Re: Help with own RBL
* Pedro David Marco : > Not exactly a SA question but... > i am planning to run my own RBL with a nameserver, that when queried for an > IP that is not in its database, does some calculations with that IP and > replies accordingly (caching the results)... > Please, does anyone know of any nameserver that can do that? To my knowledge > RBLDNSD cannot do it... Why use DNS as a protocol, if you don't use DNS? You could as well implement a simple TCP map service or us HTTP to do calls etc. If you use Postfix you could also implement a policy service or even a MILTER. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
Re: DNS again
* Reindl Harald <h.rei...@thelounge.net>: > > > Am 03.06.2016 um 18:40 schrieb Benny Pedersen: > >On 2016-06-03 18:33, Andy Balholm wrote: > >>I was using unbound as a local resolver. All queries were going to > >>127.0.0.1, and there was no forwarding set up. > > > >that disqullify unbound then > > please stop spreading bullshit > unbound works perfectly as recursive nameserver ACk for unbound. Is is a very versatile, fast and stable recursive nameserver. We run it as Recursive DNS at ISPs where, for example at one location, it serves +20 million customers. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Announce] SA-Plugins: RedisAWL, RuleTimingRedis
Markus, * Benning, Markus i...@markusbenning.de: Hi Patrik, i just pushed Version 1.002 to github and CPAN: -- The following new features have been added: - New option: timing_redis_password allows to specifiy a redis password - New option: timing_redis_exclude_re excludes rules from timing statistics. By default set to '^__' which will exclude all sub-rules - New option: timing_redis_database allows to select a non-default database in redis. (redis SWITCH call) - New option: timing_redis_bulk_update will queue timing updates before sending them to redis and execute them in a bulk via a single call to a server-side script. By default this option is set to 50 entries. Set to 0 do disable. Requires redis = 2.6.0 and a Redis perl = 1.954 module. -- I'm currently not using it on a system where the overhead is relevant for me, but i tried to reduce the number of redis command executed. I hope this will reduce the overhead significant. that's great news. Thanks! Feedback and test results welcome. I will, as soon as I have something to share! p@rick Am 2015-07-15 23:22, schrieb Patrick Ben Koetter: Markus, are you planning to add 'password' and 'database ID' support for redis connects to RuleTimingRedis? What's your experience regarding Timing overhead? My simple tests on the commandlne show about 1 second overhead when RuleTimingRedis is added: # Without RuleTimingRedis mail# time spamassassin --lint real0m1.975s user0m1.852s sys 0m0.116s # Enable RuleTimingRedis mail# vim /etc/mail/spamassassin/init.pre # With RuleTimingRedis mail# time spamassassin --lint real0m2.828s user0m2.128s sys 0m0.392s p@rick * Benning, Markus i...@markusbenning.de: Hello, i want to announce the release of the SpamAssassin Plugins: RedisAWL - redis support for spamassassin AWL/TxRep RuleTimingRedis - collect SA rule timings in redis Both can be downloaded from CPAN or GitHub: https://metacpan.org/author/BENNING https://github.com/benningm Timings gathered with the RuleTimingRedis plugin can be used in collectd with the Collectd-Plugins-RedisClient module also available from CPAN. Markus -- Markus Benning, https://markusbenning.de/ -- Markus Benning, https://markusbenning.de/ -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Announce] SA-Plugins: RedisAWL, RuleTimingRedis
Markus, are you planning to add 'password' and 'database ID' support for redis connects to RuleTimingRedis? What's your experience regarding Timing overhead? My simple tests on the commandlne show about 1 second overhead when RuleTimingRedis is added: # Without RuleTimingRedis mail# time spamassassin --lint real0m1.975s user0m1.852s sys 0m0.116s # Enable RuleTimingRedis mail# vim /etc/mail/spamassassin/init.pre # With RuleTimingRedis mail# time spamassassin --lint real0m2.828s user0m2.128s sys 0m0.392s p@rick * Benning, Markus i...@markusbenning.de: Hello, i want to announce the release of the SpamAssassin Plugins: RedisAWL - redis support for spamassassin AWL/TxRep RuleTimingRedis - collect SA rule timings in redis Both can be downloaded from CPAN or GitHub: https://metacpan.org/author/BENNING https://github.com/benningm Timings gathered with the RuleTimingRedis plugin can be used in collectd with the Collectd-Plugins-RedisClient module also available from CPAN. Markus -- Markus Benning, https://markusbenning.de/ -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: .science the new leper of TLD's?
* Philip Prindeville philipp_s...@redfish-solutions.com: No offense to lepers, but is .science to be avoided? I’ve had email this week from about 17 different .science domain names, and 13 were blocked because of ZenBL and the rest turned out to be SPAM anyway. I’m thinking that I should just refuse connections from any host whose rDNS is .science… Has anyone had any POSITIVE experiences with .science domain names? They have been a PITA and I've started to block them completely. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Which milter do you prefer?
* Shane Williams sha...@shanew.net: What are your favorite (not spamass-milter) options for plugging spamassassin into a milter? amavisd-new via amavisd-milter. amavis because it allows to define actions for spam that go beyond 'HOLD' or reject. And, if you want to do more than spam detection, amavis takes you there as well. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Interpreting an Authentication-Results: header ?
John, * John Levine jo...@taugh.com: The Authentication-Results: header defined in RFC 5451 can describe the SPF and DKIM status of a message. It's typically added by the SMTP daemon as the message is received. Is there any way to tell spamassassin to look at the A-R header rather than trying to rerun the SPF and DKIM checks itself? IIRC there isn't at the moment. One thought that comes to mind immediately: If there were it should not be enabled by default or others will try to forge the results. It should only be enabled if a trust boundary http://tools.ietf.org/html/rfc5451#section-1.2 has been established. The documentation should mention that. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: Interpreting an Authentication-Results: header ?
* John Levine jo...@taugh.com: IIRC there isn't at the moment. One thought that comes to mind immediately: If there were it should not be enabled by default or others will try to forge the results. It should only be enabled if a trust boundary http://tools.ietf.org/html/rfc5451#section-1.2 has been established. The documentation should mention that. You'd need to configure it to tell which authids to accept, perhaps defaulting to the host name of the machine SA is running on since that's a likely default for the authid. Agreed. I think it would also - at the trust boundary - need a filter before the DKIM/SPF verifier that adds the Authentication-Results: header. Its job would be to remove any Authentication-Results: that claim to belong to ones own ADMD. From a birds view it looks to me like this: +-+++ ++ ++ | SMTP server || DKIM | |SpamAssassin| |SMTP/LDA/...| |-||| || || | Filter || Verify | |Use Auth- | || +---| Authenti- |+--| Add Auth- |+---|Res-Header |+---|| | cation-Res || Res-header | || || | Header ||| || || +-+++ ++ ++ At least that's my understanding at the moment. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: DKIM scoring with spamassassin
Quanah, * Quanah Gibson-Mount qua...@zimbra.com: --On Friday, February 15, 2013 5:01 PM -0800 John Hardin jhar...@impsec.org wrote: On Fri, 15 Feb 2013, Quanah Gibson-Mount wrote: Does anyone tweak the DKIM scores given by SA? There are plenty of scenarios where DKIM has failed, yet SA does not give the email a particularly high spam mark. 3 example test cases below. I guess I was expecting SA would score DKIM failures more aggressively if there are problems with the signing: DKIM and SPF are anti-forgery tools, not anti-spam tools. If you take a DKIM-signed email that is whitelisted because of whitelist_auth and make a change that invalidates the signature, does it still get whitelisted? If not, then SA is doing all that it can reasonably be expected to do with the invalid signature. DKIM or SPF pass or fail *by itself* is not useful as a spam sign. Taken together with other factors (such as DKIM invalid + claims to be from Wells Fargo) it's useful. Ok, thanks. If any of our users ask, this is a good summary. :) if you want your spam filters to benefit from DKIM, you need to build reputation. You need to account if or if not a domain uses DKIM and what the average spam score of that sender domains is. The OpenDKIM reputation project has introduced a local reputation database and uses SpamAssassin to get the spam score. You might want to investigate in the project if you want to use DKIM (as one of many methods) to filter spam. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: mass check tips and tricks - need advice
* Robert Schetterer r...@sys4.de: Am 13.02.2013 05:13, schrieb Marc Perkel: I'm thinking about setting up to do nightly mass checks and looking for advice. Thanks in advance. I'm thinking about creating a virtual server that will receive a forked copy of email that I pass that is delivered eith to ham@ or spam@ accounts. Does this sound reasonable? I have been using maildir format. i wouldnt do that, more the filter spam mails in users junk folders isnt needed ( use a global sieve rule ) additional i.e create some public imap folder for users copy untagged spam there, and some folder for false positve tagged ham ( or configure some email adresse ham/spam postfix transport. ( dont complete trust users about spam their meaning ! ) What mailbox format you might choose is academic, with maildir you have every mail one file, very robust but get a performance killer someday, dovecot mdbox union stuff from both formats, might best choice I'd concur with Robert if it wasn't for a little detail: AFAIK sa-learn can only handle mbox or maildir so you can't use any of the other, more optimized mailbox formats Dovecot supports such as mdbox. Since you run on SSD maildir shouldn't be a real performance problem. We're about to do some speed testing in this area within the next months, but the testbed hasn't been setup yet, so I can't give a definite advice. I am going to be running on SSD drives. should I use mbox? Test it and let us know. Switching between mailbox formats is done within less than a minute in Dovecot. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
pastebot: wiki update?
Greetings, the wiki may need an update on http://wiki.apache.org/spamassassin/IRC. I just stumbled across the recommendtion to Use the pastebot instead of pasting/flooding. at http://wiki.apache.org/spamassassin/IRC. The link seems to be outdated and the domain in the link target seems to be up for sale. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
Re: Academic interested in interviewing you for research paper.
* Michael Scheidell michael.scheid...@secnap.com: On 8/17/12 12:11 AM, jonathonb wrote: As such a detailed knowledge of its history or inner working is not necessary as I am only interested in YOUR views and contributors will remain anonymous. No, we do all of this for fame and fortune. We WANT to see our name in research papers. (preferable in a country where we might be looking for work!) +1 -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Sweet spamassassin server hardware
* Per Jessen p...@computer.org: Marc Perkel wrote: Just bought this at NewEgg and it's making a great SA server. Using a desktop Asus motherboard, 8 core AMD processor @ 3.6 ghz per core - and 32 gigs of ram. And you can get all that for $600. Or at ebay for less than half of that, but including disks, rack rails, redundant powersupply, RAID controllers etc etc. :-) (e.g. an HP ML580 or -585). Is this thread SEO? p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Am i sending spam?
* Lars Ebeling lars.ebel...@leopg9.no-ip.org: You are not sending spam. Someone on the machine SR1S4.mesa.gmu.edu [129.174.112.124 connected to your machine and said: HELO leopg9.no-ip.org In other words, the HELO domain was faked. We automatically block mail from anyone who HELOs as our machine (unless it really *is* from our machine, of course!) how do you do that? In Postfix: smtpd_recipient_restrictions = ... permit_mynetworks reject_unauth_destination ... check_helo_access pcre:/etc/postfix/helo.chk ... # /etc/postfix/helo.chk /^mail\.state-of-mind\.de$/ 550 hostname abuse: mail.state-of-mind.de /^state-of-mind\.de$/ 550 domainname abuse: state-of-mind.de /^194\.126\.158\.24$/ 550 IP address abuse: 194.126.158.24 /^\[194\.126\.158\.24\]$/ 550 IP address abuse: [194.126.158.24] /^[0-9.]+$/ 550 RFC 2821 compliance error HTH, p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: A SpamAssassin Crash Course for Admins
Dorian, * Dorian Chan articgrayling...@gmail.com: Hello again, I've attached version 2.0 with this email (it's the clean version without all the comments :) ). I've pretty much finished up the definitions and some cleaning up. Again, I would really enjoy feedback! I've attached an edited version that adds puts SA in context with other filtering methods. p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563 SpamAssassinPatrick.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Re: A SpamAssassin Crash Course for Admins
* Dorian Chan articgrayling...@gmail.com: Sorry, I don't really think the nabble attachment option really worked, so I'll actually attach it. Sorry for that! It worked both times, but the document is almost unreadable because its filled with comments. Can you post a clean version? p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Theories on blocking OUTGOING spam
* Matus UHLAR - fantomas uh...@fantomas.sk: * Marc Perkel supp...@junkemailfilter.com: Just sharing some ideas on blocking outbound spam. On 20.08.11 21:55, Patrick Ben Koetter wrote: - We require humans to use submission instead of smtp How do you (want to) enforce this? Or is it just contractual requirement? It is a contractual requirement enforced by technical architecture. We use Postfix and its postscreen daemon. The daemon uses blacklists do decide it it wants to hand down the client connection to the Postfix SMTP server smtpd. This is very efficient to fight incoming spam, but the way it works it also kills MUAs from (blacklisted) dial-up networks. The solution is to route local senders to submission and not have the postscreen daemon monitor that port. Customers adopt that once they find out it works flawlessly AND the receive less spam. We benefit from it having all local senders on a special port where we can run special SMTP and content policies. - German laws forbid looking at content without local senders consent. does this apply for virus filtering too? Nope. In context of virii the organizational interest to protect the organization overrule personal interests. When we look at the SMTP session we MUST NOT log anything that leads back to the real person or lets us track the person down. If we log we use hashes to destroy a trackable connection. I thought that the EU requires providers to log the sender and recipient... so you log their hashes instead of e-mail addresses? DISCLAIMER: I AM NOT A LAWYER. THIS IS NOT LEGAL ADVICE. So don't sue me for talking about laws without being a lawyer ... To my knowledge the whole field of data retention is a moving target. IIRC ISPs are required to keep log data for a given period, but they must not keep deep traces without reason. Reason would be a federal inquiry that orders you to log everything from the connection until disconnect. In general, in Germany, we must not collect any data unless there is a reason. If we start collecting data for statistics we break that principle. To get around that we destroy the backward link to an identity p@rick -- state of mind () Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Theories on blocking OUTGOING spam
* Marc Perkel supp...@junkemailfilter.com: Just sharing some ideas on blocking outbound spam. Maybe these ideas will make it to the big freemail companies because most of the spam that manages to get through my filters comes from AOL, Gmail, Yahoo, and Hotmail. I've found outbound spam filtering to be very different than inbound filtering. And I've been reasonably successful in stopping spam that ACK # Throwing in an advocatus diaboli in the next lines. Basically I do agree # with most what you say I'm filtering for other people's outgoing servers. Here's the core of how I do it. First - spammers never send spam slowly. So if the account is sending email slowly then I don't have to look at it. So it just passes. Spammers will adopt to that. Imagine they infect the complete network and all infected machines do a distributed spam attack each sending only a few to keep beneath the threshold but over all sending a lot. I wouldn't rely on that - at least in the long run. When email is coming fast from an account I start tracking the number of bad recipients and if the number of bad recipients is high it's probably spam. Or its bulk mail with bad addresses ... I also have restrictions on valid domains the from has to match, I look for URIBLs, high SA scores, etc. Just curious what others do to detect outgoing spam. - We keep lists of valid senders. Others are not allowed to send unless we can verify (sender verification) them immediately. - We require humans to use submission instead of smtp - We run pretty tight policies on web hosting machines and standalone (null mailer) servers Generally we look at the SMTP session only and avoid inspecting anything at content level for several reasons: - German laws forbid looking at content without local senders consent. That holds true even (!) if the mail system is at risk because the spam load gets close to DOSing the machine or if your machines start to get blacklisted. I am not sure if judges will actually sentence someone if they claimed system risk the reason why they inspected the content, but there is no precedent yet and I'd rather not spend my money finding out ... - Looking at content is computationally expensive When we look at the SMTP session we MUST NOT log anything that leads back to the real person or lets us track the person down. If we log we use hashes to destroy a trackable connection. We tend to think the client sends spam if - the client sends an abnormal number of messages within a timeframe - the clients sends to a wide variety of recipients We put message in quarantine and notify the sender. The sender may release the messages - a self-service a spambot can't do itself. I use Exim for the MTA because it has the power to do the tricks I need done. We use Postfix. It gets the job done too. p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Performance of Bayes Storage Modules (was Re: Conversion Spamassassin(bayes) database to SDBM)
* David F. Skoll d...@roaringpenguin.com: Claiming SA ignores large sites because it doesn't have a complex CDB backend is ridiculous. I'm not at all claiming SA ignores large sites. I'm claiming that people with *your* attitude (Other 99.9% of user don't really care...) are ignoring large sites. claiming this, claiming that ... Having a cluster (of SA nodes) share a (Bayes) database is a performance challenge for larger sites. The problem is not specific to SA or Bayes in particular. Using an asynchronous approach using different databases is interesting, but as I understand the solution discussed addresses read performace. I am interested in write performance. How far could you take it before PSQL topped out? Any special hardware in use? p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Performance of Bayes Storage Modules (was Re: Conversion Spamassassin(bayes) database to SDBM)
* David F. Skoll d...@roaringpenguin.com: On Fri, 29 Jul 2011 21:56:03 +0200 Patrick Ben Koetter p...@state-of-mind.de wrote: I am interested in write performance. How far could you take it before PSQL topped out? Any special hardware in use? We're not writing very much to PostgreSQL. For each message, we write a small row containing the internal incident ID and how to train it. (The actual Bayes tokens are not stored in PostgreSQL. We have a special-purpose storage manager to handle that.) That's where your product an SA differ, right? SA writes more to PostgreSQL e.g. it also stores Bayes tokens in PostgreSQL. So no special PosgreSQL hardware required. We have sites peaking at 15-20 million messages/day and PostgreSQL is not heavily loaded. That's ~230 msg/sec. Ever took it to 500 msg/sec? p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Performance of Bayes Storage Modules (was Re: Conversion Spamassassin(bayes) database to SDBM)
* Walter Hurry walterhu...@lavabit.com: On Fri, 29 Jul 2011 21:56:03 +0200, Patrick Ben Koetter wrote: Using an asynchronous approach using different databases is interesting, but as I understand the solution discussed addresses read performace. I am interested in write performance. How far could you take it before PSQL topped out? Any special hardware in use? If it were me, I wouldn't be using psql, but libpq. I take it its faster. (I'm not a programmer). Why would you use it? p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Performance of Bayes Storage Modules (was Re: Conversion Spamassassin(bayes) database to SDBM)
* David F. Skoll d...@roaringpenguin.com: On Fri, 29 Jul 2011 22:41:18 +0200 Patrick Ben Koetter p...@state-of-mind.de wrote: That's ~230 msg/sec. Ever took it to 500 msg/sec? No, we lack the hardware to do that. The 230 msgs/sec rate was reached by a customer with a lot more money for hardware than we have. :) Isn't that the way it always is? ;) (I don't think Bayes will be the limiting factor even at 500 msgs/sec, but I don't know for sure.) I talked to someone the other day who uses reasonably powerful hardware and the said in their cluster storing Bayes tokens live topped out at about 200 msg/sec when they were using MySQL. I didn't investigate any further, so I can't tell if they started tuning and which optimizations they tried. Writing transaction log seems to be a slowing candidate to me, but I am no DB specialist either to tell if that is true. p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Performance of Bayes Storage Modules (was Re: Conversion Spamassassin(bayes) database to SDBM)
* Walter Hurry walterhu...@lavabit.com: On Fri, 29 Jul 2011 22:44:14 +0200, Patrick Ben Koetter wrote: * Walter Hurry walterhu...@lavabit.com: On Fri, 29 Jul 2011 21:56:03 +0200, Patrick Ben Koetter wrote: Using an asynchronous approach using different databases is interesting, but as I understand the solution discussed addresses read performace. I am interested in write performance. How far could you take it before PSQL topped out? Any special hardware in use? If it were me, I wouldn't be using psql, but libpq. I take it its faster. (I'm not a programmer). Why would you use it? It's a C interface to PostgreSQL. If performance is the criterion, it is not a good idea to launch an executable (psql) just to insert a single row. Obviously! Thanks for the clarification. -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Amavis
* Max Dunlap mdun...@breakawaysystems.com: Hey guys, I followed https://help.ubuntu.com/community/PostfixAmavisNew to get Spamassasin working with some virus checking. I'm getting X-Virus-Scanned: Debian amavisd-new in my headers but no X-Spam-Status: No Any ideas? 1. wrong list ;) 2. setup destination (mynetworks and/or originating) in amavis It will tell only internal recipients about scan results. p@rick -- state of mind () http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Should Emails Have An Expiration Date
* Ted Mittelstaedt t...@ipinc.net: On 3/1/2011 11:55 AM, John Levine wrote: From a legal perspective I will point out that any e-mail you receive is (at least in the US, but most other countries too) considered copyrighted by the sender. Under copyright law the sender has the right to control expiration of content they create, German law will not work in this case for the same reason it won't for email disclaimers too. The rationale is that one-sided agreements rescind a contract, which is the case if a sender declares e.g. a copyright on a message or wants to control expiration of content they create. It might have worked back in the days of half-way covenants http://en.wikipedia.org/wiki/Half-Way_Covenant ... ;) p@rick I really think it would be a good idea for people to refrain from playing Junior Lawyer here. I know just enough about copyright law to know that this claim is nonsense. No, it is not nonsense. Copyright law does allow the content creator to specify duration of use. If you go view a movie in a movie theater you buy a ticket for a single viewing, you do not automatically get to view it multiple times just because you bought a ticket. Ted R's, John -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: alert: New event: ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt
* Mark Martinec mark.martinec...@ijs.si: On Thursday February 10 2011 21:14:59 Adam Katz wrote: Does this affect sendmail as well as postfix? I assume so, but wanted an explicit confirmation. Yes, the security hole is entirely within the milter, independent of the MTA. I tried the exploit and it seems that Postfix' restrictions that check for FQDN address and correct recipient syntax prevent the exploit from getting through: telnet mail.example.de 25 220 mail.example.de ESMTP Postfix HELO foo 250 mail.example.de MAIL FROM: 250 2.1.0 Ok RCPT TO:root+:|touch /tmp/foo 501 5.1.3 Bad recipient address syntax RCPT TO:root+:|touch /tmp/foo 504 5.5.2 root+:|touch /tmp/foo: Recipient address rejected: need fully-qualified address RCPT TO:root@localhost+:|touch /tmp/foo 501 5.1.3 Bad recipient address syntax QUIT 221 2.0.0 Bye Can anyone confirm this? p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule
* J4 ju...@klunky.co.uk: I know this is off-topic but is there a way for a third party programme to silently drop spam from delivery? There are several: MimeDefang, Spamassassin-Milter and amavisd-new come to mind. MimeDefang and Spamassassin-Milter work as MILTERS (see: smtpd_milters or MILTER_README in Postfix). amavisd-new may be integrated either as MILTER or as content_filter or smtpd_proxy_filter using either SMTP or LMTP. You probably want amavisd-new if you also want a content filter to identify and classify other mail content categories (virus, banned, spam, undecipherable and, surprise, clean messages) http://www.ijs.si/software/amavisd/README.postfix.html p@rick Thank-you for the suggestions. I have Dovecot LDA so Sieve might well be a good idea, but I would like to inform the sender that the Email was dropped as spam, and avoid backscatter. I don't think I can do this with Sieve/Dovecot LDA. You probably could with Sieve Rules, but I believe you don't want to if you give it second thought: Notifying senders that their message was spam is considered backscatter by most people I know. Given a spam ratio higher than 95% your server might end up not delivering 95% of the messages, but notifying those senders. If I may suggest a strategy: - Analyze messages while the client sits in the SMTP session - REJECT spam in the SMTP session. Don't let spam hit the discs or you will end up wasting ressources (I/O, computing power etc.) - Do not notify spam senders/recipients/admins Is MIMEDefang resource hungary, especially when used as a before queue milter with Postfix? I haven't used MIMEDefang yet. By definition a MILTER runs in the SMTP session and only uses RAM. That's good. IIRC MIMEDefang is Perl. It's probably fast. p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule
* J4 ju...@klunky.co.uk: This is pretty much what I would like to achieve, the reason I decided not to use Dovecot Sieve (apart from me being incapable of setting it. ;) ). Parse the SPAM during the SMPT session and use only RAM: Perfect. I would still like to notify the connecting SMTP client with a reject message. Real spammers are uninterested anyway, but legitimate e-mailers would be, although this is not essential to let them know. spamassassin can make Postfix REJECT clients in session if you integrate Spamassassin using a MILTER or amavis. Your master.cf excert below indicates you are not running Spamassassin in SMTP session, but after the mail has been accepted. If you only want to identify and reject spam use a Spamassassin Milter interface. There are several out there. See section Integrated into Sendmail in http://wiki.apache.org/spamassassin/IntegratedInMta. If you need more, go for amavis. Which plattform are you on? p@rick The problem is that I don't know how to achieve this with postfix :( The postfix set-up I have is below (master.cf), but I do not know for certain that it is filtering during the SMTP session afore it hits the disc, and I have not found any information about how to configure this. My hunt for guides goes on. smtp inet n - - - - smtpd -o content_filter=spamassassin dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule
* J4 ju...@klunky.co.uk: On 01/18/2011 06:51 PM, Patrick Ben Koetter wrote: * J4 ju...@klunky.co.uk: This is pretty much what I would like to achieve, the reason I decided not to use Dovecot Sieve (apart from me being incapable of setting it. ;) ). Parse the SPAM during the SMPT session and use only RAM: Perfect. I would still like to notify the connecting SMTP client with a reject message. Real spammers are uninterested anyway, but legitimate e-mailers would be, although this is not essential to let them know. spamassassin can make Postfix REJECT clients in session if you integrate Spamassassin using a MILTER or amavis. Your master.cf excert below indicates you are not running Spamassassin in SMTP session, but after the mail has been accepted. If you only want to identify and reject spam use a Spamassassin Milter interface. There are several out there. See section Integrated into Sendmail in http://wiki.apache.org/spamassassin/IntegratedInMta. If you need more, go for amavis. Which plattform are you on? I'm on Debian Squeeze. # apt-get install spamass-milter Then edit /etc/default/spamass-milter and check the SOCKET* options at the bottom of the file. After that restart spamass-milter and verify the SOCKET was created e.g. in /var/spool/postfix/spamass/spamass.sock. Then configure Postfix to use that socket in main.cf using the smtpd_milters parameter e.g. like this: smtpd_milters = unix:/spamass/spamass.sock The example above assumes you run Postfix chrooted, which is default on Debian systems. Now reload Postfix and try to send a GTUBE spam test pattern in a telnet session from a client that is not part of the network you defined with the -i option in /etc/default/spamass-milter. Your message should be rejected in session. p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: NOW: spamass-milter postfix Debian (WAS: Q about short-circuit over ruling blacklisting rule)
* J4 ju...@klunky.co.uk: GTUBE test message from http://gtube.net/gtube.txt produced:- Jan 18 21:06:45 logout postfix/cleanup[30304]: 7F8DE8232B: milter-reject: END-OF-MESSAGE from smtp-auth.no-ip.com[204.16.252.94]: 5.7.1 Blocked by SpamAssassin; from=j...@klunky.co.uk to=t...@abc.info proto=ESMTP helo=smtp-auth.no-ip.com What is interesting, is that a reject message sent back to the SMTP client no-ip.com in this case. I suppose it was a 5** type message. is there way to enable this? That's Postfix log. The client saw 5.7.1 Blocked by SpamAssassin in the SMTP session. p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Fwd: Re: Q about short-circuit over ruling blacklisting rule
* JKL ju...@klunky.co.uk: On 01/17/2011 09:29 PM, Michael Scheidell wrote: On 1/17/11 3:27 PM, JKL wrote: Hi there, Why would this be delivered into the user mailbox when the Sender address is blacklisted by the user? Did I misunderstand the short-circuit effect? Best wishes. spamassassin doesn't do anything about delivery. it just marks the headers. Hi, Thank-you for pointing this out. Naïvely, I thought I could use Postfix to pass the mail to spamc and then have it drop it, instead of sending it onto Dovecot LDA for delivery. Clearly, this is not the way :( Back to the drawing board. I know this is off-topic but is there a way for a third party programme to silently drop spam from delivery? There are several: MimeDefang, Spamassassin-Milter and amavisd-new come to mind. MimeDefang and Spamassassin-Milter work as MILTERS (see: smtpd_milters or MILTER_README in Postfix). amavisd-new may be integrated either as MILTER or as content_filter or smtpd_proxy_filter using either SMTP or LMTP. You probably want amavisd-new if you also want a content filter to identify and classify other mail content categories (virus, banned, spam, undecipherable and, surprise, clean messages) http://www.ijs.si/software/amavisd/README.postfix.html p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: preventing authenticated smtp users from triggering PBL
* Ted Mittelstaedt t...@ipinc.net: On 12/17/2010 8:41 AM, Jason Bertoch wrote: On 2010/12/17 11:28 AM, Aaron Bennett wrote: I've got an issue where users off-campus who are doing authenticated SMTP/TLS from home networks are having their mail hit by the PBL. I have trusted_networks set to include the incoming relay, but still the PBL hits it as follows: Received: from cmail.clarku.edu (muse.clarku.edu [140.232.1.151]) by mothra.clarku.edu (Postfix) with ESMTP id D4FC2684FEA forre...@clarku.edu; Tue, 7 Dec 2010 00:11:24 -0500 (EST) Received: from SENDERMACHINE (macaddress.hsd1.ma.comcast.net [98.216.185.77]) by cmail.clarku.edu (Postfix) with ESMTP id 82F21901E48 forre...@clarku.edu; Tue, 7 Dec 2010 00:11:24 -0500 (EST) From: USER NAMEsen...@clarku.edu Despite that internal_networks and trusted_networks are set to 140.232.0.0/16, the message still triggers the PBL rule. Given that I know that (unless there's a trojaned machine or whatever) I must trust email that comes in over authenticated SMTP/TLS through the 'cmail' host, how can I prevent it from hitting the PBL? The examples you provided above only tell ESMTP was used. This make me think you are either using a very ancient version of Postfix or the Received: headers stem from a sender who did not SMTP AUTH, because Postfix prints ESMTPSA (S=secure, A=authenticated) when TLS and SMTP AUTH have been used in the SMTP session. Based on the headers you included, there's nothing indicating the sender was authenticated. Are you using the following in postfix? smtpd_sasl_authenticated_header yes And what prevents a spammer from forging this into a header and bypassing SA? Just askin. Anyone can forge this, but you don't need to fall for it. You could, for example, only let users send messages from your servers if they use the submission port (tcp/587). On this port SMTP AUTH is a must to send a message and smtpd_sasl_authenticated_header may be trusted safely (unless someones credentials have been stolen and the spammer uses that identity). At the same time you disable SMTP AUTH on port 25 and kill any header that claims to be from your server using ESMTPA or ESMTPSA. You could, for example, place a special header check next to your regular port 25 smtp service in master.cf. The header check rule matches on your server name and the string ESMTP[A|SA] and results in IGNORE (see: man 5 header_checks): # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - - - - smtpd -o header_checks=pcre:/etc/postfix/kill_forged_headers submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING in /etc/postfix/kill_forged_headers: /^by\hexample.org\h\(Postfix\)\hwith\hESMTP[A|SA]/IGNORE p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563 signature.asc Description: Digital signature
Re: SA checking of authenticated users' messages
* Daniel McDonald dan.mcdon...@austinenergy.com: I just need to clarify one thing that's not clear to me in re-reading our thread from the other day: Is there a work-around for this? Usually, you listen for end-users on the submission port, and don't filter it for spam, just auth. I recommend using the submission port AND filter, but not too strict. The rationale is to ensure deliverablity by checking for spamminess on your own side before someone else would reject the message. p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Off-topic? Off-list!
* Jason Bertoch ja...@i6ix.com: On 2/25/2010 6:26 PM, Karsten Bräckelmann wrote: Please, guys, let it go. If you *know* this ain't the right place, stop it. +1 +1 -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Cluster/Clone spamassassin node
* ewreg ew-...@mailbox.com.pl: Good morning, I am preparing env with more then 10 node of spamassassin machine. I am wonder what kind of software do you use to clone OS and Spamassassin application to the other machine. I am gonne use Debian, I find FAI but it won't migrate SA database. So it isn't the best choise. We use cfengine to install, configure software and also to check for compliance. As for databases I recommend using a SQL backend and have the SQL servers in some sort of HA master-slave setup. p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Cluster/Clone spamassassin node
* ewreg ew-...@mailbox.com.pl: We use cfengine to install, configure software and also to check for compliance. As I see, I can install software over the cfengine. But can I make mirror with cfengine? I would like to clone some local files to all n-servers. I think it can't be done with the help of this software. AFAIK you can't. It's a one server to n clients rollout strategie. But there's an enormous number of alternatives starting from rsync to cluster filesystem solutions as others already have pointed out. Another concept may be to have the clients load their config from a database. You can't load everything this way, but it may suffice. It depends on your setup. You may want to let us in on the details and we may be of better help. p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Crashes running SA as milter in Postfix
Matus, * Matus UHLAR - fantomas uh...@fantomas.sk: * d.h...@yournetplus.com d.h...@yournetplus.com: The home directory for the username spamassassin is probably set to /nonexistant in the passwd file (or whatever it is in Ubuntu). On 01.11.09 23:23, Patrick Ben Koetter wrote: Thanks for the reply. I wish, it was that easy, but it is not. The $HOME is /home/spamassassin. you have passed the -u spamass-milter option. That means that SA-milter will pass username of the recipient to spamd if there's one recipient, so the recipient's homedir will be used. However, if there That explains it! I never bothered to question this setting, as I thought it would instruct the milter to run as user spamass-milter, which seemed kind of wishful to me. are more recipients, SA-milter will pass the provided username (spamass-milter) to the spamd, so it's apparently the spamass-milter user whose directory is /nonexistent. I will track this a little to see that it really fixes this particular problem. However, that should not be a reason why your SA crashes. Agreed. Any ideas how I could trap this better? I run spamd in debug mode debugging spamd. Running debug with option all seemed a little too heavy to me. Is there best practice to trace the crashes? p...@rick
Re: Crashes running SA as milter in Postfix
Mark, * Mark Martinec mark.martinec...@ijs.si: We regularly experience SA crashes on a Ubuntu Hardy machine. The setup is as follows: Postfix (2.5.1) - SpamAssassin Milter (0.3.1-6) - SpamAssassin (3.2.4-1ubuntu1.1) The milter is run like this: /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f \ -p /var/spool/postfix/spamass/spamass.sock \ -u spamass-milter -i 127.0.0.1 -r 10 /usr/bin/perl -T -w /usr/sbin/spamd -s local5 -u spamassassin \ --nouser-config --max-children 10 --debug=spamd -d \ --pidfile=/var/run/spamd.pid It crashed again this weekend. This is what I found in the log: Oct 29 08:01:51 mail01 spamd[10249]: spamd: fork: Cannot allocate memory at /usr/sbin/spamd line 999. /usr/include/errno.h #define ENOMEM 12 /* Cannot allocate memory */ man 2 fork [ENOMEM] There is insufficient swap space for the new process. it seems your diagnosis hit the spot. The filter seems to run stable now. thanks, p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Crashes running SA as milter in Postfix
We regularly experience SA crashes on a Ubuntu Hardy machine. The setup is as follows: Postfix (2.5.1) - SpamAssassin Milter (0.3.1-6) - SpamAssassin (3.2.4-1ubuntu1.1) The milter is run like this: /usr/sbin/spamass-milter -P /var/run/spamass/spamass.pid -f \ -p /var/spool/postfix/spamass/spamass.sock \ -u spamass-milter -i 127.0.0.1 -r 10 SpamAssassin is run like this: /usr/bin/perl -T -w /usr/sbin/spamd -s local5 -u spamassassin \ --nouser-config --max-children 10 --debug=spamd -d \ --pidfile=/var/run/spamd.pid It crashed again this weekend. This is what I found in the log: Oct 29 08:01:51 mail01 spamd[10249]: spamd: fork: Cannot allocate memory at /usr/sbin/spamd line 999. Oct 29 08:01:53 mail01 spamd[301]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /nonexistent/.spamassassin/auto-whitelist.lo ck.mail01.example.com.301 for /nonexistent/.spamassassin/auto-whitelist.lock: No such file or directory Oct 29 08:01:53 mail01 spamd[301]: spamd: clean message (1.1/5.0) for singer-paf:65534 in 2.3 seconds, 28868 bytes. Oct 29 08:01:53 mail01 spamd[301]: spamd: result: . 1 - EXTRA_MPART_TYPE,HTML_MESSAGE,RDNS_NONE scantime=2.3,size=28868,user=singer-paf,uid=65534,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=42576,mid=542376cea87a0943b958afd2bf4636cd166...@dc01.example.local,autolearn=no Oct 29 08:01:53 mail01 spamd[301]: syswrite() to parent failed: Broken pipe at /usr/share/perl5/Mail/SpamAssassin/SpamdForkScaling.pm line 576. Something that annoys me, is that it keeps complaining cannot create tmp lockfile /nonexistent/.spamassassin/, while I keep it running as user spamassassin. I am purley speculating: Could this be in relation to my crash problem? Thanks, p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Crashes running SA as milter in Postfix
* d.h...@yournetplus.com d.h...@yournetplus.com: The home directory for the username spamassassin is probably set to /nonexistant in the passwd file (or whatever it is in Ubuntu). Thanks for the reply. I wish, it was that easy, but it is not. The $HOME is /home/spamassassin. p...@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
Re: Spamc issues with remote userprefs
* Ryan Thoryk ry...@onshore.com: Hi, We're rebuilding a mail server and are having some issues with SQL-based SA preference lookups. We're running Postfix 2.5.5 and SA 3.2.5 (Debian Lenny version) - here's our Postfix config from master.cf: spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -u ${user} -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} Using it with the Postfix pipe command makes it very slow. Have you considered using the Sendmail milter interface integrated in Postfix in combination with the SpamAssassin milter? old non-lookup line: user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} What's happening is that individual incoming messages get handed off to SA using the spamc command above, but SA is only processing the first message and never handing it back to Postfix, while the other messages never seem to get processed at all (nothing at all about them in the logs). The old non-lookup line works fine. Has anyone here experienced similar issues? Ryan Thoryk -- Ryan Thoryk System Administrator onShore Networks, LLC completeIT® services 1407 West Chicago Avenue Chicago, Illinois 60642-5231 312.850.5200 x146 ry...@onshore.com www.onshore.com
Re: using external spamassassin server with postfix
* Terry td3...@gmail.com: Hello, We have a cluster of postfix servers through a load balancer. I would like to set up an external set of spamassassin servers where these postfix servers simply query the spamassassin servers over the network for spam decisions then drop or relay accordingly. This is for outbound email only. I would prefer that spamassassin live outside of these relay servers. Is this possible? Use spamassassin milter http://savannah.nongnu.org/projects/spamass-milt/ Someway like that: spamass-milter - spamc -- NETWORK -- - spamd -- spamassassin Or hook it into amavisd-new and send messages to amavisd-new which hands them over to spamassassin. It you need individual per-recipient settings in spamassassin you get more mileage from using spamassassin without amavisd-new. p...@rick
Re: Parallelizing Spam Assassin
* Linda Walsh sa-u...@tlinx.org: It's an American thing. Things that are normal speech for UK blokes, get Americans all disturbed. Sloppy language is sloppy language everywhere! I took offense in the message, too and I am neither American nor am I from the UK. But what annoys me the most is that the comments were simply off-topic. I can go and meet some friends and I can happily spend the whole night cracking one joke after another - pc or not pc. There's a place of everything. This is the place for SpamAssassin. I wish we could get back to what this thread was all about: Parallelizing SpamAssassin. p...@rick Funny, used to be the other way around...but well...times change. Justin Mason wrote: On Fri, Jul 31, 2009 at 09:32, rich...@buzzhost.co.ukrich...@buzzhost.co.uk wrote: Imagine what Barracuda Networks could do with that if they did not fill their gay little boxes with hardware rubbish from the floors of MSI and supermicro. Jesus, try and process that many messages with a $30,000 Barracuda and watch support bitch 'You are fully scanning to much mail and making our rubbish hardware wet the bed.' LOL. Richard -- please watch your language. This is a public mailing list, and offensive language here is inappropriate. -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
sa-stats.pl and SpamAssassin 3.2.4
I am trying to use (an old) sa-stats.pl to give me spamd generated statistics for SpamAssassin (3.2.4-1ubuntu1.1), but all I get are zeros. Is sa-stats.pl broken with recent versions of SpamAssassin? Any things I should look out for? The log contains data, so I suspect the culprit is either me or sa-stats.pl: Jul 22 14:18:03 mail01 spamd[24172]: spamd: identified spam (1002.3/5.0) for postmaster:65534 in 1.1 seconds, 1185 bytes. Jul 22 14:18:04 mail01 spamd[24172]: spamd: result: Y 1002 - DATE_IN_PAST_96_XX,GTUBE scantime=1.1,size=1185,user=postmaster,uid=65534,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46153,mid=gtube1.1010...@example.net,autolearn=no ... Jul 22 14:20:31 mail01 spamd[24172]: spamd: clean message (3.0/5.0) for news:65534 in 1.3 seconds, 14874 bytes. Jul 22 14:20:31 mail01 spamd[24172]: spamd: result: . 2 - BAD_ENC_HEADER,HTML_MESSAGE,RDNS_NONE scantime=1.3,size=14874,user=news,uid=65534,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=46168,mid=zrfhueosd0...@hostname,autolearn=no TIA, p@ -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht MünchenPartnerschaftsregister PR 563
How must user_prefs be stored in LDAP?
I would like to read user_prefs from a LDAP server. How to setup the connection etc. has been documented, but I miss the bit that tells how to store the configuration. If my LDAP knowledge doesn't deceive me, then the spamassassin attribute shown in the README is multi-valued, but this ability is not used. Instead - as far as I understand it - the whole configuration goes as one big chunk into the spamassassin attribute. Following my understanding an example, that adds headers to the mail in any case and whitelists [EMAIL PROTECTED] as well as [EMAIL PROTECTED], blacklists [EMAIL PROTECTED] and gives a score of 10.0 to SUBJ_ILLEGAL_CHARS looks like this: dn: cn=Curley Anderson,ou=MemberGroupB,o=stooges ... spamassassin: add_header all \ whitelist_from [EMAIL PROTECTED] \ whitelist_from [EMAIL PROTECTED] \ blacklist_from [EMAIL PROTECTED] \ score SUBJ_ILLEGAL_CHARS 10.0 Is my understanding correct? If not, how would it be done? Thanks, [EMAIL PROTECTED]
Re: flooded by german software-spam
* Arvid Ephraim Picciani [EMAIL PROTECTED]: On Friday 21 March 2008 14:11:09 Richard.Hall wrote: meta SOFT_AND_URIGREY (URIBL_GREY || BLOGPSOT_URI) SOFTWARE_AD should be meta SOFT_AND_URIGREY (URIBL_GREY || BLOGSPOT_URI) SOFTWARE_AD indeed. thanks Richard. added blogpsot to the meta 1 minute ago :D its updated You probably also don't want the following 1st line to be part of 30_blogspot.cf: [EMAIL PROTECTED]:/etc/spamassassin/myrules# cat 30_blogspot.cf [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: SpamAssassin domainkeys plugin
* pingu22 [EMAIL PROTECTED]: Hi, I want to know how can I sign emails from my server domain with domainkeys plugin. I'm using postfix+procmail+spamassassin+DKplugin. I'm getting: warn: Use of uninitialized value in string eq at /usr/lib/perl5/vendor_perl/5.8.8/Mail/DomainKeys/Key/Public.pm line 67 To sign for Postfix or Sendmail use the dkim-milter. I don't know how Exim does it. If you don't have access to any of that use the upcoming version of amavisd-new, which can sign messages. [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: SpamAssassin domainkeys plugin
* pingu22 [EMAIL PROTECTED]: Patrick Ben Koetter wrote: * pingu22 [EMAIL PROTECTED]: Hi, I want to know how can I sign emails from my server domain with domainkeys plugin. I'm using postfix+procmail+spamassassin+DKplugin. I'm getting: warn: Use of uninitialized value in string eq at /usr/lib/perl5/vendor_perl/5.8.8/Mail/DomainKeys/Key/Public.pm line 67 To sign for Postfix or Sendmail use the dkim-milter. I don't know how Exim does it. If you don't have access to any of that use the upcoming version of amavisd-new, which can sign messages. But I thought that spamassassin dk plugin already did that... It just verifies the signature? $ man Mail::SpamAssassin::Plugin::DKIM ... NAME Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests HTH, [EMAIL PROTECTED] -- state of mind Agentur für Kommunikation, Design und Softwareentwicklung Patrick KoetterTel: 089 45227227 Echinger Strasse 3 Fax: 089 45227226 85386 Eching Web: http://www.state-of-mind.de Amtsgericht MünchenPartnerschaftsregister PR 563
Re: unsubsribe me
* chisina mike [EMAIL PROTECTED]: Unsubscribe me Do it yourself: Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED]