Re: USER_IN_WHITELIST Not Scoring
On Fri, 2009-07-10 at 15:30 -0700, an anonymous Nabble user wrote:
> Thanks Karsten.
So it actually was a typo preventing the whitelist option from working?
> myphonydomain.com is just that, phony :-). I am using it in lieu of my real
> domain.
So I figured. Bad idea nonetheless, makes debugging harder.
> Karsten Bräckelmann wrote:
> > Err... Since these do match, and you claimed to have restarted SA since
> > the conf change, my conclusion is you have a typo somewhere. After all,
> > neither your local.cf nor these headers appear to be raw and un-munged.
> >
> > $ host myphonydomain.com
> > Host myphonydomain.com not found: 3(NXDOMAIN)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: USER_IN_WHITELIST Not Scoring
On Fri, 10 Jul 2009, boogybren wrote: Thanks Karsten. myphonydomain.com is just that, phony :-). I am using it in lieu of my real domain. The "example.com" domain is explicitly reserved for that purpose. If you use example.com in the future, people will know that you are sanitizing your headers. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If "healthcare is a Right" means that the government is obligated to provide the people with hospitals, physicians, treatments and medications at low or no cost, then the right to free speech means the government is obligated to provide the people with printing presses and public address systems, the right to freedom of religion means the government is obligated to build churches for the people, and the right to keep and bear arms means the government is obligated to provide the people with guns, all at low or no cost. --- 10 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: USER_IN_WHITELIST Not Scoring
Thanks Karsten.
myphonydomain.com is just that, phony :-). I am using it in lieu of my real
domain.
Karsten Bräckelmann-2 wrote:
>
> On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote:
>> Here are the headers:
>>
>> Return-Path:
>> X-Spam-Tests:
>> * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
>> * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
>> * [score: 0.]
>> * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
>> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
>> myphonydomain.com
>> X-Spam-Level:
>> X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,BAYES_00,
>> TVD_SPACE_RATIO autolearn=disabled version=3.2.5
> [...]
>> From: Charlie Root
>
>> > whitelist_from r...@myphonydomain.com
>
> Err... Since these do match, and you claimed to have restarted SA since
> the conf change, my conclusion is you have a typo somewhere. After all,
> neither your local.cf nor these headers appear to be raw and un-munged.
>
> $ host myphonydomain.com
> Host myphonydomain.com not found: 3(NXDOMAIN)
>
>
> --
> char
> *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
>
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24435281.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: USER_IN_WHITELIST Not Scoring
On Fri, 2009-07-10 at 17:59 -0400, Jeff Mincy wrote:
>Don't use the un-constrained whitelist_from, unless as a last resort, if
>there's no other way and you cannot use the proper constrained ones,
>like whitelist_from_rcvd.
>
> A local root sender should be getting ALL_TRUSTED. whitelist_from_rcvd
> won't work on local email - you need at least one external hop to get the
> 'rcvd' part. You could write SpamAssassin rules to look for the messages,
Ah, you're right. That option requires handover from the Internet to the
*internal* network. Thanks, my bad.
> but you probably don't want to AUTOLEARN the messages since any tokens in
> the email are probably spam hosts. As pointed out earlier, this type of
> email should bypass SpamAssassin in procmail (etc).
Agreed, see my notes on that. :)
>Anyway, no sample -- no way to point out your issue. Do paste at least
>the headers of such a mail.
>
> Yep.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: USER_IN_WHITELIST Not Scoring
On Fri, 2009-07-10 at 14:53 -0700, an anonymous Nabble user wrote:
> Here are the headers:
>
> Return-Path:
> X-Spam-Tests:
> * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
> * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
> * [score: 0.]
> * 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mcewan.net
> X-Spam-Level:
> X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,BAYES_00,
> TVD_SPACE_RATIO autolearn=disabled version=3.2.5
[...]
> From: Charlie Root
> > whitelist_from r...@myphonydomain.com
Err... Since these do match, and you claimed to have restarted SA since
the conf change, my conclusion is you have a typo somewhere. After all,
neither your local.cf nor these headers appear to be raw and un-munged.
$ host myphonydomain.com
Host myphonydomain.com not found: 3(NXDOMAIN)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: USER_IN_WHITELIST Not Scoring
From: Karsten Bräckelmann Date: Fri, 10 Jul 2009 23:43:03 +0200 On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote: > My local root user sends me nightly emails with mail/spam statistics and > information. Because of the spam information contained in the email, it > sometimes flagged as spam itself. > > In my local.cf, I have put the root user's email address in the > whitelist_from line, however whenever I send an email as the root user to my > legitimate email account, it is not getting scored. whitelist_from r...@myphonydomain.com Don't use the un-constrained whitelist_from, unless as a last resort, if there's no other way and you cannot use the proper constrained ones, like whitelist_from_rcvd. A local root sender should be getting ALL_TRUSTED. whitelist_from_rcvd won't work on local email - you need at least one external hop to get the 'rcvd' part. You could write SpamAssassin rules to look for the messages, but you probably don't want to AUTOLEARN the messages since any tokens in the email are probably spam hosts. As pointed out earlier, this type of email should bypass SpamAssassin in procmail (etc). Anyway, no sample -- no way to point out your issue. Do paste at least the headers of such a mail. Yep. -jeff
Re: USER_IN_WHITELIST Not Scoring
Here are the headers:
Return-Path:
X-Spam-Tests:
* -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP
* -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.]
* 2.2 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mcewan.net
X-Spam-Level:
X-Spam-Status: No, score=-2.2 required=4.0 tests=ALL_TRUSTED,BAYES_00,
TVD_SPACE_RATIO autolearn=disabled version=3.2.5
X-Spam-Relay-Country:
Received: from myphonydomain.com (localhost [127.0.0.1])
by myphonydomain.com (8.13.6.20060614/8.13.6) with ESMTP id
n6ALprFc064402
for ; Fri, 10 Jul 2009 15:51:54 -0600 (MDT)
Received: from localhost (r...@localhost)
by mcewan.net (8.13.6.20060614/8.13.6/Submit) with ESMTP id
n6ALprfK064397
for ; Fri, 10 Jul 2009 15:51:53 -0600 (MDT)
Date: Fri, 10 Jul 2009 15:51:53 -0600 (MDT)
From: Charlie Root
To: Brenden McEwan
Subject: test message
Message-ID: <20090710155144.m85...@myphonydomain.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Karsten Bräckelmann-2 wrote:
>
> On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
>> My local root user sends me nightly emails with mail/spam statistics and
>> information. Because of the spam information contained in the email, it
>> sometimes flagged as spam itself.
>>
>> In my local.cf, I have put the root user's email address in the
>> whitelist_from line, however whenever I send an email as the root user to
>> my
>> legitimate email account, it is not getting scored.
>
> whitelist_from r...@myphonydomain.com
>
> Don't use the un-constrained whitelist_from, unless as a last resort, if
> there's no other way and you cannot use the proper constrained ones,
> like whitelist_from_rcvd.
>
> Anyway, no sample -- no way to point out your issue. Do paste at least
> the headers of such a mail.
>
>
> --
> char
> *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0;
> }}}
>
>
>
--
View this message in context:
http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24434950.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: USER_IN_WHITELIST Not Scoring
On Fri, 2009-07-10 at 11:30 -0700, John Hardin wrote:
> On Fri, 10 Jul 2009, an anonymous Nabble user wrote:
>
> > Am using procmail.
>
> Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA
> ruleset that skips mail originating from localhost. If you need help
> generalizing that for your situation, contact me offlist.
With procmail, you can trivially exonerate specific sender addresses
from scanning. Just add a condition like this to your spamc filtering
procmail recipe:
* ! ^From: f...@example.net
However, with IMAP and server-side procmail filtering I personally
strongly prefer to sort the cron crap into a dedicated folder, not
cluttering up my Inbox.
For that, just add a delivery recipe *before* scanning with SA. Like
this example.
:0 :
* ^From: @example.net \(Cron Daemon\)
* ^X-Cron-Env:
cron
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: USER_IN_WHITELIST Not Scoring
On Fri, 2009-07-10 at 06:53 -0700, an anonymous Nabble user wrote:
> My local root user sends me nightly emails with mail/spam statistics and
> information. Because of the spam information contained in the email, it
> sometimes flagged as spam itself.
>
> In my local.cf, I have put the root user's email address in the
> whitelist_from line, however whenever I send an email as the root user to my
> legitimate email account, it is not getting scored.
whitelist_from r...@myphonydomain.com
Don't use the un-constrained whitelist_from, unless as a last resort, if
there's no other way and you cannot use the proper constrained ones,
like whitelist_from_rcvd.
Anyway, no sample -- no way to point out your issue. Do paste at least
the headers of such a mail.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: USER_IN_WHITELIST Not Scoring
On Fri, 10 Jul 2009, boogybren wrote: Am using procmail. Take a look at http://www.impsec.org/~jhardin/antispam/ for a procmail SA ruleset that skips mail originating from localhost. If you need help generalizing that for your situation, contact me offlist. Also, try to stop top-posting. Thanks. John Hardin wrote: On Fri, 10 Jul 2009, boogybren wrote: I have been wanting to do something like that but haven't done the legwork to figure it out. I will certainly look up how to do this in sendmail. Do you have any suggestions? We also need to know how you're gluing SA into your mailer chain. Procmail? A milter of some sort? John Hardin wrote: On Fri, 10 Jul 2009, boogybren wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. I would suggest you look into MTA configs that will allow you to completely bypass SA on messages that originate from trusted hosts (e.g. localhost and your local network) and are destined for local recipients. Save the CPU cycles. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control laws cannot reduce violent crime, because gun control laws focus obsessively on a tool a criminal might use to commit a crime rather than the criminal himself and his act of violence. --- 10 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: USER_IN_WHITELIST Not Scoring
Am using procmail. John Hardin wrote: > > On Fri, 10 Jul 2009, boogybren wrote: > >> I have been wanting to do something like that but haven't done the >> legwork to figure it out. >> >> I will certainly look up how to do this in sendmail. Do you have any >> suggestions? > > We also need to know how you're gluing SA into your mailer chain. > Procmail? A milter of some sort? > >> John Hardin wrote: >>> >>> On Fri, 10 Jul 2009, boogybren wrote: >>> >>>> My local root user sends me nightly emails with mail/spam statistics >>>> and >>>> information. Because of the spam information contained in the email, >>>> it >>>> sometimes flagged as spam itself. >>> >>> I would suggest you look into MTA configs that will allow you to >>> completely bypass SA on messages that originate from trusted hosts (e.g. >>> localhost and your local network) and are destined for local recipients. >>> Save the CPU cycles. > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- >Gun Control laws cannot reduce violent crime, because gun control >laws focus obsessively on a tool a criminal might use to commit a >crime rather than the criminal himself and his act of violence. > ------- > 10 days until the 40th anniversary of Apollo 11 landing on the Moon > > -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432408.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: USER_IN_WHITELIST Not Scoring
On Fri, 10 Jul 2009, boogybren wrote: I have been wanting to do something like that but haven't done the legwork to figure it out. I will certainly look up how to do this in sendmail. Do you have any suggestions? We also need to know how you're gluing SA into your mailer chain. Procmail? A milter of some sort? John Hardin wrote: On Fri, 10 Jul 2009, boogybren wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. I would suggest you look into MTA configs that will allow you to completely bypass SA on messages that originate from trusted hosts (e.g. localhost and your local network) and are destined for local recipients. Save the CPU cycles. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control laws cannot reduce violent crime, because gun control laws focus obsessively on a tool a criminal might use to commit a crime rather than the criminal himself and his act of violence. --- 10 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: USER_IN_WHITELIST Not Scoring
I have been wanting to do something like that but haven't done the legwork to figure it out. I will certainly look up how to do this in sendmail. Do you have any suggestions? John Hardin wrote: > > On Fri, 10 Jul 2009, boogybren wrote: > >> My local root user sends me nightly emails with mail/spam statistics and >> information. Because of the spam information contained in the email, it >> sometimes flagged as spam itself. > > I would suggest you look into MTA configs that will allow you to > completely bypass SA on messages that originate from trusted hosts (e.g. > localhost and your local network) and are destined for local recipients. > Save the CPU cycles. > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- >The Constitution is a written instrument. As such its meaning does >not alter. That which it meant when adopted, it means now. > -- U.S. Supreme Court > SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905) > --- > 10 days until the 40th anniversary of Apollo 11 landing on the Moon > > -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24432060.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: USER_IN_WHITELIST Not Scoring
On Fri, 10 Jul 2009, boogybren wrote: My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. I would suggest you look into MTA configs that will allow you to completely bypass SA on messages that originate from trusted hosts (e.g. localhost and your local network) and are destined for local recipients. Save the CPU cycles. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The Constitution is a written instrument. As such its meaning does not alter. That which it meant when adopted, it means now. -- U.S. Supreme Court SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905) --- 10 days until the 40th anniversary of Apollo 11 landing on the Moon
Re: USER_IN_WHITELIST Not Scoring
Thanks Dan, indeed I have bounced the daemon after modifying the local.cf. Brenden Daniel Schaefer wrote: > > boogybren wrote: >> Any suggestions would be greatly appreciated. Attached is my local.cf >> > Simple solution, but you may not have tried it...restart spamassassin > > -- > Dan Schaefer > Application Developer > Performance Administration Corp. > > > -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24428665.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: USER_IN_WHITELIST Not Scoring
boogybren wrote: Any suggestions would be greatly appreciated. Attached is my local.cf Simple solution, but you may not have tried it...restart spamassassin -- Dan Schaefer Application Developer Performance Administration Corp.
USER_IN_WHITELIST Not Scoring
My local root user sends me nightly emails with mail/spam statistics and information. Because of the spam information contained in the email, it sometimes flagged as spam itself. In my local.cf, I have put the root user's email address in the whitelist_from line, however whenever I send an email as the root user to my legitimate email account, it is not getting scored. I have explicitly entered: score USER_IN_WHITELIST -100 in my local.cf. I have also disabled the AWL plugin. However, no matter what I do, it still won't score -100. The recipient's user_prefs is completely empty. Any suggestions would be greatly appreciated. Attached is my local.cf Best regards, Brenden http://www.nabble.com/file/p24428065/local.cf local.cf -- View this message in context: http://www.nabble.com/USER_IN_WHITELIST-Not-Scoring-tp24428065p24428065.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
