Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-02 11:50: Authres plugin should only parse Authentication-Results: headers, not signatures themselves. other plugins should be able to use data provided by this plugin. On 02.03.23 12:55, Benny Pedersen wrote: +1 funny you provided an eval that worked ? :) have you seen ARC_VALID or ARC_SIGNED yet ? many. I just still don't think we should trust ARC headers by default (someone has signes headers, but that does not mean that someone is trustful). if ARC signer is trusted and the signature is correct, the status can be extracted from ARC-Authentication-Results: Further modules can use that to e.g. allowlist sender even if the DKIM fails Authentication-Results: fantomas.fantomas.sk; arc=pass smtp.remote-ip=52.100.19.99 arc.chain=microsoft.com ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=pern.onmicrosoft.com; dmarc=pass action=none header.from=gcwus.edu.pk; dkim=pass header.d=gcwus.edu.pk; arc=none Here, if I trust "fantomas.fantomas.sk" authentication header (configurable in AuthRes) and I trust signer microsoft.com, I will believe that the message passed DMARC and SPF for pern.onmicrosoft.com. However, if there was other random ARC signer, faking positive results of spf/dkim/dmarc results, we should not believe the ARC signature ... and this message can still be spam (it is). imho dmarc in spamassassin is already doing things right, but authres should maybe just be dokumented when to use it it's the DKIM module that validates ARC headers in SA. While the functionality is similar to DKIM, it already used in perlcode in dmarc, without any eval calls previous mail i posted is without authres enabled -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.
Re: AuthRes plugin (replay RBL queries one hour later)
giova...@paclan.it skrev den 2023-03-02 12:53: how ?, this code works without authres enabled as i see it if DKIM fails but ARC passes DMARC policy could be overriden, this part doesn't work. ah okay got it eval should not be done in dkim but moved to authres so, and results metadata used in dmarc plugin In your case DMARC would pass even without ARC because DKIM is valid. currect, there is just many corner cases yet to test your spamassassin channel for rules does btw not lint, please see why when only check.pm is loaded and that rule that does not lint is already tested in spamassassin core rules, so that code is just tested one more time without any new results :/
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-02 11:50: Authres plugin should only parse Authentication-Results: headers, not signatures themselves. other plugins should be able to use data provided by this plugin. +1 funny you provided an eval that worked ? :) have you seen ARC_VALID or ARC_SIGNED yet ? imho dmarc in spamassassin is already doing things right, but authres should maybe just be dokumented when to use it it already used in perlcode in dmarc, without any eval calls previous mail i posted is without authres enabled
Re: AuthRes plugin (replay RBL queries one hour later)
On 3/2/23 12:49, Benny Pedersen wrote: giova...@paclan.it skrev den 2023-03-02 10:04: On 3/1/23 14:30, Benny Pedersen wrote: Henrik K skrev den 2023-03-01 10:28: On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Because it's experimental and unfinished. logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks. how ?, this code works without authres enabled as i see it if DKIM fails but ARC passes DMARC policy could be overriden, this part doesn't work. In your case DMARC would pass even without ARC because DKIM is valid. Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on localhost.junc.eu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ARC_SIGNED,ARC_VALID,AWL, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RELAYCOUNTRY_BAD,RELAYCOUNTRY_GREY,SPF_HELO_PASS, SPF_PASS,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=4.0.0 X-Spam-Timing: total 1713 ms - parse: 1.94 (0.1%), b_tie_ro: 4.4 (0.3%), extract_message_metadata: 41 (2.4%), tests_pri_-1: 7 (0.4%), compile_gen: 292 (17.1%), get_uri_detail_list: 3.4 (0.2%), tests_pri_-2000: 2.0 (0.1%), compile_eval: 27 (1.6%), tests_pri_-1000: 1.77 (0.1%), tests_pri_-950: 1.21 (0.1%), tests_pri_-900: 1.29 (0.1%), tests_pri_-100: 892 (52.1%), dkim_load_modules: 34 (2.0%), check_dkim_signature: 540 (31.5%), poll_dns_idle: 827 (48.3%), check_spf: 64 (3.7%), tests_pri_-90: 1.41 (0.1%), tests_pri_0: 443 (25.9%), tests_pri_500: 2.1 (0.1%), tests_pri_1000: 12 (0.7%), total_awl: 10 (0.6%), check_awl: 1.95 (0.1%), update_awl: 1.92 (0.1%), rewrite_mail: 0.00 (0.0%) Content analysis details: (-2.8 points, 5.0 required) pts rule name description -- -- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [94.237.105.223 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [94.237.105.223 listed in list.dnswl.org] -0.1 SPF_PASS SPF: sender matches SPF record -0.1 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 ARC_SIGNED Message has a ARC signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 ARC_VALID Message has a valid ARC signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 RELAYCOUNTRY_GREY Relayed through at some point 1.5 RELAYCOUNTRY_BAD Relayed through at some point 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -2.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager -0.1 DMARC_PASS DMARC pass policy 0.0 AWL AWL: From: address is in the auto welcome-list Authres plugin is needed to parse Arc signatures and pass the results to DMARC plugin. yes the magic can be done in dmarc where it belongs authres is imho only for trusted arc signers, not for testing ARC_VALID or ARC_SIGNED confirm it ?, the rules for authres does not work for me, but it seem it does for others ?, why ? OpenPGP_signature Description: OpenPGP digital signature
Re: AuthRes plugin (replay RBL queries one hour later)
On 3/2/23 11:50, Matus UHLAR - fantomas wrote: On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Henrik K skrev den 2023-03-01 10:28: Because it's experimental and unfinished. On 3/1/23 14:30, Benny Pedersen wrote: logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ On 02.03.23 10:04, giova...@paclan.it wrote: I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks. Authres plugin is needed to parse Arc signatures and pass the results to DMARC plugin. Authres plugin should only parse Authentication-Results: headers, not signatures themselves. I mean ARC-Authentication-Results headers, signatures are checked by DKIM.pm. other plugins should be able to use data provided by this plugin. this is still WIP code. OpenPGP_signature Description: OpenPGP digital signature
Re: AuthRes plugin (replay RBL queries one hour later)
giova...@paclan.it skrev den 2023-03-02 10:04: On 3/1/23 14:30, Benny Pedersen wrote: Henrik K skrev den 2023-03-01 10:28: On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Because it's experimental and unfinished. logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks. how ?, this code works without authres enabled as i see it Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on localhost.junc.eu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ARC_SIGNED,ARC_VALID,AWL, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H2,RELAYCOUNTRY_BAD,RELAYCOUNTRY_GREY,SPF_HELO_PASS, SPF_PASS,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=4.0.0 X-Spam-Timing: total 1713 ms - parse: 1.94 (0.1%), b_tie_ro: 4.4 (0.3%), extract_message_metadata: 41 (2.4%), tests_pri_-1: 7 (0.4%), compile_gen: 292 (17.1%), get_uri_detail_list: 3.4 (0.2%), tests_pri_-2000: 2.0 (0.1%), compile_eval: 27 (1.6%), tests_pri_-1000: 1.77 (0.1%), tests_pri_-950: 1.21 (0.1%), tests_pri_-900: 1.29 (0.1%), tests_pri_-100: 892 (52.1%), dkim_load_modules: 34 (2.0%), check_dkim_signature: 540 (31.5%), poll_dns_idle: 827 (48.3%), check_spf: 64 (3.7%), tests_pri_-90: 1.41 (0.1%), tests_pri_0: 443 (25.9%), tests_pri_500: 2.1 (0.1%), tests_pri_1000: 12 (0.7%), total_awl: 10 (0.6%), check_awl: 1.95 (0.1%), update_awl: 1.92 (0.1%), rewrite_mail: 0.00 (0.0%) Content analysis details: (-2.8 points, 5.0 required) pts rule name description -- -- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [94.237.105.223 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [94.237.105.223 listed in list.dnswl.org] -0.1 SPF_PASS SPF: sender matches SPF record -0.1 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 ARC_SIGNED Message has a ARC signature 0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not necessarily valid 0.0 ARC_VALID Message has a valid ARC signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 RELAYCOUNTRY_GREY Relayed through at some point 1.5 RELAYCOUNTRY_BAD Relayed through at some point 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines -2.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager -0.1 DMARC_PASS DMARC pass policy 0.0 AWLAWL: From: address is in the auto welcome-list Authres plugin is needed to parse Arc signatures and pass the results to DMARC plugin. yes the magic can be done in dmarc where it belongs authres is imho only for trusted arc signers, not for testing ARC_VALID or ARC_SIGNED confirm it ?, the rules for authres does not work for me, but it seem it does for others ?, why ?
Re: AuthRes plugin (replay RBL queries one hour later)
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Henrik K skrev den 2023-03-01 10:28: Because it's experimental and unfinished. On 3/1/23 14:30, Benny Pedersen wrote: logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ On 02.03.23 10:04, giova...@paclan.it wrote: I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks. Authres plugin is needed to parse Arc signatures and pass the results to DMARC plugin. Authres plugin should only parse Authentication-Results: headers, not signatures themselves. other plugins should be able to use data provided by this plugin. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux IS user friendly, it's just selective who its friends are...
Re: AuthRes plugin (replay RBL queries one hour later)
On 3/1/23 14:30, Benny Pedersen wrote: Henrik K skrev den 2023-03-01 10:28: On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Because it's experimental and unfinished. logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ I have wip code to check if dkim passes from arc signatures and integrate it into DMARC policies checks. Authres plugin is needed to parse Arc signatures and pass the results to DMARC plugin. Giovanni I will try to load it to see if it works. You also need rules for it to do anything. No plugin uses it's parsing at this time. its aswell good to define trustness in this senario, this is more or less bogos :) Try the example rules and report back if it works.. https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Plugin_AuthRes.html it does not, how should dmarc plugin use this ? dmarc only works with A-R headers imho, not internal data as in spamassassin, okay first step first :) OpenPGP_signature Description: OpenPGP digital signature
Re: AuthRes plugin (replay RBL queries one hour later)
On Wed, Mar 01, 2023 at 04:46:27PM +0100, Matus UHLAR - fantomas wrote: > > 1. "header.a=rsa-sha256" and "header.s=hege2" options in > Authentication-Results: for dkim where "a" contains algorithm and "s" the > used selector. > > 2. unknown "arc" Authentication-Results: header > > removing mentioned fields in the first header caused one less error message > and A_DKIM_VERIFIED hit. > > removing second header removed error messages completely Fixed these in trunk..
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-01 15:40: so, if your mail doesn't get delivered within 1.5 seconds and the DKIM signature expires on the fly, the mail gets dropped from mail server? On 01.03.23 16:33, Benny Pedersen wrote: no, aligned spf pass from facebook, and even on unaligned i do not reject dkim fails, this is a job for dmarc I was asking about outgoing mail being removed from the queue after their DKIM signature expires. I would not expect anyone to use DKIM expiration shorter than queue lifetime of mail. Yes, it should be the core - Mail::SpamAssassin::Plugin::SPF already uses Authentication-Results: header if it exists. double checking arc spf then ? i have not checked perlcode yet ? SPF, DKIM and DMARC headers should use results of Authentication-Results: headers (optionally?) only if they produce positive result. i only wish arc plugin would be in dmarc core so the extra plugin is not needed that fits for how arc using should be trusting ARC requires configuring server to trust ARC authority. So it's a little use usually. authres is only if you would forward mails to another finaly dmarc testing authres is great, if you validate mail before you scan for spamminess. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. (R)etry, (A)bort, (C)ancer
Re: AuthRes plugin (replay RBL queries one hour later)
On 01.03.23 11:55, Henrik K wrote: Bah, I think it was tested as atleast working without errors. I'll have a look.. On 01.03.23 11:04, Matus UHLAR - fantomas wrote: yes, it's working at least partly: Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none) header.from=hege.li Authentication-Results: fantomas.fantomas.sk; dkim=pass (2048-bit key; unprotected) header.d=hege.li header.i=@hege.li header.a=rsa-sha256 header.s=hege2 header.b=sWtnWE1E; dkim-atps=neutral Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF authorized) smtp.mailfrom=spamassassin.apache.org (client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org; envelope-from=users-return-126604-uhlar=fantomas.sk@spamassassin.apache. org; receiver=) Authentication-Results: fantomas.fantomas.sk; arc=none smtp.remote-ip=3.227.148.255 Mar 1 16:32:54.213 [30815] dbg: authres: parsing Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none) header.from=hege.li Mar 1 16:32:54.214 [30815] dbg: authres: parsing Authentication-Results: fantomas.fantomas.sk; dkim=pass (2048-bit key; unprotected) header.d=hege.li header.i=@hege.li header.a=rsa-sha256 header.s=hege2 header.b=sWtnWE1E; dkim-atps=neutral Mar 1 16:32:54.214 [30815] dbg: authres: skipping header, unknown property for header: a Mar 1 16:32:54.214 [30815] dbg: authres: parsing Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF authorized) smtp.mailfrom=spamassassin.apache.org (client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org; envelope-from=users-return-126604-uhlar=fantomas.sk@spamassassin.apache. org; receiver=) Mar 1 16:32:54.214 [30815] dbg: authres: parsing Authentication-Results: fantomas.fantomas.sk; arc=none smtp.remote-ip=3.227.148.255 Mar 1 16:32:54.214 [30815] dbg: authres: skipping header, unknown method: arc Mar 1 16:32:54.214 [30815] dbg: authres: results: dmarc=none spf=pass Mar 1 16:32:55.618 [30815] warn: Use of uninitialized value $result in string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. Mar 1 16:32:55.618 [30815] warn: Use of uninitialized value $result in string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. after editing headers I see that errors are caused by 1. "header.a=rsa-sha256" and "header.s=hege2" options in Authentication-Results: for dkim where "a" contains algorithm and "s" the used selector. 2. unknown "arc" Authentication-Results: header removing mentioned fields in the first header caused one less error message and A_DKIM_VERIFIED hit. removing second header removed error messages completely -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-01 15:40: so, if your mail doesn't get delivered within 1.5 seconds and the DKIM signature expires on the fly, the mail gets dropped from mail server? no, aligned spf pass from facebook, and even on unaligned i do not reject dkim fails, this is a job for dmarc this plugin is ment to be in core dmarc plugin not as a seperate plugin imho, that sayed it need config :) It should be stable first. +1, it cant be since its only localy trustness first Yes, it should be the core - Mail::SpamAssassin::Plugin::SPF already uses Authentication-Results: header if it exists. double checking arc spf then ? i have not checked perlcode yet SPF, DKIM and DMARC headers should use results of Authentication-Results: headers (optionally?) only if they produce positive result. i only wish arc plugin would be in dmarc core so the extra plugin is not needed that fits for how arc using should be authres is only if you would forward mails to another finaly dmarc testing Forced revalidation should be possible, although I have no idea how to implement it. +1
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-01 09:56: I hope these senders expire their e-mail 1.5 hours after sending... On 01.03.23 13:35, Benny Pedersen wrote: facebook can do it in 1.5 sekunds :) so, if your mail doesn't get delivered within 1.5 seconds and the DKIM signature expires on the fly, the mail gets dropped from mail server? This should be avoidable by using opendkim at SMTP time, and using Mail::SpamAssassin::Plugin::AuthRes plugin in the way that DKIM rules aren't rechecked if they are this plugin is ment to be in core dmarc plugin not as a seperate plugin imho, that sayed it need config :) It should be stable first. Yes, it should be the core - Mail::SpamAssassin::Plugin::SPF already uses Authentication-Results: header if it exists. SPF, DKIM and DMARC headers should use results of Authentication-Results: headers (optionally?) only if they produce positive result. Forced revalidation should be possible, although I have no idea how to implement it. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-01 10:50: . Mar 1 10:47:17.689 [19813] warn: Use of uninitialized value $result in string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. spamassassin --version ? aurhres was in 3.4.6 aswell is why i ask authres in 4.0.0 does imho not make that error
Re: AuthRes plugin (replay RBL queries one hour later)
Henrik K skrev den 2023-03-01 10:28: On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Because it's experimental and unfinished. logic is aswell why should spf pluging be enabled to test if arc chain pass spf ? same problem with dkim imho aslong forwarders insists on doing dkim sign and leave arc seal and arc sign :/ I will try to load it to see if it works. You also need rules for it to do anything. No plugin uses it's parsing at this time. its aswell good to define trustness in this senario, this is more or less bogos :) Try the example rules and report back if it works.. https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Plugin_AuthRes.html it does not, how should dmarc plugin use this ? dmarc only works with A-R headers imho, not internal data as in spamassassin, okay first step first :)
Re: AuthRes plugin (replay RBL queries one hour later)
Matus UHLAR - fantomas skrev den 2023-03-01 09:56: I hope these senders expire their e-mail 1.5 hours after sending... facebook can do it in 1.5 sekunds :) This should be avoidable by using opendkim at SMTP time, and using Mail::SpamAssassin::Plugin::AuthRes plugin in the way that DKIM rules aren't rechecked if they are this plugin is ment to be in core dmarc plugin not as a seperate plugin imho, that sayed it need config :) I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. +1 However, I don't see AuthRes plugin mention in .pre files nor in SA rules. +1 I will try to load it to see if it works. share config if it does (lets share trustness)
Re: AuthRes plugin (replay RBL queries one hour later)
On 01.03.23 11:55, Henrik K wrote: Bah, I think it was tested as atleast working without errors. I'll have a look.. yes, it's working at least partly: Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none) header.from=hege.li Authentication-Results: fantomas.fantomas.sk; dkim=pass (2048-bit key; unprotected) header.d=hege.li header.i=@hege.li header.a=rsa-sha256 header.s=hege2 header.b=sWtnWE1E; dkim-atps=neutral Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF authorized) smtp.mailfrom=spamassassin.apache.org (client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org; envelope-from=users-return-126604-uhlar=fantomas.sk@spamassassin.apache. org; receiver=) Authentication-Results: fantomas.fantomas.sk; arc=none smtp.remote-ip=3.227.148.255 X-Spam-Report: * -0.0 SPF_HELO_PASS SPF: HELO matches SPF record * -0.0 SPF_PASS SPF: sender matches SPF record * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * 0.0 A_SPF_PASS No description available. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
Re: AuthRes plugin (replay RBL queries one hour later)
On Wed, Mar 01, 2023 at 10:50:02AM +0100, Matus UHLAR - fantomas wrote: > > On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: > > > I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. > > > > > > However, I don't see AuthRes plugin mention in .pre files nor in SA rules. > > On 01.03.23 11:28, Henrik K wrote: > > Because it's experimental and unfinished. > > this is the info I was searching for :-) Apparently any info was removed from UPGRADE too https://bz.apache.org/SpamAssassin/show_bug.cgi?id=6918 > However, so far spamassassin --lint produces: > > Mar 1 10:40:36.659 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:40:36.661 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:40:36.661 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:40:36.662 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:40:36.663 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:40:36.666 [19493] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > > I guess it's missing the headers, when I pasted this your mail with headers: > > Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none) > header.from=hege.li > Authentication-Results: fantomas.fantomas.sk; > dkim=pass (2048-bit key; unprotected) header.d=hege.li > header.i=@hege.li header.a=rsa-sha256 header.s=hege2 header.b=B6Wp55NL; > dkim-atps=neutral > Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF > authorized) smtp.mailfrom=spamassassin.apache.org > (client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org; > > envelope-from=users-return-126602-uhlar=fantomas.sk@spamassassin.apache. > org; receiver=) > Authentication-Results: fantomas.fantomas.sk; arc=none > smtp.remote-ip=3.227.148.255 > > I only got two lines of errors: > > Mar 1 10:47:17.688 [19813] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. > Mar 1 10:47:17.689 [19813] warn: Use of uninitialized value $result in > string eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302. Bah, I think it was tested as atleast working without errors. I'll have a look..
Re: AuthRes plugin (replay RBL queries one hour later)
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote:
I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available.
However, I don't see AuthRes plugin mention in .pre files nor in SA rules.
On 01.03.23 11:28, Henrik K wrote:
Because it's experimental and unfinished.
this is the info I was searching for :-)
I will try to load it to see if it works.
You also need rules for it to do anything. No plugin uses it's parsing at
this time.
I see as it's missing from SA rules.
Try the example rules and report back if it works..
https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Plugin_AuthRes.html
I'll try to define another set of rules to see if they fit:
header A_SPF_PASS eval:check_authres_result('spf', 'pass')
score A_SPF_PASS 0.001
header A_SPF_FAIL eval:check_authres_result('spf', 'fail')
score A_SPF_FAIL 0.1
header A_SPF_SOFTFAIL eval:check_authres_result('spf', 'softfail')
score A_SPF_SOFTFAIL 0.1
header A_SPF_TEMPFAIL eval:check_authres_result('spf', 'tempfail')
score A_SPF_SOFTFAIL 0.1
header A_DKIM_VERIFIED eval:check_authres_result('dkim', 'pass')
score A_DKIM_VERIFIED 0.1
header A_DKIM_INVALID eval:check_authres_result('dkim', 'fail')
score A_DKIM_INVALID 0.001
However, so far spamassassin --lint produces:
Mar 1 10:40:36.659 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:40:36.661 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:40:36.661 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:40:36.662 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:40:36.663 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:40:36.666 [19493] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
I guess it's missing the headers, when I pasted this your mail with headers:
Authentication-Results: fantomas.fantomas.sk; dmarc=none (p=none dis=none)
header.from=hege.li
Authentication-Results: fantomas.fantomas.sk;
dkim=pass (2048-bit key; unprotected) header.d=hege.li
header.i=@hege.li header.a=rsa-sha256 header.s=hege2 header.b=B6Wp55NL;
dkim-atps=neutral
Authentication-Results: fantomas.fantomas.sk; spf=pass (sender SPF
authorized) smtp.mailfrom=spamassassin.apache.org
(client-ip=3.227.148.255; helo=mxout1-ec2-va.apache.org;
envelope-from=users-return-126602-uhlar=fantomas.sk@spamassassin.apache.
org; receiver=)
Authentication-Results: fantomas.fantomas.sk; arc=none
smtp.remote-ip=3.227.148.255
I only got two lines of errors:
Mar 1 10:47:17.688 [19813] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
Mar 1 10:47:17.689 [19813] warn: Use of uninitialized value $result in string
eq at /usr/share/perl5/Mail/SpamAssassin/Plugin/AuthRes.pm line 302.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Posli tento mail 100 svojim znamim - nech vidia aky si idiot
Send this email to 100 your friends - let them see what an idiot you are
Re: AuthRes plugin (replay RBL queries one hour later)
On Wed, Mar 01, 2023 at 09:56:56AM +0100, Matus UHLAR - fantomas wrote: > > I have SA 4.0 installed and Mail::SpamAssassin::Plugin::AuthRes available. > > However, I don't see AuthRes plugin mention in .pre files nor in SA rules. Because it's experimental and unfinished. > I will try to load it to see if it works. You also need rules for it to do anything. No plugin uses it's parsing at this time. Try the example rules and report back if it works.. https://spamassassin.apache.org/full/4.0.x/doc/Mail_SpamAssassin_Plugin_AuthRes.html
