Re: Spam coming thru w/high score different SA version
I got this email with a high score of 101.6 and the version as 3.0.2. I have my score limit set to 3.5 in my local.cf file. Why wasn't this detected as spam? HEADER OF PROBLEM EMAIL: X-Spam-Status: No, score=-101.6 required=3.5 tests=BAYES_00,FM_NO_STYLE, HTML_80_90,HTML_MESSAGE,USER_IN_WHITELIST autolearn=no version=3.0.2 Sorry, Tracey, the score is a MINUS 101.6. The USER_IN_WHITELIST probably subtracted 100 from the score. -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise email: [EMAIL PROTECTED]
RE: Enabling per user rules in SQL db
Hello Don, I ran into exactly the same problem and I have not been able to get per-user rules to work from mysql. I hacked a workaround but have not revisited it lately. Anyway, here is a patch file for SQL.pm that will give you additional output that may be helpful while you're debugging. This presumes that you're running v3.1.0. --- SQL.pm.org 2005-11-20 12:39:22.0 -0600 +++ SQL.pm 2005-11-20 12:45:06.0 -0600 @@ -125,8 +125,10 @@ my $dbh = DBI-connect($dsn, $dbuser, $dbpass, {'PrintError' = 0}); if ($dbh) { + dbg(config: Conf::SQL: database connection established); my $sql; if (defined($custom_query)) { + dbg(config: Conf::SQL: custom query defined); $sql = $custom_query; my $quoted_username = $dbh-quote($username); my ($mailbox, $domain) = split('@', $username); @@ -139,19 +141,24 @@ $sql =~ s/_DOMAIN_/$quoted_domain/g; } else { + dbg(config: Conf::SQL: using deliverd query); $sql = select $f_preference, $f_value from $f_table where . $f_username = .$dbh-quote($username). - or $f_username = '[EMAIL PROTECTED]' order by $f_username asc; + or $f_username = '\$GLOBAL' order by $f_username asc; } - dbg(config: Conf::SQL: executing SQL: $sql); + dbg(config: Conf::SQL: preparing SQL: $sql); my $sth = $dbh-prepare($sql); if ($sth) { + dbg(config: Conf::SQL: executing SQL: $sql); my $rv = $sth-execute(); if ($rv) { -dbg(config: retrieving prefs for $username from SQL server); +dbg(config: Conf::SQL: retrieving prefs for $username from SQL server); + my $numrows = $sth-rows; +dbg(config: Conf::SQL: retrieved $numrows rows from SQL server); my @row; my $text = ''; while (@row = $sth-fetchrow_array()) { +dbg(config: Conf::SQL: fetched row: $row[0] $row[1]); $text .= (defined($row[0]) ? $row[0] : '') . \t . (defined($row[1]) ? $row[1] : '') . \n; } -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise main office: 847.541.2811 direct line: 815.496.9853 email: [EMAIL PROTECTED]
Re: Notification when user sends email
Hello, Yes, it can be done fairly easily using procmail. We have a client that has a copy of every incoming email forwarded to another account. My personal objections to Big Brother aside, it works nicely. Modifying that recipe so that it fires only when the From: address is [EMAIL PROTECTED] is trivial. Dale
Re: Notification when user sends email
Hello, You will need to modify it where I am extracting the username part of the email address from the To: address. That is where you will want to examine the From: address instead. Note that I am altering the subject to insert the original username in front of the subject so that messages in the bigbrother account can be sorted by their original recipients. Note that this recipe will need to be in /etc/procmailrc so that it is processed for all incoming messages. Hope this helps. SHELL=/bin/sh LOGFILE=/var/log/procmail.log TODAY=`date +%Y-%m-%d` #VERBOSE=yes # forward a copy of all incoming messages :0 * [EMAIL PROTECTED] * ! ^X-Loop: mynosydomain\.com { # extract subject SUBJECT=`formail -cxSubject:` # get the To: address without comments :0h: CLEANTO=|formail -cxTo: # username portion :0: * CLEANTO ?? ^\/[EMAIL PROTECTED] { TO_USER=$MATCH } # insert X-Loop header :0fwh: | formail -A X-Loop: mynosydomain.com # deliver the original :0c: ${DEFAULT} # alter the subject :0fw: | formail -i Subject: [$TO_USER] $SUBJECT # deliver the copy with the altered subject :0: ! [EMAIL PROTECTED] } Dale
Re: Notification when user sends email
Hello, It looks like the server that is hosting our email doesn't have procmail configured with qmail. Further the provider won't support it Procmail is installed, but this seems a lot less intuitive than I thought at first. Would there be a less intruisive way to do this? All I really need to know is if a user sent a mail to anyone in the company, not the content of the email. Thanks for all of the help thus far, you guys are great! There may be another way of doing it, but this is the simplest way I know. You need to examine every incoming message to the box and isolate those that are to be delivered to an address in a specific domain. Once you've isolated the incoming messages you care about, you further need to isolate those messages from a specific sender. You can then throw away the message body and forward just the headers on to another address. I don't know of a better way than procmail. Sorry I can't be of more help. Dale
Re: Checking outgoing email?
Robert, I noticed that Spamassassin checks outgoing email for spam. Can it be turned off? If so how? Would turning it off cause any issues? On SA 3.1 on Fedora Core 2. Presumably since you're asking about this, you're probably running sendmail and calling SA using a milter like spamass-milter. It works fine but as you say checks outgoing and incoming because sendmail calls the milter for ALL messages. it's up to the milter to figure out incoming vs outgoing. If you're using spamass-milter I have a patch that will prevent SA calls on outgoing mail. -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise main office: 847.541.2811 direct line: 815.496.9853 email: [EMAIL PROTECTED]
sql prefs - results and debugging patch for SQL.pm included - suggestions please
Hello, OS: RHES 3.0 SA 3.1.0 MySQL 4.1.12 spamd start (for testing): spamd -q -D -x -p in another ssh session: echo -e From: user\nTo:user\nSubject: Test\n\n | spamc -u 'dale' -p This way I can test sql userprefs without affecting the running spamd listening on 783. Here is the output from the spamc side: From: user To:user Subject: Test Note that there is no indication of any scanning taking place. Here is the output from the spamd side: [29347] info: spamd: connection from frodo [127.0.0.1] at port 53771 [29347] dbg: config: Conf::SQL: database connection established [29347] dbg: config: Conf::SQL: using deliverd query [29347] dbg: config: Conf::SQL: preparing SQL: select preference, value from userpref where username = 'dale' or username = '$GLOBAL' order by username asc [29347] dbg: config: Conf::SQL: executing SQL: select preference, value from userpref where username = 'dale' or username = '$GLOBAL' order by username asc [29347] dbg: config: Conf::SQL: retrieving prefs for dale from SQL server [29347] dbg: config: Conf::SQL: retrieved 12 rows from SQL server [29347] dbg: config: Conf::SQL: fetched row: score SPF_FAIL 5 [29347] dbg: config: Conf::SQL: fetched row: score UNPARSEABLE_RELAY 3 [29347] dbg: config: Conf::SQL: fetched row: score RCVD_ILLEGAL_IP 4 [29347] dbg: config: Conf::SQL: fetched row: score SPF_HELO_FAIL 5 [29347] dbg: config: Conf::SQL: fetched row: required_score 5 [29347] dbg: config: Conf::SQL: fetched row: rewrite_header Subject *** Potential SPAM (_SCORE_) *** [29347] dbg: config: Conf::SQL: fetched row: whitelist_from [EMAIL PROTECTED] [29347] dbg: config: Conf::SQL: fetched row: whitelist_from [EMAIL PROTECTED] [29347] dbg: config: Conf::SQL: fetched row: whitelist_from [EMAIL PROTECTED] [29347] dbg: config: Conf::SQL: fetched row: required_score 6 [29347] dbg: config: Conf::SQL: fetched row: whitelist_from [EMAIL PROTECTED] [29347] dbg: config: Conf::SQL: fetched row: report_safe 1 [29335] dbg: prefork: new lowest idle kid: 29478 [29335] info: spamd: handled cleanup of child pid 29347 due to SIGCHLD [29335] dbg: prefork: child closed connection [29335] info: prefork: child states: I [29616] dbg: prefork: sysread(8) not ready, wait max 300 secs [29335] info: spamd: server successfully spawned child process, pid 29616 [29335] dbg: prefork: child 29616: entering state 0 [29335] dbg: prefork: new lowest idle kid: 29478 [29335] dbg: prefork: child 29616: entering state 1 [29335] dbg: prefork: new lowest idle kid: 29478 [29335] dbg: prefork: child reports idle [29335] info: prefork: child states: II To get this debugging output, I patched SQL.pm as follows: --- SQL.pm.org 2005-11-20 12:39:22.0 -0600 +++ SQL.pm 2005-11-20 12:45:06.0 -0600 @@ -125,8 +125,10 @@ my $dbh = DBI-connect($dsn, $dbuser, $dbpass, {'PrintError' = 0}); if ($dbh) { + dbg(config: Conf::SQL: database connection established); my $sql; if (defined($custom_query)) { + dbg(config: Conf::SQL: custom query defined); $sql = $custom_query; my $quoted_username = $dbh-quote($username); my ($mailbox, $domain) = split('@', $username); @@ -139,19 +141,24 @@ $sql =~ s/_DOMAIN_/$quoted_domain/g; } else { + dbg(config: Conf::SQL: using deliverd query); $sql = select $f_preference, $f_value from $f_table where . $f_username = .$dbh-quote($username). - or $f_username = '[EMAIL PROTECTED]' order by $f_username asc; + or $f_username = '\$GLOBAL' order by $f_username asc; } - dbg(config: Conf::SQL: executing SQL: $sql); + dbg(config: Conf::SQL: preparing SQL: $sql); my $sth = $dbh-prepare($sql); if ($sth) { + dbg(config: Conf::SQL: executing SQL: $sql); my $rv = $sth-execute(); if ($rv) { -dbg(config: retrieving prefs for $username from SQL server); +dbg(config: Conf::SQL: retrieving prefs for $username from SQL server); + my $numrows = $sth-rows; +dbg(config: Conf::SQL: retrieved $numrows rows from SQL server); my @row; my $text = ''; while (@row = $sth-fetchrow_array()) { +dbg(config: Conf::SQL: fetched row: $row[0] $row[1]); $text .= (defined($row[0]) ? $row[0] : '') . \t . (defined($row[1]) ? $row[1] : '') . \n; } Thanks in advance for any suggestions. -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise main office: 847.541.2811 direct line: 815.496.9853 email: [EMAIL PROTECTED]
test for sql user prefs fails - debug not helpful - followup
Hello, The db name, username, and password all had underscores, so I renamed the db, added a new user, and set a password without an underscore in any of them. No change. I had read a post that suggested the parser might be confused by some unexpected characters so I removed the underscores. Running spamassassin --lint --debug --nocreate-prefs is clean with no errors or warnings. Any suggestions? -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise main office: 847.541.2811 direct line: 815.496.9853 email: [EMAIL PROTECTED]
test for sql user prefs fails - debug not helpful
Hello, OS: RHES 3.0 SA 3.1.0 spamd start options: SPAMDOPTIONS=-d -D -q -x -m5 -H -u qscand --max-conn-per-child=10 spamass-milter 0.3.0 spamass-milter start options: SM_EXTRA_FLAGS=-i xx.xxx.xx.0/24 -r 21 -u qscand -x -- -f -s 64000 Here is the output from running spamd -q -D, then running echo -e From: user\nTo:user\nSubject: Test\n\n | spamc -u dale from a different ssh session: [28798] dbg: config: Conf::SQL: executing SQL: select preference, value from userpref where username = 'dale' or username = '@GLOBAL' order by username asc [28798] dbg: config: retrieving prefs for dale from SQL server [27688] dbg: prefork: new lowest idle kid: 29185 [27688] info: spamd: handled cleanup of child pid 28798 due to SIGCHLD [27688] dbg: prefork: child closed connection [27688] info: prefork: child states: I [29505] dbg: prefork: sysread(8) not ready, wait max 300 secs [27688] info: spamd: server successfully spawned child process, pid 29505 [27688] dbg: prefork: child 29505: entering state 0 [27688] dbg: prefork: new lowest idle kid: 29185 [27688] dbg: prefork: child 29505: entering state 1 [27688] dbg: prefork: new lowest idle kid: 29185 [27688] dbg: prefork: child reports idle [27688] info: prefork: child states: II The executing SQL looks OK, as does the retrieving prefs for dale, but nothing happens after that. I have verified the username/password and that the user has select privileges (actually has select, delete, insert, update). I have installed the squirrelmail plugin for users to manage their whitelists/blacklists. Any suggestions? -- Dale Morin, Mustang Internet Services, Inc. Support Without Compromise main office: 847.541.2811 direct line: 815.496.9853 email: [EMAIL PROTECTED]