RE: Any way to bypass authenticated users?
fc4, sendmail, sa 3.0.6, spamass-milter some clients get mail rejected from my server (which they are using to send) because sa is checking all mail. I use smtp auth - Is there any way to bypass SA if they have been authenticated? Check this howto: http://www200.pair.com/mecham/spam/bypassing.html
Correct way to deactive AWL checks
Hello, I have a problem deactivating autowhitelist in my postfix + amavis + spamassassin servers. We have servers running postfix (2.3.8-2) and spamassassin (3.1.7-2) through amavisd-new (2.4.2-6) in a debian etch (4.0) operating system. The problem is that we want to deactivate AWL plugin. So we have edited our /etc/spamassassin/v310.pre and we have comented the line: #loadplugin Mail::SpamAssassin::Plugin::AWL But after this, AWL is still checking mails. So we have had to include the option: use_auto_whitelist 0 in our /etc/spamassassin/local.cf. With this it seems that AWL is not running yet. But it seems to be still loaded, because this option must not be recognized if AWL is unload, isn't it? How is the correct way to deactive AWL? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337
Re: Correct way to deactive AWL checks
Angel L. Mateo wrote: Hello, [...] How is the correct way to deactive AWL? found in my amavisd.conf: $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') HTH, Uwe
CPAN - failed install: t/spamc_optC t/spamc_optL errors
Having problems re-installing SA. Blew away my previous installation cat'ing the .packlist to xargs rm. As root, start perl -MCPAN -e shell and 'install SpamAssassin' All of the errors in t/logs/* relate to either one of three things: # cannot run 1. error: spamd: cannot run as nonexistent user or root with -u option 2. warn: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody # permission issues 3. warn: spamd: bayes: locker: safe_lock: cannot create tmp lockfile ./log/user_state/bayes.lock.sabik.scarceskills.com.2725 for ./log/user_state/bayes.lock: Permission denied Below I've included some output of where it all goes pear shaped. Any ideas to get me back on track? I've done this type of install many times and have never had this issue... -Peter Farrell t/spamc_headers.ok t/spamc_l...ok t/spamc_optCNot found: reported spam = Message successfully reported/revoked # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamc_optC/out.1 t/spamc_optCNOK 2/9 Not found: revoked ham = Message successfully reported/revoked # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 t/spamc_optCNOK 4/9 Not found: failed to report spam = Unable to report/revoke message # Failed test 6 in t/SATest.pm at line 635 fail #3 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 t/spamc_optCok 7/9 Not found: failed to revoke ham = Unable to report/revoke message t/spamc_optCNOK 8/9# Failed test 8 in t/SATest.pm at line 635 fail #4 Output can be examined in: log/d.spamc_optC/out.1 log/d.spamc_optC/out.3 log/d.spamc_optC/out.5 log/d.spamc_optC/out.7 t/spamc_optCFAILED tests 2, 4, 6, 8 Failed 4/9 tests, 55.56% okay t/spamc_optL# Failed test 1 in t/spamc_optL.t at line 20 Not found: learned spam = Message successfully un/learned # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: t/spamc_optLNOK 2/16# Failed test 3 in t/spamc_optL.t at line 24 Not found: already learned spam = Message was already un/learned # Failed test 4 in t/SATest.pm at line 635 fail #2 Output can be examined in: t/spamc_optLNOK 4/16ERROR: Bayes dump returned an error, please re-run with -D for more information # Failed test 5 in t/spamc_optL.t at line 28 Not found: spam in database = 1 0 non-token data: nspam # Failed test 6 in t/SATest.pm at line 635 fail #3 Output can be examined in: t/spamc_optLNOK 6/16# Failed test 7 in t/spamc_optL.t at line 32 Not found: forget spam = Message successfully un/learned t/spamc_optLNOK 7/16# Failed test 8 in t/SATest.pm at line 635 fail #4 Output can be examined in: t/spamc_optLNOK 8/16# Failed test 9 in t/spamc_optL.t at line 36 Not found: learned ham = Message successfully un/learned # Failed test 10 in t/SATest.pm at line 635 fail #5 Output can be examined in: t/spamc_optLNOK 10/16# Failed test 11 in t/spamc_optL.t at line 40 Not found: already learned ham = Message was already un/learned # Failed test 12 in t/SATest.pm at line 635 fail #6 t/spamc_optLNOK 11/16Output can be examined in: t/spamc_optLNOK 12/16ERROR: Bayes dump returned an error, please re-run with -D for more information # Failed test 13 in t/spamc_optL.t at line 44 Not found: ham in database = 1 0 non-token data: nham # Failed test 14 in t/SATest.pm at line 635 fail #7 Output can be examined in: t/spamc_optLNOK 14/16# Failed test 15 in t/spamc_optL.t at line 48 Not found: learned ham = Message successfully un/learned # Failed test 16 in t/SATest.pm at line 635 fail #8 t/spamc_optLNOK 15/16Output can be examined in: t/spamc_optLFAILED tests 1-16 Failed 16/16 tests, 0.00% okay t/spamc_y...ok t/spamc_z...ok t/spamd.ok t/spamd_allow_user_rulesok 3/5 Not found: myfoo = 1.0 MYFOO # Failed test 4 in t/SATest.pm at line 635 Output can be examined in: log/d.spamd_allow_user_rules/out.2 log/d.spamd_allow_user_rules/spamd.err.1 t/spamd_allow_user_rulesFAILED test 4 Failed 1/5 tests, 80.00% okay t/spamd_hup.ok t/spamd_kill_restartok t/spamd_kill_restart_rr.ok t/spamd_ldapskipped all skipped: no reason given t/spamd_maxchildren.ok t/spamd_maxsize.ok t/spamd_parallelok t/spamd_plugin..ok 1/6 Not found: called1 = test: called myTestPlugin, round 1 # Failed test 2 in t/SATest.pm at line 635 Output can be examined in: log/d.spamd_plugin/out.1 log/d.spamd_plugin/spamd.err.1
Re: CPAN - failed install: t/spamc_optC t/spamc_optL errors
On Wed, 2007-06-20 at 12:04 +0100, Peter Farrell wrote: Having problems re-installing SA. Blew away my previous installation cat'ing the .packlist to xargs rm. As root, start perl -MCPAN -e shell and 'install SpamAssassin' All of the errors in t/logs/* relate to either one of three things: bugid 5510
Re: Correct way to deactive AWL checks
Angel L. Mateo wrote: Hello, I have a problem deactivating autowhitelist in my postfix + amavis + spamassassin servers. We have servers running postfix (2.3.8-2) and spamassassin (3.1.7-2) through amavisd-new (2.4.2-6) in a debian etch (4.0) operating system. The problem is that we want to deactivate AWL plugin. So we have edited our /etc/spamassassin/v310.pre and we have comented the line: #loadplugin Mail::SpamAssassin::Plugin::AWL But after this, AWL is still checking mails. That should do it, did you restart amavis after commenting it out? Are you sure /etc/spamassassin is the correct directory, not /etc/mail/spamassassin or some other? try spamassassin --lint -D to see what site rules dir SA is using. Did you check the other files (including the .cf ones) to make sure someone didn't add the AWL to those as well? (loadplugin should never be in a .cf file, but that doesn't stop some folks from doing so) grep AWL /etc/spamassassin/*
Re: Correct way to deactive AWL checks
El mié, 20-06-2007 a las 12:06 +0200, Uwe Kiewel escribió: Angel L. Mateo wrote: Hello, [...] How is the correct way to deactive AWL? found in my amavisd.conf: $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') Yes, I know it. I think is the same than putting it in local.cf. But, if I have deactivate the plugin (commenting the loadPlugin line), why is this option already consider? If the plugin is not loaded, this option shoulb be ignored. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337
NetBSD, OpenBSD, Windows users -- please test something...
We have a patch in development which fixes some platform-specific perl setuid brokenness, but it needs testing on those 3 platforms with spamd. The patch is at: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5518#c18 and applies to SpamAssassin 3.2.1. It should be possible to start a spamd using something like spamd --virtual-config-dir=/tmp -u nobody -D , and then see it setuid to nobody safely without issuing the 'spamd: initial attempt to change real uid failed, trying BSD workaround' warning. On windows, probably more complex however ;) If you *already* have spamd running on windows, I'd appreciate it if you could try running it, the same way as you're currently using it -- if it doesn't die, that's good enough for me! ;) thanks, --j.
Re: CPAN - failed install: t/spamc_optC t/spamc_optL errors
My apologies - saw the same issue appended to the announce email for 3.2 The fix was to run a manual build - ... As non-root user: perl Makefile.PL make make test As root: make install ... And it compiled successfully. -Peter On 20/06/07, Daniel J McDonald [EMAIL PROTECTED] wrote: On Wed, 2007-06-20 at 12:04 +0100, Peter Farrell wrote: Having problems re-installing SA. Blew away my previous installation cat'ing the .packlist to xargs rm. As root, start perl -MCPAN -e shell and 'install SpamAssassin' All of the errors in t/logs/* relate to either one of three things: bugid 5510
Re: Correct way to deactive AWL checks
Angel L. Mateo wrote: Hello, I have a problem deactivating autowhitelist in my postfix + amavis + spamassassin servers. We have servers running postfix (2.3.8-2) and spamassassin (3.1.7-2) through amavisd-new (2.4.2-6) in a debian etch (4.0) operating system. The problem is that we want to deactivate AWL plugin. So we have edited our /etc/spamassassin/v310.pre and we have comented the line: #loadplugin Mail::SpamAssassin::Plugin::AWL But after this, AWL is still checking mails. That should do it, did you restart amavis after commenting it out? Are you sure /etc/spamassassin is the correct directory, not /etc/mail/spamassassin or some other? try spamassassin --lint -D to see what site rules dir SA is using. On Debian it will probably say /etc/mail/spamassassin but the files are actually stored in /etc/spamassassin as /etc/mail/spamassassin is linked to /etc/spamassassin on a Debian machine. Did you check the other files (including the .cf ones) to make sure someone didn't add the AWL to those as well? (loadplugin should never be in a .cf file, but that doesn't stop some folks from doing so) grep AWL /etc/spamassassin/* and also check /var/lib/spamassassin/version. I have seen .pre files there that load plugins. Gary V _ Make every IM count. Download Messenger and join the im Initiative now. Its free. http://im.live.com/messenger/im/home/?source=TAGHM_June07
a rule to allow authenticated users stopped working, unless run at user level
Greetings and salutations, We use sendmail, spamassassin, and the spamass-milter at our site. If a user authenticates, we give them -100 spam points. After a somewhat recent update, we discovered our rule is not matched any longer. The details: Using $ spamassassin --version SpamAssassin version 3.2.1 (gentoo) running on Perl version 5.8.8 And previously 3.1.8 being run via spamass-milter configured in sendmail 8.14.0, we have in our /etc/spamassassin/local.cf configuration: header LOCAL_AUTH_RCVD2ALL =~ /(authenticated bits=0)/ score LOCAL_AUTH_RCVD2-100.0 spamd starts with: SPAMD_OPTS=-m 50 -c -H -u spamc If I send this email: #start From: [EMAIL PROTECTED] To: Mike Cross [EMAIL PROTECTED] Subject: test Date: Tue, 19 Jun 2007 12:38:41 -0400 Return-Path: [EMAIL PROTECTED] Received: from [192.168.15.109] (c-24-61-193-245.hsd1.nh.comcast.net [24.61.193.245]) (authenticated bits=0) by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5JFE2AY006703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Tue, 19 Jun 2007 11:14:02 -0400 Message-ID: [EMAIL PROTECTED] Date: Tue, 19 Jun 2007 11:14:04 -0400 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Organization: UNH-IOL User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: spam test Content-Type: multipart/mixed; boundary=--=_4677F2BE.7E5AE742 Content-Transfer-Encoding: 7bit #end through spamassassin as a user by running spamassassin test.email then the lines in the configuration file are applied as they properly match the (authenticated bits=0): #start X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on postal.iol.unh.edu X-Spam-Level: X-Spam-Status: No, score=-96.7 required=8.0 tests=ALL_TRUSTED, HEADER_COUNT_SUBJECT,INVALID_DATE,LOCAL_AUTH_RCVD2 autolearn=ham version=3.2.1 From: [EMAIL PROTECTED] To: Mike Cross [EMAIL PROTECTED] Subject: test Date: Tue, 19 Jun 2007 12:38:41 -0400 Return-Path: [EMAIL PROTECTED] Received: from [192.168.15.109] (c-24-61-193-245.hsd1.nh.comcast.net [24.61.193.245]) (authenticated bits=0) by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5JFE2AY006703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Tue, 19 Jun 2007 11:14:02 -0400 Message-ID: [EMAIL PROTECTED] Date: Tue, 19 Jun 2007 11:14:04 -0400 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Organization: UNH-IOL User-Agent: Thunderbird 1.5.0.12 (Windows/20070509) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: spam test Content-Type: multipart/mixed; boundary=--=_4677F2BE.7E5AE742 Content-Transfer-Encoding: 7bit #end The problem is that the configuration does not apply to emails sent through the MTA. If we try to match other components in that header, it works. It was working globally in the previous iteration (I apologize I don't have which specific version of spamassassin this was) I have a suspicion we're zoomed in too close to see what the issue is. Any hints? If the method we're using to accomplish this requirement is stupid, I'm listening... thanks folks! -- View this message in context: http://www.nabble.com/a-rule-to-allow-authenticated-users-stopped-working%2C-unless-run-at-user-level-tf3952490.html#a11213738 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Correct way to deactive AWL checks
How is the correct way to deactive AWL? found in my amavisd.conf: $sa_auto_whitelist = 0; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') Yes, I know it. I think is the same than putting it in local.cf. ... Angel L. Mateo MartÃnez Actually, it has no effect. As it says: irrelevent for SA 3.0. That includes newer versions. Gary V _ Who's that on the Red Carpet? Play win glamorous prizes. http://club.live.com/red_carpet_reveal.aspx?icid=REDCARPET_hotmailtextlink3
Spamassassin Mysql
Some weeks ago I put a message but no one answer it. Two days ago I install Spamassassin 3.2.1 to see if the problem were corrected and it continues. Anybody have the same problem or have a solution? -- Hi, Since today I'm using Spamsassasin 3.1.8 in a machine with two mysql servers, one in port 3306 (socket: /tmp/mysql.sock) and another in port 3308 (socket: /tmp/mysql.sock2) with no problems. Mysql stores the Scores, Autowhitelist and bayes information and I configure this in local.cf: user_scores_dsn DBI:mysql:spamassassin:localhost:3308 user_awl_dsn DBI:mysql:spamassassin:localhost:3308 bayes_sql_dsn DBI:mysql:spamassassin:localhost:3308 AND to work with SPAMD daemon it was necesary to ADD the $ENV{MYSQL_UNIX_PORT} = /tmp/mysql.sock2; at the beggining of the /usr/bin/spamd because by default it uses the /tmp/mysql.sock (or the 3306 port). Today I install the version 3.2.0 and this solution is NOT working, anyone have the same problem? The debug is: dbg: auto-whitelist: sql-based unable to connect to database (DBI:mysql:spamassassin:localhost:3308) : Can't connect to local MySQL server through socket 'in/lesspipe.sh %s' (2) I see that socket es taken randomly, some times is 'in/lesspipe.sh %s' and other times is another. Any ideas? -- View this message in context: http://www.nabble.com/Spamassassin---Mysql-tf3952757.html#a11214638 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Nice one: Stocks à la PDF
Nice one Spammy! Yihaaa! Stock spams with PDF attachments (118Kb) so be prepared. (nice the traits)
Re: a rule to allow authenticated users stopped working, unless run at user level
I've changed my sendmail configuration to be more verbose about the authentication information. To add to this, I've discovered that it can match any token in the Received: line that does NOT include an equals sign in it: Received: from [132.177.124.246] (doombox.iol.unh.edu [132.177.124.246]) (user=mikecrelay mech=PLAIN bits=0) by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5KFMexj024714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Wed, 20 Jun 2007 11:22:41 -0400 Examples that will not match: user=mikecrelay mech=PLAIN bits=0 version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT Every other token matches my test filters ok. -- View this message in context: http://www.nabble.com/a-rule-to-allow-authenticated-users-stopped-working%2C-unless-run-at-user-level-tf3952490.html#a11215794 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: a rule to allow authenticated users stopped working, unless run at user level
One last update and I'll shut up for a bit. I've updated my server to make my Received headers look literally like this: Received: from [132.177.124.246] (doombox.iol.unh.edu [132.177.124.246]) (user=mikecrelay mech=PLAIN bits=0) blah by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5KFveCk000817 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Wed, 20 Jun 2007 11:57:40 -0400 And i told spamassassin to match: header BLAH Received =~ /blah/ score BLAH -800.0 And it's not picking it up. So I really have no idea what the pattern is. thanks -- View this message in context: http://www.nabble.com/a-rule-to-allow-authenticated-users-stopped-working%2C-unless-run-at-user-level-tf3952490.html#a11216588 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: a rule to allow authenticated users stopped working, unless run at user level
On Wed, 20 Jun 2007, digitalsushi wrote: header BLAH Received =~ /blah/ score BLAH -800.0 And it's not picking it up. So I really have no idea what the pattern is. N.B.: if you're using a plugin/milter to have the MTA pass messages to SA during the SMTP phase (i.e. before they've actually been accepted for delivery) then the plugin may not be adding the local received header (maybe not in the format you expect, maybe not at all). I'm not sure how you'd verify whether this is what is happening. You'll need to have a look at the documentation for the plugin/milter and perhaps contact its author. Someone else here may be able to provide more specific advice - I run SA from procmail. :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I would buy a Mac today if I was not working at Microsoft. -- James Allchin, Microsoft VP of Platforms --- 14 days until The 231st anniversary of the Declaration of Independence
Re: a rule to allow authenticated users stopped working, unless run at user level
On Wed, 20 Jun 2007, digitalsushi wrote: header LOCAL_AUTH_RCVD2ALL =~ /(authenticated bits=0)/ That's vulnerable to forgery. If you're checking Received headers this way to whitelist, you *really* want to include your local hostname and/or IP information in the RE. That will make it much less spoofable. Received: from [192.168.15.109] (c-24-61-193-245.hsd1.nh.comcast.net [24.61.193.245]) (authenticated bits=0) by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5JFE2AY006703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Tue, 19 Jun 2007 11:14:02 -0400 e.g.: Received =~ /authenticated bits.+ by postal\.iol\.unh\.edu/ -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- I would buy a Mac today if I was not working at Microsoft. -- James Allchin, Microsoft VP of Platforms --- 14 days until The 231st anniversary of the Declaration of Independence
SA 3.2.1 not using SQL for bayes
Small problem with SA 3.2.1... I'm using a mysql database. The DB works fine for amavisd-new, and SA AWL. e.g. [438288] dbg: auto-whitelist: sql-based connected to DBI:mysql:sadb:ixx: [438288] dbg: auto-whitelist: sql-based using username: vscan01 [438288] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=195.53 scores 21/8.128 [438288] dbg: auto-whitelist: AWL active, pre-score: -1.498, autolearn score: -1.498, mean: 0.387047619047619, IP: xx.xx.xx.xx [438288] dbg: auto-whitelist: sql-based add_score: new count: 22, new totscore: 6.63 for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:sadb: but the SA bayes SQL spits out the error [463326] dbg: plugin: loading Mail::SpamAssassin::BayesStore::SQL from @INC [463326] dbg: bayes: invalid config, must set bayes_sql_dsn config variable plugin: failed to create instance of plugin Mail::SpamAssassin::BayesStore::SQL: Which would be fine... Except my local.cf file (Which also defines the config for AWL) says bayes_sql_dsn DBI:mysql:sadb:xxx: bayes_sql_username spamassassin bayes_sql_password fred bayes_sql_override_usernamevscan01 bayes_store_module Mail::SpamAssassin::BayesStore::SQL What gives? Why isn't this working any more? It's the same config for bayes as what I have for AWL... TIA Hamish. pgpjt8eP3VGXy.pgp Description: PGP signature
RE: SA 3.2.1 not using SQL for bayes
From: Hamie [mailto:[EMAIL PROTECTED] Small problem with SA 3.2.1... I'm using a mysql database. The DB works fine for amavisd-new, and SA AWL. e.g. [438288] dbg: auto-whitelist: sql-based connected to DBI:mysql:sadb:ixx: [438288] dbg: auto-whitelist: sql-based using username: vscan01 [438288] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=195.53 scores 21/8.128 [438288] dbg: auto-whitelist: AWL active, pre-score: -1.498, autolearn score: -1.498, mean: 0.387047619047619, IP: xx.xx.xx.xx [438288] dbg: auto-whitelist: sql-based add_score: new count: 22, new totscore: 6.63 for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:sadb: but the SA bayes SQL spits out the error [463326] dbg: plugin: loading Mail::SpamAssassin::BayesStore::SQL from @INC [463326] dbg: bayes: invalid config, must set bayes_sql_dsn config variable plugin: failed to create instance of plugin Mail::SpamAssassin::BayesStore::SQL: Which would be fine... Except my local.cf file (Which also defines the config for AWL) says bayes_sql_dsn DBI:mysql:sadb:xxx: bayes_sql_username spamassassin bayes_sql_password fred bayes_sql_override_usernamevscan01 bayes_store_module Mail::SpamAssassin::BayesStore::SQL I think you want this: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
ldap: failed to load user scores from LDAP server
I have been getting this error for some time now and have been trying to find the root cause of it. spamd[2681]: ldap: failed to load user scores from LDAP server, ignored (Can't locate object method schema via package URI::ldap at /usr/share/perl5/Mail/SpamAssassin/Conf/LDAP.pm line 133, GEN13 line 2. I did an upgrade about 2 weeks ago to perl and a few modules, I really am not sure what part if caused this. If anyone has a clue please help me out on this. I have looked through the list and on the Net trying to find something close and I have come up with very little. Really nothing related to spamassasin and ldap. Thanks. Philip S. Hempel
Re: SA 3.2.1 not using SQL for bayes
On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote: From: Hamie [mailto:[EMAIL PROTECTED] Small problem with SA 3.2.1... I'm using a mysql database. The DB works fine for amavisd-new, and SA AWL. e.g. [438288] dbg: auto-whitelist: sql-based connected to DBI:mysql:sadb:ixx: [438288] dbg: auto-whitelist: sql-based using username: vscan01 [438288] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=195.53 scores 21/8.128 [438288] dbg: auto-whitelist: AWL active, pre-score: -1.498, autolearn score: -1.498, mean: 0.387047619047619, IP: xx.xx.xx.xx [438288] dbg: auto-whitelist: sql-based add_score: new count: 22, new totscore: 6.63 for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:sadb: but the SA bayes SQL spits out the error [463326] dbg: plugin: loading Mail::SpamAssassin::BayesStore::SQL from @INC [463326] dbg: bayes: invalid config, must set bayes_sql_dsn config variable plugin: failed to create instance of plugin Mail::SpamAssassin::BayesStore::SQL: Which would be fine... Except my local.cf file (Which also defines the config for AWL) says bayes_sql_dsn DBI:mysql:sadb:xxx: bayes_sql_username spamassassin bayes_sql_password fred bayes_sql_override_usernamevscan01 bayes_store_module Mail::SpamAssassin::BayesStore::SQL I think you want this: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL Tried that too. It complains about bayes_sql_dns not being set as well. The only way I can get it to STOP complaining is to set the bayes_sql_dsn BEFORE the loadmodule (i.e. move loadmodule form init.pre to local.cf), but then it loads, and proceeds to ignore using the SQL for bayes uses local disk still. Sigh... pgpFjZZETzcyA.pgp Description: PGP signature
Re: SA 3.2.1 not using SQL for bayes
On Wed, 20 Jun 2007, Hamie wrote: On Wednesday 20 June 2007 18:09, Rosenbaum, Larry M. wrote: From: Hamie [mailto:[EMAIL PROTECTED] Small problem with SA 3.2.1... I'm using a mysql database. The DB works fine for amavisd-new, and SA AWL. e.g. [438288] dbg: auto-whitelist: sql-based connected to DBI:mysql:sadb:ixx: [438288] dbg: auto-whitelist: sql-based using username: vscan01 [438288] dbg: auto-whitelist: sql-based get_addr_entry: found existing entry for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based [EMAIL PROTECTED]|ip=195.53 scores 21/8.128 [438288] dbg: auto-whitelist: AWL active, pre-score: -1.498, autolearn score: -1.498, mean: 0.387047619047619, IP: xx.xx.xx.xx [438288] dbg: auto-whitelist: sql-based add_score: new count: 22, new totscore: 6.63 for [EMAIL PROTECTED]|ip=xx.xx [438288] dbg: auto-whitelist: sql-based finish: disconnected from DBI:mysql:sadb: but the SA bayes SQL spits out the error [463326] dbg: plugin: loading Mail::SpamAssassin::BayesStore::SQL from @INC [463326] dbg: bayes: invalid config, must set bayes_sql_dsn config variable plugin: failed to create instance of plugin Mail::SpamAssassin::BayesStore::SQL: Which would be fine... Except my local.cf file (Which also defines the config for AWL) says bayes_sql_dsn DBI:mysql:sadb:xxx: bayes_sql_username spamassassin bayes_sql_password fred bayes_sql_override_usernamevscan01 bayes_store_module Mail::SpamAssassin::BayesStore::SQL I think you want this: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL Tried that too. It complains about bayes_sql_dns not being set as well. The only way I can get it to STOP complaining is to set the bayes_sql_dsn BEFORE the loadmodule (i.e. move loadmodule form init.pre to local.cf), but then it loads, and proceeds to ignore using the SQL for bayes uses local disk still. Sigh... This is how mine is set and it has worked flawless since the initial set up on v3.1.8 (now running v3.2.1): bayes_store_module Mail::SpamAssassin::BayesStore::MySQL bayes_sql_dsn DBI:mysql:db_name:mysql_server:3306 bayes_sql_username username bayes_sql_password password Everything here is set up on a per account basis.
Re: a rule to allow authenticated users stopped working, unless run at user level
digitalsushi wrote: I've changed my sendmail configuration to be more verbose about the authentication information. To add to this, I've discovered that it can match any token in the Received: line that does NOT include an equals sign in it: spamass-milter probably isn't checking the macros for or adding the auth and TLS lines. I know older versions of spamass-milter didn't... I don't know if/when it was ever fixed. Daryl Received: from [132.177.124.246] (doombox.iol.unh.edu [132.177.124.246]) (user=mikecrelay mech=PLAIN bits=0) by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5KFMexj024714 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for [EMAIL PROTECTED]; Wed, 20 Jun 2007 11:22:41 -0400 Examples that will not match: user=mikecrelay mech=PLAIN bits=0 version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT Every other token matches my test filters ok.
Re: Nice one: Stocks à la PDF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yet Another Ninja schrieb: Nice one Spammy! Yihaaa! Stock spams with PDF attachments (118Kb) so be prepared. (nice the traits) jep youre right , just the one arrives here are there plans/rules to mark it ? - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGeYWHfGH2AvR16oERAlgxAKCFuPScBW6fKFBadxmMY7gOHbDLdACfb5Wy UlMgmXAPeTuVAk2Jb+8RqSM= =uQvA -END PGP SIGNATURE-
RE: My Newly Expanded DNS Blacklist - Who wants to try it?
This is a personal mail server, so I know exactly who sends mail on it, and we don't have a spam problem (unless you mean all the spam we're fighting to keep out). Of course, since it's a dynamic address, I can't be certain that other users of this address haven't sent spam, but as others have pointed out, the only other blacklists 70.112.27.10 is listed on are dynamic or dialup lists only, so there's no indication that it's been a previous spam source. So, unless you're intending to block dynamic IPs as part of your method, I'd say this is a false-positive situation. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool Shane, I realize this is a few days old... dig -x 70.112.27.10 \ ;; QUESTION SECTION: ;10.27.112.70.in-addr.arpa. IN PTR ;; ANSWER SECTION: 10.27.112.70.in-addr.arpa. 3600 IN PTR cpe-70-112-27-10.austin.res.rr.com. For a mail server, why don't you migrate from a RBL listed dynamic ip to a non-RBL listed static ip (or another transit solution) and if you cannot afford it, ill bet you could afford some hosting. Unless you are relaying that email from this server to your upstream, I think this implementation is flawed for real world work in general - rh
stock spam with pdf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @ll, here is some more info http://www.forbes.com/security/2007/06/20/stock-spam-internet-tech-security-cx_ag_0620spam.html - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGebEdfGH2AvR16oERAkiXAJ9dBW4rdaAcDlfRxwYaCceu8PLSqQCfeQE5 hUg2B54kHTvuisfQ9X+r7ho= =JQZb -END PGP SIGNATURE-
Re: stock spam with pdf
Robert Schetterer schrieb: http://www.forbes.com/security/2007/06/20/stock-spam-internet-tech-security-cx_ag_0620spam.html Got like 7 of them, all look pretty much like this: X-Spam-Report: * 5.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 0.9998] * 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS * 5.0 BOTNET Relay might be a spambot or virusbot * [botnet0.7,ip=89.234.73.196,nordns] * 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain * signs some mails * 0.0 BOTNET_NORDNS Relay's IP address has no PTR record * [botnet_nordns,ip=89.234.73.196] * 0.0 HTML_MESSAGE BODY: HTML included in message
pyzor: check failed: internal error
Yes - I googled it and found a lot of messages pointing to some patches - and they didn't wotk. What do I really have to do to get rid of this error? pyzor: check failed: internal error Thanks in advance