Re: PYZOR_CHECK always have zero score, why?
On Wed, 19 Oct 2016, Bill Cole wrote: This is a print Dumper of permsgstatus with a grep -i PYZOR: [snip] Hmmm... Relevant context of those lines is lost with grep, but they confirm something odd is going on. Perhaps dump the entire thing to a text file and post it (gzipped if large) to pastebin? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- A well educated Electorate, being necessary to the liberty of a free State, the Right of the People to Keep and Read Books, shall not be infringed. --- 302 days since the first successful real return to launch site (SpaceX)
Re: PYZOR_CHECK always have zero score, why?
>Hmmm... Relevant context of those lines is lost with grep, but they >confirm something odd is going on. Bill, your remark is welcome, what lines/info should i pay attention to or event post here? Pedro
Re: PYZOR_CHECK always have zero score, why?
Thanks in any case Bill... Really appreciate all your help and time... Bill, John, Matus... Pedro From: Bill ColeTo: "users@spamassassin.apache.org" Cc: Pedro David Marco Sent: Thursday, October 20, 2016 5:03 AM Subject: Re: PYZOR_CHECK always have zero score, why? On 19 Oct 2016, at 22:41, Pedro David Marco wrote: > Thanks Bill... I wish it had been more helpful. > tested... >> 1. Add to local.cf, along with the other PYZOR_CHECK_2 lines you >> had:>> tflags PYZOR_CHECK_2 net>>Does that change whether the >> rule is hit?>>>2. Change the PYZOR_CHECK score line in 50_scores.cf >> to:>> score PYZOR_CHECK 0.001 1.985 0.001 1.392>>Does that quiet >> the warning about the meta rule?If Test #1 makes PYZOR_CHECK_2 >> NOT match a message that matched without >it, then something is >> disabling 'net' rules and you need to find and >correct whatever is >> doing that if you want SA to work well. > PYZOR_CHECK_2 works well when tflag net is set... >> If Test #2 silences the warning, you've found what is PROBABLY a >> minor >cosmetic bug in SpamAssassin but MAY be a substantive one if >> it means >that meta rule is being skipped as a result of having >> detected the wrong >score in that line. Opening a bug report >> at >https://bz.apache.org/SpamAssassin/ would be helpful. > warning still present... :-( Color me entirely mystified. > This is a print Dumper of permsgstatus with a grep -i PYZOR: [snip] Hmmm... Relevant context of those lines is lost with grep, but they confirm something odd is going on. > so still wondering about the Dumper line: 'PYZOR_CHECK' => > '0', That is strange, but it's not clear which hash that is from. > i have even performed a ext4 fs deep check to discard any drive > corruption issue I'm all out of ideas grounded in sanity.
Re: PYZOR_CHECK always have zero score, why?
On 19 Oct 2016, at 22:41, Pedro David Marco wrote: Thanks Bill... I wish it had been more helpful. tested... 1. Add to local.cf, along with the other PYZOR_CHECK_2 lines you had:>> tflags PYZOR_CHECK_2 net>>Does that change whether the rule is hit?>>>2. Change the PYZOR_CHECK score line in 50_scores.cf to:>> score PYZOR_CHECK 0.001 1.985 0.001 1.392>>Does that quiet the warning about the meta rule?If Test #1 makes PYZOR_CHECK_2 NOT match a message that matched without >it, then something is disabling 'net' rules and you need to find and >correct whatever is doing that if you want SA to work well. PYZOR_CHECK_2 works well when tflag net is set... If Test #2 silences the warning, you've found what is PROBABLY a minor >cosmetic bug in SpamAssassin but MAY be a substantive one if it means >that meta rule is being skipped as a result of having detected the wrong >score in that line. Opening a bug report at >https://bz.apache.org/SpamAssassin/ would be helpful. warning still present... :-( Color me entirely mystified. This is a print Dumper of permsgstatus with a grep -i PYZOR: [snip] Hmmm... Relevant context of those lines is lost with grep, but they confirm something odd is going on. so still wondering about the Dumper line: 'PYZOR_CHECK' => '0', That is strange, but it's not clear which hash that is from. i have even performed a ext4 fs deep check to discard any drive corruption issue I'm all out of ideas grounded in sanity.
Re: PYZOR_CHECK always have zero score, why?
Thanks Bill... tested... >1. Add to local.cf, along with the other PYZOR_CHECK_2 lines you had:>> >tflags PYZOR_CHECK_2 net>>Does that change whether the rule is hit?>>>2. >Change the PYZOR_CHECK score line in 50_scores.cf to:>> score PYZOR_CHECK >0.001 1.985 0.001 1.392>>Does that quiet the warning about the meta >rule?If Test #1 makes PYZOR_CHECK_2 NOT match a message that matched >without >it, then something is disabling 'net' rules and you need to find and >>correct whatever is doing that if you want SA to work well. PYZOR_CHECK_2 works well when tflag net is set... >If Test #2 silences the warning, you've found what is PROBABLY a minor >>cosmetic bug in SpamAssassin but MAY be a substantive one if it means >that >meta rule is being skipped as a result of having detected the wrong >score in >that line. Opening a bug report at >https://bz.apache.org/SpamAssassin/ would >be helpful. warning still present... :-( This is a print Dumper of permsgstatus with a grep -i PYZOR: 'pyzor_available' => 1, }, 'Mail::SpamAssassin::Plugin::Pyzor' ), 'PYZOR_CHECK_2' => '2', 'PYZOR_CHECK' => '0', 'PYZOR_CHECK_2' => 'check_pyzor', 'PYZOR_CHECK' => 'check_pyzor', 'PYZOR_CHECK_2' => '/etc/mail/spamassassin/local.cf', 'PYZOR_CHECK' => '/var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf', 'pyzor_timeout' => '3.5', 'Mail::SpamAssassin::Plugin::Pyzor' => 1, 'check_pyzor' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[6], 'updates_spamassassin_org/25_pyzor.cf' => 'updates_spamassassin_org/25_pyzor.cf', 'PYZOR_CHECK' => 'Listed in Pyzor (http://pyzor.sf.net/)', 'PYZOR_CHECK_2' => 'Listed in Pyzor (http://pyzor.sf.net/)' 'pyzor_path' => undef, 'DIGEST_MULTIPLE' => 'RAZOR2_CHECK + DCC_CHECK + PYZOR_CHECKA > 1', 'setting' => 'use_pyzor' 'setting' => 'pyzor_max' 'setting' => 'pyzor_timeout' 'setting' => 'pyzor_options', 'setting' => 'pyzor_path', 'PYZOR_CHECK_2' => 13, 'PYZOR_CHECK' => 13, 'pyzor_options' => '', 'use_pyzor' => 1, 'PYZOR_CHECK_2' => '2', 'PYZOR_CHECK' => '0', 'PYZOR_CHECK_2' => '2', 'PYZOR_CHECK' => '0', 'PYZOR_CHECK_2' => '2', 'PYZOR_CHECK' => '0', 'pyzor_timeout' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[17]{'conf'}{'registered_commands'}[157], 'pyzor_path' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[17]{'conf'}{'registered_commands'}[159], 'pyzor_options' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[17]{'conf'}{'registered_commands'}[158], 'use_pyzor' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[17]{'conf'}{'registered_commands'}[155], 'pyzor_max' => $VAR1->{'async'}{'main'}{'plugins'}{'plugins'}[17]{'conf'}{'registered_commands'}[156], 'pyzor_max' => 5, It seems PYZOR_CHECK is taken from file /var/lib/spamassassin/3.004001/updates_spamassassin_org/25_pyzor.cf that looks like: ifplugin Mail::SpamAssassin::Plugin::Pyzor full PYZOR_CHECK eval:check_pyzor() describe PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) tflags PYZOR_CHECK net reuse PYZOR_CHECK endif and 50_scores.cf looks as suggested by Bill: score PYZOR_CHECK 0.001 1.985 0.001 1.392 so still wondering about the Dumper line: 'PYZOR_CHECK' => '0', i have even performed a ext4 fs deep check to discard any drive corruption issue
RE: Assistance needed
I believe the "take your business elsewhere" comment was referring to your ISP, not to this list. I.e., find an ISP that has a support staff that knows what they're doing. ...Kevin -- Kevin Miller Network/email Administrator, CBJ MIS Dept. 155 South Seward Street Juneau, Alaska 99801 Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357 -Original Message- From: Sue Mey [mailto:s...@storage.co.za] Sent: Tuesday, October 18, 2016 12:47 AM To: users@spamassassin.apache.org Subject: RE: Assistance needed Wow. So sorry I bothered you guys.
ApacheCon is now less than a month away!
Dear Apache Enthusiast, ApacheCon Sevilla is now less than a month out, and we need your help getting the word out. Please tell your colleagues, your friends, and members of related technical communities, about this event. Rates go up November 3rd, so register today! ApacheCon, and Apache Big Data, are the official gatherings of the Apache Software Foundation, and one of the best places in the world to meet other members of your project community, gain deeper knowledge about your favorite Apache projects, learn about the ASF. Your project doesn't live in a vacuum - it's part of a larger family of projects that have a shared set of values, as well as a shared governance model. And many of our project have an overlap in developers, in communities, and in subject matter, making ApacheCon a great place for cross-pollination of ideas and of communities. Some highlights of these events will be: * Many of our board members and project chairs will be present * The lightning talks are a great place to hear, and give, short presentations about what you and other members of the community are working on * The key signing gets you linked into the web of trust, and better able to verify our software releases * Evening receptions and parties where you can meet community members in a less formal setting * The State of the Feather, where you can learn what the ASF has done in the last year, and what's coming next year * BarCampApache, an informal unconference-style event, is another venue for discussing your projects at the ASF We have a great schedule lined up, covering the wide range of ASF projects, including: * CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos - Carlos Sanchez * Inner sourcing 101 - Jim Jagielski * Java Memory Leaks in Modular Environments - Mark Thomas ApacheCon/Apache Big Data will be held in Sevilla, Spain, at the Melia Sevilla, November 14th through 18th. You can find out more at http://apachecon.com/ Other ways to stay up to date with ApacheCon are: * Follow us on Twitter at @apachecon * Join us on IRC, at #apachecon on the Freenode IRC network * Join the apachecon-discuss mailing list by sending email to apachecon-discuss-subscr...@apache.org * Or contact me directly at rbo...@apache.org with questions, comments, or to volunteer to help See you in Sevilla! -- Rich Bowen: VP, Conferences rbo...@apache.org http://apachecon.com/ @apachecon
Re: PYZOR_CHECK always have zero score, why?
On 19 Oct 2016, at 12:16, Pedro David Marco wrote: IIRC I've seen this warning on meta rule dependencies with a non-zero scores. Unless you have a better reason to think Pyzor isn't working, I>'d just ignore it. Well... you are right, in fact i have no problem in ignoring it, but i do not like tohave unresolved issues in something that is going to be in production. ---Pedro. OK, since nothing is re-scoring PYZOR_CHECK to 0 or otherwise acting on it specifically, there are some other possibilities. Try these 2 tests: 1. Add to local.cf, along with the other PYZOR_CHECK_2 lines you had: tflags PYZOR_CHECK_2 net Does that change whether the rule is hit? 2. Change the PYZOR_CHECK score line in 50_scores.cf to: score PYZOR_CHECK 0.001 1.985 0.001 1.392 Does that quiet the warning about the meta rule? If Test #1 makes PYZOR_CHECK_2 NOT match a message that matched without it, then something is disabling 'net' rules and you need to find and correct whatever is doing that if you want SA to work well. If Test #2 silences the warning, you've found what is PROBABLY a minor cosmetic bug in SpamAssassin but MAY be a substantive one if it means that meta rule is being skipped as a result of having detected the wrong score in that line. Opening a bug report at https://bz.apache.org/SpamAssassin/ would be helpful.
Re: How to create a URIBL
Alex wrote: > Hi, > > I've collected a bunch of URIs that I'd like to incorporate into my > rulebase. I know how to create a DNSBL, but I don't specifically know > how to create a URIBL. Can I use rbldnsd for this? Or would I have to > extract the IP or hostname from the URL, then also use a bunch of uri > rules? If so, is there a way of automating this, given a list of URIs? > > For example, I have URIs like: > > http://109.73.134.241/dgq01px > http://51steel1.org/s4b5ztgcx > http://amessofblues1.com/m0dqfx Do you want to use the full URI (including the /dgq01px or /s4b5ztgcx parts), or just the domain names? If you want the full URI, I think you're pretty much stuck collecting them up in a huge list of uri rules, unless you want to write a custom plugin to do a custom DNS lookup. (Not sure some of the new DNS lookup widgets will go quite far enough to support something like this directly.) If you only want the domain name, you can feed those into a local DNSBL. > I'm also then not sure which of uri* rule definition should be used. > I've used urirhsbl before for a local host blocklist, but now after > reading the man page again for the first time in a while, I'm not even > sure that's correct. "uri" rules are standard SA regular expression rules that only look at things that SA has extracted from the message as a URI. The others are DNSBL lookup rules, with a lot of variations on how the lookup should be done, and the results broken down. The Mail::SpamAssassin::Plugin::URIDNSBL man page has all the details, but my experience has been that for local use, you generally only need uridnsbl and/or uridnssub. > I'm also unclear about rbldnsd config for dnset, where hostnames would > be used. Here is my current command-line: Other responses have gone into more detail on this, which I probably tested for myself at one point when I set up local DNS blacklists. I also wrote some basic tools to feed both relay IP and URI domain data into these local lists; I've published them at https://secure.deepnet.cx/trac/dnsbl. Note that these are mainly data-entry/export utilities, and they're a little rough around the edges, but these are substantially what I've been using in production for quite a few years now. -kgd
Re: PYZOR_CHECK always have zero score, why?
>IIRC I've seen this warning on meta rule dependencies with a non-zero >scores. Unless you have a better reason to think Pyzor isn't working, I>'d just ignore it. Well... you are right, in fact i have no problem in ignoring it, but i do not like tohave unresolved issues in something that is going to be in production. ---Pedro.
Re: PYZOR_CHECK always have zero score, why?
On 19.10.16 08:47, Pedro David Marco wrote: Thanks Matus.. you should also check homedir of user spamassassin runs under (e.g. amavis) i already looked for the string PYZOR_CHECK trhougout the full system (homes included) with no luck.. where on hell is it overwriting the local.cf line??? score PYZOR_CHECK 2 and sets score 0? you haven't answered my question, see below. From: Matus UHLAR - fantomasTo: users@spamassassin.apache.org Sent: Wednesday, October 19, 2016 9:42 AM Subject: Re: PYZOR_CHECK always have zero score, why? On 19.10.16 04:28, Pedro David Marco wrote: i already did but still no clues... Files in my Debian SA package (3.4.1) containing the string PYZOR_CHECK: # for i in `dpkg -L spamassassin`; do grep -l PYZOR_CHECK $i 2>/dev/null ; done/usr/share/spamassassin/30_text_fr.cf/usr/share/spamassassin/30_text_pl.cf/usr/share/spamassassin/25_pyzor.cf/usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/30_text_pt_br.cf/usr/share/spamassassin/20_net_tests.cf/usr/share/spamassassin/30_text_nl.cf/usr/share/spamassassin/30_text_de.cf 25_pyzor.cf contains: grep -r PYZOR_CHECK /etc/spamassassin/ you should also check homedir of user spamassassin runs under (e.g. amavis) i have even looked for the string PYZOR_CHECK throughout the full system... and no more files contain that string. how do you run spamassassin? so, how do you run spamassassin? Aren't you by any change only using local tests? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: PYZOR_CHECK always have zero score, why?
On Wed, 19 Oct 2016 03:22:13 + (UTC) Pedro David Marco wrote: > Hi! > > It seems PYZOR_CHECK rule is not being used in my SA Just > installed SA and Pyzor in a Debian and executed "pyzor discover."In > Debian pyzor is enabled by default so nothing to add in > local.cf. Command "pyzor check < emailfile.eml" works ok. .. now i > try to test SA in debug mode like this: # spamassassin -D 2>&1 > 04:48:28.562 [9566] dbg: plugin: loading > Mail::SpamAssassin::Plugin::Pyzor from @INC Oct 19 04:48:28.564 > [9566] dbg: pyzor: network tests on, attempting Pyzor. Oct 19 > 04:48:29.711 [9566] info: rules: meta test DIGEST_MULTIPLE has > dependency 'PYZOR_CHECK' with a zero score IIRC I've seen this warning on meta rule dependencies with a non-zero scores. Unless you have a better reason to think Pyzor isn't working, I'd just ignore it.
Re: How to create a URIBL
On 10/18/2016 9:09 PM, Alex wrote: How do you then enter ranges? For example, one of the rbldnsd zone examples I've seen have entries such as: 1.168.160.0-255 That does not look to be in reverse order, as the host octet is still last. while there may be a more complicated and unusual answer for this.. the short answer is... you don't, and you shouldn't have to. (1) IPs at the base of clickable links inside the body of the message in spams... is still a little rare... comprising roughly 2% of all such listings. (2) This means that (a) those IPs aren't taking up a lot of space in the dnset files, when compared to the domains and host names there, and (b) of that ~2% of IPs, extremely few of those are even in the same /24 block - so you don't get much mileage out of trying to list ranges having said that... sending-IP lists that use ipset DO have the functionality that you desire. ipset actually has quite a number of acceptable formats to list blocks or ranges of IPs. iptset... not so much. iptset is built for EXTRA speed and EXTRA low-memory usage, but isn't as flexible and generally requires one single IP per line. Based on your question, it could be that you're trying to merge your sending IP blacklist, with your URI/domain blacklists... all into one single dnset rbldnsd file? if so, that is NOT recommended. It causes problems and removes some of rbldnsd best features/strengths. Your service is great, btw. Thanks. Please send me a note off-list as you how/why you think that. I'm not looking for praise... just curious if you're one of my clients (such as at your dayjob?) or if we've crossed paths somewhere and I forgot about it?... or if you have ever testing invaluement? etc (though I know you're a frequent SA discussion participant) -- Rob McEwen http://www.invaluement.com +1 (478) 475-9032
Re: PYZOR_CHECK always have zero score, why?
Thanks Matus.. >you should also check homedir of user spamassassin runs under (e.g. amavis) i already looked for the string PYZOR_CHECK trhougout the full system (homes included) with no luck.. where on hell is it overwriting the local.cf line??? score PYZOR_CHECK 2 and sets score 0? i am stuck... -Pedro From: Matus UHLAR - fantomasTo: users@spamassassin.apache.org Sent: Wednesday, October 19, 2016 9:42 AM Subject: Re: PYZOR_CHECK always have zero score, why? On 19.10.16 04:28, Pedro David Marco wrote: >i already did but still no clues... >Files in my Debian SA package (3.4.1) containing the string PYZOR_CHECK: ># for i in `dpkg -L spamassassin`; do grep -l PYZOR_CHECK $i 2>/dev/null ; >done/usr/share/spamassassin/30_text_fr.cf/usr/share/spamassassin/30_text_pl.cf/usr/share/spamassassin/25_pyzor.cf/usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/30_text_pt_br.cf/usr/share/spamassassin/20_net_tests.cf/usr/share/spamassassin/30_text_nl.cf/usr/share/spamassassin/30_text_de.cf >25_pyzor.cf contains: grep -r PYZOR_CHECK /etc/spamassassin/ you should also check homedir of user spamassassin runs under (e.g. amavis) >i have even looked for the string PYZOR_CHECK throughout the full system... >and no more files contain that string. how do you run spamassassin? >i have tried sa-compile of course but... is there maybe any cache i can delete >manually? not to my knowledge but... sa-compile only compiles regular expressions AFAIK. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
Re: How to create a URIBL
On 10/19/2016 3:51 AM, Matus UHLAR - fantomas wrote: are you REALLY sure the IP has to be reversed? rbldns parses IP and reverses them by itself, if used in ip4* dataset. When used in dnset, it should not be reversed. Your most valid points do not apply to "dnset". they apply to ip4tset and ip4set for sending-IP blacklists. Let me explain... but before I explain, let me say that I'm not arguing for any of this. These standards were put in place long before my time (and are followed by SURBL and URIBL, too). Or, at least I didn't set these standards. I MIGHT have been involved in some of the discussions about this circa 2004, in internal discussions at SURBL - and in SA discussions - but I think this was all set just a little before my time in those forums. So basically, if you look at the anatomy of a domain name... from left to right, you get into a higher hierarchy. So in "foo.example.com" "foo" is drilling into detail. while "example.com" is the bigger picture. And then ".com" is an even bigger picture! In a domain, as you get FURTHER to the right, you go to a HIGHER hierarchy or level. But IPs are the opposite. For an IPv4 IP, the leftmost number is the highest in the hierarchy, and you drill down into more detail as you move to the right. For this reason, it was decided a long time ago... that for URI DNSBL blacklists that use "dnset", the IP should be reversed in the source file. Therefore, in the data file, the test point IP: 127.0.0.1 shows up as 1.0.0.127 And then when the client queries that IP, the query is formatted as follows: 1.0.0.127.example.com (where example.com is the URI blacklist's host name) And, likewise, ALL of the major anti-spam software, (such as SpamAssassin), automatically reverses the IP when that (forward-ordered) IP is extracted from a base of a URL found in the body of a spam, and then this is appended to the beginning of a URI blacklist's hostname, for checking against a URIBL blacklists (such as SURBL, URIBL, or my own ivmURI list) This decision to do it this way PROBABLY had something to do with trying to get rbldnsd engine to NOT have to internally treat IPs and domains/host-names differently. otherwise, it would have had to "know" to reverse IPs, but yet know to NOT reverse domains or host names. (and who knows what TLDs could be coming up in the future?) In contrast, IPs found in sending IP data files (for ip4tset and ip4set) don't have this inconsistency problem. So it make sense to just leave them in forward-order, for EASY readability... and then just allow rbldnsd to reverse order them on-the-fly. (thank God - I'd go nuts if my ip4tset and ip4set were all in reverse order! meanwhile, IPs in URIBL data files are usually a TINY percentage of the listings!) -- Having said all of that, for regular sending0IP blacklists, (just as you said) the IP is NOT in reverse order in the file. But rbldnsd "knows" to reverse order it in memory, before it is compared to the reverse-ordered query that comes in from the client. So you're correct when you say, "rbldns parses IP and reverses them by itself" ... but that only applies to sending-IP blacklists, set up with ip4tset and ip4set in rbldnsd. As shown, dnset operates differently for IP addresses found in URIBL blacklists. -- This was a trip down memory lane for me. -- Rob McEwen invaluement
Re: How to create a URIBL
On 10/19/2016 09:51 AM, Matus UHLAR - fantomas wrote: On 18.10.16 20:03, Rob McEwen wrote: So your three examples: 109 .73 .134 .241 would like like this: .241 .134 .73 .109 NOTICE 2 things: (2) the fact that the IP is in reverse order. The great part about rbldnsd is that a lookup on either are you REALLY sure the IP has to be reversed? rbldns parses IP and reverses them by itself, if used in ip4* dataset. When used in dnset, it should not be reversed. in the rbldnsd zone the ip does NOT have to reversed the query reverses the IP
Re: How to create a URIBL
On 18.10.16 20:03, Rob McEwen wrote: So your three examples: 109 .73 .134 .241 would like like this: .241 .134 .73 .109 NOTICE 2 things: (2) the fact that the IP is in reverse order. The great part about rbldnsd is that a lookup on either are you REALLY sure the IP has to be reversed? rbldns parses IP and reverses them by itself, if used in ip4* dataset. When used in dnset, it should not be reversed. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Eagles may soar, but weasels don't get sucked into jet engines.
Re: PYZOR_CHECK always have zero score, why?
On 19.10.16 04:28, Pedro David Marco wrote: i already did but still no clues... Files in my Debian SA package (3.4.1) containing the string PYZOR_CHECK: # for i in `dpkg -L spamassassin`; do grep -l PYZOR_CHECK $i 2>/dev/null ; done/usr/share/spamassassin/30_text_fr.cf/usr/share/spamassassin/30_text_pl.cf/usr/share/spamassassin/25_pyzor.cf/usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/30_text_pt_br.cf/usr/share/spamassassin/20_net_tests.cf/usr/share/spamassassin/30_text_nl.cf/usr/share/spamassassin/30_text_de.cf 25_pyzor.cf contains: grep -r PYZOR_CHECK /etc/spamassassin/ you should also check homedir of user spamassassin runs under (e.g. amavis) i have even looked for the string PYZOR_CHECK throughout the full system... and no more files contain that string. how do you run spamassassin? i have tried sa-compile of course but... is there maybe any cache i can delete manually? not to my knowledge but... sa-compile only compiles regular expressions AFAIK. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.