RE: A SpamAssassin Crash Course for Admins
Hi there, There isn't really much documentation for any Windows related topics since Michael Bell's tutorial site is offline as well as SpamAssassin for Win32 project being discontinued. However, while compiling an own version of native (so not Cygwin based) Windows SpamAssassin, I've written down the most important parts into a manual that refers to SpamAssassin Version 3.3.1. The major parts should be valid for current releases of SpamAssassin as well. You can find the manual on our company's website: http://www.jam-software.com/spamassassin/manual.php under the topic How To - Build SpamAssassin for Windows. I've also updated the official Wiki sites a while ago with parts of this content: http://wiki.apache.org/spamassassin/InstallingOnWindows http://wiki.apache.org/spamassassin/SpamdOnWindows In any case, you should highlight that SpamD has major problems running on a Windows Perl distribution. This becomes noticeable in terms of stability (especially when used on an x64 platform) and memory usage (serious memory leaks). Best regards, Daniel Lemke JAM Software GmbH Managing Director: Joachim Marder Max-Planck-Str. 22 * 54296 Trier * Germany Phone: +49-651-1456530 * Fax: +49-651-14565329 Commercial register number HRB 4920 (AG Wittlich) http://www.jam-software.com From: Kevin A. McGrail [mailto:kmcgr...@pccc.com]mailto:[mailto:kmcgr...@pccc.com] Sent: Wednesday, November 30, 2011 4:21 AM To: antiamoeba; Daniel Lemke Subject: Re: A SpamAssassin Crash Course for Admins Interesting idea. Windows isn't a bit platform for SpamAssassin but it's growing. There is one guy you can ask who is great with SA on windows named Daniel Lemke. I've cc'd him and maybe he can provide some feedback. Even if he just has some ideas of good websites or resources to start with. Regards, KAM Thanks for extending the deadline. A question for you: Would I need to include info about customizing on Windows as well? As I can't find very much about that anywhere and most admins use Unix for servers. I've attached the commented version 2.0 as well. Thanks.
matching headers/body of rfc822 attachment
Hello, I have made a few rules to match bodies of e-mail forwarded to our abuse account. they should match if IP from our range appears in the abuse report: body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/ should match any IP from range 213.215.64.0/18 However: I have received a complaint containing RFC822 attachment with this line in headers of the attachment: Received: from a43.pbi.bn.cust.gts.sk ([213.215.106.107] helo=smtp.pbi.sk) by mail.kontaktco.at with esmtp (Exim 4.72) (envelope-from i...@hi5.com) id 1RUaIh-zs-8d for gerhard.goll...@kontaktco.at; Sun, 27 Nov 2011 09:41:28 +0100 Neither the body rule above, neither rule changed to header matched: header __GTSSK_IP04 Received =~ /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/ even if pcregrep with same pattern matched the line... I have tried to use rawbody rule but still no match. I have SA 3.3.1 with perl 5.8.8 on gentoo linux... can either of those cause the problem? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.
Re: how to check the size of the subject?
John Hardin wrote: On Thu, 1 Dec 2011, Sergio wrote: I want to check for specific subject size, thanks. Let's keep the discussion on-list so others may benefit. Larger than: header __SUBJ_GT_100 Subject =~ /.{101}/ Smaller than or equal to: header __SUBJ_LE_100 Subject =~ /^.{0,100}$/ For MIME-encoded, does this work on the raw data or the decoded? (raw I suspect). /Per Jessen, Zürich
RFC 5966 and rbldnsd
http://tools.ietf.org/html/rfc5966 if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? hope rbldns hosters dont sleep here 2 ways of workaround is: 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) 2: let bind use forwards zones to rbldnsd master (Megaram usage) comments ? todo ipv6 in rbldnsd
Re: RFC 5966 and rbldnsd
On 02.12.11 15:52, Benny Pedersen wrote: if rbldnsd does only UDP will not give problems for bind local cache, or isp remote dns servers in forwards ? I don't think so. hope rbldns hosters dont sleep here 2 ways of workaround is: work around what? 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space 2: let bind use forwards zones to rbldnsd master (Megaram usage) we use that, but ... what are you talking about? rbldns is not recursive, so even if we did not, it's BIND who'd query rbldnsd, not clients todo ipv6 in rbldnsd while talking about ipv6 queries, not a big problem. However, with ipv6 blacklisting will apparently look different... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: matching headers/body of rfc822 attachment
Matus UHLAR - fantomas wrote: Hello, I have made a few rules to match bodies of e-mail forwarded to our abuse account. they should match if IP from our range appears in the abuse report: body __GTSSK_IP04 /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/ should match any IP from range 213.215.64.0/18 Only if this content is in the normal message body; if it's in an attachment or in the outer message headers this won't match. I have received a complaint containing RFC822 attachment with this line in headers of the attachment: Received: from a43.pbi.bn.cust.gts.sk ([213.215.106.107] helo=smtp.pbi.sk) by mail.kontaktco.at with esmtp (Exim 4.72) (envelope-from i...@hi5.com) id 1RUaIh-zs-8d for gerhard.goll...@kontaktco.at; Sun, 27 Nov 2011 09:41:28 +0100 Neither the body rule above, neither rule changed to header matched: header __GTSSK_IP04 Received =~ /\b213\.215\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d/ If you're trying to match on RFC822 attached emails, you'll need to use the mimeheader rule type, with some negating rules to prevent hits on the outer message's headers. *sigh* Something like: mimeheader __GTSSK_IP04_MH Received =~ /ip.ad.dr.ess/ header __GTSSK_IP04_OUTER Received =~ /ip.ad.dr.ess/ meta __GTSSK_IP04 __GTSSK_IP04_MH !__GTSSK_IP04_OUTER I have tried to use rawbody rule but still no match. I have SA 3.3.1 with perl 5.8.8 on gentoo linux... can either of those cause the problem? I've had the same sort of trouble matching the rejected message header in backscatter bounces. (If someone can explain to me why I should allow structurally legitimate postmaster notices responding to fake Twitter, Facebook, Linked, etc messages into customer's email accounts, I'm listening...) I've found I need to have a rawbody rule *and* mimeheader+(!header) in order to catch all of the variations assorted mail systems and mail clients generate. :( -kgd
Re: RFC 5966 and rbldnsd
On Fri, Dec 2, 2011 at 4:02 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: 1: use rbldnsd to dump zone to bind.zone (Gigaram usage) I doubt rbldns is able to dump zone content. many DNSBL providers support also BIND format. Note that BIND takes much more RAM space man rbldnsd: | -d Dump all zones to stdout in BIND format and exit. This may be That's what we use for the BIND export of dnswl.org data (create rbldnsd-formatted file, and let rbldnsd -d create the BIND file). -- Matthias