Re: SA 3.4.1 - error messages in log?
On Sun, 3 May 2015, Mark Martinec wrote: On May 2, 2015 7:08:10 PM Mark Martinec wrote: > May 2 06:45:29 sunshine spamd[22293]: Use of uninitialized value > $hasStructureInfo in numeric eq (==) at (eval 46) line 5520. This one seems to come from a module Geo::IP, called form a SpamAssassin plugin URILocalBL. [...] Try disabling loading of a plugin URILocalBL as a start (in config file v341.pre). On 2015-05-03 2:26, Art Greenberg wrote: The line for URILocalBL is commented out - I had not enabled it. There is also the RelayCountry plugin that is using the Geo::IP module. Yes, thanks. I found that. I also found more than one version of Geo::IP on the computer. I resolved the issue by removing all versions of Geo::IP and the C API library and reinstalling them. I resolved the issue with the timeout in copy_config by increasing the timeout value in spamd, line 1432, to 180 seconds. And I pointed out that I'd previously increased the timeout value in line 2977 to 600 seconds. I'm not entirely comfortable increasing these hard-coded timeout values. But now I'm not seeing any other error messages with debug enabled. It just seems to be taking spamd a long time (~9 minutes) to start and copy_config takes almost 3 minutes. Is it possible that my AWL and/or Bayes databases are too large? I've configured per-user AWL and Bayes. What else should I look at? -- Art Greenberg a...@artg.tv
Re: SA 3.4.1 - error messages in log?
> On May 2, 2015 7:08:10 PM Mark Martinec wrote: >> > May 2 06:45:29 sunshine spamd[22293]: Use of uninitialized value >> > $hasStructureInfo in numeric eq (==) at (eval 46) line 5520. >> >> This one seems to come from a module Geo::IP, called form a >> SpamAssassin plugin URILocalBL. >> [...] Try disabling loading of a plugin URILocalBL as a start >> (in config file v341.pre). On 2015-05-03 2:26, Art Greenberg wrote: The line for URILocalBL is commented out - I had not enabled it. There is also the RelayCountry plugin that is using the Geo::IP module. Mark
Re: dkim invalid and 3.4.1
1.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid The score for this rule should be a zero or a near-zero. There must be some problem with assigning a score to such test rule (the 1.0 is a default value if a score line is missing). T_DKIM_INVALID is a test rule, as such its score should be 0.01 by default. Make sure the sa-update has provided an up-to-date version of rules. Mark
Re: The query to URIBL was blocked
On Sun, 2015-05-03 at 23:02 +0200, Adam Major wrote: > Hello > > > Seeing this in most of the markups > > > > 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > > blocked. > >See > > http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > > > [...] > > The output doesn't show any blocked DNS servers. If that's the case then > > why am I still seeing the output in my markup? > > > > 1. Maybe something is cached ??? > >or > > 2. Do you set your bind address into /etc/resolv.conf ? > >or > > 3. Into your SpamAssasin config is defined option >dns_server aaa.bbb.ccc.ddd:53 > > > If yes, then all DNS queries made by SA are sending to dns_server not > to server defined in resolv.conf. > > BTW if you don't want send all queries by your local resolver, and > want use it only for SA then try dns_server x:53 option. > > > Best Regards. > Thanks for your reply Adam, I had my nameserver settings incorrect. I was trying to use 192.168.0.1 instead of 127.0.0.1. It seems to be working great now, no errors in my SA markup however I do periodically see this: localhost named[1095]: error (connection refused) resolving '207.135.201.205.dnsbl.sorbs.net/A/IN': 67.228.187.34#53 localhost named[1095]: error (connection refused) resolving '207.135.201.205.dnsbl.sorbs.net/A/IN': 174.36.235.174#53 named[1095]: error (unexpected RCODE REFUSED) resolving '04cd73764962420c6a2bcc97d4173549.ctyme.ixhash.net/A/IN': 62.75.209.50#53 localhost named[1095]: error (unexpected RCODE REFUSED) resolving '4773636f399abc6d5d8e12c62b51cfdc.ctyme.ixhash.net/A/IN': 62.75.209.50#53 localhost named[1095]: error (unexpected RCODE REFUSED) resolving '21b91b0d3f96be0ff0e80e0e9b364813.ctyme.ixhash.net/A/IN': 62.75.209.50#53 Chris -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft) 16:15:58 up 18:58, 1 user, load average: 0.13, 0.18, 0.17 Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar 31 02:07:04 UTC 2015
Re: The query to URIBL was blocked
Hello > Seeing this in most of the markups > > 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was > blocked. >See > http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block > [...] > The output doesn't show any blocked DNS servers. If that's the case then > why am I still seeing the output in my markup? > 1. Maybe something is cached ??? or 2. Do you set your bind address into /etc/resolv.conf ? or 3. Into your SpamAssasin config is defined option dns_server aaa.bbb.ccc.ddd:53 If yes, then all DNS queries made by SA are sending to dns_server not to server defined in resolv.conf. BTW if you don't want send all queries by your local resolver, and want use it only for SA then try dns_server x:53 option. Best Regards.
Re: dkim invalid and 3.4.1
On 2015-05-03 5:34, Nick Edwards wrote: Is there any reason reason="invalid (public key: not available)" is declared as "error" to fail t_dkim_invalid 1.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid This is published a neutral so should not be considered invalid This only occurs since upgrade 3.4.0 - 3.4.1, no changed made by the sender - its a govt dept, who doesnt change things at all let alone in middle of weekend. Be a shame to have to score that 0 simply because the code over reacts. The score for this rule should be a zero or a near-zero. There must be some problem with assigning a score to such test rule (the 1.0 is a default value if a score line is missing). An invalid or unverifiable DKIM signature is supposed to be treated equivalent to a missing signature. Mark
Re: dkim invalid and 3.4.1
Am 03.05.2015 um 13:43 schrieb Nick Edwards: On 5/3/15, Reindl Harald wrote: Am 03.05.2015 um 05:34 schrieb Nick Edwards: Is there any reason reason="invalid (public key: not available)" is declared as "error" to fail t_dkim_invalid yes, it hits way too often for legit, signed mail and so produces false positives I assume you are agreeing with me, since you are not answering me because you are in no way related to the spam assassin project so wouldn't know the answer i do not need to be related to the project to remember discussions about that rule on this list a few months ago and if you would read your list messages you would remmber too signature.asc Description: OpenPGP digital signature
Re: dkim invalid and 3.4.1
On 5/3/15, Reindl Harald wrote: > > > Am 03.05.2015 um 05:34 schrieb Nick Edwards: >> Is there any reason >> >> reason="invalid (public key: not available)" is declared as "error" >> to fail t_dkim_invalid > > yes, it hits way too often for legit, signed mail and so produces false > positives > > I assume you are agreeing with me, since you are not answering me because you are in no way related to the spam assassin project so wouldn't know the answer. anyway, I have zero'd this score to make this rule irrelevant
Re: ANNOUNCE: Apache SpamAssassin 3.4.1 available (bug)
Did you run sa-update or install rules manually? 99% sure that is the issue. Regards, KAM On May 1, 2015 2:34:57 PM EDT, Forrest wrote: >Upgrading from a simple 3.4.0 installation, 3.4.1 refuses to start, >with >this error: > >Starting spamd: child process [3723] exited or timed out without >signaling production of a PID file: exit 255 at >/usr/local/perl/bin/spamd line 2986. >[FAILED] > >I've seen this before, but I did check for any leftover PID files (none > >exist). I also rebooted our system, to no avail.Going to attempt >downgrading to see if that fixes the bug. > > > >_F
interesting spammer trick (bayes)
Hi recently i observed by playing around with bayes-training that some junk (maybe unintentional) is using the mimetype 'application/octet-stream' instead 'text/html' containing the payload of a form with javascript prevets the attachment from tokenizing the new feature in 3.4.1 will take care of that while i am not sure how much impact in classifying a trained attachment at the end has SHA1 digests of all MIME parts (including non-textual) can now be contributed to Bayes tokens, which allows the bayes classifier to assess also the non-textual content. The set of sources of bayes tokens is configurable with a new configuration option 'bayes_token_sources' as documented in the Mail::SpamAssassin::Conf man page. (Bug 7115) It is disabled by default for backward compatibility. i am not sure here in context of "backward compatibility" correct me but IMHO "bayes_token_sources all" should not have a side effect when you train a bayes on SA 3.4.1 and share it with a setup using 3.4.0 - the 3.4.0 setup just should not benefit from the new mimeparts-tokens in the database but still from all others? https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html bayes_token_sources (default: header visible invisible uri) Controls which sources in a mail message can contribute tokens (e.g. words, phrases, etc.) to a Bayes classifier. The argument is a space-separated list of keywords: header, visible, invisible, uri, mimepart), each of which may be prefixed by a no to indicate its exclusion. Additionally two reserved keywords are allowed: all and none (or: noall). The list of keywords is processed sequentially: a keyword all adds all available keywords to a set being built, a none or noall clears the set, other non-negated keywords are added to the set, and negated keywords are removed from the set. Keywords are case-insensitive. The default set is: header visible invisible uri, which is equivalent for example to: All NoMIMEpart. The reason why mimepart is not currently in a default set is that it is a newer source (introduced with SpamAssassin version 3.4.1) and not much experience has yet been gathered regarding its usefulness. See also option bayes_ignore_header for a fine-grained control on individual header fields under the umbrella of a more general keyword header here. Keywords imply the following data sources: header - tokens collected from a message header section visible - words from visible text (plain or HTML) in a message body invisible - hidden/invisible text in HTML parts of a message body uri - URIs collected from a message body mimepart - digests (hashes) of all MIME parts (textual or non-textual) of a message, computed after Base64 and quoted-printable decoding, suffixed by their Content-Type all - adds all the above keywords to the set being assembled none or noall - removes all keywords from the set signature.asc Description: OpenPGP digital signature
The query to URIBL was blocked
Seeing this in most of the markups 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block I installed Bind9 as a caching name server and AFAICT it's running correctly. If I go to the URIBL.com site it has a test to see which DNS server is being blocked. I ran the test and the result is: chris@localhost:~$ host -tTXT 2.0.0.127.multi.uribl.com 2.0.0.127.multi.uribl.com descriptive text "permanent testpoint" The output doesn't show any blocked DNS servers. If that's the case then why am I still seeing the output in my markup? Chris Note, I sent this is the 3rd time I've sent this and it hasn't made it to the list. I guess possibly the URI listed caused it to be trashed. -- Chris KeyID 0xE372A7DA98E6705C 31.11°N 97.89°W (Elev. 1092 ft) 19:53:44 up 4 days, 3:48, 3 users, load average: 0.23, 0.26, 0.22 Ubuntu 14.04.2 LTS, kernel 4.0.0-997-generic #201503310205 SMP Tue Mar 31 02:07:04 UTC 2015
Re: dkim invalid and 3.4.1
Am 03.05.2015 um 05:34 schrieb Nick Edwards: Is there any reason reason="invalid (public key: not available)" is declared as "error" to fail t_dkim_invalid yes, it hits way too often for legit, signed mail and so produces false positives signature.asc Description: OpenPGP digital signature