RE: Rules always triggering.
Just a wild stab here, run a lint check on all your rules. I once fat fingered a rule in my local.cf file and got similar hit results as you are describing here. -Original Message- From: Daniel Staal [mailto:[EMAIL PROTECTED] Sent: Friday, January 12, 2007 9:05 PM To: Users-Spamassassin Subject: Re: Rules always triggering. --As of January 12, 2007 7:08:18 PM -0600, Shane Williams is alleged to have said: System is Darwin, running Postfix. The sign-up message for this list got those rules triggered. (_Everything_ triggers them.) This is just a guess, but is it possible that OS X's use of carriage returns is making the message look to spamassassin as if it's a single line of text? --As for the rest, it is mine. I said Darwin, not OS X, though I recognize it is a small distinction. ;) The mail files are all saved to my Maildir folders with unix line endings. In general Darwin handles files in the format it receives them, and unix-tools create unix-files. ...But it does raise the question of what _Perl_ thinks the line endings is... Hmm. Daniel T. Staal
RE: Rules always triggering.
--As of January 13, 2007 7:17:46 AM -0500, Dave Koontz is alleged to have said: Just a wild stab here, run a lint check on all your rules. I once fat fingered a rule in my local.cf file and got similar hit results as you are describing here. --As for the rest, it is mine. I fixed a couple of things, but the issue is still there. Current lint output: [24241] warn: config: failed to parse line, skipping: auto_learn 1 [24241] warn: config: failed to parse line, skipping: safe_reporting 0 [24241] warn: config: failed to parse line, skipping: use_terse_report 0 [24241] warn: config: failed to parse line, skipping: subject_tag *** Warning: Junk Mail *** [24241] warn: config: failed to parse line, skipping: rewrite_subject 0 [24241] warn: config: warning: score set for non-existent rule FAKE_HELO_YAHOO [24241] warn: config: warning: score set for non-existent rule HABEAS_SWE [24241] warn: config: warning: score set for non-existent rule FAKE_HELO_USA_NET [24241] warn: lint: 8 issues detected, please rerun with debug enabled for more information (Yes, I've built this config over a long period of time...) I'm liking the idea that this is an issue with Perl on Darwin expecting a different line ending. I just need to figure out how to _verify_ that. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
Re: Rules always triggering.
Daniel Staal wrote: --As of January 13, 2007 7:17:46 AM -0500, Dave Koontz is alleged to have said: Just a wild stab here, run a lint check on all your rules. I once fat fingered a rule in my local.cf file and got similar hit results as you are describing here. --As for the rest, it is mine. I fixed a couple of things, but the issue is still there. Current lint output: [24241] warn: config: failed to parse line, skipping: auto_learn 1 Changed to bayes_auto_learn in sa 2.60 [24241] warn: config: failed to parse line, skipping: safe_reporting 0 Erm, it's report_safe.. not safe_reporting. That's never been valid. [24241] warn: config: failed to parse line, skipping: use_terse_report 0 use_terse_report became irrelevant in 2.60 with the template commands. delete it. [24241] warn: config: failed to parse line, skipping: subject_tag *** Warning: Junk Mail *** [24241] warn: config: failed to parse line, skipping: rewrite_subject 0 subject_tag and rewrite_subject were replaced with rewrite_header in SA 3.0.0 [24241] warn: config: warning: score set for non-existent rule FAKE_HELO_YAHOO [24241] warn: config: warning: score set for non-existent rule HABEAS_SWE [24241] warn: config: warning: score set for non-existent rule FAKE_HELO_USA_NET Those are all old dead rules you probably set score over-rides for.
Rules always triggering.
Just wondering if anyone else is having the rules 'MISSING_SUBJECT,NO_RECEIVED,TO_CC_NONE' _always_ trigger? (That is, for every single message that comes through my system, regardless of anything else.) I've set them to score at zero, but I assume they are supposed to check for some specific condition... Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
Re: Rules always triggering.
On Fri, Jan 12, 2007 at 02:14:31PM -0500, Daniel T. Staal wrote: Just wondering if anyone else is having the rules 'MISSING_SUBJECT,NO_RECEIVED,TO_CC_NONE' _always_ trigger? (That is, for every single message that comes through my system, regardless of anything else.) I've set them to score at zero, but I assume they are supposed to check for some specific condition... It sounds like the mails you're sending to SA have no headers, or perhaps are malformed such that they look like they have no headers. -- Randomly Selected Tagline: A dead man cannot bite. -- Gnaeus Pompeius (Pompey) pgpkSU5BGPAIg.pgp Description: PGP signature
Re: Rules always triggering.
On Fri, January 12, 2007 2:34 pm, Theo Van Dinter said: On Fri, Jan 12, 2007 at 02:14:31PM -0500, Daniel T. Staal wrote: Just wondering if anyone else is having the rules 'MISSING_SUBJECT,NO_RECEIVED,TO_CC_NONE' _always_ trigger? (That is, for every single message that comes through my system, regardless of anything else.) I've set them to score at zero, but I assume they are supposed to check for some specific condition... It sounds like the mails you're sending to SA have no headers, or perhaps are malformed such that they look like they have no headers. I am scanning mail via a procmail recipe, and I scan most of the mail that comes to me. (I skip scanning of mail known to have viri, or that comes from a mailing list from whom I've never received spam. All else gets scanned.) System is Darwin, running Postfix. The sign-up message for this list got those rules triggered. (_Everything_ triggers them.) Anything in that configuration that you can think of that would mess up those headers? I can post a set if you would like. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
Re: Rules always triggering.
On Fri, 12 Jan 2007, Daniel T. Staal wrote: I am scanning mail via a procmail recipe Anything in that configuration that you can think of that would mess up those headers? I can post a set if you would like. There are procmail flags that allow passing only the message body text to the filter program. What's the procmail rule that you're using to call spamc? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A weapons registration phase ... 4) allows for a degree of control to be exercised during the collection phase; 5) assists in the planning of the collection phase; ... -- the UN, who doesn't want to confiscate guns --- 5 days until Benjamin Franklin's 301st Birthday
Re: Rules always triggering.
--As of January 12, 2007 12:40:00 PM -0800, John D. Hardin is alleged to have said: On Fri, 12 Jan 2007, Daniel T. Staal wrote: I am scanning mail via a procmail recipe Anything in that configuration that you can think of that would mess up those headers? I can post a set if you would like. There are procmail flags that allow passing only the message body text to the filter program. What's the procmail rule that you're using to call spamc? --As for the rest, it is mine. :0fw | spamc Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
Re: Rules always triggering.
On Fri, 12 Jan 2007, Daniel T. Staal wrote: On Fri, January 12, 2007 2:34 pm, Theo Van Dinter said: On Fri, Jan 12, 2007 at 02:14:31PM -0500, Daniel T. Staal wrote: Just wondering if anyone else is having the rules 'MISSING_SUBJECT,NO_RECEIVED,TO_CC_NONE' _always_ trigger? (That is, for every single message that comes through my system, regardless of anything else.) I've set them to score at zero, but I assume they are supposed to check for some specific condition... It sounds like the mails you're sending to SA have no headers, or perhaps are malformed such that they look like they have no headers. I am scanning mail via a procmail recipe, and I scan most of the mail that comes to me. (I skip scanning of mail known to have viri, or that comes from a mailing list from whom I've never received spam. All else gets scanned.) System is Darwin, running Postfix. The sign-up message for this list got those rules triggered. (_Everything_ triggers them.) This is just a guess, but is it possible that OS X's use of carriage returns is making the message look to spamassassin as if it's a single line of text? -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Rules always triggering.
--As of January 12, 2007 7:08:18 PM -0600, Shane Williams is alleged to have said: System is Darwin, running Postfix. The sign-up message for this list got those rules triggered. (_Everything_ triggers them.) This is just a guess, but is it possible that OS X's use of carriage returns is making the message look to spamassassin as if it's a single line of text? --As for the rest, it is mine. I said Darwin, not OS X, though I recognize it is a small distinction. ;) The mail files are all saved to my Maildir folders with unix line endings. In general Darwin handles files in the format it receives them, and unix-tools create unix-files. ...But it does raise the question of what _Perl_ thinks the line endings is... Hmm. Daniel T. Staal --- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---
