Re: dcc on empty email
Perhaps just check your old notes? :-P https://lists.apache.org/thread/6fspd1my9xjdjbz16zp7dk66vn44xccz On Wed, Apr 10, 2024 at 10:42:35PM -0400, Alex wrote: > Hi, > > I'm noticing DCC is triggering on emails with an empty body. I'd like to > create a hash that matches messages with an empty body and other simple > messages. > > What am I doing wrong? I've tried it with a zero-length file as well as > one > with just a few characters. It looks like I don't understand what the > format of the file should be. > > [root@beast dcc]# /usr/bin/dccproc -QCw whiteclnt < dcc-empty > missing message body; fatal error > > > I have a better understanding of how this works now. It apparently still > requires a valid email to be used, just with an actual empty body if I wanted > to whitelist that portion of it. > > /usr/bin/dccproc -QCw whiteclnt < email-with-empty-body > X-DCC-www.nova53.net-Metrics: [1]beast.example.com 1204; Body=0 Fuz1=0 Fuz2=0 > reported: 0 checksum server > env_From: d41d8cd9 8f00b204 e9800998 ecf8427e > From: 55a5141a 442cf35f 22622946 72511b73 > Message-ID: cebc1e5c 40f54129 90709930 ee918829 > Received: 9afca068 dc711459 c84cadb6 627877e9 > Body: d1b04397 6af3d941 68459a63 a155b202 0 > Fuz1: 3d69b970 c60c2b73 95050fee 7971cae8 0 > Fuz2: d35d922e 637a421c 0da33c04 8498ab36 0 > > although I'm not sure now where these values should be used/stored for dcc? > > I also happened across this link that contains a list of checksums for nearly > empty messages, although I don't know how current or useful it is. > [2]https://www.iecc.com/dcc-testmsg-whitelist.txt > > > > > References: > > [1] http://beast.example.com/ > [2] https://www.iecc.com/dcc-testmsg-whitelist.txt
Re: Spamassassin 4 and ClamAVMultipleScores.
That page had it all wrong from the beginning. Adjusting priority only for subrules but not the metas (yes metas don't use priorities in 4.0 but relative priorities are still adjusted for backwards compatibility, __CLAMAV* end up as priority 0 like everything else). The logical way to handle this is to simply run CLAMAV earlier, ditch all the other priority settings. Fixed the wiki. On Thu, Nov 02, 2023 at 09:05:49PM +, Andrew Hearn wrote: > Hello, > > We're using clam, some extra signatures, and the plugin/config as described on > https://cwiki.apache.org/confluence/display/SPAMASSASSIN/ClamAVMultipleScores > to give different signature families different scores. > > Since moving to v4, I don't think it's working... > > The only rule that is matched now, is the generic CLAMAV_VIRUS rule. > The rules for the various other signatures are no longer matched. > Could this be due to the change in priorities for meta rules, and now these > meta rules are running before they get to see the results from clam? > > I can send my config examples and debug output if that's helpful. > > Thanks!
Re: Welcome/unwelcome list not working correctly.
On Sat, Jul 22, 2023 at 10:13:42AM +0200, Benny Pedersen wrote: > Henrik K via users skrev den 2023-07-22 06:50: > > > > | gvk | unwhitelist_from| > > > grant.kel...@sonic.com | 7421538 | > > > | gvk | whitelist_from | *@sonic.com | 7526210 | > > user_prefs in sql/ldap can not do unwhitelist, it > missing priority field in sql/ldap for this to work, > only thing that is possible as now is to remove the > whitelist not add unwhitelist, would need feature > request for priority field No need for feature request, already exists: user_scores_sql_custom_query Create own SQL that sorts as you want, for example MySQL ORDER BY FIELD(...). Then again why even write unneeded stuff in DB. Fix it in the backend or create triggers etc to cleanup redundant stuff.
Re: Welcome/unwelcome list not working correctly.
On Fri, Jul 21, 2023 at 05:06:07PM -0700, Grant Keller wrote: > > > > select username, value from userpref > > where username = _USERNAME_ or username = '@GLOBAL' > > order by username asc; > I don't think the query result order masters here, from what I could > gather in the spamassassin source, the welcome list is built in 2 > steps: > 1. Create the list using the whitelist_from values. > 2. Remove from that list everything in unwhitelist_from Clearly you didn't read the code well enough. There is no such buffering done. The order matters as configuration commands are evaluated line by line. It is no different from reading a physical file. Command order 1: unwhitelist_from grant.kel...@sonic.com - there is no existing grant.kel...@sonic.com in the list, so nothing can be removed, this command is ready never looked at again whitelist_from grant.kel...@sonic.com - address is added and kept in the list, which is why you see USER_IN_WELCOMELIST Command order 2: whitelist_from grant.kel...@sonic.com - address added to the list unwhitelist_from grant.kel...@sonic.com - address is removed from the list You are seeing the first case happening here. > > As you see the only sort is done with username and otherwise MySQL makes > > _no_ guarantees about returned order. If whitelist_from is returned last, > > it works exactly the same as a physical .cf file would have it last. Why do > > you have an obviously redundant whitelist_from in the table messing up > > things? > It isn't redundant, it is just the simplest case I could use for > troubleshooting. The original case I was having issues with was more > like this: > | gvk | unwhitelist_from| grant.kel...@sonic.com | 7421538 | > | gvk | whitelist_from | *@sonic.com | 7526210 | > Which had the same problem as the values for both being identical, I was > just trying to narrow down the issue. You would have been better off looking at the documentation than code. As it clearly states: "The specified email address has to match exactly (although case-insensitively) the address previously used in a welcomelist_from line, which implies that a wildcard only matches literally the same wildcard (not 'any' address)." Above example will always have whitelist_from *@sonic.com active, thus resulting in USER_IN_WELCOMELIST. To unwhitelist it you need unwhitelist_from *@sonic.com.
Re: Welcome/unwelcome list not working correctly.
On Thu, Jul 20, 2023 at 04:14:05PM -0700, Grant Keller wrote: > Could be me doing something wrong, but I can't get Welcome/unwelcome > lists to work the way I expect them to. We are running Spamassassin > 4.0.0 on Centos 7.9 and have the user configs stored via mysql. Custom > scores, Welcomelist, Blocklist, all seem to be working correctly. But if > I have the following config entries: > > | gvk | unwhitelist_from| grant.kel...@sonic.com | 7421538 | > | gvk | whitelist_from | grant.kel...@sonic.com | 7526210 | > > Still, a message from that address to the gvk user results in the > following rules being hit: > > tests=ALL_TRUSTED,SCC_BODY_SINGLE_WORD,SONIC_BX_A2,SONIC_FRIEND,SPF_HELO_NONE, > T_SCC_BODY_TEXT_LINE,USER_IN_WELCOMELIST > > > I'm out of ideas to try on my side. Is there a way to have spamassasin > or spamc print the config, or perhaps debugging I can enable to try to > track down this problem? This is the default query: select username, value from userpref where username = _USERNAME_ or username = '@GLOBAL' order by username asc; As you see the only sort is done with username and otherwise MySQL makes _no_ guarantees about returned order. If whitelist_from is returned last, it works exactly the same as a physical .cf file would have it last. Why do you have an obviously redundant whitelist_from in the table messing up things?
Re: Help with rule
On Tue, Jun 06, 2023 at 12:12:10AM -0400, Bill Cole wrote: > > Escape the @ with a \ > SA uses Perl, so you need to escape %, @, and $ in regular expressions. Perl regular expressions does not mean it's parsed as Perl code, no need to quote such things on any remotely modern SA version.
Re: authres do not parse sender-id
On Sat, Jun 03, 2023 at 08:03:38PM +0200, Benny Pedersen wrote: > Jun 3 19:51:15.822 [17570] dbg: authres: skipping header, unknown property > for spf/smtp: mfrom Fixed this: https://svn.apache.org/viewvc?view=revision=1910234