Re: warnings with sa-compile?
On 2/10/23 06:10, Dan Mahoney (Gushi) wrote: Hey there all. Hello. 1) Are these known issues. Not sure, but I have the same problem. 2) Is it worth filing a bug? I guess so, but I'm not sure if this is something worth reporting here; maybe to FreeBSD. I've been wanting to look into this, but, alas, time is always too scarce :( bye av.
Re: Messages from outer clients marked as spam
On 1/26/23 09:02, giova...@paclan.it wrote: MIMEDefang 2.84 will syntetize an header like: by $hostname (envelope-sender $Sender) (MIMEDefang) with ESMTP id $MessageID" even for authenticated emails while MIMEDefang 2.85+ will inject ESMTPA header for authenticated emails. This will change which SpamAssassin rules are triggered. Hello. I can confirm updating MIMEDefang to 2.86 solved this. Thanks to everyone. bye av.
Re: Messages from outer clients marked as spam
On 1/26/23 08:23, Matus UHLAR - fantomas wrote: So, I'm tempted to conclude that I don't need to mess with internal_networks, msa_networks, and trusted_networks, Not here Ok. clients submitting mail without authentication (which was very common >10 years ago and still persists somewhere). Dreadful :) or call synthesize_received_header in MIMEDefang. With milter, you need to synthetize Received: header, because milter does see the mail as it came to your MTA, without the locally added Received: header. So, this is possibly the problem. I'll investigate. (I'll also need to upgrade/patch MIMEDefang before I can use this. Thanks Giovanni for pointig this out! I guess this will save me a lot of would be wasted time). I guess it's just because of this Received: header that wasn't seen when mimedefang processed the mail. Hmm, then how could spamassassin possibly apply PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAMIC,... rules? Where does it get the source IP from? I only see it there and in an X-Authentication-Warning header (but I guess MIMEDefang would also not see this one). Perhaps there are other Received: headers in the e-mail? Absolutely not. There's only the one I posted. bye & Thanks av.
Re: Messages from outer clients marked as spam
On 1/25/23 12:37, Matus UHLAR - fantomas wrote: just the headers should be enough. You can also post headers on site like pastebin. Trying again, with fewer details... Looking at a quarantined message, the only received header is (anonymized): Received: from [192.168.xxx.xxx] (xxx-xxx-xxx-xxx.dyn.eolo.it [xxx.xxx.xxx.xxx]) (authenticated bits=0) by xx.x.xx (8.17.1/8.17.1) with ESMTPSA id 30G71OZ7043441 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Mon, 16 Jan 2023 08:01:24 +0100 (CET) (envelope-from ....@x.xx) Running this message through "spamassassin -D -t", I get: dbg: received-header: parsed as [ ip=xxx.xxx.xxx.xxx rdns=xxx-xxx-xxx-xxx.dyn.eolo.it helo=!192.168.xxx.xxx! by=xx.x.xx ident= envfrom=....@x.it intl=0 > dbg: received-header: authentication method ESMTPSA dbg: received-header: relay xxx.xxx.xxx.xxx trusted? yes internal? yes msa? no So, I'm tempted to conclude that I don't need to mess with internal_networks, msa_networks, and trusted_networks, or call synthesize_received_header in MIMEDefang. Also, strangely, running through the command line, this give a score close to 0 now. We also have the ALL_TRUSTED rule which Alas, for some reason, this does not seem to trigger :( bye & Thanks av.
Re: Messages from outer clients marked as spam
On 1/24/23 19:01, Matus UHLAR - fantomas wrote: Can you post the Received: headers? I'm trying... I've prepared a long and detailed message, but it doesn't seem to come through... Curious if this simpler message will... bye & Thanks av.
Re: Messages from outer clients marked as spam
On 1/23/23 17:53, Bill Cole wrote: Hello. SA4 has been in ports for a while. MD3.x should be but is not. This is unlikely to be relevant to your problem. Yes, I know, but on HEAD. I'm using quarterly port branch (currently 2023Q1), otherwise, with so frequent changes, maintenance would be a nightmare. bye & Thanks av. P.S. To you, Bill and Giovanni: I read all your suggestions. I'm not replying right now, because I want to investigate them before. Thanks, in the meantime.
Re: Messages from outer clients marked as spam
On 1/23/23 16:58, Reindl Harald wrote: split inbound and outbound mail on different servers and run a dedicated SA instance for submission port - clients don't have a business connecting to port 25 at all Thanks for answering. Having two mail servers is something we have considered: while possible, and maybe beneficial for other reasons too, we'd like to avoid the hassle, if we can achieve the goal in other ways. bye & Thanks av. P.S. Clients don't connect to 25; they use 465. However sendmail currently always pass the messages to MIMEDefang/SpamAssassin, independent of the port that is used (25, 587, 465).
Messages from outer clients marked as spam
Hello. I've got a long standing server, where I run FreeBSD (13.1) + sendmail (8.17.1) + MIMEDefang (2.84) + SpamAssassin (3.4.6). (I know there are more recent versions, but that's what ports currently provide). This has been working perfectly for years. Since the beginning of this year, however, incoming (SMTP authenticated) mail from clients outside the LAN is marked as spam. E.g. X-Spam-Score: 10.756 (**) BAYES_00,KAM_DMARC_REJECT,KAM_DMARC_STATUS,KAM_LOTSOFHASH,KHOP_HELO_FCRDNS,LOTS_OF_MONEY,PDS_RDNS_DYNAMIC_FP,RCVD_IN_PBL,RCVD_IN_ZEN_LASTEXTERNAL,RDNS_DYNAMIC,SPF_FAIL,TO_EQ_FM_DOM_SPF_FAIL Right now I instructed MIMEDefang to avoid passing authenticated mails to SpamAssassin, but this is not what I ideally want. (If a client gets compromised...). My real wish would be to always run messages through SpamAssassin, but avoid RBL/SPF/DMARC/dynamic IPs/etc... checks for those that come from an authenticated client, as these rules make no sense in that case. What's the best practice to achieve this result? bye & Thanks av.
Re: Linux, Twitter, Mysql, Github, etc, all plan to remove blacklist and whitelist, master and slave.
On 2020-07-11 00:32, Mark London wrote: Spamassassin is not alone. Quote: "If a lot of people believe in something stupid, it just doesn't stop being stupid".
Re: Missing optional modules
On 2020-05-03 00:42, Jos Chrispijn wrote:
[spamassassin-3.4.4 + FreeBSD 12.1-RELEASE-p4]
Dear list members,
Using this version I get the following warning lines when I update:
May 2 12:00:06.917 [82826] dbg: diag: [...] optional module not installed:
Geo::IP ('require' failed)
May 2 12:00:06.917 [82826] dbg: diag: [...] optional module not installed:
IP::Country::DB_File ('require' failed)
Can someone tell me which packages I should install to solve this issue? I
already installed all Geo_IP and Country related packages,
Which is which packages?
but SA still misses the required modules.
I have:
# pkg info|grep -i geo
geoipupdate-4.2.2 Fetch the latest copies of the GeoIP2 databases
libmaxminddb-1.4.2 Library for the MaxMind DB file format used for
GeoIP2
p5-GeoIP2-2.006002 Perl API for MaxMind GeoIP2 web services and
databases
p5-Geography-Countries-2009041301_1 Handle ISO-3166 country codes
py37-GeoIP2-3.0.0 MaxMind GeoIP2 Python API
The Python one, though, should have nothing to do with SpamAssassin.
bye
av.
Re: Spam rule for HTTP/HTTPS request to sender's root domain
On 2019-03-01 07:21, Mike Marynowski wrote: For anyone who wants to play around with this, the DNS service has been posted. You can test the existence of a website on a domain or any of its parent domains by making DNS queries as follows: subdomain.domain.com.httpcheck.singulink.com Hello. I was getting around to test this, but I can't seem to reach the service. Is it still active? bye & Thanks av.
Re: Spam rule for HTTP/HTTPS request to sender's root domain
On 2/28/19 3:40 PM, Mike Marynowski wrote: Right now the test plugin I've built makes a single HTTP request for each email while I evaluate this but I'll be building a DNS query endpoint or a local domain cache to make it more efficient before putting it into production. Please keep us updated: I love the idea. bye & Thanks av.
Re: SOUGHT 2.0
On 12/04/14 18:49, Axb wrote: A few have shown interest but as there hasn't been the flood of enthusiasm and stuff getting done which I hoped for so I've dropped the idea of getting a public autogenerated rule set / sa-update channel going. Hello. With the risk of sounding stupid... I would be interested, and I *might* be willing to help, but it is not clear to me what I could do for the task (not even getting to whether I've got what is needed). Maybe your project would be more succesful if you provided a rough guide on what anyone can do? I run a few spamassassing sites, but would that be enough? What should I collect and send? How? ... bye & Thanks av.
SpamAssassin losing Sought's GPG key
Hello. I'm running SpamAssassin on several FreeBSD box (7.3 and 8.1, i386 and amd64) with Sought rules. On each of them I have this in crontab: sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org Problem is the server will often lose the GPG.key, so I have to issue: wget http://yerp.org/rules/GPG.KEY sa-update --import GPG.KEY Any hint on why I have to repeatedly do this? bye & Thanks av.
Mail-Field-Received
Hello. Is anyone using the above PERL library? Is it working fine for you? I think I'm experiencing some bugs, but I'm used the latest version. However, that seems to be quite old. Is it still supported? Can you suggest any replacement? bye & Thanks av.
