Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

On Fri, 2024-01-19 at 15:15 +0100, Benny Pedersen wrote:
> Byung-Hee HWANG skrev den 2024-01-19 11:12:
> 
> > I rely on DNSWL for the reputable MX.
> 
> if repution is 100% needed we all have to make local rescore on all 
> local mails, since repution is to be local, not external just
> 
> i consider dnswl level 0 to be possitive scored, and let the other 
> levels be negative, this fits nicely, but was not designed to be so
> in 
> mta stage
> 

I think "reputation" is a somewhat political term. And each person has
different standards. So it's quite difficult to give a detailed
response to your feedback.

Happy new year, Benny!


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

Hellow Thomas,

> But it drops it into the spam folder every time. So when I'm sending 
> emails to someone's alias, they have to check their spam folder. Even
> when they mark it as "not spam," GMail still drops it into the spam 
> folder. It's very frustrating.
> 

There is a filtering rule in Gmail:

*Never send it to Spam*

I apply that rule to extremely important emails such as debian-bugs-
dist and debian-devel-announce.


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

On Fri, 2024-01-19 at 08:34 +, Marc wrote:
> > > Byung-Hee HWANG skrev den 2024-01-08 12:27:
> > > 
> > > > Gmail is my last INBOX. That's enough for me.
> > > 
> > > +1, so you are ready to setup google mx ? :)
> > > 
> > 
> > Hellow Benny,
> > 
> > Actually i used Google MX for 10 years. Recently, i created
> > dedicated
> > MXs and am continuing to operate them. Plus, the dedicated MXs run
> > on
> > Google Cloud and RimuHosting.
> > 
> > I terminated my Google Workspace commercial account. 2 years ago.
> > 
> 
> Hi Byung and Benny, are you having a nice MX party? :)
> 

Hellow Marc,

I rely on DNSWL for the reputable MX.


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

On Mon, 2024-01-08 at 17:17 +0100, Benny Pedersen wrote:
> Byung-Hee HWANG skrev den 2024-01-08 12:27:
> 
> > Gmail is my last INBOX. That's enough for me.
> 
> +1, so you are ready to setup google mx ? :)
> 

Hellow Benny,

Actually i used Google MX for 10 years. Recently, i created dedicated
MXs and am continuing to operate them. Plus, the dedicated MXs run on
Google Cloud and RimuHosting.

I terminated my Google Workspace commercial account. 2 years ago. 


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

> 
> This is not a good advice. Whoever filters SPF at SMTP time will
> reject that 
> message. Gmail is not the only mail service available.

Hellow Matus,

Gmail is my last INBOX. That's enough for me.


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: Question about forwarding email (not specifically SA, pointers greatly appreciated)

[Byung-Hee HWANG]

> 
> I built email servers for a non-profit I volunteer for. If email
> comes 
> into the server for presid...@myassociation.org, I would normally
> just 
> create an alias in /etc/aliases so that emails to president@ get 
> forwarded to the president's "real" email address, say 
> presidents_real_em...@gmail.com.
> 
> The problem is, when I send email to presid...@myassociation.org,
> gmail 
> rejects the forwarded email because it appears to come from my
> personal 
> domain, not the mythical myassociation.org domain. DKIM, DMARC, and
> SPF 
> all fail, which I totally understand.
> 
> How can I make this work? 


Hellow Thomas,

See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043539#88


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: about DKIMwl.org

[Byung-Hee HWANG]

Dear Matus,

Matus UHLAR - fantomas  writes:

> On 15.03.22 22:21, Byung-Hee HWANG wrote:
>>By chance, i found some site dkimwl.org on googling. Well i like very
>>much dkim based white-lists. How credible is that dkimwl.org? And how
>>can i use that stuff with SpamAssassin?
>
> looks like it's used already:
>
> 72_scores.cf:score DKIMWL_BL 0.001 2.996 0.001 
> 2.996
> 72_scores.cf:score DKIMWL_BLOCKED0.001 0.001 0.001 
> 0.001
> 72_scores.cf:score DKIMWL_WL_HIGH 0.001 -1.498 0.001 -1.498
> 72_scores.cf:score DKIMWL_WL_MED 0.001 -0.001 0.001 -0.001
> 72_scores.cf:score DKIMWL_WL_MEDHI 0.001 -0.001 0.001 -0.001

Oh thanks!

> and I have already disables using of this  check for autolearning:
>
> tflags   DKIMWL_WL_HIGH  noautolearn net nice

Thanks again, Matus ^^^

Sincerely, Byung-Hee from South Korea

-- 
^고맙습니다 _和合團結_ 감사합니다_^))//

about DKIMwl.org

[Byung-Hee HWANG]

Hello,

By chance, i found some site dkimwl.org on googling. Well i like very
much dkim based white-lists. How credible is that dkimwl.org? And how
can i use that stuff with SpamAssassin?

Thanks in advance!

Sincerely, Byung-Hee from South Korea

-- 
^고맙습니다 _救濟蒼生_ 감사합니다_^))//

Re: SPF_NONE scoring

[Byung-Hee HWANG]

Hellow Greg,

Greg Troxel  writes:

> [...]
> Lots of people think SPF is silly.  And spammers spamming from a domain
> they control can even dkim/dmarc.   So I agree that actual data would be
> interesting.

I totally agree with you, thanks!

Sincerely, Byung-Hee

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Re: Spam by IP-address? Spamassassin with geoiplookup?

[Byung-Hee HWANG (황병희, 黃炳熙)]

Dear Thomas,

Thomas Barth  께서 쓰시길,
 《記事 全文 <5eddfcdb-957c-e7c0-b133-a40c7ab37...@txbweb.de> 에서》:

> Hello,
>
> is it possible to use geoiplookup with Spamassassin? I want to reject
> all mails as spam not send in my country or another second country,
> but accept whitelisted mailing list addresses. Any chance to use
> geoiplookup for this? I want to exclude Spammer Countries e.g. China,
> Thaiwan, India, etc...

There are many people to contribute for FOSS projects all around the
world. You would be reconsideration about blocking by countries.

Sincerely,

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Re: problem with custom rbl and addressess ipv6

[Byung-Hee HWANG]

Marcin Mirosław mar...@mejor.pl writes:
 I'm using SA-3.3.1, NetAddr-IP-4.033.
 May you give any advice?

Sorry, i don't know about 3.3.1 Version. By the way there is somewhat
similar patchs for IPv6. You would check out as following:

 http://www.imasy.or.jp/~ume/ipv6/

Sincerely,

-- 
소여물 황병희(黃炳熙) | .. 출항 15분전..

Ah, young fellow. People tell me you're rich.
-- Fanucci, Chapter 14, page 197


pgpDXMPUx26HM.pgp
Description: PGP signature

Re: SPF technical problems (was Re: email address forgery)

[Byung-Hee HWANG]

Michael Scheidell michael.scheid...@secnap.com writes:

 On 11/15/10 11:43 AM, David F. Skoll wrote:

 As it stands now, the SPF spec permits so much waffling that it might as
 well not be used.

 Regards,

 then don't use it:

I don't use SPF, thanks!

-- 
소여물 황병희(黃炳熙) | .. 출항 15분전..

Johnny, not in the face, I'm making a picture.
-- Margot Ashton, Chapter 1, page 12


pgp9Bin63u053.pgp
Description: PGP signature

Re: [sa-list] Re: [sa-list] Re: Spamd and ipv6

[Byung-Hee HWANG]

Dan Mahoney, System Admin wrote:

On Mon, 1 Dec 2008, SM wrote:


At 23:01 30-11-2008, Dan Mahoney, System Admin wrote:
So then, you're saying the behavior for ipv4 and ipv6 is somehow 
different?


If you start spamd without specifying the IP addresses to listen on, 
spamd will listen on the 127.0.0.1 IP address only.


And on an ip6 enabled system, where will spamc localhost try to 
connect to first?  127.0.0.1 or ::1?


Are you using FreeBSD or NetBSD? If so, i understand you. Unfortunately, 
SA developers do not care about IPv6 yet. So here SA program at first do 
action with 127.0.0.1 than ::1, i guess ;;


[...]

byunghee

Re: Checking for SPF DKIM Checks

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

mouss wrote:
 Byung-Hee HWANG wrote:
 mouss wrote:
 [...]
 let's start with DKIM.

 do you have
 loadplugin Mail::SpamAssassin::Plugin::DKIM

 + i'm use with following rule ;;
 score DKIM_VERIFIED-45.3

 
 then you won't catch spam relayed by yahoo, ... etc.
 
Well, i don't care. I accept the emails passed by DKIM, anyway..

byunghee
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkXNfMACgkQsCouaZaxlv4prwCgve415FYyvkY9QqT157uWKoD/
C0MAn1Ui/mRXH23KL1kagqJxZb6oVArW
=aZNI
-END PGP SIGNATURE-

Re: Checking for SPF DKIM Checks

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

mouss wrote:
[...]
 let's start with DKIM.
 
 do you have
 loadplugin Mail::SpamAssassin::Plugin::DKIM

+ i'm use with following rule ;;
score DKIM_VERIFIED -45.3

byunghee



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkXIOwACgkQsCouaZaxlv4GawCeNmUcIaKwhoIWY2wJCqyvwZ7n
oNkAn0dc3f+TiBR5erKkioQRQNj9rk/t
=MMuX
-END PGP SIGNATURE-

Re: Checking for SPF DKIM Checks

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Matus UHLAR - fantomas wrote:
 On 10.11.08 04:11, Byung-Hee HWANG wrote:
 Well, i don't care. I accept the emails passed by DKIM, anyway..
 
 Matus UHLAR - fantomas wrote:
 so you intentionally create false negatives just because they are DKIM
 signed?
 
 On 10.11.08 07:34, Byung-Hee HWANG wrote:
 My answer is Yes if i should say. Because of the spam case is the
 concern of the hosting, not DKIM. Yahoo and Google are trying for the
 such spam case.
 
 Let's get serious. If you had reading specs of RFC4408 and RFC4871, you
 know the role of both SPF and DKIM. Exactly both SPF and DKIM are tools
 for anti-pishing, not anti-spam (at here i defined the term SPAM as
 UCE). Sometimes we received the spam passed DKIM from Yahoo and
 Google. However. We have no way to stop the such spam in this time.
 Because stopping the such spam is not DKIM's scope.
 
 I _know_ the scope of SPF and DKIM. They both don't say that mail is ham or
 the spam, they only say if it's forged:
[...snip...]
The above statement is what i wanted to hear from you ;;

[...snip...]
 Giving them that big negative (well... low) score is just stupid.
 
 I strongly advise you to remove that customisation and let other rules do
 their job. Otherwise you'll get flooded by spammers who DKIM-sign their
 spam.

Thanks for advice. But, nevertheless, i'll keep the score -45.3 for
DKIM_VERIFIED. That's only my concern. OK, if you want to see my the
customization, see following:

URL:http://izb.knu.ac.kr/~bh/stuff/izb-spamassassin-local.cf.example

byunghee

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkXfUwACgkQsCouaZaxlv6KAQCgikobNguI/oKoPoRidsqUBMUl
nVkAn0X0Ts+iexnqmMOJWhn/jtNWM4Sq
=/cSL
-END PGP SIGNATURE-

Re: Checking for SPF DKIM Checks

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Matus UHLAR - fantomas wrote:
 mouss wrote:
 Byung-Hee HWANG wrote:
 mouss wrote:
 [...]
 let's start with DKIM.
 do you have
 loadplugin Mail::SpamAssassin::Plugin::DKIM
 + i'm use with following rule ;;
 score DKIM_VERIFIED-45.3

 then you won't catch spam relayed by yahoo, ... etc.
 
 On 10.11.08 04:11, Byung-Hee HWANG wrote:
 Well, i don't care. I accept the emails passed by DKIM, anyway..
 
 so you intentionally create false negatives just because they are DKIM
 signed?

My answer is Yes if i should say. Because of the spam case is the
concern of the hosting, not DKIM. Yahoo and Google are trying for the
such spam case.

Let's get serious. If you had reading specs of RFC4408 and RFC4871, you
know the role of both SPF and DKIM. Exactly both SPF and DKIM are tools
for anti-pishing, not anti-spam (at here i defined the term SPAM as
UCE). Sometimes we received the spam passed DKIM from Yahoo and
Google. However. We have no way to stop the such spam in this time.
Because stopping the such spam is not DKIM's scope.

So what we says DKIM is bad is wasting times for the spam passed DKIM
from Yahoo and Google. As same step, we cannot say SPF is bad. We need
to talk more about this issue.

byunghee
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkXZZMACgkQsCouaZaxlv6gowCghrzT8q+km/AlSMw7sxsjJkHA
bW4An1yJ2QLUYfMI24X53xIhU5dv6Zc6
=j8qH
-END PGP SIGNATURE-

Re: Phishing rules?

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Micah Anderson wrote:
[...]
 Report them where exactly?
 
 Here is an example one I received recently, note the hideously low bayes
 score on this one, caused it to autolearn as ham even, grr.
 
 
 From [EMAIL PROTECTED] Fri Oct 31 20:00:45 2008
 Return-Path: [EMAIL PROTECTED]
 X-OfflineIMAP-x792266711-4c6f63616c-494e424f58: 
 1225549253-0134941395044-v6.0.3
 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on spamd2.riseup.net
 X-Spam-Level: 
 X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
   autolearn=ham version=3.2.5
 Delivered-To: [EMAIL PROTECTED]
 Received: from mx1.riseup.net (unknown [10.8.0.3])
   by cormorant.riseup.net (Postfix) with ESMTP id 58BFA19581F7
   for [EMAIL PROTECTED]; Fri, 31 Oct 2008 20:00:40 -0700 (PDT)
 Received: from master.debian.org (master.debian.org [70.103.162.29])
   by mx1.riseup.net (Postfix) with ESMTP id AA4465701D1
   for [EMAIL PROTECTED]; Fri, 31 Oct 2008 20:00:39 -0700 (PDT)
[...]
Contact debian.org's list manager instead of other actions. That's more
reasonable. And more, i think we need to study about DKIM specification
[RFC4871] to make the Internet of trust ;;

byunghee
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkNE/oACgkQsCouaZaxlv5YqACeIozvqJ96tTKm4oLnRySHAfc1
xUIAoI0G4FXr+PqdqvULxm0V+xZOSP77
=8NV0
-END PGP SIGNATURE-

Re: OT: DNS restrictions for a mail server

[Byung-Hee HWANG]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sebastian Ries wrote:
 Hi there
 
 I just want to know some opinions on the following DNS Setup for a mail
 server:
 
 # host -t MX example.com
 example.com mail is handled by 100 mail.example.com.
 
 # host mail.example.com
 mail.example.com is an alias for hostname.example.com.
 hostname.example.com has address 1.2.3.4
 
 # host 1.2.3.4
 4.3.2.1.in-addr.arpa domain name pointer hostname.example.com.
 
 The mailserver (postfix) connects saying it is hostname.example.com.
 
 
 Should this be a correct setup?

It looks like CNAME error. See RFC 974 ;;

 One partner we want to send mails to does BOUNCE mails with
 554 5.7.1 DNS Blacklisted by in-addr.arpa (in reply to MAIL FROM
 command)
 Do you think this is correct?
 
 I think this also prevents from getting mail from googlemail:
 [EMAIL PROTECTED]:~$ host -t MX googlemail.com
 googlemail.com mail is handled by 5 gmail-smtp-in.l.google.com.
 googlemail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
 googlemail.com mail is handled by 10 alt2.gmail-smtp-in.l.google.com.
 googlemail.com mail is handled by 50 gsmtp147.google.com.
 googlemail.com mail is handled by 50 gsmtp183.google.com.
 [EMAIL PROTECTED]:~$ host gmail-smtp-in.l.google.com.
 gmail-smtp-in.l.google.com has address 209.85.129.27
 gmail-smtp-in.l.google.com has address 209.85.129.114
 [EMAIL PROTECTED]:~$ host 209.85.129.27
 27.129.85.209.in-addr.arpa domain name pointer fk-in-f27.google.com.
 
 Is this true?

Google is true. That's basic rule of DNS ;;

 Regards
 Sebastian Ries
 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkBS1kACgkQB00DNxnlnTarngCeI+GYTLl3iA0i/0p4xFEuiyor
CYAAnApt9bzG2ng+MYmAmjHfphyJudBm
=75AD
-END PGP SIGNATURE-

[SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)

[Byung-Hee HWANG]

The Rule in local.cf: 
whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org

The Result:
http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING

Patched by:
http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz

respect,
bh

-- 
I am willing to sacrifice my commercial interests for the common good.
-- Vito Corleone, Chapter 20, page 291

Re: [SOLVED] (Was: Re: ipv6 and whitelist_rcvd_from)

[Byung-Hee HWANG]

On Sat, 2007-11-17 at 14:09 -0600, McDonald, Dan wrote:
 On Sun, 2007-11-18 at 04:46 +0900, Byung-Hee HWANG wrote:
  The Rule in local.cf: 
  whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org
  
  The Result:
  http://izb.knu.ac.kr/~bh/stuff/IPv6-SpamAssassin-TESTING
  
  Patched by:
  http://www.imasy.org/~ume/ipv6/Mail-SpamAssassin-3.2.0-ipv6-20070603.diff.gz
  
  respect,
 
 Is there a bug on http://issues.apache.org/SpamAssassin/ so that this
 will be fixed for everyone?

Well, for now, i don't think SA developers like IPv6. If IPv6 users
increase more than now, then this bug will be fixed by SA developers.
Just i will wait until then.

respect,
bh

-- 
I made the peace, remember, I can't go back on my word.
-- Vito Corleone, Chapter 28, page 399

Re: what does whitelist_from act on

[Byung-Hee HWANG]

On Fri, 2007-11-16 at 08:25 -0500, Matt Kettler wrote:
 Byung-Hee HWANG wrote:
  On Fri, 2007-11-16 at 13:27 +0530, K Anand wrote:

  Matt Kettler wrote:
  
  K Anand wrote:

  I have whitelist_from [EMAIL PROTECTED] in my conf.
  As per the docs, they say that whitelist_from  will act on
 
  Envelope-Sender
  Resent-Sender
  X-Envelope-From
  From
  
  In addition, the ``envelope sender'' data, taken from the SMTP envelope
  data where this is available, is looked up. See |envelope_sender_header|.
 
  So it should also, by default, match the Return-Path header.
 
  *HOWEVER* that assumes the header is present at the time of scanning.
  Normally this header is not present at the MTA layer. It's a delivery
  agent thing.
 
   Many MTA layer SA integration tools create a fake return-path header
  and then remove it.
 
  SimScan (which you appear to use) doesn't do this, at least, the last
  person who was asking about the same basic problem (although it was
  relating to SPF, it still was failing due to lack of envelope
  information at scan time).
 
  You might be able to use the same solution he did, which patches qmail
  to add the envelope-from information to your Received: headers.
 
  See also:
 
  http://wiki.apache.org/spamassassin/QmailSpfPatch
 

  I'm using qmailtoaster which is netqmail + some patches which include a 
  patch for spf (http://www.saout.de/misc/spf/). [...]
  
 
  your matter's point is not the Sender Policy Framework (SPF).  

 Yes, I know that. Please read the post where I suggested the SPF patch
 might fix his problem.

Matt, i didn't tell you. why did you reply for me? i was rather agreeing
with you on the spf's mention.   

okay anyway you shoud make him(K Anand) do the spf patching with qmail. 

-- 
Until that time we have to guard against all treacheries.
-- Vito Corleone, Chapter 20, page 296

Re: what does whitelist_from act on

[Byung-Hee HWANG]

On Fri, 2007-11-16 at 13:27 +0530, K Anand wrote:
 Matt Kettler wrote:
  K Anand wrote:
  I have whitelist_from [EMAIL PROTECTED] in my conf.
  As per the docs, they say that whitelist_from  will act on
 
  Envelope-Sender
  Resent-Sender
  X-Envelope-From
  From
  In addition, the ``envelope sender'' data, taken from the SMTP envelope
  data where this is available, is looked up. See |envelope_sender_header|.
  
  So it should also, by default, match the Return-Path header.
  
  *HOWEVER* that assumes the header is present at the time of scanning.
  Normally this header is not present at the MTA layer. It's a delivery
  agent thing.
  
   Many MTA layer SA integration tools create a fake return-path header
  and then remove it.
  
  SimScan (which you appear to use) doesn't do this, at least, the last
  person who was asking about the same basic problem (although it was
  relating to SPF, it still was failing due to lack of envelope
  information at scan time).
  
  You might be able to use the same solution he did, which patches qmail
  to add the envelope-from information to your Received: headers.
  
  See also:
  
  http://wiki.apache.org/spamassassin/QmailSpfPatch
  
 
 
 I'm using qmailtoaster which is netqmail + some patches which include a 
 patch for spf (http://www.saout.de/misc/spf/). [...]

your matter's point is not the Sender Policy Framework (SPF).  
 
-- 
Some people want to kill you, understand? But I'm here so don't be afraid.
Why should I be afraid now? Strange men have come to kill me ever since I was
twelve years old.
-- Michael Corleone and Vito Corleone, Chapter 9, page 123

Re: Skip SA checks for mails from SA list

[Byung-Hee HWANG]

On Wed, 2007-11-14 at 15:09 +0530, K Anand wrote:
 K Anand wrote:
  Byung-Hee HWANG wrote:
  hi,
 
  On Wed, 2007-11-14 at 11:43 +0530, K Anand wrote:
  Matus UHLAR - fantomas wrote:
  On 13.11.07 15:52, K Anand wrote:
  Received: from unknown (HELO mail.apache.org) (140.211.11.2)
  configure your smtp server to add DNS data to Received: line.
  *list_from_rcvd doesn't work without list
 
  (although it could be worth adding IP or CIDR check in such cases)
 
  I use qmail. Do I have to do anything extra to get it to put this info ?
 
  you just tell qmail to do rDNS. it is very easy. there is no problem.
 
  respect,
  bh
 
  Finally managed to get it working...Thanx to all.
  
  Anand
  
 
 
 A small problem..
 
 X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00 
 autolearn=ham version=3.1.1
 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
 
 Still this is not getting tagged into whitelist.
 
 This is my whitelist rule.
 
 whitelist_from_rcvd [EMAIL PROTECTED]  hermes.apache.org

well, i have no good idea about this matter. here is my config.

http://izb.knu.ac.kr/~bh/stuff/izb-spamassassin-local.cf.example

my spamassassin is running with postfix under freebsd ;;
and the above rule works fine for me ;;

respect,
bh

-- 
He's a responsible man in his own way.
-- Michael Corleone, Chapter 25, page 363

Re: Remove local spamassassin folder

[Byung-Hee HWANG]

On Wed, 2007-11-14 at 08:55 -0600, Dean Clapper wrote:
 How do I setup spamassassin not to automatically create 
 /home/user/.spamassassin folder.  If I create a new email account it 
 automatically creates the folder.

man spamd

-x, --nouser-config   Disable user (...)

respect,
bh 

 Is it a flag in the spamassassin service that runs? 

-- 
Lawyers can steal more money with a briefcase than a thousand men with guns
and masks.
-- Vito Corleone, Chapter 14, page 218

ipv6 and whitelist_rcvd_from

[Byung-Hee HWANG]

the my spamassassin rule is as follow:

whitelist_from_rcvd [EMAIL PROTECTED] mx2.freebsd.org

and here is the recieved header with spamassassin:

Received: by pinus.izb.knu.ac.kr (Postfix, from userid 59)
id 66A1D3ECD; Tue, 13 Nov 2007 17:00:05 +0900 (KST)
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
pinus.izb.knu.ac.kr
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=15.1
tests=ALL_TRUSTED,DKIM_SIGNED,
TVD_SPACE_RATIO autolearn=disabled version=3.2.3
X-Spam-Comment: DKIM? See http://www.google.com/search?btnIq=RFC+4871
Received: from mx2.freebsd.org (mx2.freebsd.org
[IPv6:2001:4f8:fff6::35])
by pinus.izb.knu.ac.kr (Postfix) with ESMTP id 75DE43ECB
for [EMAIL PROTECTED]; Tue, 13 Nov 2007 17:00:04 +0900 (KST)

as you can see above, there is no whitelist result. it does not work
anymore, since i enabled ipv6. what can i do for solving this matter?
i'm using 3.2.3 under freebsd.

-- 
You can start by acting like a man. LIKE A MAN!
-- Vito Corleone, Chapter 1, page 36

Re: ipv6 and whitelist_rcvd_from

[Byung-Hee HWANG]

hi,

On Tue, 2007-11-13 at 03:22 -0500, Daryl C. W. O'Shea wrote:
 Byung-Hee HWANG wrote:
  as you can see above, there is no whitelist result. it does not work
  anymore, since i enabled ipv6. what can i do for solving this matter?
 
 You can go back to using ipv4 or use another whitelist method such as 
 whitelist_from_spf/dkim/dk/auth.  Although unless you've got an ipv4 
 relay somewhere to delimit your network boundary you may have issues 
 with those options as well.  You may have to (if you must stick to ipv6 
 for your mail relay) rewrite the relay header (or insert another one) so 
 it looks like an ipv4 relay.
 
 Support for ipv6 in SA goes as far as that it will for the most part not 
 throw errors if it sees an ipv6 address where it wants an ipv4 address.
 
 There hasn't been any real work done on implementing ipv6 support since, 
 AFAIK, none of the SA developers have any real need for it at present. 
 It's something I've wanted to implement for a few years now but haven't 
 had both the time and tuits to do it at the same time.

thanks for quick reply, and i solved with whitelist_from instead
whitelist_from_rcvd under ipv6 ;;

respect,
bh

-- 
Never mind being a dance judge, do your job. Take a walk around the
neighborhood and see everything is OK.
-- Peter Clemenza, Chapter 1, page 20

Re: ipv6 and whitelist_rcvd_from

[Byung-Hee HWANG]

ah.. sorry.. the subject was wrong..

ipv6 and whitelist_rcvd_from === ipv6 and whitelist_from_rcvd

respect,
bh

On Tue, 2007-11-13 at 17:27 +0900, Byung-Hee HWANG wrote:
 hi,
 
 On Tue, 2007-11-13 at 03:22 -0500, Daryl C. W. O'Shea wrote:
  Byung-Hee HWANG wrote:
   as you can see above, there is no whitelist result. it does not work
   anymore, since i enabled ipv6. what can i do for solving this matter?
  
  You can go back to using ipv4 or use another whitelist method such as 
  whitelist_from_spf/dkim/dk/auth.  Although unless you've got an ipv4 
  relay somewhere to delimit your network boundary you may have issues 
  with those options as well.  You may have to (if you must stick to ipv6 
  for your mail relay) rewrite the relay header (or insert another one) so 
  it looks like an ipv4 relay.
  
  Support for ipv6 in SA goes as far as that it will for the most part not 
  throw errors if it sees an ipv6 address where it wants an ipv4 address.
  
  There hasn't been any real work done on implementing ipv6 support since, 
  AFAIK, none of the SA developers have any real need for it at present. 
  It's something I've wanted to implement for a few years now but haven't 
  had both the time and tuits to do it at the same time.
 
 thanks for quick reply, and i solved with whitelist_from instead
 whitelist_from_rcvd under ipv6 ;;
 
 respect,
 bh
 
-- 
But his ultimate aim is to enter that society with a certain power since
society doesn't really protect its members who do not have their own
individual power.
-- Michael Corleone, Chapter 25, page 363

Re: Skip SA checks for mails from SA list

[Byung-Hee HWANG]

On Tue, 2007-11-13 at 14:58 +0530, K Anand wrote:
 K Anand wrote:
  
  Matt Kettler wrote:
 
  
  As an alternative,  you can use whitelist_from_spf or
  whitelist_from_rcvd on the list's return-path. From there, you can
  configure shortcircuiting to bypass the rest of SA and bayes_ignore_from
  to prevent learning.
 
  Would this be OK
 
  whitelist_from_rcvd [EMAIL PROTECTED]   spamassassin.apache.org
 
  
  read the doc. I think it should be
  
  whitelist_from_rcvd [EMAIL PROTECTED]  hermes.apache.org
  
  This is what is the rdns for the mail relay that is sending me mails 
  from the list.
  
 
 I tried this but rule is not triggered...So something is wrong. Can 
 anyone help ?

in my case, the rule works fine.

whitelist_from_rcvd [EMAIL PROTECTED] hermes.apache.org

here is the shot:

Received: by pinus.izb.knu.ac.kr (Postfix, from userid 59)
id E9FE13ECD; Tue, 13 Nov 2007 18:26:07 +0900 (KST)
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
pinus.izb.knu.ac.kr
X-Spam-Level: 
X-Spam-Status: No, score=-37.7 required=15.1
tests=DKIM_SIGNED,DKIM_VERIFIED,
RCVD_IN_DNSWL_MED,USER_IN_WHITELIST autolearn=disabled
version=3.2.3
X-Spam-Comment: DKIM? See http://www.google.com/search?btnIq=RFC+4871
Received: from mail.apache.org (hermes.apache.org [140.211.11.2])
by pinus.izb.knu.ac.kr (Postfix) with SMTP id A7E1F3ECB
for [EMAIL PROTECTED]; Tue, 13 Nov 2007 18:25:58 +0900 (KST)

respect,
bh

-- 
Did you do the job on Sollozzo?
Both of them.
Sure?
I saw their brains.
-- Tessio and Michael Corleone, Chapter 11, page 151

Re: URICountry not working - any clue?

[Byung-Hee HWANG]

hi,
 
On Sun, 2007-11-11 at 04:56 -0800, SpankTheSpam wrote:
 Hi
 
 I have installed URICountry plugin along with p5-Mail-SpamAssassin-3.2.3 and
 amavisd-new-2.5.2,1 and have added few rules, and one to test it in my
 local.cf:
[...]

well, imho, its using is not fair to over the world. because there
regarding spam country may/might be a little bit pure email users. we
can use another way instead of the dangerous way. i would like to here
some opinion about that..

respect,
bh

-- 
If by some misfortune an honest man like yourself made enemies they would 
become my enemies and then, believe me, they would fear you.
Be my friend. I accept.
-- Vito Corleone and Amerigo Bonasera, Chapter 1, page 32-33

Re: URICountry not working - any clue?

[Byung-Hee HWANG]

hi,

On Tue, 2007-11-13 at 08:04 -0500, Matt Kettler wrote:
 Byung-Hee HWANG wrote:
  hi,
   
  On Sun, 2007-11-11 at 04:56 -0800, SpankTheSpam wrote:

  Hi
 
  I have installed URICountry plugin along with p5-Mail-SpamAssassin-3.2.3 
  and
  amavisd-new-2.5.2,1 and have added few rules, and one to test it in my
  local.cf:
  
  [...]
 
  well, imho, its using is not fair to over the world. because there
  regarding spam country may/might be a little bit pure email users. we
  can use another way instead of the dangerous way. i would like to here
  some opinion about that..
 

 
 Uricountry, relaycountry, etc are all quite useful, but I agree their
 use must be reasonably tempered.
 
 I strongly disagree with using either of these systems to assign more
 than half your spam threshold to any message. Country of origin or
 hosting site alone is not a very good sole criteria for declaring a
 message to be spam.
 
 However, in my case I do receive a few nonspam messages from Korea each
 year, like this message for example, and all are quite clearly nonspam
 and technical in nature... I also receive around a thousand spam
 messages that were sent from infected hosts in Korea each year (mostly
 controlled by American spammers). As a result, I assign 1.5 points (of a
 5.0 threshold) to messages delivered to my network from Korea. This
 helps catch some of the more evasive spam, but I also have yet to have
 it cause a single false positive on a nonspam message. (Your message
 would have totaled 1.5/5.0 if it was sent directly, as it caught no
 other positive scoring rules)
 
 This is even more true for web hosting. There's no reason an american
 company can't have a website hosted overseas. So many of their products
 are made there, so why shouldn't the websites be hosted there?
 
 Unfortunately, like any rule, there's a lot of admins out there who
 think in absolutes, and assign absurd scores to rules. This is, of
 course, highly contrary to the whole design of SpamAssassin, which
 exists because Justin got tired of single-criteria decisions for spam
 causing false positives. I guess there's a human tendency to see a high
 probability and treat that as proof positive. (We all like to
 over-simplify things).
 
 I guess I failed to point out to spankthespam that using a 54 point
 score on a rule is quite unwise.

your opinion is resonable, thanks!

respect,
bh

-- 
Why do they bother your father with business on a day like this?
Because they know that by tradition no Sicilian can refuse a request on his
daughter's wedding day.
-- Kay Adams and Michael Corleone, Chapter 1, page 26-27

Re: Skip SA checks for mails from SA list

[Byung-Hee HWANG]

hi,

On Wed, 2007-11-14 at 11:43 +0530, K Anand wrote:
 Matus UHLAR - fantomas wrote:
  On 13.11.07 15:52, K Anand wrote:
 
  Received: from unknown (HELO mail.apache.org) (140.211.11.2)
  
  configure your smtp server to add DNS data to Received: line.
  *list_from_rcvd doesn't work without list
  
  (although it could be worth adding IP or CIDR check in such cases)
  
 
 I use qmail. Do I have to do anything extra to get it to put this info ?

you just tell qmail to do rDNS. it is very easy. there is no problem.

respect,
bh

-- 
As the CONSIGLIERE, you agree that it's dangerous to the Don and our Family
to let Sollozzo live?
Yes.
-- Michael Corleone and Tom Hagen, Chapter 11, page 145

Re: Disabling URIDNSBL plugin

[Byung-Hee HWANG]

Hi Justin,

On Fri, 2007-10-19 at 13:09 -0700, Justin Kim wrote:
 Hi All,
 
 I need a help.
 I don't know what is causing my postfix server to defer messages couple of
 times daily.
 When postfix server is deferring messages, our users does not get the email
 delivery until the deferring action is done.
 It usually takes 5 mins to 10 mins.
 I was looking at the maillog. I couldn't find the cause.
 
 Postfix + Spamassassin + Amavisd-new + Dovecot works great except this issue
 of deferring messages.
 By looking at the logs, I can only tell there is something that keeps one
 spam checking process running for 5~10 mins.
 I was thinking of disabling URIDNSBL from spamassassin.
 Would this cause any problem?
 I still want to have similar performance of discarding spams like now. I
 haven't had any or not many of the false positive reports so far.
 
 Any comments or constructive advice would be appreciated.

For the solution, 
I think you would better talk with [EMAIL PROTECTED] ;;

Sincerely,

-- 
Byung-Hee HWANG [EMAIL PROTECTED] * আমি তোমাকে ভালোবাসি
InZealBomb, Kyungpook National University, KOREA

I spoke for the good of the Family, not for myself. I can take care of
myself.
-- Tessio, Chapter 28, page 399

Re: Advice on MTA blacklist

[Byung-Hee HWANG]

On Tue, 2007-10-09 at 17:34 +0200, R.Smits wrote:
 Hello,
 
 Which spam blacklists do you use in your MTA config. (postfix)
 smptd_client_restrictions
 
 Currently we only use : reject_rbl_client list.dsbl.org
 
 We let spamassassin fight the rest of the spam. But the load of spam is
 getting to high for our organisation. Wich list is safe enough to block
 senders at MTA level ?
 
 Spamhaus, or spamcop ?
 
 I would like to hear some advice or maybe your current setup ?
 

I would like to recommend this: (that includes rbl lists) 
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

-- 
Byung-Hee HWANG [EMAIL PROTECTED]

As he drove Johnney home, Nino thought that if that was success, he didn't
want it.
-- the Nino Valenti's inside, Chapter 13, page 189