Re: training bayes database

[Reio Remma]

On 08.05.2018 22:08, John Hardin wrote:

On Tue, 8 May 2018, Matthew Broadhead wrote:

system setup centos-release-7-4.1708.el7.centos.x86_64, 
spamassassin-3.4.0-2.el7.x86_64, amavisd-new-2.11.0-3.el7.noarch


/etc/mail/spamassassin/local.cf:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

use_bayes  1
bayes_auto_learn   1
bayes_auto_expire  1

# Store bayesian data in MySQL
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn       DBI:mysql:sa_bayes:localhost:3306

it is storing the info to the database ok.  but it doesn't seem to be 
filtering any mail.


(1) What is the output of: /usr/bin/sa-learn --dump magic

(2) What user are you running sa-learn as for training, and what user 
is spamd running as?


(3) Are you seeing any BAYES_nn rule hits on messages at all, on 
either ham or spam?


You'll probably need to look at your amavisd-new config.

To debug SpamAssassin via amavisd, you need to set the following in 
amavisd.conf and then look at what's happening in /var/log/maillog


$log_level = 5;
$sa_debug = '1,bayes';

By not filtering do you mean bayes specifically isn't working, 
SpamAssassin in general isn't working via amavisd-new or ...?


Good luck,
Reio

Re: training bayes database

[Reio Remma]

On 09.05.18 9:57, Matthew Broadhead wrote:

BAYES_00=-1.9


I've personally set *bayes_sql_override_username = amavis* in my local.cf

If at all possible, run amavisd with SA bayes debug to see if/how it's 
using the database.


Good luck,
Reio

Re: training bayes database

[Reio Remma]

> On 9 May 2018, at 18:33, John Hardin  wrote:
> 
> Also:
> 
>> On Wed, 9 May 2018, Matthew Broadhead wrote:
>> 
>> your message has
>> 
>> X-Spam-Status: No, score=-18.15 tagged_above=-999 required=6.2
> 
> Setting the threshold higher will result in more spam getting through. The 
> scores calculated by the masscheck processes are based on the assumption that 
> the threshold is set to 5.0
> 
> Is there some specific reason you set the threshold higher than 5.0?

IIRC 6.2 is the default in amavisd in CentOS 7.

Reio

Re: Mysterious false positives in inbox

[Reio Remma]

Wild stab - maybe they're entering the system already with ***SPAM*** in 
the subject?


With amavisd-new it's amavisd that modifies the subject, local.cf 
shouldn't have an effect on that.


Good luck,
Reio

On 09.05.18 14:02, Eggert Ehmke wrote:


Hello,

I have spamassassin 3.4.1 / amavisd / postfix / dovecot installed on 
my Debian 9.4 server. I also run a mailman mailing list. Most of the 
time, all runs very well, but occasionally I get mails marked 
***SPAM*** in my inbox. These are indeed no spam, but valid mails 
forwarded by mailman. Training seems to have no effect.


The mails in question have those header entries:

X-Virus-Scanned: Debian amavisd-new at 

X-Spam-Flag: NO

X-Spam-Score: -1

X-Spam-Level:

X-Spam-Status: No, score=-1 tagged_above=-999 required=3 
tests=[ALL_TRUSTED=-1, SHORTCIRCUIT=-0.0001] autolearn=disabled


With those entries, why is the ***SPAM*** put into the subject line??

In /etc/spamassassin/local.cf are these entries:

rewrite_header Subject ***SPAM*** report_safe 0 trusted_networks of my other server> required_score 2.0 use_bayes 1 bayes_auto_learn 1 
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit shortcircuit 
ALL_TRUSTED on endif # 
Mail::SpamAssassin::Plugin::Shortcircuit Any idea?


Eggert

Re: training bayes database

[Reio Remma]

On 09.05.18 16:59, Matthew Broadhead wrote:
setting log_level and sa_debug in /etc/amavisd/amavisd.conf didn't 
seem to make any difference. should i be doing it in 
/etc/mail/spamassassin/local.cf?


See if $sa_debug=1 works (for full debug)? (and restart amavisd).

Reio
ok now i am getting a lot of output.  what am i looking for in 
particular?  is it safe to post those logs on here?


I would grep through it looking for error, fail, warn and bayes. :)

Reio

Re: training bayes database

[Reio Remma]

On 09.05.18 16:33, Matthew Broadhead wrote:

On 08/05/18 21:53, Reio Remma wrote:

On 08.05.2018 22:08, John Hardin wrote:

On Tue, 8 May 2018, Matthew Broadhead wrote:

system setup centos-release-7-4.1708.el7.centos.x86_64, 
spamassassin-3.4.0-2.el7.x86_64, amavisd-new-2.11.0-3.el7.noarch


/etc/mail/spamassassin/local.cf:
required_hits 5
report_safe 0
rewrite_header Subject [SPAM]

use_bayes  1
bayes_auto_learn   1
bayes_auto_expire  1

# Store bayesian data in MySQL
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn   DBI:mysql:sa_bayes:localhost:3306

it is storing the info to the database ok.  but it doesn't seem to 
be filtering any mail.


(1) What is the output of: /usr/bin/sa-learn --dump magic

(2) What user are you running sa-learn as for training, and what 
user is spamd running as?


(3) Are you seeing any BAYES_nn rule hits on messages at all, on 
either ham or spam?


You'll probably need to look at your amavisd-new config.

To debug SpamAssassin via amavisd, you need to set the following in 
amavisd.conf and then look at what's happening in /var/log/maillog


$log_level = 5;
$sa_debug = '1,bayes';

By not filtering do you mean bayes specifically isn't working, 
SpamAssassin in general isn't working via amavisd-new or ...?


Good luck,
Reio


setting log_level and sa_debug in /etc/amavisd/amavisd.conf didn't 
seem to make any difference.  should i be doing it in 
/etc/mail/spamassassin/local.cf?


See if $sa_debug=1 works (for full debug)? (and restart amavisd).

Reio

Re: training bayes database

[Reio Remma]

On 10.05.18 15:23, David Jones wrote:

On 05/10/2018 07:12 AM, Reio Remma wrote:

On 10.05.18 15:08, David Jones wrote:

On 05/10/2018 07:02 AM, Reio Remma wrote:
On a slightly related note. We're running a PFSense firewall with 
DNS Forwarder (dnsmasq) in front of our mail server. From what I've 
gleaned from the net is that it caches as well. Should I still 
install a local (BIND) on the mail server?


Thanks!
Reio


YES!  As I was corrected on this mailing list last year, dnsmasq is 
only a forwarding DNS server so it will cause your queries to be 
lumped into whatever it's forwarding to.  Setup a real recursive DNS 
server local on your mail server since it should have it's own 
dedicated NAT or real public IP on your pfSense firewall so your DNS 
queries will be completely isolated. 


There's also the option of DNS Resolver (unbound) on the firewall - 
would that be better?


Reio


No.  Your DNS traffic for your general network served by your firewall 
is much different from your mail server DNS lookup.  You will probably 
want to forward your firewall DNS server to OpenDNS, Google, or even 
do DNS over TLS someday.


https://wiki.apache.org/spamassassin/CachingNameserver

My favorite is PowerDNS Recursor but Unbound is very popular. 


That seems to have worked - installed unbound and set dns_server 
127.0.0.1 in local.cf


Thanks,
Reio

Re: training bayes database

[Reio Remma]

On 10.05.18 14:58, Matus UHLAR - fantomas wrote:

Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
i guess my dns is set to use my isp's dns server.  do i need to set 
up dns relay on my machine so it comes from my ip?


there is no way we send more than 500k emails from our domain so i 
should qualify for the free lookup?



On 09/05/18 20:43, David Jones wrote:
Yes.  Setup BIND, unbound, or pdns_recursor on your SA server that 
is not forwarding to another DNS server then set your 
/etc/resolv.conf or SA dns_server to 127.0.0.1.  This will make your 
DNS queries isolated from your IP to stay under their daily limit.


Keep in mind that if your SA box is behind NAT that is not dedicated 
to your server then other DNS queries could get combined with your 
shared public IP.  This is not likely since others are not going to 
query RBL/URIBL servers but it's possible.  If your SA server is 
directly on the Internet as an edge mail gateway then this won't be 
a problem.




On 10.05.18 12:15, Matthew Broadhead wrote:
i already had bind handling my dns.  i just had to add to 
/etc/named.conf


allow-query-cache {localhost; any;};


NO!
this way everyone is allowed to use your server as recursive DNS.

only allow "localhost;" it defined all ipv4 and ipv6 address on your 
system.


It's also better to define allow-recursion instead.
While it means something different, they both have same defaults, but
allow-recursion has more clear meaning.


recursion yes;


not needed by default.


and to /etc/resolv.conf

nameserver 127.0.0.1

i cannot believe that is not the default.  i always assumed my dns 
was working correctly.


It's not default to have DNS server on your system. And it's not 
default to
have localhost in resolv.conf - it may be authoritative-only. 


On a slightly related note. We're running a PFSense firewall with DNS 
Forwarder (dnsmasq) in front of our mail server. From what I've gleaned 
from the net is that it caches as well. Should I still install a local 
(BIND) on the mail server?


Thanks!
Reio

Re: training bayes database

[Reio Remma]

On 10.05.18 15:08, David Jones wrote:

On 05/10/2018 07:02 AM, Reio Remma wrote:

On 10.05.18 14:58, Matus UHLAR - fantomas wrote:

Am 09.05.2018 um 16:28 schrieb Matthew Broadhead:
i guess my dns is set to use my isp's dns server.  do i need to 
set up dns relay on my machine so it comes from my ip?


there is no way we send more than 500k emails from our domain so 
i should qualify for the free lookup?



On 09/05/18 20:43, David Jones wrote:
Yes.  Setup BIND, unbound, or pdns_recursor on your SA server that 
is not forwarding to another DNS server then set your 
/etc/resolv.conf or SA dns_server to 127.0.0.1.  This will make 
your DNS queries isolated from your IP to stay under their daily 
limit.


Keep in mind that if your SA box is behind NAT that is not 
dedicated to your server then other DNS queries could get combined 
with your shared public IP.  This is not likely since others are 
not going to query RBL/URIBL servers but it's possible.  If your 
SA server is directly on the Internet as an edge mail gateway then 
this won't be a problem.




On 10.05.18 12:15, Matthew Broadhead wrote:
i already had bind handling my dns.  i just had to add to 
/etc/named.conf


allow-query-cache {localhost; any;};


NO!
this way everyone is allowed to use your server as recursive DNS.

only allow "localhost;" it defined all ipv4 and ipv6 address on your 
system.


It's also better to define allow-recursion instead.
While it means something different, they both have same defaults, but
allow-recursion has more clear meaning.


recursion yes;


not needed by default.


and to /etc/resolv.conf

nameserver 127.0.0.1

i cannot believe that is not the default.  i always assumed my dns 
was working correctly.


It's not default to have DNS server on your system. And it's not 
default to
have localhost in resolv.conf - it may be authoritative-only. 


On a slightly related note. We're running a PFSense firewall with DNS 
Forwarder (dnsmasq) in front of our mail server. From what I've 
gleaned from the net is that it caches as well. Should I still 
install a local (BIND) on the mail server?


Thanks!
Reio


YES!  As I was corrected on this mailing list last year, dnsmasq is 
only a forwarding DNS server so it will cause your queries to be 
lumped into whatever it's forwarding to.  Setup a real recursive DNS 
server local on your mail server since it should have it's own 
dedicated NAT or real public IP on your pfSense firewall so your DNS 
queries will be completely isolated. 


There's also the option of DNS Resolver (unbound) on the firewall - 
would that be better?


Reio

FORGED_GMAIL_RCVD via IMAP.

[Reio Remma]

Hello!

I just noticed if I mail myself via my Gmail account, I'm hitting 
FORGED_GMAIL_RCVD.


Apparently it happens only if I use my Gmail account via IMAP, but not 
when I mailed from their webmail for testing.


Should that be so? I suspect it's the following that trips it:

Return-Path: 
Received: from [192.168.0.148] (85.xxx.xxx.xxx.cable.isp.ee. [85.xxx.xxx.xxx])
by smtp.googlemail.com with ESMTPSA id 
b65-v6sm298081lff.5.2018.05.10.11.58.19
for 
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 10 May 2018 11:58:19 -0700 (PDT)


Reio

Re: FORGED_GMAIL_RCVD via IMAP.

[Reio Remma]

On 10.05.2018 22:23, Reindl Harald wrote:

Am 10.05.2018 um 21:11 schrieb Reio Remma:

Apparently it happens only if I use my Gmail account via IMAP, but not
when I mailed from their webmail for testing.

you don't send with IMAP - it's SMTP


Indeed, I realized my mistake right after posting. By IMAP I meant I'm 
reading GMail with a real mail client. :)


On 10.05.2018 22:38, Benny Pedersen wrote:


ESMTPSA

please crrate a ticket, its a false possitive on that test

its not forged if sasl authed 


Bugrep filled, thanks.

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7584

Autolearn as ham with a positive score.

[Reio Remma]

Hello!

I just noticed *autolearn=ham* for a message with a positive spam score. 
Is that normal?


bayes_auto_learn_threshold_nonspam is set to a negative figure in the 
SpamAssassin config file.


X-Spam-Flag: NO
X-Spam-Score: 2.32
X-Spam-Level: **
X-Spam-Status: No, score=2.32 tagged_above=-3 required=3 tests=[
BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1,
NO_DNS_FOR_FROM=1, TXREP=1.719] autolearn=ham autolearn_force=no

Thanks,
Reio

Re: Autolearn as ham with a positive score.

[Reio Remma]

> On 12 Jun 2018, at 17:11, Bill Cole  
> wrote:
> 
>> On 12 Jun 2018, at 3:34, Reio Remma wrote:

>> I just noticed *autolearn=ham* for a message with a positive spam score. Is 
>> that normal?

>> X-Spam-Flag: NO
>> X-Spam-Score: 2.32
>> X-Spam-Level: **
>> X-Spam-Status: No, score=2.32 tagged_above=-3 required=3 tests=[
>> BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
>> DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1,
>> NO_DNS_FOR_FROM=1, TXREP=1.719] autolearn=ham autolearn_force=no
> 
> Your configuration is rather unusual (3 is a VERY low threshold) but that's 
> not why this got autolearned as ham. The score used for autolearn thresholds 
> does not use Bayes or TxRep/AWL scores. Detailscan be found with 'perldoc 
> Mail::SpamAssassin::Plugin::AutoLearnThreshold'

Thanks, that’s what I was looking for and half suspected. My actual spam 
threshold is 6 (set in amavisd-new).

Autolearn ham threshold was indeed -0.1, lowered it some more now.

Thanks,
Reio

A question about DCC and learning.

[Reio Remma]

Hello!

I'm curious, if I turn on DCC learning, does it learn with both the 
learn and report options to sa-learn or only report?


Thanks!
Reio

Re: Invalid argumenty warning when trying to use Bayes with Redis

[Reio Remma]

On 27.05.2018 21:43, John Hardin wrote:

On Sun, 27 May 2018, Palvelin Postmaster wrote:

Can anyone offer suggestions as to why I get these invalid argument 
warnings when I run spamassassin —lint —debug:


warn: plugin: eval failed: bayes: Redis failed: Error: Invalid 
argument at 
/opt/local/lib/perl5/vendor_perl/5.26/Mail/SpamAssassin/BayesStore/Redis.pm 
line 264. at 
/opt/local/lib/perl5/vendor_perl/5.26/Mail/SpamAssassin/BayesStore/Redis.pm 
line 271.


$ spamassassin --version
SpamAssassin version 3.4.1
 running on Perl version 5.26.2

Lines 264-271 in Redis.pm indicate that the warning might be related 
to a connectivity problem with Redis. I have Redis 4.0.9 installed 
via Macports on macOS High Sierra. Redis is configured according to 
these instructions: 
https://svn.apache.org/repos/asf/spamassassin/trunk/contrib/HOWTO.Bayes-Redis/. 
A simple test suggests a connection to Redis can be established and 
database 0 exists.


$ redis-cli -h 127.0.0.1
127.0.0.1:6379> SELECT 0
OK

My bayes config is:

# Enable the Bayes system
use_bayes   1
use_bayes_rules    1
use_learner    1
bayes_use_hapaxes   1
bayes_learn_to_journal    0
bayes_token_ttl    30d
bayes_seen_ttl    14d

# Use Redis for Bayes backend
bayes_store_module    Mail::SpamAssassin::BayesStore::Redis
bayes_sql_dsn    server=127.0.0.1:6379,database=0


   foreach (split(';', $bconf->{bayes_sql_dsn})) {

It appears the DSN syntax for SA follows the common format and uses 
semicolon as a delimiter. Try:


  server=127.0.0.1:6379;database=0


And if someone could then fix up:

https://svn.apache.org/repos/asf/spamassassin/trunk/contrib/HOWTO.Bayes-Redis/SA-rule/bayes_redis.cf

:)

Reio

Re: Periodic error

[Reio Remma]

On 02.08.18 3:46, Amir Caspi wrote:

On Aug 1, 2018, at 6:09 PM, John Hardin  wrote:

Recommendation: download the spamassassin-3.4.1-12 (or later) SRPM from Fedora 
and try building an RPM from it in a Centos 6 dev environment. That's what I 
did for Centos 7 and it works jes' fine.

Kevin Fenzi maintains an SA repo for RHEL/CentOS 6:
https://copr.fedorainfracloud.org/coprs/kevin/spamassassin-el/

It's up to date with 3.4.1.

(There's one for CentOS 5, too, but not linked from that page.  Perhaps Kevin 
might be incentivized to add a CentOS 7 repo, too.)

Cheers.

--- Amir



I've anyone wants to try the CentOS 7 RPM I made for myself of the 
latest 3.4.2, then I just uploaded it to WeTransfer.


spamassassin-3.4.2-1837275.el7.x86_64.rpm

https://we.tl/y6lFCb988L

It's available there until 9th of August.

Good luck,
Reio

Re: SpamAssassin 3.4.2.

[Reio Remma]

On 17.04.18 16:16, Kevin A. McGrail wrote:
It was squashed by the pmc when the ruleqa was broken but happy to say 
it's in progress again and I will have an rc building again soon.


On Tue, Apr 17, 2018, 09:13 Reio Remma <r...@mrstuudio.ee 
<mailto:r...@mrstuudio.ee>> wrote:


Greetings,

any new on 3.4.2 release? I read that testing was done a year ago,
but
everything is silent after that. :)

Thanks!
Reio



Thanks!

Can't wait for all the little fixes. For now I've carried some over by 
hand to cut down on log errors (TxRep etc).


Reio

SpamAssassin 3.4.2.

[Reio Remma]

Greetings,

any new on 3.4.2 release? I read that testing was done a year ago, but 
everything is silent after that. :)


Thanks!
Reio

Re: Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: lib/Mail/SpamAssassin/Plugin/SpamCop.pm: Permission denied

[Reio Remma]

Are you running both commands as the same user?

Reio

On 18.04.2018 23:00, Rainer Dorsch wrote:

That was also my first guess, but it seems not the be the case here alll dirs
are 755 and the file 644:

rd@netcup:~$ locate SpamCop.pm
/usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm
rd@netcup:~$ ls -l /usr/share/perl5/Mail/SpamAssassin/Plugin/SpamCop.pm
-rw-r--r-- 1 root root 8578 Feb  7  2014 /usr/share/perl5/Mail/SpamAssassin/
Plugin/SpamCop.pm
rd@netcup:~$ ls -ld /usr/share/perl5/Mail/SpamAssassin/Plugin
drwxr-xr-x 2 root root 4096 Feb  3  2015 /usr/share/perl5/Mail/SpamAssassin/
Plugin
rd@netcup:~$ ls -ld /usr/share/perl5/Mail/SpamAssassin
drwxr-xr-x 10 root root 4096 Feb  3  2015 /usr/share/perl5/Mail/SpamAssassin
rd@netcup:~$ ls -ld /usr/share/perl5/Mail
drwxr-xr-x 6 root root 4096 Feb  3  2015 /usr/share/perl5/Mail
rd@netcup:~$ ls -ld /usr/share/perl5
drwxr-xr-x 60 root root 4096 Jan  5 09:29 /usr/share/perl5
rd@netcup:~$ ls -ld /usr/share
drwxr-xr-x 173 root root 4096 May 21  2017 /usr/share
rd@netcup:~$ ls -ld /usr
drwxr-xr-x 11 root root 4096 Feb  1  2016 /usr
rd@netcup:~$ ls -ld /
drwxr-xr-x 23 root root 4096 Jan 10 22:25 /
rd@netcup:~$

Rainer

Am Mittwoch, 18. April 2018, 14:09:47 CEST schrieb Christian Grunfeld:

"Can´t locate" and "permission denied" seems to be a directory permission
issue

2018-04-18 14:03 GMT-03:00 Rainer Dorsch :

Hello,

I have a strange problem when reporting spam using spamassassin -rD

I monitor an imap directory using inotifywait:

inotifywait --monitor --quiet --event moved_to,create --format '%f'
/home/rd/
Maildir/.SPAM-learned/cur/ | /home/rd/bin/reportspam-line.sh 2>&1

and then report spam using

rd@netcup:~$ cat bin/reportspam-line.sh
!#/bin/bash

while read line
do

 echo "$line"
 spamassassin -rD < /home/rd/Maildir/.SPAM-learned/cur/$line

done < "${1:-/dev/stdin}"
rd@netcup:~$

Then spamassassin report errors like

Apr 18 18:44:40.902 [5112] warn: plugin: failed to parse plugin (from
@INC):
Can't locate Mail/SpamAssassin/Plugin/SpamCop.pm: lib/Mail/SpamAssassin/
Plugin/SpamCop.pm: Permission denied at (eval 31) line 1.
Apr 18 18:44:40.902 [5112] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
Apr 18 18:44:40.902 [5112] warn: plugin: failed to parse plugin (from
@INC):
Can't locate Mail/SpamAssassin/Plugin/AutoLearnThreshold.pm: lib/Mail/
SpamAssassin/Plugin/AutoLearnThreshold.pm: Permission denied at (eval 32)
line
1.
[...]
0 message(s) examined.

When I run directly from cmd line, these errors do not show up:

rd@netcup:~$ spamassassin -rD < /home/rd/Maildir/.SPAM-learned/cur/
1524003783.H176971P29357.netcup.bokomoko.de\:2\,S
[...]
Apr 18 18:49:52.980 [5164] dbg: config: using "/home/rd/.spamassassin/
user_prefs" for user prefs file
Apr 18 18:49:52.980 [5164] dbg: config: read file /home/rd/.spamassassin/
user_prefs
Apr 18 18:49:52.981 [5164] dbg: plugin: loading
Mail::SpamAssassin::Plugin::URIDNSBL from @INC
Apr 18 18:49:52.986 [5164] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Hashcash from @INC
Apr 18 18:49:52.995 [5164] dbg: plugin: loading
Mail::SpamAssassin::Plugin::SPF from @INC
[...]
Apr 18 18:50:11.222 [5164] info: reporter: spam reported to SpamCop
1 message(s) examined.
Apr 18 18:50:11.301 [5164] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x372cf68) implements
'finish_tests', priority 0
Apr 18 18:50:11.301 [5164] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x372d220) implements
'finish_tests',
priority 0

It almost seems that a prefix is missing when running through inotifywait.

Any hint is welcome :-)

Many thanks
Rainer

--
Rainer Dorsch
http://bokomoko.de/

spamc --reporttype= not working and curious log message.

[Reio Remma]

Hello!

I'm trying to use this to report spam:

spamc --reporttype=report --username=amavis < mail

However all I get is:

spamc[9632]: Please specify a legal report type

It works if I omit the = after --reporttype. This is with SA 3.4.2 from 
SVN, iirc it worked the other day with --reporttype=report in 3.4.1.


I'm also curious about a log message when reporting:

spamd[9506]: spamd: handle_user (userdir) unable to find user: ''


--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

On 19.04.18 9:45, Reio Remma wrote:

Hello!

I'm trying to use this to report spam:

spamc --reporttype=report --username=amavis < mail

However all I get is:

spamc[9632]: Please specify a legal report type

It works if I omit the = after --reporttype. This is with SA 3.4.2 
from SVN, iirc it worked the other day with --reporttype=report in 3.4.1.


I'm also curious about a log message when reporting:

spamd[9506]: spamd: handle_user (userdir) unable to find user: ''


*Update:* none of the --option= switches work.

handle_user (userdir) unable to find user: '' is caused because I have 
the -username switch as --username=amavis instead of --username amavis


It worked in 3.4.1.

Is it at all possible that I botched the RPM for 3.4.2?

Reio

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

On 20.04.18 9:50, Giovanni Bechis wrote:

On 04/19/18 09:24, Reio Remma wrote:
[...]

*Update:* none of the --option= switches work.

handle_user (userdir) unable to find user: '' is caused because I have the 
-username switch as --username=amavis instead of --username amavis

It worked in 3.4.1.

Is it at all possible that I botched the RPM for 3.4.2?


no, I botched it.
Fixed in r1829628.
  Thanks
   Giovanni


I can confirm that it works.

Two things I wanted to point out that I noticed when building the RPM 
for CentOS 7. There seem to be a few things in 3.4.2 branch that have 
dependencies that don't exist in CentOS 7.


--> Processing Dependency: perl(RabinKarpAccel) for package: 
spamassassin-3.4.2-0.el7.centos.x86_64
--> Finished Dependency Resolution
Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64 
(/spamassassin-3.4.2-0.el7.centos.x86_64)
   Requires: perl(RabinKarpAccel)
Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64 
(/spamassassin-3.4.2-0.el7.centos.x86_64)
   Requires: perl(Devel::Size)

To get around those I had to remove these (as I undersand they're 
experimental anyway):


Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/NetCache.pm
Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Util/MemoryDump.pm
Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/RabinKarpBody.pm

At first I tried removing all in MANIFEST.SKIP, but that seemed to be 
too much for it. :)


Also there are a couple of warnings when building:

make -f spamc/Makefile spamc/spamc
make[1]: Entering directory `/home/reio/rpmbuild/BUILD/Mail-SpamAssassin-3.4.2'
make[1]: warning: jobserver unavailable: using -j1.  Add `+' to parent make 
rule.
gcc -DSPAMC_SSL -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 
-mtune=generic spamc/spamc.c spamc/getopt.c spamc/libspamc.c spamc/utils.c \
-o spamc/spamc  -lssl -lcrypto  -ldl -lz
spamc/libspamc.c: In function '_try_to_connect_tcp':
spamc/libspamc.c:491:19: warning: variable 'family' set but not used 
[-Wunused-but-set-variable]
 char *family = NULL;
   ^
spamc/libspamc.c: In function 'transport_setup':
spamc/libspamc.c:1911:35: warning: unused variable 'addrp' [-Wunused-variable]
 struct addrinfo hints, *res, *addrp;
   ^
spamc/libspamc.c: In function 'libspamc_log':
spamc/libspamc.c:2239:9: warning: ignoring return value of 'write', declared 
with attribute warn_unused_result [-Wunused-result]
 (void) write (2, buf, len);
 ^
make[1]: Leaving directory `/home/reio/rpmbuild/BUILD/Mail-SpamAssassin-3.4.2'

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

On 20.04.18 9:50, Giovanni Bechis wrote:

On 04/19/18 09:24, Reio Remma wrote:
[...]

*Update:* none of the --option= switches work.

handle_user (userdir) unable to find user: '' is caused because I have the 
-username switch as --username=amavis instead of --username amavis

It worked in 3.4.1.

Is it at all possible that I botched the RPM for 3.4.2?


no, I botched it.
Fixed in r1829628.
  Thanks
   Giovanni


It pains me to say this, but thank (whichever) god! :) Thank you too. :D

Good luck,
Reio

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

I ran make test now - not exactly a pass.

There were lots of complaints about: "Maybe you need to kill a running 
spamd process?" There was no spamd running.


The RPM is actually working nicely on our production system (after I 
removed the = from spamc options).


This is all on CentOS 7.

Test Summary Report

---

t/basic_lint_without_sandbox.t  (Wstat: 256 Tests: 3 Failed: 1)

  Failed test:  1

  Non-zero exit status: 1

t/debug.t   (Wstat: 256 Tests: 3 Failed: 1)

  Failed test:  3

  Non-zero exit status: 1

t/lang_lint.t   (Wstat: 1536 Tests: 8 Failed: 6)

  Failed tests:  1, 3, 5-8

  Non-zero exit status: 6

t/sa_check_spamd.t  (Wstat: 768 Tests: 7 Failed: 3)

  Failed tests:  1, 6-7

  Non-zero exit status: 3

t/spamc_x_e.t   (Wstat: 256 Tests: 7 Failed: 1)

  Failed test:  1

  Non-zero exit status: 1

t/spamc_x_E_R.t (Wstat: 768 Tests: 49 Failed: 3)

  Failed tests:  1, 10, 12

  Non-zero exit status: 3

t/spamd.t   (Wstat: 512 Tests: 14 Failed: 2)

  Failed tests:  1, 14

  Non-zero exit status: 2

t/spamd_allow_user_rules.t  (Wstat: 512 Tests: 5 Failed: 2)

  Failed tests:  1, 3

  Non-zero exit status: 2

t/spamd_client.t    (Wstat: 5120 Tests: 52 Failed: 20)

  Failed tests:  2, 18-19, 31-32, 35, 37-42, 44, 46-52

  Non-zero exit status: 20

t/spamd_maxchildren.t   (Wstat: 512 Tests: 22 Failed: 2)

  Failed tests:  1, 22

  Non-zero exit status: 2

t/spamd_report.t    (Wstat: 512 Tests: 6 Failed: 2)

  Failed tests:  1, 6

  Non-zero exit status: 2

t/spamd_report_ifspam.t (Wstat: 512 Tests: 10 Failed: 2)

  Failed tests:  1, 10

  Non-zero exit status: 2

t/spamd_user_rules_leak.t   (Wstat: 512 Tests: 28 Failed: 2)

  Failed tests:  1, 19

  Non-zero exit status: 2

t/spamd_whitelist_leak.t    (Wstat: 512 Tests: 8 Failed: 2)

  Failed tests:  1, 8

  Non-zero exit status: 2

Files=169, Tests=3081, 793 wallclock secs ( 0.93 usr  0.69 sys + 174.60 cusr 
30.48 csys = 206.70 CPU)

Result: FAIL

Failed 14/169 test programs. 49/3081 subtests failed.

make: *** [test_dynamic] Error 255



On 19.04.2018 16:33, Kevin A. McGrail wrote:

Certainly sounds odd.  Does make test pass before you build the RPM?

--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Thu, Apr 19, 2018 at 3:24 AM, Reio Remma <r...@mrstuudio.ee 
<mailto:r...@mrstuudio.ee>> wrote:


    On 19.04.18 9:45, Reio Remma wrote:

Hello!

I'm trying to use this to report spam:

spamc --reporttype=report --username=amavis < mail

However all I get is:

spamc[9632]: Please specify a legal report type

It works if I omit the = after --reporttype. This is with SA
3.4.2 from SVN, iirc it worked the other day with
--reporttype=report in 3.4.1.

I'm also curious about a log message when reporting:

spamd[9506]: spamd: handle_user (userdir) unable to find user: ''


*Update:* none of the --option= switches work.

handle_user (userdir) unable to find user: '' is caused because I
have the -username switch as --username=amavis instead of
--username amavis

It worked in 3.4.1.

Is it at all possible that I botched the RPM for 3.4.2?

Reio

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

I suspect rpmbuild gleans the requirements from script files when building.

Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/RabinKarpBody.pm:use 
RabinKarpAccel;
Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Util/MemoryDump.pm:use 
Devel::Size qw(size total_size);
Mail-SpamAssassin-3.4.2/masses/plugins/Dumpmem.pm:use 
Mail::SpamAssassin::Util::MemoryDump;


I suspect it's possible to change the spec file somehow to ignore these 
specific ones. Researching...


Reio

On 20.04.18 14:53, Kevin A. McGrail wrote:
FYI, I'm well aware of the 3.4 test issue with rulesrc.  I have it 
symlinked to a checkout for my purposes. I'll document that more.


I am using CentOS 7 as well for testing and not aware of these perl 
dependency issues you are having.  Please elaborate further.


--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Fri, Apr 20, 2018 at 5:03 AM, Reio Remma <r...@mrstuudio.ee 
<mailto:r...@mrstuudio.ee>> wrote:


On 20.04.18 9:50, Giovanni Bechis wrote:

On 04/19/18 09:24, Reio Remma wrote:
[...]

*Update:* none of the --option= switches work.

handle_user (userdir) unable to find user: '' is caused
because I have the -username switch as --username=amavis
instead of --username amavis

It worked in 3.4.1.

Is it at all possible that I botched the RPM for 3.4.2?

no, I botched it.
Fixed in r1829628.
  Thanks
   Giovanni


I can confirm that it works.

Two things I wanted to point out that I noticed when building the
RPM for CentOS 7. There seem to be a few things in 3.4.2 branch
that have dependencies that don't exist in CentOS 7.

--> Processing Dependency: perl(RabinKarpAccel) for package:
spamassassin-3.4.2-0.el7.centos.x86_64
--> Finished Dependency Resolution
Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64
(/spamassassin-3.4.2-0.el7.centos.x86_64)
   Requires: perl(RabinKarpAccel)
Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64
(/spamassassin-3.4.2-0.el7.centos.x86_64)
   Requires: perl(Devel::Size)

To get around those I had to remove these (as I undersand they're
experimental anyway):

Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/NetCache.pm
<http://e.pm>
Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Util/MemoryDump.pm
<http://p.pm>
Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/RabinKarpBody.pm

At first I tried removing all in MANIFEST.SKIP, but that seemed to
be too much for it. :)

Also there are a couple of warnings when building:

make -f spamc/Makefile spamc/spamc
make[1]: Entering directory
`/home/reio/rpmbuild/BUILD/Mail-SpamAssassin-3.4.2'
make[1]: warning: jobserver unavailable: using -j1.  Add `+' to
parent make rule.
gcc -DSPAMC_SSL -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches   -m64 -mtune=generic spamc/spamc.c
spamc/getopt.c spamc/libspamc.c spamc/utils.c \
-o spamc/spamc  -lssl -lcrypto  -ldl -lz
spamc/libspamc.c: In function '_try_to_connect_tcp':
spamc/libspamc.c:491:19: warning: variable 'family' set but not
used [-Wunused-but-set-variable]
 char *family = NULL;
   ^
spamc/libspamc.c: In function 'transport_setup':
spamc/libspamc.c:1911:35: warning: unused variable 'addrp'
[-Wunused-variable]
 struct addrinfo hints, *res, *addrp;
   ^
spamc/libspamc.c: In function 'libspamc_log':
spamc/libspamc.c:2239:9: warning: ignoring return value of
'write', declared with attribute warn_unused_result [-Wunused-result]
 (void) write (2, buf, len);
 ^
make[1]: Leaving directory
`/home/reio/rpmbuild/BUILD/Mail-SpamAssassin-3.4.2'





--
Tervitades
Reio Remma


MR Stuudio 25 aastat

*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
r...@mrstuudio.ee
www.mrstuudio.ee

Re: spamc --reporttype= not working and curious log message.

[Reio Remma]

Neither spamassassin-3.4.0-2.el7.src.rpm (CentOS 7.4) nor 
spamassassin-3.4.1-17.fc27.src.rpm have the mentioned files in their 
source at all.


Reio

On 20.04.18 17:06, Kevin A. McGrail wrote:
Giovanni, I was considering killing it as well. And I was going to 
look at how CentOS handled this in the 3.4.1 for their rpms.


--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Fri, Apr 20, 2018 at 9:57 AM, Giovanni Bechis <giova...@paclan.it 
<mailto:giova...@paclan.it>> wrote:


On 04/20/18 13:53, Kevin A. McGrail wrote:
> FYI, I'm well aware of the 3.4 test issue with rulesrc.  I have
it symlinked to a checkout for my purposes.  I'll document that more.
>
> I am using CentOS 7 as well for testing and not aware of these
perl dependency issues you are having. Please elaborate further.
>
I cannot find Devel::Size on Centos7 standard repositories.
As for RabinKarpAccel, the author says "Unfortunately, while it's
great for many parallel-match tasks, it's not so hot with
SpamAssassin rules, which is what I wrote it for" on his web
page[¹] and I cannot find it on cpan.
Is this plugin really useful ? From svn logs I can find that 12
years ago jm@ wrote:
"reactivate RabinKarpBody plugin, which uses the Rabin-Karp
algorithm to perform fast body searches; not as fast as re2xs though".

 Giovanni

[¹] http://taint.org/wk/JustinsSoftware
<http://taint.org/wk/JustinsSoftware>

> --
> Kevin A. McGrail
> Asst. Treasurer & VP Fundraising, Apache Software Foundation
> Chair Emeritus Apache SpamAssassin Project
> https://www.linkedin.com/in/kmcgrail
<https://www.linkedin.com/in/kmcgrail> - 703.798.0171
>
> On Fri, Apr 20, 2018 at 5:03 AM, Reio Remma <r...@mrstuudio.ee 
<mailto:r...@mrstuudio.ee>
<mailto:r...@mrstuudio.ee <mailto:r...@mrstuudio.ee>>> wrote:
>
> On 20.04.18 9:50, Giovanni Bechis wrote:
>
> On 04/19/18 09:24, Reio Remma wrote:
> [...]
>
> *Update:* none of the --option= switches work.
>
> handle_user (userdir) unable to find user: '' is
caused because I have the -username switch as --username=amavis
instead of --username amavis
>
> It worked in 3.4.1.
>
> Is it at all possible that I botched the RPM for 3.4.2?
>
> no, I botched it.
> Fixed in r1829628.
>   Thanks
>Giovanni
>
>
> I can confirm that it works.
>
> Two things I wanted to point out that I noticed when
building the RPM for CentOS 7. There seem to be a few things in
3.4.2 branch that have dependencies that don't exist in CentOS 7.
>
> --> Processing Dependency: perl(RabinKarpAccel) for package:
spamassassin-3.4.2-0.el7.centos.x86_64
> --> Finished Dependency Resolution
> Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64
(/spamassassin-3.4.2-0.el7.centos.x86_64)
>Requires: perl(RabinKarpAccel)
> Error: Package: spamassassin-3.4.2-0.el7.centos.x86_64
(/spamassassin-3.4.2-0.el7.centos.x86_64)
>Requires: perl(Devel::Size)
>
> To get around those I had to remove these (as I undersand
they're experimental anyway):
>
>   
 Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/NetCache.pm

<http://e.pm>
>   
 Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Util/MemoryDump.pm

<http://p.pm>
>   
 Mail-SpamAssassin-3.4.2/lib/Mail/SpamAssassin/Plugin/RabinKarpBody.pm

>
> At first I tried removing all in MANIFEST.SKIP, but that
seemed to be too much for it. :)
>
> Also there are a couple of warnings when building:
>
> make -f spamc/Makefile spamc/spamc
> make[1]: Entering directory
`/home/reio/rpmbuild/BUILD/Mail-SpamAssassin-3.4.2'
> make[1]: warning: jobserver unavailable: using -j1.  Add `+'
to parent make rule.
> gcc -DSPAMC_SSL -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches   -m64 -mtune=generic spamc/spamc.c
spamc/getopt.c spamc/libspamc.c spamc/utils.c \
> -o spamc/spamc  -lssl -lcrypto  -ldl -lz
> spamc/libspamc.c: In function '_try_to_connect_tcp':
> spamc/libspamc.c:491:19: warning: variable 'family' set but
not used [-Wunused-but-set-variable]
&g

Re: SpamAssassin 3.4.2.

[Reio Remma]

Mkay. Half an evening of figuring out how RPM building works and voila.

Let the testing commence. :)

Running transaction
  Updating   : spamassassin-3.4.2-0.el7.centos.x86_64
  Cleanup    : spamassassin-3.4.1-17.el7.centos.x86_64
  Verifying  : spamassassin-3.4.2-0.el7.centos.x86_64
  Verifying  : spamassassin-3.4.1-17.el7.centos.x86_64

On 17.04.2018 18:49, Kevin A. McGrail wrote:
Svn for 3.4 is very stable and suitable for most production level 
machines IMO.


--
Kevin A. McGrail
Asst. Treasurer & VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171

On Tue, Apr 17, 2018 at 10:45 AM, Alex > wrote:


Hi,

> Can't wait for all the little fixes. For now I've carried some
over by hand
> to cut down on log errors (TxRep etc).

Are you pulling from svn? I've been doing that for some time and it's
stable and I'm assuming has all the current fixes.

It requires you to build it yourself from scratch, but it compiles and
builds easily.
https://wiki.apache.org/spamassassin/DownloadFromSvn




>
> Reio
>

Extreme scores from FRNAME rules.

[Reio Remma]

Hello!

I have this perfectly legit mail that has a +7.5 score from these three rules.

*  2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
*  2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
*  2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject

If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would have been 
thrown away.

Should these XPRIO/FRNAME rules stack like this?

The e-mail in question is available here:

https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607

Thanks!
Reio

Re: Extreme scores from FRNAME rules.

[Reio Remma]

On 25/10/2018 14:06, Matus UHLAR - fantomas wrote:

On 25/10/2018 11:43, Matus UHLAR - fantomas wrote:

On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:

bug number would help more...


On 25.10.18 10:58, Reio Remma wrote:
The bug contains no additional info. :) I was simply asked to post 
to the list.


and this is exactly why it would be better to post the link to the 
bug, or

at least the bug number, instead of just link to the attachment...


On 25.10.18 11:46, Reio Remma wrote:

No worries. Here it is:

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7644


Good.  I don't see FRNAME_IN_MSG_NO_SUBJ in rules now (apparently due to
John Hardin's change) , but according to original description, they 
seem to

match:

*  2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority

A+B = 2.5

*  2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject

B+C = 2.5

*  2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject

A+C = 2.5

so, in fact neither of them overlaps, but they all three in common 
seem to match three different conditions, where final score was 3*2.5



currently we have FRNAME_IN_MSG_XPRIO_NO_SUB which matches

A+B+C

but does not match short subject now.

This could fix your problem, can you rescan the mail?


current scores:

score FRNAME_IN_MSG_NO_SUBJ 0.001 2.499 0.001 2.499
score FRNAME_IN_MSG_XPRIO   0.001 2.499 0.001 2.499
score FRNAME_IN_MSG_XPRIO_NO_SUB    2.499 0.001 2.499 0.001
score XPRIO_SHORT_SUBJ  2.499 2.131 2.499 2.131

note that FRNAME_IN_MSG_NO_SUBJ and FRNAME_IN_MSG_XPRIO are not defined.


Tested from command line and it only matched this now:

2.5 XPRIO_SHORT_SUBJ   Has X-Priority header + short subject

That's much better. Thanks!

Reio

Re: Extreme scores from FRNAME rules.

[Reio Remma]

On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:

On 22.10.18 21:34, Reio Remma wrote:
I have this perfectly legit mail that has a +7.5 score from these 
three rules.


*  2.5 FRNAME_IN_MSG_XPRIO From name in message + X-Priority
*  2.5 XPRIO_SHORT_SUBJ Has X-Priority header + short subject
*  2.5 FRNAME_IN_MSG_NO_SUBJ From name in message + short or no subject

If it wasn't for the -1.9 from Bayes and -2.6 from TxRep, it would 
have been thrown away.


Should these XPRIO/FRNAME rules stack like this?

The e-mail in question is available here:

https://bz.apache.org/SpamAssassin/attachment.cgi?id=5607


bug number would help more... 


The bug contains no additional info. :) I was simply asked to post to 
the list.


Reio

Re: Extreme scores from FRNAME rules.

[Reio Remma]

On 25/10/2018 11:43, Matus UHLAR - fantomas wrote:

On 25/10/2018 10:33, Matus UHLAR - fantomas wrote:

bug number would help more...


On 25.10.18 10:58, Reio Remma wrote:
The bug contains no additional info. :) I was simply asked to post to 
the list.


and this is exactly why it would be better to post the link to the 
bug, or
at least the bug number, instead of just link to the attachment... 


No worries. Here it is:

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7644

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

[Reio Remma]

On 16.09.2018 18:03, Kevin A. McGrail wrote:

Good Morning,

On behalf of the Apache SpamAssassin Project Management Committee, I am
very pleased to announce the release of Apache SpamAssassin v3.4.2.
This release contains security bug fixes.  A security announcement will
follow within the next 24 hours.



Wonderful, thank you all for your hard work!

I encountered no problems at all when building a new RPM for CentOS 7.

Thanks and good luck,
Reio

Re: [ANNOUNCE] Apache SpamAssassin 3.4.2 available

[Reio Remma]

On 17.09.2018 4:13, Ricky Gutierrez wrote:

Reio hi, Could you please share the rpm o src for centOS?


Download link @WeTransfer:

https://we.tl/t-CbvKhwJoCA

spamassassin-3.4.2-0.el7.x86_64.rpm

Will be deleted on 24 September, 2018.

Good luck,
Reio

Re: Scoring TLS.

[Reio Remma]

On 06/09/2019 09:57, @lbutlr wrote:

On 6 Sep 2019, at 00:51, Reio Remma  wrote:

Even though I recall QMail having TLSv1 back when we were still using it.

TLSv1.0 is EOLed and should not be used nor supported.

But yes, mailing lists are therein reason I a=have not gone 100% TLS myself 
(it’s not just this one, sadly).

There is very little desired email that does not come from lists that is not 
using TLS 1.1 or better (TLS 1.1 shouldn’t be used either, but I see a fair 
amount of 1.1 still, or did last I looked a few months ago).



Apache lists also seem to break DKIM with the subject and content 
modifications. Not all lists do that and they behave well on that front.

Scoring TLS.

[Reio Remma]

Hello!

I recently did an experiment where I stopped accepting incoming e-mail 
without TLS. This seemingly cut off about 95-99% of spam. Unfortunately 
there still seem to be a small percentage of servers sending without 
TLS, so that was a no go.


Now I've instead turned to SpamAssassin to score TLS.

header MR_RCVD_TLS  Received =~ / by \S+ \(OpenSMTPD\) with ESMTPS id 
[a-z0-9]{8} \((TLSv\d+(?:[.]\d+)?):\S+:\d+:\S+\)/s


Does the Received check only check the last untrusted relay?

The Apache lists seem to be using no TLS either. :)

Even though I recall QMail having TLSv1 back when we were still using it.

Thanks,
Reio

Re: Scoring TLS.

[Reio Remma]

On 06/09/2019 10:57, Matus UHLAR - fantomas wrote:

On 6 Sep 2019, at 00:51, Reio Remma  wrote:
Even though I recall QMail having TLSv1 back when we were still 
using it.


On 06.09.19 00:57, @lbutlr wrote:

TLSv1.0 is EOLed and should not be used nor supported.


well, if your clients (some old server installations) only support 
tls1.0,
it's better to allow it than forgint it to go plaintext or reject the 
mail

at all.

http://postfix.1071664.n5.nabble.com/Update-to-recommended-TLS-settings-td78583.html 

http://postfix.1071664.n5.nabble.com/Update-to-recommended-TLS-settings-td96604.html 



just FYI 


Much to my amazement the Postfix (that comes with CentOS 7 - v.2.10 
IIRC) defaults to using no TLS at all for outgoing mail. You need to 
manually enable opportunistic TLS.

Re: Scoring TLS.

[Reio Remma]

On 06/09/2019 15:53, RW wrote:

On Fri, 6 Sep 2019 09:51:06 +0300
Reio Remma wrote:


Hello!

I recently did an experiment where I stopped accepting incoming
e-mail without TLS. This seemingly cut off about 95-99% of spam.
Unfortunately there still seem to be a small percentage of servers
sending without TLS, so that was a no go.

Now I've instead turned to SpamAssassin to score TLS.

header MR_RCVD_TLS  Received =~ / by \S+ \(OpenSMTPD\) with ESMTPS id
[a-z0-9]{8} \((TLSv\d+(?:[.]\d+)?):\S+:\d+:\S+\)/s

Does the Received check only check the last untrusted relay?


No that runs against all Received headers, you should make sure the
"by" part only matches your MX server.


Thanks a bunch for the info!

Reio

Re: Scoring TLS.

[Reio Remma]

On 06/09/2019 15:25, RW wrote:

On Fri, 6 Sep 2019 10:17:23 +0300
Reio Remma wrote:


On 06/09/2019 09:57, @lbutlr wrote:

On 6 Sep 2019, at 00:51, Reio Remma  wrote:

Even though I recall QMail having TLSv1 back when we were still
using it.

TLSv1.0 is EOLed and should not be used nor supported.

But yes, mailing lists are therein reason I a=have not gone 100%
TLS myself (it’s not just this one, sadly).

There is very little desired email that does not come from lists
that is not using TLS 1.1 or better (TLS 1.1 shouldn’t be used
either, but I see a fair amount of 1.1 still, or did last I looked
a few months ago).

Apache lists also seem to break DKIM with the subject and content
modifications. Not all lists do that and they behave well on that
front.

I don't know about other Apache lists, but this one doesn't - unless
the source does something silly like signing List-Id.


Oh, this is awkward. It seems I was looking at mail source of another 
list when I wrote that.


I eat my words!

Reio

Re: Where to find the highest version to be installed by "yum"?

[Reio Remma]

On 27.09.2019 21:37, Ramon F Herrera wrote:



On 9/27/2019 12:38 PM, Amir Caspi wrote:
On Sep 27, 2019, at 10:40 AM, Bowie Bailey > wrote:


Question: Are you folks aware of any 'yum' repository that carries 
a version higher than 3.3.1?




I'm not aware of any newer yum repositories


What version of Linux distro are you using?  For RHEL/CentOS 7, *SA 
3.4.0* is available from the base repo.


Cheers.

--- Amir

I am using CentOS 7. Maybe I am doing something wrong, see the output 
from my box.




For some reason you seem to have an EL6 version.

Reio