Re: RelayCountry Config
On 7-Aug-2009, at 11:20, Charles Gregory wrote: Okay, so now I'm curious. What *IS* that chunk of code? If you compile it and run it you will see that the putchar() prints out his email address. -- When the routine bites hard / and ambitions are low And the resentment rides high / but emotions won't grow And we're changing our ways, / taking different roads Then love, love will tear us apart again
Re: RelayCountry Config
On Fri, 7 Aug 2009 00:46:46 -0400 MySQL Student mysqlstud...@gmail.com wrote: Hi, I find ordinary header and meta rules are all I need: http://pastebin.com/f5e5232d1 Among those rules you have: meta RELAYCOUNTRY_MED ! RELAYCOUNTRY_HIGH ( __RELAYCOUNTRY_AF || __RELAYCOUNTRY_AS || __RELAYCOUNTRY_EU_S || __RELAYCOUNTRY_OC_S || __RELAYCOUNTRY_AM_S ) It's probably hard to read, but doesn't this exclude the US? RELAYCOUNTRY_AM_S are all the Americas except US and CA. If I understand correctly, this says NOT RELAYCOUNTRY_HIGH and all countries except US and CA, which means that RELAYCOUNTRY_MED would trigger on all US and CA relays. ! A B = (! A) B
Re: RelayCountry Config
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} How did you get line noise from your modem to look so much like perl code? :-) The trick is, to catch a chunk that actually is valid C code. ;) -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: [sa] Re: RelayCountry Config
On Fri, 7 Aug 2009, Karsten Bräckelmann wrote: char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} How did you get line noise from your modem to look so much like perl code? :-) The trick is, to catch a chunk that actually is valid C code. ;) Okay, so now I'm curious. What *IS* that chunk of code? - C
OT: Signatures and C code that doesn't look like Perl (was: RelayCountry Config)
On Fri, 2009-08-07 at 13:20 -0400, Charles Gregory wrote: char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} How did you get line noise from your modem to look so much like perl code? :-) The trick is, to catch a chunk that actually is valid C code. ;) Okay, so now I'm curious. What *IS* that chunk of code? It is my signature. ;-) More seriously, it is some obfuscated C code I wrote way back for fun. Compiles cleanly. It implements a well-known algorithm, though quite bare-bones with some constraints. I won't mention the algorithm's name, though, not in public. Spoils the fun for those who likes puzzles. ;) -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: [sa] Re: RelayCountry Config
On Fri, 2009-08-07 at 13:20 -0400, Charles Gregory wrote: On Fri, 7 Aug 2009, Karsten Bräckelmann wrote: char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} How did you get line noise from your modem to look so much like perl code? :-) The trick is, to catch a chunk that actually is valid C code. ;) Okay, so now I'm curious. What *IS* that chunk of code? Compile and run it - its quite safe, just obfuscated. Martin
RelayCountry Config
Hi, I'm trying to configure RelayCountry. I have it installed, and SA recognizes it: # spamassassin --lint -D 21|grep -i country [4278] dbg: diag: module installed: IP::Country::Fast, version 604.001 [4278] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [4278] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8fb9648) implements 'extract_metadata', priority 0 [4278] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8fb9648) implements 'parsed_metadata', priority 0 I've loaded the plugin, and add_header according to the wiki page: add_header all Relay-Country _RELAYCOUNTRY_ loadplugin Mail::SpamAssassin::Plugin::RelayCountry I can create rules for each country I'd like to identify, and that successfully adds it to the header: header RELAYCOUNTRY_RU X-Relay-Countries =~ /RU/ describeRELAYCOUNTRY_RU Relayed through Russian Federation score RELAYCOUNTRY_RU 2.0 I was hoping to also have the X-Spam-Countries header added, but that doesn't seem to work. I'm using v3.2.5, so it has the RelayCountries.pm patch to add that support. What am I missing? Somewhat of a basic question, but once I do manage to get that header working, I know I can parse that and make decisions based on it. Are there any pre-written perl routines or utilities that can make that information useful? Also, I believe I read it adds bayes metadata to the email. Is that just through the additional headers or is it supposed to add something else? Thanks, Alex
Re: RelayCountry Config
On Thu, 6 Aug 2009 16:38:53 -0400 MySQL Student mysqlstud...@gmail.com wrote: add_header all Relay-Country _RELAYCOUNTRY_ ... I was hoping to also have the X-Spam-Countries header added, but that doesn't seem to work. I don't know if it makes a difference, but I call it Relay-Countries to match the name of the pseudo-header used in the tests add_header all Relay-Countries _RELAYCOUNTRY_ Somewhat of a basic question, but once I do manage to get that header working, I know I can parse that and make decisions based on it. Are there any pre-written perl routines or utilities that can make that information useful? I find ordinary header and meta rules are all I need: http://pastebin.com/f5e5232d1 Also, I believe I read it adds bayes metadata to the email. Is that just through the additional headers Just the header (whether or not it's displayed).
Re: RelayCountry Config
On Thu, 2009-08-06 at 22:34 +0100, RW wrote: Somewhat of a basic question, but once I do manage to get that header working, I know I can parse that and make decisions based on it. Are there any pre-written perl routines or utilities that can make that information useful? I find ordinary header and meta rules are all I need: http://pastebin.com/f5e5232d1 Also, I believe I read it adds bayes metadata to the email. Is that just through the additional headers Just the header (whether or not it's displayed). Here are the rules I use: http://pastebin.com/m1678caf1 They were posted here on the list quite awhile back by whom I can't remember. -- KeyID 0xE372A7DA98E6705C signature.asc Description: This is a digitally signed message part
Re: RelayCountry Config
Hi, I don't know if it makes a difference, but I call it Relay-Countries to match the name of the pseudo-header used in the tests add_header all Relay-Countries _RELAYCOUNTRY_ It doesn't appear to make a difference. I must be doing something else wrong. Using spamassassin --lint -D 21 | less shows the X-Relay-Countries header, but it's null: # spamassassin --lint -D 21 | egrep -i 'relay|country|countries' [23760] dbg: diag: module installed: IP::Country::Fast, version 604.001 [23760] dbg: config: read file /etc/mail/spamassassin/70_relay_country.cf [23760] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayCountry from @INC [23760] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [23760] dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords [23760] dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords [23760] dbg: metadata: X-Spam-Relays-Trusted: [23760] dbg: metadata: X-Spam-Relays-Untrusted: [23760] dbg: metadata: X-Spam-Relays-Internal: [23760] dbg: metadata: X-Spam-Relays-External: [23760] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8fb9698) implements 'extract_metadata', priority 0 [23760] dbg: metadata: X-Relay-Countries: [23760] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x8fb9698) implements 'parsed_metadata', priority 0 [23760] dbg: rules: ran eval rule NO_RELAYS == got hit (1) [23760] dbg: Botnet: no trusted relays [23760] dbg: check: tests=MISSING_DATE,MISSING_HEADERS,MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,RELAYCOUNTRY_LOW I've added your rules in 70_relay_country.cf, and they trigger in the tests=, but the header isn't added. I've added the add_header in init.pre, above the loadplugin line as well as adding it in local.cf when it didn't work in init.pre. I've also checked email that has actually been tagged by these rules, and not just from a -D run, and it's not there either. Thanks again, Alex
Re: RelayCountry Config
MySQL Student wrote: Hi, I don't know if it makes a difference, but I call it Relay-Countries to match the name of the pseudo-header used in the tests add_header all Relay-Countries _RELAYCOUNTRY_ It doesn't appear to make a difference. I must be doing something else wrong. Using spamassassin --lint -D 21 | less shows the X-Relay-Countries header, but it's null: # spamassassin --lint -D 21 | egrep -i 'relay|country|countries' snip [23760] dbg: metadata: X-Spam-Relays-Trusted: [23760] dbg: metadata: X-Spam-Relays-Untrusted: [23760] dbg: metadata: X-Spam-Relays-Internal: [23760] dbg: metadata: X-Spam-Relays-External: snip [23760] dbg: metadata: X-Relay-Countries: The --lint test is *NOT* valid for this. --lint is *ONLY* to verify your config files are parseable. The lint test uses a dummy message that has no Recived: headers in it. This prevents --lint from wasting time doing RBL lookups, etc, which speeds up the lint run. This is valid because --lint is not intended to be a comprehensive test of the system, it's intended to check if your rulefiles are readable. Since the lint dummy mode has no Received: headers, it hasn't been anywhere, so it's been in no countries. Try again with a real message with real headers, and try to remember that --lint is not a general-purpose test.
Re: RelayCountry Config
Hi, [23760] dbg: metadata: X-Relay-Countries: The --lint test is *NOT* valid for this. --lint is *ONLY* to verify your config files are parseable. Yes, thanks, I should have known that, and I think I did. I mentioned in the previous post that I tried it with a real message, and even viewed a number already in quarantine, and the same result. I found this message on nabble: http://www.nabble.com/Question-about-RelayCountry-td18309349.html#a18339974 Same problem, back in'08, with no resolution. I even downgraded to the IP::Fast released in Jan 09, and no difference. Could this be a problem with one of the modules, or is this most likely a configuration issue? What I don't understand is that it knows which country its relayed through, because it prints the rules in the tests= section: X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9 use_bayes=1 tests=BAYES_50, BODY_ENHANCEMENT, BOTNET, FH_HELO_EQ_D_D_D_D, RDNS_NONE, RELAYCOUNTRY_UK, SARE_ADULT2, SARE_RECV_IP_FROMIP3, URIBL_AB_SURBL, URIBL_BLACK, [] Curiously, why doesn't it print them each in a column with description, instead of all together? Thanks, Alex
Re: RelayCountry Config
What I don't understand is that it knows which country its relayed through, because it prints the rules in the tests= section: X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9 use_bayes=1 tests=BAYES_50, BODY_ENHANCEMENT, BOTNET, FH_HELO_EQ_D_D_D_D, RDNS_NONE, RELAYCOUNTRY_UK, SARE_ADULT2, SARE_RECV_IP_FROMIP3, URIBL_AB_SURBL, URIBL_BLACK, [] You are using Amavis. This is not a SA header, but an Amavis header, I believe. Amavis adds its own headers. If you want more SA headers being preserved, go check the Amavis docs. This is also why the plugin works and you do get the per-country rule hits, but don't get the SA Relay-Countries header. Curiously, why doesn't it print them each in a column with description, instead of all together? Cause this is the Status header. The (SA) Report headers would also report the descriptions. Just as above, if you want more or other headers, checking your Amavis conf is what you need. -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: RelayCountry Config
Hi, This is also why the plugin works and you do get the per-country rule hits, but don't get the SA Relay-Countries header. Yes, you are correct. Thanks for the lead and the explanation. Here's a thread that talks about how to add the header for amavisd: http://www.mail-archive.com/amavis-u...@lists.sourceforge.net/msg12416.html I'm not sure it's really necessary after all, though, because the rules work without it, and it still doesn't print the header in quarantined mail. char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}} How did you get line noise from your modem to look so much like perl code? :-) Thanks, Alex
Re: RelayCountry Config
Le jeudi 6 août 2009 21:55:33, Karsten Bräckelmann a écrit : What I don't understand is that it knows which country its relayed through, because it prints the rules in the tests= section: X-Spam-Status: Yes, hits=21.8 tag1=-300.0 tag2=4.9 kill=4.9 use_bayes=1 tests=BAYES_50, BODY_ENHANCEMENT, BOTNET, FH_HELO_EQ_D_D_D_D, RDNS_NONE, RELAYCOUNTRY_UK, SARE_ADULT2, SARE_RECV_IP_FROMIP3, URIBL_AB_SURBL, URIBL_BLACK, [] You are using Amavis. This is not a SA header, but an Amavis header, I believe. Amavis adds its own headers. If you want more SA headers being preserved, go check the Amavis docs. This is also why the plugin works and you do get the per-country rule hits, but don't get the SA Relay-Countries header. Curiously, why doesn't it print them each in a column with description, instead of all together? Cause this is the Status header. The (SA) Report headers would also report the descriptions. Just as above, if you want more or other headers, checking your Amavis conf is what you need. You should use amavisd debug-sa to review if there is a rule hit
Re: RelayCountry Config
Hi, I find ordinary header and meta rules are all I need: http://pastebin.com/f5e5232d1 Among those rules you have: meta RELAYCOUNTRY_MED ! RELAYCOUNTRY_HIGH ( __RELAYCOUNTRY_AF || __RELAYCOUNTRY_AS || __RELAYCOUNTRY_EU_S || __RELAYCOUNTRY_OC_S || __RELAYCOUNTRY_AM_S ) It's probably hard to read, but doesn't this exclude the US? RELAYCOUNTRY_AM_S are all the Americas except US and CA. If I understand correctly, this says NOT RELAYCOUNTRY_HIGH and all countries except US and CA, which means that RELAYCOUNTRY_MED would trigger on all US and CA relays. Thanks, Alex