Re: missing tag
Daryl writes: Make sure your milter is providing a return path header field so that SA gets the correct envelope-from address. I believe old versions of amavisd-new don't do this. If the milter fails to do this SA will end up using the From: header field value and, yeah, you'll get SPF fail. amavisd-new inserts envelope sender address into mail header since amavisd-new-20030616 (i.e. June 2003). Initially it was inserted as X-Envelope-From, nowadays the Return-Path header field is used for the purpose. To make it explicit to SA, the following lines are recommended in local.cf: always_trust_envelope_sender 1 envelope_sender_header Return-Path (although with some luck SA may guess correctly by itself) The change from X-Envelope-From into Return-Path came with a amavisd-new-2.0 (=20040701) release (actually already in a pre-release amavisd-new-20040301). The last version of amavisd that didn't insert envelope sender information into a mail header in any form was 20030314-p2. Mark
Re: missing tag
On Jun 15, 2007, at 5:37 AM, Mark Martinec wrote: always_trust_envelope_sender 1 envelope_sender_header Return-Path Done, thanks.
missing tag
This came in with no tag or subject modification. Any idea what's up? Amavis log follows the message. X-Timeout-Protection: 0 Return-Path: [EMAIL PROTECTED] Received: from murder ([unix socket]) by smtp.interstellar.com (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Thu, 14 Jun 2007 16:48:10 -0700 X-Sieve: CMU Sieve 2.2 Received: from localhost (localhost [127.0.0.1]) by smtp.interstellar.com (Postfix) with ESMTP id 4883541B860 for [EMAIL PROTECTED]; Thu, 14 Jun 2007 16:48:10 -0700 (PDT) X-Virus-Scanned: amavisd-new 2.5.0 (20070423) at interstellar.com Received: from smtp.interstellar.com ([127.0.0.1]) by localhost (interstellar.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HhrEwzHAq2Ia for [EMAIL PROTECTED]; Thu, 14 Jun 2007 16:48:07 -0700 (PDT) Received: from catv-5063fb1e.catv.broadband.hu (catv-5063fb1e.catv.broadband.hu [80.99.251.30]) by smtp.interstellar.com (Postfix) with ESMTP id B5B7E41B835 for [EMAIL PROTECTED]; Thu, 14 Jun 2007 16:45:02 -0700 (PDT) Received: from [80.99.251.30] by mailer1.bluedolphinmagazines.com; Thu, 14 Jun 2007 23:47:48 -0100 Date: Thu, 14 Jun 2007 23:47:48 -0100 From: Connie Robison [EMAIL PROTECTED] X-Mailer: The Bat! (v3.0) Professional Reply-To: [EMAIL PROTECTED] X-Priority: 3 (Normal) Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Hallo! MIME-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Hello!I am bored this evening, interested in chatting with nice girl? Email me at [EMAIL PROTECTED] only. Wanna see some pictures of me? Jun 14 16:48:07 interstellar.com /usr/bin/amavisd[9479]: (09479-05) ESMTP::10024 /var/amavis/tmp/amavis-20070614T163826-09479: [EMAIL PROTECTED] - [EMAIL PROTECTED] SIZE=1003 Received: from smtp.interstellar.com ([127.0.0.1]) by localhost (interstellar.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for [EMAIL PROTECTED]; Thu, 14 Jun 2007 16:48:07 -0700 (PDT) Jun 14 16:48:07 interstellar.com /usr/bin/amavisd[9479]: (09479-05) Checking: HhrEwzHAq2Ia [80.99.251.30] [EMAIL PROTECTED] - [EMAIL PROTECTED] Jun 14 16:48:07 interstellar.com /usr/bin/amavisd[9479]: (09479-05) p001 1 Content-Type: text/html, size: 265 B, name: Jun 14 16:48:10 interstellar.com /usr/bin/amavisd[9479]: (09479-05) FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], 250 2.6.0 Ok, id=09479-05, from MTA ([127.0.0.1]:10025): 250 Ok: queued as 4883541B860 Jun 14 16:48:10 interstellar.com /usr/bin/amavisd[9479]: (09479-05) Passed, [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine HhrEwzHAq2Ia, Message-ID: [EMAIL PROTECTED], Hits: 10.769 Jun 14 16:48:10 interstellar.com /usr/bin/amavisd[9479]: (09479-05) TIMING [total 2679 ms] - SMTP greeting: 5 (0%)0, SMTP EHLO: 2 (0%)0, SMTP pre-MAIL: 2 (0%)0, SMTP pre-DATA-flush: 6 (0%)1, SMTP DATA: 1 (0%)1, check_init: 2 (0%)1, digest_hdr: 1 (0%)1, digest_body: 0 (0%) 1, gen_mail_id: 2 (0%)1, mime_decode: 18 (1%)1, get-file-type1: 46 (2%)3, parts_decode: 2 (0%)3, check_header: 6 (0%)3, AV-scan-1: 217 (8%)12, spam-wb-list: 4 (0%)12, SA msg read: 2 (0%)12, SA parse: 8 (0%)12, SA check: 2229 (83%)95, update_cache: 14 (1%)96, decide_mail_destiny: 3 (0%)96, fwd-connect: 15 (1%)96, fwd-mail-pip: 6 (0%)97, fwd-rcpt-pip: 1 (0%)97, fwd-data-chkpnt: 0 (0%)97, write- header: 2 (0%)97, fwd-data-contents: 0 (0%)97, fwd-end-chkpnt: 45 (2%) 98, prepare-dsn: 25 (1%)99, main_log_entry: 4 (0%)100, update_snmp: 3 (0%)100, SMTP pre-response: 1 (0%)100, SMTP response: 4 (0%)100, unlink-1-files: 1 (0%)100, rundown: 1 (0%)100 Jun 14 16:48:10 interstellar.com /usr/bin/amavisd[9479]: (09479-05) extra modules loaded: Mail/DomainKeys/Header.pm, Mail/DomainKeys/ Key.pm, Mail/DomainKeys/Key/Public.pm, Mail/DomainKeys/Message.pm, Mail/DomainKeys/Policy.pm, Mail/DomainKeys/Signature.pm, Mail/ SpamAssassin/Plugin/DomainKeys.pm, unicore/lib/gc_sc/Alnum.pl, unicore/lib/gc_sc/Alpha.pl -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: missing tag
Jerry, This came in with no tag or subject modification. Any idea what's up? Amavis log follows the message. (09479-05) Passed, [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine HhrEwzHAq2Ia, Message-ID: ..., Hits: 10.769 Most likely reason: recipient domain (durandinterstellar.com) is not considered local. The X-Spam-* headers are inserted only for incoming and all-internal mail, i.e. when recipient is local. Check your @local_domains_maps setting. Mark
Re: missing tag
My message came back tagged as spam, but I have this list whitelisted_from_spf. ??? X-Timeout-Protection: 0 X-Sieve: CMU Sieve 2.2 X-Virus-Scanned: amavisd-new 2.5.0 (20070423) at interstellar.com X-Spam-Flag: YES X-Spam-Score: 3.165 X-Spam-Level: *** X-Spam-Status: Yes, score=3.165 tagged_above=0 required=2 tests=[DKIM_POLICY_SIGNSOME=0, DK_POLICY_SIGNSOME=0, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, SPF_FAIL=0.693, URI_HEX=0.368] Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] List-Post: mailto:users@spamassassin.apache.org List-Id: users.spamassassin.apache.org Delivered-To: mailing list users@spamassassin.apache.org X-ASF-Spam-Status: No, hits=0.8 required=10.0 tests=ADVANCE_FEE_1,INFO_TLD,SPF_PASS X-Spam-Check-By: apache.org Date: Thu, 14 Jun 2007 17:09:10 -0700 From: Jerry Durand [EMAIL PROTECTED] Subject: *** JUNK MAIL *** missing tag To: users@spamassassin.apache.org X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 X-Virus-Checked: Checked by ClamAV on apache.org -- Jerry Durand, Durand Interstellar, Inc. www.interstellar.com tel: +1 408 356-3886, USA toll free: 1 866 356-3886 Skype: jerrydurand
Re: missing tag
Jerry Durand wrote: My message came back tagged as spam, but I have this list whitelisted_from_spf. ??? It hit SPF_FAIL, thus no SPF based whitelist hit. You may want to run the message through spamassassin -Dspf to find out why. Daryl X-Timeout-Protection: 0 X-Sieve: CMU Sieve 2.2 X-Virus-Scanned: amavisd-new 2.5.0 (20070423) at interstellar.com X-Spam-Flag: YES X-Spam-Score: 3.165 X-Spam-Level: *** X-Spam-Status: Yes, score=3.165 tagged_above=0 required=2 tests=[DKIM_POLICY_SIGNSOME=0, DK_POLICY_SIGNSOME=0, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1, SPF_FAIL=0.693, URI_HEX=0.368]
Re: missing tag
On Jun 14, 2007, at 5:16 PM, Mark Martinec wrote: Most likely reason: recipient domain (durandinterstellar.com) is not considered local. The X-Spam-* headers are inserted only for incoming and all-internal mail, i.e. when recipient is local. Check your @local_domains_maps setting. Mark Thanks, that was wrong. Fixing it now.
Re: missing tag
On Thu, 2007-06-14 at 17:09 -0700, Jerry Durand wrote: This came in with no tag or subject modification. Any idea what's up? Amavis log follows the message. My guess is that you're using spamc and for some reason it couldn't connect with spamd. If this is the case, spamc will return the email unmodified, as it should. I've only been using SpamAssassin for a couple of days and have seen one such instance already. -- Lindsay Haisley | We are all broken | PGP public key FMP Computer Services | toasters, but we | available at 512-259-1190 | still manage to make |http://pubkeys.fmp.com http://www.fmp.com|toast| |(Cheryl Dehut)|
Re: missing tag
On Jun 14, 2007, at 5:36 PM, Daryl C. W. O'Shea wrote: Jerry Durand wrote: My message came back tagged as spam, but I have this list whitelisted_from_spf. ??? It hit SPF_FAIL, thus no SPF based whitelist hit. You may want to run the message through spamassassin -Dspf to find out why. Daryl Oh, right, it's this list format. The message said it was from me, but it was sent by apache.org. Of course SPF failed. So, how do you set up SA to allow these lists that act as an unauthorized relay?
Re: missing tag
Jerry Durand wrote: On Jun 14, 2007, at 5:36 PM, Daryl C. W. O'Shea wrote: Jerry Durand wrote: My message came back tagged as spam, but I have this list whitelisted_from_spf. ??? It hit SPF_FAIL, thus no SPF based whitelist hit. You may want to run the message through spamassassin -Dspf to find out why. Daryl Oh, right, it's this list format. The message said it was from me, but it was sent by apache.org. Of course SPF failed. Actually the return path is (similar to): Return-Path: [EMAIL PROTECTED] ...so SPF shouldn't fail. So, how do you set up SA to allow these lists that act as an unauthorized relay? Make sure your milter is providing a return path header field so that SA gets the correct envelope-from address. I believe old versions of amavisd-new don't do this. If the milter fails to do this SA will end up using the From: header field value and, yeah, you'll get SPF fail. Daryl
Re: missing tag
On Jun 14, 2007, at 7:27 PM, Daryl C. W. O'Shea wrote: Actually the return path is (similar to): Return-Path: users-return-59747- [EMAIL PROTECTED] ...so SPF shouldn't fail. So, how do you set up SA to allow these lists that act as an unauthorized relay? Make sure your milter is providing a return path header field so that SA gets the correct envelope-from address. I believe old versions of amavisd-new don't do this. If the milter fails to do this SA will end up using the From: header field value and, yeah, you'll get SPF fail. Maybe it was a glitch while the local_domains were wrong. The headers below have the return-path and it seems to be working now. I hate intermittent things. From: [EMAIL PROTECTED] Subject:Re: missing tag Date: June 14, 2007 7:27:47 PM PDT To: users@spamassassin.apache.org Return-Path: users-return-59755- [EMAIL PROTECTED] Received: from murder ([unix socket]) by smtp.interstellar.com (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Thu, 14 Jun 2007 19:28:06 -0700 Received: from localhost (localhost [127.0.0.1]) by smtp.interstellar.com (Postfix) with ESMTP id 771D541BE8F for [EMAIL PROTECTED]; Thu, 14 Jun 2007 19:28:06 -0700 (PDT) Received: from smtp.interstellar.com ([127.0.0.1]) by localhost (interstellar.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ZuVqGZPmAkJ for [EMAIL PROTECTED]; Thu, 14 Jun 2007 19:27:54 -0700 (PDT) Received: from mail.apache.org (hermes.apache.org [140.211.11.2]) by smtp.interstellar.com (Postfix) with SMTP id ED49841BE80 for [EMAIL PROTECTED]; Thu, 14 Jun 2007 19:27:53 -0700 (PDT) Received: (qmail 73518 invoked by uid 500); 15 Jun 2007 02:27:53 - Received: (qmail 73509 invoked by uid 99); 15 Jun 2007 02:27:53 - Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jun 2007 19:27:53 -0700 Received: from [69.61.78.188] (HELO smtp.dostech.net) (69.61.78.188) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Jun 2007 19:27:49 -0700 Received: from [10.145.1.19] (CPE0018f8cb74a9- CM001692fb3602.cpe.net.cable.rogers.com [74.120.44.227]) (authenticated bits=0) by smtp.dostech.net (8.13.6/8.13.6) with ESMTP id l5F2RONR005324 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for users@spamassassin.apache.org; Thu, 14 Jun 2007 22:27:26 -0400 X-Sieve:CMU Sieve 2.2 X-Virus-Scanned:amavisd-new 2.5.0 (20070423) at interstellar.com Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Post: mailto:users@spamassassin.apache.org List-Id:users.spamassassin.apache.org Delivered-To: mailing list users@spamassassin.apache.org X-Asf-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By:apache.org Received-Spf: pass (herse.apache.org: domain of [EMAIL PROTECTED] designates 69.61.78.188 as permitted sender) Dkim-Signature: a=rsa-sha1; c=simple/simple; d=dostech.ca; s=20060320; t=1181874446; h=Message-ID:Date:From:User-Agent:MIME- Version:To: Subject:References:In-Reply-To:Content-Type: Content- Transfer-Encoding; b=iGEKnOKgs4Q792vV4A8415mDOCR7FWU0413igy RFyRcQDMHeCh7cAZW4AUa4Amo+XxJrWFbFQfJQLSWJSZ4d3g== Message-Id: [EMAIL PROTECTED] User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) Mime-Version: 1.0 References: [EMAIL PROTECTED] [EMAIL PROTECTED] 4671DF2B. [EMAIL PROTECTED] 73259FDF- [EMAIL PROTECTED] In-Reply-To:[EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Clamav: 0 : No Virus Detected X-Virus-Checked:Checked by ClamAV on apache.org
Re: missing tag
Jerry Durand wrote: On Jun 14, 2007, at 5:36 PM, Daryl C. W. O'Shea wrote: Jerry Durand wrote: My message came back tagged as spam, but I have this list whitelisted_from_spf. ??? It hit SPF_FAIL, thus no SPF based whitelist hit. You may want to run the message through spamassassin -Dspf to find out why. Daryl Oh, right, it's this list format. The message said it was from me, but it was sent by apache.org. Of course SPF failed. No, it wasn't from you, at least not at the envelope level. The envelope MAIL FROM would have been apache.org based, like all good mailing lists do so they can detect delivery failures. Otherwise you'd get bounces for every message the list tried to deliver that failed. ouch! My guess is SA isn't understanding your MTA's envelope sender markings, but from what I recall, amavis generally handles this quite well itself. So, how do you set up SA to allow these lists that act as an unauthorized relay? You don't, and you don't need to.