Re: Problem installing Spamassassin 4.0.0 on Ubuntu 23.10 Server
> On Feb 14, 2024, at 06:12, Ken Wright wrote: > > I've built a mail server and I wanted to include Spamassasin. As noted > above, the machine is running Ubuntu Server 23.10, so I started with > > sudo apt install spamassassin spamc > > but I can't start the spamassassin.service; the error message I get > when I run > > sudo systemctl start spamassassin > > says "Failed to start spamassassin.service: Unit spamassassin.service > not found." Spamd, however, is active and running. Is this normal? > If it isn't, what can I do to correct things? > > Further information available on request. Thanks in advance! The service seems to be have renamed. It is the same on Debian. You also have to change now /etc/default/spamd instead of /etc/default/spamassassin for start-up options. Niels smime.p7s Description: S/MIME cryptographic signature
Re: dkim-test valid but spamassassin scores DKIM_INVALID
> Matus UHLAR - fantomas hat am 25.10.2023 16:11 CEST > geschrieben: > > > >Matus UHLAR - fantomas skrev den 2023-10-25 09:36: > >>I have: > >>50_scores.cf:score DKIM_VALID -0.1 > >> > >>check if you really haven't set score for DKIM_VALID anywhere, since > >>SA complains about it being zero. > >> > >>I guess this may cause DKIM_INVALID misfiring > > On 25.10.23 13:08, Benny Pedersen wrote: > >imho no, DKIM_INVALID have 0.1 in score, both should not be changed > > > >its just a result tag, not a policy of any kind > > This looks like OP has changed score of DKIM_VALID to 0: > > > >Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has > > >dependency 'DKIM_VALID' with a zero score > > and since DKIM_INVALID depends on it: > > meta DKIM_INVALIDDKIM_SIGNED && !DKIM_VALID > > ...it would make sense DKIM_INVALID to hit whenever DKIM_SIGNED does > since DKIM_VALID apparently was made not to fire ever. Thanks for your help everybody. After further inspection I found a file that must originated a long time ago. The problem with inherited systems. I grepped only the files I usually modify (local.cf and some files that have a common file-name prefix for custom files) and in /var/lib/spamassassin After greping more thoroughly I found the perpetrator. Thanks a lot again, Niels
Re: dkim-test valid but spamassassin scores DKIM_INVALID
> Matus UHLAR - fantomas hat am 25.10.2023 08:16 CEST > geschrieben: > > > On 25.10.23 07:21, Niels Kobschätzki wrote: > >I'm having here a mail that scores as DKIM_INVALID. I tried sending the > > same mail to gmail for example and it tells me that DKIM is valid. Now I > > put it through "spamassassin -D" and I am even more baffled because the > > debug seems to say that DKIM is valid but then scores as INVALID. > > >Any idea why this could be? > > > >debug-output from "spamassassin -t -D dkim < message": > > > >Oct 25 07:10:52.341 [1687666] dbg: dkim: VALID DKIM, i=@my.domain.com, > >d=my.domain.com, s=inx, a=rsa-sha256, c=relaxed/relaxed, key_bits=2048, > >pass, matches author domain > >Oct 25 07:10:52.342 [1687666] dbg: dkim: signature verification result: PASS > >Oct 25 07:10:52.342 [1687666] dbg: dkim: adsp not retrieved, author domain > >signature is valid > >Oct 25 07:10:52.342 [1687666] dbg: dkim: adsp result: - (valid a. d. > >signature), author domain 'my.domain.com' > >Oct 25 07:10:52.352 [1687666] dbg: dkim: VALID signature by my.domain.com, > >author m...@my.domain.com, no valid matches > >Oct 25 07:10:52.352 [1687666] dbg: dkim: author m...@my.domain.com, not in > >any dkim whitelist > >Oct 25 07:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0 > >egid=0 0 > > >Oct 25 07:10:54.364 [1687666] info: rules: meta test DKIM_INVALID has > >dependency 'DKIM_VALID' with a zero score > > did you set score of DKIM_VALID do 0 ? DKIM_VALID is not overwritten by any of my local rules. So I would expect that this is the case. But even if I set for example score DKIM_VALID 0 in local.cf there is no change Best, Niels
dkim-test valid but spamassassin scores DKIM_INVALID
Hi, I'm having here a mail that scores as DKIM_INVALID. I tried sending the same mail to gmail for example and it tells me that DKIM is valid. Now I put it through "spamassassin -D" and I am even more baffled because the debug seems to say that DKIM is valid but then scores as INVALID. Any idea why this could be? debug-output from "spamassassin -t -D dkim < message": Oct 25 07:10:52.337 [1687666] dbg: dkim: using Mail::DKIM version 1.20200907 Oct 25 07:10:52.337 [1687666] dbg: dkim: providing our own resolver: Mail::SpamAssassin::DnsResolver Oct 25 07:10:52.339 [1687666] dbg: dkim: performing public key lookup and signature verification Oct 25 07:10:52.341 [1687666] dbg: dkim: VALID DKIM, i=@my.domain.com, d=my.domain.com, s=inx, a=rsa-sha256, c=relaxed/relaxed, key_bits=2048, pass, matches author domain Oct 25 07:10:52.342 [1687666] dbg: dkim: signature verification result: PASS Oct 25 07:10:52.342 [1687666] dbg: dkim: adsp not retrieved, author domain signature is valid Oct 25 07:10:52.342 [1687666] dbg: dkim: adsp result: - (valid a. d. signature), author domain 'my.domain.com' Oct 25 07:10:52.352 [1687666] dbg: dkim: VALID signature by my.domain.com, author m...@my.domain.com, no valid matches Oct 25 07:10:52.352 [1687666] dbg: dkim: author m...@my.domain.com, not in any dkim whitelist Oct 25 07:10:54.125 [1687779] info: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0 Oct 25 07:10:54.277 [1687666] info: rules: meta test FROM_GOV_DKIM_AU has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.281 [1687666] info: rules: meta test GOOG_REDIR_NORDNS has dependency 'RDNS_NONE' with a zero score Oct 25 07:10:54.284 [1687666] info: rules: meta test KAM_CARD has dependency 'KAM_RPTR_SUSPECT' with a zero score Oct 25 07:10:54.286 [1687666] info: rules: meta test __FORM_FRAUD has dependency 'EMRCP' with a zero score Oct 25 07:10:54.286 [1687666] info: rules: meta test __FORM_FRAUD has dependency 'T_LOTTO_AGENT_FM' with a zero score Oct 25 07:10:54.290 [1687666] info: rules: meta test KAM_DMARC_REJECT has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.293 [1687666] info: rules: meta test FROM_GOV_REPLYTO_FREEMAIL has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.303 [1687666] info: rules: meta test __MONEY_FRAUD_3 has dependency 'EMRCP' with a zero score Oct 25 07:10:54.304 [1687666] info: rules: meta test __MONEY_FRAUD_3 has dependency 'T_LOTTO_AGENT_FM' with a zero score Oct 25 07:10:54.306 [1687666] info: rules: meta test TO_NO_BRKTS_HTML_ONLY has dependency 'RDNS_NONE' with a zero score Oct 25 07:10:54.308 [1687666] info: rules: meta test KAM_UAH_YAHOOGROUP_SENDER has dependency 'DKIM_VALID' with a zero score Oct 25 07:10:54.310 [1687666] info: rules: meta test KAM_BAD_DNSWL has dependency 'URIBL_SBL' with a zero score Oct 25 07:10:54.313 [1687666] info: rules: meta test KAM_SALE has dependency 'BODY_8BITS' with a zero score Oct 25 07:10:54.314 [1687666] info: rules: meta test KAM_QUITE_BAD_DNSWL has dependency 'URIBL_SBL' with a zero score Oct 25 07:10:54.316 [1687666] info: rules: meta test __MONEY_FRAUD_5 has dependency 'EMRCP' with a zero score Oct 25 07:10:54.316 [1687666] info: rules: meta test __MONEY_FRAUD_5 has dependency 'T_LOTTO_AGENT_FM' with a zero score Oct 25 07:10:54.320 [1687666] info: rules: meta test PDS_BRAND_SUBJ_NAKED_TO has dependency 'MAILING_LIST_MULTI' with a zero score Oct 25 07:10:54.321 [1687666] info: rules: meta test FROM_BANK_NOAUTH has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.322 [1687666] info: rules: meta test XPRIO has dependency 'DKIM_VALID' with a zero score Oct 25 07:10:54.322 [1687666] info: rules: meta test XPRIO has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.329 [1687666] info: rules: meta test __MONEY_FRAUD_8 has dependency 'EMRCP' with a zero score Oct 25 07:10:54.329 [1687666] info: rules: meta test __MONEY_FRAUD_8 has dependency 'T_LOTTO_AGENT_FM' with a zero score Oct 25 07:10:54.332 [1687666] info: rules: meta test KAM_PAYROLL_SCANNER has dependency 'KAM_IFRAME' with a zero score Oct 25 07:10:54.333 [1687666] info: rules: meta test CONTENT_AFTER_HTML_WEAK has dependency 'MAILING_LIST_MULTI' with a zero score Oct 25 07:10:54.335 [1687666] info: rules: meta test FORGED_MUA_EUDORA has dependency 'MAILING_LIST_MULTI' with a zero score Oct 25 07:10:54.337 [1687666] info: rules: meta test OBFU_UNSUB_UL has dependency 'MAILING_LIST_MULTI' with a zero score Oct 25 07:10:54.338 [1687666] info: rules: meta test KAM_BENEFICIARY2 has dependency 'GMD_PDF_EMPTY_BODY' with a zero score Oct 25 07:10:54.338 [1687666] info: rules: meta test HAS_X_OUTGOING_SPAM_STAT has dependency 'MAILING_LIST_MULTI' with a zero score Oct 25 07:10:54.341 [1687666] info: rules: meta test KAM_NOTIFY2 has dependency 'KAM_IFRAME' with a zero score Oct 25 07:10:54.342 [1687666] info: rules: meta test KAM_DMARC_STATUS has dependency 'DKIM_VALID_AU' with a zero score Oct 25 07:10:54.342
Re: Spamassassin with Galera as SQL-Backend?
On 6 May 2022, at 11:31, Benny Pedersen wrote: > On 2022-05-06 11:25, Henrik K wrote: >> On Fri, May 06, 2022 at 11:08:21AM +0200, Niels Kobschätzki wrote: >>> Hi, >>> >>> I have a setup where the spamassassin-servers have actually no access to the >>> data of the mail-servers. Now I was looking into having per user >>> bayes-databases and saw that I can do that with a SQL-database. I have >>> already >>> a small galera-cluster and I wonder if spamassassin will work with it >>> because >>> of the limitations galera has. >>> The limitations are: >>> >>> * only innodb >>> * unsupported explicit locking >>> * a primary key on all tables is necessary >>> * no XA transactions >>> * no reliance on auto-increment >>> >>> Does anyone have experience with such a setup? >> >> I see no reason why it wouldn't work, none of the limitations should apply >> to SpamAssassin. Great :) I’d rather be safe than sorry and like to ask. > fair, its just that redis is more prefered to bayes imho, and postgresql is > high performance without being memory hungry But I read that redis doesn’t have per-user databases? And I probably would need new machines with lots of RAM for it, because I have no idea how much RAM is needed per user. And I already have a galera-cluster running and don’t want to set up yet another database-cluster (psql). Niels signature.asc Description: OpenPGP digital signature
Spamassassin with Galera as SQL-Backend?
Hi, I have a setup where the spamassassin-servers have actually no access to the data of the mail-servers. Now I was looking into having per user bayes-databases and saw that I can do that with a SQL-database. I have already a small galera-cluster and I wonder if spamassassin will work with it because of the limitations galera has. The limitations are: - only innodb - unsupported explicit locking - a primary key on all tables is necessary - no XA transactions - no reliance on auto-increment Does anyone have experience with such a setup? Best, Niels signature.asc Description: OpenPGP digital signature
Re: Check HELO
On 14 Sep 2020, at 17:22, John Hardin wrote: On Mon, 14 Sep 2020, Philipp Ewald wrote: Does anyone else checks the HELO/ELHO? I don't check for FCrDNS explicitly, but I do reject non-FQDN HELO strings (e.g. no dots present) from the Internet. That catches a surprising percentage of garbage up front. I greylist (what I usually do not do) when a HELO-string does not resolve with a PTR-record. Niels
Re: Thanks to Guardian Digital & LinuxSecurity for the nice post about SpamAssassin's upcoming change
On 17 Jul 2020, at 13:02, Antony Stone wrote: On Friday 17 July 2020 at 12:50:57, Noel Butler wrote: ahhh ye ol "your opinion differs from mine, so I want you gone" No, I don't mind you having a different opinion, or even expressing it reasonably, but the language and attitude towards other individuals which you displayed in the comment below is not in my opinion acceptable on a mailing list. The xkcd for this: https://xkcd.com/1357/ Btw. I am in full support of Antony here yes, sums your type up rather nicely, desperate for approval and pathetic... On 17/07/2020 18:44, Antony Stone wrote: On Friday 17 July 2020 at 00:58:05, Noel Butler wrote: I did 24 hours back wanker, but just for you, I'll continue it I request that anyone with this attitude to the list, and to people on it, be removed. Cheers, Niels (who doesn’t care about amendments since he’s no US-citizen but the essential statement of the comic still stands)
Re: SendGrid (Was: Re: Freshdesk (again))
Sendgrid is such an origin for spam- and phishing-mails with certain terms that I added extra meta-rules. From sendgrid and somewhere in the body is the term “Amazon”? Here are your 10 points. Best, Niels > On 27. Jun 2020, at 11:32, Marc Roos wrote: > > > > I am going to make for companies like maildrop and sendgrid a hard block > with reference to a page where someone can ask to be whitelisted with > only an email address. In this procedure clearly stating the reason of > the net block of these companies. If lots of sendgrid users are > confronted with this, they will move to a better service. > I can remember this fresh desk mail. I did not know where it came from. > But now I know, I will complain a few million times. > > > > > -Original Message- > To: users@spamassassin.apache.org > Subject: SendGrid (Was: Re: Freshdesk (again)) > > Hello, > >> On Fri, Jun 26, 2020 at 07:32:09PM -0600, Grant Taylor wrote: >> I've got to say, between NANOG, SDLU, and SpamAssassin, I see a LOT of > >> complaints about Sendgrid. > > Also mailop. Have personally received phishing mails through SendGrid in > the last 2 weeks in the name of citrix.com, microsoft.com and > netflix.com. The Citrix one was to a hostmaster@ address. It's hard to > comprehend how SendGrid could be doing a worse job of this, for so many > months now. > > Yet their list of legit clients is large, so they remain unblockable for > me. I just wish those clients knew how little SendGrid would do to > prevent their other customers sending out phishing emails in their name. > > Cheers, > Andy > >