Re: White listing messages processed by a previous milter

[Matus UHLAR - fantomas]

On 27.06.20 00:46, Marc Roos wrote:

What would be the best practice to whitelist / not process, messages
that have already been processed by a previous milter.



Maybe set a message header and whitelist on this message header?


I would not trust such header.

but I maintain a few postfix configurations where port 25 (smtp from the
world) is handled by milter and other ports are handled by content filters.
this is of course a MTA configuration issue.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The only substitute for good manners is fast reflexes.

Re: White listing messages processed by a previous milter

[Martin Gregorie]

On Sat, 2020-06-27 at 00:46 +0200, Marc Roos wrote:
> 
> What would be the best practice to whitelist / not process, messages 
> that have already been processed by a previous milter. 
> 
If you've already whitelisted a message and want it to bypass SA, then
you will, by definition, have total confidence that your milter does not
generate FPs or FNs. In that case, why pass it through SA when it would
be much simpler for the milter to pass it directly to your MTA for
delivery without any further processing?

I've been doing the opposite for years: in my case getmail collects
incoming mail and passes it through SA, which sends it to a
discrimination program which quarantines spam and passes non-spam to my
internal MTA for delivery. After tuning SA to deal with my particular
incoming mail stream, this has very few FNs or FPs (which are
retrievable from quarantine).

This works for my low volume mail stream: there's no reason why higher
volume sites shouldn't use a full-monty MTA to feed the incoming stream
through SA and a spam discriminator before passing the clean stream to a
second MTA for delivery. 

Martin

Re: White listing messages processed by a previous milter

[Grant Taylor]

On 6/26/20 4:46 PM, Marc Roos wrote:

What would be the best practice to whitelist / not process, messages
that have already been processed by a previous milter.


I'm confused.  My knee jerk reaction is that's an MTA configuration 
issue.  But I don't think it can be that simple.  I can't think of a 
situation where the MTA would behave differently (under normal 
circumstances).  I would expect that messages coming in a path would 
always flow through the same set of milters.  Hence configuration issue. 
 But, maybe you're in a situation where messages make it to a mailbox 
through different paths and the LDA is invoking SpamAssassin.


Please help me understand the situation that you're asking about.

The only thing that comes to mind is to do something similar to what 
you're saying, add an artificial header before SpamAssassin, that you 
can have SpamAssassin filter on.  Then artificially lower the spam 
score, or see if there is a way to have SpamAssassin end early without 
any additional filtering.


Normal circumstances allows for situations where a milter earlier in the 
chain might fail open.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

White listing messages processed by a previous milter

[Marc Roos]

What would be the best practice to whitelist / not process, messages 
that have already been processed by a previous milter. 

Maybe set a message header and whitelist on this message header?

Re: White listing this mailing list.

[Kris Deugau]

RW wrote:

On Thu, 19 Dec 2019 18:01:37 +0200
Henrik K wrote:


But if one wanted to check the forwarders after hermes.apache.org
properly, it would make more sense to add it in internal_networks,
since practicall it acts as the outer MX for you.  That would enable
proper blacklist checks too.


Mostly that's the best thing to do, but there can be cases where it's
not possible to distinguish between an MX handover and submission into
the third-party network. In that case it may be better to avoid the
risk of running last-external checks on mail clients.


I take a more restrictive interpretation of the SA trust path settings.

- msa_networks is our mail servers that accept mail submissions from our 
customers.
- internal_networks adds the rest of our core mail-handling servers - 
note, not all of our servers!
- trusted_networks adds the rest of our core server network and a 
splattering of third party mail hosting systems that our customers have 
domain mail with, forwarded to their ISP mailbox with us.  I've also 
included a couple of outbound-filtering mail clusters, so that DNSBL 
checks look at the actual sender's mail system, not the filtering platform.


The domain-forwarder IP list is hardly exhaustive;  just IPs for those 
customers who have reported FPs or FNs to us and I've seen enough 
samples to spot the forwarder.


It's been working well for us, and I can use -lastexternal or 
-firsttrusted to tweak the semantics of which relay handover a DNSBL 
lookup inspects.


Adding too many systems to trusted_networks means you end up checking a 
lot of end-user mail-submitting IPs on things like the Spamhaus PBL.


Aside from the outbound-filtering platforms, the relationship I feel 
should be targeted with the trust path settings is where the sender's 
mail system hands the message over to the primary recipient's system. 
So adding the Apache listserv is wrong, because messages sent through 
the list are sent to *the list*, and then from the list *to each of us*.


(All that said, I happen to skip SA entirely for this and most other 
lists, with procmail recipies that file listmail in the appropriate 
folder based on List-Id or some other suitable header, ahead of the 
procmail recipe that calls SA.)


-kgd

Re: White listing this mailing list.

[RW]

On Thu, 19 Dec 2019 18:01:37 +0200
Henrik K wrote:

> But if one wanted to check the forwarders after hermes.apache.org
> properly, it would make more sense to add it in internal_networks,
> since practicall it acts as the outer MX for you.  That would enable
> proper blacklist checks too.

Mostly that's the best thing to do, but there can be cases where it's
not possible to distinguish between an MX handover and submission into
the third-party network. In that case it may be better to avoid the
risk of running last-external checks on mail clients.

Re: White listing this mailing list.

[Benny Pedersen]

On 2019-12-19 17:04, Henrik K wrote:

Thinking about it more, atleast SPF would break, so not the best idea.. 
:-)


X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on 
localhost.junc.eu
X-Spam-Status: No, score=-10.2, required=5.0, Autolearn=ham 
autolearn_force=no,

 LastExt=207.244.88.153
X-Spam-Rules_score: DKIM_SIGNED=-0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
HEADER_FROM_DIFFERENT_DOMAINS=0.25,MAILING_LIST_MULTI=-3.1,
RCVD_IN_DNSWL_NONE=-0.1,SPF_HELO_NONE=1.2,SPF_PASS=-0.001,TXREP=0.401,
USER_IN_DEF_SPF_WL=-7.5,USER_IN_WHITELIST=-1
X-Spam-Rules_token:
X-Spam-Flag: No
X-Spam-dcc_result: mx 1480; Body=3 Fuz1=3 Fuz2=3
X-Spam-Uri-Domains-Ham: hege.li
X-Spam-ASN: AS30633 207.244.64.0/18

i see no problem :)

Re: White listing this mailing list.

[Henrik K]

On Thu, Dec 19, 2019 at 06:01:37PM +0200, Henrik K wrote:
> 
> But if one wanted to check the forwarders after hermes.apache.org properly,
> it would make more sense to add it in internal_networks, since practicall it
> acts as the outer MX for you.  That would enable proper blacklist checks
> too.

Thinking about it more, atleast SPF would break, so not the best idea.. :-)

Re: White listing this mailing list.

[Henrik K]

On Thu, Dec 19, 2019 at 02:58:42PM +, RW wrote:
> 
> Because the trusted network outside of the internal network is trusted
> not to be under the control of a spammer, but you can't generally
> trust what's relayed through it. Forwarders that are listed at
> all usually have a low level of trust, often lower than the trust
> of the last external.

But there might not be a "forwarder" (originating mail server) in the chain. 
For that reason, trusted_networks usage is quite vague (not to mention all
that documentation about "not spammer controlled, yadda yadda" which doesn't
actually tell when and why one is supposed to use it).

As an example, I might add hermes.apache.org to trusted_networks, to exclude
it's IP from blacklist checks.  Along with perhaps some other IPs to hit
ALL_TRUSTED for whitelisting purposes.  I can't think of any other reason to
use trusted_networks for third party networks?

The above doesn't imply that I want to check DNSWL for some random
"forwarder" down the chain, which might not even be there.  Or if there is
one, it might have lower or non-existing DNSWL score like you mentioned. 
Then again, it might have a better DNSWL score.  So actually we should query
both lastexternal and firsttrusted, so both have a chance of hitting DNSWL.

But if one wanted to check the forwarders after hermes.apache.org properly,
it would make more sense to add it in internal_networks, since practicall it
acts as the outer MX for you.  That would enable proper blacklist checks
too.

> What  surprises me is that a list server is in  RCVD_IN_DNSWL_HI which
> I'd expect to be dominated by transactional mail. 

What's strange about it?  It rarely passes through spam (atleast for me) and
is properly maintained.  Isn't it all about the ham/spam ratio that's seen
originating from that IP?

Re: White listing this mailing list.

[RW]

Sorry, sent the previous one accidently.

On Thu, 19 Dec 2019 14:36:28 +
RW wrote:

> On Thu, 19 Dec 2019 12:49:34 +0200
> Henrik K wrote:
> 
> > On Thu, Dec 19, 2019 at 12:43:43PM +0200, Henrik K wrote:  
> > > 
> > > hermes.apache.org[207.244.88.153] which sends these list mails is
> > > also supposed to hit RCVD_IN_DNSWL_HI, not _NONE?  Your setup
> > > seems wonky.
> > 
> > Answering myself, DNSWL uses firsttrusted, so you've probably have
> > some Apache stuff in trusted_networks..
> > 
> > I'm kind of surprised that DNSWL is not using lastexternal.  

Because the trusted network outside of the internal network is trusted
not to be under the control of a spammer, but you can't generally
trust what's relayed through it. Forwarders that are listed at
all usually have a low level of trust, often lower than the trust
of the last external.

What  surprises me is that a list server is in  RCVD_IN_DNSWL_HI which
I'd expect to be dominated by transactional mail. 

Re: White listing this mailing list.

[Benny Pedersen]

Matus UHLAR - fantomas skrev den 2019-12-19 14:00:


not needed when you don't scan.

And I don't recommend training bayes with mailing list data, especially 
not

SA-users.


how to tell spamassassin that maillist should not be bayes learned when 
sa still is used on that maillists would be helpfull to all then


maybe tflags MAILLIST noautolearn

sorry have not tryed it yet since i see no point

Re: White listing this mailing list.

[RW]

On Thu, 19 Dec 2019 12:49:34 +0200
Henrik K wrote:

> On Thu, Dec 19, 2019 at 12:43:43PM +0200, Henrik K wrote:
> > 
> > hermes.apache.org[207.244.88.153] which sends these list mails is
> > also supposed to hit RCVD_IN_DNSWL_HI, not _NONE?  Your setup seems
> > wonky.  
> 
> Answering myself, DNSWL uses firsttrusted, so you've probably have
> some Apache stuff in trusted_networks..
> 
> I'm kind of surprised that DNSWL is not using lastexternal.


 

Re: White listing this mailing list.

[Matus UHLAR - fantomas]

Matus UHLAR - fantomas skrev den 2019-12-19 12:03:


one of ways is not to pass mail received from 207.244.88.153 to
spamassassin.


On 19.12.19 12:30, Benny Pedersen wrote:

loosing bayes ham training


not needed when you don't scan.

And I don't recommend training bayes with mailing list data, especially not
SA-users.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse

Re: White listing this mailing list.

[Benny Pedersen]

Matus UHLAR - fantomas skrev den 2019-12-19 12:03:


one of ways is not to pass mail received from 207.244.88.153 to
spamassassin.


loosing bayes ham training

Re: White listing this mailing list.

[Matus UHLAR - fantomas]

On 19.12.19 16:34, Philip wrote:

Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by
fantomas.fantomas.sk (8.15.2/8.15.2/Debian-14~deb10u1) with SMTP id
xBJ3YZWh032473 for ; Thu, 19 Dec 2019 04:34:44 +0100
To: users@spamassassin.apache.org
From: Philip 
Subject: White listing this mailing list.

How do I white list this mailing list for some reason all the messages 
are now going to spam.


one of ways is not to pass mail received from 207.244.88.153 to
spamassassin.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

Re: White listing this mailing list.

[Benny Pedersen]

Henrik K skrev den 2019-12-19 11:43:


or maybe just give more score negative to MAILING_LIST_MULTI ?


Normal SA rules will hit USER_IN_DEF_SPF_WL, due to "def_whitelist_auth
*@*.apache.org".  Have you cleared these or why is it not hitting for 
you?


if trusted_networks includes apache org ip ?


hermes.apache.org[207.244.88.153] which sends these list mails is also
supposed to hit RCVD_IN_DNSWL_HI, not _NONE?  Your setup seems wonky.


see above, i can live with the problem of not reject emails from 
maillists


postfix smtpd_milter_maps is nice with me

Re: White listing this mailing list.

[Henrik K]

On Thu, Dec 19, 2019 at 12:43:43PM +0200, Henrik K wrote:
> 
> hermes.apache.org[207.244.88.153] which sends these list mails is also
> supposed to hit RCVD_IN_DNSWL_HI, not _NONE?  Your setup seems wonky.

Answering myself, DNSWL uses firsttrusted, so you've probably have some
Apache stuff in trusted_networks..

I'm kind of surprised that DNSWL is not using lastexternal.

Re: White listing this mailing list.

[Henrik K]

On Thu, Dec 19, 2019 at 11:15:42AM +0100, Benny Pedersen wrote:
> Philip skrev den 2019-12-19 04:34:
> >How do I white list this mailing list for some reason all the messages
> >are now going to spam.
> 
> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on localhost.junc.eu
> X-Spam-Status: No, score=-2.0, required=5.0, Autolearn=no
> autolearn_force=no,
>   LastExt=207.244.88.153 Shortcircuit=no,none
> X-Spam-Rules_score: BAYES_00=-1.9,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,
>   DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_NONE=-0.0001,
>   SPF_HELO_NONE=1.1,SPF_PASS=-0.1
> X-Spam-Rules_token: Tokens: new, 63; hammy, 80; neutral, 64; spammy, 2.
> X-Spam-Flag: No
> X-Spam-dcc_result: linode 104; Body=3 Fuz1=3 Fuz2=3
> X-Spam-Relay-Country: US ** ** US ** ** NZ
> X-Spam-Uri-Domains-Ham: treads.nz
> X-Spam-ASN: AS30633 207.244.64.0/18
> 
> not so bad here
> 
> if you have dovecot with sieve make a maillist rule BEFORE one that puts
> mails in spam folder
> 
> or maybe just give more score negative to MAILING_LIST_MULTI ?

Normal SA rules will hit USER_IN_DEF_SPF_WL, due to "def_whitelist_auth
*@*.apache.org".  Have you cleared these or why is it not hitting for you?

hermes.apache.org[207.244.88.153] which sends these list mails is also
supposed to hit RCVD_IN_DNSWL_HI, not _NONE?  Your setup seems wonky.

Re: White listing this mailing list.

[Benny Pedersen]

Philip skrev den 2019-12-19 04:34:

How do I white list this mailing list for some reason all the messages
are now going to spam.


X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on 
localhost.junc.eu
X-Spam-Status: No, score=-2.0, required=5.0, Autolearn=no 
autolearn_force=no,

LastExt=207.244.88.153 Shortcircuit=no,none
X-Spam-Rules_score: BAYES_00=-1.9,DKIM_SIGNED=0.1,DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1,MAILING_LIST_MULTI=-1,RCVD_IN_DNSWL_NONE=-0.0001,
SPF_HELO_NONE=1.1,SPF_PASS=-0.1
X-Spam-Rules_token: Tokens: new, 63; hammy, 80; neutral, 64; spammy, 2.
X-Spam-Flag: No
X-Spam-dcc_result: linode 104; Body=3 Fuz1=3 Fuz2=3
X-Spam-Relay-Country: US ** ** US ** ** NZ
X-Spam-Uri-Domains-Ham: treads.nz
X-Spam-ASN: AS30633 207.244.64.0/18

not so bad here

if you have dovecot with sieve make a maillist rule BEFORE one that puts 
mails in spam folder


or maybe just give more score negative to MAILING_LIST_MULTI ?

Re: White listing this mailing list.

[Bill Cole]

On 18 Dec 2019, at 22:34, Philip wrote:

How do I white list this mailing list for some reason all the messages 
are now going to spam.


If you can whitelist on arbitrary headers:

   List-Id: 
   Delivered-To: mailing list users@spamassassin.apache.org

If you know what exactly is causing the "going to spam" problem, maybe 
you can fix that...


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)

White listing this mailing list.

[Philip]

How do I white list this mailing list for some reason all the messages 
are now going to spam.

How to know if TxRep is white listing out going email.

[Philip]

I've enabled outgoing white listing using the TxRep plugin is there a 
way to find out if outbound emails are actually being white listed? A 
log somewhere... a file being updated?


--
Phil

Re: Reduce filtering time by white-listing [Mail::SpamAssassin::Plugin::Shortcircuit]

[Kārlis Repsons]

On Thursday 07 July 2011 16:46:42 Andrzej Adam Filip wrote:
> Have you considered using Shortcircuit plugin?
>   Mail::SpamAssassin::Plugin::Shortcircuit
Partially I use it. I gave up for anything more than using it with 
whitelist_from.

Re: Reduce filtering time by white-listing

[John Hardin]

On Thu, 7 Jul 2011, Kārlis Repsons wrote:


On Thursday 07 July 2011 14:16:00 Axb wrote:

On 2011-07-07 16:10, Kārlis Repsons wrote:

If whitelist_auth, about 16 secs (hashes are still computed and
compared!).


I assume you're not using local resolver or you have a thin/throttled 
pipe (many DSL routers dislike UDP floods). That could explain those 16 
sec.


But I talk about smth else: why are hashes still computed... I've 
whitelist_auth-ed an address, but anyway...


You're misunderstanding what whitelisting does in SA. All it does is add a 
large negative score component to the message's overall score. A 
whitelisted sender _could_ still send spam if, for instance, their account 
got cracked.


If you want to reduce scanning time you can do two things:

(1) Investigate short circuiting
   http://wiki.apache.org/spamassassin/ShortcircuitingRuleset

(2) Whitelist correspondents in your MTA, so that those messages don't get 
passed into SA in the first place. How you do that depends on your MTA and 
your glue.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  My sidearm is a piece of emergency equipment. It absolutely must
  be reliable, not "smart".
---
 Today: Robert Heinlein's 104th birthday

Re: Reduce filtering time by white-listing [Mail::SpamAssassin::Plugin::Shortcircuit]

[Andrzej Adam Filip]

Kārlis Repsons  wrote:
> as per my current SA setup it takes quite a while until all tests are
> over and the mail is delivered. Thus it seemed necessary to do some
> white-listing to save time. The problem is: even though an address is
> white-listed with "whitelist_from", still DNS lookups are done, hashes
> are computed and so it takes just about the same time as before... How
> can it be achieved that for a whitelisted address only autolearn
> happens? Then it would be desirable to experiment with whitelist_auth,
> which too should introduce no more than some short network tests...
> Does what I desire seem as what can be achieved? Or maybe I got
> something wrong? Please let me know...

Have you considered using Shortcircuit plugin?
  Mail::SpamAssassin::Plugin::Shortcircuit
IMHO it should be capable to deliver what you want.

-- 
[pl>en: Andrew] Andrzej Adam Filip : a...@onet.eu
Real wealth can only increase.
  -- R. Buckminster Fuller

Re: Reduce filtering time by white-listing

[Axb]

On 2011-07-07 16:39, Kārlis Repsons wrote:

On Thursday 07 July 2011 14:16:00 Axb wrote:

On 2011-07-07 16:10, Kārlis Repsons wrote:

If whitelist_auth, about 16 secs
(hashes are still computed and compared!).


I assume you're not using local resolver or you have  a thin/throttled
pipe (many DSL routers dislike UDP floods).
That could explain those 16 sec.


But I talk about smth else: why are hashes still computed... I've
whitelist_auth-ed an address, but anyway...


whitelist_auth depends on lookups

* bug 5295: add 'whitelist_auth', to whitelist addresses that send mail 
using sender-authorization systems like SPF, Domain Keys, and DKIM

Re: Reduce filtering time by white-listing

[Kārlis Repsons]

On Thursday 07 July 2011 14:16:00 Axb wrote:
> On 2011-07-07 16:10, Kārlis Repsons wrote:
> >If whitelist_auth, about 16 secs
> > (hashes are still computed and compared!).
> 
> I assume you're not using local resolver or you have  a thin/throttled
> pipe (many DSL routers dislike UDP floods).
> That could explain those 16 sec.

But I talk about smth else: why are hashes still computed... I've 
whitelist_auth-ed an address, but anyway...


signature.asc
Description: This is a digitally signed message part.

Re: Reduce filtering time by white-listing

[Axb]

On 2011-07-07 15:51, Kārlis Repsons wrote:

It seems that while processing an email from address, which is marked as
whitelist_auth, still hashes are computed. I've set "shortcircuit
USER_IN_WHITELIST on" and it works well (no hashes computed) if address is
marked as whitelist_from... Any idea on how to faster process mail form
adresses marked as whitelist_auth?


how long does it take to process those? 0.6 sec?

Re: Reduce filtering time by white-listing

[Kārlis Repsons]

It seems that while processing an email from address, which is marked as 
whitelist_auth, still hashes are computed. I've set "shortcircuit 
USER_IN_WHITELIST on" and it works well (no hashes computed) if address is 
marked as whitelist_from... Any idea on how to faster process mail form 
adresses marked as whitelist_auth?


signature.asc
Description: This is a digitally signed message part.

Re: Reduce filtering time by white-listing

[Kārlis Repsons]

On Thursday 07 July 2011 09:52:36 Martin Gregorie wrote:
> On Thu, 2011-07-07 at 08:27 +, Kārlis Repsons wrote:
> > as per my current SA setup it takes quite a while until all tests are
> > over and the mail is delivered.
> 
> How are you running SA? If you're explicitly running 'spamassassin' ,
> whether from a script, a procmail recipe or as a Postfix service or
> equivalent, it will be loaded, initialised and shut down for every
> message it handles. Doing that gives approximately half the throughput
> you'd get by running it as a server (spamc/spamd) or via amavis-new
> (where SA is loaded as part of amavis).
> 
> > still DNS lookups are done, hashes
> > are computed and so it takes just about the same time as before...
> 
> You can get a large speed-up by simply running a local copy of BIND or
> some other DNS cache (I run BIND).
> 
> I see the performance hit from using spamassassin instead of spamc/spamd
> despite though I'm running a local caching DNSserver.
> 
> In terms of increased performance vs. effort needed, the following list
> shows the low-hanging fruit first, at least this is my personal ranking:
> 
> 1) use spamc/spamd in place of the spamassassin executable
> 2) introduce a local DNScache
> 3) tune spamd, i.e. adjust its max and min child processes to
>match your workload, CPU power and available RAM
> 4) consider using amavis-new
> 5) tune your ruleset
> 
> Do (1) and (2) before even starting to think about the remaining items.

Thank you, looks like a good advice, I'll see what can be done!

Re: Reduce filtering time by white-listing

[Martin Gregorie]

On Thu, 2011-07-07 at 08:27 +, Kārlis Repsons wrote:

> as per my current SA setup it takes quite a while until all tests are
> over and the mail is delivered.
>
How are you running SA? If you're explicitly running 'spamassassin' ,
whether from a script, a procmail recipe or as a Postfix service or
equivalent, it will be loaded, initialised and shut down for every
message it handles. Doing that gives approximately half the throughput
you'd get by running it as a server (spamc/spamd) or via amavis-new
(where SA is loaded as part of amavis).

> still DNS lookups are done, hashes
> are computed and so it takes just about the same time as before...
>
You can get a large speed-up by simply running a local copy of BIND or
some other DNS cache (I run BIND).

I see the performance hit from using spamassassin instead of spamc/spamd
despite though I'm running a local caching DNSserver. 

In terms of increased performance vs. effort needed, the following list
shows the low-hanging fruit first, at least this is my personal ranking:

1) use spamc/spamd in place of the spamassassin executable
2) introduce a local DNScache
3) tune spamd, i.e. adjust its max and min child processes to
   match your workload, CPU power and available RAM
4) consider using amavis-new
5) tune your ruleset 

Do (1) and (2) before even starting to think about the remaining items. 

Martin

Reduce filtering time by white-listing

[Kārlis Repsons]

Hi all,

as per my current SA setup it takes quite a while until all tests are
over and the mail is delivered. Thus it seemed necessary to do some
white-listing to save time. The problem is: even though an address is
white-listed with "whitelist_from", still DNS lookups are done, hashes
are computed and so it takes just about the same time as before... How
can it be achieved that for a whitelisted address only autolearn
happens? Then it would be desirable to experiment with whitelist_auth,
which too should introduce no more than some short network tests...
Does what I desire seem as what can be achieved? Or maybe I got
something wrong? Please let me know...

Re: white listing sendmail authenticated users

[Matt Kettler]

Bazooka Joe wrote:
> I am trying (unsuccessfully) to write a rule to pickup if the
> "authenticated bits=0" in the Received line of the header and give it
> -100
>
> I am not sure if spamass-milter Version 0.3.1is passing the Received
> line to SA.
>
> Does anyone know if that works? Or a better way to do it?
>
> header  LOCAL_AUTH_RCVD2Received =~ /authenticated bits/
> score   LOCAL_AUTH_RCVD2-100.0
>
> -bazooka
>   
Generally milters run before the local Received: header is added.

AFAIK, spamasss-milter temporarily fakes one so DNS tests can be done on
the delivering IP, but it's not going to be identical to the one your
MTA generates.

Re: white listing sendmail authenticated users

[Justin Mason]

On Tue, Dec 30, 2008 at 00:16, John Hardin  wrote:
> On Mon, 29 Dec 2008, Bazooka Joe wrote:
>
>> I am trying (unsuccessfully) to write a rule to pickup if the
>> "authenticated bits=0" in the Received line of the header and give it
>> -100
>>
>> Does anyone know if that works? Or a better way to do it?
>>
>> header  LOCAL_AUTH_RCVD2Received =~ /authenticated bits/
>> score   LOCAL_AUTH_RCVD2-100.0
>
> Important note: be specific as to *which* received header you whitelist on.
> It would be trivial for a spammer to put that text in a forged "upstream"
> Received header.

If the authenticator is part of your trusted_networks, SA should be
able to extend trust to the authenticated system.  see:

http://wiki.apache.org/spamassassin/TrustedRelays and
http://wiki.apache.org/spamassassin/DynablockIssues

(the latter has another way to match rules against /authenticated
bits/ -- use the hostname part of the Received header that appears
after it.)

--j.

Re: white listing sendmail authenticated users

[John Hardin]

On Mon, 29 Dec 2008, Bazooka Joe wrote:


I am trying (unsuccessfully) to write a rule to pickup if the
"authenticated bits=0" in the Received line of the header and give it
-100

Does anyone know if that works? Or a better way to do it?

header  LOCAL_AUTH_RCVD2Received =~ /authenticated bits/
score   LOCAL_AUTH_RCVD2-100.0


Important note: be specific as to *which* received header you whitelist 
on. It would be trivial for a spammer to put that text in a forged 
"upstream" Received header.


Generally speaking, the better way to whitelist would be to tell 
spamass-milter (or whatever your glue is) to not pass the message to SA at 
all. Your MTA knows that the message was received from an authenticated 
user, so see if you can leverage that knowledge to simply bypass calling 
SA completely.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  ...every time I sit down in front of a Windows machine I feel as
  if the computer is just a place for the manufacturers to put their
  advertising.-- fwadling on Y! SCOX
--

white listing sendmail authenticated users

[Bazooka Joe]

I am trying (unsuccessfully) to write a rule to pickup if the
"authenticated bits=0" in the Received line of the header and give it
-100

I am not sure if spamass-milter Version 0.3.1is passing the Received
line to SA.

Does anyone know if that works? Or a better way to do it?

header  LOCAL_AUTH_RCVD2Received =~ /authenticated bits/
score   LOCAL_AUTH_RCVD2-100.0

-bazooka

Re: White Listing

[maillist]

Bret Miller wrote:

I am looking for an easy way for my spamassassin to relearn messages
marked as spam that users would like to get.  Would it be 
safe and avoid

bayesian poisoning if I were to setup an email box such as
[EMAIL PROTECTED] and have users forward nonspam emails to this email
address and then learn it as ham?



There was a script posted a while back as an example of how you could
detach "forward as attachment" messages into a folder for learning. I
don't remember the author, but I'm reposting the script since it could
be useful here. 


WARNING: lines may wrap
_

#!/usr/bin/perl

use strict;
use warnings;

my @message = ;
my $path = "/tmp/spam/";

use Mail::SpamAssassin::Message;
use Data::UUID;

my $msg = Mail::SpamAssassin::Message->new(
 {
   'message' => [EMAIL PROTECTED],
 }
) || die "Message error?";

foreach my $p ($msg->find_parts(qr/^message\b/i, 0)) {
 eval {
no warnings ;
my $type = $p->{'type'};
my $ug = new Data::UUID;
my $uuid1 = $ug->create_str();
my $attachname = $path . $uuid1 . ".eml";
open OUT, ">", "$attachname" || die "Can't write file
$attachname:$!";
binmode OUT;
print OUT $p->decode();
 };
}
__END__





  
There is a script that ships with spamassassin, it's called "mboxsplit", 
and it rocks.  It is in the tools directory.  It breaks the mbox into 
files named 1, 2, 3, 4, 5.  It rocks.


-=Aubrey=-

Re: White Listing

[John D. Hardin]

On Wed, 3 Jan 2007, Alexander Veit wrote:

> However, our incoming mail gateway that runs SA is located in the
> DMZ, whereas user mailboxes are on severs that belong to the
> internal network. I think in this scenario it's easier to work
> with spam reporting mails and the scipts that where posted by Bret
> Miller and Dan Horn.

If you're not doing autolearning and you have global Bayes (vs. 
per-user) then you could set up a SA box on the trusted side just for 
learning, and rsync the trained bayes database out to the gateway. 
This also gives you a way to back up the corpa and databases using 
your existing corporate backup procedures.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Users mistake widespread adoption of Microsoft Office as the
  development of a standard document format.
---
 14 days until Benjamin Franklin's 301st Birthday

RE: White Listing

[Bowie Bailey]

Alexander Veit wrote:
> Bowie Bailey wrote:
> > [...]
> > Not really.  It's actually a fairly good system if you have an IMAP
> > server. 
> > 
> > You create IMAP folders for spam and ham.  These can be shared or
> > individual for each user.  The users then copy any mis-categorized
> > mail to these folders.  A program on the SpamAssassin server
> > connects to the IMAP server, copies the messages from these
> > folders, and runs sa-learn on them. [...]
> 
> OK, not so bad :-)
> 
> However, our incoming mail gateway that runs SA is located in the DMZ,
> whereas user mailboxes are on severs that belong to the internal
> network. I think in this scenario it's easier to work with spam
> reporting mails and the scipts that where posted by Bret Miller and
> Dan Horn.

You could always set a firewall rule to allow IMAP connections to your
internal boxes from the SA box only.

I tend to think that the IMAP solution would be less likely to cause changes
to the message.  Even forwarding as an attachment can causes some parts of
the message to change.

Also, the IMAP folders would probably be easier for the users.  For me,
"forward-as-attachment" is a difficult concept for most of my users.  (not
to mention being hard to do properly with Outlook)

-- 
Bowie

Re: White Listing

[Alexander Veit]

Bowie Bailey wrote:

[...]
Not really.  It's actually a fairly good system if you have an IMAP server.

You create IMAP folders for spam and ham.  These can be shared or individual
for each user.  The users then copy any mis-categorized mail to these
folders.  A program on the SpamAssassin server connects to the IMAP server,
copies the messages from these folders, and runs sa-learn on them.
[...]


OK, not so bad :-)

However, our incoming mail gateway that runs SA is located in the DMZ, 
whereas user mailboxes are on severs that belong to the internal 
network. I think in this scenario it's easier to work with spam 
reporting mails and the scipts that where posted by Bret Miller and Dan 
Horn.



--
Cheers,
Alex

Re: White Listing

[Theo Van Dinter]

On Wed, Jan 03, 2007 at 12:51:09PM -0800, Bret Miller wrote:
> There was a script posted a while back as an example of how you could
[...]
> my @message = ;
[...]
> my $msg = Mail::SpamAssassin::Message->new(
>  {
>'message' => [EMAIL PROTECTED],
>  }

fwiw, Message will read from STDIN by default, so you can just call
Message->new() and it'll DTRT for you. :)

-- 
Randomly Selected Tagline:
"She taught me Cuban, which is a lot like Spanish only without as many
 words for luxury items." - Emo Philips


pgpACeYxLz1Re.pgp
Description: PGP signature

RE: White Listing

[Dan Horne]

Below is a link to archive posts by myself explaining how we do this.
Basically forward as attachment feeds to a script that strips out the
attachment and stores it.  Separate cron job sa-learns the stored
messages.  The main script could probably be modified to feed sa-learn
directly, cutting out the need for the cron job.

http://www.nabble.com/sa-learn-and-POP3-accounts-tf2424315.html#a6783285

Also, here are some notes I had regarding this:

> 1) user forwards spam message AS ATTACHMENT to a pre-defined email 
> address
> 

I tell my users to forward as attachment to [EMAIL PROTECTED]

> 2) postfix pipes emails to this address to the modified script via 
> local alias
> 

I am using virtual users.  I had to make sure that postfix knows how to
handle local aliases.  From my main.cf:

alias_maps = hash:/etc/aliases

...pointing to the local aliases file.  Then within that file, I set up
a local alias to pipe all input to the script.  From my /etc/aliases:

spam-bayes: "| /etc/scripts/strip_attached_messages.pl"

... Be sure to run the command 'newaliases' after updating the aliases
file.  Then you use virtual_alias_maps to set the
"[EMAIL PROTECTED]" address to forward to the alias you set up.  I
use MySQL for my virtual_alias_maps, but if you use a file it would have
something like:

[EMAIL PROTECTED]   spam-bayes

That will forward all emails sent to [EMAIL PROTECTED] to the
spam-bayes alias, which will in turn pipe them into your script.

> 3) the script strips out all attachments defined as content-type:
> message/*
> 
<...>
> 5) a separate cron script then runs on a schedule to pipe all messages

> in /tmp/spam into sa-learn and delete them afterwards
> 
> Need to setup the crontab to call this script

My cron script:

#!/bin/sh

/usr/local/bin/sa-learn --spam --username=vscan /tmp/spam/ /bin/rm
/tmp/spam/*


--Username=vscan because I am using a single bayes database for all
mail, rather than individual bayes db's for each user.  This method
wouldn't work for individual bayes setups.  My crontab line:

53  1   *   *   *   root
/etc/scripts/train-bayes.sh

... To run it once per day at 1:53 am.  I get a nice email every morning
to root which says:

Learned tokens from 102 message(s) (102 message(s) examined)

The only thing to configure in the script is the path where you want the
attached messages stored until your sa-learn script runs.  I save mine
to /tmp/spam/, and that's where the train-bayes.sh script looks for
them.

Hope this helps.  It has been working very well for me so far.

-DH
 

> -Original Message-
> From: Alexander Veit [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, January 03, 2007 3:33 PM
> To: users@spamassassin.apache.org
> Subject: Re: White Listing
> 
> Nigel Frankcom wrote:
> > Forwarding is not a good idea, it adds and or changes the 
> headers in 
> > the mail.
> 
> Forward as attachment(s) could be a solution since original 
> mail headers are kept intact. I've asked a similar question 
> on this list some days ago, but nobody could say if there's a 
> common practice how to feed such messages into spamassassin 
> on the server.
> 
> > There have been several systems discussed in the last few 
> months using 
> > IMAP, it may be worth digging through the archives for them.
> 
> Sounds like misusing IMAP ;-)
> 
> --
> Cheers,
> Alex
> 
> 

CONFIDENTIALITY NOTICE:
This email message, including any attachments, is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message.
 
SPAM-FREE 1.0(2476)

RE: White Listing

[Bret Miller]

> > > Forwarding is not a good idea, it adds and or changes the
> headers in
> > > the mail.
> >
> > Forward as attachment(s) could be a solution since original mail
> > headers are kept intact. I've asked a similar question on this list
> > some days ago, but nobody could say if there's a common practice how
> > to feed such messages into spamassassin on the server.
> >
> > > There have been several systems discussed in the last few months
> > > using IMAP, it may be worth digging through the archives for them.
> >
> > Sounds like misusing IMAP ;-)
>
> Not really.  It's actually a fairly good system if you have
> an IMAP server.
>
> You create IMAP folders for spam and ham.  These can be
> shared or individual
> for each user.  The users then copy any mis-categorized mail to these
> folders.  A program on the SpamAssassin server connects to
> the IMAP server,
> copies the messages from these folders, and runs sa-learn on them.
>
> This way, it is simple for the users and the headers do not
> get mangled.
>
> I don't use this method myself, so I can't give you any configuration
> details.  Search the list, this has been discussed multiple times.

I do use the IMAP method here. We run in site-wide mode for both bayes
and awl, so we create a couple of shared IMAP folders that users can
drop messages into when they want to mark something as spam or not spam.
Then we run an IMAP-to-SA learner script that learns the messages.
(Actually, we have a manual review in between the user dragging the
message and learning because users will do the darndest things.)

That script was posted on the list a while back as well. I could be
persuaded to clean up mine and send it if you can't find the original.

Bret

RE: White Listing

[Bret Miller]

> I am looking for an easy way for my spamassassin to relearn messages
> marked as spam that users would like to get.  Would it be
> safe and avoid
> bayesian poisoning if I were to setup an email box such as
> [EMAIL PROTECTED] and have users forward nonspam emails to this email
> address and then learn it as ham?

There was a script posted a while back as an example of how you could
detach "forward as attachment" messages into a folder for learning. I
don't remember the author, but I'm reposting the script since it could
be useful here.

WARNING: lines may wrap
_

#!/usr/bin/perl

use strict;
use warnings;

my @message = ;
my $path = "/tmp/spam/";

use Mail::SpamAssassin::Message;
use Data::UUID;

my $msg = Mail::SpamAssassin::Message->new(
 {
   'message' => [EMAIL PROTECTED],
 }
) || die "Message error?";

foreach my $p ($msg->find_parts(qr/^message\b/i, 0)) {
 eval {
no warnings ;
my $type = $p->{'type'};
my $ug = new Data::UUID;
my $uuid1 = $ug->create_str();
my $attachname = $path . $uuid1 . ".eml";
open OUT, ">", "$attachname" || die "Can't write file
$attachname:$!";
binmode OUT;
print OUT $p->decode();
 };
}
__END__

RE: White Listing

[Bowie Bailey]

Alexander Veit wrote:
> Nigel Frankcom wrote:
> > Forwarding is not a good idea, it adds and or changes the headers in
> > the mail.
> 
> Forward as attachment(s) could be a solution since original mail
> headers are kept intact. I've asked a similar question on this list
> some days ago, but nobody could say if there's a common practice how
> to feed such messages into spamassassin on the server.
> 
> > There have been several systems discussed in the last few months
> > using IMAP, it may be worth digging through the archives for them.
> 
> Sounds like misusing IMAP ;-)

Not really.  It's actually a fairly good system if you have an IMAP server.

You create IMAP folders for spam and ham.  These can be shared or individual
for each user.  The users then copy any mis-categorized mail to these
folders.  A program on the SpamAssassin server connects to the IMAP server,
copies the messages from these folders, and runs sa-learn on them.

This way, it is simple for the users and the headers do not get mangled.

I don't use this method myself, so I can't give you any configuration
details.  Search the list, this has been discussed multiple times.

-- 
Bowie

Re: White Listing

[Alexander Veit]

Nigel Frankcom wrote:

Forwarding is not a good idea, it adds and or changes the headers in
the mail.


Forward as attachment(s) could be a solution since original mail headers 
are kept intact. I've asked a similar question on this list some days 
ago, but nobody could say if there's a common practice how to feed such 
messages into spamassassin on the server.



There have been several systems discussed in the last few months using
IMAP, it may be worth digging through the archives for them.


Sounds like misusing IMAP ;-)

--
Cheers,
Alex

Re: White Listing

[Nigel Frankcom]

On Wed, 03 Jan 2007 11:50:27 -0500, Kyle Quillen <[EMAIL PROTECTED]>
wrote:

>Hello all,
>
>I am looking for an easy way for my spamassassin to relearn messages
>marked as spam that users would like to get.  Would it be safe and avoid
>bayesian poisoning if I were to setup an email box such as
>[EMAIL PROTECTED] and have users forward nonspam emails to this email
>address and then learn it as ham?
>
>Thanks 
>Q 

Forwarding is not a good idea, it adds and or changes the headers in
the mail.

There have been several systems discussed in the last few months using
IMAP, it may be worth digging through the archives for them.

There are specific methods of whitelisting particular addresses or
domains within SA.

http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html#whitelist_and_blacklist_options

KR

Nigel

White Listing

[Kyle Quillen]

Hello all,

I am looking for an easy way for my spamassassin to relearn messages
marked as spam that users would like to get.  Would it be safe and avoid
bayesian poisoning if I were to setup an email box such as
[EMAIL PROTECTED] and have users forward nonspam emails to this email
address and then learn it as ham?

Thanks 
Q 

Re: White listing yahoo groups

[Benny Pedersen]

On Tue, November 14, 2006 19:00, SM wrote:

> See whitelist_from_dk [EMAIL PROTECTED] example.com

for me this is not possible with domainkeys

but only with dkim

-- 
This message was sent using 100% recycled spam mails.

Re: White listing yahoo groups

[Andrew Hodgson]

On Tue, 14 Nov 2006 10:21:02 -0800, Bill Moseley <[EMAIL PROTECTED]>
wrote:

[...]

>Yes, it is my machine rejecting the mail that is flagged spam.
>And when I reject too many messages Yahoo's mailing list software
>considers my email non-working and stops delivering list messages.

Snap!  I have the same issue here, I reject with a high score, and it
only takes one to put it into bounce mode.  Also, they never let you
know you are bouncing until like the next couple of days.

The other problem is I have a system here which does some checks on
the SMTP transaction and performs checks which gets to SA, and due to
the way Yahoo delivers the messages to multiple recipients on the same
domain (through sending the message multiple times in the same SMTP
transaction) this caused problems as well.
>
>I guess I'm just curious how others deal with mailing lists.  I
>suspect just like any other mail -- if a message has a high enough
>spam score then reject it.

I am going to try some of the other messages in this thread - may take
a while though, as I have to wait for one to trip the system.

Andrew.

Re: White listing yahoo groups

[David B Funk]

On Tue, 14 Nov 2006,  wrote:

> whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com
>

Um shouldn't that first component be in address format?
EG:

whitelist_from_rcvd [EMAIL PROTECTED]  yahoo.com


Also that second argument doesn't need that '*'. It already
patern matches against the substring of the sending domain name.

If you want to "shotgun" whitelist all stuff coming from yahoo
you could use:

whitelist_from_rcvd [EMAIL PROTECTED]   yahoo.com


Of course, whitelist_from_rcvd demands that your DNS and
trusted_networks be functional.

Dave


-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

Re: White listing yahoo groups

[Kelson]

Benny Pedersen wrote:

i whitelist with trusted_networks

...

add ALL yahoo.com outgoing ip to trusted_networks in spamassassin solves it,
but who knows there ip's ?


That probably isn't doing what you think it is.

trusted_networks isn't a whitelist.  It doesn't mean you trust them not 
to send spam.  It just means you trust the data in their Received headers.


It does, however, push RBL checks out one level, so you'll be checking 
RBLs against the original senders, not against Yahoo.  But it won't 
reduce the score on messages that trip your threshold based on content 
or header rules.


--
Kelson Vibber
SpeedGate Communications 

Re: White listing yahoo groups

[Benny Pedersen]

On Tue, November 14, 2006 19:25,  wrote:
> whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com

wish it was that simple :(

spamassassin will still check spamcop

but may not say its spam and thus accept it

-- 
This message was sent using 100% recycled spam mails.

Re: White listing yahoo groups

[Benny Pedersen]

On Tue, November 14, 2006 19:21, Bill Moseley wrote:

>> Unless YOUR machine is bouncing them, your SA will not help. Spamcap is
>> usually the culprit and is being used by Yahoo.

ip is listed so:

Resolved 69.147.64.135 to n20c.bullet.sp1.yahoo.com.
[n20c.bullet.sp1.yahoo.com. has 1 MX record .(0)]

why hava a mx on a reverse dns ?, silly :-)

> Yes, it is my machine rejecting the mail that is flagged spam.
> And when I reject too many messages Yahoo's mailing list software
> considers my email non-working and stops delivering list messages.
>
> I guess I'm just curious how others deal with mailing lists.  I
> suspect just like any other mail -- if a message has a high enough
> spam score then reject it.

i whitelist with trusted_networks

> One problem is yahoo's machine is in spamcop, which might happen
> more often due to the volume of mail they send out.  So, I might want
> to reduce the score for mail that comes from any of the yahoo mail
> servers.  Although, I'm not clear how to know that the mail is from
> yahoo (or any other larger list provider).

spamcop should filter out maillist servers !

> For example, can I say ignore spamcop's report if the connecting
> server's reverse lookup includes "yahoo.com"?  Not sure how SA would
> know the connecting server (I'm running SA from an Exim4 ACL, by the
> way).

add ALL yahoo.com outgoing ip to trusted_networks in spamassassin solves it,
but who knows there ip's ?

> IIRC, the problem with Yahoo is that if you belong to, say, 20 lists
> and if one of those lists sends a lot of spam that gets rejected then
> your address is considered non-working resulting in all 20 lists
> stopping.

it have to be this way, since yahoo can not see if the mailbox is working or
just a spam checker that does not work :(

-- 
This message was sent using 100% recycled spam mails.

Re: White listing yahoo groups

[qqqq]

whitelist_from_rcvd *.mail.mud.yahoo.com *.bullet.scd.yahoo.com

Re: White listing yahoo groups

[Bill Moseley]

On Tue, Nov 14, 2006 at 05:42:58PM +0200, David Baron wrote:
> On Tuesday 14 November 2006 17:01, Bill Moseley wrote:
> > I keep getting my yahoo groups account shut down because of too many
> > bounces.  For one thing, their mail server is listed:
> >
> > Blocked - see 
> >
> > Is there a recommended method for dealing with mailing lists where the
> > mail may come from any number of mail servers?
> >
> > Should I try and white list the hosts?  Or better to give a large
> > negative score?
> >
> > Can their use of "DomainKeys" be used in my scoring?
> 
> Unless YOUR machine is bouncing them, your SA will not help. Spamcap is 
> usually the culprit and is being used by Yahoo.

Yes, it is my machine rejecting the mail that is flagged spam.
And when I reject too many messages Yahoo's mailing list software
considers my email non-working and stops delivering list messages.

I guess I'm just curious how others deal with mailing lists.  I
suspect just like any other mail -- if a message has a high enough
spam score then reject it.

One problem is yahoo's machine is in spamcop, which might happen
more often due to the volume of mail they send out.  So, I might want
to reduce the score for mail that comes from any of the yahoo mail
servers.  Although, I'm not clear how to know that the mail is from
yahoo (or any other larger list provider).

For example, can I say ignore spamcop's report if the connecting
server's reverse lookup includes "yahoo.com"?  Not sure how SA would
know the connecting server (I'm running SA from an Exim4 ACL, by the
way).

IIRC, the problem with Yahoo is that if you belong to, say, 20 lists
and if one of those lists sends a lot of spam that gets rejected then
your address is considered non-working resulting in all 20 lists
stopping.




-- 
Bill Moseley
[EMAIL PROTECTED]

Re: White listing yahoo groups

[SM]

At 07:01 14-11-2006, Bill Moseley wrote:

Should I try and white list the hosts?  Or better to give a large
negative score?


Yes, if you don't receive spam from these hosts.


Can their use of "DomainKeys" be used in my scoring?


See whitelist_from_dk [EMAIL PROTECTED] example.com

The signing domain (last parameter) is optional.

Regards,
-sm 

Re: White listing yahoo groups

[David Baron]

On Tuesday 14 November 2006 17:01, Bill Moseley wrote:
> I keep getting my yahoo groups account shut down because of too many
> bounces.  For one thing, their mail server is listed:
>
> Blocked - see 
>
> Is there a recommended method for dealing with mailing lists where the
> mail may come from any number of mail servers?
>
> Should I try and white list the hosts?  Or better to give a large
> negative score?
>
> Can their use of "DomainKeys" be used in my scoring?

Unless YOUR machine is bouncing them, your SA will not help. Spamcap is 
usually the culprit and is being used by Yahoo.

Re: White listing yahoo groups

[Bill Moseley]

On Tue, Nov 14, 2006 at 07:01:12AM -0800, Bill Moseley wrote:
> Can their use of "DomainKeys" be used in my scoring?

Sorry, that was more of "*should* their use..." -- I'm not clear
on the use of Mail::SpamAssassin::Plugin::DomainKeys.

-- 
Bill Moseley
[EMAIL PROTECTED]

White listing yahoo groups

[Bill Moseley]

I keep getting my yahoo groups account shut down because of too many
bounces.  For one thing, their mail server is listed:

Blocked - see 

Is there a recommended method for dealing with mailing lists where the
mail may come from any number of mail servers?

Should I try and white list the hosts?  Or better to give a large
negative score?

Can their use of "DomainKeys" be used in my scoring?


-- 
Bill Moseley
[EMAIL PROTECTED]

Re: white listing

[Payal Rathod]

On Wed, Oct 06, 2004 at 09:06:39AM -0400, John Stegenga wrote:
> That ought to do it.
> 
> white listing in the local cf file for the domain should work fine.

Thanks for the tip.
With warm regards,
-Payal

RE: white listing

[John Stegenga]

That ought to do it.

white listing in the local cf file for the domain should work fine.

John

-Original Message-
From: Payal Rathod [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 06, 2004 8:29 AM
To: users@spamassassin.apache.org
Subject: white listing


Hi,
We have co-hosted a domain on my friend's server (qmail). Now, the ISP 
provides SA 2.61 with each users having their own pref file managed 
through a GUI. But some of my client's mails were being marked as SPAM.
So, I requested the admin to whitelist that client's domain. He said
he will put this in /etc/mail/spamassassin/local.cf
whitelist_from  [EMAIL PROTECTED]

Will doing so really whitelist all mails from that domain? Or do I
have to do it for each of my users, which is a tedious job.

Thanks a lot in advance.
With warm regards,
-Payal

white listing

[Payal Rathod]

Hi,
We have co-hosted a domain on my friend's server (qmail). Now, the ISP 
provides SA 2.61 with each users having their own pref file managed 
through a GUI. But some of my client's mails were being marked as SPAM.
So, I requested the admin to whitelist that client's domain. He said
he will put this in /etc/mail/spamassassin/local.cf
whitelist_from  [EMAIL PROTECTED]

Will doing so really whitelist all mails from that domain? Or do I
have to do it for each of my users, which is a tedious job.

Thanks a lot in advance.
With warm regards,
-Payal