: the 127.* network is now always considered trusted and internal, regardless of configuration. * bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages based on individual short-circuit rules using the 'shortcircuit' setting, by Dallas Engelken dallase /at/ uribl.com. * bug 5305: implement 'msa_networks', for ISPs to specify their Mail Submission Agents, and extend network trust accordingly. * bug 4636: Add support for charset normalization, so rules can be written in UTF-8 to match text in other charsets. * sa-compile: compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented in native code. * tflags multiple: allow writing of rules that count multiple hits in a single message. * bug 4363: if a message uses CRLF for line endings, we should use it as well, otherwise stay with LF as usual; important for Windows users. * bug 4515: content preview was omitting first paragraph when no Subject: header was present. * The third-party modules used by sa-update are now required by the SpamAssassin package, instead of being optional. * Bug 5165: 'sa-update --checkonly' added to check for updates without applying them; thanks to anomie /at/ users.sourceforge.net * Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and message/rfc822 MIME parts. * bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM * Removed dependency on Text::Wrap CPAN module. * Received header parsing updates/fixes/additions. Spamc / spamd: * bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module, implementing spamd as a mod_perl module, contributed as a Google Summer of Code project by Radoslaw Zielinski. * bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets simultaneously. Command-line semantics extended slightly, although fully backwards compatibly; add the --ssl-port switch to allow TCP and SSL listening at the same time. * bug 3466: do Bayes expiration, if required, after results have been passed back to the client from spamd; this helps avoid client timeouts. * more complete IPv6 support. * spamc: Add '-K' switch, to ping spamd. * spamc: add '-z' switch, which compresses mails to be scanned using zlib compression; very useful for long-distance use of spamc over the internet. * bug 5296: spamc '--headers' switch, which scans messages and transmits back just rewritten headers. This is more bandwidth-efficient than the normal mode of scanning, but only works for 'report_safe 0'. * Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used for '--headers'. Mail::SpamAssassin modules and API: * bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB). * bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner Myers jgmyers /at/ proofpoint.com. * add two features to core rule-parsing code; 1. optional behaviour to recurse through subdirs looking for .cf/.pre's, to support rules compilers working on rulesrc dir. 2. call back into invoking code on lint failure, so rule compiler can detect which rules exactly fail the lint check. * bug 5206: detect duplicate rules, and silently merge them internally for greater efficiency. * bug 5243: add Plugin::register_method_priority() API, allowing plugins to control the relative ordering of plugin callbacks relative to other plugins' implementations. * Reduced memory footprint. Plugins: * bug 5236:
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Quick question. If I use sa-compile, which works very well here btw, do I need to re-run it after downloading new rules via sa-update ? Regards, Rick
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Rick Macdougall writes: Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Quick question. If I use sa-compile, which works very well here btw, do I need to re-run it after downloading new rules via sa-update ? yep. I do this: sudo sa-update sudo sa-compile sudo /etc/init.d/spamassassin reload --j.
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Rick Macdougall wrote: Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Quick question. If I use sa-compile, which works very well here btw, do I need to re-run it after downloading new rules via sa-update ? I cannot speak authoritatively, as I'm no expert on sa-compile or Rule2XSBody. However, the reading the sa-update script, it does not appear to have any code to support this, so I'd say you very likely have to re-run sa-compile. You could probably tweak the spamd restart sample in the sa-update manpage into a script that would try sa-update, then sa-compile, then restart spamd.
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Justin Mason wrote: Rick Macdougall writes: Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Quick question. If I use sa-compile, which works very well here btw, do I need to re-run it after downloading new rules via sa-update ? yep. I do this: sudo sa-update sudo sa-compile sudo /etc/init.d/spamassassin reload Perfect, thanks! Regards, Rick
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available [signed]
Am/On Wed, 2 May 2007 14:11:34 +0100 schrieb/wrote Justin Mason: Rick Macdougall writes: Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Quick question. If I use sa-compile, which works very well here btw, do I need to re-run it after downloading new rules via sa-update ? yep. I do this: sudo sa-update sudo sa-compile sudo /etc/init.d/spamassassin reload and on a Mac OS 10.4.9 System - there is no init.d/spamassassin - ? Thanks and all the best Matthias -- - [ SECURITY NOTICE ] - To: [EMAIL PROTECTED], [EMAIL PROTECTED] For your security, [EMAIL PROTECTED] digitally signed this message on 02 May 2007 at 14:04:23 UTC. Verify this digital signature at http://www.ciphire.com/verify. [ CIPHIRE DIGITAL SIGNATURE ] Q2lwaGlyZSBTaWcuAjhqbUBqbWFzb24ub3JnLCB1c2Vyc0BzcGFtYXNzYXNzaW4u YXBhY2hlLm9yZwBiZXRhQGFkbWlsb24ubmV0AGVtYWlsIGJvZHkADAIAAHwAfAAA AAEAAABnmjhGDAIAAAoCAAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/ +DEIczVg3QEADr+4K2c1G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5naGpVqEnAYy PrMxt+2lvlOxHpMQHaIVCkeKlDAipU5AXe6mzQr7U2lnRW5k -- [ END DIGITAL SIGNATURE ] --
SPF upgrade errors for SpamAssassin 3.2.0
Hey all! Trying to upgrade SPF and here's what I see: * ERROR: Version 0.002.2 of Net::DNS::Resolver::Programmable is installed, but we need version = 0.002001 ERRORS/WARNINGS FOUND IN PREREQUISITES. You may wish to install the versions of the modules indicated above before proceeding with this installation. Yet cpan gives me: Net::DNS::Resolver::Programmable is up to date (0.002.2). Is this telling me I need to downgrade? Can't seem to fine .002001 out there :( Anyone have any insight into this? Thanks! James
TMP Files
Since the upgrade this morning, many SA temp files aren't being cleaned up. Is anyone else seeing this? Jason A. Bertoch Network Administrator [EMAIL PROTECTED] ElectroNet Intermedia Consulting 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements And what are they ? I'm not very fond of messing around with a very stable server. I'm using 3.1.8 Regards, Mário Gamito
Re: ANNOUNCE: Apache SpamAssassin 3.2.0 available
Mário Gamito wrote: Justin Mason wrote: Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements And what are they ? I'm not very fond of messing around with a very stable server. I'm using 3.1.8 Regards, Mário Gamito They were listed at the bottom of the announcement.
[Fwd: SPF upgrade errors for SpamAssassin 3.2.0]
Julian? Original Message Subject:SPF upgrade errors for SpamAssassin 3.2.0 Date: Wed, 2 May 2007 08:54:52 -0600 From: James Lay [EMAIL PROTECTED] To: users@spamassassin.apache.org Hey all! Trying to upgrade SPF and here's what I see: * ERROR: Version 0.002.2 of Net::DNS::Resolver::Programmable is installed, but we need version = 0.002001 ERRORS/WARNINGS FOUND IN PREREQUISITES. You may wish to install the versions of the modules indicated above before proceeding with this installation. Yet cpan gives me: Net::DNS::Resolver::Programmable is up to date (0.002.2). Is this telling me I need to downgrade? Can't seem to fine .002001 out there :( Anyone have any insight into this? Thanks! James
Re: TMP Files
Jason Bertoch [Electronet] wrote: Since the upgrade this morning, many SA temp files aren't being cleaned up. Is anyone else seeing this? Can you be more specific? Daryl
RE: [SA] ANNOUNCE: Apache SpamAssassin 3.2.0 available
Will this upgrade be available via Yum repositories? Eric -Original Message- From: Justin Mason [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 5:43 AM To: users@SpamAssassin.apache.org; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [SA] ANNOUNCE: Apache SpamAssassin 3.2.0 available Apache SpamAssassin 3.2.0 is now available! This is the official release, and contains a significant number of changes and major enhancements -- please use it! Downloads are available from: http://spamassassin.apache.org/downloads.cgi?update=200705021400 md5sum of archive files: 6840e3be132e2c3cbf66298b0227e880 Mail-SpamAssassin-3.2.0.tar.bz2 aed988bb6cf463afc868a64d4cd771a3 Mail-SpamAssassin-3.2.0.tar.gz 484045c69499b2fa59f024179f1f49c2 Mail-SpamAssassin-3.2.0.zip sha1sum of archive files: 2fb864f01fc1c287e6f6e62fab8338f32cd20fb1 Mail-SpamAssassin-3.2.0.tar.bz2 af3941ab4f9548107d06966780ba71f751ab0216 Mail-SpamAssassin-3.2.0.tar.gz bf785d7088371ad3beafe6084bf296ee3434038c Mail-SpamAssassin-3.2.0.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.1.8 Changes to the core code: * new behavior for trusted_networks/internal_networks: the 127.* network is now always considered trusted and internal, regardless of configuration. * bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages based on individual short-circuit rules using the 'shortcircuit' setting, by Dallas Engelken dallase /at/ uribl.com. * bug 5305: implement 'msa_networks', for ISPs to specify their Mail Submission Agents, and extend network trust accordingly. * bug 4636: Add support for charset normalization, so rules can be written in UTF-8 to match text in other charsets. * sa-compile: compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented in native code. * tflags multiple: allow writing of rules that count multiple hits in a single message. * bug 4363: if a message uses CRLF for line endings, we should use it as well, otherwise stay with LF as usual; important for Windows users. * bug 4515: content preview was omitting first paragraph when no Subject: header was present. * The third-party modules used by sa-update are now required by the SpamAssassin package, instead of being optional. * Bug 5165: 'sa-update --checkonly' added to check for updates without applying them; thanks to anomie /at/ users.sourceforge.net * Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and message/rfc822 MIME parts. * bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM * Removed dependency on Text::Wrap CPAN module. * Received header parsing updates/fixes/additions. Spamc / spamd: * bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module, implementing spamd as a mod_perl module, contributed as a Google Summer of Code project by Radoslaw Zielinski. * bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets simultaneously. Command-line semantics extended slightly, although fully backwards compatibly; add the --ssl-port switch to allow TCP and SSL listening at the same time. * bug 3466: do Bayes expiration, if required, after results have been passed back to the client from spamd; this helps avoid client timeouts. * more complete IPv6 support. * spamc: Add '-K' switch, to ping spamd. * spamc: add '-z' switch, which compresses mails to be scanned using zlib compression; very useful for long-distance use of spamc over the internet. * bug 5296: spamc '--headers' switch, which scans messages and transmits back just rewritten headers. This is more bandwidth-efficient than the normal mode of scanning, but only works for 'report_safe 0'. * Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used for '--headers'. Mail::SpamAssassin modules and API: * bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB). * bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner Myers jgmyers /at/ proofpoint.com. * add two features to core rule-parsing code; 1. optional behaviour to recurse through subdirs looking for .cf/.pre's, to support rules compilers working on rulesrc dir. 2. call back into invoking code on lint failure, so rule compiler can detect which rules exactly fail the lint check. * bug 5206: detect duplicate rules, and silently
RE: TMP Files
-Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 1:20 PM Jason Bertoch [Electronet] wrote: Since the upgrade this morning, many SA temp files aren't being cleaned up. Is anyone else seeing this? Can you be more specific? Daryl So far I've disabled all non-stock SA rules and plugins. SA is creating its normal .spamassassinXXXtmp files in /tmp but is not always removing them. The files that remain only ever contain garbage text, like what's seen as a mail attachment in a plain text file. Without usable text from these files, I'm having a difficult time tying them to any specific message in my logs. I'm running SA 3.2.0 with Sendmail 8.14.1 and calling SA from MIMEDefang 2.62. All packages were compiled from source and the only package changed was the upgrade to SA 3.2.0.
Re: TMP Files
Jason Bertoch [Electronet] wrote: So far I've disabled all non-stock SA rules and plugins. SA is creating its normal .spamassassinXXXtmp files in /tmp but is not always removing them. The files that remain only ever contain garbage text, like what's seen as a mail attachment in a plain text file. Without usable text from these files, I'm having a difficult time tying them to any specific message in my logs. I'm running SA 3.2.0 with Sendmail 8.14.1 and calling SA from MIMEDefang 2.62. All packages were compiled from source and the only package changed was the upgrade to SA 3.2.0. Is MIMEDefang timing out the SA processes and killing them off before they have a chance to finish (check your maillog)? Daryl
Re: [SA] ANNOUNCE: Apache SpamAssassin 3.2.0 available
Eric Goforth wrote: Will this upgrade be available via Yum repositories? I don't see why not; at least eventually. Like most software, though, you'll have to wait for the package maintainer to package and publish the new version. The SA project does not release packages. Daryl
RE: [SA] ANNOUNCE: Apache SpamAssassin 3.2.0 available
Roger that.. Thanks. Eric J. Goforth | President Sr. Engineer Goforth Technology Management, Inc. dba Goforth Technologies 82850 Miles Ave.| Indio | CA | 92201 Ph. (760) 775-7004 ext. 109 | Fax. (760) 495-5574 24Hour Support: (760) 775-7004 Option 5 -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 11:56 AM To: Eric Goforth Cc: users@spamassassin.apache.org Subject: Re: [SA] ANNOUNCE: Apache SpamAssassin 3.2.0 available Eric Goforth wrote: Will this upgrade be available via Yum repositories? I don't see why not; at least eventually. Like most software, though, you'll have to wait for the package maintainer to package and publish the new version. The SA project does not release packages. Daryl
RE: TMP Files
-Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 2:53 PM To: Jason Bertoch [Electronet] Cc: users@spamassassin.apache.org Subject: Re: TMP Files Is MIMEDefang timing out the SA processes and killing them off before they have a chance to finish (check your maillog)? Daryl No, neither MIMEDefang nor Sendmail are logging anything out of the ordinary while this is happening.
Re: Fw: [Mimedefang] SpamAssassin 3.2.0 and re2c speedup
Yeah -- I saw that ;) In real-world terms, it works out at between 15% and 25% faster in my testing. Unfortunately, two orders of magnitude would be accurate if perl's regexp engine wasn't as good as it already is, and if SpamAssassin didn't do a significant amount of *other* work in its rules, apart from the simple body rules... --j. Kevin A. McGrail writes: I saw some stuff you posted once upon a time but can't find it. Did you have anything in your archives about the re2c speed up statistics? - Original Message - From: David F. Skoll [EMAIL PROTECTED] To: MIMEDefang List [EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 1:49 PM Subject: [Mimedefang] SpamAssassin 3.2.0 and re2c speedup Hi, http://lwn.net/Articles/232681/#Comments Has anyone played with SA3.2.0 and the sa-compile program to see if it really makes that much difference? One poster claimed two orders of magnitude which is quite astonishing. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Logging with Syslog
I can't seem to get SA Syslog to log messages to a log file other than
maillog.
I changed the spamassassin start up script to add -s local5 to the spamd
start up options. I modified syslog.conf to add local5 as an entity. I
restarted syslog, courier and spamd. I still get logging messages in
/var/log/maillog instead of the desired /var/log/spamd.log.
I tested the syslog change using:
logger -p local5.warning -t SpamAssassin testing
This gives me the appropriate message written into the /var/log/spamd.log
file so it makes me think the syslog changes actually work.
What am I doing wrong?
I am using Courier 0.54.2 on RHEL4. SA is 3.1.8.
My Courier maildroprc is:
import RECIPIENT
import SENDER
import HOME
import USER
{
exception {
xfilter /usr/bin/spamc -u $USER
}
}
This is working and I am getting email with the SA headers added.
The top part of my /etc/init.d/spamassassin is:
. /etc/rc.d/init.d/functions
prog=spamd
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = no ] exit 0
# Set default spamd configuration.
SPAMDOPTIONS=-d -m5 -H -s local5
SPAMD_PID=/var/run/spamd.pid
# Source spamd configuration.
if [ -f /etc/sysconfig/spamassassin ] ; then
. /etc/sysconfig/spamassassin
fi
[ -f /usr/bin/spamd -o -f /usr/local/bin/spamd ] || exit 0
PATH=$PATH:/usr/bin:/usr/local/bin
# By default it's all good
RETVAL=0
# See how we were called.
case $1 in
start)
# Start daemon.
echo -n $Starting $prog:
daemon $NICELEVEL spamd $SPAMDOPTIONS -r $SPAMD_PID
RETVAL=$?
echo
if [ $RETVAL = 0 ]; then
touch /var/lock/subsys/spamassassin
fi
;;
My syslog.conf is:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none;local5.none
/var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.*/var/log/boot.log
# Save Spamassassin messages to spamd.log
local5.*/var/log/spamd.log
Apache SpamAssassin 3.2.0 using older version of ImageInfo
The ImageInfo packaged with 3.2.0 isn't the latest version from SARE as it's missing the image_name_regex method. -=B
Re: Spoofed from address but matched my whitelist -- please clarify
How did you whitelist borland.com? Did you use... whitelist_from whitelist_from_rcvd whitelist_from_dkim whitelist_from_spf ...etc? If you just used whitelist_from, it doesn't do any verification. It's a last-ditch option for cases where more reliable methods aren't possible. So that would just subtract 100 points from anything claiming to be from borland.com. As for the DomainKeys header, it looks like your SA installation didn't even check it, since I don't see any DKIM or DomainKeys rules in the list of rules that fired. Do you have either the DKIM or DomainKeys plugin enabled? -- Kelson Vibber SpeedGate Communications www.speed.net
Re: TMP Files
Jason Bertoch [Electronet] wrote: -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 2:53 PM To: Jason Bertoch [Electronet] Cc: users@spamassassin.apache.org Subject: Re: TMP Files Is MIMEDefang timing out the SA processes and killing them off before they have a chance to finish (check your maillog)? No, neither MIMEDefang nor Sendmail are logging anything out of the ordinary while this is happening. Is there a temp file left for every message processed, a lot of messages, or only a few? Are all of your messages being successfully scanned? Daryl
Re: TMP Files
On Wed, May 02, 2007 at 02:53:03PM -0400, Daryl C. W. O'Shea wrote: normal .spamassassinXXXtmp files in /tmp but is not always removing them. The files that remain only ever contain garbage text, like what's seen as a mail attachment in a plain text file. Without usable text from these fwiw, it sounds like the new put non-text parts in a temp file code. my version had those files removed when they were created, but I think I saw a mail float by recently about that bit getting changed before the release. -- Randomly Selected Tagline: Duct tape is like the force; it has a light side a dark side, and it holds the universe together. - Zen Musings pgph0oE7bJbNh.pgp Description: PGP signature
Re: Apache SpamAssassin 3.2.0 using older version of ImageInfo
On Wed, May 02, 2007 at 03:32:31PM -0400, Rose, Bobby wrote: The ImageInfo packaged with 3.2.0 isn't the latest version from SARE as it's missing the image_name_regex method. We can only include that which is donated to the project. -- Randomly Selected Tagline: First solid fuel we've had since we burned the cats. pgpdaWc8LnKAk.pgp Description: PGP signature
Re: TMP Files
Theo Van Dinter writes: On Wed, May 02, 2007 at 02:53:03PM -0400, Daryl C. W. O'Shea wrote: normal .spamassassinXXXtmp files in /tmp but is not always removing them. The files that remain only ever contain garbage text, like what's seen as a mail attachment in a plain text file. Without usable text from these fwiw, it sounds like the new put non-text parts in a temp file code. my version had those files removed when they were created, but I think I saw a mail float by recently about that bit getting changed before the release. It does sound like that, alright. The change was to support win32, which doesn't allow the open then unlink POSIX mode that the code was relying on. My guess -- if the Message object is not finish()'d, it may leave those temporary files behind, I guess. Could someone seeing this bug please open a bug on the bugzilla about it? --j.
RE: Spoofed from address but matched my whitelist -- please clarify
whitelist_from_rcvd [EMAIL PROTECTED] borland.com will probably do what you want. Although Borland doesn't publish an SPF, you may find all their MXs have borland.com rDNS. You'd have to watch it a while to see if you miss any legitimate Borland email that's not via a borland.com server. Dan -Original Message- From: Martin G. Diehl [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2007 3:31 PM To: users@spamassassin.apache.org Subject: Spoofed from address but matched my whitelist -- please clarify Greetings, I have a piece of SPAM with an obviously spoofed (obvious to me, that is) from address ... but didn't get flagged as SPAM. The message claims to originate from borland.com borland.com has IP 63.175.76.152 The message actually originates from napfehfu 86.60.37.183 borland.com is listed in my whitelist. My questions ... (1) Shouldn't this message have been flagged as SPAM? (2) Is the DomainKey-Signature also spoofed or fake? (3) Which headers (types of from addresses) are compared to my whitelist? Some of the significant header lines (I reversed the sequence) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=south.disappoint; d=borland.com; b=GfpMxmdJQIBAeYlLWrgcDOJbZZJXiYVEpoeUbVUmwMrmrQbfMFvNqqczKSjQWxIoppVlOJSHMQ iZhlik; From: Abbey Delisa [EMAIL PROTECTED] Received: from unknown (HELO napfehfu) (86.60.37.183) by rbl-mx.nac.net with SMTP; 1 May 2007 16:42:53 - Received: from 86.60.37.183 by mx2.oct.nac.net (envelope-from [EMAIL PROTECTED], uid 0) with qmail-scanner-1.25 (clamdscan: 0.88.3/2095. f-prot: 4.6.6/3.16.14. spamassassin: 3.1.0. Clear:RC:0(86.60.37.183):. Here are all of the headers ... === X-UIDL: 1178037793.M276441P78860.mx2.oct.nac.net X-Mozilla-Status: X-Mozilla-Status2: Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on spamd1.oct X-Spam-Level: X-Spam-PrefsFile: nac.net/mdiehl X-Spam-Status: No, score=-77.8 required=4.7 tests=HTML_FONT_BIG=0.256, HTML_MESSAGE=0.001,MIME_HTML_ONLY=0.001,RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E4_51_100=1.5,RAZOR2_CF_RANGE_E8_51_100=1.5, RAZOR2_CHECK=0.5,RCVD_IN_SORBS_DUL=1.988,TW_ZW=0.077, URIBL_AB_SURBL=3.306,URIBL_BLACK=3,URIBL_JP_SURBL=3.36, URIBL_OB_SURBL=2.617,URIBL_SC_SURBL=3.6,USER_IN_WHITELIST=-100 autolearn=disabled version=3.1.7 Received: (qmail 78558 invoked by uid 0); 1 May 2007 16:42:54 - Received: from 86.60.37.183 by mx2.oct.nac.net (envelope-from [EMAIL PROTECTED], uid 0) with qmail-scanner-1.25 (clamdscan: 0.88.3/2095. f-prot: 4.6.6/3.16.14. spamassassin: 3.1.0. Clear:RC:0(86.60.37.183):. Processed in 0.524071 secs); 01 May 2007 16:42:54 - X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via mx2.oct.nac.net X-Qmail-Scanner-Rcpt-To: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED] X-Qmail-Scanner: 1.25 (Clear:RC:0(86.60.37.183):. Processed in 0.524071 secs) X-Qmail-Scanner-NAC-Block-Zips: 1 X-Qmail-Scanner-NAC-Redirect-This: 0 X-Qmail-Scanner-NAC-Redirect-To: X-Qmail-Scanner-NAC-Scanners-Run: clamdscan_scanner fprot_scanner Received: from unknown (HELO napfehfu) (86.60.37.183) by rbl-mx.nac.net with SMTP; 1 May 2007 16:42:53 - To: [EMAIL PROTECTED] Date: Tue, 01 May 2007 09:42:45 -0800 From: Abbey Delisa [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=south.disappoint; d=borland.com; b=GfpMxmdJQIBAeYlLWrgcDOJbZZJXiYVEpoeUbVUmwMrmrQbfMFvNqqczKSjQWxIoppVlOJSHMQ iZhlik; User-Agent: Mozilla Thunderbird 1.5 (Windows/20060111) X-Accept-Language: en-us, en MIME-Version: 1.0 Subject: SPECIAL PHARMACY DISCOUNT, you pay we ship, no question asked, established by reputable Canadian Doctor qizwx Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit === Thanks for any and all comments, help, or advice. -- MGD
Re: Spoofed from address but matched my whitelist -- please clarify
Kelson wrote: How did you whitelist borland.com? Did you use... whitelist_from whitelist_from_rcvd whitelist_from_dkim whitelist_from_spf ...etc? If you just used whitelist_from, it doesn't do any verification. It's a last-ditch option for cases where more reliable methods aren't possible. So that would just subtract 100 points from anything claiming to be from borland.com. As for the DomainKeys header, it looks like your SA installation didn't even check it, since I don't see any DKIM or DomainKeys rules in the list of rules that fired. Do you have either the DKIM or DomainKeys plugin enabled? I'll ask my ISP (nac.net) about both of those points. Thanks for the hints. -- MGD
Re: Logging with Syslog
sa-list wrote: I can't seem to get SA Syslog to log messages to a log file other than maillog. I changed the spamassassin start up script to add -s local5 to the spamd start up options. [snip] ... on RHEL4. [snip] The top part of my /etc/init.d/spamassassin is: [snip] # Set default spamd configuration. SPAMDOPTIONS=-d -m5 -H -s local5 SPAMD_PID=/var/run/spamd.pid # Source spamd configuration. if [ -f /etc/sysconfig/spamassassin ] ; then . /etc/sysconfig/spamassassin fi This is the part of the init script that's tripping you up. Most RH-oriented init scripts are managed by the packaging system, and among other things will usually be overwritten by package upgrades. Thus the last three lines in that segment; it overrides the package default options with whatever you set in /etc/sysconfig/spamassassin. In this case, it also overrides the change you made in the previous lines. Add your -s local5 to the SPAMDOPTIONS definition in /etc/sysconfig/spamassassin, and you should get your syslog output in the right place. ps x|grep spamd should show you the full command line of the currently-running spamd. -kgd
Re: Logging with Syslog
Thanks! Instead of messing with the /etc/sysconfig/spamassassin file, I just commented out those lines. Any reason to keep this configuration, other than wanting more headaches in the future when I try to figure this out again? Kris Deugau writes: sa-list wrote: I can't seem to get SA Syslog to log messages to a log file other than maillog. I changed the spamassassin start up script to add -s local5 to the spamd start up options. [snip] ... on RHEL4. [snip] The top part of my /etc/init.d/spamassassin is: [snip] # Set default spamd configuration. SPAMDOPTIONS=-d -m5 -H -s local5 SPAMD_PID=/var/run/spamd.pid # Source spamd configuration. if [ -f /etc/sysconfig/spamassassin ] ; then . /etc/sysconfig/spamassassin fi This is the part of the init script that's tripping you up. Most RH-oriented init scripts are managed by the packaging system, and among other things will usually be overwritten by package upgrades. Thus the last three lines in that segment; it overrides the package default options with whatever you set in /etc/sysconfig/spamassassin. In this case, it also overrides the change you made in the previous lines. Add your -s local5 to the SPAMDOPTIONS definition in /etc/sysconfig/spamassassin, and you should get your syslog output in the right place. ps x|grep spamd should show you the full command line of the currently-running spamd. -kgd
SA Not Scoring
Hello, I'm new to this mailing list, please let me know if I'm doing anything wrong with submitting A problem here. I'm running SpamAssassin version 3.1.8 running on Perl version 5.8.8 the OS that is running on Fedora Core 5. The problem that I'm having is every so often when mail come in, it seems to skip SA scanning. Here what the logs say: Sat, 28 Apr 2007 19:42:53 BST:21005: SA: required_hits ? / sa_quarantine +0.01 / sa_delete +2.4 Sat, 28 Apr 2007 19:42:53 BST:21005: SA: finished scan of dir /var/spool/qmailscan/tmp/ssdd117778517072221005 in 600.013176 secs - hits=?/? Sat, 28 Apr 2007 19:42:53 BST:21005: qmail-scanner: Clear:RC:0(67.186.37.67):SA:0(?/?): 602.343095 3106 overtaxingpinafore @internetdynamics.com [EMAIL PROTECTED] Re: [EMAIL PROTECTED] textfile0:46 textfile1:468 textfile2:1145 This does not happen all the time but once in a while my log show a batch of mail not being scanned and producing false negatives, I don't know why that is. Is there any possibility that my server is overloaded and spamd is unable to spawn sufficient child process to handle the incoming mail. Just a logical guess. Any help on this is much appreciated. Cheers Keith
Re: SA Not Scoring
Keith De Souza wrote: Sat, 28 Apr 2007 19:42:53 BST:21005: SA: required_hits ? / sa_quarantine +0.01 / sa_delete +2.4 Sat, 28 Apr 2007 19:42:53 BST:21005: SA: finished scan of dir /var/spool/qmailscan/tmp/ssdd117778517072221005 in 600.013176 secs - hits=?/? Sat, 28 Apr 2007 19:42:53 BST:21005: qmail-scanner: Clear:RC:0(67.186.37.67):SA:0(?/?): 602.343095 3106 overtaxingpinafore @internetdynamics.com [EMAIL PROTECTED] Re: [EMAIL PROTECTED] textfile0:46 textfile1:468 textfile2:1145 This does not happen all the time but once in a while my log show a batch of mail not being scanned and producing false negatives, I don’t know why that is. Is there any possibility that my server is overloaded and spamd is unable to spawn sufficient child process to handle the incoming mail. Just a logical guess. Did you read the Qmail-Scanner FAQ - Q19? Look at the timestamp in there - 602 seconds. That means that message took 10 minutes to process - something is wrong with your system. Either it is overloaded or spamd is hanging on DNS (or other network) lookups. However, you say this only happens every once in a while - in which case that may be acceptable to you. Also /var/spool/qmailscan implies you're using a VERY old Q-S 1.X release... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: SPF upgrade errors for SpamAssassin 3.2.0
James Lay wrote: Hey all! Trying to upgrade SPF and here's what I see: * ERROR: Version 0.002.2 of Net::DNS::Resolver::Programmable is installed, but we need version = 0.002001 ERRORS/WARNINGS FOUND IN PREREQUISITES. You may wish to install the versions of the modules indicated above before proceeding with this installation. Yet cpan gives me: Net::DNS::Resolver::Programmable is up to date (0.002.2). Is this telling me I need to downgrade? Can't seem to fine .002001 out there :( Anyone have any insight into this? Thanks! James Julian anticipates releasing Mail::SPF version 2.005, to correct this, ASAP. Daryl
RE: SA Not Scoring
Hi Jason, Thanks for this, I'm presuming I should be reading http://qmail-scanner.sourceforge.net/FAQ.php. Any ideas how I can find out if Spamd is hanging on DNS? My SA is running on Fedora Core 5 OS. I will also be looking at updating qmail-scanner. Many thanks for your input. Cheers Keith -Original Message- From: Jason Haar [mailto:[EMAIL PROTECTED] Sent: 03 May 2007 00:31 To: users@spamassassin.apache.org Subject: Re: SA Not Scoring Keith De Souza wrote: Sat, 28 Apr 2007 19:42:53 BST:21005: SA: required_hits ? / sa_quarantine +0.01 / sa_delete +2.4 Sat, 28 Apr 2007 19:42:53 BST:21005: SA: finished scan of dir /var/spool/qmailscan/tmp/ssdd117778517072221005 in 600.013176 secs - hits=?/? Sat, 28 Apr 2007 19:42:53 BST:21005: qmail-scanner: Clear:RC:0(67.186.37.67):SA:0(?/?): 602.343095 3106 overtaxingpinafore @internetdynamics.com [EMAIL PROTECTED] Re: [EMAIL PROTECTED] textfile0:46 textfile1:468 textfile2:1145 This does not happen all the time but once in a while my log show a batch of mail not being scanned and producing false negatives, I don't know why that is. Is there any possibility that my server is overloaded and spamd is unable to spawn sufficient child process to handle the incoming mail. Just a logical guess. Did you read the Qmail-Scanner FAQ - Q19? Look at the timestamp in there - 602 seconds. That means that message took 10 minutes to process - something is wrong with your system. Either it is overloaded or spamd is hanging on DNS (or other network) lookups. However, you say this only happens every once in a while - in which case that may be acceptable to you. Also /var/spool/qmailscan implies you're using a VERY old Q-S 1.X release... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: SPF upgrade errors for SpamAssassin 3.2.0
On Wed, 02 May 2007 19:33:16 -0400 Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: James Lay wrote: Hey all! Trying to upgrade SPF and here's what I see: * ERROR: Version 0.002.2 of Net::DNS::Resolver::Programmable is installed, but we need version = 0.002001 ERRORS/WARNINGS FOUND IN PREREQUISITES. You may wish to install the versions of the modules indicated above before proceeding with this installation. Yet cpan gives me: Net::DNS::Resolver::Programmable is up to date (0.002.2). Is this telling me I need to downgrade? Can't seem to fine .002001 out there :( Anyone have any insight into this? Thanks! James Julian anticipates releasing Mail::SPF version 2.005, to correct this, ASAP. Daryl Awesome..thank you :) James
