Re: some domains in my local.cf file not being tagged
d.h...@yournetplus.com wrote: Quoting Matt Kettler mkettler...@verizon.net: Mark Mahabir wrote: 2009/9/3 Matt Kettler mkettler...@verizon.net: Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? They're definitely *...@domain.com in the From: header. Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)? No, they don't (the ones that don't get tagged). Thanks, Mark Interesting, then one of the following is the cause: 1) there's errors in your config, and SA isn't parsing local.cf at all. To check for this, run spamassassin --lint. It should run quietly, if it complains, find and fix the offending lines. 2) You're editing a local.cf in the wrong path. Check what the site rules dir is near the top of the debug output when you run spamassassin -D --lint. 3) the offending message has multiple From: headers, and SA is interpreting the other one. You can try looking at the raw message source for this. 4) The configuration being used at delivery time is over-riding the one used at the command line. You can try pumping the message as a file through spamassassin on the command line and see what it comes up with. If it matches USER_IN_BLACKLIST on the command-line, but fails to match at delivery, something is fishy about your integration and how it configures SA. Or, does order of comparison matter. From the documentation, blacklist_from states to see whitelist_from. whitelist_from states: The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From If taken in that order, the From header field would be compared last. It will check *ALL* of the from like headers, and it will fire if *ANY* of them match. So that's not the problem.
Re: some domains in my local.cf file not being tagged
2009/9/3 Matt Kettler mkettler...@verizon.net: Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? They're definitely *...@domain.com in the From: header. Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)? No, they don't (the ones that don't get tagged). Thanks, Mark
Re: some domains in my local.cf file not being tagged
Mark Mahabir wrote: 2009/9/3 Matt Kettler mkettler...@verizon.net: Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? They're definitely *...@domain.com in the From: header. Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)? No, they don't (the ones that don't get tagged). Thanks, Mark Interesting, then one of the following is the cause: 1) there's errors in your config, and SA isn't parsing local.cf at all. To check for this, run spamassassin --lint. It should run quietly, if it complains, find and fix the offending lines. 2) You're editing a local.cf in the wrong path. Check what the site rules dir is near the top of the debug output when you run spamassassin -D --lint. 3) the offending message has multiple From: headers, and SA is interpreting the other one. You can try looking at the raw message source for this. 4) The configuration being used at delivery time is over-riding the one used at the command line. You can try pumping the message as a file through spamassassin on the command line and see what it comes up with. If it matches USER_IN_BLACKLIST on the command-line, but fails to match at delivery, something is fishy about your integration and how it configures SA.
Re: some domains in my local.cf file not being tagged
Interesting, then one of the following is the cause: 0) You didn't restart the daemon after changing its config. 1) there's errors in your config, and SA isn't parsing local.cf at all. To check for this, run spamassassin --lint. It should run quietly, if it complains, find and fix the offending lines. Ahem. Always do run a lint check after any changes. Hope we can rule this one out. 2) You're editing a local.cf in the wrong path. Check what the site rules dir is near the top of the debug output when you run spamassassin -D --lint. 3) the offending message has multiple From: headers, and SA is interpreting the other one. You can try looking at the raw message source for this. 4) The configuration being used at delivery time is over-riding the one used at the command line. You can try pumping the message as a file through spamassassin on the command line and see what it comes up with. If it matches USER_IN_BLACKLIST on the command-line, but fails to match at delivery, something is fishy about your integration and how it configures SA. -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: some domains in my local.cf file not being tagged
Quoting Matt Kettler mkettler...@verizon.net: Mark Mahabir wrote: 2009/9/3 Matt Kettler mkettler...@verizon.net: Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? They're definitely *...@domain.com in the From: header. Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)? No, they don't (the ones that don't get tagged). Thanks, Mark Interesting, then one of the following is the cause: 1) there's errors in your config, and SA isn't parsing local.cf at all. To check for this, run spamassassin --lint. It should run quietly, if it complains, find and fix the offending lines. 2) You're editing a local.cf in the wrong path. Check what the site rules dir is near the top of the debug output when you run spamassassin -D --lint. 3) the offending message has multiple From: headers, and SA is interpreting the other one. You can try looking at the raw message source for this. 4) The configuration being used at delivery time is over-riding the one used at the command line. You can try pumping the message as a file through spamassassin on the command line and see what it comes up with. If it matches USER_IN_BLACKLIST on the command-line, but fails to match at delivery, something is fishy about your integration and how it configures SA. Or, does order of comparison matter. From the documentation, blacklist_from states to see whitelist_from. whitelist_from states: The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From If taken in that order, the From header field would be compared last.
Re: some domains in my local.cf file not being tagged
On 3-Sep-2009, at 20:49, d.h...@yournetplus.com wrote: The headers checked for whitelist addresses are as follows: if Resent-From is set, use that; otherwise check all addresses taken from the following set of headers: Envelope-Sender Resent-Sender X-Envelope-From From If taken in that order, the From header field would be compared last. Please reread. If there is a resent-from header then that is used; if there is not, then *ALL* the address from the other headers. -- BILL: I can't get behind the Gods, who are more vengeful, angry, an dangerous if you don't believe in them! HENRY: Why can't all these God just get along? I mean, they're omni- potent and omnipresent, what's the problem?
some domains in my local.cf file not being tagged
Hi, I have a large number of domains I've blacklisted in my local.cf file e.g. blacklist_from *...@domain.com however spam from some domains gets tagged, whereas others don't. What can I do to improve the situation? Thanks Mark
Re: some domains in my local.cf file not being tagged
Mark Mahabir wrote: Hi, I have a large number of domains I've blacklisted in my local.cf file e.g. blacklist_from *...@domain.com however spam from some domains gets tagged, whereas others don't. What can I do to improve the situation? Thanks Mark Does the From: header of these messages match *...@domain.com, or are they *...@something.somedomain.com (which wouldn't match)? Does the X-Spam-Status header show that a blacklist matched (USER_IN_BLACKLIST)?