I was using my own script for SARE updates last week. The I switched to
sa-update subscribing to openprotect.org. Then my GEOCITES rules seemed
to start missing; so I did some diging and found somebody else unhappy
with the GEOCITIES rules in 70_sare_specific.cf and was kind enough to
share. I implemented the new rules and am now happy.
Point is ...
I just found somebody else with a problem with the openprotect.org
channel; coincidence you ask?
No, I feel a trend coming on!
The people running openprotect.org better get their act together or they
won't have many people lining up for their contracts; not matter how
cheap they can sell their service.
--
WPM
Can there be customer service with out customers?
Mark Adams wrote:
Hi Anthony,
I was using Openprotect's SARE update channel for my standard sare
rules. I am not sure exactly what the issue was, but believe it was due
to a redefined "USER_IN_WHITELIST" that they have somewhere in their
rule set.
To correct the issue, I removed all cf files that were updated from this
channel (everything in /var/lib/spamassassin). I have now setup my own
script to update the standard SARE rule sets that I believe are useful
for my clients.
Testing after these changes clearly shows the whitelist hits, without
any impact on the spam blocking (no extra spam is getting through).
Regards,
Mark
On Fri, Mar 30, 2007 at 08:50:12AM +0100, Anthony Peacock wrote:
Hi Mark,
Can you be more specific?
Was someone/thing changing your whitelist file?
Mark Adams wrote:
Hi All,
I would like to note that this problem has been corrected, and was due
to an external automatic updating source.
Thanks for all the help that has been provided.
Regards,
Mark
On Thu, Mar 29, 2007 at 03:50:52PM +0100, Mark Adams wrote:
I have changed my reporting template, and now get this information
Content analysis details: (4.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix
variant)
3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive
vowels)
So the whitelisting is definatly not working.
A lint of the file shows it is reading the cf file, and I have checked
the whitelist_from entry is correct a thousand times. Does anyone have
any idea what could be going on here?
On Wed, Mar 28, 2007 at 07:52:20PM +0100, Mark Adams wrote:
Thanks, I did run exactly that, and got the output that I posted. Do you
have any idea why I might be getting such a limited output?
What do you have set for reporting purposes in your local.cf file?
Regards,
Mark
On Wed, Mar 28, 2007 at 01:31:16PM -0500, maillist wrote:
Mark Adams wrote:
You could run: "spamassassin --test-mode < message", and see what it
is scoring.
Hi There,
I have tried this, and get the below result.
------_=_NextPart_001_01C7710E.58A560A4--
hits=4.0 required=5.0 test=NO_RDNS,VOWEL_FROM_7
This does not show whitelist hits, should it?
Regards,
Mark
Yes, if you run "spamassassin --test-mode < message", it should show
something like this:
Content analysis details: (-104.0 points, 7.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-1.0 SPF_HELO_PASS SPF: HELO matches SPF record
-100 USER_IN_WHITELIST From: address is in the user's white-list
-3.0 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
[score: 0.0000]
-=Aubrey=-
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
"If you have an apple and I have an apple and we exchange apples
then you and I will still each have one apple. But if you have an
idea and I have an idea and we exchange these ideas, then each of us
will have two ideas." -- George Bernard Shaw
