Re: JMF whitelist and RAZOR conflict
Hi, >> I have several emails that are tagged with RCVD_IN_JMF_W, >> SPF_SOFTFAIL, and RAZOR2_CHECK such as this one: >> http://pastebin.com/m4a4d990e > > why accept SPF_SOFTFAIL ? > > cant this be solved ? I don't understand. I'm still learning how the SPF rules work. Shouldn't I be adding points for an SPF_FAIL? This indicates a spoof attempt, no? > are you recieving forwarded emails from spf domains ? If I understand correctly, no. I have no relationship with any external source and their SPF records. > if so add the forward ip to trusted_networks (so spf will be disabled from > this hosts) Do you mean to avoid the processing overhead? IOW, don't bother checking SPF records for trusted domains? >> Is the criteria for being listed on the JMF_W simply that it >> contains a domain that is whitelisted, despite whether it >> contains another URL that is blacklisted? > > this is spamassassin working, if there is a blacklisted domain add it to > your uribl_skip_domain list Ah, you mean if the domain is erroneously on the blacklist, right? >> Would I be advised to make the JMF_W score very low, or create a >> meta that doesn't really whitelist it unless it isn't also blacklisted? > > this is ip and not domains On a somewhat related note, how does BOTNET differ from RDNS_NONE? What is the logic behind the BOTNET rule? Is there some known list that it's checking, or is it just likely to be a dynamic IP or compromised host if it doesn't have a reverse DNS entry? Thanks so much for the clarification, and confirmation about Gevalia/Kraft. Thanks, Alex
Re: URL rule creation question
McDonald, Dan wrote:
>
> From: Matt Kettler [mailto:mkettler...@verizon.net]
>
> >This rule should detect 10 consecutive occurrences.
> >uri L_URI_FUNNYDOTS /(?:\.[a-z,0-9]{2}\.){10}
>
> >Warning: I wrote this quickly without too much thought. It may have
> >bugs, but I'm short on time at the moment.
>
> your variant would require two periods in a row between each pair.
>
So it would... Hence the warning :)
Re: Using a blacklist - configuration-file not working
Benny Pedersen wrote: > > do not edit this file, use some user files to overwride contense > if i remember 50_user... > Yes, now it works, i thought all the time i had to restart spamassassin to make changes work, but i never restarted amavisd-new. Now i can put blacklisted items into spamassassins configs and they work. And in 50_user i overwrite the 20-debian_default: $sa_spam_subject_tag = '*'; $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 15; $sa_kill_level_deflt = 25; $sa_dsn_cutoff_level = 35; and it works after a restart of amavisd-new. So everything ok, thank you very much. spamassassin 2>&1 -D --lint | less All OK. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25407826.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: URL rule creation question
On Fri, 2009-09-11 at 15:09 -0400, MySQL Student wrote: > Hi, > > > The 'doubleheadedrover' domain currently shows up in Razor(E8), > > uribl_black, surbl_jp, and invaluement. > > > > But it wasn't in all of those when he first started posting about it. > > Yes, that's correct. Thanks for your help. That's already caught a > few. I have another that I thought you could help with. > > I'd like to create a rule that matches a specific letter and up to 5 > spaces after it, repeated ten times. unless you are using rawbody rules, multiple spaces are collapsed to single spaces on the regularized body that rules are run against -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: URL rule creation question
On Fri, 2009-09-11 at 12:43 -0700, John Hardin wrote:
> \s is the proper way to represent whitespace.
True. However, in all rule types that use rendered text, there is only a
space -- no tabs. Well, there are newlines, but that doesn't matter
unless you use special modifiers. ;)
Actually, this reminds me -- if Alex is writing his rule as a body rule,
the text parts are rendered and normalized. This effectively means any
number of consecutive whitespace (within a paragraph) will be condensed
to a single space.
Thus /a b/ and /a {1,5}b/ become identical.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: URL rule creation question
On Fri, 2009-09-11 at 15:09 -0400, Alex wrote:
> I'd like to create a rule that matches a specific letter and up to 5
> spaces after it, repeated ten times. I'm thinking something like this:
>
> /s\ {5}o\ {5}n\ {5}i\ {5}c\ {5}\ m\ {5}e\ {5}d\ {5}i\ {5}a/i
A space does not have any special meaning in REs. Don't escape it.
The quantifier {5} means *exactly* 5 occurrences. What you are after is
the {n,m} quantifier with an lower n and (optional) upper m bound. Thus,
to match at least one, and up to 5 occurrences: {1,5}
> I'm still learning regex's, so hopefully this isn't too far off. The
> opportunities for rules are coming faster than my ability to learn.
http://perldoc.perl.org/perlre.html
The reference. In particular, also do have a look at the perlrequick
Introduction and perlretut Tutorial referenced early in the Description
section.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: URL rule creation question
On Fri, 11 Sep 2009, MySQL Student wrote:
I'd like to create a rule that matches a specific letter and up to 5
spaces after it, repeated ten times. I'm thinking something like this:
/s\ {5}o\ {5}n\ {5}i\ {5}c\ {5}\ m\ {5}e\ {5}d\ {5}i\ {5}a/i
\s is the proper way to represent whitespace.
{5} is exactly 5. 1-5 would be {1,5}, and 0-5 would be {,5}
I'm still learning regex's, so hopefully this isn't too far off. The
opportunities for rules are coming faster than my ability to learn.
http://www.regular-expressions.info/tutorial.html
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
If guns kill people, then...
-- pencils miss spel words.
-- cars make people drive drunk.
-- spoons make people fat.
---
Today: the 8th anniversary of 9/11
Re: URL rule creation question
Hi,
> The 'doubleheadedrover' domain currently shows up in Razor(E8),
> uribl_black, surbl_jp, and invaluement.
>
> But it wasn't in all of those when he first started posting about it.
Yes, that's correct. Thanks for your help. That's already caught a
few. I have another that I thought you could help with.
I'd like to create a rule that matches a specific letter and up to 5
spaces after it, repeated ten times. I'm thinking something like this:
/s\ {5}o\ {5}n\ {5}i\ {5}c\ {5}\ m\ {5}e\ {5}d\ {5}i\ {5}a/i
I'm still learning regex's, so hopefully this isn't too far off. The
opportunities for rules are coming faster than my ability to learn.
Thanks,
Alex
Re: Using a blacklist - configuration-file not working
On Fri 11 Sep 2009 01:47:38 PM CEST, franc wrote Does this mean with amavis spamassassin is NOT used? dont confuse the answer:) spamassassin is a client spamd is a daemond amavisd is a daemond finaly: amavisd does not use spamassassin or spamd clear now ? I thought amavis is using spamassassin and clamav to check the mails but has no spamcheck and viruscheck itself. if you use amavisd, then save some ram by disable spamd -- xpoint
Re: Using a blacklist - configuration-file not working
On Fri 11 Sep 2009 01:27:11 PM CEST, franc wrote Yes, i restarted spamassassin, and now i found out, that amavis is handling some configurations in 20-debian_defaults, here i can put some blacklist (with amavis notation of course). do not edit this file, use some user files to overwride contense if i remember 50_user... is in this same dir, why ?, what happend when you update, will you love to see your edits go to dev-null ? :) But i wonder why the spamassassin configfiles are not used. Is there a switch in amavis to override this? spamassassin 2>&1 -D --lint | less cf files are read on all this paths, no other dirs or file can be edit with configs -- xpoint
Re: JMF whitelist and RAZOR conflict
RW wrote: Razor looks-up fuzzy hashes of an email on a server that records the values that have previously been reported for spam. JMF_W is based on the IP address of the last hop into your trusted network (or internal if you set it up that way). Neither is based on URLs. Actually, Razor does check URLs as well. It's one of the signature types. Type 8, I think. -- Kelson Vibber SpeedGate Communications
Re: JMF whitelist and RAZOR conflict
On Fri 11 Sep 2009 01:21:16 AM CEST, MySQL Student wrote I have several emails that are tagged with RCVD_IN_JMF_W, SPF_SOFTFAIL, and RAZOR2_CHECK such as this one: http://pastebin.com/m4a4d990e why accept SPF_SOFTFAIL ? cant this be solved ? are you recieving forwarded emails from spf domains ? if so add the forward ip to trusted_networks (so spf will be disabled from this hosts) Is the criteria for being listed on the JMF_W simply that it contains a domain that is whitelisted, despite whether it contains another URL that is blacklisted? this is spamassassin working, if there is a blacklisted domain add it to your uribl_skip_domain list Would I be advised to make the JMF_W score very low, or create a meta that doesn't really whitelist it unless it isn't also blacklisted? this is ip and not domains meta META_NOT_JMF_RAZOR(RCVD_IN_JMF_W && !RAZOR2_CHECK) It also appears to spoof the kraftfoods.com mail server, correct? Is there a possible rule to be created here? rule is okay as a ham score, well writed -- xpoint
RE: JMF whitelist and RAZOR conflict
No - that really came out of mail2.kraftfoods.com (parent corporation of Gevalia, remember?) I have seen other samples of the same message spamming other recipients, and there's no question of source IP. Bob -Original Message- From: MySQL Student [mailto:mysqlstud...@gmail.com] Sent: Thursday, September 10, 2009 4:21 PM It also appears to spoof the kraftfoods.com mail server, correct? Is there a possible rule to be created here? -- Check out the Barracuda Spam & Virus Firewall - offering the fastest virus & malware protection in the industry: www.barracudanetworks.com/spam
Re: Using a blacklist - configuration-file not working
Now its working I think (but i am not shure) that my fault was, that i resarted spamassassin to test the config and not amavis with amavisd-new stop amavisd-new start But now the rules are accepted! Thank you very much for the help! Regards, franc -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25401019.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: URL rule creation question
On Fri, 2009-09-11 at 14:37 +0200, Matus UHLAR - fantomas wrote: > On 10.09.09 18:28, MySQL Student wrote: > > I've seen this pattern in spam quite a bit lately: > > > > href="http://EXAMPLE.com/jazert/html/?39.6d.3d.31.66.67.6b.79.77.63.77.63.65.6e.74.69.6e.6e.69 > > .61.6c.5f.68.31.33.33.2e.6f.39.39.41.4d.2e.30.30.45.33.39.2e.30.32.30.61.64.6b.37.61.76.61.67.63.31.66. > > 62.2e.6a.61.7a.65.72.74.2e.68.74.6d.6c3az8fO" > > what kind of URL/service is this? Isn't it worth to block this at all? The 'doubleheadedrover' domain currently shows up in Razor(E8), uribl_black, surbl_jp, and invaluement. But it wasn't in all of those when he first started posting about it. So he is looking for a way of identifying bad urls by examining the path portion rather than the domain -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Using a blacklist - configuration-file not working
In: /usr/share/spamassassin/ i found a file called user_prefs.template where i read in the head: #* Note: this file is not read by SpamAssassin until copied into the user #* directory. At runtime, if a user has no preferences in their home directory #* already, it will be copied for them, allowing them to perform personalised #* customisation. If you want to make changes to the site-wide defaults, #* create a file in /etc/spamassassin instead. But in /etc/spamassassin/blacklist.cf my only rule: blacklist_from mytestem...@mytestdomain.tld is ignored. I send with exactly this email an email to an emailaccount on the server where that spamassassin and amavis are running and it arrives without getting filtered as spam. I think i make a mistake somewhere in my thinking, but where? Is there an other way to TEST the configs by a rule, to proove that the configs are used? And where is the logfile for spamassassin? The only thing i found is in /var/log/mail.log but only one line: Sep 11 14:39:22 ew6 amavis[22365]: Module Mail::SpamAssassin 3.002004 There must be a logfile somewhere? -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25400656.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
Mark Martinec wrote: > > So, did you try this on your sample message? > With: su amavis -c 'spamassassin -t < /usr/share/doc/spamassassin/examples/sample-spam.txt' I get: [22381] warn: config: created user preferences file: /var/lib/amavis/.spamassassin/user_prefs Received: from localhost by myserver.tld with SpamAssassin (version 3.2.4); Fri, 11 Sep 2009 14:40:00 +0200 From: Sender To: Recipient Subject: Test spam mail (GTUBE) Date: Wed, 23 Jul 2003 23:30:00 +0200 Message-Id: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on myserver.tld X-Spam-Level: ** X-Spam-Status: Yes, score=1005.3 required=5.0 tests=DIGEST_MULTIPLE,GTUBE, NO_RECEIVED,NO_RELAYS,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK autolearn=no version=3.2.4 ... And a description that this mail is considered as spam, mostly because of GTUBE. I think this is working. But why is my blacklist not working? -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25400374.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: URL rule creation question
On 10.09.09 18:28, MySQL Student wrote: > I've seen this pattern in spam quite a bit lately: > > href="http://doubleheaderover.com/jazert/html/?39.6d.3d.31.66.67.6b.79.77.63.77.63.65.6e.74.69.6e.6e.69 > .61.6c.5f.68.31.33.33.2e.6f.39.39.41.4d.2e.30.30.45.33.39.2e.30.32.30.61.64.6b.37.61.76.61.67.63.31.66. > 62.2e.6a.61.7a.65.72.74.2e.68.74.6d.6c3az8fO" what kind of URL/service is this? Isn't it worth to block this at all? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them
Re: Using a blacklist - configuration-file not working
> > No, it means spamd isn't used. ... > > This i misunderstood too, i thought spamd IS the spamassassin-daemon. It is. And so is amavisd, just uses a different protocol to talk with a MTA. You don't need both. > On my system, spamd is running. But i don't find any running spamassassin > process. If you use amavisd, there is no point in running spamd too, it won't be used. >- check your rules on a test mail, be sure to run it under > the same user as amavisd will run under: > # su vscan -c 'spamassassin -t
Re: Using a blacklist - configuration-file not working
McDonald, Dan wrote: > ... > No, it means spamd isn't used. ... > This i misunderstood too, i thought spamd IS the spamassassin-daemon. On my system, spamd is running. But i don't find any running spamassassin process. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25399959.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
Mark Martinec wrote: > ... > The SpamAssassin config files are observed at the default SpamAssassin > paths. Check that directories used by SpamAssassin are what you expect > them to be - start as: 'amavisd debug-sa' and check the SA log soon after > a start > ... > - check syntax: # su vscan -c 'spamassassin --lint' > ... > amavisd-new debug-sa gives me a lot of lines, under them i found the configfiles which are ignored: [19814] dbg: config: read file /etc/spamassassin/blacklist.cf is the log lying? By the way, where is the logfile for spamassassin, i don't find it under /var/log ... Amavis runs under amavis, so: su amavis -c 'spamassassin --lint' gives no output, so no errors. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25399956.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 04:47 -0700, franc wrote: > > McDonald, Dan wrote: > > > > estarting spamassassin won't do any good. You need to restart amavisd. > > Amavisd loads the perl libraries and daemonizes itself instead of using > > spamd. > > Does this mean with amavis spamassassin is NOT used? No, it means spamd isn't used. > I thought amavis is using spamassassin spamassassin libraries and configuration > and clamav clamd > to check the mails but has > no spamcheck and viruscheck itself. It has a little bit of spamcheck in it, separate of the spamassassin libraries. But amavisd is the place where the spamassassin processing is taking place. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Using a blacklist - configuration-file not working
McDonald, Dan wrote: > > estarting spamassassin won't do any good. You need to restart amavisd. > Amavisd loads the perl libraries and daemonizes itself instead of using > spamd. Does this mean with amavis spamassassin is NOT used? I thought amavis is using spamassassin and clamav to check the mails but has no spamcheck and viruscheck itself. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25399496.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Friday September 11 2009 13:27:11 franc wrote: > Yes, i restarted spamassassin, and now i found out, that amavis is handling > some configurations in 20-debian_defaults, here i can put some blacklist > (with amavis notation of course). This is independent from SpamAssassin. > But i wonder why the spamassassin configfiles are not used. Is there a > switch in amavis to override this? The SpamAssassin config files are observed at the default SpamAssassin paths. Check that directories used by SpamAssassin are what you expect them to be - start as: 'amavisd debug-sa' and check the SA log soon after a start. > Spamfiltering is working: i have Spam-Tags in my mailheaders. But maybe not > from spamassassin? > I read: X-Spam-Score, X-Spam-Flag, X-Spam-Level, X-Spam-Status Flags, and > X-Virus-Scanned: Debian amavisd-new at ew6.org > > And Spam is moved automatically to the .Spam Folder. Good. Make sure your rules are working: - check syntax: # su vscan -c 'spamassassin --lint' - check your rules on a test mail, be sure to run it under the same user as amavisd will run under: # su vscan -c 'spamassassin -t
Re: Using a blacklist - configuration-file not working
McDonald, Dan wrote: > > spamassassin -D --lint > > That will tell you every .cf file that is read. > ... [15570] dbg: config: read file /etc/spamassassin/65_debian.cf [15570] dbg: config: read file /etc/spamassassin/blacklist.cf [15570] dbg: config: read file /etc/spamassassin/local.cf [15570] dbg: config: read file /etc/spamassassin/sa-blacklist.cf [15570] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [15570] dbg: config: read file /root/.spamassassin/user_prefs ... Seems to be read. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25399476.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 04:27 -0700, franc wrote: > > rich...@buzzhost.co.uk wrote: > > > Yes, i restarted spamassassin, and now i found out, that amavis is handling > some configurations in 20-debian_defaults, restarting spamassassin won't do any good. You need to restart amavisd. Amavisd loads the perl libraries and daemonizes itself instead of using spamd. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Using a blacklist - configuration-file not working
rich...@buzzhost.co.uk wrote: > > And you restarted spamassassin ? > /etc/init.d/spamassassin restart > > The first obvious question I would ask is *is it scoring anything* > Franc? That is, you have proved and know that your spamassassin is > working? > > Are you sure you are blocking on envelope sender, and not trying to > block some other 'from' header that has been inserted? It often confuses > people. > Yes, i restarted spamassassin, and now i found out, that amavis is handling some configurations in 20-debian_defaults, here i can put some blacklist (with amavis notation of course). But i wonder why the spamassassin configfiles are not used. Is there a switch in amavis to override this? Spamfiltering is working: i have Spam-Tags in my mailheaders. But maybe not from spamassassin? I read: X-Spam-Score, X-Spam-Flag, X-Spam-Level, X-Spam-Status Flags, and X-Virus-Scanned: Debian amavisd-new at ew6.org And Spam is moved automatically to the .Spam Folder. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25399257.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 00:51 -0700, franc wrote: > Hello, > > i just installed spamassassin 3.2.4 (running on Perl 5.8.8) with postfix > 2.5.1 on a Ubuntu 8.04. > Now i want to use a personal blacklist an i put into > > /etc/spamassassin/myblacklist.cf That's an odd path name. I'm used to the config directory being /etc/mail/spamassassin/ > > But still it doesn't work after restarting spamassassin. > Where is the real config from spamassassin and how can i check the > configuration? spamassassin -D --lint That will tell you every .cf file that is read. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 03:53 -0700, franc wrote: > > > rich...@buzzhost.co.uk wrote: > > > > Create the blacklist file: > > # vim /etc/spamassassin/blacklist.cf > > > > blacklist_from *...@aol.com > > blacklist_from drop.t...@aol.com > > > > Test it for errors: > > # spamassassin --lint > > > > Restart Spamassassin > > # /etc/init.d/spamassassin restart > > > > Send it a test message to check and confirmed blocked (in my case). > > > This is exactly what i have done. But spamassassin ignores it totally. > No errors on spamassassin --lint And you restarted spamassassin ? /etc/init.d/spamassassin restart The first obvious question I would ask is *is it scoring anything* Franc? That is, you have proved and know that your spamassassin is working? Are you sure you are blocking on envelope sender, and not trying to block some other 'from' header that has been inserted? It often confuses people. Perhaps it would help if you posted the output of one of the messages to http://pastebin.com/ so some of the guys and gals here can give you better advice or troubleshoot this for you. Don't worry - with the great help you can get in this group, someone will help you to get this working :-)
Re: Using a blacklist - configuration-file not working
rich...@buzzhost.co.uk wrote: > > Create the blacklist file: > # vim /etc/spamassassin/blacklist.cf > > blacklist_from *...@aol.com > blacklist_from drop.t...@aol.com > > Test it for errors: > # spamassassin --lint > > Restart Spamassassin > # /etc/init.d/spamassassin restart > > Send it a test message to check and confirmed blocked (in my case). > This is exactly what i have done. But spamassassin ignores it totally. No errors on spamassassin --lint -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25398890.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 01:07 -0700, franc wrote: > > rich...@buzzhost.co.uk wrote: > > > > To do this, somewhere near the end of your main.cf: > > header_checks = regexp:/etc/postfix/header_checks > > > > File /etc/postfix/header_checks looks like this: > > /^From:.*whoe...@aol.com/ REJECT sender blacklisted > > > > Postfix reload > > > > Thank you, does this mean that there is no way to configure spamassassin > himself? > Is spamassassin configured only indirectly by postfix (and amavis)? > I don't understand this. OK, on my Ubuntu test box this is what I did; Create the blacklist file: # vim /etc/spamassassin/blacklist.cf blacklist_from *...@aol.com blacklist_from drop.t...@aol.com Test it for errors: # spamassassin --lint Restart Spamassassin # /etc/init.d/spamassassin restart Send it a test message to check and confirmed blocked (in my case).
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 01:07 -0700, franc wrote: > > rich...@buzzhost.co.uk wrote: > > > > To do this, somewhere near the end of your main.cf: > > header_checks = regexp:/etc/postfix/header_checks > > > > File /etc/postfix/header_checks looks like this: > > /^From:.*whoe...@aol.com/ REJECT sender blacklisted > > > > Postfix reload > > > > Thank you, does this mean that there is no way to configure spamassassin > himself? > Is spamassassin configured only indirectly by postfix (and amavis)? > I don't understand this. I'm sure there *is* a way, but don't get caught on the *actual* sender-v-the envelope sender. I have *not* tried this myself but a myblacklist.cf file like this; blacklist_from *...@aol.com blacklist_from drop.t...@aol.com checked for errors using the command: spamassassin --lint give you any clues at all? I drop mine in Postfix as it saves clock cycles, but I'm sure Spamassassin will happily do this - I'm going to test it now :-)
Re: Using a blacklist - configuration-file not working
rich...@buzzhost.co.uk wrote: > > To do this, somewhere near the end of your main.cf: > header_checks = regexp:/etc/postfix/header_checks > > File /etc/postfix/header_checks looks like this: > /^From:.*whoe...@aol.com/ REJECT sender blacklisted > > Postfix reload > Thank you, does this mean that there is no way to configure spamassassin himself? Is spamassassin configured only indirectly by postfix (and amavis)? I don't understand this. -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25396780.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Using a blacklist - configuration-file not working
On Fri, 2009-09-11 at 00:51 -0700, franc wrote: > Hello, > > i just installed spamassassin 3.2.4 (running on Perl 5.8.8) with postfix > 2.5.1 on a Ubuntu 8.04. > Now i want to use a personal blacklist an i put into > > /etc/spamassassin/myblacklist.cf > > an put into it: > > blacklist_from mail_f...@spam.tld > blacklist_from ... > > This doesn't work. So i put my personal spamrules into > > /etc/spamassassin/local.cf > > But still it doesn't work after restarting spamassassin. > Where is the real config from spamassassin and how can i check the > configuration? > > Thank you, > regards, franc If it's just vanilla blacklisting you want, you can do this in Postfix at the SMTP level and save the hassle of scanning the mail in the first instance: To do this, somewhere near the end of your main.cf: header_checks = regexp:/etc/postfix/header_checks File /etc/postfix/header_checks looks like this: /^From:.*whoe...@aol.com/ REJECT sender blacklisted Postfix reload Caveat: currently no way to white list anything you add to header checks - but as you want to blacklist, no big issue there. Bonus: Can easily and quickly blacklist on any header match (use with care) not just the 'from'.
Using a blacklist - configuration-file not working
Hello, i just installed spamassassin 3.2.4 (running on Perl 5.8.8) with postfix 2.5.1 on a Ubuntu 8.04. Now i want to use a personal blacklist an i put into /etc/spamassassin/myblacklist.cf an put into it: blacklist_from mail_f...@spam.tld blacklist_from ... This doesn't work. So i put my personal spamrules into /etc/spamassassin/local.cf But still it doesn't work after restarting spamassassin. Where is the real config from spamassassin and how can i check the configuration? Thank you, regards, franc -- View this message in context: http://www.nabble.com/Using-a-blacklist---configuration-file-not-working-tp25396597p25396597.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
