Re: [SA 3.4.2] sa-update doesn't see custom channel
W dniu 03.12.2018 o 15:42, Marcin Mirosław pisze: > Hi! > I have problem with sa-update and my own channel. sa-update queries for > A record of strange domain: > > # /usr/bin/sa-update --channel sa.mejor.pl --no-gpg -vv > DNS TXT query: 2.4.3.sa.mejor.pl -> 3209 > Update available for channel sa.mejor.pl: -1 -> 3209 > DNS A query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > DNS query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > channel: could not find working mirror, channel failed > Update failed, exiting with code 4 > > and this is what logged local resolver: > 2018-12-03T15:35:42.613624+01:00 jowisz unbound: [8540:0] info: > 127.0.0.1 update.sa.mejor.pl?sa-updates. A IN > 2018-12-03T15:35:42.617145+01:00 jowisz unbound: [8540:0] info: > 127.0.0.1 update.sa.mejor.pl?sa-updates. IN > > Why sa-update queries for update.sa.mejor.pl?sa-updates (or > update.sa.mejor.pl/sa-updates) domain? > > I just run sa-update in debug mode, I paste relevant parts: > [...] > Dec 3 15:40:10.955 [24739] dbg: channel: attempting channel sa.mejor.pl > Dec 3 15:40:10.955 [24739] dbg: channel: using existing directory > /var/lib/spamassassin/3.004002/sa_mejor_pl > Dec 3 15:40:10.955 [24739] dbg: channel: channel cf file > /var/lib/spamassassin/3.004002/sa_mejor_pl.cf > Dec 3 15:40:10.955 [24739] dbg: channel: channel pre file > /var/lib/spamassassin/3.004002/sa_mejor_pl.pre > DNS TXT query: 2.4.3.sa.mejor.pl -> 3209 > Dec 3 15:40:10.966 [24739] dbg: dns: 2.4.3.sa.mejor.pl => 3209, parsed > as 3209 > Update available for channel sa.mejor.pl: -1 -> 3209 > Dec 3 15:40:10.967 [24739] dbg: channel: preparing temp directory for > new channel > Dec 3 15:40:10.967 [24739] dbg: channel: created tmp directory > /tmp/.spamassassin24739FTCF1ttmp > Dec 3 15:40:10.967 [24739] dbg: generic: lint checking site pre files > once before attempting channel updates > [...] > Dec 3 15:40:11.189 [24739] dbg: channel: protocol family available: > inet,inet6 > Dec 3 15:40:11.189 [24739] dbg: channel: reading MIRRORED.BY file > /var/lib/spamassassin/3.004002/sa_mejor_pl/MIRRORED.BY > Dec 3 15:40:11.189 [24739] dbg: channel: parsing MIRRORED.BY file for > channel sa.mejor.pl > Dec 3 15:40:11.189 [24739] dbg: channel: found mirror > http://update.sa.mejor.pl/sa-updates/ > Dec 3 15:40:11.193 [24739] dbg: dns: query failed: > update.sa.mejor.pl/sa-updates => NXDOMAIN > DNS A query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > Dec 3 15:40:11.194 [24739] dbg: dns: query failed: > update.sa.mejor.pl/sa-updates => NXDOMAIN > DNS query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > Dec 3 15:40:11.195 [24739] dbg: generic: reject mirror > http://update.sa.mejor.pl/sa-updates: no common address family (IPv4 IPv6) > channel: could not find working mirror, channel failed > > # cat /var/lib/spamassassin/3.004002/sa_mejor_pl/MIRRORED.BY > http://update.sa.mejor.pl/sa-updates/ > > Something changed how channel should be configured beetwen 3.4.1 and 3.4.2? > Hi, any ideas what can be wrong? Marcin
Re: [SA 3.4.2] sa-update doesn't see custom channel
On Wed, 19 Dec 2018 11:34:32 +0100 Marcin Mirosław wrote: > W dniu 03.12.2018 o 15:42, Marcin Mirosław pisze: > > Hi! > > I have problem with sa-update and my own channel. sa-update queries > > for A record of strange domain: > > > > # /usr/bin/sa-update --channel sa.mejor.pl --no-gpg -vv > > DNS TXT query: 2.4.3.sa.mejor.pl -> 3209 > > Update available for channel sa.mejor.pl: -1 -> 3209 > > DNS A query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > > DNS query update.sa.mejor.pl/sa-updates failed: NXDOMAIN > > channel: could not find working mirror, channel failed > > Update failed, exiting with code 4 > > > > and this is what logged local resolver: > > 2018-12-03T15:35:42.613624+01:00 jowisz unbound: [8540:0] info: > > 127.0.0.1 update.sa.mejor.pl?sa-updates. A IN > any ideas what can be wrong? It looks like sa-update has lost support for paths in mirror URLs. The SA mirrors don't currently have paths, but the commented-out dostech entry suggests that they have been supported in the past. If I edit the sa.mejor.pl mirror file and strip 'sa-updates/' from the end, sa-update gets past the DNS error: $ sa-update --channel sa.mejor.pl --no-gpg -vv --updatedir /tmp DNS TXT query: 2.4.3.sa.mejor.pl -> 3399 Update available for channel sa.mejor.pl: -1 -> 3399 DNS A query: update.sa.mejor.pl -> 193.33.111.90 fetching http://update.sa.mejor.pl/3399.tar.gz http: (curl) GET http://update.sa.mejor.pl/3399.tar.gz, FAILED, status: exit 22 Cannot open file /tmp/sa_mejor_pl/3399.tar.gz: No such file or directory at /usr/local/bin/sa-update line 1599.
Re: [SA 3.4.2] sa-update doesn't see custom channel
RW wrote: It looks like sa-update has lost support for paths in mirror URLs. The SA mirrors don't currently have paths, but the commented-out dostech entry suggests that they have been supported in the past. I came across this myself since my local channels also use subdirectories. It's fixed for the pending 3.4.3 (I think) and in trunk as per https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7623. -kgd
Re: BITCOIN_PAY_ME and new type of blackmail, non porn.
On Tue, 18 Dec 2018, Mark London wrote: However, I think the BITCOIN_PAY_ME rule need a bit of fine tuning, to catch other emails. Like the one below, which escaped triggering the rule. That one is, intentionally, simple. A constant battle between spam rules, and bad English grammar. ...or even good, yet complex, English grammar. Nowhere does this one *directly* say "send me $X or you're dead." If there was some other clear wording of the "send me money" concept, it would be reasonable to extend "BITCOIN_PAY_ME" to cover that. Maybe I should say the hell with it, and simply block any email sent to me, with a bitcoin address in it. :) - Mark Bitcoin whitelisting is trending to become the correct approach. That's easy: meta BITCOIN_POISONED __BITCOIN_ID && !__LOCAL_BITCOIN_WHITELIST score BITCOIN_POISONED 10.000 # poison pill __LOCAL_BITCOIN_WHITELIST is an exercise for the student... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never does quite what I want. I wish Christopher Robin was here." -- Peter da Silva in a.s.r --- 6 days until Christmas
Re: rule for docx o xlsx
El lun., 17 dic. 2018 a las 13:40, RW () escribió: > > Content-Type: > application/vnd.openxmlformats-officedocument.wordprocessingml.document, > > doesn't contain msword|excel Hi RW , you suggest me to make the modification? -- rickygm http://gnuforever.homelinux.com
Re: rule for docx o xlsx
El lun., 17 dic. 2018 a las 14:22, Benny Pedersen () escribió: > > why not block it with default clamav installs ? > > spamassassin is not a virus scanner or macro detector, i still have not > seen rules in mimedefang or amavisd, or canit, and other tools support > deep content scanners in spamassassin > > just my one € Hi Benny, I am not an expert in amavisd, but I have installed a few and in the official documentation you can block this type of files or extension, but I would do it general and not on a certain pattern. -- rickygm http://gnuforever.homelinux.com
Re: rule for docx o xlsx
Rick Gutierrez skrev den 2018-12-19 18:44: Hi Benny, I am not an expert in amavisd, but I have installed a few and in the official documentation you can block this type of files or extension, but I would do it general and not on a certain pattern. i repeat, spamassassin cant test things in deep file content scanning, we loose one way to solve is: configure clamav-milter to accept all virus detected in clamav make spamas-milter reject pattern for macro virus detected in clamav and still reject virus in spamas-milter or make a bug report to clamav-milter for more policy accept quarantine reject rules by adding more 3dr party clamav signatures one dont need spamassassin :=) the above is only possible if clamav multer is done before spamas-milter if other tools is used it require more work to make work
