Re: Quick spamass-milter question
Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. works like designed dont use spamass-milter for outbound ( or go the long way configure spamassassin stuff to get it work ), alternative use clamav-milter with sanesecurity antipishing sigs The domains in question *do* have SPF records. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Quick spamass-milter question
Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. The domains in question *do* have SPF records. -- Why can't you be in a good mood? How hard is it to decide to be in a good mood and be in a good mood once in a while?
Re: Quick spamass-milter question
Am 15.02.2015 um 12:20 schrieb Reindl Harald: that's why we don't mix inbound and autobound mail * SA is running on the MX * mail is filtered and clean mail relayed over 100027 to the final server * final server has -o receive_override_options=no_milters in master.cf * the bayes is rsynced from the learning machine which is not recommended in general but works in our case because the large amount of HAM including outgoing and internal mail so the final destination which is also the submission server don't scan a second time and MOST IMORTANT there are a ton of rules which needs to be disabled on a submission server, SPF is your smallest problem, DNSBL like PBL or DUL (sorbs) are in short: a submission server needs a complete different SA config attached a local.cf from the submission server tuned for a milter-reject of 8.0 points and at the bottom are a lot of meta rules disabled or scores overwritten (parts of the scores are shared with the MX) over the last 3 months one false positive and two succesful dictionary attacks killed (the spammer did not realize he had the correct password and was rejected because the mail-body and continued the dictionary attack) [root@buildserver:~]$ cat spamd-local.conf # score to flag messages (just a high-score warning outbound) required_hits 7.8 # bayes-configuration, no automatic learning please use_learner 1 use_bayes 1 use_bayes_rules 1 bayes_use_hapaxes 1 bayes_expiry_max_db_size 250 bayes_auto_expire 0 bayes_auto_learn 0 bayes_learn_during_report 0 # skip only DNSBL checks on submission servers skip_rbl_checks 1 # keep URIBL checks on submission servers skip_uribl_checks 0 # adjust bayes scores to our block level of 8.0 # max bayes-only score 7.0 to avoid false positives ifplugin Mail::SpamAssassin::Plugin::Bayes score BAYES_00 -3.5 score BAYES_05 -1.0 score BAYES_20 -0.5 score BAYES_40 -0.2 score BAYES_50 2.5 score BAYES_60 3.5 score BAYES_80 4.5 score BAYES_95 5.5 score BAYES_99 6.5 score BAYES_999 0.5 endif # adjust wrong date scores to our block level of 8.0 score DATE_IN_PAST_03_06 2.5 score DATE_IN_PAST_06_12 2.5 score DATE_IN_PAST_12_24 2.0 score DATE_IN_PAST_24_48 2.5 score DATE_IN_PAST_96_XX 4.5 score DATE_IN_FUTURE_12_24 4.0 score DATE_IN_FUTURE_03_06 3.5 score DATE_IN_FUTURE_48_96 3.0 score DATE_IN_FUTURE_24_48 2.5 score DATE_IN_FUTURE_06_12 2.0 score INVALID_DATE_TZ_ABSURD 0.8 # adjust uri-blacklist scores score URIBL_AB_SURBL 5.5 score URIBL_JP_SURBL 5.5 score URIBL_MW_SURBL 5.5 score URIBL_WS_SURBL 4.5 score URIBL_SC_SURBL 1.5 score URIBL_SBL 1.0 score URIBL_SBL_A 1.2 score URIBL_DBL_SPAM 3.0 score URIBL_DBL_BOTNETCC 3.0 score URIBL_DBL_PHISH 3.5 score URIBL_DBL_MALWARE 3.5 score URIBL_DBL_ABUSE_SPAM 2.5 score URIBL_DBL_ABUSE_BOTCC 2.5 score URIBL_DBL_ABUSE_PHISH 4.5 score URIBL_DBL_ABUSE_MALW 4.5 score URIBL_BLACK 7.0 score URIBL_GREY 0.5 score URIBL_RED 0.5 score URIBL_DBL_REDIR 0.1 score URIBL_DBL_ABUSE_REDIR 0.3 score URIBL_BLOCKED 0 score URIBL_DBL_ERROR 0 score URI_PHISH 3.5 score URI_TRY_3LD 0.5 score URI_WP_HACKED 3.5 # adjust misc scores score AC_BR_BONANZA 0.1 score AC_DIV_BONANZA 0.1 score ACT_NOW_CAPS 3.0 score ADVANCE_FEE_2_NEW_FORM 2.0 score ADVANCE_FEE_2_NEW_FRM_MNY 2.0 score ADVANCE_FEE_2_NEW_MONEY 2.0 score ADVANCE_FEE_3_NEW 2.5 score ADVANCE_FEE_3_NEW_FORM 2.0 score ADVANCE_FEE_3_NEW_FRM_MNY 2.0 score ADVANCE_FEE_3_NEW_MONEY 3.5 score ADVANCE_FEE_4_NEW 0.5 score ADVANCE_FEE_4_NEW_FORM 1.5 score ADVANCE_FEE_4_NEW_FRM_MNY 1.0 score ADVANCE_FEE_4_NEW_MONEY 3.5 score ADVANCE_FEE_5_NEW 0.5 score ADVANCE_FEE_5_NEW_FORM 2.5 score ADVANCE_FEE_5_NEW_FRM_MNY 3.0 score ADVANCE_FEE_5_NEW_MONEY 2.0 score AXB_HELO_HOME_UN 1.5 score AXB_RBDY_TENANDTEN 4.5 score AXB_RCVD_NS1GOO 3.0 score AXB_URI_CDGB 1.5 score AXB_X_AOL_SEZ_S 3.5 score AXB_XMAILER_MIMEOLE_OL_024C2 0.5 score AXB_XMAILER_MIMEOLE_OL_1ECD5 2.5 score AXB_XM_FORGED_OL2600 0.5 score BAD_CREDIT 2.5 score BILLION_DOLLARS 2.5 score BODY_EMPTY 3.5 score BODY_URI_ONLY 3.0 score CK_HELO_DYNAMIC_SPLIT_IP 1.5 score CK_HELO_GENERIC 0.8 score CUM_SHOT 1.0 score DC_GIF_UNO_LARGO 0.5 score DC_IMAGE_SPAM_TEXT 0.5 score DC_PNG_UNO_LARGO 0.5 score DEAR_BENEFICIARY 3.5 score DEAR_FRIEND 3.0 score DEAR_SOMETHING 2.0 score DEAR_WINNER 3.5 score DRUG_ED_CAPS 2.5 score DRUG_ED_GENERIC 0.5 score DRUG_ED_ONLINE 1.5 score DRUG_ED_SILD 2.5 score DRUGS_ANXIETY 2.5 score DRUGS_ANXIETY_EREC 0.5 score DRUGS_ANXIETY_OBFU 0.5 score DRUGS_DIET 2.0 score DRUGS_ERECTILE 2.5 score DRUGS_ERECTILE_OBFU 3.5 score DRUGS_MANYKINDS 2.5 score DRUGS_MUSCLE 2.5 score DRUGS_SLEEP_EREC 0.5 score EMPTY_MESSAGE 3.0 score ENGLISH_UCE_SUBJECT 2.0 score EXCUSE_REMOVE 3.5 score FBI_MONEY 2.5 score FBI_SPOOF 2.0 score FILL_THIS_FORM 0.1 score FILL_THIS_FORM_FRAUD_PHISH 1.5 score FILL_THIS_FORM_LOAN 3.5 score FILL_THIS_FORM_LONG 3.5 score FIN_FREE 3.0 score FORGED_HOTMAIL_RCVD2 2.5 score FORGED_MSGID_YAHOO 2.5 score FORGED_MUA_EUDORA 2.5 score FORGED_MUA_IMS 2.5 score FORGED_MUA_MOZILLA 2.5 score
Re: Quick spamass-milter question
Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. The domains in question *do* have SPF records that's why we don't mix inbound and autobound mail * SA is running on the MX * mail is filtered and clean mail relayed over 100027 to the final server * final server has -o receive_override_options=no_milters in master.cf * the bayes is rsynced from the learning machine which is not recommended in general but works in our case because the large amount of HAM including outgoing and internal mail so the final destination which is also the submission server don't scan a second time and MOST IMORTANT there are a ton of rules which needs to be disabled on a submission server, SPF is your smallest problem, DNSBL like PBL or DUL (sorbs) are in short: a submission server needs a complete different SA config signature.asc Description: OpenPGP digital signature
Re: Amazon phishing spam
On 2/14/15 5:13 PM, LuKreme krem...@kreme.com wrote: Also, I do not delete received mail, regardless of how spammy it is (well, I do if it¹s *my* mail and the spam score is over 10). It all gets delivered to the user where they are able to scan the Junk folder and recover any messages that were mistagged. snip I will probably do something akin to what you did, with smaller numbers (like +5 and -10). Your server, your rules, but I'd advise against this approach. The whole *point* of phishing is that users *aren't* able to easily distinguish between legit and forged bank emails; putting the phish in the junk folder just gives them an easy opportunity to make mistakes. I have Exim set to reject mail on an SA score of 10+ and it's been years since I had a FP score 10+. (I quarantine SA scores of 5.0-9.9 and those average 2-3 FP a week.) -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: Retraining Spamassassin and the Dovecot antispam plugin
On Fri, 13 Feb 2015 20:51:07 -0500 David Mehler wrote: Hello, I've got an email setup which includes Postfix as MTA, Amavisd-new as content filter, Spamassassin for antispam work, Dovecot for Imap services, all of which with the exception of Amavisd use a Mysql database. Mail delivery, virtual users, and Dovecot with Sieve for moving spam in to a dedicated user-specific spam folder, all work fine. What does not work is Spamassassin retraining on a false positive or negative, I'm using the Dovecot antispam plugin. I'm very frustrated as I've googled this and asked on the Dovecot and other lists, and am getting nowhere. It you post what what you've tried, someone may be able to put you right. I don't use the plugin myself, I don't think it's well suited to spamassassin. It's also questionable whether users should be able to train a global database directly. You've not mentioned how you established it's not working. What i'd like to happen is moving a message into or out of a user's dedicated Spam folder will retrain SA indicating it's either a false positive or negative The problem with this is that you are training on error based on the SA overall result, not the Bayes result. This results in Bayes adapting needlessly slowly to spam, and often nowhere near enough ham being learned. Bayes doesn't even turn-on until it's been trained with 200 spams and 200 hams. Personally I wouldn't expect 200 FPs in a lifetime (let alone the thousands that are needed for a mature database). Even on a global database it may take a while for Bayes to turn-on without some additional training. You can supplement it with autotraining, but you become much more reliant on users retraining misclassifications. Doing some extra manual training is better. and also in the case of a false positive or negative modify the subject line of the message to either add or remove the **spam** addon. If you're filing spam into a separate IMAP folder, do you need to rewrite the subject in the first place? It doesn't seem to do anything useful and it probably makes spotting FPs harder.
Re: Amazon phishing spam
On 15. feb. 2015 11.52.10 LuKreme krem...@kreme.com wrote: score blacklist_from 5.0 score whitelist_auth -10.0 nope, the above does not even lint try for debug only whitelist_auth *@*.* blacklist_from *@*.* then test a copple of mails what hits when its complitated since its your mails, and every one have there own rules, but the above gives help to know what it does score syntax is shown in 50_scores.cf note: score foo 1 1 1 1 is hard scoreing, while score foo (1) (1) (1) (1) is dynamic, eg it will be evaluated with current spamassassin score
Re: DKIM dependency issues
Hi, Could this somehow be related to the SVN spamassassin? Ideas greatly appreciated. check *.pre files or install mail-dkim in feodore, possible make a bug in feodore if not working, was mail-dkim not suggest rpm package when instaling ? possible test spamassassin 21 -D --lint | less see if more rpm modules are missing, if so report to rpm maintainer this is not a upstream bug lint shows no errors. It also appears to not use DKIM or SPF because it isn't a real message, however: Feb 15 18:51:50.500 [22703] dbg: spf: cannot get Envelope-From, cannot use SPF It does load them during lint however: Feb 15 18:51:22.935 [22703] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Feb 15 18:51:22.935 [22703] dbg: diag: [...] module installed: Mail::DKIM, version 0.4 I've done a little more testing, and it certainly sounds like a local configuration issue, but it only happens on mbox files. The ones I've tested have only one message. I've now built the latest from svn and using it for testing here. Tests on a few other mbox messages have produced similar errors for SPF as well as DKIM. # spamassassin -t --mbox -D mymbox 21 | less Feb 15 18:44:41.340 [16434] dbg: spf: checking to see if the message has a Received-SPF header that we can use Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF module or create Mail::SPF::Server object: Insecure dependency in require while running with -T switch at /usr/share/perl5/vendor_perl/Mail/SPF/Server.pm line 28. Feb 15 18:44:41.383 [16434] dbg: spf: [...] BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Mail/SPF/Server.pm line 28. Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SPF.pm line 29. Feb 15 18:44:41.383 [16434] dbg: spf: [...] BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Mail/SPF.pm line 29. Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm line 500. Feb 15 18:44:41.383 [16434] dbg: spf: attempting to use legacy Mail::SPF::Query module instead Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF::Query module: Can't locate Mail/SPF/Query.pm in @INC (you may need to install the Mail::SPF::Query module) (@INC contains: lib /usr/share/perl5/vendor_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm line 528. Feb 15 18:44:41.383 [16434] dbg: spf: one of Mail::SPF or Mail::SPF::Query is required for SPF checks, SPF checks disabled However, if I run it on a non-mbox message, it invariably passes without any problems loading SPF and DKIM support. Feb 15 18:54:55.121 [22868] dbg: spf: checking to see if the message has a Received-SPF header that we can use Feb 15 18:54:55.175 [22868] dbg: spf: using Mail::SPF for SPF checks Feb 15 18:54:55.176 [22868] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks Feb 15 18:54:55.224 [22868] dbg: rules: ran eval rule SPF_HELO_PASS == got hit (1) Feb 15 18:54:54.923 [22868] dbg: rules: ran header rule __DKIM_EXISTS == got hit: YES Feb 15 18:54:54.923 [22868] dbg: rules: ran header rule __HAS_DKIM_SIGHD == got hit: YES Feb 15 18:54:55.090 [22868] dbg: dkim: using Mail::DKIM version 0.4 Feb 15 18:54:55.113 [22868] dbg: dkim: VALID DKIM, i=@sendreceivenow.com, d=sendreceivenow.com, s=lm2, a=rsa-sha256, c=relaxed/relaxed, key_bits=1024, pass Thanks, Alex
Re: Quick spamass-milter question
On 15 Feb 2015, at 04:29 , Reindl Harald h.rei...@thelounge.net wrote: attached a local.cf from the submission server I just have the one server handling submission and outbound mail. # postconf -n | grep milter milter_default_action = accept smtpd_milters = unix:/var/run/spamass-milter.sock # grep milter /etc/rc.conf spamass_milter_socket_owner=spamd spamass_milter_socket_group=mail spamass_milter_socket_mode=664 spamass_milter_enable=Yes spamass_milter_localflags=-r 9 -u spamd -e covisp.net -- -s 5242880” # grep -i milter mail.covisp.net.mc INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m') -- He'd never felt really at home with swords, but a cleaver was a different matter. A cleaver had weight. It had purpose. A sword might have a certain nobility about it, unless it was the one belonging for example to Nobby, which relied on rust to hold it together, but what a cleaver had was a tremendous ability to cut things up.
Re: Quick spamass-milter question
Am 15.02.2015 um 20:00 schrieb LuKreme: On 15 Feb 2015, at 11:44 , Reindl Harald h.rei...@thelounge.net wrote: by set -o receive_override_options=no_milter for your submission service in “master.cf I tried that already. mail submit-tls/smtpd[46597]: fatal: unknown receive_override_options value no_milter in no_milter submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_path=private/auth -o receive_override_options=no_milter -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o syslog_name=submit-tls sorry - copypaste error no_milterS http://www.postfix.org/postconf.5.html#receive_override_options signature.asc Description: OpenPGP digital signature
Re: Quick spamass-milter question
On 15 Feb 2015, at 04:01 , Robert Schetterer r...@sys4.de wrote: Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. works like designed dont use spamass-milter for outbound OK, but it seems to be setup to do that “out of the box” so to speak. How do i set it to only scan the incoming mail? -- Some books are undeservedly forgotten; none are undeservedly remembered
Re: Quick spamass-milter question
On 15 Feb 2015, at 11:44 , Reindl Harald h.rei...@thelounge.net wrote: by set -o receive_override_options=no_milter for your submission service in “master.cf I tried that already. mail submit-tls/smtpd[46597]: fatal: unknown receive_override_options value no_milter in no_milter submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_path=private/auth -o receive_override_options=no_milter -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o smtpd_helo_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o syslog_name=submit-tls -- The fact that Bob and John are married does nothing to diminish anyone else's marriage any more than a black woman marrying a white man, a Jew marrying a Catholic, or an ugly Lyle marrying a Pretty Woman
Re: Quick spamass-milter question
On 15 Feb 2015, at 12:05 , Reindl Harald h.rei...@thelounge.net wrote: Am 15.02.2015 um 20:00 schrieb LuKreme: -o receive_override_options=no_milter sorry - copypaste error no_milterS Funny we were both making the same typo at the same time… Sigh. Thanks, sorted now. Yay. http://www.postfix.org/postconf.5.html#receive_override_options Yep, that’s where I’d been and was about to report the failure when I saw your message. “I typed it right, right? Yep, same in master.cf as what Reindl typed.” -- If a pig loses its voice, is it disgruntled?
Re: Quick spamass-milter question
Am 15.02.2015 um 19:35 schrieb LuKreme: On 15 Feb 2015, at 04:01 , Robert Schetterer r...@sys4.de wrote: Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. works like designed dont use spamass-milter for outbound OK, but it seems to be setup to do that “out of the box” so to speak. How do i set it to only scan the incoming mail? by set -o receive_override_options=no_milter for your submission service in master.cf signature.asc Description: OpenPGP digital signature
Re: Amazon phishing spam
On 12 Feb 2015, at 17:58 , Dave Pooser dave...@pooserville.com wrote: Also, I score blacklist_from at 80 points so an address that's both blacklisted and whitelisted will be effectively whitelisted, thanks to a net -20 score. Quick stupid question: Is this the right syntax in local.cf to change the scores for blacklist_from and whitelist_auth: score blacklist_from 5.0 score whitelist_auth -10.0 -- Turning and turning in the widening gyre The falcon cannot hear the falconer;
Re: DKIM dependency issues
On 15. feb. 2015 23.24.14 Alex Regan mysqlstud...@gmail.com wrote: Could this somehow be related to the SVN spamassassin? Ideas greatly appreciated. check *.pre files or install mail-dkim in feodore, possible make a bug in feodore if not working, was mail-dkim not suggest rpm package when instaling ? possible test spamassassin 21 -D --lint | less see if more rpm modules are missing, if so report to rpm maintainer this is not a upstream bug
Re: Quick spamass-milter question
Am 15.02.2015 um 19:35 schrieb LuKreme: On 15 Feb 2015, at 04:01 , Robert Schetterer r...@sys4.de wrote: Am 15.02.2015 um 01:29 schrieb LuKreme: Spamass-milter is (as designed, I’m sure) checking outbound mail. When it does this, SPF checks fail and a lot of outbound mail is getting scored as spam because of it. works like designed dont use spamass-milter for outbound OK, but it seems to be setup to do that “out of the box” so to speak. How do i set it to only scan the incoming mail? man spamass-milter -I Ignores messages if the sender has authenticated via SMTP AUTH is a good starting point but simply dont use it at submission i.e with postfix master.cf submission inet n - n - - smtpd -o syslog_name=postfix/submission ... -o smtpd_milters=unix:/var/run/clamav/clamav-milter.ctl -o non_smtpd_milters=unix:/var/run/clamav/clamav-milter.ctl -o milter_macro_daemon_name=ORIGINATING ... main.cf smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl, inet:localhost:8891, inet:localhost:12345, unix:/var/spool/postfix/spamass/spamass.sock non_smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl, inet:localhost:8891, inet:localhost:12345, unix:/var/spool/postfix/spamass/spamass.sock in general dont use permit_sasl_authenticated in smtpd ( port 25 ) only allow deliver in with sasl auth at submission port 587 as recommended in a setup with postscreen http://www.postfix.org/POSTSCREEN_README.html ... postscreen(8) should not be used on SMTP ports that receive mail from end-user clients (MUAs). In a typical deployment, postscreen(8) handles the MX service on TCP port 25, while MUA clients submit mail via the submission service on TCP port 587 which requires client authentication. ... Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Amazon phishing spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15-02-15 01:24, LuKreme wrote: On 12 Feb 2015, at 17:58 , Dave Pooser dave...@pooserville.com wrote: Also, I score blacklist_from at 80 points so an address that's both blacklisted and whitelisted will be effectively whitelisted, thanks to a net -20 score. Quick stupid question: Is this the right syntax in local.cf to change the scores for blacklist_from and whitelist_auth: score blacklist_from 5.0 score whitelist_auth -10.0 You need to use the rule name that is triggered by (black|white)list_from. For whitelists I have USER_IN_WHITELIST in my logs. No blacklist entries here, so grep your own logs or headers. Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJU4Q/oAAoJEJPfMZ19VO/1duYP/0dvfCGym4EKenWGNnD+7ry9 5M0OEp/b21xKZKc7bDMhP0mKWCEy8XM2jWP8IdDV8E2pgkkQ2ml0ClSX5uh02BVn I73Rt9a8GE940VVq6ZMo7WEdaIS+H4xgpOi+E4ytHy11z+XI/1dqOjvKqdCgeVSr WIupJ0EPbhyytm13LHLas64ntPR4Ouk2OxZO+9mf/ZjfyuNa5TdlaH/Sm10M19W2 MJ7tu64juyq7xIe9CObiFh6kQlqnZp/LaSkWZxsdjEc1Di2NaP9cHE2vIAxJT4Wh jJpsLEEwmkO9W463jayT9fprIVqr5uSV5D1v2b0ULlTKHedB5wtOxtj5C5zAbq/Y WgJ6TTfWbM8N+Unga8IbWsHaxhIaTO3s3hx59XY/lX9vTFfITWyvl96KLeGzhQ52 ealBlWFuI3fjQMoAGgIG0eBGE0vA0ySSMaq//er4DJqbmHSoJuuqbg7HENPiSwbN ns0BQJl6ujW3a6PjW6aRBJ6SO9sU93PeFQuYtQLoX4TI5io1Qc0mzZcWdklUXPRu rpZWjWMeSyJxPxbBilJYKY2iJsUL6GfoVGzDlgI7iqc0z89tIFdkjZVwGf18pUEI uk9xuLk3JhomDa11vlmYG1LQOsMBnQASWs1HRhgLJg3nQD2NvHoTSmZUQbyhEy9w a/IT69HEve1kTEbKpKIg =k/QI -END PGP SIGNATURE-
DKIM dependency issues
Hi, I'm using a version of spamassassin from svn about a week ago on fedora20, and just noticed a problem with my DKIM configuration: Feb 15 17:04:07.045 [989] dbg: dkim: cannot load Mail::DKIM module, DKIM checks disabled: Insecure dependency in require while running with -T switch at /usr/share/perl5/vendor_perl/Mail/DKIM/Verifier.pm line 10. Feb 15 17:04:07.045 [989] dbg: dkim: [...] BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/M ail/DKIM/Verifier.pm line 10. Feb 15 17:04:07.045 [989] dbg: dkim: [...] Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/ SpamAssassin/Plugin/DKIM.pm line 648. perl-Mail-DKIM-0.40-3 is installed and loaded: Feb 15 17:03:41.159 [989] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC Could this somehow be related to the SVN spamassassin? Ideas greatly appreciated. Thanks, Alex
Re: DKIM dependency issues
On 16. feb. 2015 00.59.42 Alex Regan mysqlstud...@gmail.com wrote: Hi, Could this somehow be related to the SVN spamassassin? Ideas greatly appreciated. check *.pre files or install mail-dkim in feodore, possible make a bug in feodore if not working, was mail-dkim not suggest rpm package when instaling ? possible test spamassassin 21 -D --lint | less see if more rpm modules are missing, if so report to rpm maintainer this is not a upstream bug lint shows no errors. It also appears to not use DKIM or SPF because it isn't a real message, however: Feb 15 18:51:50.500 [22703] dbg: spf: cannot get Envelope-From, cannot use SPF set envelope_sender_header in local.cf to what your mta uses for postfix its Return-Path It does load them during lint however: Feb 15 18:51:22.935 [22703] dbg: diag: [...] module installed: Mail::SPF, version v2.009 Feb 15 18:51:22.935 [22703] dbg: diag: [...] module installed: Mail::DKIM, version 0.4 seems ok I've done a little more testing, and it certainly sounds like a local configuration issue, but it only happens on mbox files. The ones I've tested have only one message. imho unrelated I've now built the latest from svn and using it for testing here. okay as long you only have one installed, and make sure all deps are fine Tests on a few other mbox messages have produced similar errors for SPF as well as DKIM. you have spf configured to use Recieved-SPF # spamassassin -t --mbox -D mymbox 21 | less Feb 15 18:44:41.340 [16434] dbg: spf: checking to see if the message has a Received-SPF header that we can use Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF module or create Mail::SPF::Server object: Insecure dependency in require while running with -T switch at /usr/share/perl5/vendor_perl/Mail/SPF/Server.pm line 28. Feb 15 18:44:41.383 [16434] dbg: spf: [...] BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Mail/SPF/Server.pm line 28. Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SPF.pm line 29. Feb 15 18:44:41.383 [16434] dbg: spf: [...] BEGIN failed--compilation aborted at /usr/share/perl5/vendor_perl/Mail/SPF.pm line 29. Feb 15 18:44:41.383 [16434] dbg: spf: [...] Compilation failed in require at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm line 500. Feb 15 18:44:41.383 [16434] dbg: spf: attempting to use legacy Mail::SPF::Query module instead Feb 15 18:44:41.383 [16434] dbg: spf: cannot load Mail::SPF::Query module: Can't locate Mail/SPF/Query.pm in @INC (you may need to install the Mail::SPF::Query module) (@INC contains: lib /usr/share/perl5/vendor_perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /usr/share/perl5/vendor_perl/Mail/SpamAssassin/Plugin/SPF.pm line 528. Feb 15 18:44:41.383 [16434] dbg: spf: one of Mail::SPF or Mail::SPF::Query is required for SPF checks, SPF checks disabled try remove mail-spf, and install mail-spf-query, report the above upstream in fedora if it happend with spamassassin with rpm install However, if I run it on a non-mbox message, it invariably passes without any problems loading SPF and DKIM support. irelevant Feb 15 18:54:55.121 [22868] dbg: spf: checking to see if the message has a Received-SPF header that we can use Feb 15 18:54:55.175 [22868] dbg: spf: using Mail::SPF for SPF checks Feb 15 18:54:55.176 [22868] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks see this is a plugin configure to reuse that header, so here sa does not do it self Feb 15 18:54:55.224 [22868] dbg: rules: ran eval rule SPF_HELO_PASS == got hit (1) Feb 15 18:54:54.923 [22868] dbg: rules: ran header rule __DKIM_EXISTS == got hit: YES Feb 15 18:54:54.923 [22868] dbg: rules: ran header rule __HAS_DKIM_SIGHD == got hit: YES Feb 15 18:54:55.090 [22868] dbg: dkim: using Mail::DKIM version 0.4 Feb 15 18:54:55.113 [22868] dbg: dkim: VALID DKIM, i=@sendreceivenow.com, d=sendreceivenow.com, s=lm2, a=rsa-sha256, c=relaxed/relaxed, key_bits=1024, pass Thanks, Alex more then one issue to resolve :)
