Re: spamc sometimes complains MISSING_MID sometimes not with same message
On 10/9/10 11:35 AM, Dennis German wrote: The question is: Has anyone seen unpredictable and different results when processing the same message? Sure. if your setup is messed up, you will get unpredictable results. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On Sat, 2010-10-09 at 11:35 -0400, Dennis German wrote: The question is: Has anyone seen unpredictable and different results when processing the same message? No. The operative part of the script is: #first run use echo setting aside user_prefs, running with system wide values mv ~/.spamassassin/user_prefs ~/.spamassassin/user_prefss cp ~/.spamassassin/user_prefs.rptonly ~/.spamassassin/user_prefs grep -iv X-SPAM $1 | spamc $1.o grep X-Spam $1.o Your grepping is broken. You're not limiting the pattern at the beginning of a line, and more importantly don't account for multi-line headers. This can result in a lot of strange things. Formail is your friend. To correctly extract all X-Spam headers, use formail -X, and to remove them use -I instead of -X. formail -X X-Spam $msg However, there is no need to remove SA headers before processing it a second time with SA. SA ignores these. grep -A14 pts rule name $1.oo|grep -v \-\-\-\- What if there are more lines?? I run the script multiple times and get unpredictable results regarding the appearance of MISSING_MID. Yeah, I can see that happening with a script like the above. :) -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On Sat, 2010-10-09 at 11:35 -0400, Dennis German wrote: #first run use echo setting aside user_prefs, running with system wide values mv ~/.spamassassin/user_prefs ~/.spamassassin/user_prefss cp ~/.spamassassin/user_prefs.rptonly ~/.spamassassin/user_prefs grep -iv X-SPAM $1 | spamc $1.o grep X-Spam $1.o grep -A14 pts rule name $1.oo|grep -v \-\-\-\- ^ This greps in the previous second run's output, NOT this first one's. #second run. use all MY prefs mv -f ~/.spamassassin/user_prefss ~/.spamassassin/user_prefs grep -iv X-SPAM $1 | spamc $1.oo grep X-Spam $1.oo grep -A13 pts rule name $1.oo |grep -v \-\-\-\- -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On 10/8/10 3:26 PM, Dennis German wrote: First an overview: spamassassin 3.2.5; shared host ISP won't update spamassassin, setup is such that SCORE keyword in user_prefs is ignored. [snip]s after complaints of BLs and before HTML issues. Has anyone seen this behavior? as in: A) ISP's that won't update spamassassin? B) This behavior on YOUR specific ISP, with THEIR specific configuration? Its kinda like saying you use a phone provider that you don't like and sometimes it echos and asking if anyone else has echos. If the ISP isn't set up right, and won't let you use user-prefs, there is no telling what else they did. I suppose you can't post the spamd options they use when they start SA? what about the contents of the ../share/mail/spamassassin directory? the default local.cf? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: spamc sometimes complains MISSING_MID sometimes not with same message
On Fri, 8 Oct 2010, Dennis German wrote: spamassassin 3.2.5; shared host ISP won't update spamassassin, setup is such that SCORE keyword in user_prefs is ignored. ISP will neither include add_header all report _REPORT_ nor add_header all testscores _TESTSSCORES(,) Bummer. Today I ran a particular message and the first run included: 0.0 MISSING_MIDMissing Message-Id: header in the report. The second run did not mention MISSING_MID. And the message did not change between runs? If you can figure it out, how is SA glued onto the MTA? One possible course of action might be to install the current SA locally under your account and run your mail through that for scoring (i.e. ignore the results of the ISP's scan). Whether that's an option depends on how the ISP has SA glued into the MTA and how they handle delivery of high-scoring messages. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The difference is that Unix has had thirty years of technical types demanding basic functionality of it. And the Macintosh has had fifteen years of interface fascist users shaping its progress. Windows has the hairpin turns of the Microsoft marketing machine and that's all.-- Red Drag Diva --- 70 days until TRON Legacy