Re: Spam Assassin White List
On 24-Mar-2009, at 19:54, RW wrote: On Wed, 25 Mar 2009 01:35:53 +0100 (CET) Benny Pedersen m...@junc.org wrote: On Tue, March 24, 2009 03:34, dsh979 wrote: whitelist_from *...@whitelist3.com forged senders welcome :) hope *_from will be removed in next sa, its the badest check in current sa of all tests :/ change to whitelist_auth rules I think they all have their place. Clearly you'd want to use whitelist_auth for the likes of paypal, but whitelist_from is almost certainly a better choice when there is a low probability of forgery, e.g. one obscure company whitelisting another. Is there a blacklist_noauth? Because it seems that would be far more useful for paypal. blacklist_auth *paypal* -- Say, give it up, give it up, television's taking its toll That's enough, that's enough, gimme the remote control I been nice, I been good, please don't do this to me Turn it off, turn it off, I don't want to have to see
Re: Spam Assassin White List
On Wed, 2009-03-25 at 08:19 -0600, LuKreme wrote: On 24-Mar-2009, at 19:54, RW wrote: On Wed, 25 Mar 2009 01:35:53 +0100 (CET) Benny Pedersen m...@junc.org wrote: On Tue, March 24, 2009 03:34, dsh979 wrote: Is there a blacklist_noauth? Because it seems that would be far more useful for paypal. blacklist_auth *paypal* No, but I'd love one. Paypal, ebay, hotmail, yahoo, gmail. And, of course, your own domain! -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Spam Assassin White List
Is there a blacklist_noauth? Because it seems that would be far more useful for paypal. blacklist_auth *paypal* You whitelist_auth paypal.com and then a rule that scores +50 for From contains *...@paypal.com -- quick and easy. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com There are two novels that can change a bookish 14-year-old's life: _The Lord of the Rings_ and _Atlas Shrugged_. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs. --John Rogers
Re: Spam Assassin White List
On 25-Mar-2009, at 09:38, Dave Pooser wrote: Is there a blacklist_noauth? Because it seems that would be far more useful for paypal. blacklist_auth *paypal* You whitelist_auth paypal.com and then a rule that scores +50 for From contains *...@paypal.com -- quick and easy. well, of course many things come from paypal-alike addresses like paypal.lolz.biz or paypal.cz or soemthing, so being able to do something like blacklist_noauth *paypal* would be useful. There are two novels that can change a bookish 14-year-old's life: _The Lord of the Rings_ and _Atlas Shrugged_. One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs. --John Rogers I love that quote. -- This is our music from the bachelor's den, the sound of loneliness turned up to ten. A harsh soundtrack from a stagnant waterbed and it sounds just like this. This is the sound of someone losing the plot making out that they're OK when they're not. You're gonna like it, but not a lot. And the chorus goes like this...
Re: Spam Assassin White List
On 23.03.09 21:58, dsh979 wrote: I did not realise that items listed on the white list or the black list would still be subject to the operation/analysis of the SpamAssassin Rules. all rules are processed unless you play with ShortCircuit plugin. Beware of that: It may render the SA useless if you don't knwo what you are doing. You have asked why I have set the required score the 100. Lengthy explanation (sorry). I have done this to prevent SpamAssassin from inserting SpamWarnings into the header/body of the relevant email. There's report_safe option to configure that. In responding to spam I rely on the SpamAssassin Score in conjunction with other email message indicators), and incorporate these variables into a domain level filter (cPanel). cpanel? In such case you apparently should direct your questions to cpanel support (forum/list). Mail is then bounced (by the filter) without any warning in the bounced email itself, that it has been bounced because it has been identified as spam. In fact, the bounced email will have a message inserted to the effect that there is no such user/receipient. In this way, if there is a sender who receives the bounced email, hopefully they take me off their mailing list, instead of looking for a way to 'outsmart' the SpamRules. bouncing sucks, bouncing spam is dangerous, since most of spam has false return address so you are bouncing to innocent third party (which may cause blogkinc your outgoing mail on blacklists). Reject unwanted the mail when it comes, don't bounce, especially when you are sure it's spam Q:How can I list items/users on a white list or a black list without the lists (and items) being the subject of further analysis by the SpamAssassin Rules (and therefore obtaining the same score for each item on the relevant list, irrespective of the operation of the SpamAssassin Rules, that is -100=white list items +100 = black list items)? I somehow do not understand this question. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: Spam Assassin White List
On Mon, 23 Mar 2009, dsh979 wrote: Q:How can I list items/users on a white list or a black list without the lists (and items) being the subject of further analysis by the SpamAssassin Rules That has to be done outside SA. Basically (modulo shortcuts, which you shouldn't be playing with) SA always checks all rules against every message it processes. If you want a hard whitelist or blacklist, then whatever is passing the messages from your MTA to SA for scoring (the glue layer) needs to implement that capability, and not give those messages to SA in the first place. As others have said, _do not_ bounce (i.e. accept and then later send a failure-to-deliver message to the sender) spams. It is a given that spam is sent with a forged From address. If you bounce spams in this way, you're simply attacking some innocent third party - and this may result in _your_ MTA getting blacklisted. If you want a hard blacklist, check the sender in your MTA _during SMTP_ and reject the message rather than accepting it. The typical way to do this is by configuring your MTA to check DNS blacklists, such as zen.spamhaus.org, and to add MTA rules rejecting specific senders or IP addresses. Also: your MTA should not be accepting messages for invalid addresses. Those need to be rejected during the SMTP phase. These particular questions are better directed at the cpanel list, as you're asking how do I reject emails with specific from_address, to_address or sender_IP during SMTP time? and how do I skip SA for specific from_address, to_address, sender_IP? Best of luck. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Liberals love sex ed because it teaches kids to be safe around their sex organs. Conservatives love gun education because it teaches kids to be safe around guns. However, both believe that the other's education goals lead to dangers too terrible to contemplate. --- 62 days since Obama's inauguration and still no unicorn!
Re: Spam Assassin White List
From: Matus UHLAR - fantomas uh...@fantomas.sk Date: Tue, 24 Mar 2009 15:30:23 +0100 On 23.03.09 21:58, dsh979 wrote: I did not realise that items listed on the white list or the black list would still be subject to the operation/analysis of the SpamAssassin Rules. all rules are processed unless you play with ShortCircuit plugin. Beware of that: It may render the SA useless if you don't knwo what you are doing. You have asked why I have set the required score the 100. Lengthy explanation (sorry). I have done this to prevent SpamAssassin from inserting SpamWarnings into the header/body of the relevant email. There's report_safe option to configure that. Also rewrite_header Q:How can I list items/users on a white list or a black list without the lists (and items) being the subject of further analysis by the SpamAssassin Rules (and therefore obtaining the same score for each item on the relevant list, irrespective of the operation of the SpamAssassin Rules, that is -100=white list items +100 = black list items)? I somehow do not understand this question. He wants the white/black lists to run first and then short circuit. So anybody in the whitelist gets a score of -100 and anybody in the blacklist gets a score of +100. This can probably be done with the ShortCircuit plugin and setting the priority of the rules so that they run first. Black lists aren't all that useful for stopping spam. The email addresses are forged in spam. -jeff
Re: Spam Assassin White List
On Tue, March 24, 2009 03:34, dsh979 wrote: blacklist_from *...@blacklist1.com blacklist_from *...@blacklist2.com blacklist_from *...@blacklist3.com required_score 100 whitelist_from *...@whitelist1.com whitelist_from *...@whitelist2.com whitelist_from *...@whitelist3.com forged senders welcome :) hope *_from will be removed in next sa, its the badest check in current sa of all tests :/ change to whitelist_auth rules -- http://localhost/ 100% uptime and 100% mirrored :)
Re: Spam Assassin White List
On Wed, 25 Mar 2009 01:35:53 +0100 (CET) Benny Pedersen m...@junc.org wrote: On Tue, March 24, 2009 03:34, dsh979 wrote: whitelist_from *...@whitelist3.com forged senders welcome :) hope *_from will be removed in next sa, its the badest check in current sa of all tests :/ change to whitelist_auth rules I think they all have their place. Clearly you'd want to use whitelist_auth for the likes of paypal, but whitelist_from is almost certainly a better choice when there is a low probability of forgery, e.g. one obscure company whitelisting another.
Re: Spam Assassin White List
Hello John Thanks for your reply. I am adding users to the white list and the black list (in the SpamAssassin user preferences file) as follows: blacklist_from *...@blacklist1.com blacklist_from *...@blacklist2.com blacklist_from *...@blacklist3.com required_score 100 whitelist_from *...@whitelist1.com whitelist_from *...@whitelist2.com whitelist_from *...@whitelist3.com John Hardin wrote: On Wed, 18 Mar 2009, dsh979 wrote: I have found that when I add manually a user to the whitelist (in the SpamAssassin user preferences file) I get inconsistent results: ... I have also found that when I manually a user to the blacklist (in the SpamAssassin user preferences file) I get the following result: How _exactly_ are you adding users to the whitelist and blacklist? Give us examples of what you're adding to the config file. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...in the 2nd amendment the right to arms clause means you have the right to choose how many arms you want, and the militia clause means that Congress can punish you if the answer is none. -- David Hardy, 2nd Amendment scholar --- 1327 days until the Presidential Election -- View this message in context: http://www.nabble.com/Spam-Assassin-White-List-tp22589650p22673278.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spam Assassin White List
dsh979 wrote: Hello John Thanks for your reply. I am adding users to the white list and the black list (in the SpamAssassin user preferences file) as follows: blacklist_from *...@blacklist1.com blacklist_from *...@blacklist2.com blacklist_from *...@blacklist3.com required_score 100 whitelist_from *...@whitelist1.com whitelist_from *...@whitelist2.com whitelist_from *...@whitelist3.com Why do you have the required_score 100 in there? That could prevent your blacklists from working 100% of the time. The blacklist works by adding +100 to the message score, but if the other rules it matches come out negative, the blacklist won't be effective because the total score will be under 100.
Re: Spam Assassin White List
Thanks for your reply. I am adding users to the white list and the black list (in the SpamAssassin user preferences file) as follows: snip whitelist_from *...@whitelist1.com whitelist_from should be used as a last resort; whitelist_from_auth and whitelist_from_rcvd are significantly safer in a world where spammers forge From: addresses constantly. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com You're useless when you're high on catnip, you know that?
Re: Spam Assassin White List
Thank you for your reply Matt. I did not realise that items listed on the white list or the black list would still be subject to the operation/analysis of the SpamAssassin Rules. You have asked why I have set the required score the 100. Lengthy explanation (sorry). I have done this to prevent SpamAssassin from inserting SpamWarnings into the header/body of the relevant email. In responding to spam I rely on the SpamAssassin Score in conjunction with other email message indicators), and incorporate these variables into a domain level filter (cPanel). Mail is then bounced (by the filter) without any warning in the bounced email itself, that it has been bounced because it has been identified as spam. In fact, the bounced email will have a message inserted to the effect that there is no such user/receipient. In this way, if there is a sender who receives the bounced email, hopefully they take me off their mailing list, instead of looking for a way to 'outsmart' the SpamRules. Q:How can I list items/users on a white list or a black list without the lists (and items) being the subject of further analysis by the SpamAssassin Rules (and therefore obtaining the same score for each item on the relevant list, irrespective of the operation of the SpamAssassin Rules, that is -100=white list items +100 = black list items)? Matt Kettler-3 wrote: dsh979 wrote: Hello John Thanks for your reply. I am adding users to the white list and the black list (in the SpamAssassin user preferences file) as follows: blacklist_from *...@blacklist1.com blacklist_from *...@blacklist2.com blacklist_from *...@blacklist3.com required_score 100 whitelist_from *...@whitelist1.com whitelist_from *...@whitelist2.com whitelist_from *...@whitelist3.com Why do you have the required_score 100 in there? That could prevent your blacklists from working 100% of the time. The blacklist works by adding +100 to the message score, but if the other rules it matches come out negative, the blacklist won't be effective because the total score will be under 100. -- View this message in context: http://www.nabble.com/Spam-Assassin-White-List-tp22589650p22674314.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Spam Assassin White List
On Mon, March 23, 2009 10:58 pm, dsh979 wrote: Thank you for your reply Matt. I did not realise that items listed on the white list or the black list would still be subject to the operation/analysis of the SpamAssassin Rules. You have asked why I have set the required score the 100. Lengthy explanation (sorry). I have done this to prevent SpamAssassin from inserting SpamWarnings into the header/body of the relevant email. In responding to spam I rely on the SpamAssassin Score in conjunction with other email message indicators), and incorporate these variables into a domain level filter (cPanel). Mail is then bounced (by the filter) without any warning in the bounced email itself, that it has been bounced because it has been identified as spam. In fact, the bounced email will have a message inserted to the effect that there is no such user/receipient. In this way, if there is a sender who receives the bounced email, hopefully they take me off their mailing list, instead of looking for a way to 'outsmart' the SpamRules. Q:How can I list items/users on a white list or a black list without the lists (and items) being the subject of further analysis by the SpamAssassin Rules (and therefore obtaining the same score for each item on the relevant list, irrespective of the operation of the SpamAssassin Rules, that is -100=white list items +100 = black list items)? A couple thoughts: 1. by returning the emails, you run the risk of false-negatives and thus creating 'email backscatter' (see wikipedia). 2. If you don't want to receive these things at all, have you considered using your MTA to block the actual IP addresses of known spammers using a couple of rules like (for sendmail): FEATURE(`dnsbl', `bl.spamcop.net',`Rejected as Spam. See http://bl.spamcop.net?${clientaddr}; for more information')dnl FEATURE(`dnsbl', `zen.spamhaus.org',`Rejected as Spam. See http://spamhaus.org/query/bl?ip=${clientaddr}; for more information')dnl which rejects the email long before SA has to be bothered? When I check my logs, the spamcop rule alone blocks as many as 800-1100 email daily. Just something to consider. Karl Matt Kettler-3 wrote: dsh979 wrote: Hello John Thanks for your reply. I am adding users to the white list and the black list (in the SpamAssassin user preferences file) as follows: blacklist_from *...@blacklist1.com blacklist_from *...@blacklist2.com blacklist_from *...@blacklist3.com required_score 100 whitelist_from *...@whitelist1.com whitelist_from *...@whitelist2.com whitelist_from *...@whitelist3.com Why do you have the required_score 100 in there? That could prevent your blacklists from working 100% of the time. The blacklist works by adding +100 to the message score, but if the other rules it matches come out negative, the blacklist won't be effective because the total score will be under 100. -- View this message in context: http://www.nabble.com/Spam-Assassin-White-List-tp22589650p22674314.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com. --- Karl Pearson ka...@ourldsfamily.com Owner/Administrator of the sites at http://ourldsfamily.com --- To mess up your Linux PC, you have to really work at it; to mess up a microsoft PC you just have to work on it. ---
Re: Spam Assassin White List
On Wed, 18 Mar 2009, dsh979 wrote: I have found that when I add manually a user to the whitelist (in the SpamAssassin user preferences file) I get inconsistent results: ... I have also found that when I manually a user to the blacklist (in the SpamAssassin user preferences file) I get the following result: How _exactly_ are you adding users to the whitelist and blacklist? Give us examples of what you're adding to the config file. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- ...in the 2nd amendment the right to arms clause means you have the right to choose how many arms you want, and the militia clause means that Congress can punish you if the answer is none. -- David Hardy, 2nd Amendment scholar --- 1327 days until the Presidential Election