-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I've been looking at my pending directory and found a number of tmda-users posts in there that shouldn't have been. I subscribed with the address [EMAIL PROTECTED] I've got a .qmail-list-default file in the vmailmgr directory that is supposed to hand list messages without using tmda (spamassassin only).
[EMAIL PROTECTED] /home/virtual]$ cat .qmail-list-default | /etc/kludge/mailquotacheck.sh $LOCAL | preline spamc -f | /usr/bin/vdeliver | bouncesaying "This address does not exist."
However it looks like this message (shown below) was instead processed by my .qmail-default file which uses tmda
[EMAIL PROTECTED] /home/virtual]$ cat .qmail-default | /etc/kludge/mailquotacheck.sh $LOCAL | preline spamc -f | preline /usr/local/src/tmda-1.0/bin/tmda-filter - --vhome-script /usr/local/src/tmda-1.0/contrib/vmailmgr-vdir.sh | bouncesaying "This address does not exist."
I've checked my inbox and trash and I never recieved the message below. ~ Checking the message it's obvious it was challenged because it scored over 3.0 from spamassassin, like I have in my incoming filter file:
#Confirm bad messages headers '^X-Spam-Status:\sYes' confirm
But it should never have been processed by tmda in the first place, does anyone have a clue what's going on? I'm pretty sure it's a configuration error on my part, but I'm not sure where.
HERE IS THE ORIGINAL MAIL
[EMAIL PROTECTED] /home/virtual/users/chris_berry/.tmda/pending]$ cat 1075332190.15234.msg Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 15208 invoked by uid 0); 28 Jan 2004 23:23:07 -0000 Received: from [EMAIL PROTECTED] by mercury by uid 503 with qmail-scanner-1.20 ~ (clamuko: 0.65. spamassassin: 2.61. Clear:RC:0(66.139.78.221):SA:1(3.3/3.0):. ~ Processed in 2.770841 secs); 28 Jan 2004 23:23:07 -0000 Received: from justine.libertine.org ([66.139.78.221]) ~ by mercury.jmcollections.net ([192.168.1.25]) ~ with ESMTP via TCP; 28 Jan 2004 23:23:03 -0000 Received: from justine.libertine.org (localhost [127.0.0.1]) ~ by justine.libertine.org (Postfix) with ESMTP ~ id 0BE683A0061; Wed, 28 Jan 2004 17:23:01 -0600 (CST) X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from mail.paradigm-omega.net ~ (adsl-68-120-71-54.dsl.irvnca.pacbell.net [68.120.71.54]) ~ by justine.libertine.org (Postfix) with ESMTP id 1324C3A005A ~ for <[EMAIL PROTECTED]>; Wed, 28 Jan 2004 17:22:58 -0600 (CST) Received: by mail.paradigm-omega.net (Postfix, from userid 501) ~ id 813BB6429C; Wed, 28 Jan 2004 15:23:03 -0800 (PST) Received: by omega.paradigm-omega.net (tmda-sendmail, from uid 501); ~ Wed, 28 Jan 2004 15:23:03 -0800 (PST) Organization: Paradigm-Omega, LLC To: [EMAIL PROTECTED] Date: Wed, 28 Jan 2004 15:22:58 -0800 User-Agent: KMail/1.5 References: <[EMAIL PROTECTED]> ~ <[EMAIL PROTECTED]> ~ <[EMAIL PROTECTED]> In-Reply-To: <[EMAIL PROTECTED]> X-No-Archive: yes X-Praetor: Dies Irae X-Imperium: SPQR MIME-Version: 1.0 Content-Type: text/plain; ~ charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <[EMAIL PROTECTED]> From: Robin Lynn Frank <[EMAIL PROTECTED]> X-Delivery-Agent: TMDA/1.0 (Cannonade) X-TMDA-Fingerprint: 2FSV6BYWLnEb7krKBvWAhy3njsk Subject: Re: Scolding opinions on Challenge / Response systems..... X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.3 Precedence: list Reply-To: Robin Lynn Frank <[EMAIL PROTECTED]> List-Id: TMDA User Discussion <tmda-users.tmda.net> List-Unsubscribe: <http://tmda.net/lists/listinfo/tmda-users>, ~ <mailto:[EMAIL PROTECTED]> List-Archive: <http://mla.libertine.org/tmda-users> List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://tmda.net/lists/listinfo/tmda-users>, ~ <mailto:[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-Spam-Report: ~ * 0.5 RCVD_IN_NJABL_DIALUP RBL: NJABL: dialup sender did non-local SMTP ~ * [68.120.71.54 listed in dnsbl.njabl.org] ~ * 2.5 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address ~ * [68.120.71.54 listed in dnsbl.sorbs.net] ~ * 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS ~ * [68.120.71.54 listed in dnsbl.sorbs.net] ~ * 0.1 RCVD_IN_NJABL RBL: Received via a relay in dnsbl.njabl.org ~ * [68.120.71.54 listed in dnsbl.njabl.org] X-Spam-Level: *** X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on ~ mercury X-Spam-Status: Yes, hits=3.3 required=3.0 tests=RCVD_IN_DYNABLOCK, ~ RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS autolearn=no ~ version=2.61 X-Spam-Flag: YES X-TMDA-Recipient: [EMAIL PROTECTED]
On Wednesday 28 January 2004 11:31, Jason R. Mastaler wrote: | Robin Lynn Frank <[EMAIL PROTECTED]> writes: | > The big problem these folks have is that with so much spam/virus | > mail forging headers that the challenge will go to someone who | > didn't send you any email in the fist place. | | What's wrong with installing a virus scanner on the mail server? | What problem?
I have one and it is quite effective...after its virus signature database has been updated. We normally update every 8 hours unless someone sees suspiscious traffic. So we go to lunch and 10 or 20 forgeries arrive. What then?
This happened last night. A windows machine in Thailand got the latest worm and sent an email bearing my address to mandrakesoft.com in France. Their antivirus software with an IQ of minus 4, sends a notice to me letting me know I have a virus. Should I have sent a challenge?
Don't get me wrong I am all for C/R. I just feel a need to apply it judiciously. - -- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Cry havoc, and let slip the dogs of war! Email acceptance policy: http://paradigm-omega.com/email_policy.php
_____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
- -- Chris Berry [EMAIL PROTECTED] Systems Administrator JM Associates & Coast Business Service
"Some days you fix the multi-million dollar machine, other days the $12 stapler kicks your ass."
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAGE1UkAS13ByzgbsRAg82AJ0fADB/t0FyjUkJ5CoHVfFwgfF5vQCeKNNb JcQYYcXaGBB2cmUk/KZxyx8= =ZDW8 -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
