Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-07 Thread John Hardin 

On Thu, 7 Dec 2017, Kevin A. McGrail wrote:


On 12/7/2017 10:37 AM, Nels Lindquist wrote:

 What's the minimum version of SA required?

 The warning is present on CentOS 7 with the latest repository version
 of SA (3.4.0) installed.


3.4.1.  It requires "registryboundaries" which was introduced in 3.4.1 as 
noted by AXB.


And for Centos 7 you can download and build the 3.4.1 Fedora SRPM. That's 
what I did.


If you trust me, the RPMs I built are available here:
http://www.impsec.org/~jhardin/antispam/centos7/

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...wind turbines are not meant to actually be an efficient way to
  supply the power grid, rather they're prayer wheels for New Age
  iBuddhists, their whirring blades drawing white guilt from the
  atmosphere and pumping it safely underground.-- Tam
---
 Today: The 76th anniversary of Pearl Harbor

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-07 Thread Kevin A. McGrail 

On 12/7/2017 10:37 AM, Nels Lindquist wrote:

What's the minimum version of SA required?

The warning is present on CentOS 7 with the latest repository version
of SA (3.4.0) installed.


3.4.1.  It requires "registryboundaries" which was introduced in 3.4.1 
as noted by AXB.



Regards,

KAM

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-07 Thread Nels Lindquist 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On 2017/11/23 4:59 AM, Kevin A. McGrail wrote:

> AS = SA. Regards, KAM
> 
> On November 23, 2017 6:57:46 AM EST, "Kevin A. McGrail" 
>  wrote:
> 
> Upgrade AS and that should fix it. Happy Thanksgiving, KAM
> 
> On November 23, 2017 2:49:58 AM EST, Giovanni Bechis 
>  wrote:
> 
> With this one it fails: 
> --
- --
>
>  SpamAssassin version 3.3.1 running on Perl version 5.10.1 
> --
- --
>
> 
> 
> I think it should be only for 3.4.x sa version. Giovanni

What's the minimum version of SA required?

The warning is present on CentOS 7 with the latest repository version
of SA (3.4.0) installed.

- 
Nels Lindquist

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlopYFcACgkQh6z5POoOLgSI5gCggT5fICY5SwhUh7TBi7Q9PvgI
KnwAoKUDtr/vU0NqHkOwk1pony04Ps6W
=qbrg
-END PGP SIGNATURE-

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-06 Thread RW 
On Tue, 05 Dec 2017 21:03:07 -0500
Michael Grant wrote:

> On 5 December 2017 18:40:15 GMT-05:00, Benny Pedersen 
> wrote:
> >Michael Grant skrev den 2017-12-05 19:01:
> >  
> >> loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm  
> >
> >this line must not be in cf file but should be in pre file
> >

> interesting, because "as distributed" & installed on Debian, it's in
> our .cf file (and we've had no "problems"/"issues")!


In general they are supposed to go in .pre files because those files
are loaded earlier in the start-up process. With most plugins you can
get away with loading them late, but a minority wont work correctly.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-05 Thread Michael Grant 


On 5 December 2017 18:40:15 GMT-05:00, Benny Pedersen  wrote:
>Michael Grant skrev den 2017-12-05 19:01:
>
>> loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm
>
>this line must not be in cf file but should be in pre file
>
># cat hashbl.pre
>loadplugin Mail::SpamAssassin::Plugin::HashBL 
>/path-to-custom-sa-plugins/HashBL.pm
>
># cat hashbl.cf
>> ifplugin Mail::SpamAssassin::Plugin::HashBL
>> header   HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
>> describe HASHBL_EMAIL Message contains email address found on the
>
>> EBL
>> scoreHASHBL_EMAIL 1.0
>> endif

interesting, because "as distributed" & installed on Debian, it's in our .cf 
file (and we've had no "problems"/"issues")!

But thanks for the comments.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-05 Thread Benny Pedersen 

Michael Grant skrev den 2017-12-05 19:01:


loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm


this line must not be in cf file but should be in pre file

# cat hashbl.pre
loadplugin Mail::SpamAssassin::Plugin::HashBL 
/path-to-custom-sa-plugins/HashBL.pm


# cat hashbl.cf

ifplugin Mail::SpamAssassin::Plugin::HashBL
header   HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found on the 
EBL

scoreHASHBL_EMAIL 1.0
endif

Re: MSBL Email Blocklist (EBL) SA usage query

2017-12-05 Thread Michael Grant 
N.B. that the HASHBL_EMAIL initial installed -- as distributed --
SCORE is set to a lowly 1 in hashbl.cf, viz.:

loadplugin Mail::SpamAssassin::Plugin::HashBL HashBL.pm

ifplugin Mail::SpamAssassin::Plugin::HashBL
header   HASHBL_EMAIL eval:check_hashbl_emails('ebl.msbl.org')
describe HASHBL_EMAIL Message contains email address found on the EBL
scoreHASHBL_EMAIL 1.0
endif

Highly Recommended you up it to at least 5 (ours is presently set at 9).

In the many months we’ve been using the EBL SA Plugin we have yet to
see a single FP and with the 9 SCORE we are able to blocking this type
of drop box spam at the SMTP level with SA with scores at 15 or
greater!

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-27 Thread Kevin Miller 
Thanks for that.  jessiebackports to the rescue.

Upgraded SA to 3.4.1 and it did clear up the error.


...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: Axb [mailto:axb.li...@gmail.com] 
Sent: Friday, November 24, 2017 3:07 AM
To: users@spamassassin.apache.org
Subject: Re: MSBL Email Blocklist (EBL) SA usage query

On 11/24/2017 12:39 PM, Andreas Schamanek wrote:
> 
>> Upgrade SA and that should fix it.
> 
> My servers run Debian 8 with SA 3.4.0 + perl 5.20. I still get
> 
> Nov 24 06:47:41.209 [12603] warn: Use of uninitialized value in regexp 
> compilation at /etc/spamassassin/HashBL.pm line 52.
> 
> Is 3.4.1 the minimum?

Yep
It requires "registryboundaries" which was introduced in 3.4.1

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-24 Thread Axb 

On 11/24/2017 12:39 PM, Andreas Schamanek wrote:



Upgrade SA and that should fix it.


My servers run Debian 8 with SA 3.4.0 + perl 5.20. I still get

Nov 24 06:47:41.209 [12603] warn: Use of uninitialized value in regexp
compilation at /etc/spamassassin/HashBL.pm line 52.

Is 3.4.1 the minimum?


Yep
It requires "registryboundaries" which was introduced in 3.4.1

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-24 Thread Andreas Schamanek 

> Upgrade SA and that should fix it. 

My servers run Debian 8 with SA 3.4.0 + perl 5.20. I still get

Nov 24 06:47:41.209 [12603] warn: Use of uninitialized value in regexp
compilation at /etc/spamassassin/HashBL.pm line 52.

Is 3.4.1 the minimum?

-- 
-- Andreas

:-)

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-23 Thread Kevin A. McGrail 
AS = SA. 
Regards,
KAM

On November 23, 2017 6:57:46 AM EST, "Kevin A. McGrail" 
<kevin.mcgr...@mcgrail.com> wrote:
>Upgrade AS and that should fix it.
>Happy Thanksgiving,
>KAM
>
>On November 23, 2017 2:49:58 AM EST, Giovanni Bechis
><giova...@paclan.it> wrote:
>>With this one it fails:
>>-
>>SpamAssassin version 3.3.1
>>  running on Perl version 5.10.1
>>-
>>
>>I think it should be only for 3.4.x sa version.
>> Giovanni
>>
>>On 11/23/17 01:53, Kevin A. McGrail wrote:
>>> I talked to Steve, the author, and A) he approved it going to SVN
>and
>>has an ICLA and B) he says "As for the error experienced by the user
>>below - it's probably due to
>>$self->{main}->{registryboundaries}->{valid_tlds_re} not being
>>available in their version of SA (because they aren't on a recent
>>version)."
>>> 
>>> Regards,
>>> KAM
>>> 
>>> On 11/22/2017 3:34 PM, Kevin Miller wrote:
>>>> Debian Jessie, Perl version 5.020002 (5.20.2)
>>>>
>>>> Not bleeding edge, but not from the Dark Ages either.  How about
>>yourself?  What distro/version do you have?
>>>>
>>>> FWIW, to install it I downloaded the plugin from
>>http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two
>>files in it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>>>>
>>>> It may be a version issue however, because on Debian Stretch I just
>>did that, and I don't get the error.  No idea which perl module is
>>behind the times however.  Updating all my mail servers to Stretch is
>>problematic; when I did it on my test host a number of things went
>pear
>>shaped, and I haven't had time to work through them so that my live
>>boxes aren't clobbered during an upgrade.
>>>>
>>>> ...Kevin
>>>> -- 
>>>> Kevin Miller
>>>> Network/email Administrator, CBJ MIS Dept.
>>>> 155 South Seward Street
>>>> Juneau, Alaska 99801
>>>> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User
>No:
>>307357
>>>>
>>>>
>>>> -Original Message-
>>>> From: Alex [mailto:mysqlstud...@gmail.com]
>>>> Sent: Wednesday, November 22, 2017 11:11 AM
>>>> To: Kevin Miller; SA Mailing list
>>>> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>>>>
>>>> Hi,
>>>>
>>>> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller
>><kevin.mil...@juneau.org> wrote:
>>>>> I have not solved that error.  I’m not  a perl programmer so I
>>emailed the folks at msbl.org and they haven't been able to get hold
>of
>>the author of the perl module (Steve Freegard I believe).  I think I
>>have all required perl modules installed but names vary between
>>distributions so sometimes that a toss of the dice.  I don't know if
>>it's just a Debian thing or is more widespread...
>>>> I've been using hashbl for a few months now and haven't had any
>>problems. It's caught quite a few, although none of them have caused
>an
>>email to be triggered as spam (they would have all been spam anyway).
>>>>
>>>> What environment are you using? It was written in 2016, so at the
>>least, make sure your perl and perl modules are at least that current.
>>> 
>>>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-23 Thread Kevin A. McGrail 
Upgrade AS and that should fix it.
Happy Thanksgiving,
KAM

On November 23, 2017 2:49:58 AM EST, Giovanni Bechis <giova...@paclan.it> wrote:
>With this one it fails:
>-
>SpamAssassin version 3.3.1
>  running on Perl version 5.10.1
>-
>
>I think it should be only for 3.4.x sa version.
> Giovanni
>
>On 11/23/17 01:53, Kevin A. McGrail wrote:
>> I talked to Steve, the author, and A) he approved it going to SVN and
>has an ICLA and B) he says "As for the error experienced by the user
>below - it's probably due to
>$self->{main}->{registryboundaries}->{valid_tlds_re} not being
>available in their version of SA (because they aren't on a recent
>version)."
>> 
>> Regards,
>> KAM
>> 
>> On 11/22/2017 3:34 PM, Kevin Miller wrote:
>>> Debian Jessie, Perl version 5.020002 (5.20.2)
>>>
>>> Not bleeding edge, but not from the Dark Ages either.  How about
>yourself?  What distro/version do you have?
>>>
>>> FWIW, to install it I downloaded the plugin from
>http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two
>files in it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>>>
>>> It may be a version issue however, because on Debian Stretch I just
>did that, and I don't get the error.  No idea which perl module is
>behind the times however.  Updating all my mail servers to Stretch is
>problematic; when I did it on my test host a number of things went pear
>shaped, and I haven't had time to work through them so that my live
>boxes aren't clobbered during an upgrade.
>>>
>>> ...Kevin
>>> -- 
>>> Kevin Miller
>>> Network/email Administrator, CBJ MIS Dept.
>>> 155 South Seward Street
>>> Juneau, Alaska 99801
>>> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No:
>307357
>>>
>>>
>>> -Original Message-
>>> From: Alex [mailto:mysqlstud...@gmail.com]
>>> Sent: Wednesday, November 22, 2017 11:11 AM
>>> To: Kevin Miller; SA Mailing list
>>> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>>>
>>> Hi,
>>>
>>> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller
><kevin.mil...@juneau.org> wrote:
>>>> I have not solved that error.  I’m not  a perl programmer so I
>emailed the folks at msbl.org and they haven't been able to get hold of
>the author of the perl module (Steve Freegard I believe).  I think I
>have all required perl modules installed but names vary between
>distributions so sometimes that a toss of the dice.  I don't know if
>it's just a Debian thing or is more widespread...
>>> I've been using hashbl for a few months now and haven't had any
>problems. It's caught quite a few, although none of them have caused an
>email to be triggered as spam (they would have all been spam anyway).
>>>
>>> What environment are you using? It was written in 2016, so at the
>least, make sure your perl and perl modules are at least that current.
>> 
>>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Giovanni Bechis 
With this one it fails:
-
SpamAssassin version 3.3.1
  running on Perl version 5.10.1
-

I think it should be only for 3.4.x sa version.
 Giovanni

On 11/23/17 01:53, Kevin A. McGrail wrote:
> I talked to Steve, the author, and A) he approved it going to SVN and has an 
> ICLA and B) he says "As for the error experienced by the user below - it's 
> probably due to $self->{main}->{registryboundaries}->{valid_tlds_re} not 
> being available in their version of SA (because they aren't on a recent 
> version)."
> 
> Regards,
> KAM
> 
> On 11/22/2017 3:34 PM, Kevin Miller wrote:
>> Debian Jessie, Perl version 5.020002 (5.20.2)
>>
>> Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
>> What distro/version do you have?
>>
>> FWIW, to install it I downloaded the plugin from 
>> http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files 
>> in it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>>
>> It may be a version issue however, because on Debian Stretch I just did 
>> that, and I don't get the error.  No idea which perl module is behind the 
>> times however.  Updating all my mail servers to Stretch is problematic; when 
>> I did it on my test host a number of things went pear shaped, and I haven't 
>> had time to work through them so that my live boxes aren't clobbered during 
>> an upgrade.
>>
>> ...Kevin
>> -- 
>> Kevin Miller
>> Network/email Administrator, CBJ MIS Dept.
>> 155 South Seward Street
>> Juneau, Alaska 99801
>> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
>>
>>
>> -----Original Message-
>> From: Alex [mailto:mysqlstud...@gmail.com]
>> Sent: Wednesday, November 22, 2017 11:11 AM
>> To: Kevin Miller; SA Mailing list
>> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>>
>> Hi,
>>
>> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller <kevin.mil...@juneau.org> 
>> wrote:
>>> I have not solved that error.  I’m not  a perl programmer so I emailed the 
>>> folks at msbl.org and they haven't been able to get hold of the author of 
>>> the perl module (Steve Freegard I believe).  I think I have all required 
>>> perl modules installed but names vary between distributions so sometimes 
>>> that a toss of the dice.  I don't know if it's just a Debian thing or is 
>>> more widespread...
>> I've been using hashbl for a few months now and haven't had any problems. 
>> It's caught quite a few, although none of them have caused an email to be 
>> triggered as spam (they would have all been spam anyway).
>>
>> What environment are you using? It was written in 2016, so at the least, 
>> make sure your perl and perl modules are at least that current.
> 
>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin A. McGrail 
I talked to Steve, the author, and A) he approved it going to SVN and 
has an ICLA and B) he says "As for the error experienced by the user 
below - it's probably due to 
$self->{main}->{registryboundaries}->{valid_tlds_re} not being available 
in their version of SA (because they aren't on a recent version)."


Regards,
KAM

On 11/22/2017 3:34 PM, Kevin Miller wrote:

Debian Jessie, Perl version 5.020002 (5.20.2)

Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
What distro/version do you have?

FWIW, to install it I downloaded the plugin from 
http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files in 
it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.

It may be a version issue however, because on Debian Stretch I just did that, 
and I don't get the error.  No idea which perl module is behind the times 
however.  Updating all my mail servers to Stretch is problematic; when I did it 
on my test host a number of things went pear shaped, and I haven't had time to 
work through them so that my live boxes aren't clobbered during an upgrade.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: Alex [mailto:mysqlstud...@gmail.com]
Sent: Wednesday, November 22, 2017 11:11 AM
To: Kevin Miller; SA Mailing list
Subject: Re: MSBL Email Blocklist (EBL) SA usage query

Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller <kevin.mil...@juneau.org> wrote:

I have not solved that error.  I’m not  a perl programmer so I emailed the 
folks at msbl.org and they haven't been able to get hold of the author of the 
perl module (Steve Freegard I believe).  I think I have all required perl 
modules installed but names vary between distributions so sometimes that a toss 
of the dice.  I don't know if it's just a Debian thing or is more widespread...

I've been using hashbl for a few months now and haven't had any problems. It's 
caught quite a few, although none of them have caused an email to be triggered 
as spam (they would have all been spam anyway).

What environment are you using? It was written in 2016, so at the least, make 
sure your perl and perl modules are at least that current.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Markus Clardy 
On Ubuntu 16.04, I have no issues with the plugin, it works fine for me.

On Wed, Nov 22, 2017 at 8:34 PM, Kevin Miller <kevin.mil...@juneau.org>
wrote:

> Debian Jessie, Perl version 5.020002 (5.20.2)
>
> Not bleeding edge, but not from the Dark Ages either.  How about
> yourself?  What distro/version do you have?
>
> FWIW, to install it I downloaded the plugin from http://msbl.org/tools/sa-
> hashbl.tar.gz, extracted it and saved the two files in it to
> /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.
>
> It may be a version issue however, because on Debian Stretch I just did
> that, and I don't get the error.  No idea which perl module is behind the
> times however.  Updating all my mail servers to Stretch is problematic;
> when I did it on my test host a number of things went pear shaped, and I
> haven't had time to work through them so that my live boxes aren't
> clobbered during an upgrade.
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No:
> 307357
>
>
> -Original Message-
> From: Alex [mailto:mysqlstud...@gmail.com]
> Sent: Wednesday, November 22, 2017 11:11 AM
> To: Kevin Miller; SA Mailing list
> Subject: Re: MSBL Email Blocklist (EBL) SA usage query
>
> Hi,
>
> On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller <kevin.mil...@juneau.org>
> wrote:
> > I have not solved that error.  I’m not  a perl programmer so I emailed
> the folks at msbl.org and they haven't been able to get hold of the
> author of the perl module (Steve Freegard I believe).  I think I have all
> required perl modules installed but names vary between distributions so
> sometimes that a toss of the dice.  I don't know if it's just a Debian
> thing or is more widespread...
>
> I've been using hashbl for a few months now and haven't had any problems.
> It's caught quite a few, although none of them have caused an email to be
> triggered as spam (they would have all been spam anyway).
>
> What environment are you using? It was written in 2016, so at the least,
> make sure your perl and perl modules are at least that current.
>



-- 
 - Markus

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin Miller 
Debian Jessie, Perl version 5.020002 (5.20.2)

Not bleeding edge, but not from the Dark Ages either.  How about yourself?  
What distro/version do you have?

FWIW, to install it I downloaded the plugin from 
http://msbl.org/tools/sa-hashbl.tar.gz, extracted it and saved the two files in 
it to /etc/spamassassin.  To wit, hashbl.cf and HashBL.pm.

It may be a version issue however, because on Debian Stretch I just did that, 
and I don't get the error.  No idea which perl module is behind the times 
however.  Updating all my mail servers to Stretch is problematic; when I did it 
on my test host a number of things went pear shaped, and I haven't had time to 
work through them so that my live boxes aren't clobbered during an upgrade.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357


-Original Message-
From: Alex [mailto:mysqlstud...@gmail.com] 
Sent: Wednesday, November 22, 2017 11:11 AM
To: Kevin Miller; SA Mailing list
Subject: Re: MSBL Email Blocklist (EBL) SA usage query

Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller <kevin.mil...@juneau.org> wrote:
> I have not solved that error.  I’m not  a perl programmer so I emailed the 
> folks at msbl.org and they haven't been able to get hold of the author of the 
> perl module (Steve Freegard I believe).  I think I have all required perl 
> modules installed but names vary between distributions so sometimes that a 
> toss of the dice.  I don't know if it's just a Debian thing or is more 
> widespread...

I've been using hashbl for a few months now and haven't had any problems. It's 
caught quite a few, although none of them have caused an email to be triggered 
as spam (they would have all been spam anyway).

What environment are you using? It was written in 2016, so at the least, make 
sure your perl and perl modules are at least that current.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Alex 
Hi,

On Wed, Nov 22, 2017 at 2:20 PM, Kevin Miller  wrote:
> I have not solved that error.  I’m not  a perl programmer so I emailed the 
> folks at msbl.org and they haven't been able to get hold of the author of the 
> perl module (Steve Freegard I believe).  I think I have all required perl 
> modules installed but names vary between distributions so sometimes that a 
> toss of the dice.  I don't know if it's just a Debian thing or is more 
> widespread...

I've been using hashbl for a few months now and haven't had any
problems. It's caught quite a few, although none of them have caused
an email to be triggered as spam (they would have all been spam
anyway).

What environment are you using? It was written in 2016, so at the
least, make sure your perl and perl modules are at least that current.

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Kevin Miller 
I have not solved that error.  I’m not  a perl programmer so I emailed the 
folks at msbl.org and they haven't been able to get hold of the author of the 
perl module (Steve Freegard I believe).  I think I have all required perl 
modules installed but names vary between distributions so sometimes that a toss 
of the dice.  I don't know if it's just a Debian thing or is more widespread...

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Peter [mailto:em...@ace.net.au] 
Sent: Tuesday, November 21, 2017 10:32 PM
To: Kevin Miller; users@spamassassin.apache.org
Subject: RE: MSBL Email Blocklist (EBL) SA usage query

Hi Kevin,
 
I am just trying this and getting the same error.  Did you work out how to fix 
this?
 
Cheers,
 
Peter

*** REPLY SEPARATOR ***

On 25/10/2017 at 6:41 PM Kevin Miller wrote:
Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m not sure 
if it’s working or not.  Running spamassasin –lint returns a warning:
  root@mx2:/etc/spamassassin# spamassassin --lint
  Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp 
compilation at /etc/spamassassin/HashBL.pm line 52.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Michael Grant [mailto:michael.gr...@gmail.com] 
Sent: Sunday, October 15, 2017 2:02 AM
To: SpamAssassin Users
Subject: MSBL Email Blocklist (EBL) SA usage query

Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with 
Spamassassin from msbl.org and possibly considered packaging this module 
(available from this page: http://msbl.org/ebl-implementation.html) with 
SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has internal 
support for the EBL. So I believe the MSBL folks are for this sort of thing in 
general.

This plugin looks through the message (not just headers) for email addresses 
which have been identified as email drop boxes for scams like 419 advance fee 
fraud.  It then looks hashes of these addresses up in a blocklist. 

I'm not affiliated with these folks.  I do however use this module in my setup 
though and find it catches a bunch of things we wouldn't have otherwise caught.

Michael Grant

Re: MSBL Email Blocklist (EBL) SA usage query

2017-11-22 Thread Giovanni Bechis 
I haven't any error running spamassassin --lint, will try on production soon.
$ spamassassin -V 
SpamAssassin version 3.4.1
  running on Perl version 5.24.3
 
 Cheers
  Giovanni

On 11/22/17 08:32, Peter wrote:
> 
> Hi Kevin,
>  
> I am just trying this and getting the same error.  Did you work out how to 
> fix this?
>  
> Cheers,
>  
> Peter
> 
> *** REPLY SEPARATOR ***
> 
> On 25/10/2017 at 6:41 PM Kevin Miller wrote:
> 
> Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m 
> not sure if it’s working or not.  Running spamassasin –lint returns a 
> warning:
> 
>   root@mx2:/etc/spamassassin# spamassassin --lint
> 
>   Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp 
> compilation at /etc/spamassassin/HashBL.pm line 52.
> 
>  
> 
> ...Kevin
> 
> --
> 
> Kevin Miller
> 
> Network/email Administrator, CBJ MIS Dept.
> 
> 155 South Seward Street
> 
> Juneau, Alaska 99801
> 
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 
> 307357
> 
>  
> 
> *From:*Michael Grant [mailto:michael.gr...@gmail.com]
> *Sent:* Sunday, October 15, 2017 2:02 AM
> *To:* SpamAssassin Users
> *Subject:* MSBL Email Blocklist (EBL) SA usage query
> 
>  
> 
> Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with 
> Spamassassin from msbl.org  and possibly considered 
> packaging this module (available from this page: 
> http://msbl.org/ebl-implementation.html) with SpamAssassin (perhaps in a 
> forthcoming release)?  rSpamD already has internal support for the EBL. So I 
> believe the MSBL folks are for this sort of thing in general.
> 
>  
> 
> This plugin looks through the message (not just headers) for email 
> addresses which have been identified as email drop boxes for scams like 419 
> advance fee fraud.  It then looks hashes of these addresses up in a 
> blocklist. 
> 
>  
> 
> I'm not affiliated with these folks.  I do however use this module in my 
> setup though and find it catches a bunch of things we wouldn't have otherwise 
> caught.
> 
>  
> 
> Michael Grant
>

RE: MSBL Email Blocklist (EBL) SA usage query

2017-11-21 Thread Peter 
Hi Kevin,

I am just trying this and getting the same error.  Did you work out how to
fix this?

Cheers,

Peter

*** REPLY SEPARATOR ***

On 25/10/2017 at 6:41 PM Kevin Miller wrote:
Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m not
sure if it’s working or not.  Running spamassasin –lint returns a
warning:
  root@mx2:/etc/spamassassin# spamassassin --lint
  Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp
compilation at /etc/spamassassin/HashBL.pm line 52.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Michael Grant [mailto:michael.gr...@gmail.com]
Sent: Sunday, October 15, 2017 2:02 AM
To: SpamAssassin Users
Subject: MSBL Email Blocklist (EBL) SA usage query

Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with
Spamassassin from msbl.org and possibly considered packaging this module
(available from this page: http://msbl.org/ebl-implementation.html) with
SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has
internal support for the EBL. So I believe the MSBL folks are for this sort
of thing in general.

This plugin looks through the message (not just headers) for email
addresses which have been identified as email drop boxes for scams like 419
advance fee fraud.  It then looks hashes of these addresses up in a
blocklist.

I'm not affiliated with these folks.  I do however use this module in my
setup though and find it catches a bunch of things we wouldn't have
otherwise caught.

Michael Grant

RE: MSBL Email Blocklist (EBL) SA usage query

2017-10-25 Thread Kevin Miller 
Implemented it on one of my tier 2 mx hosts.  No hits so far, but I’m not sure 
if it’s working or not.  Running spamassasin –lint returns a warning:
  root@mx2:/etc/spamassassin# spamassassin --lint
  Oct 25 09:39:35.403 [15095] warn: Use of uninitialized value in regexp 
compilation at /etc/spamassassin/HashBL.pm line 52.

...Kevin
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357

From: Michael Grant [mailto:michael.gr...@gmail.com]
Sent: Sunday, October 15, 2017 2:02 AM
To: SpamAssassin Users
Subject: MSBL Email Blocklist (EBL) SA usage query

Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with 
Spamassassin from msbl.org and possibly considered packaging 
this module (available from this page: http://msbl.org/ebl-implementation.html) 
with SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has 
internal support for the EBL. So I believe the MSBL folks are for this sort of 
thing in general.

This plugin looks through the message (not just headers) for email addresses 
which have been identified as email drop boxes for scams like 419 advance fee 
fraud.  It then looks hashes of these addresses up in a blocklist.

I'm not affiliated with these folks.  I do however use this module in my setup 
though and find it catches a bunch of things we wouldn't have otherwise caught.

Michael Grant

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread John Hardin 

On Mon, 16 Oct 2017, Merijn van den Kroonenberg wrote:


On 10/16/2017 10:04 AM, John Hardin wrote:

On Mon, 16 Oct 2017, David Jones wrote:


I guess this means I am getting more pressure to fix the nightly
masscheck process that has been holding up any rule updates or new
versions of SA code. I have been thinking about a "band-aid" option to
put the missing scores in 72_scores.cf into the static 50_scores.cf
file to keep normal SA scoring levels until the real bug can be found
and fixed.


I'd prefer a separate file so that we can just delete it when the
problem is understood and fixed.



Good idea.  Have a recommendation/preference for the new file name?
72_scores_addendum.cf?  72_scores_fix.cf? 73_scores.cf?


I think the new file name should 'sort' before the generated 72_scores.cf?
So the generated 72_scores.cf will override the temporary defaults in the
new file?


The problem is 72_scores has explicit bad scores in it.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Liberals love sex ed because it teaches kids to be safe around their
  sex organs. Conservatives love gun education because it teaches kids
  to be safe around guns. However, both believe that the other's
  education goals lead to dangers too terrible to contemplate.
---
 200 days since the first commercial re-flight of an orbital booster (SpaceX)

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread John Hardin 

On Mon, 16 Oct 2017, David Jones wrote:


On 10/16/2017 10:04 AM, John Hardin wrote:

 On Mon, 16 Oct 2017, David Jones wrote:

>  I guess this means I am getting more pressure to fix the nightly 
>  masscheck process that has been holding up any rule updates or new 
>  versions of SA code. I have been thinking about a "band-aid" option to 
>  put the missing scores in 72_scores.cf into the static 50_scores.cf file 
>  to keep normal SA scoring levels until the real bug can be found and 
>  fixed.


 I'd prefer a separate file so that we can just delete it when the problem
 is understood and fixed.


Good idea.  Have a recommendation/preference for the new file name? 
72_scores_addendum.cf?  72_scores_fix.cf? 73_scores.cf?


It needs to be processed between 72_scores.cf and 73_sandbox_manual_scores.cf

72_scores_temporary_fix.cf perhaps - let's make explicit that it's a 
temporary hack.



--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Liberals love sex ed because it teaches kids to be safe around their
  sex organs. Conservatives love gun education because it teaches kids
  to be safe around guns. However, both believe that the other's
  education goals lead to dangers too terrible to contemplate.
---
 200 days since the first commercial re-flight of an orbital booster (SpaceX)

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread Merijn van den Kroonenberg 
> On 10/16/2017 10:04 AM, John Hardin wrote:
>> On Mon, 16 Oct 2017, David Jones wrote:
>>
>>> I guess this means I am getting more pressure to fix the nightly
>>> masscheck process that has been holding up any rule updates or new
>>> versions of SA code. I have been thinking about a "band-aid" option to
>>> put the missing scores in 72_scores.cf into the static 50_scores.cf
>>> file to keep normal SA scoring levels until the real bug can be found
>>> and fixed.
>>
>> I'd prefer a separate file so that we can just delete it when the
>> problem is understood and fixed.
>>
>
> Good idea.  Have a recommendation/preference for the new file name?
> 72_scores_addendum.cf?  72_scores_fix.cf? 73_scores.cf?

I think the new file name should 'sort' before the generated 72_scores.cf?
So the generated 72_scores.cf will override the temporary defaults in the
new file?

>
> --
> David Jones
>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread David Jones 

On 10/16/2017 10:04 AM, John Hardin wrote:

On Mon, 16 Oct 2017, David Jones wrote:

I guess this means I am getting more pressure to fix the nightly 
masscheck process that has been holding up any rule updates or new 
versions of SA code. I have been thinking about a "band-aid" option to 
put the missing scores in 72_scores.cf into the static 50_scores.cf 
file to keep normal SA scoring levels until the real bug can be found 
and fixed.


I'd prefer a separate file so that we can just delete it when the 
problem is understood and fixed.




Good idea.  Have a recommendation/preference for the new file name? 
72_scores_addendum.cf?  72_scores_fix.cf? 73_scores.cf?


--
David Jones

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread John Hardin 

On Mon, 16 Oct 2017, David Jones wrote:

I guess this means I am getting more pressure to fix the nightly masscheck 
process that has been holding up any rule updates or new versions of SA code. 
I have been thinking about a "band-aid" option to put the missing scores in 
72_scores.cf into the static 50_scores.cf file to keep normal SA scoring 
levels until the real bug can be found and fixed.


I'd prefer a separate file so that we can just delete it when the problem 
is understood and fixed.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
 200 days since the first commercial re-flight of an orbital booster (SpaceX)

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread Kevin A. McGrail 

On 10/16/2017 8:57 AM, David Jones wrote:


I guess this means I am getting more pressure to fix the nightly 
masscheck process that has been holding up any rule updates or new 
versions of SA code.  I have been thinking about a "band-aid" option 
to put the missing scores in 72_scores.cf into the static 50_scores.cf 
file to keep normal SA scoring levels until the real bug can be found 
and fixed. 


+1.  That was my thought as well.  A band-aid to relight will help it 
get fixed.

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread David Jones 

On 10/15/2017 04:19 PM, Michael Grant wrote:

Hi Keven

I will tell you in the many months we’ve been using the EBL SA Plug in, 
we have yet to see a FP, and thus have raised its initial SA scoring of 
1 up to 5 and then again presently to 9.  The EBL has been wildly 
successful for us at catching and now blocking this type of drop box 
spam at the SMTP level for which we do with SA  that score at 15 or greater.




I can confirm it's working well the past couple of days on my spam trap. 
 The spam that is hitting HASHBL_EMAIL is scoring in the 40's to 60's 
already with my other local SA rule enhancements.  On my production mail 
filters, I am not not getting any hits most likely from tighter MTA 
tuning (RBLs, DNS checks, Postscreen, etc.).  For those without access 
to MTA settings, this would be very helpful.


This would definitely be a good thing to include in the spamassassin 
distribution if possible!




I second the vote to submit it as an enhancement to default SA rules 
that would be enabled with a simple uncommenting of a line.


I guess this means I am getting more pressure to fix the nightly 
masscheck process that has been holding up any rule updates or new 
versions of SA code.  I have been thinking about a "band-aid" option to 
put the missing scores in 72_scores.cf into the static 50_scores.cf file 
to keep normal SA scoring levels until the real bug can be found and fixed.


--
David Jones

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-16 Thread Kevin A. McGrail 

On 10/15/2017 5:19 PM, Michael Grant wrote:
I will tell you in the many months we’ve been using the EBL SA Plug 
in, we have yet to see a FP, and thus have raised its initial SA 
scoring of 1 up to 5 and then again presently to 9.  The EBL has been 
wildly successful for us at catching and now blocking this type of 
drop box spam at the SMTP level for which we do with SA  that score at 
15 or greater.


This would definitely be a good thing to include in the spamassassin 
distribution if possible!
Hi Michael, I'm glad it works for you.  Have you reached out to Stephen 
if he is even interested it submitting it for core inclusion?  With 
plugins, I usually have a low bar for inclusion if they are not enabled 
by default.


Regards,
KAM

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-15 Thread Michael Grant 
Hi Keven

I will tell you in the many months we’ve been using the EBL SA Plug in, we
have yet to see a FP, and thus have raised its initial SA scoring of 1 up
to 5 and then again presently to 9.  The EBL has been wildly successful for
us at catching and now blocking this type of drop box spam at the SMTP
level for which we do with SA  that score at 15 or greater.

This would definitely be a good thing to include in the spamassassin
distribution if possible!

Michael

On 15 October 2017 at 13:22, Kevin A. McGrail 
wrote:

> I use a private plugin that does the same thing and have asked a few times
> for them to consider contributing it.
>
> Perhaps this will encourage them to finally do so. I will take a look at
> msbl and ping the other.
>
> Thanks for pointing this out.
> Regards,
> KAM
>
>
> On October 15, 2017 6:01:31 AM EDT, Michael Grant 
> wrote:
>>
>> Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with
>> Spamassassin from msbl.org and possibly considered packaging this module
>> (available from this page: http://msbl.org/ebl-implementation.html) with
>> SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has
>> internal support for the EBL. So I believe the MSBL folks are for this sort
>> of thing in general.
>>
>> This plugin looks through the message (not just headers) for email
>> addresses which have been identified as email drop boxes for scams like 419
>> advance fee fraud.  It then looks hashes of these addresses up in a
>> blocklist.
>>
>> I'm not affiliated with these folks.  I do however use this module in my
>> setup though and find it catches a bunch of things we wouldn't have
>> otherwise caught.
>>
>> Michael Grant
>>
>

Re: MSBL Email Blocklist (EBL) SA usage query

2017-10-15 Thread Kevin A. McGrail 
I use a private plugin that does the same thing and have asked a few times for 
them to consider contributing it.  

Perhaps this will encourage them to finally do so.  I will take a look at msbl 
and ping the other.

Thanks for pointing this out.
Regards,
KAM

On October 15, 2017 6:01:31 AM EDT, Michael Grant  
wrote:
>Has anyone tried out the the MSBL Email Blocklist (EBL) HashBL.pm with
>Spamassassin from msbl.org and possibly considered packaging this
>module
>(available from this page: http://msbl.org/ebl-implementation.html)
>with
>SpamAssassin (perhaps in a forthcoming release)?  rSpamD already has
>internal support for the EBL. So I believe the MSBL folks are for this
>sort
>of thing in general.
>
>This plugin looks through the message (not just headers) for email
>addresses which have been identified as email drop boxes for scams like
>419
>advance fee fraud.  It then looks hashes of these addresses up in a
>blocklist.
>
>I'm not affiliated with these folks.  I do however use this module in
>my
>setup though and find it catches a bunch of things we wouldn't have
>otherwise caught.
>
>Michael Grant