Re: Spammed by Non-delivery-report? (someone is using my email to spam)
On Friday 01 Sep 2006 10:23, Justin Mason wrote: There's also a very good ruleset I've been using for a while now, at http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/20_vbou nce.cf It catches almost all my unwanted bounces. Requires a little hand-editing before it'll work, though, which is why it's not yet part of the default distro (I hope to have that fixed for 3.2.0). I'm getting loads of failed delivery reports mainly from joe-jobbed emails purporting to have come from several of my domains so tried installing this. I'm running SpamAssassin (3.1.7) via amavisd-new (2.4.3) on a Mandrake box. I've checked the debug log and it seems to be loading the plugin OK: [16989] dbg: config: using /etc/mail/spamassassin for site rules dir [16989] dbg: config: read file /etc/mail/spamassassin/20_vbounce.cf [16989] dbg: config: read file /etc/mail/spamassassin/local.cf then I get: [16989] dbg: plugin: fixed relative path: /etc/mail/spamassassin/VBounce.pm [16989] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from /etc/mail/spamassassin/VBounce.pm [16989] dbg: plugin: registered Mail::SpamAssassin::Plugin::VBounce=HASH(0x8e433ec) which again looks OK, but later I get: [16989] dbg: rules: no method found for eval test have_any_bounce_relays rules: failed to run __HAVE_BOUNCE_RELAYS test, skipping: (Can't locate object method have_any_bounce_relays via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 2638.) Can anyone point me in the right direction please? -- Regards, Bob
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
Bob Mortimer writes: On Friday 01 Sep 2006 10:23, Justin Mason wrote: There's also a very good ruleset I've been using for a while now, at http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/20_vbou nce.cf It catches almost all my unwanted bounces. Requires a little hand-editing before it'll work, though, which is why it's not yet part of the default distro (I hope to have that fixed for 3.2.0). I'm getting loads of failed delivery reports mainly from joe-jobbed emails purporting to have come from several of my domains so tried installing this. I'm running SpamAssassin (3.1.7) via amavisd-new (2.4.3) on a Mandrake box. I've checked the debug log and it seems to be loading the plugin OK: [16989] dbg: config: using /etc/mail/spamassassin for site rules dir [16989] dbg: config: read file /etc/mail/spamassassin/20_vbounce.cf [16989] dbg: config: read file /etc/mail/spamassassin/local.cf then I get: [16989] dbg: plugin: fixed relative path: /etc/mail/spamassassin/VBounce.pm [16989] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from /etc/mail/spamassassin/VBounce.pm [16989] dbg: plugin: registered Mail::SpamAssassin::Plugin::VBounce=HASH(0x8e433ec) which again looks OK, but later I get: [16989] dbg: rules: no method found for eval test have_any_bounce_relays rules: failed to run __HAVE_BOUNCE_RELAYS test, skipping: (Can't locate object method have_any_bounce_relays via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 2638.) Can anyone point me in the right direction please? that sounds like the plugin .pm file didn't load correctly. Can you check to ensure you have the most recent version (of both .pm and .cf)? And post the entire debug log of spamassassin -D --lint? --j.
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
I copied the VBounce.pm and 20_vbounce.cf from the rulesrc SVN repository,
path sandbox/jm, into my 3.1.x rules dir, then modified the code for
have_any_bounce_relays() to output a warning; sure enough, running
spamassassin --lint output it just fine.
It really seems likely that the .pm and .cf are not in sync; if the .pm
file was older than the .cf, that would cause this.
--j.
Bob Mortimer writes:
On Friday 13 Oct 2006 15:32, Justin Mason wrote:
that sounds like the plugin .pm file didn't load correctly.
Can you check to ensure you have the most recent version (of both
.pm and .cf)? And post the entire debug log of spamassassin -D --lint?
Thanks Justin, I only downloaded the .pm and .cf recently but ISTR I had to
grub around a bit to find the .pm
Debug log posted below:
[EMAIL PROTECTED] ]# spamassassin -D --lint
[19368] dbg: logger: adding facilities: all
[19368] dbg: logger: logging level is DBG
[19368] dbg: generic: SpamAssassin version 3.1.7
[19368] dbg: config: score set 0 chosen.
[19368] dbg: util: running in taint mode? yes
[19368] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[19368] dbg: util: PATH included '/sbin', keeping
[19368] dbg: util: PATH included '/usr/sbin', keeping
[19368] dbg: util: PATH included '/bin', keeping
[19368] dbg: util: PATH included '/usr/bin', keeping
[19368] dbg: util: PATH included '/usr/X11R6/bin', keeping
[19368] dbg: util: PATH included '/usr/local/bin', keeping
[19368] dbg: util: PATH included '/usr/local/sbin', keeping
[19368] dbg: util: final PATH set
to:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
[19368] dbg: message: MIME PARSER START
[19368] dbg: message: main message type: text/plain
[19368] dbg: message: parsing normal part
[19368] dbg: message: added part, type: text/plain
[19368] dbg: message: MIME PARSER END
[19368] dbg: dns: is Net::DNS::Resolver available? yes
[19368] dbg: dns: Net::DNS version: 0.52
[19368] dbg: diag: perl platform: 5.008007 linux
[19368] dbg: diag: module installed: Digest::SHA1, version 2.10
[19368] dbg: diag: module installed: MIME::Base64, version 3.05
[19368] dbg: diag: module installed: HTML::Parser, version 3.45
[19368] dbg: diag: module installed: DB_File, version 1.811
[19368] dbg: diag: module installed: Net::DNS, version 0.52
[19368] dbg: diag: module installed: Net::SMTP, version 2.29
[19368] dbg: diag: module installed: Mail::SPF::Query, version 1.997
[19368] dbg: diag: module installed: IP::Country::Fast, version 309.002
[19368] dbg: diag: module installed: Razor2::Client::Agent, version 2.77
[19368] dbg: diag: module not installed: Net::Ident ('require' failed)
[19368] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[19368] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[19368] dbg: diag: module installed: Time::HiRes, version 1.68
[19368] dbg: diag: module installed: DBI, version 1.48
[19368] dbg: diag: module installed: Getopt::Long, version 2.34
[19368] dbg: diag: module installed: LWP::UserAgent, version 2.033
[19368] dbg: diag: module installed: HTTP::Date, version 1.46
[19368] dbg: diag: module installed: Archive::Tar, version 1.26
[19368] dbg: diag: module installed: IO::Zlib, version 1.04
[19368] dbg: ignore: using a test message to lint rules
[19368] dbg: config: using /etc/mail/spamassassin for site rules pre files
[19368] dbg: config: read file /etc/mail/spamassassin/init.pre
[19368] dbg: config: read file /etc/mail/spamassassin/v310.pre
[19368] dbg: config: read file /etc/mail/spamassassin/v312.pre
[19368] dbg: config: using /usr/share/spamassassin for sys rules pre files
[19368] dbg: config: using /usr/share/spamassassin for default rules dir
[19368] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[19368] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[19368] dbg: config: read file
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
On Friday 13 Oct 2006 17:55, Justin Mason wrote: I copied the VBounce.pm and 20_vbounce.cf from the rulesrc SVN repository, path sandbox/jm, into my 3.1.x rules dir, then modified the code for have_any_bounce_relays() to output a warning; sure enough, running spamassassin --lint output it just fine. Sorry if I'm being a bit dim Justin but I redownloaded both files and copied them into /etc/mail/spamassassin and I'm still getting this: [22723] dbg: rules: no method found for eval test have_any_bounce_relays [22723] warn: rules: failed to run __HAVE_BOUNCE_RELAYS test, skipping: [22723] warn: (Can't locate object method have_any_bounce_relays via package Mail::SpamAssassin::PerMsgStatus at /usr/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/PerMsgStatus.pm line 2638. [22723] warn: ) -- Regards, Bob
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
: On Fri, 1 Sep 2006, Christian Purnomo wrote: : : I am having so much trouble at present that some people are using my : email address to send their spam messages, in return I get hundreds and : hundres of non-delivery email + other misc reply such as out of office. Thanks All who have responded to my initial inquiry. I have implemented openspf and it looks it has dropped the number of bounces significantly. There are still a few coming through, is there any other methods that I can use to clean up the uncaught mess? Justin has recommended http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf which sounds reasonable to me. Thanks Christian
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
Rick Macdougall writes: John D. Hardin wrote: On Fri, 1 Sep 2006, Christian Purnomo wrote: I am having so much trouble at present that some people are using my email address to send their spam messages, in return I get hundreds and hundres of non-delivery email + other misc reply such as out of office. Good luck Christian, if you want some regex's to use to reject mail bounces I have a whack of them for use with qmail/simscan but they should be easily adaptable to other setups. There's also a very good ruleset I've been using for a while now, at http://svn.apache.org/repos/asf/spamassassin/rules/trunk/sandbox/jm/20_vbounce.cf It catches almost all my unwanted bounces. Requires a little hand-editing before it'll work, though, which is why it's not yet part of the default distro (I hope to have that fixed for 3.2.0). The problem is still volume, though -- if a spammer uses *just* your address on a large spam run, the massive volume of incoming bounces will quickly overwhelm most small mailserver setups. :( --j.
Spammed by Non-delivery-report? (someone is using my email to spam)
Hi Gurus, I am having so much trouble at present that some people are using my email address to send their spam messages, in return I get hundreds and hundres of non-delivery email + other misc reply such as out of office. How would I be able to use spamassassin to help me with this? would sa-learn be the most efficient way? I can think of using procmail to filter them into a seperate mailbox, but the mail headers all very random. Your help would be much appreciated. Cheers Christian
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
On Fri, 1 Sep 2006, Christian Purnomo wrote: I am having so much trouble at present that some people are using my email address to send their spam messages, in return I get hundreds and hundres of non-delivery email + other misc reply such as out of office. The first thing you should consider, if you have control over the DNS for cpurn.net, is to publish an SPF record for your domain. It will cut down on the size of the problem somewhat. See http://www.openspf.org/ -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- It may be possible to start a programme of weapon registration as a first step towards the physical collection phase. ... Assurances must be provided, and met, that the process of registration will not lead to immediate weapons seizures by security forces. -- the UN, who doesn't want to confiscate guns --- 19 days until Talk Like a Pirate day
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
On 31-Aug-06, at 7:18 PM, Christian Purnomo wrote: Hi Gurus, I am having so much trouble at present that some people are using my email address to send their spam messages, in return I get hundreds and hundres of non-delivery email + other misc reply such as out of office. How would I be able to use spamassassin to help me with this? would sa-learn be the most efficient way? I can think of using procmail to filter them into a seperate mailbox, but the mail headers all very random. Your help would be much appreciated. Sorry, correction to URL. http://www.openspf.org -- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740 smime.p7s Description: S/MIME cryptographic signature
Re: Spammed by Non-delivery-report? (someone is using my email to spam)
John D. Hardin wrote: On Fri, 1 Sep 2006, Christian Purnomo wrote: I am having so much trouble at present that some people are using my email address to send their spam messages, in return I get hundreds and hundres of non-delivery email + other misc reply such as out of office. The first thing you should consider, if you have control over the DNS for cpurn.net, is to publish an SPF record for your domain. It will cut down on the size of the problem somewhat. See http://www.openspf.org/ If by somewhat you mean by one or two emails a day, you are correct. The admins running accept and bounce later servers are clueless and have probably never even heard of SPF. I'll just let you know that I know this for a fact because my personal domain was used about 6 month's ago by some spammer and I was getting millions of bounce backs a day (at the peak there were 500K an hour). I finally had to just shut the domain down for 2 months or so until it abated. It had SPF records from day one, with a hard fail. Good luck Christian, if you want some regex's to use to reject mail bounces I have a whack of them for use with qmail/simscan but they should be easily adaptable to other setups. Regards, Rick
