Re: shortcircuit on alread x-spam-flag: yes
On Wed, 27 Nov 2019, Philipp Ewald wrote: Hi Tobi, we only want to trust "X-Spam-Flag: YES" or why should someone (spammer, other mailserver with outgoing spamfilter) set this Flag to Yes? but like RW wrote: If you want to match on such a header you need to rewrite it before SA sees it. i thought shortcircuit will test before any other tests but header was remove before shortcircuit :( I have a lot to learn... Thanks for help maybe i try this again... later :-) The proper place to bypass SpamAssassin processing for any reason is in your glue layer. How is SA hooked into your MTA? Look into that, and see if there's a way to tell the glue to skip SA entirely if that header already exists. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Never forget, even for an instant, that the one and only reason anyone has for taking your gun away is to make you weaker than he is, so he can do something to you that you wouldn’t let him do if you were equipped to prevent it. This goes for burglars, muggers, and rapists, and even more so for policemen, bureaucrats, and politicians. -- Alexander Pope --- 973 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: shortcircuit on alread x-spam-flag: yes
It makes no difference for your network traffic, only SA 4.0 / trunk handles shortcircuiting and network lookups properly. But sure, marginal CPU savings.. On Thu, Nov 28, 2019 at 01:50:31PM +0100, Philipp Ewald wrote: > Hi Benny, > > thanks for your link! ( i did not follow any BOFH Rules from this site ;-) ) > > i check headers and if "X-SPam-Flag: YES" is set, i write a custom Header > from postfix. > > and in Spamassassin i search this custom header in shortcircuit. > > It works! > X-Spam-Status: Yes, score=98.7 tagged_above=- required=5 > tests=[RCVD_IN_DNSWL_MED=-2.3, SHORTCIRCUIT=100, SpamFlag=1] > autolearn=disabled > > i set this priority lower then DNSWL so save some network traffic > > kind regards > Philipp > > > Am 27.11.19 um 18:30 schrieb Benny Pedersen: > >On 2019-11-27 17:56, Philipp Ewald wrote: > > > >>we only want to trust "X-Spam-Flag: YES" or why should someone > >>(spammer, other mailserver with outgoing spamfilter) set this Flag to > >>Yes? > > > >trustness > > > >https://www.techiepark.com/tutorials/blocking-spam-using-postfix-header_checks-and-spamassassin/ > > bad example on what not to do :) > > > >http://www.techiepark.com/resources/postfix-header-checks/ really want to > >make postfix a spam filter ? > > > >bettr is to use fuglu.org as a before queue content filter with then can > >reject spam :=) > > > >i have still not seen mimedefang working > > > > > > -- > Philipp Ewald > Administrator > > DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln > Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: > philipp.ew...@digionline.de > > AG Köln HRB 27711, St.-Nr. 5215 5811 0640 > Geschäftsführer: Werner Grafenhain > > Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
Hi Benny, thanks for your link! ( i did not follow any BOFH Rules from this site ;-) ) i check headers and if "X-SPam-Flag: YES" is set, i write a custom Header from postfix. and in Spamassassin i search this custom header in shortcircuit. It works! X-Spam-Status: Yes, score=98.7 tagged_above=- required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SHORTCIRCUIT=100, SpamFlag=1] autolearn=disabled i set this priority lower then DNSWL so save some network traffic kind regards Philipp Am 27.11.19 um 18:30 schrieb Benny Pedersen: On 2019-11-27 17:56, Philipp Ewald wrote: we only want to trust "X-Spam-Flag: YES" or why should someone (spammer, other mailserver with outgoing spamfilter) set this Flag to Yes? trustness https://www.techiepark.com/tutorials/blocking-spam-using-postfix-header_checks-and-spamassassin/ bad example on what not to do :) http://www.techiepark.com/resources/postfix-header-checks/ really want to make postfix a spam filter ? bettr is to use fuglu.org as a before queue content filter with then can reject spam :=) i have still not seen mimedefang working -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
Hi Benny yeah your links definitely show massive abuse of mta header/body checks :-) But nonetheless mta header checks are way more performant and efficient than such checks in a filter software. As long as the header you check is used for a kill-shot its best place still is the mta header checks and not in any other filter software ;-) Cheers tobi Am 27.11.19 um 18:30 schrieb Benny Pedersen: > On 2019-11-27 17:56, Philipp Ewald wrote: > >> we only want to trust "X-Spam-Flag: YES" or why should someone >> (spammer, other mailserver with outgoing spamfilter) set this Flag to >> Yes? > > trustness > > https://www.techiepark.com/tutorials/blocking-spam-using-postfix-header_checks-and-spamassassin/ > bad example on what not to do :) > > http://www.techiepark.com/resources/postfix-header-checks/ really want > to make postfix a spam filter ? > > bettr is to use fuglu.org as a before queue content filter with then can > reject spam :=) > > i have still not seen mimedefang working > > >
Re: shortcircuit on alread x-spam-flag: yes
On 2019-11-27 17:56, Philipp Ewald wrote: we only want to trust "X-Spam-Flag: YES" or why should someone (spammer, other mailserver with outgoing spamfilter) set this Flag to Yes? trustness https://www.techiepark.com/tutorials/blocking-spam-using-postfix-header_checks-and-spamassassin/ bad example on what not to do :) http://www.techiepark.com/resources/postfix-header-checks/ really want to make postfix a spam filter ? bettr is to use fuglu.org as a before queue content filter with then can reject spam :=) i have still not seen mimedefang working
Re: shortcircuit on alread x-spam-flag: yes
Hi Philipp > or why should someone (spammer, other mailserver with outgoing > spamfilter) set this Flag to Yes? I would not think about the spammers here too much but more about a misconfigured SA on sending side? Or the admin added a fancy rbl list which suddenly stops working and returns a hit for every query for an ip or domain. Have been there, have seen that :-) Thats brings us back to the FP question Just my 5 cents: if someone trusts the spam assessment of a remote system, then one should have the guts to reject straight-out on mta :-) Or else ignore the spam assessment from remote. Cheers tobi Am 27.11.19 um 17:56 schrieb Philipp Ewald: > Hi Tobi, > > we only want to trust "X-Spam-Flag: YES" or why should someone (spammer, > other mailserver with outgoing spamfilter) set this Flag to Yes? > > but like RW wrote: >> If you want to >> match on such a header you need to rewrite it before SA sees it. > > i thought shortcircuit will test before any other tests but header was > remove before shortcircuit :( > I have a lot to learn... > > Thanks for help maybe i try this again... later :-) > > Am 27.11.19 um 17:15 schrieb Tobi : >> Philipp, >> >> Think you should ask yourself the following question: do I trust the >> spam result from a remote server? If yes then why using a spamassassin >> rule and not straight-out reject such mails on mta (header check)? And >> if you do not trust the remote server then why using its spam decission >> at all? >> >> Cheers >> >> tobi >> >> Am 26.11.19 um 14:06 schrieb Philipp Ewald: >>> Hi guys, >>> >>> i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. >>> I found "clear_headers" in >>> "/usr/share/spamassassin/10_default_prefs.cf". >>> >>> how can i override this setting? (include next update) >>> >>> Kind regards >>> Philipp >>> >>> >>> >
Re: shortcircuit on alread x-spam-flag: yes
On 2019-11-27 17:15, Tobi wrote: Philipp, Think you should ask yourself the following question: do I trust the spam result from a remote server? If yes then why using a spamassassin rule and not straight-out reject such mails on mta (header check)? And if you do not trust the remote server then why using its spam decission at all? all spamassassin headers begins with X-Spam-, you will have to change them BEFORE running localy retest :=) reason for this is that spamassassin REMOVE all headers with begins with X-Spam- before it adds new localy tested headers :=) end results is you always get X-Spam- heades is from local tests, but if you like you can rewrite upfront X-Spam- headers so local tests can use them for local retest
Re: shortcircuit on alread x-spam-flag: yes
Hi Tobi, we only want to trust "X-Spam-Flag: YES" or why should someone (spammer, other mailserver with outgoing spamfilter) set this Flag to Yes? but like RW wrote: If you want to match on such a header you need to rewrite it before SA sees it. i thought shortcircuit will test before any other tests but header was remove before shortcircuit :( I have a lot to learn... Thanks for help maybe i try this again... later :-) Am 27.11.19 um 17:15 schrieb Tobi : Philipp, Think you should ask yourself the following question: do I trust the spam result from a remote server? If yes then why using a spamassassin rule and not straight-out reject such mails on mta (header check)? And if you do not trust the remote server then why using its spam decission at all? Cheers tobi Am 26.11.19 um 14:06 schrieb Philipp Ewald: Hi guys, i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) Kind regards Philipp -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
Philipp, Think you should ask yourself the following question: do I trust the spam result from a remote server? If yes then why using a spamassassin rule and not straight-out reject such mails on mta (header check)? And if you do not trust the remote server then why using its spam decission at all? Cheers tobi Am 26.11.19 um 14:06 schrieb Philipp Ewald: > Hi guys, > > i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. > I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". > > how can i override this setting? (include next update) > > Kind regards > Philipp > > >
Re: shortcircuit on alread x-spam-flag: yes
On 26 Nov 2019, at 08:11, Philipp Ewald wrote: we have "old customer" (with historical terms) there have forwarding rules for any mail and we are not allowed to set SPAM Filter rule or to change the forwarding rules. On 26.11.19 13:22, @lbutlr wrote: Forwarding spam is a good way to be blacklisted as a spam source. This is why I have disabled all forwarding rules. If users want their mail to arrive at another account, they have to pull the mail themselves. (Obviously, most people automate this.) Gmail users have to use POP3 to get the mail, and I only allow POP3 access for specific users and only from google servers (I would gladly allow some other server that can only pull from POP, but no one has asked). there is forwarding and forwarding. There are cases where your front-end mailserver scans the mail for spam and viruses, and forwards it into a backend. Sometimes customers on those backends only want to tag. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.
Re: shortcircuit on alread x-spam-flag: yes
On Tue, 26 Nov 2019 14:06:15 +0100 Philipp Ewald wrote: > Hi guys, > > i want to bypas scanning mail if mail has already X-Spam-Flag: YES > set. I found "clear_headers" in > "/usr/share/spamassassin/10_default_prefs.cf". > > how can i override this setting? (include next update) clear_headers resets the list of headers to be added by spamassassin. It has nothing to do with clearing existing X-Spam headers. If you want to match on such a header you need to rewrite it before SA sees it.
Re: shortcircuit on alread x-spam-flag: yes
Oops. Sorry about that. > On 26 Nov 2019, at 13:22, @lbutlr wrote: > > You know a thorn can main / But a lover does the same / A gem will > reflect light / And a Fool will marvel at the sight / A fool such > as me, > /Who sees not the gold, but the beauty of the shine > /% > 'You know me,' said Rincewind. 'Just when I'm getting a grip on > something Fate comes along and jumps on my fingers.' > --Interesting Times -- "Are you pondering what I'm pondering?" "Wuh, I think so, Brain, but wouldn't anything lose its flavor on the bedpost overnight?"
Re: shortcircuit on alread x-spam-flag: yes
On 26 Nov 2019, at 08:11, Philipp Ewald wrote: > we have "old customer" (with historical terms) there have forwarding rules > for any mail and we are not allowed to set SPAM Filter rule or to change the > forwarding rules. Forwarding spam is a good way to be blacklisted as a spam source. This is why I have disabled all forwarding rules. If users want their mail to arrive at another account, they have to pull the mail themselves. (Obviously, most people automate this.) Gmail users have to use POP3 to get the mail, and I only allow POP3 access for specific users and only from google servers (I would gladly allow some other server that can only pull from POP, but no one has asked). -- You know a thorn can main / But a lover does the same / A gem will reflect light / And a Fool will marvel at the sight / A fool such as me, /Who sees not the gold, but the beauty of the shine /% 'You know me,' said Rincewind. 'Just when I'm getting a grip on something Fate comes along and jumps on my fingers.' --Interesting Times
Re: shortcircuit on alread x-spam-flag: yes
Am 26.11.19 um 15:43 schrieb Matus UHLAR - fantomas: On 26.11.19 15:08, Philipp Ewald wrote: Not really... or why should some one set this header on non-spam? FP means false positive. Mail that was evaluated as spam but is not. On 26.11.19 16:30, Philipp Ewald wrote: i know ;-) X-Spam-Flag: yes on non spam is false positiv :) we trust our mailserver (MX for all domains) so ones this mails was scored to spam and this mail got forwarded to any other customer (through mailserver again) can be skipped and any mail from external with X-SPAM-FLAG: YES can be skipped to (why not?) in such case, yes. However, if you have own or per-user settings, bayes database etc, the result can be different from what yout mail server found out. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
Re: shortcircuit on alread x-spam-flag: yes
Am 26.11.19 um 15:43 schrieb Matus UHLAR - fantomas: On 26.11.19 15:08, Philipp Ewald wrote: Not really... or why should some one set this header on non-spam? FP means false positive. Mail that was evaluated as spam but is not. i know ;-) X-Spam-Flag: yes on non spam is false positiv :) we trust our mailserver (MX for all domains) so ones this mails was scored to spam and this mail got forwarded to any other customer (through mailserver again) can be skipped and any mail from external with X-SPAM-FLAG: YES can be skipped to (why not?) -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
Am 26.11.19 um 15:28 schrieb Reindl Harald: Am 26.11.19 um 15:08 schrieb Philipp Ewald: Not really... or why should some one set this header on non-spam? strange question why should anybody forard a mail instead reject it when it's 100% spam? we have "old customer" (with historical terms) there have forwarding rules for any mail and we are not allowed to set SPAM Filter rule or to change the forwarding rules. We have different domains and all postmaster mails will be foreword to ( with alias to monitored e-mail) Am 26.11.19 um 14:44 schrieb Reindl Harald: Am 26.11.19 um 14:06 schrieb Philipp Ewald: i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) like every other setting by put it into a whatever called file with the extension .cf in /etc/mail/spamassassin Okay maybe forgot to activate shortcircuit(?) my rule: /etc/spamassassin/09_X_SPAM_FLAG.cf header SpamFlag X-Spam-Flag =~ /YES/ score SpamFlag 99 was loaded before "/usr/share/spamassassin/10_default_prefs.cf" but score was not set. I will try in /etc/spamassassin/local.cf in shortcircuit plugin thanks for help -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
On 26.11.19 15:08, Philipp Ewald wrote: Not really... or why should some one set this header on non-spam? FP means false positive. Mail that was evaluated as spam but is not. On 26.11.19 14:06, Philipp Ewald wrote: i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) Am 26.11.19 um 14:44 schrieb Matus UHLAR - fantomas: don't you care about incoming FPs? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
Re: shortcircuit on alread x-spam-flag: yes
Not really... or why should some one set this header on non-spam? Am 26.11.19 um 14:44 schrieb Matus UHLAR - fantomas: On 26.11.19 14:06, Philipp Ewald wrote: i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) don't you care about incoming FPs? -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: shortcircuit on alread x-spam-flag: yes
On 26.11.19 14:06, Philipp Ewald wrote: i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) don't you care about incoming FPs? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar]
shortcircuit on alread x-spam-flag: yes
Hi guys, i want to bypas scanning mail if mail has already X-Spam-Flag: YES set. I found "clear_headers" in "/usr/share/spamassassin/10_default_prefs.cf". how can i override this setting? (include next update) Kind regards Philipp -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds