Re: ALL_TRUSTED always shown in X-Spam-Status header

2018-11-10 Thread listsb 
On Nov 10, 2018, at 21.01, John Hardin  wrote:
> 
> On Sat, 10 Nov 2018, listsb wrote:
> 
>> hi-
>> 
>> i've just noticed that every mail received seems to be hitting the 
>> ALL_TRUSTED test [ALL_TRUSTED=-1], regardless of where the message has come 
>> from.  i have the following:
>> 
>>> grep -riF 'internal_networks' /etc/spamassassin/*
>> /etc/spamassassin/99_local-config.cf:internal_networks   
>> 198.19.20.50/32
>> /etc/spamassassin/99_local-config.cf:internal_networks   
>> 198.19.20.212/32
>> 
>> here is a set of sample headers, slightly sanitized:
>> 
>> http://dpaste.com/33J7SF5
>> 
>> how can i troubleshoot why this is happening?
>> 
>> thanks!
> 
> internal_networks != trusted_networks.

i'm not sure i understand.  from the documentation here:

https://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html

it says:

"If trusted_networks is not set and internal_networks is, the value of 
internal_networks will be used for this parameter"

additionally, how would absence of either setting result in ALL_TRUSTED getting 
matched?

what am i misunderstanding?

Re: ALL_TRUSTED always shown in X-Spam-Status header

2018-11-10 Thread John Hardin 

On Sat, 10 Nov 2018, listsb wrote:


hi-

i've just noticed that every mail received seems to be hitting the ALL_TRUSTED 
test [ALL_TRUSTED=-1], regardless of where the message has come from.  i have 
the following:


grep -riF 'internal_networks' /etc/spamassassin/*

/etc/spamassassin/99_local-config.cf:internal_networks  198.19.20.50/32
/etc/spamassassin/99_local-config.cf:internal_networks  198.19.20.212/32

here is a set of sample headers, slightly sanitized:

http://dpaste.com/33J7SF5

how can i troubleshoot why this is happening?

thanks!


internal_networks != trusted_networks.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  If you trust the government, you obviously failed history class.
   -- Don Freeman
---
 Tomorrow: Veterans Day

ALL_TRUSTED always shown in X-Spam-Status header

2018-11-10 Thread listsb 
hi-

i've just noticed that every mail received seems to be hitting the ALL_TRUSTED 
test [ALL_TRUSTED=-1], regardless of where the message has come from.  i have 
the following:

>grep -riF 'internal_networks' /etc/spamassassin/*
/etc/spamassassin/99_local-config.cf:internal_networks  198.19.20.50/32
/etc/spamassassin/99_local-config.cf:internal_networks  198.19.20.212/32

here is a set of sample headers, slightly sanitized:

http://dpaste.com/33J7SF5

how can i troubleshoot why this is happening?

thanks!

Re: OT: help from email experts needed

2018-11-10 Thread RW 
On Sat, 10 Nov 2018 17:12:11 +0200
Jari Fredriksson wrote:

> I have an DKIM/SPF secured email domain, but somehow my experience
> with it has been perfect.
> 
> SpamAssassin (and other Internet participants see the mail as
> DKIM_INVALID if I send the mail from my Laptop to my sender. The
> sender seems to be my laptop and my server could be forged.
> 
> PasteBin: https://pastebin.com/HBpriJDN
> 
> 
> I have a distant rememberers that Postfix should somehow tell in the
> headers that I was authenticated to the server, but I see nothing
> like that in the pastern above. Is it that, or how can I make this
> happen without my past practices *)


It's the A in ESMTPSA below

Received: from [192.168.1.109] (unknown [86.115.206.23])
by mail.bitwell.biz (Postfix) with ESMTPSA id 5BE58140475

Re: Bayes underperforming, HTML entities?

2018-11-10 Thread John Hardin 

On Fri, 9 Nov 2018, John Hardin wrote:


On Fri, 9 Nov 2018, John Hardin wrote:


On Fri, 9 Nov 2018, Amir Caspi wrote:

I'd be interested to know if there's a performance difference between my 
two proposed rules.  I suspect the second should run (slightly) faster.


It looks that way - only .0001s difference on *some* messages.

Re body vs. rawbody:

I fixed the MIME boundaries and the body version stopped working (as 
expected), so I added rawbody versions.


I do note that the first version of the rule checked in was a body rule, and 
it did hit on a bunch of spam... Any speculation as to why?


revisions checked in for side-by-side tests:
Sendingsvn/trunk/rulesrc/sandbox/jhardin/20_misc_testing.cf
Transmitting file data .done
Committing transaction...
Committed revision 1846277.

Note the rule name changes - that's temporary, the survivor's name will be 
cleaned up a bit.


Initial results (again, all corpora aren't in yet)...

The rawbody rules perform much better (unsurprising), and the ASCII-only 
one has a better raw S/O:


https://ruleqa.spamassassin.org/20181110-r1846283-n/__RW_HTML_ENTITY_ASCII_RAW/detail
https://ruleqa.spamassassin.org/20181110-r1846283-n/__AC_HTML_ENTITY_BONANZA_SHRT_RAW/detail

The body one is still getting hits:

https://ruleqa.spamassassin.org/20181110-r1846283-n/__AC_HTML_ENTITY_BONANZA_SHRT_BODY/detail

...but it's 99-100% overlap with the RAW version so it looks like it's 
purely due to misformatting of the message.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Perfect Security and Absolute Safety are unattainable; beware
  those who would try to sell them to you, regardless of the cost,
  for they are trying to sell you your own slavery.
---
 Tomorrow: Veterans Day

Re: OT: help from email experts needed

2018-11-10 Thread Jari Fredriksson 


> Jari Fredriksson  kirjoitti 10.11.2018 kello 20.03:
> 
> 
> 
>> Jari Fredriksson mailto:ja...@iki.fi>> kirjoitti 10.11.2018 
>> kello 17.12:
>> 
>> I have an DKIM/SPF secured email domain, but somehow my experience with it 
>> has been perfect.
>> 
>> SpamAssassin (and other Internet participants see the mail as DKIM_INVALID 
>> if I send the mail from my Laptop to my sender. The sender seems to be my 
>> laptop and my server could be forged.
>> 
>> PasteBin: https://pastebin.com/HBpriJDN 
>> 
>> I have a distant rememberers that Postfix should somehow tell in the headers 
>> that I was authenticated to the server, but I see nothing like that in the 
>> pastern above. Is it that, or how can I make this happen without my past 
>> practices *)
>> 
>> *) I had an SSH tunnel to the server earlier and I posted to localhost:10025 
>> and things worked out. But it is too much hassle…
>> 
>> Br .jarif
>> 
>> 
> 
> Ok, I’ll retest using my bitwell.fi  and bitwell.biz 
>  addresses only.
> 
> I’ll post the result here.
>  

And here it is. No iki fi in the mix

https://pastebin.com/RAc3j77s

Re: OT: help from email experts needed

2018-11-10 Thread Jari Fredriksson 


> Jari Fredriksson  kirjoitti 10.11.2018 kello 17.12:
> 
> I have an DKIM/SPF secured email domain, but somehow my experience with it 
> has been perfect.
> 
> SpamAssassin (and other Internet participants see the mail as DKIM_INVALID if 
> I send the mail from my Laptop to my sender. The sender seems to be my laptop 
> and my server could be forged.
> 
> PasteBin: https://pastebin.com/HBpriJDN 
> 
> I have a distant rememberers that Postfix should somehow tell in the headers 
> that I was authenticated to the server, but I see nothing like that in the 
> pastern above. Is it that, or how can I make this happen without my past 
> practices *)
> 
> *) I had an SSH tunnel to the server earlier and I posted to localhost:10025 
> and things worked out. But it is too much hassle…
> 
> Br .jarif
> 
> 

Ok, I’ll retest using my bitwell.fi and bitwell.biz  
addresses only.

I’ll post the result here.

Re: OT: help from email experts needed

2018-11-10 Thread Benny Pedersen 

Jari Fredriksson skrev den 2018-11-10 16:12:

I have an DKIM/SPF secured email domain, but somehow my experience
with it has been perfect.


oh well

Authentication-Results: linode.junc.eu; dmarc=fail (p=none dis=none) 
header.from=iki.fi

Authentication-Results: linode.junc.eu; dkim=none; dkim-atps=neutral

why did you add dmarc when its not dkim signed ?

spf is irelevant to maillists

OT: help from email experts needed

2018-11-10 Thread Jari Fredriksson 
I have an DKIM/SPF secured email domain, but somehow my experience with it has 
been perfect.

SpamAssassin (and other Internet participants see the mail as DKIM_INVALID if I 
send the mail from my Laptop to my sender. The sender seems to be my laptop and 
my server could be forged.

PasteBin: https://pastebin.com/HBpriJDN 

I have a distant rememberers that Postfix should somehow tell in the headers 
that I was authenticated to the server, but I see nothing like that in the 
pastern above. Is it that, or how can I make this happen without my past 
practices *)

*) I had an SSH tunnel to the server earlier and I posted to localhost:10025 
and things worked out. But it is too much hassle…

Br .jarif