Re: This spam should have triggered more rules
Jason Haar wrote: Karsten Bräckelmann wrote: uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i That won't stop "blah.exe?token=cookie". Web servers will still return "blah.exe" (and the attacker can trackback who clicked on it too that way! ;-) How about uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)($|\?)/i and these won't catch "foo.exe," and the like due to how URIs are parsed by SA.
Re: RulesDuJour & Tripwire Issue
@Andy - I was able to parse the script that you sent me to which had neither my problem nor my solution within it but I did find 1 problem. On my config it was listed as 99_FVGT_Tripwire.cf as well as the script that you sent a link to. However, located at the download site it was 88_FVGT_Tripwire.cf. @Matt - Thank you, you were correct. The download link was incorrect. I believe my using rulesdujour stemmed from me using outdated setup documents. I'll put some effort into researching that. Thanks, Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: This spam should have triggered more rules
Karsten Bräckelmann wrote: uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i That won't stop "blah.exe?token=cookie". Web servers will still return "blah.exe" (and the attacker can trackback who clicked on it too that way! ;-) How about uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)($|\?)/i -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Re: e greeting exe link [SOLVED]
Michael Hutchinson wrote: > > Nice, that's going to help me tidy up some of my other custom rules. > Once again, Thank-you Matt for the clarity on this issue. - > happy SA user. > No problem. One final suggestion. Take some time to read: http://wiki.apache.org/spamassassin/WritingRules This covers many of these topics.
RE: e greeting exe link [SOLVED]
> -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: 28 August 2008 1:49 p.m. > To: Michael Hutchinson > Cc: users@spamassassin.apache.org > Subject: Re: e greeting exe link > > Michael Hutchinson wrote: > > > > But only match it from the last trailing / character. In other words, if > > the message carries a link to "card.exe" at any address, it will be > > marked up. > > > > My thoughts were that all I would need is a rule like: > > uri MY_EXE_URI /card.exe/i > > > Caution: . is a wildcard, so the above will match "card exe" "card1exe" > etc. > > Add a \ to force it to be a literal period character. > > uri MY_EXE_URI /card\.exe/i > > That still runs some risk of matching things you don't want, like parts > of the domain, etc. > > I might tighten it up a bit more by adding the / in. trying to match > "/card.exe" instead of just "card.exe" > Again, we need a \ or the / will be interpreted as the end of the > expression, so we add \/ > > uri MY_EXE_URI /\/card\.exe/i That's got it sorted - precisely what I'm after.. Thank-you Matt for clearing this up! I'm going to employ some new rules straight away :) > > Or do I need to actually match all of the stuff before that, using a > > wildcard for example? > > > No, you don't. Regexes will match a substring. Adding .* to the > beginning or end of a regex is a superfluous waste, and has no affect > whatsoever on the strings matched. > > ( note: .* is regex syntax for 0 or more wildcards, equivalent to a > command-line *) Yay, I thought the complicating matching of http or ftp links in the original rule were unnecessary. Nice, that's going to help me tidy up some of my other custom rules. Once again, Thank-you Matt for the clarity on this issue. - happy SA user. Cheers, Michael Hutchinson Manux Solutions.
RE: e greeting exe link
> -Original Message- > From: John Hardin [mailto:[EMAIL PROTECTED] > Sent: 28 August 2008 1:35 p.m. > To: Michael Hutchinson > Cc: users@spamassassin.apache.org > Subject: RE: e greeting exe link > > On Thu, 28 Aug 2008, Michael Hutchinson wrote: > > > I would be hoping to match the same sort of URL: > > http://ns1.shinwa-com.co.jp/~denso/card.exe > > > > But only match it from the last trailing / character. In other words, if > > the message carries a link to "card.exe" at any address, it will be > > marked up. > > Why do you care about the part before the period? You don't like card.exe > but you trust card1.exe? Good point, but I wouldn't like to block all .exe's. Our local users wont bother zipping stuff and will complain. I was going to be happy with just adding some quick firing rules manually for exe's that I specify. I guess if that doesn't make sense, lets not bother too much about it :) > > My thoughts were that all I would need is a rule like: > > uri MY_EXE_URI /card.exe/i > > > > Or do I need to actually match all of the stuff before that, using a > > wildcard for example? > > Look back a couple of messages, a good short version was posted. Nice - thanks for your reply, John. Cheers, Michael Hutchinson Manux Solutions Limited.
Re: e greeting exe link
Michael Hutchinson wrote: > > But only match it from the last trailing / character. In other words, if > the message carries a link to "card.exe" at any address, it will be > marked up. > > My thoughts were that all I would need is a rule like: > uri MY_EXE_URI /card.exe/i > Caution: . is a wildcard, so the above will match "card exe" "card1exe" etc. Add a \ to force it to be a literal period character. uri MY_EXE_URI /card\.exe/i That still runs some risk of matching things you don't want, like parts of the domain, etc. I might tighten it up a bit more by adding the / in. trying to match "/card.exe" instead of just "card.exe" Again, we need a \ or the / will be interpreted as the end of the expression, so we add \/ uri MY_EXE_URI /\/card\.exe/i > Or do I need to actually match all of the stuff before that, using a > wildcard for example? > No, you don't. Regexes will match a substring. Adding .* to the beginning or end of a regex is a superfluous waste, and has no affect whatsoever on the strings matched. ( note: .* is regex syntax for 0 or more wildcards, equivalent to a command-line *) > Thanks in advance for any light shed upon the matter, > >
RE: e greeting exe link
On Thu, 28 Aug 2008, Michael Hutchinson wrote: I would be hoping to match the same sort of URL: http://ns1.shinwa-com.co.jp/~denso/card.exe But only match it from the last trailing / character. In other words, if the message carries a link to "card.exe" at any address, it will be marked up. Why do you care about the part before the period? You don't like card.exe but you trust card1.exe? My thoughts were that all I would need is a rule like: uri MY_EXE_URI /card.exe/i Or do I need to actually match all of the stuff before that, using a wildcard for example? Look back a couple of messages, a good short version was posted. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Insofar as the police deter by their presence, they are very, very good. Criminals take great pains not to commit a crime in front of them. -- Jeffrey Snyder --- Tomorrow: Exercise Your Rights day
RE: e greeting exe link
> -Original Message- > From: Randal, Phil [mailto:[EMAIL PROTECTED] > Sent: 23 August 2008 2:05 a.m. > To: Jean-Paul Natola; users@spamassassin.apache.org > Subject: RE: e greeting exe link > > uri MY_EXECUTABLE_URI > /^(?:https?|ftp):\/\/[^\s?]{1,80}\/[^\s?]{1,80}\.(?:exe|scr|dll|pif|vbs| > wsh|cmd|bat)$/i > describe MY_EXECUTABLE_URILinks to an executable file > score MY_EXECUTABLE_URI3.00 > > Mind the linewrap. Hello Everyone, Does anyone have a rule that's not such a complex regex? I couldn't get this one to expand properly with the Regex Expander over at SARE (http://www.rulesemporium.com/cgi-bin/expand_regex.cgi) - even downloading the Perl script and running it locally produces unexpected results from this rule. I would be hoping to match the same sort of URL: http://ns1.shinwa-com.co.jp/~denso/card.exe But only match it from the last trailing / character. In other words, if the message carries a link to "card.exe" at any address, it will be marked up. My thoughts were that all I would need is a rule like: uri MY_EXE_URI /card.exe/i Or do I need to actually match all of the stuff before that, using a wildcard for example? Thanks in advance for any light shed upon the matter, Cheers, Michael Hutchinson Manux Solutions
Re: This spam should have triggered more rules
On Wed, 2008-08-27 at 21:00 +, Duane Hill wrote: > On Wed, 27 Aug 2008, Skip wrote: > > Tell me, where did you get the SG_EXECUTABLE_URI rule? I don't have it in > > my > > installation. > It was a rule that was posted to the list close to a week ago by Phil > Randal (thread subject: e greeting exe link). I just changed its name: I didn't write this back then, even though I intended to -- but since this is a recurring topic, here it finally goes. :) > uri MY_EXECUTABLE_URI > /^(?:https?|ftp):\/\/[^\s?]{1,80}\/[^\s?]{1,80}\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i I believe this to be overly complex and complicated. Why all this limitations and being that specific? There is no need to match the entire URL. Actually, there is no need to match anything you actually aren't interested in -- which is the extension. :) What about this? uri EXECUTABLE /\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i Beware. Untested. Isn't that much more easily readable and comprehensible? And while I'm already at it, if you want to match slash chars (as often the case with uri tests), just use a different RE delimiter, to avoid the fences and enhance readability. uri EXAMPLE_NET m,^https?://example.net/, Hope this helps maintaining your custom cf files. guenther -- char *t="[EMAIL PROTECTED]"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: RulesDuJour & Tripwire Issue
Curtis LaMasters wrote: > Now on to my next issue. Thank you Dan for helping me with the last > one. I have RulesDuJour updating (probably too often) but I'm getting > the following error. I've been able to find the issue on Google but > no resolution. Hoping you can help me figure this out. RDJ is almost completely dead and obsolete. sa-update would be the preferred way to update most rules, and with a little tweaking it can even update rules from SARE. Based on the results you're seeing check the URL for tripwire in your RDJ script. I'm betting it points to a URL that's no longer serving the tripwire file, and instead returns an error page which produces the errors below. > > ***WARNING***: spamassassin --lint failed. > > Rolling configuration files back, not restarting SpamAssassin. > > Rollback command is: mv -f /etc/spamassassin/tripwire.cf > <http://tripwire.cf> > /etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f > /etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656 > /etc/spamassassin/tripwire.cf <http://tripwire.cf>; > > > > Lint output: [14866] warn: config: failed to parse line, skipping, in > "/etc/spamassassin/tripwire.cf <http://tripwire.cf>": > [14866] warn: > config: failed to parse line, skipping, in > "/etc/spamassassin/tripwire.cf <http://tripwire.cf>": HTTP-EQUIV="Pragma" CONTENT="no-cache"> [14866] warn: config: failed > to parse line, skipping, in "/etc/spamassassin/tripwire.cf > <http://tripwire.cf>": > [14866] warn: config: failed to parse line, skipping, in > "/etc/spamassassin/tripwire.cf <http://tripwire.cf>": > [14866] warn: lint: 4 issues detected, please rerun with debug enabled > for more information > > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com
RulesDuJour & Tripwire Issue
Now on to my next issue. Thank you Dan for helping me with the last one. I have RulesDuJour updating (probably too often) but I'm getting the following error. I've been able to find the issue on Google but no resolution. Hoping you can help me figure this out. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/spamassassin/tripwire.cf/etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f /etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656 /etc/spamassassin/ tripwire.cf; Lint output: [14866] warn: config: failed to parse line, skipping, in "/etc/spamassassin/tripwire.cf": [14866] warn: config: failed to parse line, skipping, in "/etc/spamassassin/tripwire.cf": [14866] warn: config: failed to parse line, skipping, in "/etc/spamassassin/tripwire.cf": [14866] warn: config: failed to parse line, skipping, in "/etc/spamassassin/ tripwire.cf": [14866] warn: lint: 4 issues detected, please rerun with debug enabled for more information Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: Updating rules with old version of spamassassin
Hi Martin, thank you for the info. So what I can see, Spamassassin is merely a perl module used by amavisd, right? If I install the new version, it will just replace the old module and add some little gadgets like sa-update? Or could I use the sa-update script from a new version with my old spamassassin installation? P. Martin.Hepworth wrote: > > Patrick > > Yes RDJ will still work, but only for the ones you've enabled. There's > been very liitle update on the standard RDJ ruleset for months now. So > don't expect to see much updating. > > Sa-update is the way to go for more modern versiosn, this will also keep > the core rules updated too. > > -- View this message in context: http://www.nabble.com/Updating-rules-with-old-version-of-spamassassin-tp19160511p19189904.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: This spam should have triggered more rules
On Wed, 27 Aug 2008, Skip wrote: Scored well here: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) X-Spam-Level: x X-Spam-Status: Reqd:5.0 Hits:17.1 Learn:disabled Tests:JM_SOUGHT_2=4, JM_SOUGHT_3=4,SG_EXECUTABLE_URI=3,UNPARSEABLE_RELAY=0.001, URIBL_AB_SURBL=1.613,URIBL_BLACK=1.961,URIBL_SC_SURBL=2.523 -d Yesterday when I received the message, it didn't trigger the SC SURBL, but it does today for me too. I know sometimes it can take them a while to catch up to the spammers. Tell me, where did you get the SG_EXECUTABLE_URI rule? I don't have it in my installation. http://www.google.com/search?num=100&hl=en&safe=off&q=SG_EXECUTABLE_URI&btnG=Search returns 0 hits. It was a rule that was posted to the list close to a week ago by Phil Randal (thread subject: e greeting exe link). I just changed its name: uri MY_EXECUTABLE_URI /^(?:https?|ftp):\/\/[^\s?]{1,80}\/[^\s?]{1,80}\.(?:exe|scr|dll|pif|vbs|wsh|cmd|bat)$/i describe MY_EXECUTABLE_URI Links to an executable file score MY_EXECUTABLE_URI 3.00 -d
Re: This spam should have triggered more rules
Scored well here: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) X-Spam-Level: x X-Spam-Status: Reqd:5.0 Hits:17.1 Learn:disabled Tests:JM_SOUGHT_2=4, JM_SOUGHT_3=4,SG_EXECUTABLE_URI=3,UNPARSEABLE_RELAY=0.001, URIBL_AB_SURBL=1.613,URIBL_BLACK=1.961,URIBL_SC_SURBL=2.523 -d Yesterday when I received the message, it didn't trigger the SC SURBL, but it does today for me too. I know sometimes it can take them a while to catch up to the spammers. Tell me, where did you get the SG_EXECUTABLE_URI rule? I don't have it in my installation. http://www.google.com/search?num=100&hl=en&safe=off&q=SG_EXECUTABLE_URI&btnG=Search returns 0 hits. -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]
Re: This spam should have triggered more rules
On Wed, 27 Aug 2008, Skip wrote: http://pastebin.com/m5b376775 I have the botnet rules enabled and they trigger on a lot of my spam, as well as the sought rules. But not this message. This spam however only triggered two rules, however I feel it should have triggered more. Yeah, it passed my spam threshold and was caught, but just barely. Anything I could have done to increased my chances on this one? Perhaps something about linking to an exe? That can't be good. You might want to try out my greeting card rules. http://www.impsec.org/~jhardin/antispam/ There have also been rules for URI-to-executable posted to the list recently. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A superior gunman is one who uses his superior judgment to keep himself out of situations that would require the use of his superior skills. --- Tomorrow: Exercise Your Rights day
Re: This spam should have triggered more rules
On Wed, 27 Aug 2008, Skip wrote: http://pastebin.com/m5b376775 I have the botnet rules enabled and they trigger on a lot of my spam, as well as the sought rules. But not this message. This spam however only triggered two rules, however I feel it should have triggered more. Yeah, it passed my spam threshold and was caught, but just barely. Anything I could have done to increased my chances on this one? Perhaps something about linking to an exe? That can't be good. Scored well here: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) X-Spam-Level: x X-Spam-Status: Reqd:5.0 Hits:17.1 Learn:disabled Tests:JM_SOUGHT_2=4, JM_SOUGHT_3=4,SG_EXECUTABLE_URI=3,UNPARSEABLE_RELAY=0.001, URIBL_AB_SURBL=1.613,URIBL_BLACK=1.961,URIBL_SC_SURBL=2.523 -d
This spam should have triggered more rules
http://pastebin.com/m5b376775 I have the botnet rules enabled and they trigger on a lot of my spam, as well as the sought rules. But not this message. This spam however only triggered two rules, however I feel it should have triggered more. Yeah, it passed my spam threshold and was caught, but just barely. Anything I could have done to increased my chances on this one? Perhaps something about linking to an exe? That can't be good. Skip -- Get my PGP Public key here: http://pelorus.org/[EMAIL PROTECTED]
RE: adding score for email from noreply@
mouss wrote: > Bowie Bailey wrote: > > Curtis LaMasters wrote: > > > I'm having a pretty hard time with this one for some reason, > > > mainly because I don't understand regex. I have a large number > > > of emails that are getting past my spamassassin setup (Maia > > > Mailguard 1.02a) as well as my Barracuda. I would like to add a > > > score to email from [EMAIL PROTECTED] I'm not asking for anyone to > > > write the rule for me (though that would be nice), but general > > > guidance on how to go about doing this *easily*. > > > > Try this: > > > > header FROM_NOREPLY ToCc =~ /\bnoreply\@/i > > > > I guess he wants From or Reply-To, not ToCc. Umm...right... header FROM_NOREPLY From =~ /\bnoreply\@/i I guess I was focused too much on the regex and not enough on the target. -- Bowie
RE: adding score for email from noreply@
John Hardin wrote: > > http://oreilly.com/catalog/9780596528126/ Excellent book. -- Bowie
Re: user_pref for virtual mails
Nicolas Letellier wrote: > Hello. > > I use spamassassin on my Postfix/Dovecot mail server. > > Mailboxes are in /var/www/mail/vmail/domain.tld/user > > Is there a possibility to have a user_prefs for each mailbox? > > I don't see a similar option in > http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs) > or here: > http://svn.apache.org/repos/asf/spamassassin/branches/3.2/README > > Take a look at the --virtual-config-dir option to spamd. Alternatively, you can have them in SQL, in which case you should read: http://svn.apache.org/repos/asf/spamassassin/branches/3.2/sql/README
Re: user_pref for virtual mails
Nicolas Letellier schrieb: Le Wed, 27 Aug 2008 12:06:31 +0200, Robert Schetterer <[EMAIL PROTECTED]> a écrit : Nicolas Letellier schrieb: Hello. I use spamassassin on my Postfix/Dovecot mail server. Mailboxes are in /var/www/mail/vmail/domain.tld/user Is there a possibility to have a user_prefs for each mailbox? I don't see a similar option in http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs) or here: http://svn.apache.org/repos/asf/spamassassin/branches/3.2/README Thanks for your informations. Regards, depends if you have real users or not, if using a vmail local user for all mailboxes ( i.e postfixadmin setup ) this works with spamass-milter, i ve included it for self user editing via squirrelmail which needs ftp server and a special coded spamassplugin , but the best way is to use spamass milter ( postfix/sendmail ) with spamd in mysql rules can be added by self user out of webmail squirrelmail or horde same should be possible with amavis-new but there are many ways to work with users_prefs, depends what you want to goal Hi Robert. My spamassassin runs as 'spamd'. thats not the point All my mailboxes are virtual, and are in /var/mail/vmails/domain.tld/user which is the local owner who delivers the mail , what ist general smtp setup My spamassin looks at /usr/local/etc/mail/spamassassin/local.cf for load rules. jep global rules, looks like self compiled Now, I would like that, when spamc scans an email, for a mail to [EMAIL PROTECTED], spamassin loads /usr/local/etc/mail/spamassassin/local.cf AND /var/mail/vmails/domain.tld/toto/spamassassin/users_prefs More precisely, I'm looking for an option to have specific rules (like whitelist_from, etc...) for each mailboxes. i allready wrote this, use spamass milter with postfix/sendmail which can readout users_prefs via spamd ( must be configured rigthly ) out of local files or from mysql, if you want to give users the chance to edit their rules by themselfes use webmail squirrelmail or horde with spamassassin plugins and/or filter adds you should look spamassasin faqs and howtos on the web for other possible setups, i found spamassmilter as the best working but thats a question of taste used smtp software and smtp traffic amount Thanks. Regards, -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: user_pref for virtual mails
Le Wed, 27 Aug 2008 12:06:31 +0200, Robert Schetterer <[EMAIL PROTECTED]> a écrit : > Nicolas Letellier schrieb: > > Hello. > > > > I use spamassassin on my Postfix/Dovecot mail server. > > > > Mailboxes are in /var/www/mail/vmail/domain.tld/user > > > > Is there a possibility to have a user_prefs for each mailbox? > > > > I don't see a similar option in > > http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs) > > or here: > > http://svn.apache.org/repos/asf/spamassassin/branches/3.2/README > > > > Thanks for your informations. > > > > Regards, > > > depends if you have real users or not, if using a vmail local user > for all mailboxes ( i.e postfixadmin setup ) > this works with spamass-milter, i ve included it > for self user editing via squirrelmail which needs ftp server > and a special coded spamassplugin , > > but the best way is to use spamass milter ( postfix/sendmail ) with > spamd in mysql rules can be added by self user out of webmail > squirrelmail or horde same should be possible with amavis-new > > but there are many ways to work with users_prefs, depends what you > want to goal Hi Robert. My spamassassin runs as 'spamd'. All my mailboxes are virtual, and are in /var/mail/vmails/domain.tld/user My spamassin looks at /usr/local/etc/mail/spamassassin/local.cf for load rules. Now, I would like that, when spamc scans an email, for a mail to [EMAIL PROTECTED], spamassin loads /usr/local/etc/mail/spamassassin/local.cf AND /var/mail/vmails/domain.tld/toto/spamassassin/users_prefs More precisely, I'm looking for an option to have specific rules (like whitelist_from, etc...) for each mailboxes. Thanks. Regards, -- - Nicolas.
Re: user_pref for virtual mails
Nicolas Letellier schrieb: Hello. I use spamassassin on my Postfix/Dovecot mail server. Mailboxes are in /var/www/mail/vmail/domain.tld/user Is there a possibility to have a user_prefs for each mailbox? I don't see a similar option in http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs) or here: http://svn.apache.org/repos/asf/spamassassin/branches/3.2/README Thanks for your informations. Regards, depends if you have real users or not, if using a vmail local user for all mailboxes ( i.e postfixadmin setup ) this works with spamass-milter, i ve included it for self user editing via squirrelmail which needs ftp server and a special coded spamassplugin , but the best way is to use spamass milter ( postfix/sendmail ) with spamd in mysql rules can be added by self user out of webmail squirrelmail or horde same should be possible with amavis-new but there are many ways to work with users_prefs, depends what you want to goal -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
user_pref for virtual mails
Hello. I use spamassassin on my Postfix/Dovecot mail server. Mailboxes are in /var/www/mail/vmail/domain.tld/user Is there a possibility to have a user_prefs for each mailbox? I don't see a similar option in http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo?highlight=(user_prefs) or here: http://svn.apache.org/repos/asf/spamassassin/branches/3.2/README Thanks for your informations. Regards, -- - Nicolas.
Re: Whitelist config for internal/external servers
Camron W. Fox wrote: John Hardin wrote: On Tue, 26 Aug 2008, Camron W. Fox wrote: We are running SA V3.2.4 on RHEL5.1. How do messages get passed to SA for scoring? The best way is to note the internal origination of the message and bypass SA entirely. Exactly how that is done depends on your plumbing. John, Postfix hands the messages off to SA with the content_filter option. You can bypass the filter for specific clients using the FILTER action. smtpd_client_restrictions = check_client_access cidr:/etc/postfix/per_client_filter == per_client_filter: 127.0.0.1/32FILTER dummy: ... if you need help for this, use the postfix-users list as this mostly OT here.