Re: disable FORGED_*_RCVD
Beast wrote: Daryl C. W. O'Shea wrote: I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly. Upgraded from 3.0.3 to 3.0.4 and problem gone. Sorry, it still. --- Received: from mail.indorama.com (blowfish [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 30451E7933 for [EMAIL PROTECTED]; Wed, 31 Aug 2005 13:08:51 +0700 (WIT) X-Greylist: domain auto-whitelisted by SQLgrey-1.6.5 Received: from n3.bulk.dcn.yahoo.com (n3.bulk.dcn.yahoo.com [216.155.201.68]) by mail.indorama.com (Postfix) with SMTP id D69B4E7932 for [EMAIL PROTECTED]; Wed, 31 Aug 2005 13:08:43 +0700 (WIT) ... X-Spam-Status: Yes, score=9.0 required=5.2 tests=BAYES_99,FORGED_YAHOO_RCVD, HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10, MANY_EXCLAMATIONS,MSGID_FROM_MTA_ID,NO_REAL_NAME,WHY_WAIT autolearn=disabled version=3.0.4 X-Spam-Report: * 0.0 NO_REAL_NAME From: does not include a real name * 1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally * 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers -- --beast
Re: disable FORGED_*_RCVD
Put score FORGED_YAHOO_RCVD 0 in your local.cf file. This will disable the rule for you, after you restart SA so it reads the new score value. Loren
Re: disable FORGED_*_RCVD
... Sorry, it still. --- Received: from mail.indorama.com (blowfish [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 30451E7933 for [EMAIL PROTECTED]; Wed, 31 Aug 2005 13:08:51 +0700 (WIT) X-Greylist: domain auto-whitelisted by SQLgrey-1.6.5 Received: from n3.bulk.dcn.yahoo.com (n3.bulk.dcn.yahoo.com [216.155.201.68]) by mail.indorama.com (Postfix) with SMTP id D69B4E7932 for [EMAIL PROTECTED]; Wed, 31 Aug 2005 13:08:43 +0700 (WIT) ... X-Spam-Status: Yes, score=9.0 required=5.2 tests=BAYES_99,FORGED_YAHOO_RCVD, HTML_80_90,HTML_FONT_BIG,HTML_MESSAGE,HTML_NONELEMENT_00_10, MANY_EXCLAMATIONS,MSGID_FROM_MTA_ID,NO_REAL_NAME,WHY_WAIT autolearn=disabled version=3.0.4 X-Spam-Report: * 0.0 NO_REAL_NAME From: does not include a real name * 1.7 MSGID_FROM_MTA_ID Message-Id for external message added locally * 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers -- --beast I think the cases of scd and mud were handled in 3.0.4. It looks like you got a new Yahoo! server group here, dcn - another case needs to be added to the alternation on line 517 of EvalTests.pm; The case of 'mailer.bulk.scd' is covered, but you got 'n3.bulk.dcn' - the test should probably be expanded to (mailer|n\d+)\.bulk\.(dcn|mud|scd) from the current mailer\d+\.bulk\.scd. At least that will cover your case. It sure would be nice if someone had a connection at Yahoo! to find out the naming rules they use/intend to use (or at least be notified if they add servers). BTW. I've seen at least one FP on a mud server, but I probaly deleted the message already (FP on the rule, not the entire message, which scored as ham and was delivered to the user). Note: some uses of dcn are already handled - just not this one. File a Bugzilla and hope for 3.1.1 or maybe 3.1.0rc3. Possibly some of the other alternations need expanding to include dcn and/or n\d+ also!? Paul Shupak [EMAIL PROTECTED]
Re: disable FORGED_*_RCVD
Herb Martin wrote: Set the score to 0 (in your local.cf or other configuration that loads after the built-in configs.) I can not found in local.cf or any SARE files, it seems it's internal SA rule. [EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/* [EMAIL PROTECTED] spamassassin]# -- --beast
RE: disable FORGED_*_RCVD
From: Beast [mailto:[EMAIL PROTECTED] How do I disable FORGED_*_RCVD rule? my SA is installed after some mail gateway, so it does not received directly from remote server. Thus it alway triger this rule. Set the score to 0 (in your local.cf or other configuration that loads after the built-in configs.) A score of 0 disables a rule -- or set it to 0.01 if you wish it to actually run (for review or debug purposes) but don't want it to contribute (much) to the score. Easiest is to grep the .cf files for that pattern, copy them to an overriding config and alter the scores to disable them. REMEMBER: After changing your configs to always spamassassin --lint (I really appreciate the SARE folks who taught me this rule, --lint is your friend.) -- Herb Martin
Re: disable FORGED_*_RCVD
Beast wrote: Herb Martin wrote: Set the score to 0 (in your local.cf or other configuration that loads after the built-in configs.) I can not found in local.cf or any SARE files, it seems it's internal SA rule. [EMAIL PROTECTED] spamassassin]# grep YAHOO_RCVD /etc/mail/spamassassin/* [EMAIL PROTECTED] spamassassin]# if you're using the rpm version its usually in /usr/share/spamassassin
Re: disable FORGED_*_RCVD
Lem Tomas wrote: if you're using the rpm version its usually in /usr/share/spamassassin Thanks, its on 50_scores.cf. I've overwrite it on local.cf score FORGED_YAHOO_RCVD 0.1 -- --beast
Re: disable FORGED_*_RCVD
At 04:57 AM 8/30/2005, Beast wrote: How do I disable FORGED_*_RCVD rule? my SA is installed after some mail gateway, so it does not received directly from remote server. Thus it alway triger this rule. Did you add that some mail gateway to your trusted_networks? I'd suggest doing so.
Re: disable FORGED_*_RCVD
Matt Kettler wrote: At 04:57 AM 8/30/2005, Beast wrote: How do I disable FORGED_*_RCVD rule? my SA is installed after some mail gateway, so it does not received directly from remote server. Thus it alway triger this rule. Did you add that some mail gateway to your trusted_networks? I'd suggest doing so. Yes, but how this help on this case? I've put my gateway, localhost and my networks, but it still triger FORGED_ rule. * 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers --- mail header -- Received: from mail.indorama.com (blowfish [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 50C5BE7940 for [EMAIL PROTECTED]; Wed, 31 Aug 2005 10:46:37 +0700 (WIT) X-Greylist: domain auto-whitelisted by SQLgrey-1.6.5 Received: from web34002.mail.mud.yahoo.com (web34002.mail.mud.yahoo.com [66.163.178.83]) by mail.indorama.com (Postfix) with SMTP id EEB92E793F for [EMAIL PROTECTED]; Wed, 31 Aug 2005 10:46:34 +0700 (WIT) Received: (qmail 17095 invoked by uid 60001); 31 Aug 2005 03:46:32 - DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CcfrxJ/bv3DUb/+NKzQnuNh8MQBEeotBiRhMSPCqOa1zLNlDohOmE0kZLB3VilwyAq7VvsWDjOxWmB2ZQSuEHlIHUDd/EZnNPwu67pUqPzc0u9sRBLFOJ5VA rR7X4lCGcRw8XAz1saFWNqpGg5gpVcPhR6DAPQLaACC1PJP2X/g= ; Message-ID: [EMAIL PROTECTED] Received: from [202.154.30.27] by web34002.mail.mud.yahoo.com via HTTP; Tue, 30 Aug 2005 20:46:32 PDT --- local.cf: trusted_networks 192.168/16 trusted_networks 127/8 trusted_networks 202.154.34.130 -- --beast
Re: disable FORGED_*_RCVD
Beast wrote: I've put my gateway, localhost and my networks, but it still triger FORGED_ rule. * 2.7 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers Received: from web34002.mail.mud.yahoo.com (web34002.mail.mud.yahoo.com [66.163.178.83]) by mail.indorama.com (Postfix) with SMTP id EEB92E793F for [EMAIL PROTECTED]; Wed, 31 Aug 2005 10:46:34 +0700 (WIT) I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly. Daryl
Re: disable FORGED_*_RCVD
Daryl C. W. O'Shea wrote: I believe this was fixed in 3.0.4. Bug 4080 if I remember correctly. Upgraded from 3.0.3 to 3.0.4 and problem gone. Thanks! -- --beast
