Re: Sv: Re: Legitimate message being flagged as spam
True. Thanks for pointing that out. -- Med vänlig hälsning Anders Gustafsson, ingenjör anders.gustafs...@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099 Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND >>> Benny Pedersen 2020-11-30 16:17 >>> spamassassin ‑t test‑mail.eml | less always works no matter how spamassassin is integrated
Re: adding AV scanning to working Postfix/SA system
On 11/30/20 7:00 PM, Joe Acquisto-j4 wrote: On 11/24/20 12:40 PM, Axb wrote: Fuglu supports Sophos AV See fuglu.org Sophos recently discontinued their support for SAVI on Linux. They now only support "Server Central Intercept X Advanced" which is an entirely different product. I would also be interested in newer/supported AV alternatives. Regards, Dave Where did you hear this? I was just informed it will continue until 2023 at least. The "Free" version is no longer available, apparently, but the "endpoint" product is still there for paying customers. Directly from my contact there - it was labeled end-of-sale this past July. It has an end-of-life date of July 2023. Support will continue to support that solution until then, but they will no longer offer new subscriptions to customers. Regards, Dave joe a. - j4computers, llc Stone Ridge, NY 12484 845-687-3734 www.j4computers.com -
Re: adding AV scanning to working Postfix/SA system
> > On 11/24/20 12:40 PM, Axb wrote: >> Fuglu supports Sophos AV >> See fuglu.org > > Sophos recently discontinued their support for SAVI on Linux. They now > only support "Server Central Intercept X Advanced" which is an entirely > different product. > > I would also be interested in newer/supported AV alternatives. > > Regards, > Dave > Where did you hear this? I was just informed it will continue until 2023 at least. The "Free" version is no longer available, apparently, but the "endpoint" product is still there for paying customers. joe a. - j4computers, llc Stone Ridge, NY 12484 845-687-3734 www.j4computers.com -
Mailchimp support for spamassassin-esp
Hi, I happened to notice today that the sendgrid spam work being done by Invaluement (https://www.invaluement.com/serviceproviderdnsbl/) and SA developers now apparently supports compromised Mailchimp domains. https://github.com/bigio/spamassassin-esp Is there an ongoing list of compromised mailchimp domains available to be used with this? That info is not included with the man page for this plugin. I also know there's another plugin developed by Paul Stead for this, but has one yet become the defacto version yet?
Re: bayes and InnoDB read locks
Alex skrev den 2020-11-30 17:33: 2020-11-30 10:11:46 2772099 [Note] InnoDB: *** (2) WAITING FOR THIS LOCK TO BE GRANTED: have you tryed do the bayes with AriaDB ? note i am not expert at all
bayes and InnoDB read locks
Hi, I recently set up a central database server to store bayes data for a handful of mail relays to query for bayes info. I've done this in the past and don't recall there being a problem with read locks, but hoped someone could explain why I'm now seeing errors/warnings like this when using sa-learn from one of the clients. This is from the mariadb-error.log file on the database server. 2020-11-30 10:11:46 2772099 [Note] InnoDB: *** (2) WAITING FOR THIS LOCK TO BE GRANTED: RECORD LOCKS space id 13828 page no 935 n bits 480 index PRIMARY of table `bayes`.`bayes_token` trx id 477451935 lock_mode X locks rec but not gap waiting Record lock, heap no 9 PHYSICAL RECORD: n_fields 7; compact format; info bits 0 0: len 4; hex 8004; asc ;; 1: len 5; hex 07839a4235; ascB5;; 2: len 6; hex 1c755710; ascuW ;; 3: len 7; hex 1702101943; asc C;; 4: len 4; hex 8231; asc1;; 5: len 4; hex 800052d2; asc R ;; 6: len 4; hex dfc519be; asc ;; 2020-11-30 10:11:46 2772099 [Note] InnoDB: *** WE ROLL BACK TRANSACTION (1) This is across a network connected with a 1Gb/s link. SA isn't installed on the database server so it would be difficult to do this on the local database server. Is there something more I should be doing to make this work properly? What more info can I provide to troubleshoot this? The database server is on modern hardware with 128GB of RAM. # cat /etc/my.cnf.d/my.cnf |grep ^inno innodb_data_home_dir = /var/lib/mysql innodb_defragment=1 innodb_file_per_table innodb_data_file_path = ibdata1:10M:autoextend:max:500M innodb_buffer_pool_size=60G innodb_log_file_size = 1G innodb_flush_log_at_trx_commit = 2 innodb_flush_method=O_DIRECT innodb_lock_wait_timeout = 50 innodb_buffer_pool_instances = 40 innodb_open_files=1 innodb_log_buffer_size=64M innodb_page_cleaners=15 innodb_purge_threads=15 innodb_write_io_threads=64 innodb_read_io_threads=64 innodb_io_capacity=2100 innodb_lru_scan_depth=100 innodb_fast_shutdown=0 innodb_adaptive_max_sleep_delay=2 innodb_flushing_avg_loops=5 innodb_print_all_deadlocks=ON innodb_flush_neighbors=0 innodb_buffer_pool_dump_pct=90 innodb_fill_factor=93 innodb_read_ahead_threshold=8 innodb_stats_sample_pages=32
Re: Legitimate message being flagged as spam
On Mon, 2020-11-30 at 07:27 -0600, Daryl Rose wrote: > How do I get the SA headers? > Either: - tell your mail reader to show all headers and cut'n'paste the whole email from the screen - Save the entire email as a TXT file and cut'n'paste from there Then drop the entire email into PasteBin or similar free repository and post a link to it here - this way your message to the SA mailing list can't be incorrectly recognised as spam. Martin
Re: Sv: Re: Legitimate message being flagged as spam
Anders Gustafsson skrev den 2020-11-30 14:36: It depends on how you have it set up. With what email system are you using it? no spamassassin -t test-mail.eml | less always works no matter how spamassassin is integrated
Re: Legitimate message being flagged as spam
Daryl Rose skrev den 2020-11-30 14:25: Yes, the cf is in the same location as the local.cf [2]. How do I find the results SA is giving? I'll post it once I know how. spamassassin -t testmail-file | less
Sv: Re: Legitimate message being flagged as spam
It depends on how you have it set up. With what email system are you using it? -- Med vänlig hälsning Anders Gustafsson, ingenjör anders.gustafs...@pedago.fi | Support +358 18 12060 | Direkt +358 9 315 45 121 | Mobil +358 40506 7099 Pedago interaktiv ab, Nygatan 7 B , AX-22100 MARIEHAMN, ÅLAND, FINLAND >>> Daryl Rose 2020-11-30 15:27 >>> How do I get the SA headers? Thank you. Daryl On Sun, Nov 29, 2020 at 10:32 AM Martin Gregorie wrote: > Showing us the SA headers and hits would be a good idea: without them we > don't know why SA rejected the mail. > > I notice that domain in the Message-ID is ficticious may not be > significant, but I usually think this is suspicious. > > Martin > > > On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote: > > I get an email/receipt from a vendor on a payment made. This message > > continuously gets flagged as spam even though I've added it to the > > whitelist_from.cf list. > > > > Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 > > - > > > Received: from unknown (HELO p3plibsmtp02- > > > 04.prod.phx3.secureserver.net) > > > ([68.178.213.4]) > > > (envelope-sender > > > @sendgrid.net>) > > > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail- > > > 1.03) with > > > SMTP > > > for ; 27 Nov 2020 20:52:17 - > > > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) > > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) > > > (Client did not present a certificate) > > > by CMGW with ESMTP > > > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 > > > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 > > > cx=a_idp_nop > > > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 > > > a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 > > > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 > > > a=5LfDJFqq-uUA:10 > > > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 > > > a=UDnyf2zBuKT2w-IlGP_r:22 > > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > > > d=sendgrid.net; > > > h=from:subject:mime-version:to:content-type:content-transfer- > > > encoding; > > > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; > > > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL > > > uH > > > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g > > > Si > > > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= > > > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id > > > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD > > > 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 > > > Received: from spiderdoor.com (unknown) > > > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP > > > id ceyKf2F5QpyH7v63ZKS3nA > > > Fri, 27 Nov 2020 20:52:16.783 + (UTC) > > > Date: Fri, 27 Nov 2020 20:52:16 + (UTC) > > > From: no-re...@spiderdoor.com > > > Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> > > > Subject: Payment Receipt for Unit G030 - paid from SpiderApp > > > Mime-Version: 1.0 > > > X-SG-EID: > > > > > > =?us- > > > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD > > > qyYQ?= > > > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= > > > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= > > > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= > > > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= > > > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= > > > To: i...@myspace.rent, > > > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== > > > Content-Type: text/html; charset=us-ascii > > > Content-Transfer-Encoding: 7bit > > > X-CMAE-Envelope: > > > > > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX > > > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i > > > > > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs > > > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 > > > X6m7dicNVVVO+LUx/qLWyQ== > > > X-Nonspam: None > > > > > > > > > > > Any idea why it gets flagged and what rule I need to put in place to > > prevent it from happening? > > > > Thank you. > > > > Daryl > >
Re: Legitimate message being flagged as spam
How do I get the SA headers? Thank you. Daryl On Sun, Nov 29, 2020 at 10:32 AM Martin Gregorie wrote: > Showing us the SA headers and hits would be a good idea: without them we > don't know why SA rejected the mail. > > I notice that domain in the Message-ID is ficticious may not be > significant, but I usually think this is suspicious. > > Martin > > > On Sun, 2020-11-29 at 09:40 -0600, Daryl Rose wrote: > > I get an email/receipt from a vendor on a payment made. This message > > continuously gets flagged as spam even though I've added it to the > > whitelist_from.cf list. > > > > Received: (qmail 26946 invoked by uid 30297); 27 Nov 2020 20:52:17 > > - > > > Received: from unknown (HELO p3plibsmtp02- > > > 04.prod.phx3.secureserver.net) > > > ([68.178.213.4]) > > > (envelope-sender > > > @sendgrid.net>) > > > by p3plsmtp23-04-26.prod.phx3.secureserver.net (qmail- > > > 1.03) with > > > SMTP > > > for ; 27 Nov 2020 20:52:17 - > > > Received: from o1.3nn.shared.sendgrid.net ([167.89.100.129]) > > > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) > > > (Client did not present a certificate) > > > by CMGW with ESMTP > > > id ikj3kLwOeFeQXikj3kiQrL; Fri, 27 Nov 2020 13:52:17 -0700 > > > X-CMAE-Analysis: v=2.4 cv=SdYyytdu c=1 sm=1 tr=0 ts=5fc16701 b=1 > > > cx=a_idp_nop > > > a=d87GDerR7hnUjA61tTL9RQ==:117 a=d87GDerR7hnUjA61tTL9RQ==:17 > > > a=kj9zAlcOel0A:10 a=zPYWiABU:8 a=5-f5ixlAKy49-4MjWEkA:9 > > > a=O-7aY5Sf57aUu7p3:21 a=_W_S_7VecoQA:10 a=CjuIK1q_8ugA:10 > > > a=5LfDJFqq-uUA:10 > > > a=AWL3az150N33eOPX4RKm:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 > > > a=UDnyf2zBuKT2w-IlGP_r:22 > > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > > > d=sendgrid.net; > > > h=from:subject:mime-version:to:content-type:content-transfer- > > > encoding; > > > s=smtpapi; bh=5/eVCwWUZDl73ybzUYFmyMNdYNgvUvrvS9S5NJHu8QU=; > > > b=kDKnSU9Bb2Mi5khPiwjinzdlOorchkBuNfEWHSiqVeWqCaZPHmztDB3ZeQXPLVkVbL > > > uH > > > 6NgvFXajs2aidTnh9bSKSMn4RaTPC+nvQU4DxFoXj0dL9yy9rjBGsdmS0BBD6+qzBl6g > > > Si > > > i2UwAMxRGXKbODjK5T5Ll1us3XKXKt9cI= > > > Received: by filterdrecv-p3iad2-5dc87598f5-8bxxp with SMTP id > > > filterdrecv-p3iad2-5dc87598f5-8bxxp-19-5FC16700-AD > > > 2020-11-27 20:52:16.878084415 + UTC m=+951689.287978429 > > > Received: from spiderdoor.com (unknown) > > > by ismtpd0118p1mdw1.sendgrid.net (SG) with ESMTP > > > id ceyKf2F5QpyH7v63ZKS3nA > > > Fri, 27 Nov 2020 20:52:16.783 + (UTC) > > > Date: Fri, 27 Nov 2020 20:52:16 + (UTC) > > > From: no-re...@spiderdoor.com > > > Message-ID: <5fc1670079f34_26fd3171828...@api1.mail> > > > Subject: Payment Receipt for Unit G030 - paid from SpiderApp > > > Mime-Version: 1.0 > > > X-SG-EID: > > > > > > =?us- > > > ascii?Q?nNFctdm0BWd6iTjLSzehWYRyQOg6=2FUycD+ddLrh9vGVcvZBTHPJYDTCViD > > > qyYQ?= > > > =?us-ascii?Q?Li3bEIOOksE35=2FhSgezGSc37DN46Fkbxk1TO9E8?= > > > =?us-ascii?Q?MGQPgTWt6k58DhiRQTG0=2F+79xc=2FO7jtyaG0XkLO?= > > > =?us-ascii?Q?1DjUXyElg+pd9Ry=2Fm1Wy7CmJWR0I1zJgLk=2FUjTC?= > > > =?us-ascii?Q?=2F7EUOycJlpjn1eLS5JSN9MBpwsXNk7EKGYPvDxO?= > > > =?us-ascii?Q?duJHjPbILEuJJjx1g=3D?= > > > To: i...@myspace.rent, > > > X-Entity-ID: eEuAPys4acQ9ere1FZlp6A== > > > Content-Type: text/html; charset=us-ascii > > > Content-Transfer-Encoding: 7bit > > > X-CMAE-Envelope: > > > > > > MS4xfLrAfEKlWNG6dcz1a05VWlMXnGyOE7soLGjybMz1QFzvpZ8a8cRDyTGNbMY9ezX > > > 311xKb9zb5aWg3AtH7xkCUlT7kaAYASl+bOfJ3EEdSfKKIoPXjO+i > > > > > > gjrerNiIxiRiWOcLF0BuxQKyIc/5BN0U4rxx20N0k1kPbaXyR06Ty99IgAWy9imxFxs > > > ms0GP03MmGWur7XyGwMcP6r/JKJ3ntGwGN1Diolw7WC+ywjp9VBM5 > > > X6m7dicNVVVO+LUx/qLWyQ== > > > X-Nonspam: None > > > > > > > > > > > Any idea why it gets flagged and what rule I need to put in place to > > prevent it from happening? > > > > Thank you. > > > > Daryl > >
Re: Legitimate message being flagged as spam
Yes, the cf is in the same location as the local.cf. How do I find the results SA is giving? I'll post it once I know how. Thank you. Daryl On Sun, Nov 29, 2020 at 9:46 AM Benny Pedersen wrote: > Daryl Rose skrev den 2020-11-29 16:40: > > I get an email/receipt from a vendor on a payment made. This message > > continuously gets flagged as spam even though I've added it to the > > whitelist_from.cf [7] list. > > is this cf file placed same path that local.cf is ? > > what results is spamassassin giving ? > > after you show this i can help more >
