Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Giovanni Bechis 
With this one it fails:
-
SpamAssassin version 3.3.1
  running on Perl version 5.10.1
-

I think it should be only for 3.4.x sa version.
 Giovanni

On 11/23/17 01:53, Kevin A. McGrail wrote:
> I talked to Steve, the author, and A) he approved it going to SVN and has an 
> ICLA and B) he says "As for the error experienced by the user below - it's 
> probably due to $self->{main}->{registryboundaries}->{valid_tlds_re} not 
> being available in their version of SA (because they aren't on a recent 
> version)."
> 
> Regards,
> KAM
> 
> On 11/22/2017 3:34 PM, Kevin Miller wrote:
>> Debian Jessie, Perl version 5.020002 (5.20.2)
>>
>> Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
>> What distro/version do you have?
>>
>> FWIW, to install it I downloaded the plugin from 
>> http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files 
>> in it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>>
>> It may be a version issue however, because on Debian Stretch I just did 
>> that, and I don't get the error.  No idea which perl module is behind the 
>> times however.  Updating all my mail servers to Stretch is problematic; when 
>> I did it on my test host a number of things went pear shaped, and I haven't 
>> had time to work through them so that my live boxes aren't clobbered during 
>> an upgrade.
>>
>> ...Kevin
>> -- 
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
>>
>>
>> -Original Message-
>> From: Alex [mailto:mysqlstud...@gmail.com]
>> Sent: Wednesday, November 22, 2017 11:11 AM
>> To: Kevin Miller; SA Mailing list
>> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>>
>> Hi,
>>
>> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller  
>> wrote:
>>> I have not solved that error.  I’m not  a perl programmer so I emailed the 
>>> folks at msbl.org and they haven't been able to get hold of the author of 
>>> the perl module (Steve Freegard I believe).  I think I have all required 
>>> perl modules installed but names vary between distributions so sometimes 
>>> that a toss of the dice.  I don't know if it's just a Debian thing or is 
>>> more widespread...
>> I've been using hashbl for a few months now and haven't had any problems. 
>> It's caught quite a few, although none of them have caused an email to be 
>> triggered as spam (they would have all been spam anyway).
>>
>> What environment are you using? It was written in 2016, so at the least, 
>> make sure your perl and perl modules are at least that current.
> 
>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin A. McGrail 
I talked to Steve, the author, and A) he approved it going to SVN and 
has an ICLA and B) he says "As for the error experienced by the user 
below - it's probably due to 
$self->{main}->{registryboundaries}->{valid_tlds_re} not being available 
in their version of SA (because they aren't on a recent version)."


Regards,
KAM

On 11/22/2017 3:34 PM, Kevin Miller wrote:

Debian Jessie, Perl version 5.020002 (5.20.2)

Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
What distro/version do you have?

FWIW, to install it I downloaded the plugin from 
http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files in 
it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.

It may be a version issue however, because on Debian Stretch I just did that, 
and I don't get the error.  No idea which perl module is behind the times 
however.  Updating all my mail servers to Stretch is problematic; when I did it 
on my test host a number of things went pear shaped, and I haven't had time to 
work through them so that my live boxes aren't clobbered during an upgrade.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: Alex [mailto:mysqlstud...@gmail.com]
Sent: Wednesday, November 22, 2017 11:11 AM
To: Kevin Miller; SA Mailing list
Subject: Re: MSBL Email Blocklist (EBL) SA usage query

Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller  wrote:

I have not solved that error.  I’m not  a perl programmer so I emailed the 
folks at msbl.org and they haven't been able to get hold of the author of the 
perl module (Steve Freegard I believe).  I think I have all required perl 
modules installed but names vary between distributions so sometimes that a toss 
of the dice.  I don't know if it's just a Debian thing or is more widespread...

I've been using hashbl for a few months now and haven't had any problems. It's 
caught quite a few, although none of them have caused an email to be triggered 
as spam (they would have all been spam anyway).

What environment are you using? It was written in 2016, so at the least, make 
sure your perl and perl modules are at least that current.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Markus Clardy 
On Ubuntu 16.04, I have no issues with the plugin, it works fine for me.

On Wed, Nov 22, 2017 at 8:34 PM, Kevin Miller 
wrote:

> Debian Jessie, Perl version 5.020002 (5.20.2)
>
> Not bleeding edge, but not from the Dark Ages either.  How about
> yourself?  What distro/version do you have?
>
> FWIW, to install it I downloaded the plugin from http://msbl.org/tools/sa-
> hashbl.tar.gz, extracted it and saved the two files in it to
> /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>
> It may be a version issue however, because on Debian Stretch I just did
> that, and I don't get the error.  No idea which perl module is behind the
> times however.  Updating all my mail servers to Stretch is problematic;
> when I did it on my test host a number of things went pear shaped, and I
> haven't had time to work through them so that my live boxes aren't
> clobbered during an upgrade.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No:
> 307357
>
>
> -Original Message-
> From: Alex [mailto:mysqlstud...@gmail.com]
> Sent: Wednesday, November 22, 2017 11:11 AM
> To: Kevin Miller; SA Mailing list
> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>
> Hi,
>
> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller 
> wrote:
> > I have not solved that error.  I’m not  a perl programmer so I emailed
> the folks at msbl.org and they haven't been able to get hold of the
> author of the perl module (Steve Freegard I believe).  I think I have all
> required perl modules installed but names vary between distributions so
> sometimes that a toss of the dice.  I don't know if it's just a Debian
> thing or is more widespread...
>
> I've been using hashbl for a few months now and haven't had any problems.
> It's caught quite a few, although none of them have caused an email to be
> triggered as spam (they would have all been spam anyway).
>
> What environment are you using? It was written in 2016, so at the least,
> make sure your perl and perl modules are at least that current.
>



-- 
 - Markus

Re: Scoring Philosophy?

2017-11-22 Thread Bill Cole 

On 22 Nov 2017, at 7:36 (-0500), Martin Gregorie wrote:


On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote:

A related and increasingly common (dunno why) source of never
hitting DNSBL rules is a form of firewall/router NAT sometimes 
called

"Secure NAT" where inbound connections have their source IP's
replaced with the IP of the device handling the NAT.


Thanks for the heads-up on this 'Secure NAT' facility: this the first
I've heard of it, but I don't buy ADSL routers very often.


I don't think i've ever seen it in ADSL or DOCSIS routers except for 
"hairpin" connections where an inside device tries to connect to an 
outside address. Which is probably a bug...


I have seen it behind Cisco PIX/ASA devices, F5 BIG-IP load balancers, 
and some software-defined networking subsystems in "cloud" environments.



I have a slightly OTT question about it: in your experience has this
'Secure NAT' facility been selectable as part of the device's
configuration or is it always on?


I've always run into it from the standpoint of a network tenant or 
advisor to a network tenant not a network admin, i.e. managing servers 
on a RFC1918 network whose border gateways I don't directly control or 
helping someone in that situation. For example, I worked some years ago 
in a corporate environment where F5 had recently landed a big deal and 
everything suddenly needed to be behind a pair of BIG-IP load balancers, 
even the outside mail cluster. I didn't like it beforehand, but when it 
was done and the guy who'd taken the F5 kickback^W^W^W^W approved the F5 
contract suddenly started to get a flood of spam, I discovered that 
"Secure NAT" was apparently the default. In that case I got my MTAs 
released from captivity, since DNS does good-enough load balancing for 
mail. More recently, I had a *considerate* net admin ask me if I wanted 
his ASA to do "smtp fixup" (NO) and/or "secure NAT" (NO) for a mail 
cluster, so I guess it's at least optional for the ASA (and probably 
whatever old PIXs are still out there.) For cloud/SDN environments I 
don't know which providers default which way, but generally speaking if 
you point a MX to a cloud provider, you should shell out for a real IP 
that isn't fiddled with, not a NAT address.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin Miller 
Debian Jessie, Perl version 5.020002 (5.20.2)

Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
What distro/version do you have?

FWIW, to install it I downloaded the plugin from 
http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files in 
it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.

It may be a version issue however, because on Debian Stretch I just did that, 
and I don't get the error.  No idea which perl module is behind the times 
however.  Updating all my mail servers to Stretch is problematic; when I did it 
on my test host a number of things went pear shaped, and I haven't had time to 
work through them so that my live boxes aren't clobbered during an upgrade.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: Alex [mailto:mysqlstud...@gmail.com] 
Sent: Wednesday, November 22, 2017 11:11 AM
To: Kevin Miller; SA Mailing list
Subject: Re: MSBL Email Blocklist (EBL) SA usage query

Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller  wrote:
> I have not solved that error.  I’m not  a perl programmer so I emailed the 
> folks at msbl.org and they haven't been able to get hold of the author of the 
> perl module (Steve Freegard I believe).  I think I have all required perl 
> modules installed but names vary between distributions so sometimes that a 
> toss of the dice.  I don't know if it's just a Debian thing or is more 
> widespread...

I've been using hashbl for a few months now and haven't had any problems. It's 
caught quite a few, although none of them have caused an email to be triggered 
as spam (they would have all been spam anyway).

What environment are you using? It was written in 2016, so at the least, make 
sure your perl and perl modules are at least that current.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Alex 
Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller  wrote:
> I have not solved that error.  I’m not  a perl programmer so I emailed the 
> folks at msbl.org and they haven't been able to get hold of the author of the 
> perl module (Steve Freegard I believe).  I think I have all required perl 
> modules installed but names vary between distributions so sometimes that a 
> toss of the dice.  I don't know if it's just a Debian thing or is more 
> widespread...

I've been using hashbl for a few months now and haven't had any
problems. It's caught quite a few, although none of them have caused
an email to be triggered as spam (they would have all been spam
anyway).

What environment are you using? It was written in 2016, so at the
least, make sure your perl and perl modules are at least that current.

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin Miller 
I have not solved that error.  I’m not  a perl programmer so I emailed the 
folks at msbl.org and they haven't been able to get hold of the author of the 
perl module (Steve Freegard I believe).  I think I have all required perl 
modules installed but names vary between distributions so sometimes that a toss 
of the dice.  I don't know if it's just a Debian thing or is more widespread...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Peter [mailto:em...@ace.net.au] 
Sent: Tuesday, November 21, 2017 10:32 PM
To: Kevin Miller; users@spamassassin.apache.org
Subject: RE: MSBL Email Blocklist (EBL) SA usage query

Hi Kevin,
 
I am just trying this and getting the same error.  Did you work out how to fix 
this?
 
Cheers,
 
Peter

*** REPLY SEPARATOR ***

On 25/10/2017 at 6:41 PM Kevin Miller wrote:
Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m not sure 
if it’s working or not.  Running spamassasin –lint returns a warning:
  root@mx2:/etc/spamassassin# spamassassin --lint
  Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp 
compilation at /etc/spamassassin/HashBL.pm line 52.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Michael Grant [mailto:michael.gr...@gmail.com] 
Sent: Sunday, October 15, 2017 2:02 AM
To: SpamAssassin Users
Subject: MSBL Email Blocklist (EBL) SA usage query

Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with 
Spamassassin from msbl.org and possibly considered packaging this module 
(available from this page: http://msbl.org/ebl-implementation.html) with 
SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has internal 
support for the EBL. So I believe the MSBL folks are for this sort of thing in 
general.

This plugin looks through the message (not just headers) for email addresses 
which have been identified as email drop boxes for scams like 419 advance fee 
fraud.  It then looks hashes of these addresses up in a blocklist. 

I'm not affiliated with these folks.  I do however use this module in my setup 
though and find it catches a bunch of things we wouldn't have otherwise caught.

Michael Grant

Re: Scoring Philosophy?

2017-11-22 Thread RW 
On Wed, 22 Nov 2017 12:36:17 +
Martin Gregorie wrote:

> On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote:
> > A related and increasingly common (dunno why) source of never
> > hitting DNSBL rules is a form of firewall/router NAT sometimes
> > called "Secure NAT" where inbound connections have their source IP's
> > replaced with the IP of the device handling the NAT.
> >  
> Thanks for the heads-up on this 'Secure NAT' facility: this the first
> I've heard of it, but I don't buy ADSL routers very often.

I don't think it's used on ordinary ADSL routers. It seems to be for
server pools.

Re: Scoring Philosophy?

2017-11-22 Thread Martin Gregorie 
On Wed, 2017-11-22 at 00:39 -0500, Bill Cole wrote:
> A related and increasingly common (dunno why) source of never
> hitting DNSBL rules is a form of firewall/router NAT sometimes called
> "Secure NAT" where inbound connections have their source IP's
> replaced with the IP of the device handling the NAT.
>
Thanks for the heads-up on this 'Secure NAT' facility: this the first
I've heard of it, but I don't buy ADSL routers very often.

I have a slightly OTT question about it: in your experience has this
'Secure NAT' facility been selectable as part of the device's
configuration or is it always on?


Martin

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Giovanni Bechis 
I haven't any error running spamassassin --lint, will try on production soon.
$ spamassassin -V 
SpamAssassin version 3.4.1
  running on Perl version 5.24.3
 
 Cheers
  Giovanni

On 11/22/17 08:32, Peter wrote:
> 
> Hi Kevin,
>  
> I am just trying this and getting the same error.  Did you work out how to 
> fix this?
>  
> Cheers,
>  
> Peter
> 
> *** REPLY SEPARATOR ***
> 
> On 25/10/2017 at 6:41 PM Kevin Miller wrote:
> 
> Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m 
> not sure if it’s working or not.  Running spamassasin –lint returns a 
> warning:
> 
>   root@mx2:/etc/spamassassin# spamassassin --lint
> 
>   Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp 
> compilation at /etc/spamassassin/HashBL.pm line 52.
> 
>  
> 
> ...Kevin
> 
> --
> 
> Kevin Miller
> 
> Network/email Administrator, CBJ MIS Dept.
> 
> 155 South Seward Street
> 
> Juneau, Alaska 99801
> 
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 
> 307357
> 
>  
> 
> *From:*Michael Grant [mailto:michael.gr...@gmail.com]
> *Sent:* Sunday, October 15, 2017 2:02 AM
> *To:* SpamAssassin Users
> *Subject:* MSBL Email Blocklist (EBL) SA usage query
> 
>  
> 
> Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with 
> Spamassassin from msbl.org  and possibly considered 
> packaging this module (available from this page: 
> http://msbl.org/ebl-implementation.html) with SpamAssassin (perhaps in a 
> forthcoming release)?  rSpamD already has internal support for the EBL. So I 
> believe the MSBL folks are for this sort of thing in general.
> 
>  
> 
> This plugin looks through the message (not just headers) for email 
> addresses which have been identified as email drop boxes for scams like 419 
> advance fee fraud.  It then looks hashes of these addresses up in a 
> blocklist. 
> 
>  
> 
> I'm not affiliated with these folks.  I do however use this module in my 
> setup though and find it catches a bunch of things we wouldn't have otherwise 
> caught.
> 
>  
> 
> Michael Grant
>