Re: Spamassassin reporting IP address is whitelisted by DNSWL.org but DNSWL.org reports it is not
On 2021-04-10 03:20 PM, Bill Cole wrote: On 10 Apr 2021, at 14:53, Steve Dondley wrote: I'm very, very sorry to beat a dead horse, but I'm deeply confused by the "RCVD_IN_DNSWL_HI" rule which appears to be reporting incorrectly on my system. STOP USING ANY PUBLIC DNS RESOLVERS WITH ANY MAIL SERVERS! For the record, my nameserver setting in /etc/resolv.conf was some local IP address which presumably used an Amazon Web Service (AWS) DNS server. After changing the IP address to 127.0.0.1 in that file, it changed itself back to the original IP address after some short period of time. To fix this, follow the appropriate instructions here: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-static-dns-ubuntu-debian/
Re: Spamassassin reporting IP address is whitelisted by DNSWL.org but DNSWL.org reports it is not
On 10 Apr 2021, at 14:53, Steve Dondley wrote: I'm very, very sorry to beat a dead horse, but I'm deeply confused by the "RCVD_IN_DNSWL_HI" rule which appears to be reporting incorrectly on my system. STOP USING ANY PUBLIC DNS RESOLVERS WITH ANY MAIL SERVERS! Some of these will return bogus values instead of a proper NXDOMAIN, SERVFAIL, or REFUSED when asked questions that they cannot answer or don't want to answer. Quad9 is one such. It is UNFIT for any use by any mail system. It tells you lies about DNS, supposedly for what its operators deem to be your own good. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Spamassassin reporting
On 04 Dec 2019, at 17:07, Chris Pollock wrote: > Here's what I use for my home system That’s nifty, though it would be nice if it could handle compressed files. -- Train Station: where the train stops. Work Station: …
Re: Spamassassin reporting
On Thu, 2019-12-05 at 14:47 -0500, Dave Goodrich wrote: > That looks very familiar, and exactly what I am looking for. I can > make that script work with our log files, thank you. > > DAve > You're welcome. -- Chris 31.11972; -97.90167 (Elev. 1092 ft) 17:28:20 up 3 days, 8:11, 1 user, load average: 1.75, 0.79, 0.68 Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-37-generic
Re: Spamassassin reporting
That looks very familiar, and exactly what I am looking for. I can make that script work with our log files, thank you. DAve - On Dec 4, 2019, at 8:14 PM, Chris Pollock cpoll...@embarqmail.com wrote: > On Wed, 2019-12-04 at 11:22 -0500, Dave Goodrich wrote: >> Good morning, >> >> Many years ago, in previous jobs, I used several scripts to report >> spam statistics daily. Some I wrote, some I downloaded. I need to >> create some reporting on our current zimbra/postfix/spamassassin >> server. The supplied stats are pretty for managers if you have Flash, >> but not useful. >> >> Can anyone recommend a ready to run OSS script, or set of scripts, >> for basic maillog stats concerning Spam? Just thought I would ask >> before I wrote something. Internet searching is not turning up >> anything for me. >> >> Thanks, >> >> DAve >> > Forgot to add what the output looks like > -- > Chris > KeyID 0xE372A7DA98E6705C > 31.11972; -97.90167 (Elev. 1092 ft) > 19:11:09 up 2 days, 9:54, 1 user, load average: 0.66, 0.42, 0.39 > Description: Ubuntu 18.04.3 LTS, kernel 5.0.0-37-generic
Re: Spamassassin reporting
Thank you, we will look at that for possibly other things as well. DAve - On Dec 4, 2019, at 2:30 PM, Giovanni Bechis giova...@paclan.it wrote: > On 12/4/19 5:22 PM, Dave Goodrich wrote: >> Good morning, >> >> Many years ago, in previous jobs, I used several scripts to report spam >> statistics daily. Some I wrote, some I downloaded. I need to create some >> reporting on our current zimbra/postfix/spamassassin server. The supplied >> stats >> are pretty for managers if you have Flash, but not useful. >> >> Can anyone recommend a ready to run OSS script, or set of scripts, for basic >> maillog stats concerning Spam? Just thought I would ask before I wrote >> something. Internet searching is not turning up anything for me. >> > It's not a "ready to run" set of scripts, but I am using ELK to analyze > maillog > stats; it will take a bit to setup all the stack but it's a very good software > and you can extract all kind of info with that. > > Giovanni
Re: Spamassassin reporting
On Wed, 2019-12-04 at 11:22 -0500, Dave Goodrich wrote: > Good morning, > > Many years ago, in previous jobs, I used several scripts to report > spam statistics daily. Some I wrote, some I downloaded. I need to > create some reporting on our current zimbra/postfix/spamassassin > server. The supplied stats are pretty for managers if you have Flash, > but not useful. > > Can anyone recommend a ready to run OSS script, or set of scripts, > for basic maillog stats concerning Spam? Just thought I would ask > before I wrote something. Internet searching is not turning up > anything for me. > > Thanks, > > DAve > Forgot to add what the output looks like -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 19:11:09 up 2 days, 9:54, 1 user, load average: 0.66, 0.42, 0.39 Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-37-generic WebKitWebProcess_job__1__ng_non-Linux-generated_files.pdf Description: Adobe PDF document signature.asc Description: This is a digitally signed message part
Re: Spamassassin reporting
On Wed, 2019-12-04 at 11:22 -0500, Dave Goodrich wrote: > Good morning, > > Many years ago, in previous jobs, I used several scripts to report > spam statistics daily. Some I wrote, some I downloaded. I need to > create some reporting on our current zimbra/postfix/spamassassin > server. The supplied stats are pretty for managers if you have Flash, > but not useful. > > Can anyone recommend a ready to run OSS script, or set of scripts, > for basic maillog stats concerning Spam? Just thought I would ask > before I wrote something. Internet searching is not turning up > anything for me. > > Thanks, > > DAve > Here's what I use for my home system -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 18:06:20 up 2 days, 8:49, 1 user, load average: 0.90, 0.81, 0.84 Description:Ubuntu 18.04.3 LTS, kernel 5.0.0-37-generic sa-stats-1.0.pl Description: Perl program signature.asc Description: This is a digitally signed message part
Re: Spamassassin reporting
> Many years ago, in previous jobs, I used several scripts to report spam > statistics daily. Some I wrote, some I downloaded. I need to create some > reporting on our current zimbra/postfix/spamassassin server. The supplied > stats are pretty for managers if you have Flash, but not useful. There is a plugin on the Apache Spamassassin site called LogSpam.pm. I modified it to pipe spam to a filter for capturing the HELO IP address and then to a filter that would stash the message in an archive directory with the spam header attached. The IP address is used to null-route the IP after a threshold number of spams have been detected. The saved messages are used to generate a daily report for each mail user, containing the subject and sender, so that they could identify false positives. Todd Merriman Software Toolz, Inc.
Re: Spamassassin reporting
On 12/4/19 5:22 PM, Dave Goodrich wrote: > Good morning, > > Many years ago, in previous jobs, I used several scripts to report spam > statistics daily. Some I wrote, some I downloaded. I need to create some > reporting on our current zimbra/postfix/spamassassin server. The supplied > stats are pretty for managers if you have Flash, but not useful. > > Can anyone recommend a ready to run OSS script, or set of scripts, for basic > maillog stats concerning Spam? Just thought I would ask before I wrote > something. Internet searching is not turning up anything for me. > It's not a "ready to run" set of scripts, but I am using ELK to analyze maillog stats; it will take a bit to setup all the stack but it's a very good software and you can extract all kind of info with that. Giovanni
Re: Spamassassin reporting
On 04/12/19 17:22, Dave Goodrich wrote: Can anyone recommend a ready to run OSS script, or set of scripts, for basic maillog stats concerning Spam? Just thought I would ask before I wrote something. Internet searching is not turning up anything for me. Did you take a look at https://cwiki.apache.org/confluence/display/SPAMASSASSIN/StatsAndAnalyzers ? IIRC, years ago I used the SARE sa-stats.pl on a Zimbra installation, as it processes amavis logs out of the box (assuming Zimbra still uses amavis) -- Best regards, Riccardo Alfieri Spamhaus Technology https://www.spamhaustech.com/
Re: Spamassassin Reporting Qn
Title: RE: Spamassassin Reporting Qn Don't have the users FORWARD the mail to the account of the SA box. That will screw things up, especially with Exchange. Instead, make a public folder on the SA box, probably IMAP, and have users COPY or MOVE spam messages into this folder. They can do this with drag-n-drop, or by right-clicking on the message and selecting Move or maybe Copy. Run a cron script on the SA box to learn the stuff in the folder every so often, then empty it out. I believe there is a script on the wiki for managing the SA learning end of this, and a description in more detail on how to set all this up. Loren
Re: Spamassassin Reporting Qn
There is a gotcha in doing that, Glenn. One person's spam is another person's ham. It is better if each user has his or her own Bayes rules. For that I built a pair of IMAP mailboxes into which I can dump the spam and ham samples for each user. If doing this for other than me or Loren I'd dump them once they had been processed, sight unseen by human eyes. Neither Loren nor I seem to be as interested in each other's ham and spam samples as we are in eliminating spam. So I save both for retraining Bayes if something tubes the Bayes system. Since going to the trouble if creating IMAP mailboxes, which are a very general solution if spam is moved into them for disposal, I have discovered that the OE MUAs we use can simply export the spam as individual files by drag and drop. That could be used with a SAMBA exported directory on the mail server for generic training with one "spam" user account or it could be done per user with per user spam accounts. While I know I can do this I prefer the IMAP trick. It works and is somewhat easier. Note that I do NOT use forwarding for exactly the consideration you cite. I move (or copy) spam into the spam folder and let a cron job train the Bayes for each user at least once a day. {^_^} - Original Message - From: "Glenn Elliott" <[EMAIL PROTECTED]> > Hi Rainer, > > Sorry.. > > What is happening is spam is getting through spamassassin and the users > identify it as spam. I want to train spamassassin and an easy way to do this > would be to ask all the users to forward spam to a central mailbox on the > spamassassin server which I can then use to train spamassassin.. Am I making > sense? Is this possible? No user accounts are on the spamassassin server. > > Regards, > > Glenn. > > -Original Message- > From: Rainer Sokoll [mailto:[EMAIL PROTECTED] > > On Thu, Jan 27, 2005 at 07:52:29PM +1100, Glenn Elliott wrote: > > > My question is does spamassassin use the from address when learning as > > the from will equate to the internal users email address and not the > spammers... > > I dont want to register my internal users as spammers! > > IMHO, it does not make sense to scan mail from your internal users. Its just > wasting resources. > Here, in a similar setup like yours, I use spamass-milter to feed SA. > The milter can ignore mail from the internal network: > >From the startup script: > > ---8<--- > su amavis -c "/usr/local/sbin/spamass-milter -i 10.0.0.0/8 -f -p \ > /var/spamass/spamass-milter.sock" > ---8<--- > > So, everything from 10/8 is ignored > > > Rainer >
Re: Spamassassin Reporting Qn
On Thu, Jan 27, 2005 at 08:45:37PM +1100, Glenn Elliott wrote: > What is happening is spam is getting through spamassassin and the users > identify it as spam. I want to train spamassassin and an easy way to do this > would be to ask all the users to forward spam to a central mailbox on the > spamassassin server which I can then use to train spamassassin.. Am I making > sense? Is this possible? No user accounts are on the spamassassin server. Ah, now I understand. OK, I want to do the same like you, and have that idea: Assumed your Exchange supports IMAP (mine does so) Create a public folder in Exchange where users can put their spam in. (they would have to drag'n drop the offending mail into that folder, not just forward it, since this would remove all headers). Once a day or so, I would connect to this public folder, download all mails onto a local hard disk (mbox format) , delete the mails on the Exchange server, move the file containing tha spams to the machine running SA and then fire up sa-lern --mbox. On any flavour of Uni*x, this can be done automagically by using the usual suspects (cron, scp, ssh...) Rainer
RE: Spamassassin Reporting Qn
Title: RE: Spamassassin Reporting Qn Hi Rainer, Sorry.. What is happening is spam is getting through spamassassin and the users identify it as spam. I want to train spamassassin and an easy way to do this would be to ask all the users to forward spam to a central mailbox on the spamassassin server which I can then use to train spamassassin.. Am I making sense? Is this possible? No user accounts are on the spamassassin server. Regards, Glenn. -Original Message- From: Rainer Sokoll [mailto:[EMAIL PROTECTED]] Sent: Thursday, 27 January 2005 8:41 PM To: users@spamassassin.apache.org Subject: Re: Spamassassin Reporting Qn On Thu, Jan 27, 2005 at 07:52:29PM +1100, Glenn Elliott wrote: > My question is does spamassassin use the from address when learning as > the from will equate to the internal users email address and not the spammers... > I dont want to register my internal users as spammers! IMHO, it does not make sense to scan mail from your internal users. Its just wasting resources. Here, in a similar setup like yours, I use spamass-milter to feed SA. The milter can ignore mail from the internal network: From the startup script: ---8<--- su amavis -c "/usr/local/sbin/spamass-milter -i 10.0.0.0/8 -f -p \ /var/spamass/spamass-milter.sock" ---8<--- So, everything from 10/8 is ignored Rainer
Re: Spamassassin Reporting Qn
On Thu, Jan 27, 2005 at 07:52:29PM +1100, Glenn Elliott wrote: > My question is does spamassassin use the from address when learning as the > from will equate to the internal users email address and not the spammers... > I dont want to register my internal users as spammers! IMHO, it does not make sense to scan mail from your internal users. Its just wasting resources. Here, in a similar setup like yours, I use spamass-milter to feed SA. The milter can ignore mail from the internal network: >From the startup script: ---8<--- su amavis -c "/usr/local/sbin/spamass-milter -i 10.0.0.0/8 -f -p \ /var/spamass/spamass-milter.sock" ---8<--- So, everything from 10/8 is ignored Rainer