Re: Why I get DKIM_INVALID sometimes?
Bill Cole kirjoitti 23.9.2019 20:11: On 23 Sep 2019, at 11:43, Jari Fredriksson wrote: Bill Cole kirjoitti 23.9.2019 18:26: On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC The signature on that message does not verify according to the dkimverify.pl from Mail::DKIM or the dkimverify from the Python 'dkimpy' package. Using the --debug-canonicalization option of dkimverify.pl shows that the 'bh' field matches, so the problem is in the headers. In short: it's probably not your problem *in this case* One side-note on this: In reviewing this I see that the first case is labeled as multipart/alternative but it contains only an unterminated text/plain part, so it seems to have been truncated, which is not consistent with the fact that dkimverify.pl comes up with the same body hash, so I'm questioning everything now... Yes I attached only the headers of the mail, not the body as I considered it to be wasteful. Maybe a bad decision... Such happens. Thank You very much for your comments! -- ja...@iki.fi
Re: Why I get DKIM_INVALID sometimes?
On 23 Sep 2019, at 11:43, Jari Fredriksson wrote: Bill Cole kirjoitti 23.9.2019 18:26: On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC The signature on that message does not verify according to the dkimverify.pl from Mail::DKIM or the dkimverify from the Python 'dkimpy' package. Using the --debug-canonicalization option of dkimverify.pl shows that the 'bh' field matches, so the problem is in the headers. In short: it's probably not your problem *in this case* One side-note on this: In reviewing this I see that the first case is labeled as multipart/alternative but it contains only an unterminated text/plain part, so it seems to have been truncated, which is not consistent with the fact that dkimverify.pl comes up with the same body hash, so I'm questioning everything now... All right then. I just received a new mail from Twitter, this time it has DKIM_VALID_AU. How headers differ? https://pastebin.com/3p7QiDDj I don't see anything obvious, but I expect that I wouldn't and that you wouldn't in the delivered mail. Something in the non-verified message got changed after signing but the verified message had no such change. For many months I've been watching a mail system that was having chronic occasional DKIM failures and writing code to work around and/or prevent the root causes. This project has not taken so long merely because I'm bad at coding. The ways that Sendmail in particular can innocently break signatures are many, so ultimately I resorted to fully parsing existing address list headers and rebuilding them in a subtly idiosyncratic form that Sendmail likes. There's a long-untouched bug report for OpenDKIM (which this system is not using) due to Sendmail "fixing up" standard address headers. That fixup is perfectly reasonable UNLESS you're signing them with a milter ahead of the fixup. Or in your case: unless Twitter is signing them with a milter before their Sendmail "fixes" headers. -- Bill Cole
Re: Why I get DKIM_INVALID sometimes?
Bill Cole kirjoitti 23.9.2019 18:26: On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC The signature on that message does not verify according to the dkimverify.pl from Mail::DKIM or the dkimverify from the Python 'dkimpy' package. Using the --debug-canonicalization option of dkimverify.pl shows that the 'bh' field matches, so the problem is in the headers. In short: it's probably not your problem *in this case* All right then. I just received a new mail from Twitter, this time it has DKIM_VALID_AU. How headers differ? https://pastebin.com/3p7QiDDj -- ja...@iki.fi
Re: Why I get DKIM_INVALID sometimes?
On 23 Sep 2019, at 1:00, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC The signature on that message does not verify according to the dkimverify.pl from Mail::DKIM or the dkimverify from the Python 'dkimpy' package. Using the --debug-canonicalization option of dkimverify.pl shows that the 'bh' field matches, so the problem is in the headers. In short: it's probably not your problem *in this case* -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Re: Why I get DKIM_INVALID sometimes?
RW kirjoitti 23.9.2019 17:02: On Mon, 23 Sep 2019 16:33:35 +0300 Jari Fredriksson wrote: Axb kirjoitti 23.9.2019 8:42: > UN_educated guess - I don't use DKIM... does it stop happening when > you restart your DNS recursor instead of rebooting? > Oh well. That did not help, same for this day. Don't stop at DNS restart all daemons related to email, one at a time. Actually my mail queue was halted for some other reason, but now as it started to flow again it seems to work! So, I have something on DNS. One master and two slaves. I now crontabbed a restart for the process via ansible daily. It might be a work around if the real reason does not come for me later... Thanks Axb! -- ja...@iki.fi
Re: Why I get DKIM_INVALID sometimes?
On Mon, 23 Sep 2019 16:33:35 +0300 Jari Fredriksson wrote: > Axb kirjoitti 23.9.2019 8:42: > > UN_educated guess - I don't use DKIM... does it stop happening when > > you restart your DNS recursor instead of rebooting? > > > Oh well. That did not help, same for this day. Don't stop at DNS restart all daemons related to email, one at a time.
Re: Why I get DKIM_INVALID sometimes?
Axb kirjoitti 23.9.2019 8:42: UN_educated guess - I don't use DKIM... does it stop happening when you restart your DNS recursor instead of rebooting? On 9/23/19 7:00 AM, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC Oh well. That did not help, same for this day. -- ja...@iki.fi
Re: Why I get DKIM_INVALID sometimes?
UN_educated guess - I don't use DKIM... does it stop happening when you restart your DNS recursor instead of rebooting? On 9/23/19 7:00 AM, Jari Fredriksson wrote: Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC
Why I get DKIM_INVALID sometimes?
Hello again. I have a problem that arises after my mail server has been up for maybe two days. Suddenly all DKIM-verifications in SpamAssassin says DKIM_INVALID while those look valid to be when looking to mail source code. It works again correctly after I reboot the machine. This starter as it is when I upgraded from Debian Stretch to Buster, I think. Sample: https://pastebin.com/cZKSTZVC -- ja...@iki.fi
Re: why I get it?
On Monday 19 March 2007, Rocco Scappatura wrote: Hello, I receiveid a spam message this morning in my mailbox. So I submit it to spamassassin to calculate the score that spamassassin give it. Here the result: Content preview: Diable! bird market light sort said Monte Cristo compassionately, it i Villefort pressed her plate earth hand to set long let her know it was Ah, true.theory skin Oh, no, sir, she blade slope answered; but you know, things [...] Content analysis details: (6.2 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9991] 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 0.7 MY_CID_AND_STYLE SARE cid and style So it is clear at all why i have retreived the message in my mailbox.. If someone could give an explanation of this phaenomenon, I will apreciate it, BR, rocsca Well Rocco, without knowing a little bit more about your setup its hard to say. For instance, are you NEW to spamassassin? If so you might be under the mistaken impression that Spamassassin deletes spam. It doesn't. It just marks it. If you want it deleted you have to do that with some other means, such as with filters in your mail reader, or procmail or amavisd etc. -- _ John Andersen pgpxFWrte4Hka.pgp Description: PGP signature
RE: why I get it?
What version of SA are you running? If not 3.1.8 then upgrade. # spamassassin -V SpamAssassin version 3.1.8 running on Perl version 5.8.8 rocsca
RE: why I get it?
Well Rocco, without knowing a little bit more about your setup its hard to say. For instance, are you NEW to spamassassin? Thanks John. No, I'm using spamassassin for two years. But, I'm going in depth with the usage of spamassassin because I would like to reduce the spam that arrives in my mailboxes. I'm using a Postfix+MySQL+Amavisd-new setup. If so you might be under the mistaken impression that Spamassassin deletes spam. It doesn't. It just marks it. If you want it deleted you have to do that with some other means, such as with filters in your mail reader, or procmail or amavisd etc. It is clear. rocsca
RE: why I get it?
Chances are that your Bayesian database changed between the time you recieved this message and the time you rescanned it from the command line. Rescanning something is _not_ a reliable way to figure out what score SA gave it on receipt. You should use the _TESTSSCORES(,)_ macro in your add_header line to figure that out. I agree with you! Infact, today I get another spam and after seven hours that it was received I analyse it and I get again a score greater that 5.0 points: Content preview: Yes, I exactly heard it spoken flight of, self decision but I did not know the scorch And who man found brain this mark father for you? plead Half-past six o'clock has strod cold purpose just struck, M. Bertuccsucceed The week Count receive shoe of Monte Cristo. [...] Content analysis details: (5.6 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 0.0 HTML_MESSAGE BODY: HTML included in message 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99% [score: 0.9680] 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 0.7 MY_CID_AND_STYLE SARE cid and style But there is a strategy for preventing that this emails reaches the mailboxes before that spamassassin learns about them (maybe greylist?)? thanks, rocsca
Re: why I get it?
Content preview: Yes, I exactly heard it spoken flight of, self You really don't give enough information that we can guess what could be done to help catch these. All I can guess is that you might not be runing network tests, since I don't see any network test hits on the two examples. Try posting a complete spam with the headers attached, and we may be able to say more. Loren
Re: why I get it?
Rocco Scappatura wrote: What version of SA are you running? If not 3.1.8 then upgrade. # spamassassin -V SpamAssassin version 3.1.8 running on Perl version 5.8.8 rocsca I was having the same problem with v 3.1.7, and when I upgraded to 3.1.8, they stopped. Do you get the same score if you run: spamc -c message Post the entire message, with headers and all. -=Aubrey=-
why I get it?
Hello, I receiveid a spam message this morning in my mailbox. So I submit it to spamassassin to calculate the score that spamassassin give it. Here the result: Content preview: Diable! bird market light sort said Monte Cristo compassionately, it i Villefort pressed her plate earth hand to set long let her know it was Ah, true.theory skin Oh, no, sir, she blade slope answered; but you know, things [...] Content analysis details: (6.2 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9991] 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 0.7 MY_CID_AND_STYLE SARE cid and style So it is clear at all why i have retreived the message in my mailbox.. If someone could give an explanation of this phaenomenon, I will apreciate it, BR, rocsca
Re: why I get it?
On Mon, 19 Mar 2007, Rocco Scappatura wrote: Hello, I receiveid a spam message this morning in my mailbox. So I submit it to spamassassin to calculate the score that spamassassin give it. Here the result: ... Content analysis details: (6.2 points, 5.0 required) ... So it is clear at all why i have retreived the message in my mailbox.. Chances are that your Bayesian database changed between the time you recieved this message and the time you rescanned it from the command line. Rescanning something is _not_ a reliable way to figure out what score SA gave it on receipt. You should use the _TESTSSCORES(,)_ macro in your add_header line to figure that out. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED]
Re: why I get it?
Rocco Scappatura wrote: Hello, I receiveid a spam message this morning in my mailbox. So I submit it to spamassassin to calculate the score that spamassassin give it. Here the result: Content preview: Diable! bird market light sort said Monte Cristo compassionately, it i Villefort pressed her plate earth hand to set long let her know it was Ah, true.theory skin Oh, no, sir, she blade slope answered; but you know, things [...] Content analysis details: (6.2 points, 5.0 required) pts rule name description -- -- 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 0.9991] 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif 0.7 MY_CID_AND_STYLE SARE cid and style So it is clear at all why i have retreived the message in my mailbox.. If someone could give an explanation of this phaenomenon, I will apreciate it, BR, rocsca What version of SA are you running? If not 3.1.8 then upgrade. -=Aubrey=-