Re: Smtp auth and trusted_networks
On 10.07.14 18:36, Nick I wrote: In the following example our mx received message with ESMTPSA from 1.1.1.1 and that ip detected as trusted. Our trusted_networks list do not have this ip configured. I need to run rbl check against 1.1.1.1. Is there any settings to not add authenticated host to trusted hosts ? isn't the whole point of authenticaTION to avoid scanning the authenticated IP in blacklists? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: Smtp auth and trusted_networks
On 7/10/2014 5:55 PM, Giampaolo Tomassoni wrote: Il 2014-07-10 17:36 Nick I ha scritto: Hi In the following example our mx received message with ESMTPSA from 1.1.1.1 and that ip detected as trusted. Our trusted_networks list do not have this ip configured. I need to run rbl check against 1.1.1.1. Is there any settings to not add authenticated host to trusted hosts ? We use SpamAssassin version 3.3.1. You case is exactly what the patch in bug#6430 (https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6430) attempts to cover. Unfortunately, that patch never went into any SA version, so you have to apply it by yourself if you really need to let your MX act as an MSA in case of authenticated submissions. If you use amavis, there is another option: move mail submission to another instance of your smtp daemon and configure it to submit received (and authenticated) message to an amavis channel you prepared for outgoing mail. Regards, Giampaolo If you use that patch and it works, please weigh in on the bugzilla or at least on the list. The patch was considered pretty esoteric and didn't justify yet another option in the code. But if people need it and use it, we will of course reconsider.
Re: Smtp auth and trusted_networks
I implemented your patch, but unfortunatelly it did not work for me. Authenticated sender IP address was recognised as trusted. I still need to have 'smtpd_sasl_authenticated_header = yes' in my postfix so i commented out these 3 lines. And it does work for my installation. --- /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm.orig 2010-03-16 14:49:21.0 + +++ /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Message/Metadata/Received.pm 2014-07-11 17:20:21.497687731 + @@ -389,9 +389,9 @@ # with ASMTP (Authenticated SMTP) is used by Earthlink, Exim 4.34, and others # with HTTP should only be authenticated webmail sessions # with HTTPU is used by Communigate Pro with Pronto! webmail interface - if (/ by / / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTPU?)(?: |$)/i) { -$auth = $1; - } +#if (/ by / / with (ESMTPA|ESMTPSA|LMTPA|LMTPSA|ASMTP|HTTPU?)(?: |$)/i) { +# $auth = $1; +#} # Courier v0.47 and possibly others elsif (/^from .*?(?:\]\)|\)\]) \(AUTH: (LOGIN|PLAIN|DIGEST-MD5|CRAM-MD5) \S+(?:, .*?)?\) by /) { $auth = $1; Thanks All for the help. 2014-07-11 17:26 GMT+03:00 Kevin A. McGrail kmcgr...@pccc.com: On 7/10/2014 5:55 PM, Giampaolo Tomassoni wrote: Il 2014-07-10 17:36 Nick I ha scritto: Hi In the following example our mx received message with ESMTPSA from 1.1.1.1 and that ip detected as trusted. Our trusted_networks list do not have this ip configured. I need to run rbl check against 1.1.1.1. Is there any settings to not add authenticated host to trusted hosts ? We use SpamAssassin version 3.3.1. You case is exactly what the patch in bug#6430 ( https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6430) attempts to cover. Unfortunately, that patch never went into any SA version, so you have to apply it by yourself if you really need to let your MX act as an MSA in case of authenticated submissions. If you use amavis, there is another option: move mail submission to another instance of your smtp daemon and configure it to submit received (and authenticated) message to an amavis channel you prepared for outgoing mail. Regards, Giampaolo If you use that patch and it works, please weigh in on the bugzilla or at least on the list. The patch was considered pretty esoteric and didn't justify yet another option in the code. But if people need it and use it, we will of course reconsider.
Submitting to RBL
Greetings, I've been looking for ways to submit spams to some RBL, but URIBL seems to not be accepting any submissions at this time. Are there any others that anyone could recommend that I could submit to? Some of the spam that's getting through the filters is just the same thing over and over again, and has a very low spam score, but it's still spam. Although I'm training SA via sa-learn, it's still getting through. Any insights appreciated. Thanks! -- --Asai
production MTA not doing URIBL lookups, why?
For some reason, my production MTA is not doing URIBL lookups for spam scoring, for no obvious reason. If I run a message through via the command line, I see the same behavior. If I run it through a test server, I see URIBL scores hit like mad. I do not appear to be blocked on my production MTA: [zimbra@edge01 ~]$ host -tTXT 2.0.0.127.multi.uribl.com 2.0.0.127.multi.uribl.com descriptive text permanent testpoint Message scoring for an obvious spam on prod gets: No, score=-0.8 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.0 On my test server, I get: Yes, score=8.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL, RP_MATCHES_RCVD,SPF_HELO_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY,URIBL_BLACK, URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0 Obviously, I'd like my production server to be catching spam. ;) --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: production MTA not doing URIBL lookups, why?
What does a debug output show ? On both .. Pastebin -- Jeremy McSpadden Flux Labs | http://www.fluxlabs.nethttp://www.fluxlabs.net/ | Endless Solutions Office : 850-250-5590x501tel:850-250-5590;501 | Cell : 850-890-2543tel:850-890-2543 | Fax : 850-254-2955tel:850-254-2955 On Jul 11, 2014, at 4:34 PM, Quanah Gibson-Mount qua...@zimbra.commailto:qua...@zimbra.com wrote: For some reason, my production MTA is not doing URIBL lookups for spam scoring, for no obvious reason. If I run a message through via the command line, I see the same behavior. If I run it through a test server, I see URIBL scores hit like mad. I do not appear to be blocked on my production MTA: [zimbra@edge01 ~]$ host -tTXT 2.0.0.127.multi.uribl.comhttp://multi.uribl.com 2.0.0.127.multi.uribl.comhttp://multi.uribl.com descriptive text permanent testpoint Message scoring for an obvious spam on prod gets: No, score=-0.8 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.0 On my test server, I get: Yes, score=8.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL, RP_MATCHES_RCVD,SPF_HELO_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY,URIBL_BLACK, URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0 Obviously, I'd like my production server to be catching spam. ;) --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: production MTA not doing URIBL lookups, why?
On Fri, 11 Jul 2014, Quanah Gibson-Mount wrote: Message scoring for an obvious spam on prod gets: No, score=-0.8 required=5.0 tests=HTML_FONT_LOW_CONTRAST, HTML_IMAGE_RATIO_06,HTML_MESSAGE,RP_MATCHES_RCVD,T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.0 On my test server, I get: Yes, score=8.2 required=5.0 tests=DKIM_SIGNED, HTML_FONT_LOW_CONTRAST,HTML_IMAGE_RATIO_06,HTML_MESSAGE, RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL, RP_MATCHES_RCVD,SPF_HELO_PASS,T_DKIM_INVALID,UNPARSEABLE_RELAY,URIBL_BLACK, URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A autolearn=no autolearn_force=no version=3.4.0 Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The third basic rule of firearms safety: Keep your booger hook off the bang switch! --- 5 days until the 69th anniversary of the dawn of the Atomic Age
Re: production MTA not doing URIBL lookups, why?
--On Friday, July 11, 2014 4:44 PM -0700 John Hardin jhar...@impsec.org wrote: Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? Nope. Found the issue however. On my prod servers, I had the following set: dns_available test: 10.110.0.108 10.110.0.109 10.210.0.166 which are the IP addresses for my DNS servers. Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, and then turns off the DNS checks. I've now changed it to: dns_available yes and things work as desired. So be very wary of telling SA to test DNS, because there's definitely something utterly broken there. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration
Re: production MTA not doing URIBL lookups, why?
On Fri, 11 Jul 2014 16:00:57 -0700 Quanah Gibson-Mount wrote: --On Friday, July 11, 2014 4:44 PM -0700 John Hardin jhar...@impsec.org wrote: Prod also misses DKIM_SIGNED and SPF_HELO_PASS. Network tests disabled, maybe? Nope. Found the issue however. On my prod servers, I had the following set: dns_available test: 10.110.0.108 10.110.0.109 10.210.0.166 which are the IP addresses for my DNS servers. Those are supposed to domains to look-up as a test, not the IP addresses of DNS servers. Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, It's clearly documented on the man page.
Re: production MTA not doing URIBL lookups, why?
--On Saturday, July 12, 2014 1:18 AM +0100 RW rwmailli...@googlemail.com wrote: Unfortunately, with this line, SA always decides I don't have DNS for reasons that are beyond me, It's clearly documented on the man page. Ah, yeah, I see that. I misread the first bit: By default, SpamAssassin will query some default hosts on the internet to attempt to check if DNS is working or not. as meaning that if I put in the test line, it'd change to querying the DNS servers I specified. :P --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration