New Release Candidate: 3.4.4-rc1 - Testers Needed
Good Evening Assassins, 3.4.4 release candidate 1 is now available at https://people.apache.org/~kmcgrail/devel There are CVEs fixed in 3.4.4 that we will disclose more at release so you'll definitely want to look at upgrading. Please test! sha256sum of archive files: 509878df10811f596df3bf6437be900659e89b60bffacef877c7b734f38ffc2a Mail-SpamAssassin-3.4.4-rc1.tar.bz2 1fcd713e6396f7f3c68c92fbc5a32a9f16502cc4fe84e881ea5f66976ff3b81c Mail-SpamAssassin-3.4.4-rc1.tar.gz c774e6d4c9bdab2fae44f6159b61ddf3b698935b5b79dbfe60450c0017eea98f Mail-SpamAssassin-3.4.4-rc1.zip 17389f23b2dcf73ed156f412e5f59ae8436956ede78fa40e6563fc667a8ec3d9 Mail-SpamAssassin-rules-3.4.4-rc1.r1872902.tgz sha512sum of archive files: ab3898293023f192873c4188ba80dbd22d91c0d2540031ee7d1b18fc9930b28dd389fb7a378004659b64c19f5d11f7692e5d920daba3a852efbd93ce990c Mail-SpamAssassin-3.4.4-rc1.tar.bz2 b9fc11d6bed83146567ee5fa43b3753bc4596dcc1b55d75199a488336b4f51fab5b1622265032d7593b1211acc571093bcc6fe5160b77d9c82811bc9249205d9 Mail-SpamAssassin-3.4.4-rc1.tar.gz 7d3966e15373c0fab0fa12faa3aeb0a042a3d21e984731aaab9b30b10b9e9ee9ca57c94c44ac31ee6b2a8e4467faa941b07b737f3d86ab11a65bbc5763460c7d Mail-SpamAssassin-3.4.4-rc1.zip 69ba65234ee18c24a279c0ba7177c1e671f36cd8de7c7cf79452de5890c7ed8d2eee1a5973a56394b6d57d1729cafce3284500872ec19bb3945d6d0ba5ea7660 Mail-SpamAssassin-rules-3.4.4-rc1.r1872902.tgz Regards, KAM -- Kevin A. McGrail kmcgr...@apache.org Member, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171
Re: bayes sql postgresql
On Sat, 18 Jan 2020 13:31:10 +0100 Benny Pedersen wrote: > i came after using it this way for long time now that it could be > more optimized with bayes user id vars, currently it creates new ids > each time there is a new user, but it does not reuse old ids that is > not used anymore after sa-learn --username f...@example.org, then that > id is not used anymore, next new user will always get a highter > number, hmm :=) You think you might run-out of 32-bit numbers? If it really bothers you, you could use 64-bit. > next problem i find is that bayes usernames is caseSensitive in sql, > so b...@example.org and b...@example.org is 2 diffrent bayes users :( Domains are case-insensitive, the local-part may or may not be. I don't think this is anything to do with SpamAssassin, shouldn't this be handled by whatever is passing these usernames. > bayes ignore from and bayes ignore to, could be extended to know > local domains, egg dont store bayes data if from or to enveelopes is > not local domains Usually Bayes users are connected to local accounts. It sounds like you are just passing unvalidated email addresses to SA as virtual users.
Re: Spamassassin always says DKIM_INVALID
On Sat, Jan 18, 2020 at 02:54:27PM +0100, Alex Woick wrote: > Henrik K schrieb am 18.01.2020 um 08:15: > >On Sat, Jan 18, 2020 at 06:56:53AM +0200, Henrik K wrote: > >>On Tue, Jan 14, 2020 at 02:38:06PM +0100, Alex Woick wrote: > >>>Link to complete message: > >>>[2]https://pastebin.com/raw/1DLtnuRX > >>> > >>>Spamassassin is running as spamc/spamd, and is embedded in Postfix with > >>>spamass-milter. System is running on CentOS 7. > >>>... > >>>Any idea how to find out why Spamassassin isn't able to successfully verify > >>>dkim sigs, while at the same time Opendkim says it's valid? I just > >>>activated > >>>the dkim plugin of Spamassassin but didn't configure anything dkim-related, > >>>since there is nothing specific to do. > >>Naturally first step to debug this, would be enabling debugging. > >> > >>Does SA fail if you run it from command line? > >> > >>spamassassin -t -D dkim < message > >> > >>If not, then add the same "-D dkim" to spamd, probably > >>/etc/sysconfig/spamassassin if using CentOS package? > >Actually I already found the cause, spamass-milter is removing CR from > >wrapped headers, and some 3.4.3 changes made things break. I'm not sure > >about the fix, I need some more eyes on the bug below please. :-) > > > >https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7785 > > > Thanks for picking this up as bug. As far as I know, dkim signature > generation takes a header as it is, regardless of the header being > rfc-compliant or not. So if a line wrapping is LF only, and even if this is > not rfc-5322-compliant, it must be fed this way into the dkim signature > generation and verification. > An issue is probably, that you may need 2 versions of wrapped headers. One > with the original, possbly non-rfc compliant data for processing with > modules like dkim, and one with "fixed" data to allow normalized and easier > rule processing. Wrote a patch for spamass-milter as per the bug.. took much more time than I wanted, ugh. Someone else can harass maintainers/distros to update it now. :-)
Re: Spamassassin always says DKIM_INVALID
Henrik K schrieb am 18.01.2020 um 08:15: On Sat, Jan 18, 2020 at 06:56:53AM +0200, Henrik K wrote: On Tue, Jan 14, 2020 at 02:38:06PM +0100, Alex Woick wrote: Link to complete message: [2]https://pastebin.com/raw/1DLtnuRX Spamassassin is running as spamc/spamd, and is embedded in Postfix with spamass-milter. System is running on CentOS 7. ... Any idea how to find out why Spamassassin isn't able to successfully verify dkim sigs, while at the same time Opendkim says it's valid? I just activated the dkim plugin of Spamassassin but didn't configure anything dkim-related, since there is nothing specific to do. Naturally first step to debug this, would be enabling debugging. Does SA fail if you run it from command line? spamassassin -t -D dkim < message If not, then add the same "-D dkim" to spamd, probably /etc/sysconfig/spamassassin if using CentOS package? Actually I already found the cause, spamass-milter is removing CR from wrapped headers, and some 3.4.3 changes made things break. I'm not sure about the fix, I need some more eyes on the bug below please. :-) https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7785 Thanks for picking this up as bug. As far as I know, dkim signature generation takes a header as it is, regardless of the header being rfc-compliant or not. So if a line wrapping is LF only, and even if this is not rfc-5322-compliant, it must be fed this way into the dkim signature generation and verification. An issue is probably, that you may need 2 versions of wrapped headers. One with the original, possbly non-rfc compliant data for processing with modules like dkim, and one with "fixed" data to allow normalized and easier rule processing. Alex
bayes sql postgresql
i came after using it this way for long time now that it could be more optimized with bayes user id vars, currently it creates new ids each time there is a new user, but it does not reuse old ids that is not used anymore after sa-learn --username f...@example.org, then that id is not used anymore, next new user will always get a highter number, hmm :=) next problem i find is that bayes usernames is caseSensitive in sql, so b...@example.org and b...@example.org is 2 diffrent bayes users :( bayes ignore from and bayes ignore to, could be extended to know local domains, egg dont store bayes data if from or to enveelopes is not local domains for completeness i use fuglu 0.10.6 installed on gentoo with preque proxy scanning so can reject highscore spam i have started to ask here before make a ticket for this if its good to make changes to bayes