Per user blacklist
I have setup SpamAssassin 2.64, and qmail-scanner 1.23 on FreeBSD with perl-5.8.4 and have been using them separately with great success. However, I have decided to use qmail-scanners ability to run SpamAssassin as the mail is processed. And, I have this working to a point (i.e. the mail is flagged correctly accoring to rules), but I cannot get the blacklist to be recongized. Spamd is running as root. Spamc is called from the qmail-scanner-queue.pl script with -u qscand. qscand is the user whose rules I would like to have used. In debug, I see the following logmsg: handle_user: unable to find user '[EMAIL PROTECTED]'! logmsg: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. I understand not being able to find the user [EMAIL PROTECTED] since this server is simply a relay for scanning, etc. before the e-mail is delivered to the Exchange server. My thinking was that with the -u option whenever a user is not found, the rules in the /home/qscand/.spamassassin directory would be used. The other thing that is puzzling is that I have added, for testing purposes, my e-mail address to the blacklist for nobody, and once the e-mail is received, I am not being identified as a blacklisted sender. If I add the blacklist entry to local.cf, I am properly identified as a blacklisted send. How do I force SpamAssassin to use a particular user's rules, as opposed to nobody, when the user is not found? Any ideas what I might be doing wrong with the blacklists? Thanks for all your help. Jay
Re: Rule problem (.exe attachments)
[EMAIL PROTECTED] wrote: Jay Hall wrote: I am experiencing a problem with one of my rules that I cannot seem to find. I have the following rules defined. rawbody __RAW_EXE_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_VBS_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_COM_ATTACHMENT/filename=\".*\.com\"/i rawbody __RAW_PIF_ATTACHMENT/filename=\".*\.pif\"/i rawbody __RAW_CMD_ATTACHMENT/filename=\".*\.cmd\"/i rawbody __RAW_BAT_ATTACHMENT/filename=\".*\.bat\"/i meta ATTACHMENT_RULES (__RAW_EXE_ATTACHMENT || __RAW_VBS_ATTACHMENT || __RAW_COM_ATTACHMENT || __RAW_PIF_ATTACHMENT || __RAW_CMD_ATTACHMENT || __RAW_BAT_ATTACHMENT) score ATTACHMENT_RULES 25.00 Any attachments listed above will be properly identified as and the tests run with the exception of an EXE attachment. A filename with an .exe extension is not flagged. I have added an additional rule that checks for an .exe attachment, that is not part of the meta rule, and I receive the same results. This leads me to believe there is something wrong with my test for .exe attachments. I am running SA 2.64, spamd, and it is invoked from q-mail. Any suggestions would be greatly appreciated. Thanks in advance for your assistance. Jay Hall How about trying: rawbody ATTACHMENT_RULES /filename=\"?.*\.(?:exe|vbs|com|pif|cmd|bat|cpl|scr)\"?\s*$/i score ATTACHMENT_RULES 25.00 Note: added .cpl and .scr added end-of-line test $ to avoid false positives on things like "example.com contract.doc" made quotes optional [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," I went back through the e-mail logs this evening, and e-mails with an exe attachment were being scored correctly until last night about 7:00 pm. Is it possible there is something wrong with one of the bayes files? Thanks for your help. Jay
Re: Rule problem (.exe attachments)
[EMAIL PROTECTED] wrote: Jay Hall wrote: I am experiencing a problem with one of my rules that I cannot seem to find. I have the following rules defined. rawbody __RAW_EXE_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_VBS_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_COM_ATTACHMENT/filename=\".*\.com\"/i rawbody __RAW_PIF_ATTACHMENT/filename=\".*\.pif\"/i rawbody __RAW_CMD_ATTACHMENT/filename=\".*\.cmd\"/i rawbody __RAW_BAT_ATTACHMENT/filename=\".*\.bat\"/i meta ATTACHMENT_RULES (__RAW_EXE_ATTACHMENT || __RAW_VBS_ATTACHMENT || __RAW_COM_ATTACHMENT || __RAW_PIF_ATTACHMENT || __RAW_CMD_ATTACHMENT || __RAW_BAT_ATTACHMENT) score ATTACHMENT_RULES 25.00 Any attachments listed above will be properly identified as and the tests run with the exception of an EXE attachment. A filename with an .exe extension is not flagged. I have added an additional rule that checks for an .exe attachment, that is not part of the meta rule, and I receive the same results. This leads me to believe there is something wrong with my test for .exe attachments. I am running SA 2.64, spamd, and it is invoked from q-mail. Any suggestions would be greatly appreciated. Thanks in advance for your assistance. Jay Hall How about trying: rawbody ATTACHMENT_RULES /filename=\"?.*\.(?:exe|vbs|com|pif|cmd|bat|cpl|scr)\"?\s*$/i score ATTACHMENT_RULES 25.00 Note: added .cpl and .scr added end-of-line test $ to avoid false positives on things like "example.com contract.doc" made quotes optional [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," I changed the rules as you suggested, but e-mails with exe attachments are still not being marked as SPAM. However, others are. Following are the headers from an e-mail sent with an exe attachment. To: [EMAIL PROTECTED] Subject: EXE Test 1 - exe Content-Type: multipart/mixed; boundary="050409040702070007040104" X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mnea-hq.mnea.org X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.64 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 29 Sep 2004 22:12:44.0170 (UTC) FILETIME=[71AA06A0:01C4A671] If I am reading the headers correctly, it appears the attachment tests were not done in this case. The file attached to the message was vncviewer.exe. What additional information should I be looking for to troubleshoot this problem? Thanks for your help. Jay
Rule problem (.exe attachments)
I am experiencing a problem with one of my rules that I cannot seem to find. I have the following rules defined. rawbody __RAW_EXE_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_VBS_ATTACHMENT/filename=\".*\.exe\"/i rawbody __RAW_COM_ATTACHMENT/filename=\".*\.com\"/i rawbody __RAW_PIF_ATTACHMENT/filename=\".*\.pif\"/i rawbody __RAW_CMD_ATTACHMENT/filename=\".*\.cmd\"/i rawbody __RAW_BAT_ATTACHMENT/filename=\".*\.bat\"/i meta ATTACHMENT_RULES (__RAW_EXE_ATTACHMENT || __RAW_VBS_ATTACHMENT || __RAW_COM_ATTACHMENT || __RAW_PIF_ATTACHMENT || __RAW_CMD_ATTACHMENT || __RAW_BAT_ATTACHMENT) score ATTACHMENT_RULES 25.00 Any attachments listed above will be properly identified as and the tests run with the exception of an EXE attachment. A filename with an .exe extension is not flagged. I have added an additional rule that checks for an .exe attachment, that is not part of the meta rule, and I receive the same results. This leads me to believe there is something wrong with my test for .exe attachments. I am running SA 2.64, spamd, and it is invoked from q-mail. Any suggestions would be greatly appreciated. Thanks in advance for your assistance. Jay Hall