INVALID_MSGID hitting valid emails
Since a rule update on or around September 21st, we've been getting lots of hits of INVALID_MSGID. Investigation reveals nothing wrong with the Message-ID in the vast majority of cases. Can anyone shed any light on this? Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
Re: New plugin: DecodeShortURLs
On 9/20/10 11:33 AM, Steve Freegard wrote: On 20/09/10 15:28, Bowie Bailey wrote: You can get rid of the 'backslashitis' by using a different delimiter. uri URI_BITLY_BLOCKED m~^http://bit\.ly/a/warning~i You still need to escape the period, but since the tilde (~) is now the delimiter rather than the slash, you don't need to escape all the slashes. This is very useful for URI patterns! Just remember that you will now need to escape the new delimiter if it appears in the regex. one more: if # url_shortener_cache /tmp/DecodeShortURLs.sq3 you should not try to load SQLLite.pm. ent host [79.98.90.156] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=79.98.90.156; from=madeirau...@rossatogroup.com to=herr...@mcclancy.com proto=ESMTP helo=MEDMAVVR Sep 22 08:38:40 sns amavis[77402]: (!)_DIE: Can't locate DBD/SQLite.pm in @INC (@INC contains: lib /usr/local/lib/perl5/5.8.9/BSDPAN /usr/local/lib/perl5/site_perl/5.8.9/mach /usr/local/lib/perl5/site_perl/5.8.9 /usr/local/lib/perl5/5.8.9/mach /usr/local/lib/perl5/5.8.9) at /usr/local/etc/mail/spamassassin/DecodeShortURLs.pm line 84. diff -bBru DecodeShortURLs.pm /tmp --- DecodeShortURLs.pm2010-09-22 08:41:55.0 -0400 +++ /tmp/DecodeShortURLs.pm2010-09-20 11:13:21.0 -0400 @@ -81,7 +81,7 @@ use constant HAS_LWP_USERAGENT = eval { require LWP::UserAgent; }; use constant HAS_FCNTL = eval { require Fcntl; }; -use constant HAS_SQLITE = eval { require DBD::SQLite; } if url_shortener_cache; +use constant HAS_SQLITE = eval { require DBD::SQLite; }; sub dbg { my $msg = shift; Thanks for the tip; I did know about using different delimiters - but using / is force of habit ;-) I'll try and remember to use something different for uri rules. Cheers, Steve. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: INVALID_MSGID hitting valid emails
On 22.09.10 13:05, Randal, Phil wrote: Since a rule update on or around September 21st, we've been getting lots of hits of INVALID_MSGID. Investigation reveals nothing wrong with the Message-ID in the vast majority of cases. Can anyone shed any light on this? no, unless you provide some examples. hint: if you use milter, it's possible that MTA has fixed the Message-Id: after it found out that the Id is wrong... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Two words: Windows survives. - Craig Mundie, Microsoft senior strategist So does syphillis. Good thing we have penicillin. - Matthew Alton
Re: INVALID_MSGID hitting valid emails
On 9/22/10 8:05 AM, Randal, Phil wrote: Since a rule update on or around September 21^st , we’ve been getting lots of hits of INVALID_MSGID. Investigation reveals nothing wrong with the Message-ID in the vast majority of cases. Can anyone shed any light on this? Sure. Give me the root password and ip address of your server so I can look at the logs. Seriously, not without samples of headers that you claim are valid. better yet, open a bug on bugzilla and document the errors. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
RE: INVALID_MSGID hitting valid emails
OK, sorry for the noise. It was apparently collateral damage from a typo in one of my own rules. Note to self. Test rules using spamassassin -t against an email, and not spamassassin --lint. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. -Original Message- From: Michael Scheidell [mailto:michael.scheid...@secnap.com] Sent: 22 September 2010 13:55 To: users@spamassassin.apache.org Subject: Re: INVALID_MSGID hitting valid emails On 9/22/10 8:05 AM, Randal, Phil wrote: Since a rule update on or around September 21^st , we've been getting lots of hits of INVALID_MSGID. Investigation reveals nothing wrong with the Message-ID in the vast majority of cases. Can anyone shed any light on this? Sure. Give me the root password and ip address of your server so I can look at the logs. Seriously, not without samples of headers that you claim are valid. better yet, open a bug on bugzilla and document the errors. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __ Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
Re: New plugin: DecodeShortURLs
On 22/09/10 13:44, Michael Scheidell wrote: one more: if # url_shortener_cache /tmp/DecodeShortURLs.sq3 you should not try to load SQLLite.pm. ent host [79.98.90.156] blocked using zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=79.98.90.156; from=madeirau...@rossatogroup.com to=herr...@mcclancy.com proto=ESMTP helo=MEDMAVVR Sep 22 08:38:40 sns amavis[77402]: (!)_DIE: Can't locate DBD/SQLite.pm in @INC (@INC contains: lib /usr/local/lib/perl5/5.8.9/BSDPAN /usr/local/lib/perl5/site_perl/5.8.9/mach /usr/local/lib/perl5/site_perl/5.8.9 /usr/local/lib/perl5/5.8.9/mach /usr/local/lib/perl5/5.8.9) at /usr/local/etc/mail/spamassassin/DecodeShortURLs.pm line 84. There are lots of plug-ins that use exactly the same code to test if modules are installed or not as that's why I did it that way. diff -bBru DecodeShortURLs.pm /tmp --- DecodeShortURLs.pm 2010-09-22 08:41:55.0 -0400 +++ /tmp/DecodeShortURLs.pm 2010-09-20 11:13:21.0 -0400 @@ -81,7 +81,7 @@ use constant HAS_LWP_USERAGENT = eval { require LWP::UserAgent; }; use constant HAS_FCNTL = eval { require Fcntl; }; -use constant HAS_SQLITE = eval { require DBD::SQLite; } if url_shortener_cache; +use constant HAS_SQLITE = eval { require DBD::SQLite; }; That's of no use at all (you got the diff arguments backwards BTW) as you can't know if the option is enabled in the .cf file yet as it hasn't been read yet... That's why it's testing the return of the require in the eval{} block to set the constant for later testing. I suggest you check your amavis debug/log settings as it looks like amavis is setting something like $SIG{__DIE__} and reporting it to your logs in the signal handler. That's fine for debugging - but you're going to get other noise from things like eval{} blocks such as this and is not a bug. Regards, Steve.
Re: INVALID_MSGID hitting valid emails
On ons 22 sep 2010 14:05:56 CEST, Randal, Phil wrote Since a rule update on or around September 21st, we've been getting lots of hits of INVALID_MSGID. Investigation reveals nothing wrong with the Message-ID in the vast majority of cases. show a sample, no one here have crystall balls Can anyone shed any light on this? can you reduce your sig ? -- xpoint
Re: INVALID_MSGID hitting valid emails
On ons 22 sep 2010 17:07:46 CEST, John Hardin wrote can you reduce your sig ? Probably not if he's posting from a commercial or government account. road to hell is filled with bad excuseses :) -- xpoint http://www.unicom.com/pw/reply-to-harmful.html