Re: Which commercial engine to combine with SpamAssassin?
Il 24/03/23 09:20, Benny Pedersen ha scritto: Alessio Cecchi skrev den 2023-03-24 09:12: Do you know any other companies developing an antispam SDK to be combined with spamassassin? cpanel, plesk, and friends do have it aswell, but i once asked if it was possible to have cpanel on gentoo, thay lost, open source is really precompiled problems, lol still its called opensource right ? imho pyzor perl fork was planned, but have we seen it yet ? may i ask what you like to solve ? Spamassassin is very flexible and allows us to create custom rules, set the scores of individual results well and apply customizations also per domains and users. We have also always combined a commercial engine to be able to block spam and phishing waves faster as they start, in the same way as we buy feeds from various commercial blacklist providers. Ciao -- Alessio Cecchi Postmaster @http://www.qboxmail.it https://www.linkedin.com/in/alessice
Which commercial engine to combine with SpamAssassin?
Hi, we were using the Cyren SDK with a custom plugin for SpamAssassin, now we are looking for an alternative commercial SDK engine to combine with our SpamAssassin. I know that Cloudmark have a plugin for SpamAssassin but in the past I remember it was more expensive than Cyren. MailShell have an SDK for antispam and I will probably contact them. Do you know any other companies developing an antispam SDK to be combined with spamassassin? Thanks -- Alessio Cecchi Postmaster @http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: Spam email by-pass because dkim adsp timeout
Il 20/10/21 16:46, Benny Pedersen ha scritto: On 2021-10-20 16:35, Alessio Cecchi wrote: How can I configure this timeout to 5 seconds or similar? perldoc Mail::SpamAssassin::Plugin::DKIM see section override Thanks, I have solved with: adsp_override * unknown There still a 10 seconds time spents on DKIM check: Oct 20 17:19:42.210 [15847] dbg: dkim: using Mail::DKIM version 0.39 Oct 20 17:19:42.211 [15847] dbg: dkim: performing public key lookup and signature verification [ 10 seconds here] Oct 20 17:19:52.211 [15847] dbg: dkim: FAILED DKIM, i=@serverupgrader.xyz, d=serverupgrader.xyz, s=default, a=rsa-sha1, c=relaxed/relaxed, unknown key size, invalid, does not match author domain Oct 20 17:19:52.211 [15847] dbg: dkim: signature verification result: INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR DEFAULT._DOMAINKEY.SERVERUPGRADER.XYZ) But seems a dns timeout, not a a dkim_timeout that is 5 seconds by default (from perldoc Mail::SpamAssassin::Plugin::DKIM ). Any suggestion? -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Spam email by-pass because dkim adsp timeout
Hi, some of our users have received spam/phishing email in INBOX. Investigating I found that the cause is the time that spamassassin spent to returna result, 30 seconds in the dkim adsp: [...] Reply-To: server-ad...@mailserverupgrader.xyz From: "MEssage Center - companyname.it" To: name.surn...@companyname.it [...] Oct 20 16:22:41.142 [27900] dbg: FreeMail: RULE (FREEMAIL_FROM) check_freemail_from Oct 20 16:22:41.142 [27900] dbg: FreeMail: all from-addresses: cindy.vandw...@gmail.com, server-ad...@mailserverupgrader.xyz Oct 20 16:22:41.142 [27900] dbg: FreeMail: HIT! cindy.vandw...@gmail.com is freemail Oct 20 16:22:41.153 [27900] dbg: dkim: using Mail::DKIM version 0.39 Oct 20 16:22:41.154 [27900] dbg: dkim: performing public key lookup and signature verification Oct 20 16:22:51.155 [27900] dbg: dkim: FAILED DKIM, i=@serverupgrader.xyz, d=serverupgrader.xyz, s=default, a=rsa-sha1, c=relaxed/relaxed, unknown key size, invalid, does not match author domain Oct 20 16:22:51.155 [27900] dbg: dkim: signature verification result: INVALID (PUBLIC KEY: DNS QUERY TIMEOUT FOR DEFAULT._DOMAINKEY.SERVERUPGRADER.XYZ) Oct 20 16:22:51.155 [27900] dbg: dkim: adsp: performing lookup on _adsp._domainkey.mailserverupgrader.xyz [ NOTE 30 seconds here ] Oct 20 16:23:11.155 [27900] dbg: dkim: adsp: fetch or parse on domain mailserverupgrader.xyz failed: DNS query timeout for mailserverupgrader.xyz Oct 20 16:23:11.156 [27900] dbg: dkim: signing practices on mailserverupgrader.xyz unavailable Oct 20 16:23:11.156 [27900] dbg: dkim: adsp result: U/unknown (dns: no result), author domain 'mailserverupgrader.xyz' Oct 20 16:23:11.156 [27900] dbg: rules: uri host enlisted (SUSP_URI_NTLD): serverupgrader.xyz (xyz) Oct 20 16:23:11.156 [27900] dbg: rules: ran eval rule PDS_OTHER_BAD_TLD ==> got hit (1) Oct 20 16:23:11.157 [27900] dbg: eval: From 2nd level domain: mailserverupgrader.xyz, EnvelopeFrom 2nd level domain: gmail.com Oct 20 16:23:11.157 [27900] dbg: rules: ran eval rule HEADER_FROM_DIFFERENT_DOMAINS ==> got hit (1) Oct 20 16:23:11.157 [27900] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks Oct 20 16:23:11.157 [27900] dbg: spf: found Envelope-From in first external Received header Can it be a tactic? How can I configure this timeout to 5 seconds or similar? Thanks -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Trouble with XM_RANDOM rule
Hi, I noticed that email sent from our webmail are catched always by XM_RANDOM rule. The reason is that we add an header: X-Mailer: Qboxmail Webmail 1.2.3 that match "X-Mailer =~ /q(?!q?mail|\d|[-\w]*=+;)[^u]/i" Is "Qboxmail" the problem? Since this is the name of our company are there any chances to keep it without catching the rule? Thanks -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: adding AV scanning to working Postfix/SA system
Il 19/11/20 00:43, Joe Acquisto-j4 ha scritto: SOHO system, on virtual machines. Fairly recent versions. Running openSUSE Leap 15.1. Due to some recent malware (obvious stuff) wanted to add AV scanning. I gather "Amavis-new" is the hot ticket these days, I deal with Sophos products and would like to use their linux product to do the scanning. Seems to be precious little on how to do that. Any experiences? You can try with MessageSniffer: https://www.armresearch.com/ Is an antispam/antivirus engine that can run on Linux and have a plugin for Spamassassin. I'm using it, works quite well at the right price. -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
TXREP: positive score on malware emails
nder's reputation The sender was domain name "dal corte DOT org" that is sending malware to many different domains hosted by us. Is my setup of txrep bad or is "normal"? Thanks -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: rpm of centos
Il 10/01/20 02:59, Rick Gutierrez ha scritto: Hi everyone, someone from the list who can share the rpm of the latest version of spamassassin for centos 7 and 6 of x64, I want to update to the latest version and I can't find the rpm. Hi, for CentOS 6 I'm using this repo and works fine: https://copr.fedorainfracloud.org/coprs/kevin/spamassassin-el/ Ciao -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
How add ITA channel to sa-update?
Hello, I'm interesting into add the italian channel to spamassassin from https://spamassassin.snb.it/, but what is the right way? I download ITA.conf in /etc/spamassassin/channel.d/ and run sa-update but I don't see any new files in /var/lib/spamassassin/3.004002/. Thanks (to Giovanni for the channel :-) ) -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Spamassassin 3.4.2 RPM for CentOS 6
Hi, if someone, like me, is interesting into spamassassin 3.4.2 rpm for CentOS 6 here you can find the right repo: https://copr.fedorainfracloud.org/coprs/kevin/spamassassin-el/packages/ Ciao -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: iXhash service issues
Il 30/09/2018 18:06, Alex ha scritto:
Hi all, I'm pretty sure this is a problem on their side, but can
anyone else confirm ixhash is having a problem? Anyone else using the
iXhash plugin? Their site http://www.ixhash.net/ also appears to be
down.
30-Sep-2018 12:03:24.249 query-errors: client @0x7ff3f01a43d0
68.195.193.45#44607
(230fe40b1401cf8c3fe2b8699cdb91bf.generic.ixhash.net): query failed
(SERVFAIL) for 230fe40b1401cf8c3fe2b8699cdb91bf.generic.ixhash.net/IN/A
at query.c:8580
ixhashdnsbl GENERIC_IXHASH generic.ixhash.net.
bodyGENERIC_IXHASH eval:check_ixhash('GENERIC_IXHASH')
describeGENERIC_IXHASH http://www.ixhash.net/listinfo.html
tflags GENERIC_IXHASH net
score GENERIC_IXHASH 1.5
ixhashdnsbl NIXSPAM_IXHASH ix.dnsbl.manitu.net.
bodyNIXSPAM_IXHASH eval:check_ixhash('NIXSPAM_IXHASH')
describeNIXSPAM_IXHASH http://www.ixhash.net/listinfo.html
tflags NIXSPAM_IXHASH net
score NIXSPAM_IXHASH 1.5
Hello,
we have the same issue and we disabled ixhash.net query.
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
Re: ixhash.junkemailfilter.com seems to be broken currently
Il 20/06/2016 16:22, Reindl Harald ha scritto:
since Marc is present on this list and maybe others using it too:
dig A c134389d7cefd3aadce78714669239f2.ixhash.junkemailfilter.com.
status: SERVFAIL
Query time: 1798 msec
so at least for the last 2 days the rule below slows down scanning
score JEF_IXHASH1.0
ixhashdnsbl JEF_IXHASHixhash.junkemailfilter.com.
bodyJEF_IXHASHeval:check_ixhash('JEF_IXHASH')
describeJEF_IXHASHDIGEST: ixhash.junkemailfilter.com
Hi,
Marc, some weeks ago, confirmed to me that ixhash.junkemailfilter.com is
no more in use.
Ciao
--
Alessio Cecchi
Postmaster @ http://www.qboxmail.it
https://www.linkedin.com/in/alessice
Re: Which DNSBLs do you use?
Il 14/06/2016 13:46, Heinrich Boeder ha scritto: Hi Folks, I have been on this list for quiet some time now and the topic "DNSBL" was discussed pretty often, but I was still wondering which DNSBLs you guys use for your mail environment. So here are my questions: Which DNSBLs do you use? Which one can you suggest the most? Hi, we use www.invaluement.com - ivmSIP to block IPs at SMTP level - ivmSIP24 and ivmURI in Spamassassin with custom score Also b.barracudacentral.org is good and with low FP. Probably zen.spamhaus.org is the best dnsbl but is too expensive for us. Invaluement SIP is almost comparable to Zen as performance but much less expensive. Ciao -- Alessio Cecchi Postmaster @ http://www.qboxmail.it https://www.linkedin.com/in/alessice
Re: spf: lookup failed: addr is not a string
Il 26/10/2014 23:04, Thomas Preißler ha scritto:
Hey!
I use SpamAssassin version 3.4.0 from wheezy-backports. Unfortunately,
I get the following line sometimes in mail.log:
warn: spf: lookup failed: addr is not a string at
/usr/share/perl5/IO/Socket/IP.pm line 646.
Attached you'll find a mail.eml and the output of spamassassin -D
which shows the warning.
Any ideas how to solve this issue?
Thanks!
Thomas
Hi,
I solved this issue with minimal-responses yes; in bind9 options:
options {
[...]
minimal-responses yes; # avoid spfquery BUGs
Re: 23_bayes_ignore_header.cf
Il 14/10/2014 09:08, Axb ha scritto: Updated (in case you're using it.) http://svn.apache.org/repos/asf/spamassassin/trunk/rulesrc/sandbox/axb/23_bayes_ignore_header.cf I suggest these: from qmail-scanner: bayes_ignore_header X-Qmail-Scanner-Diagnostics bayes_ignore_header X-Qmail-Scanner-MOVED-X-Spam-Status bayes_ignore_header X-Originating-IP from cloudmark: bayes_ignore_header X-Spam-CMAE-Analysis bayes_ignore_header X-CMAE-Match bayes_ignore_header X-CMAE-Score bayes_ignore_header X-CMAE-Analysis from commtouch: bayes_ignore_header X-Spam-CTCH-RefID bayes_ignore_header X-CTCH-SenderID bayes_ignore_header X-CTCH-SenderID-TotalMessages bayes_ignore_header X-CTCH-SenderID-TotalSuspected bayes_ignore_header X-CTCH-SenderID-TotalBulk bayes_ignore_header X-CTCH-SenderID-TotalConfirmed bayes_ignore_header X-CTCH-SenderID-TotalRecipients from dcc: bayes_ignore_header X-Spam-DCC from sophos: bayes_ignore_header X-PMX-Spam Thanks
Re: 23_bayes_ignore_header.cf
Il 14/10/2014 10:44, Axb ha scritto: have you verified that some of these are not included? Yes, twice. X-Originating-IP will not be included as it can be used to help detect ham or spam Ok, thanks
Re: Spam from RCVD_IN_IADB (ISIPP/Surety Mail)
Il 04/02/2014 18:07, Axb ha scritto: On 02/04/2014 05:55 PM, Alessio Cecchi wrote: Hi, in the last days, on my personal account email, I receive two spam email from IP in the ISIPP/SuretyMail whitelist: http://www.isipp.com/iadb.php I'm sure that is spam (and I have never subscribed to those lists), the language of email is Spanish (or portoghese, I don't know) and I don't understand it. The messagge was forward to ab...@suretymail.com but after 7 days I have not received a reply. Moreover, the abuse desk of the IP network (ab...@ip-zone.com) reject my email because i spam! == abuse-trapgu...@relay.ip-zone.com This message has been rejected because it has a potentially executable attachment Axvisual Promocom: El secreto para una web exitosa.eml This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. == Here the header of the last message I received: Return-Path: bou...@105.52.mdt2.com.ar X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on www-myserver.myisp.com X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_60, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM, HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,HTML_IMAGE_RATIO_06,HTML_MESSAGE, NML_ADSP_CUSTOM_MED,RCVD_IN_IPD_GREY,RCVD_IN_HOSTKARMA_W,RCVD_IN_IADB_DK, RCVD_IN_IADB_DOPTIN_LT50,RCVD_IN_IADB_LISTED,RCVD_IN_IADB_RDNS, RCVD_IN_IADB_SENDERID,RCVD_IN_IADB_SPF,RCVD_IN_IADB_VOUCHED,RP_MATCHES_RCVD, SPF_HELO_PASS,SPF_PASS,URIBL_BLACK autolearn=no version=3.3.1 X-Original-To: box-onl...@myserver.biz Delivered-To: box-online-myserver@www-myserver.myisp.com Received: from 105.52.mdt2.com.ar (105.52.mdt2.com.ar [200.58.105.52]) by www-myserver.myisp.com (Postfix) with ESMTP id B976D14561 for b...@myserver.biz; Mon, 3 Feb 2014 18:42:30 +0100 (CET) To: b...@myserver.biz From: Kumelen Escuela vivikume...@gmail.com Reply-To: Kumelen Escuela vivikume...@gmail.com Subject: =?utf-8?B?SmFyZMOtbiBtYXRlcm5hbCBlIGluaWNpYWwgS3VtZWxlbiB8IFVuYSBwcm9wdWVzdGEgZWR1Y2F0aXZhIGRpZmVyZW50ZQ==?= Date: Mon, 03 Feb 2014 14:39:14 -0300 List-Unsubscribe: mailto: unsubscr...@esmt6.com.ar?body=#s-1key#bdf88f11552b8da93f09fef8992a1fc59a6c5a970e8beb1f2fc1b0055272218f7417c222bde350883cc0f71aba47127c89e7621a37290b228a8d831dcc6069d3ef#e-1key# MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_envialosimple-179431603952efd442d8f5b4.33359362_=_ Content-Transfer-Encoding: 7bit X-Priority: 3 X-Mailer-MsgId: Ym94LW9ubGluZUBjZWNjaGkuYml6 X-Mailer-CSID: MjYwXzIyM18yMTI2MQ== Message-ID: 1wanui-001ulg...@smtp-5-marketing.dattaweb.com X-Complaints-To: postmas...@esmt6.com.ar X-Report-Abuse: postmas...@esmt6.com.ar Sender: Kumelen Escuela vivikumelen=gmail@105.52.mdt2.com.ar X-DKIM: envialosimple.com DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=30179; s=emailmkt; t=1391449153; c=relaxed/simple; h=From:To:Subject; d=105.52.mdt2.com.ar; z=From:=20Kumelen=20Escuela=20vivikume...@gmail.com=0A=0D=0A|To:=20=20box-onl...@myserver.biz=0A=0D=0A|Subject:=20=3D?utf-8?B?SmFyZMOtbiBtYXRlcm5hbCBlIGluaWNpYWwgS3VtZWxlbiB8IFVuYSBwcm9wdWVzdGEgZWR1Y2F0aXZhIGRpZmVyZW50ZQ=3D=3D?=3D=0A=0D=0A; bh=j9+MRJ1J+qPecKFsDE9vcEO8P68=; b=dt/pP/4MqZAgUDEpFmfCMyOHfE4TBX8mbaKV3V24iIH8xlEW/Fs5PVXkN2dZDfTUTV7UdoX0Q0ozMavK5cIsh+3z3t746ZSyyNO1ATfKUy2RwIKvTMwoPaTpSraaTaWRZiUJ2tdn5W5J2vzX7gnVe1ZqrG3C2oXp5UNlAfduAfg= X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - 105.52.mdt2.com.ar X-AntiAbuse: Original Domain - myserver.biz X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [500 500] X-AntiAbuse: Sender Address Domain - 105.52.mdt2.com.ar Since this whitelist does not respond to reports of abuse I think it should be considered whether to keep it active in spamassassin. SpamAssassin is a framework - nothing stops you from disabling rules locally. Yes I know very well, the problem is that this whitelist is not so white and reputable. -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz Cloud Email Hosting - http://www.qboxmail.com @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Spam from RCVD_IN_IADB (ISIPP/Surety Mail)
Hi, in the last days, on my personal account email, I receive two spam email from IP in the ISIPP/SuretyMail whitelist: http://www.isipp.com/iadb.php I'm sure that is spam (and I have never subscribed to those lists), the language of email is Spanish (or portoghese, I don't know) and I don't understand it. The messagge was forward to ab...@suretymail.com but after 7 days I have not received a reply. Moreover, the abuse desk of the IP network (ab...@ip-zone.com) reject my email because i spam! == abuse-trapgu...@relay.ip-zone.com This message has been rejected because it has a potentially executable attachment Axvisual Promocom: El secreto para una web exitosa.eml This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it. == Here the header of the last message I received: Return-Path: bou...@105.52.mdt2.com.ar X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on www-myserver.myisp.com X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_60, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM, HTML_FONT_LOW_CONTRAST,HTML_FONT_SIZE_LARGE,HTML_IMAGE_RATIO_06,HTML_MESSAGE, NML_ADSP_CUSTOM_MED,RCVD_IN_IPD_GREY,RCVD_IN_HOSTKARMA_W,RCVD_IN_IADB_DK, RCVD_IN_IADB_DOPTIN_LT50,RCVD_IN_IADB_LISTED,RCVD_IN_IADB_RDNS, RCVD_IN_IADB_SENDERID,RCVD_IN_IADB_SPF,RCVD_IN_IADB_VOUCHED,RP_MATCHES_RCVD, SPF_HELO_PASS,SPF_PASS,URIBL_BLACK autolearn=no version=3.3.1 X-Original-To: box-onl...@myserver.biz Delivered-To: box-online-myserver@www-myserver.myisp.com Received: from 105.52.mdt2.com.ar (105.52.mdt2.com.ar [200.58.105.52]) by www-myserver.myisp.com (Postfix) with ESMTP id B976D14561 for b...@myserver.biz; Mon, 3 Feb 2014 18:42:30 +0100 (CET) To: b...@myserver.biz From: Kumelen Escuela vivikume...@gmail.com Reply-To: Kumelen Escuela vivikume...@gmail.com Subject: =?utf-8?B?SmFyZMOtbiBtYXRlcm5hbCBlIGluaWNpYWwgS3VtZWxlbiB8IFVuYSBwcm9wdWVzdGEgZWR1Y2F0aXZhIGRpZmVyZW50ZQ==?= Date: Mon, 03 Feb 2014 14:39:14 -0300 List-Unsubscribe: mailto: unsubscr...@esmt6.com.ar?body=#s-1key#bdf88f11552b8da93f09fef8992a1fc59a6c5a970e8beb1f2fc1b0055272218f7417c222bde350883cc0f71aba47127c89e7621a37290b228a8d831dcc6069d3ef#e-1key# MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_envialosimple-179431603952efd442d8f5b4.33359362_=_ Content-Transfer-Encoding: 7bit X-Priority: 3 X-Mailer-MsgId: Ym94LW9ubGluZUBjZWNjaGkuYml6 X-Mailer-CSID: MjYwXzIyM18yMTI2MQ== Message-ID: 1wanui-001ulg...@smtp-5-marketing.dattaweb.com X-Complaints-To: postmas...@esmt6.com.ar X-Report-Abuse: postmas...@esmt6.com.ar Sender: Kumelen Escuela vivikumelen=gmail@105.52.mdt2.com.ar X-DKIM: envialosimple.com DKIM-Signature: v=1; a=rsa-sha1; q=dns/txt; l=30179; s=emailmkt; t=1391449153; c=relaxed/simple; h=From:To:Subject; d=105.52.mdt2.com.ar; z=From:=20Kumelen=20Escuela=20vivikume...@gmail.com=0A=0D=0A|To:=20=20box-onl...@myserver.biz=0A=0D=0A|Subject:=20=3D?utf-8?B?SmFyZMOtbiBtYXRlcm5hbCBlIGluaWNpYWwgS3VtZWxlbiB8IFVuYSBwcm9wdWVzdGEgZWR1Y2F0aXZhIGRpZmVyZW50ZQ=3D=3D?=3D=0A=0D=0A; bh=j9+MRJ1J+qPecKFsDE9vcEO8P68=; b=dt/pP/4MqZAgUDEpFmfCMyOHfE4TBX8mbaKV3V24iIH8xlEW/Fs5PVXkN2dZDfTUTV7UdoX0Q0ozMavK5cIsh+3z3t746ZSyyNO1ATfKUy2RwIKvTMwoPaTpSraaTaWRZiUJ2tdn5W5J2vzX7gnVe1ZqrG3C2oXp5UNlAfduAfg= X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - 105.52.mdt2.com.ar X-AntiAbuse: Original Domain - myserver.biz X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [500 500] X-AntiAbuse: Sender Address Domain - 105.52.mdt2.com.ar Since this whitelist does not respond to reports of abuse I think it should be considered whether to keep it active in spamassassin. -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz Cloud Email Hosting - http://www.qboxmail.com @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: bayes auto expire question
Il 28/08/2012 16:48, Leonardo Verzetti ha scritto: I would like perform a cronjob in order to expire the byes_db. Have i to stop the MTA service before? My server: Slackware 10.2.0 Linux 2.6.34 #1 SMP Tue May 25 12:08:19 CEST 2010 i686 unknown unknown GNU/Linux SpamAssassin version 3.3.2 Perl version 5.8.7 Qmail 1.03 Spamassassin configurathion: bayes_learn_to_journal1 bayes_journal_max_size102400 bayes_expiry_max_db_size25 bayes_auto_expire1 Change your local.cf to bayes_auto_expire 0 and run in crontab sa-learn --force-expire. When we run this cron we stop spamassassin to run the process faster, but should works also when spamassassin is still running. -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Spamhaus and others check at MTA level: how disable in Spamassassin?
Hi, we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level (qmail + rblsmtpd) so we would like to disable this check in spamassassin. So we added this in local.cf: # remove zen.spamhaus tests score __RCVD_IN_ZEN 0 score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 # remove psbl.surriel.org score RCVD_IN_PSBL 0 Is ok? Moreover, we reject at MTA level, connection from IP without rDNS, connection from domains without valid MX or A record, and HELO equals to localhost. We added in local.cf: score RDNS_NONE 0 score NO_DNS_FOR_FROM 0 score RDNS_LOCALHOST 0 Is ok? I dont want assign 0 points, I want disable at all these tests. Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: Spamhaus and others check at MTA level: how disable in Spamassassin?
Benny Pedersen m...@junc.org ha scritto: Den 2012-08-04 11:16, Alessio Cecchi skrev: I dont want assign 0 points, I want disable at all these tests. why not just dissable DNSEval plugin ? No because others DNS based tests are very usefull. -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: Spamhaus and others check at MTA level: how disable in Spamassassin?
Axb axb.li...@gmail.com ha scritto: On 08/04/2012 11:16 AM, Alessio Cecchi wrote: Hi, we are using zen.spamhaus.org and psbl.surriel.com DNSBL at MTA level (qmail + rblsmtpd) so we would like to disable this check in spamassassin. So we added this in local.cf: # remove zen.spamhaus tests score __RCVD_IN_ZEN 0 score RCVD_IN_SBL 0 score RCVD_IN_XBL 0 score RCVD_IN_PBL 0 # remove psbl.surriel.org score RCVD_IN_PSBL 0 Is ok? Moreover, we reject at MTA level, connection from IP without rDNS, connection from domains without valid MX or A record, and HELO equals to localhost. We added in local.cf: score RDNS_NONE 0 score NO_DNS_FOR_FROM 0 score RDNS_LOCALHOST 0 Is ok? I dont want assign 0 points, I want disable at all these tests. http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html Setting a rule's score to 0 will disable that rule from running. (Google is amazing .-) Thanks, and the rules disabled are the right? -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
Re: Specify the user homedir in a non-standard setup (ISP)
Il 27/02/2012 15:12, Sandro Tosi ha scritto: Hello, our mail setup is kinda different than usual configuration: we have a lot of mailboxes all owned by a single userid. The directories tree is composed using a prefix, an elaboration of the domain name (domain.ext - ext/d/o/m/domain), and then the local part. We would like to allow each mailbox (which maps to an email account) to specify the spam preferences and let the MTA (qmail in this case) scan the email at SMTP session. Can we do that with spamassassin 3.3.2 ? Thanks for your help, Hi Sandro, for your configuration the best options is to use Per-User Preferences via SQL instead of plain text file in every single mailbox. When a remote server open an SMTP connetion with your qmail you can call an alternative qmail-queue wrapper that will run spamc -u email@domain for every recipients, spamd will read user preferences via SQL. We use this configuration in many qmail installation with virtual users (vpopmail, LDAP, SQL) where all mailboxes are owned from the same ID and works fine also with a huge number of users. Plus, you can use user preferences in SQL for build custom interfaces or read it from external appliance. Ciao -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Re: Spamassassin 3.3.2 for Ubuntu LTS
Il 08/02/2012 19:18, Benny Pedersen ha scritto: aptitude install python-software-properties add-apt-repository ppa:patrickdk/general-lucid aptitude update aptitude install spamassassin spamc sa-update sa-compile /etc/init.d/spamassassin restart sa-compile needs Mail::SpamAssassin::Plugin::Rule2XSBody in v320.pre else sa-compile is wasted cpu time :-) Yes, I know :-) Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Spamassassin 3.3.2 for Ubuntu LTS
Hi, does anyone know where I can find spamassassin 3.3.2 in deb format for Ubuntu 10.04? Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Re: Spamassassin 3.3.2 for Ubuntu LTS
Il 07/02/2012 11:17, Robert Schetterer ha scritto: Am 07.02.2012 10:58, schrieb Alessio Cecchi: Hi, does anyone know where I can find spamassassin 3.3.2 in deb format for Ubuntu 10.04? Thanks http://packages.ubuntu.com/search?keywords=spamassassinsearchon=namessuite=oneiricsection=all Package spamassassin oneiric (mail): Perl-based spam filter using text analysis 3.3.2-1: all simple recompile the debian way or look in a ppa https://launchpad.net/~patrickdk/+archive/general-lucid/+packages Thanks, ppa is fine for me :-) -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Re: Spamassassin 3.3.2 for Ubuntu LTS
Il 07/02/2012 11:17, Robert Schetterer ha scritto: Am 07.02.2012 10:58, schrieb Alessio Cecchi: Hi, does anyone know where I can find spamassassin 3.3.2 in deb format for Ubuntu 10.04? Thanks [...] or look in a ppa https://launchpad.net/~patrickdk/+archive/general-lucid/+packages Spamassassin update from PPA for Ubuntu 10.04: aptitude install python-software-properties add-apt-repository ppa:patrickdk/general-lucid aptitude update aptitude install spamassassin spamc sa-update sa-compile /etc/init.d/spamassassin restart Bye -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Re: Spam email many have RCVD_IN_DNSWL_MED
Il 11/10/2011 20:58, dar...@chaosreigns.com ha scritto: Thanks to John Hardin for noticing one of these was off. I should've checked them before replying. *None* of these should be hitting RCVD_IN_DNSWL_HI or RCVD_IN_DNSWL_MED, or even RCVD_IN_DNSWL_LOW. Alessio, you have a problem *other* than the data listed by dnswl.org. Start with the X-Spam-RelaysUntrusted header I recommended in my last post. I have found the problem: Google name server On 10/11, Alessio Cecchi wrote: Received: from [175.145.6.37] (unknown [175.145.6.37]) $ host 37.6.145.175.list.dnswl.org Host 37.6.145.175.list.dnswl.org not found: 3(NXDOMAIN) Should not hit any RCVD_IN_DNSWL_* rules. In this installation: # cat /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4 # host 37.6.145.175.list.dnswl.org 37.6.145.175.list.dnswl.org has address 127.0.10.3 Received: from webbox794.server-home.net (webbox794.server-home.net [195.137.213.84]) $ host 84.213.137.195.list.dnswl.org Host 84.213.137.195.list.dnswl.org not found: 3(NXDOMAIN) Should not hit any RCVD_IN_DNSWL_* rules. # host 84.213.137.195.list.dnswl.org 84.213.137.195.list.dnswl.org has address 127.0.10.3 Received: from node-sl626.smtp.com (node-sl626.smtp.com [74.86.21.70]) $ host 70.21.86.74.list.dnswl.org Host 70.21.86.74.list.dnswl.org not found: 3(NXDOMAIN) Should not hit any RCVD_IN_DNSWL_* rules. # host 70.21.86.74.list.dnswl.org 70.21.86.74.list.dnswl.org has address 127.0.10.3 Received: from nm14.bullet.mail.sp2.yahoo.com (nm14.bullet.mail.sp2.yahoo.com [98.139.91.84]) $ host 84.91.139.98.list.dnswl.org 84.91.139.98.list.dnswl.org has address 127.0.5.0 Should hit RCVD_IN_DNSWL_NONE. # host 84.91.139.98.list.dnswl.org 84.91.139.98.list.dnswl.org has address 127.0.10.3 Also from my PC I have the same behaviour if I query google name server: alessice@pc1-linux:~$ nslookup 37.6.145.175.list.dnswl.org 8.8.8.8 Server: 8.8.8.8 Address:8.8.8.8#53 Non-authoritative answer: Name: 37.6.145.175.list.dnswl.org Address: 127.0.10.3 alessice@pc1-linux:~$ nslookup 37.6.145.175.list.dnswl.org 151.99.125.2 Server: 151.99.125.2 Address:151.99.125.2#53 ** server can't find 37.6.145.175.list.dnswl.org: NXDOMAIN I usually configure 127.0.0.1 as resolver, but not in this installation. Why Google name server returns an incorrect value? Thanks! -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Spam email many have RCVD_IN_DNSWL_MED
[98.139.91.14] by tm8.bullet.mail.sp2.yahoo.com with NNFMP; 11 Oct 2011 13:44:21 - Received: from [127.0.0.1] by omp1014.mail.sp2.yahoo.com with NNFMP; 11 Oct 2011 13:44:21 - X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 137695.95300...@omp1014.mail.sp2.yahoo.com Received: (qmail 97348 invoked by uid 60001); 11 Oct 2011 13:44:19 - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1318340659; bh=1HMUhBugUW+lMVvnEdYhcU8rWTE83gS5zBnSTCkFQ4M=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=1Sl8gtfyPOlDZPCQYrlpa+fn/JVmI6k3KSJrjX0aPCQb/5+H3iLfKUHW2KRnda6EP1yNJIyGR9bSeUWncwizO8SSmvmpaweDs33YJFCObHry2+rasQTeYobsIW8s5tIQ4O+BzqEm2ONPn2iUGagbOr/pJfb9w9dFjXP2A4+g+MM= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rocketmail.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=4Rjs6ubybisIURD/dfSyiB5qE5Bhjya5G/0Xjwj2XonxEh8ivy9uNcms5GLUShwm/Rlbpp6AaGkAdFEUV45uQHWu5m0MpkCIByZ/onYqLdmWMJx0+cBxP8UJKaJe8L2T+s6JOMXdGSKQSMrhY/slSVblUwU7HYAueugQl4HHgoM=; X-YMail-OSG: RGffxVIVM1n8CvFSmRRgQrupMMb9Oa9oAy.0JQ5H6DaqQYi Q2LfOtZ9. Received: from [41.218.245.138] by web190214.mail.sg3.yahoo.com via HTTP; Tue, 11 Oct 2011 21:44:16 SGT X-Mailer: YahooMailWebService/0.8.114.317681 Message-ID: 1318340656.62151.yahoomail...@web190214.mail.sg3.yahoo.com Date: Tue, 11 Oct 2011 21:44:16 +0800 (SGT) From: Joseph Darlington josephdarling...@rocketmail.com Reply-To: Joseph Darlington josephdarling...@rocketmail.com Subject: REPLY URGENTLY To: undisclosed recipients: ; Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
Re: Spam email many have RCVD_IN_DNSWL_HI (was MED)
Il 11/10/2011 18:28, Michael Scheidell ha scritto: On 10/11/11 12:18 PM, Alessio Cecchi wrote: I'm an italian user of spamassassin. During the last 3 weeks many spam email have rating cut down by the rules RCVD_IN_DNSWL_MED. Also BAYES_99 can to nothing against this :-( college.. new year, new students, new computers, new worms. as the old saying used to go Its September again (tinc) :-) RCVD_IN_DNSWL_MED means that the ip address owner doesn't spam much, and will take immediate action on spams. (I have an issue with this being applied to a university, where the it/email admin/staff has no control over the students computers) Sorry, I have write MED but the problem is with RCVD_IN_DNSWL_HI as you can see from the headers. Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
spamassassin 3.3.1 for Debian Lenny
Hi, now we are running spamassassin 3.3.0 on debian lenny, package is installed from backports. Nobody knows if it was packaged (.deb) version 3.3.1 for lenny? Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ on LinkedIn - http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it @ LOLUG - Socio http://www.lolug.net
