Re: whitelist_from_rcvd not working for me
James Long wrote: James Long wrote: In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I use: ... trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 ^^ Your IP for the ns.museum.rain.com comes back as 65.75.198.49, are you sure this is correct? I think what is happening here is sa isn't finding a local server, and gives up. My guess is that adding/changing that to .49 will help. The first Received by statement is this (last server) "by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id" When doing a lookup this is what I get (your internal DNS may be diff.): Name:ns.museum.rain.com Address: 65.75.198.49 HTH -- Thanks, JamesDR Thanks for your reply. My understanding is that "65.75.198.48/28" means that all IPs in that subnet will be trusted. Your DNS server returns the correct IP for ns.museum.rain.com. The /32 is another server at a colo site. I trust that server. Are you saying that ns.museum.rain.com's own IP should not be listed as a trusted server? Earlier advice I received from this list suggested that it should be. Clarification appreciated. Jim Yeah, I missed the /28 ... Long weekend, need to reply to email's after plenty of sleep :-D Sorry for the confusion. -- Thanks, James
Re: whitelist_from_rcvd not working for me
On 3/12/2006 8:13 PM, James Long wrote: Mail sent via SMTP should have all of it's headers parsed correctly and your whitelist_from_rcvd should work. Yet, it doesn't. One of the nightly server log messages has been getting rejected because SA thinks it is spam, and doesn't see the whitelist_from_rcvd entry for it. (sendmail log below) OK, to I should have wrote "Mail submitted" and not "Mail sent" above. In any case, if you can change your local submission header so that it doesn't include the (envelope-from james) part, it'll be successfully parsed. ie. If you can change your Sendmail config so that it generates headers that look like this instead: Received: (from [EMAIL PROTECTED]) by ns.umpquanet.com (8.13.4/8.13.4/Submit) id k2CJ9LT4065172 for [EMAIL PROTECTED]; Sun, 12 Mar 2006 11:09:21 -0800 (PST) If your headers, as they are now, are from a default configuration, please open a bug about them not being parsed at: http://issues.apache.org/SpamAssassin/ BTW, is there an easy way to troubleshoot this from the command line, with perhaps a sample message in a text file that I can just use as input to SA, so that I don't have to use up bandwidth and also put a large number of test messages into my mailbox? Is it as simple as 'spamassassin -t < textfilename' ? Yeah. Daryl
Re: whitelist_from_rcvd not working for me
> On 3/12/2006 2:21 PM, James Long wrote: > > In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I > > use: > > > > > > ... > > trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 > > ... > > whitelist_from_rcvd [EMAIL PROTECTED] ns.umpquanet.com > > ... > > > > > > yet messages that I had hoped would match that whitelist entry > > are not. How can I fix this? > > SA can't parse the first (oldest) received header. Since that header is > a local submission header, I wouldn't worry about it. > > Mail sent via SMTP should have all of it's headers parsed correctly and > your whitelist_from_rcvd should work. Yet, it doesn't. One of the nightly server log messages has been getting rejected because SA thinks it is spam, and doesn't see the whitelist_from_rcvd entry for it. (sendmail log below) > No, it must be listed, as it is now. Okay, so I feel comfortable that my trusted_networks line is correct. On to troubleshooting the whitelist_from_rcvd. BTW, is there an easy way to troubleshoot this from the command line, with perhaps a sample message in a text file that I can just use as input to SA, so that I don't have to use up bandwidth and also put a large number of test messages into my mailbox? Is it as simple as 'spamassassin -t < textfilename' ? Thanks again, Jim Sendmail log excerpt from ns.museum.rain.com: Mar 12 03:04:26 ns sm-mta[44915]: NOQUEUE: connect from ns.umpquanet.com [63.105.30.37] Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: Milter (spamassassin): init success to negotiate Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: Milter (greylist): init success to negotiate Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: Milter: connect to filters Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: milter=spamassassin, action=connect, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: milter=greylist, action=connect, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 220 ns.museum.rain.com ESMTP Sendmail 8.13.4/8.13.4; Sun, 12 Mar 2006 03:04:26 -0800 (PST) Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: <-- EHLO ns.umpquanet.com Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: milter=spamassassin, action=helo, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-ns.museum.rain.com Hello ns.umpquanet.com [63.105.30.37], pleased to meet you Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-ENHANCEDSTATUSCODES Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-PIPELINING Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-8BITMIME Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-SIZE Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-DSN Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-ETRN Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-STARTTLS Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250-DELIVERBY Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 250 HELP Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: <-- STARTTLS Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: --- 220 2.0.0 Ready to start TLS Mar 12 03:04:26 ns sm-mta[44915]: STARTTLS=server, get_verify: 0 get_peer: 0x0 Mar 12 03:04:26 ns sm-mta[44915]: STARTTLS=server, relay=ns.umpquanet.com [63.105.30.37], version=TLSv1/SSLv3, verify=NO, cipher=DHE-DSS-AES256-SHA, bits=256/256 Mar 12 03:04:26 ns sm-mta[44915]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKW044915: <-- EHLO ns.umpquanet.com Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: milter=spamassassin, action=helo, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-ns.museum.rain.com Hello ns.umpquanet.com [63.105.30.37], pleased to meet you Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-ENHANCEDSTATUSCODES Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-PIPELINING Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-8BITMIME Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-SIZE Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-DSN Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-ETRN Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250-DELIVERBY Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250 HELP Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: <-- MAIL From:<[EMAIL PROTECTED]> SIZE=9162 Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: Milter: senders: <[EMAIL PROTECTED]> Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: milter=spamassassin, action=mail, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: milter=greylist, action=mail, continue Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: --- 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: <-- RCPT To:<[EMAIL PROTECTED]> Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: Milter: rcpts: <[EMAIL PROTECTED]> Mar 12 03:04:26 ns sm-mta[44915]: k2CB4QKX044915: milter=spama
Re: whitelist_from_rcvd not working for me
From: "JamesDR" <[EMAIL PROTECTED]> James Long wrote: In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I use: ... trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 ^^ Your IP for the ns.museum.rain.com comes back as 65.75.198.49, are you sure this is correct? I think what is happening here is sa isn't finding a local server, and gives up. My guess is that adding/changing that to .49 will help. The first Received by statement is this (last server) "by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id" When doing a lookup this is what I get (your internal DNS may be diff.): Name:ns.museum.rain.com Address: 65.75.198.49 65.75.198.49 is within CIDR 65.75.198.48/28 {^_-}
Re: whitelist_from_rcvd not working for me
On 3/12/2006 2:21 PM, James Long wrote: In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I use: ... trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 ... whitelist_from_rcvd [EMAIL PROTECTED] ns.umpquanet.com ... yet messages that I had hoped would match that whitelist entry are not. How can I fix this? SA can't parse the first (oldest) received header. Since that header is a local submission header, I wouldn't worry about it. Mail sent via SMTP should have all of it's headers parsed correctly and your whitelist_from_rcvd should work. My understanding is that "65.75.198.48/28" means that all IPs in that subnet will be trusted. Your DNS server returns the correct IP for ns.museum.rain.com. The /32 is another server at a colo site. I trust that server. Yeah 65.75.198.48/28 covers 65.75.198.48-63. Are you saying that ns.museum.rain.com's own IP should not be listed as a trusted server? Earlier advice I received from this list suggested that it should be. No, it must be listed, as it is now. Daryl
Re: whitelist_from_rcvd not working for me
> James Long wrote: > > In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I > > use: > > > > > > ... > > trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 > ^^ > > Your IP for the ns.museum.rain.com comes back as 65.75.198.49, are you > sure this is correct? > > I think what is happening here is sa isn't finding a local server, and > gives up. My guess is that adding/changing that to .49 will help. > > The first Received by statement is this (last server) > "by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id" > > When doing a lookup this is what I get (your internal DNS may be diff.): > Name:ns.museum.rain.com > Address: 65.75.198.49 > > HTH > -- > Thanks, > JamesDR Thanks for your reply. My understanding is that "65.75.198.48/28" means that all IPs in that subnet will be trusted. Your DNS server returns the correct IP for ns.museum.rain.com. The /32 is another server at a colo site. I trust that server. Are you saying that ns.museum.rain.com's own IP should not be listed as a trusted server? Earlier advice I received from this list suggested that it should be. Clarification appreciated. Jim
Re: whitelist_from_rcvd not working for me
James Long wrote: In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I use: ... trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 ^^ Your IP for the ns.museum.rain.com comes back as 65.75.198.49, are you sure this is correct? I think what is happening here is sa isn't finding a local server, and gives up. My guess is that adding/changing that to .49 will help. The first Received by statement is this (last server) "by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id" When doing a lookup this is what I get (your internal DNS may be diff.): Name:ns.museum.rain.com Address: 65.75.198.49 HTH -- Thanks, JamesDR smime.p7s Description: S/MIME Cryptographic Signature
whitelist_from_rcvd not working for me
In my SpamAssassin-3.1.0 (p5-Mail-SpamAssassin-3.1.0_6) local.cf, I use: ... trusted_networks 127.0.0.0/8 65.75.198.48/28 63.105.30.37/32 ... whitelist_from_rcvd [EMAIL PROTECTED] ns.umpquanet.com ... yet messages that I had hoped would match that whitelist entry are not. How can I fix this? Thanks! Jim >From [EMAIL PROTECTED] Sun Mar 12 11:09:27 2006 Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37]) by ns.museum.rain.com (8.13.4/8.13.4) with ESMTP id k2CJ9L90046330 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for <[EMAIL PROTECTED]>; Sun, 12 Mar 2006 11:09:21 -0800 (PST) (envelope-from [EMAIL PROTECTED]) Received: from ns.umpquanet.com (localhost [127.0.0.1]) by ns.umpquanet.com (8.13.4/8.13.4) with ESMTP id k2CJ9McY065173 for <[EMAIL PROTECTED]>; Sun, 12 Mar 2006 11:09:22 -0800 (PST) (envelope-from [EMAIL PROTECTED]) Received: (from [EMAIL PROTECTED]) by ns.umpquanet.com (8.13.4/8.13.4/Submit) id k2CJ9LT4065172 for [EMAIL PROTECTED]; Sun, 12 Mar 2006 11:09:21 -0800 (PST) (envelope-from james) Date: Sun, 12 Mar 2006 11:09:21 -0800 (PST) From: James Long <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: test X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=failed version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on ns.museum.rain.com X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (ns.museum.rain.com [65.75.198.50]); Sun, 12 Mar 2006 11:09:27 -0800 (PST)