Re: Which milter do you prefer?

[shanew]

I just wanted to report that, despite what the spamass-milter mailing
list has to say, you can in fact hand spamass-milter an inet socket in
the config and it will happily listen on the network.  That'll teach
me to not just try stuff.

Also, thanks to everyone who had suggestions on specific milters as
well as glue for multiple filters.  I knew about many, but not all
of them, so it's given me lots to investigate (and in some cases
rediscover).

On Fri, 13 Mar 2015, David B Funk wrote:


On Fri, 13 Mar 2015, Shane Williams wrote:


 I've been reviewing the current landscape of anti-spam tools since I
 haven't set up a new system in a while, and one place I'm wondering
 what people are using is milters for spamassassin/spamc.

 It seems like spamass-milter is the default go-to for most people, but
 I'd really like one that can listen on an INET socket (and
 spamass-milter doesn't as far as I can tell, but please correct me if
 I'm wrong).  Milter-spamc from SnertSoft looks promising, but it's not
 free, and a bit more complicated.  smtp-vilter also looks interesting,
 but it does more than just SpamAssassin stuff, so might be overkill.

 And I suspect there are a bunch more out there (though a lot of these
 projects seem to have stalled or died over time).

 What are your favorite (not spamass-milter) options for plugging
 spamassassin into a milter?


Looking at the source for spamass-milter it looks like they're taking
the -p socket argument and passing it directly to smfi_setconn so
you should be able to give an INET socket address if you use the
correct syntax (see docs for smfi_setconn).

13 years ago I was doing a hunt similar to yours and came across
miltrassassin from digitalanswers.org. It was not quite what I
was looking for but closer than any of the others I found, so I took
it and started developing.







--
Public key #7BBC68D9 at| Shane Williams
http://pgp.mit.edu/|  System Admin - UT CompSci
=--+---
All syllogisms contain three lines |  sha...@shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew

DATE_IN_(PAST|FUTURE) false positives

[Shane Williams]

I've been running emails through a 3.4.0 installation and an older
version simultaneously in order to compare and tweak as necessary and
I've noticed quite a few instances where DATE_IN_FUTURE or
DATE_IN_PAST tests are hit when no such discrepancy seems to exist.

I've been meaning to dig deeper, and then today I got a totally legit
email from someone where all the hops are internal to our network and
I trust that times on all the machines are all within a minute or less
of each other.  All the timestamps I can see are within 10 seconds of
each other, so perhaps it's a timestamp formatting issue that's
triggering these, but I'm at a loss.  Adding to the mystery is the
fact that other emails from the same user (using the same
mailer/computer) don't fire the DATE_IN_FUTURE tag.

Am I missing something or is this a real false positive?

http://pastebin.com/GsmzaUSs

P.S. I have other example of both FUTURE and PAST that look like false
positives to me, but this particular example has the most
straightforward Received chain, and I know it's totally legit.

--
Public key #7BBC68D9 at| Shane Williams
http://pgp.mit.edu/|  System Admin - UT CompSci
=--+---
All syllogisms contain three lines |  sha...@shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew

DBL and SBL checks on from address domain

[Ramprasad Padmanabhan]

How can I check if the domain used in from address is listed in spamhaus
DBL or the IP it resolves to is listed in SBL

I find all the   URIBL_DBL_SPAM  rules etc work only for urls in the body
not headers


Thanks
Ram