Re: Spamassassin and exim4
On Wed, Oct 17, 2007 at 08:48:55AM -0700, Steven Kurylo wrote: My question is - Does spamassassin scan the mail for each recipient? or does it scan only once? If it is the later I would not expect spamassassin to fall over each time one of these mailouts is sent. Is this due to it being in the acl of exim? does anyone have any advice on how to avoid this? It depends how you're calling SA, which ACL do you have it in? If its in the data acl, then it should only be called once. Your log files should tell you whats happening, look at /var/log/mail.log. Hi, Yes using the data acl. I had assumed this was the default behaviour as it makes sense, The server must just be under more load than I thought! Cheers
Spamassassin and exim4
Hi all, debian testing spamassassin 3.2.1 exim4-deamon-heavy 4.67 At present I have a huge amount of rule files loaded on to a system that does not process alot of mail (including sa-blacklist). This works fine the majority of the time but falls over as soon as someone at the office sends a mailout to their customers. My question is - Does spamassassin scan the mail for each recipient? or does it scan only once? If it is the later I would not expect spamassassin to fall over each time one of these mailouts is sent. Is this due to it being in the acl of exim? does anyone have any advice on how to avoid this? If any other info is required please let me know. Best Regards, Mark
Re: /etc/spamassassin or /var/lib/spamassassin?
Hi, Thanks for your reply. I replied with the answer to my problems to another post, It was caused by an odd USER_IN_WHITELIST definition in the openprotect sa-update channel. Removing there rules and setting up my own script sorted it out. Cheers, Mark On Mon, Apr 02, 2007 at 12:49:18PM -0400, Bowie Bailey wrote: Mark Adams wrote: Ok, Fair enough.. I will change this listing to a whitelist_from_rcvd as I assume this list is farmed by spammers. (Should be using that always of course!) Header below. Envelope-to: [EMAIL PROTECTED] Received: from hopnet.hopkins.co.uk ([10.0.0.23] helo=mail.hopkins.co.uk) by hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt9-0005j0-CG for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from [195.110.64.125] (helo=smtp.uk.colt.net) by mail.hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt4-0005FR-5z for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from mail.pdcmltd.co.uk (unknown [213.86.218.37]) by smtp.uk.colt.net (Postfix) with ESMTP id 721B2126151; Wed, 28 Mar 2007 08:42:47 +0100 (BST) Content-Class: urn:content-classes:message Content-Transfer-Encoding: 7bit Subject: Bury St Edmunds - Unit SU34 Importance: normal Priority: normal MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C7710E.58A560A4 Date: Wed, 28 Mar 2007 08:54:43 +0100 Message-ID: [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.607 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Bury St Edmunds - Unit SU34 thread-index: AcdxDTLGeReHjG9FQsG+HfB3+1kiMg== From: Guy Graham [EMAIL PROTECTED] To: James Stonard [EMAIL PROTECTED], Steve Sawyer [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Lindsay,Peter [EMAIL PROTECTED], Tony White [EMAIL PROTECTED] Cc: Ivan Stephenson [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_ X-Original-Recipient: [EMAIL PROTECTED] This is a multi-part message in MIME format. whitelist.cf contents: whitelist_from [EMAIL PROTECTED] I added your whitelist line to my local.cf, saved these headers in a file and tested. $ spamassassin -t testmsg.txt pts rule name description -- -- 1.6 FROM_DOMAIN_NOVOWELFrom: domain has series of non-vowel letters -100 USER_IN_WHITELIST From: address is in the user's white-list I'm not sure what's happening for you, but this hits just fine for me. -- Bowie
Re: Whitelist scoring question
Hi Anthony, I was using Openprotect's SARE update channel for my standard sare rules. I am not sure exactly what the issue was, but believe it was due to a redefined USER_IN_WHITELIST that they have somewhere in their rule set. To correct the issue, I removed all cf files that were updated from this channel (everything in /var/lib/spamassassin). I have now setup my own script to update the standard SARE rule sets that I believe are useful for my clients. Testing after these changes clearly shows the whitelist hits, without any impact on the spam blocking (no extra spam is getting through). Regards, Mark On Fri, Mar 30, 2007 at 08:50:12AM +0100, Anthony Peacock wrote: Hi Mark, Can you be more specific? Was someone/thing changing your whitelist file? Mark Adams wrote: Hi All, I would like to note that this problem has been corrected, and was due to an external automatic updating source. Thanks for all the help that has been provided. Regards, Mark On Thu, Mar 29, 2007 at 03:50:52PM +0100, Mark Adams wrote: I have changed my reporting template, and now get this information Content analysis details: (4.0 points, 5.0 required) pts rule name description -- -- 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix variant) 3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels) So the whitelisting is definatly not working. A lint of the file shows it is reading the cf file, and I have checked the whitelist_from entry is correct a thousand times. Does anyone have any idea what could be going on here? On Wed, Mar 28, 2007 at 07:52:20PM +0100, Mark Adams wrote: Thanks, I did run exactly that, and got the output that I posted. Do you have any idea why I might be getting such a limited output? What do you have set for reporting purposes in your local.cf file? Regards, Mark On Wed, Mar 28, 2007 at 01:31:16PM -0500, maillist wrote: Mark Adams wrote: You could run: spamassassin --test-mode message, and see what it is scoring. Hi There, I have tried this, and get the below result. --_=_NextPart_001_01C7710E.58A560A4-- hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 This does not show whitelist hits, should it? Regards, Mark Yes, if you run spamassassin --test-mode message, it should show something like this: Content analysis details: (-104.0 points, 7.0 required) pts rule name description -- -- -1.0 SPF_HELO_PASS SPF: HELO matches SPF record -100 USER_IN_WHITELIST From: address is in the user's white-list -3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] -=Aubrey=- -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: /etc/spamassassin or /var/lib/spamassassin?
Hi, I have changed my reporting so it provides more information, and run --test-mode with a message marked as spam, that should be whitelisted whitelist.cf contents: whitelist_from [EMAIL PROTECTED] when running spamassassin -D --lint, I see the following line [18351] dbg: config: read file /etc/spamassassin/whitelist.cf But when running test mode I still do not get any reports on it being hit by the whitelist. Help! On Wed, Mar 28, 2007 at 03:51:43PM +0100, Mark Adams wrote: On Thu, Mar 22, 2007 at 04:40:27PM -0400, Bowie Bailey wrote: Mark Adams wrote: On Fri, Mar 02, 2007 at 10:06:51AM -0500, Bowie Bailey wrote: Is it scoring the whitelist lower or is it just not hitting? Can you post your whitelist rule and the headers from an example message? And why do you think this message should have hit the whitelist? Show me the From line in the email. Hi, Header excerpt below. Once again help appreciated. From: Guy Graham [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 X-Original-Recipient: [EMAIL PROTECTED]
Re: /etc/spamassassin or /var/lib/spamassassin?
Thanks for you reply. Why would this make any difference? The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From The only header that matches is From: which is the header I posted below. It seems as if it is not reading the whitelist_from entries at all. Or whitelisting is somehow disabled, is that possible? On Thu, Mar 29, 2007 at 02:19:06PM +0100, Anthony Peacock wrote: Hi, I would think we need to see the FULL headers of this example email before anyone can comment. Mark Adams wrote: Hi, I have changed my reporting so it provides more information, and run --test-mode with a message marked as spam, that should be whitelisted whitelist.cf contents: whitelist_from [EMAIL PROTECTED] when running spamassassin -D --lint, I see the following line [18351] dbg: config: read file /etc/spamassassin/whitelist.cf But when running test mode I still do not get any reports on it being hit by the whitelist. Help! On Wed, Mar 28, 2007 at 03:51:43PM +0100, Mark Adams wrote: On Thu, Mar 22, 2007 at 04:40:27PM -0400, Bowie Bailey wrote: Mark Adams wrote: On Fri, Mar 02, 2007 at 10:06:51AM -0500, Bowie Bailey wrote: Is it scoring the whitelist lower or is it just not hitting? Can you post your whitelist rule and the headers from an example message? And why do you think this message should have hit the whitelist? Show me the From line in the email. Hi, Header excerpt below. Once again help appreciated. From: Guy Graham [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 X-Original-Recipient: [EMAIL PROTECTED] -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: /etc/spamassassin or /var/lib/spamassassin?
Ok, Fair enough.. I will change this listing to a whitelist_from_rcvd as I assume this list is farmed by spammers. (Should be using that always of course!) Header below. Envelope-to: [EMAIL PROTECTED] Received: from hopnet.hopkins.co.uk ([10.0.0.23] helo=mail.hopkins.co.uk) by hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt9-0005j0-CG for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from [195.110.64.125] (helo=smtp.uk.colt.net) by mail.hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt4-0005FR-5z for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from mail.pdcmltd.co.uk (unknown [213.86.218.37]) by smtp.uk.colt.net (Postfix) with ESMTP id 721B2126151; Wed, 28 Mar 2007 08:42:47 +0100 (BST) Content-Class: urn:content-classes:message Content-Transfer-Encoding: 7bit Subject: Bury St Edmunds - Unit SU34 Importance: normal Priority: normal MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C7710E.58A560A4 Date: Wed, 28 Mar 2007 08:54:43 +0100 Message-ID: [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.607 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Bury St Edmunds - Unit SU34 thread-index: AcdxDTLGeReHjG9FQsG+HfB3+1kiMg== From: Guy Graham [EMAIL PROTECTED] To: James Stonard [EMAIL PROTECTED], Steve Sawyer [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Lindsay,Peter [EMAIL PROTECTED], Tony White [EMAIL PROTECTED] Cc: Ivan Stephenson [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_ X-Original-Recipient: [EMAIL PROTECTED] This is a multi-part message in MIME format. On Thu, Mar 29, 2007 at 03:03:10PM +0100, Anthony Peacock wrote: Hi, Because, more often than not, the reason that whitelisting is not matching is that the headers you think are matching are not. Or there is a type in the whitelist.cf file. By not allowing us to see the entire header, you are making us guess. Mark Adams wrote: Thanks for you reply. Why would this make any difference? The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From The only header that matches is From: which is the header I posted below. It seems as if it is not reading the whitelist_from entries at all. Or whitelisting is somehow disabled, is that possible? On Thu, Mar 29, 2007 at 02:19:06PM +0100, Anthony Peacock wrote: Hi, I would think we need to see the FULL headers of this example email before anyone can comment. Mark Adams wrote: Hi, I have changed my reporting so it provides more information, and run --test-mode with a message marked as spam, that should be whitelisted whitelist.cf contents: whitelist_from [EMAIL PROTECTED] when running spamassassin -D --lint, I see the following line [18351] dbg: config: read file /etc/spamassassin/whitelist.cf But when running test mode I still do not get any reports on it being hit by the whitelist. Help! On Wed, Mar 28, 2007 at 03:51:43PM +0100, Mark Adams wrote: On Thu, Mar 22, 2007 at 04:40:27PM -0400, Bowie Bailey wrote: Mark Adams wrote: On Fri, Mar 02, 2007 at 10:06:51AM -0500, Bowie Bailey wrote: Is it scoring the whitelist lower or is it just not hitting? Can you post your whitelist rule and the headers from an example message? And why do you think this message should have hit the whitelist? Show me the From line in the email. Hi, Header excerpt below. Once again help appreciated. From: Guy Graham [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 X-Original-Recipient: [EMAIL PROTECTED] -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw -- Anthony Peacock CHIME, Royal Free University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas. -- George Bernard Shaw
Re: /etc/spamassassin or /var/lib/spamassassin?
I should also mention, we have a gateway mail server hence the extra header. the spam scanning is done on the first header, so for proof this is pasted below. Regards, From [EMAIL PROTECTED] Wed Mar 28 08:48:11 2007 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Received: from [195.110.64.125] (helo=smtp.uk.colt.net) by mail.hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt4-0005FR-5z for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from mail.pdcmltd.co.uk (unknown [213.86.218.37]) by smtp.uk.colt.net (Postfix) with ESMTP id 721B2126151; Wed, 28 Mar 2007 08:42:47 +0100 (BST) Content-Class: urn:content-classes:message Content-Transfer-Encoding: 7bit Subject: Bury St Edmunds - Unit SU34 Importance: normal Priority: normal MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C7710E.58A560A4 Date: Wed, 28 Mar 2007 08:54:43 +0100 Message-ID: [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.607 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Bury St Edmunds - Unit SU34 thread-index: AcdxDTLGeReHjG9FQsG+HfB3+1kiMg== From: Guy Graham [EMAIL PROTECTED] To: James Stonard [EMAIL PROTECTED], Steve Sawyer [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Lindsay,Peter [EMAIL PROTECTED], Tony White [EMAIL PROTECTED] Cc: Ivan Stephenson [EMAIL PROTECTED] X-Redirect-To: [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 This is a multi-part message in MIME format. On Thu, Mar 29, 2007 at 03:11:15PM +0100, Mark Adams wrote: Ok, Fair enough.. I will change this listing to a whitelist_from_rcvd as I assume this list is farmed by spammers. (Should be using that always of course!) Header below. Envelope-to: [EMAIL PROTECTED] Received: from hopnet.hopkins.co.uk ([10.0.0.23] helo=mail.hopkins.co.uk) by hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt9-0005j0-CG for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from [195.110.64.125] (helo=smtp.uk.colt.net) by mail.hopkins.co.uk with esmtp (Exim 4.63) (envelope-from [EMAIL PROTECTED]) id 1HWSt4-0005FR-5z for [EMAIL PROTECTED]; Wed, 28 Mar 2007 08:48:11 +0100 Received: from mail.pdcmltd.co.uk (unknown [213.86.218.37]) by smtp.uk.colt.net (Postfix) with ESMTP id 721B2126151; Wed, 28 Mar 2007 08:42:47 +0100 (BST) Content-Class: urn:content-classes:message Content-Transfer-Encoding: 7bit Subject: Bury St Edmunds - Unit SU34 Importance: normal Priority: normal MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C7710E.58A560A4 Date: Wed, 28 Mar 2007 08:54:43 +0100 Message-ID: [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.607 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Bury St Edmunds - Unit SU34 thread-index: AcdxDTLGeReHjG9FQsG+HfB3+1kiMg== From: Guy Graham [EMAIL PROTECTED] To: James Stonard [EMAIL PROTECTED], Steve Sawyer [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Lindsay,Peter [EMAIL PROTECTED], Tony White [EMAIL PROTECTED] Cc: Ivan Stephenson [EMAIL PROTECTED] X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_ X-Original-Recipient: [EMAIL PROTECTED] This is a multi-part message in MIME format. On Thu, Mar 29, 2007 at 03:03:10PM +0100, Anthony Peacock wrote: Hi, Because, more often than not, the reason that whitelisting is not matching is that the headers you think are matching are not. Or there is a type in the whitelist.cf file. By not allowing us to see the entire header, you are making us guess. Mark Adams wrote: Thanks for you reply. Why would this make any difference? The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From The only header that matches is From: which is the header I posted below. It seems as if it is not reading the whitelist_from entries at all. Or whitelisting is somehow disabled, is that possible? On Thu, Mar 29, 2007 at 02:19:06PM +0100, Anthony Peacock wrote: Hi, I would think we need to see the FULL headers of this example email before anyone can comment. Mark Adams wrote: Hi, I have changed my reporting so it provides more information, and run --test-mode with a message marked as spam, that should be whitelisted whitelist.cf contents: whitelist_from [EMAIL PROTECTED] when running spamassassin -D --lint, I see the following line [18351] dbg: config: read file /etc/spamassassin
Re: /etc/spamassassin or /var/lib/spamassassin?
Whitelist file is in /etc/spamassassin/ and is called whitelist.cf entry; whitelist_from [EMAIL PROTECTED] Is /etc/spamassassin where the rest of your site config is located? Typically it's /etc/mail/spamassassin, but spamassassin -D --lint would tell you. Hi, Yes /etc/spamassassin is the location in Debian. the lint does show this, and all the whitelist files as being read. Cheers, Mark
Re: Whitelist scoring question
You could run: spamassassin --test-mode message, and see what it is scoring. Hi There, I have tried this, and get the below result. --_=_NextPart_001_01C7710E.58A560A4-- hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 This does not show whitelist hits, should it? Regards, Mark
Re: Whitelist scoring question
Thanks, I did run exactly that, and got the output that I posted. Do you have any idea why I might be getting such a limited output? What do you have set for reporting purposes in your local.cf file? Regards, Mark On Wed, Mar 28, 2007 at 01:31:16PM -0500, maillist wrote: Mark Adams wrote: You could run: spamassassin --test-mode message, and see what it is scoring. Hi There, I have tried this, and get the below result. --_=_NextPart_001_01C7710E.58A560A4-- hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7 This does not show whitelist hits, should it? Regards, Mark Yes, if you run spamassassin --test-mode message, it should show something like this: Content analysis details: (-104.0 points, 7.0 required) pts rule name description -- -- -1.0 SPF_HELO_PASS SPF: HELO matches SPF record -100 USER_IN_WHITELIST From: address is in the user's white-list -3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.] -=Aubrey=-
Re: /etc/spamassassin or /var/lib/spamassassin?
On Fri, Mar 02, 2007 at 10:06:51AM -0500, Bowie Bailey wrote: Is it scoring the whitelist lower or is it just not hitting? Can you post your whitelist rule and the headers from an example message? Hi, Apologies for delay I did not see this message. I am still having issues with this so your help would be gratefully received. Whitelist file is in /etc/spamassassin/ and is called whitelist.cf entry; whitelist_from [EMAIL PROTECTED] Below is the x-spam scoring headers for an email from this sender; X-Spam-Score: 40 X-Spam-Report: hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7
Re: Whitelist scoring question
Hi All, I have not got to the bottom of this. Does anyone know how to report on whether a mail is having points deducted because it is whitelisted? Regards, Mark On Wed, Mar 07, 2007 at 03:34:58PM +, Mark Adams wrote: Thanks for that, The lint has not complained about any config problems with the line you have suggested. Do you know a quick and easy way of testing whether the whitelisting is working correctly? I have a reporting template setup as below, but this never shows any whitelist hits. (I'm probably just missing something!). report hits=_HITS_ required=_REQD_ test=_TESTS_ Help appreciated. Regards, Mark Yes edit your /etc/mail/spamassassin/local.cf file. Add the following... score USER_IN_WHITELIST -XXX (Where -XXX is the score that you wish) Remember to always run spamassassin --lint restart spamassassin. -=Aubrey=-
Whitelist scoring question
Hi All, Quick questions regarding whitelisting. I have read that whitelisting applies -50 points whether using whitelist_from or whitelist_from_rcvd. My question is can this amount be altered? Thanks for any help. Regards, Mark
Re: /etc/spamassassin or /var/lib/spamassassin?
Thanks, It is using both directories. It appears that it isn't subtracting the 50 points that it is supposed to when it is whitelisted? Do you know if this setting is changeable? Regards, Mark On Thu, Mar 01, 2007 at 09:15:17AM -0500, Bowie Bailey wrote: Mark Adams wrote: Hi There, SA 3.1.7-1. I have setup openprotect http://saupdates.openprotect.com/ Ever since I set it up my whitelists have not worked, these are located in /etc/spamassassin I thought that spamassassin checked both of these directories for rules, Am I correct? spamassassin -D --lint This will tell you exactly which directories SA is using. -- Bowie
/etc/spamassassin or /var/lib/spamassassin?
Hi There, SA 3.1.7-1. I have setup openprotect http://saupdates.openprotect.com/ Ever since I set it up my whitelists have not worked, these are located in /etc/spamassassin I thought that spamassassin checked both of these directories for rules, Am I correct? Thanks, Mark
Undefined dependancy's using Openprotect
Hi All, Spamassassin 3.1.4-1 I currently have openprotect setup to update my rules with sa-update (http://saupdates.openprotect.com/) after a recent update, I am now recieving undefined dependancy issues when I restart spamassassin as follows; Dec 14 15:04:37 hopnet spamd[18571]: logger: removing stderr method Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __SARE_HEAD_FALSE has undefined dependency '__FROM_AOL_COM' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __SARE_HEAD_FALSE has undefined dependency '__FROM_AOL_COM' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_BOUNDARY_D12 has undefined dependency 'MIME_BOUND_DIGITS_15' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_CIT_BLOCKER has undefined dependency 'USER_IN_WHITELIST' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_SUN_BLOCKER has undefined dependency 'USER_IN_WHITELIST' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_SUB_INET_PHARM has undefined dependency 'ONLINE_PHARMACY' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_HTML_MANY_BR05 has undefined dependency 'HTML_MESSAGE' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_04' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_08' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_12' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_16' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_20' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_24' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test __IMG_ONLY has undefined dependency 'HTML_IMAGE_ONLY_28' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_XMAIL_SUSP2' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'SARE_HEAD_XAUTH_WARN' Dec 14 15:04:40 hopnet spamd[18573]: rules: meta test SARE_HEAD_SUBJ_RAND has undefined dependency 'X_AUTH_WARN_FAKED' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_MKSHRT' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_GT' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_RD_SAFE has undefined dependency 'SARE_RD_SAFE_TINY' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_FPP_BLOCKER has undefined dependency 'USER_IN_WHITELIST' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test __SARE_SUB_FALSE has undefined dependency '__FROM_AOL_COM' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test __SARE_SUB_FALSE has undefined dependency '__FROM_AOL_COM' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_FEB_BLOCKER has undefined dependency 'USER_IN_WHITELIST' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test SARE_OBFU_CIALIS has undefined dependency 'SARE_OBFU_CIALIS2' Dec 14 15:04:41 hopnet spamd[18573]: rules: meta test LW_STOCK_SPAM4 has undefined dependency 'MIME_BASE64_TEXT' Dec 14 15:04:41 hopnet spamd[18573]: spamd: server started on port 783/tcp (running version 3.1.4) I would be thankful if someone could tell me why I am getting this, and if possible how to fix them? Also, could this be why my whitelist_from and whitelist_from_rcvd entries are not working? Thanks in advance for your help, Mark
Re: whitelist_from and whitelist_from_rcvd not working
Hi Thanks for your mail, On Mon, Dec 04, 2006 at 02:58:56PM -0500, Robert Swan wrote: I had a similar problem with SA not reading a specific .cf file. I basically created a new greylist.cf file and copied the test over and it worked, and of coarse make sure it is in the right folder... Might be worth a try I have done this, but the issue is still occurring. Has anyone else seen this or have any suggestions? Robert Regards, Mark Peace he would say instead of goodbyepeace my brother. -Original Message- From: Mark Adams [mailto:[EMAIL PROTECTED] Sent: Monday, December 04, 2006 12:56 PM To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: whitelist_from and whitelist_from_rcvd not working On Sun, Dec 03, 2006 at 05:55:24PM +0100, mouss wrote: Mark Adams wrote: Hi All, Spamassassin 3.1.4-1 Currently have entries like the following in the local.cf file whitelist_from [EMAIL PROTECTED] and whitelist_from [EMAIL PROTECTED] But mail is still picked up as spam for the [EMAIL PROTECTED] Have also tried the following; whitelist_from_rcvd [EMAIL PROTECTED] domain.com and whitelist_from_rcvd [EMAIL PROTECTED] domain.com But nothing seems to work? has anyone got any advice on this? do you have always_trust_envelope_sender 1 ? No I don't have this setting
whitelist_from and whitelist_from_rcvd not working
Hi All, Spamassassin 3.1.4-1 Currently have entries like the following in the local.cf file whitelist_from [EMAIL PROTECTED] and whitelist_from [EMAIL PROTECTED] But mail is still picked up as spam for the [EMAIL PROTECTED] Have also tried the following; whitelist_from_rcvd [EMAIL PROTECTED] domain.com and whitelist_from_rcvd [EMAIL PROTECTED] domain.com But nothing seems to work? has anyone got any advice on this? Any help appreciated. Regards, Mark
Re: [exim] Forged From, Other servers bouncing back
Hi Graham, Thanks for your reply, NOT TESTED, but would probably work - as the first part of your RCPT ACL: deny message = No such user domains = westonwilliamson.com local_parts = vcswestonwilliamsonpoh This worked exactly as required - thanks for this. Although saying that, if you're doing recipient verification before getting to SA then you should be rejecting that address anyway (unless it's a valid address!). Thank you for bringing up this point, The config will definatly be re-jiggled after this incident to check recipients before scanning. Additionally, you are using SA from directly within Exim instead of doing accept+test+bounce (a la MailScanner), aren't you? Yes scanning direct from Exim, What is your opinion on this? It might help if you can give us your ACL configs. Graeme Cheers, Mark
Re: duplicate emails
This morning I am receiving emails but not sure everything is normal yet. My belief is that there are multiple problems with our domain that is causing my email problems. I would more than welcome any and all assistance. Thank you. What is your exchange server hosting? pop3? I have noted problems before with clients recieving duplicate emails when connections timeout and the server does not know how far the client application has gone through the download of the mailbox - causing it to start downloading again. Are any of the clients remote from the server? (this is where i noted the problem most, notably on mobile internet devices especially on high speed trains etc..) Not sure if this will help. Regards, Mark
Spamassassin + Exim4 high iowait
Hi All, We are running exim4.62-4 with Spamassassin 3.1.4-4 on Debian testing and are suffering extremely high IO Wait times on the server whenever spamassassin scans an incoming email. Exim4 is setup as defaults (spamd running locally on standard port) so no configuration was changed. Spamassassin has not had any rules or other configuration added to it. No options are invoked at startup other than the default in the init script -d --pidfile=$PIDFILE The server goes from 1-2% wait times spiking to between 20-90% when spamd is scanning an email, this lasts for a few seconds and then drops back down to normal. This is a system with raided SATA drives on a LVG that also serves small SMB shares. It serves around 40 mail users. I have not had this problem on servers with SCSI drives, or on servers that use SATA but are strictly mail servers. Has anyone had this issue? any ideas appreciated. Thanks, Mark
