headers
email builder | 9 Feb 05:06
Picon
Favicon

SPF and DKIM tests by default?

Hello,

I have a server where I never customized any of the SA
rules/tests (SA v.3.3.1).  The server does run sa-update
every day.  Is this the right place to look to know what
tests the server should be running?

https://spamassassin.apache.org/tests_3_0_x.html

From that page, it seems that SPF checks are normal
but DKIM is not. Is this right?

Contrary to that, this page suggests that DKIM test are
enabled by default in version 3.3:

https://wiki.apache.org/spamassassin/Plugin/DKIM

Also, where can I look to verify the tests/rules currently
in place on the server?  (per-user rules are not implemented)

I looked in /usr/share/spamassassin and there are a few
files with "spf" and "dkim" in their names.  Does that
mean those tests are active?

ls *spf*
-rw-r--r-- 1 root root 3100 Mar 15  2010 25_spf.cf
-rw-r--r-- 1 root root 3584 Mar 15  2010 60_whitelist_spf.cf

ls *dkim*
-rw-r--r-- 1 root root 4407 Mar 15  2010 25_dkim.cf
(Continue reading)

Permalink | Reply | 1 comment |
headers
Sharma, Ashish | 8 Feb 12:41
Picon
Favicon
Gravatar

Getting high spam score for email server hosted on AWS instance

Hi,

I have a mail server setup on an AWS instance.

When I am sending mails via this setup to a test spamassassin setup that acts as an email receiver server, I am
getting high spam scores as follows:

[FROM_LOCAL_HEX=0.331, HTML_IMAGE_ONLY_24=1.282,  HTML_MESSAGE=0.001, RCVD_ILLEGAL_IP=3.399,
T_REMOTE_IMAGE=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=no

As can be seen, the highest contributor is "RCVD_ILLEGAL_IP=3.399"

My investigation leads me to the spamassassin tests wiki
(http://wiki.apache.org/spamassassin/Rules/RCVD_ILLEGAL_IP), that states the my AWS machines IP
has been identified as invalid or not a mail source.

Is there a whitelist kind of thing that I need to notify to get my AWS email server IP out of the invalid IP list?

Please suggest.

Thanks
Ashish
Permalink | Reply | 3 comments |
headers
Brian Bebeau | 7 Feb 23:12

Ham hitting too generic rule

We have a customer who is a legitimate non-spamming investment advisor. Their outbound disclaimer has the phrase "investment advice" which hits the rule INVESTMENT_ADVICE in 20_phrases.cf. We can certainly zero out the score in local.cf, but it seems to me this is a pretty generic phrase, and it has an awfully high score (2.199). I can well imagine people getting mail from their stock broker or the like with this phrase in it somewhere. Any chance the score can at least be reduced?

 

--
Brian Bebeau

Security Researcher - Spiderlabs Research

Trustwave
bbebeau <at> trustwave.com

www.trustwave.com

 


This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
Permalink | Reply | 1 comment |
headers
David F. Skoll | 7 Feb 20:31
Favicon

T_FROM_MISSPACED score

Hi,

Is there a reason T_FROM_MISSPACED is still only a testing rule?  It
seems to trigger on quite a few spams and phishing attacks and hardly
any ham on my systems.

Regards,

David.
Permalink | Reply | 1 comment |
headers
Mozafar Roshany | 7 Feb 14:17
Picon
Gravatar

User Preferences on SQL with Amavis, in Multi-Server Environment

Hi all

Spamassassin version: 3.3.0
OS: Debian Lenny
SA called by Amavis through its command, so NOT using spamc/spamd.

I've two separate servers: One contains SMTP/IMAP/POP3 servers and (virtual) user maildirs. And another has Amavisd-new along with SpamAssassin and anti-virus installed. As you know, Amavis gets mail from MTA and scans it by calling SA and anti-virus, then returning the result (mail, response, tagged mail...) to MTA.

The question is:
Can I use Spamassassin user preferences stored on SQL database with this configuration?

Thanks for any help.

Permalink | Reply | 1 comment |
headers
Alessio Cecchi | 7 Feb 10:58
Picon

Spamassassin 3.3.2 for Ubuntu LTS

Hi,

does anyone know where I can find spamassassin 3.3.2 in deb format for 
Ubuntu 10.04?

Thanks
--

-- 
Alessio Cecchi is:
@ ILS -> http://www.linux.it/~alessice/
on LinkedIn -> http://www.linkedin.com/in/alessice
Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz/
@ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
@ LOLUG -> Socio http://www.lolug.net
Permalink | Reply | 4 comments |
headers
Mynabbler | 6 Feb 16:12
Favicon
Gravatar

Lots of comment in mail, how to score


I seem to remember we discussed a way to figure out how much HTML comment is
in a message, but I am not able to find a decent ruleset that is trying to
count the amount of comment.

Let me elaborate with an example: http://pastebin.com/AS6kvLH2

I do realize the spamvertized site (way way down the message) is at the
moment in blacklists. But it was not at the time the message was received.
And I reckon a fresh domain will be spammed in the next batch. But they
typically all have _pages_ of comment, and behind that scattering of words,
a small block with the payload.

What would be the best way to score such an unusual amout of HTML comment in
a message?
--

-- 
View this message in context: http://old.nabble.com/Lots-of-comment-in-mail%2C-how-to-score-tp33272106p33272106.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Permalink | Reply | 16 comments |
headers
Antonio Leding | 3 Feb 20:53
Gravatar

ACL vs. TRANSPORT styles

Hello SpamAssassin users,

Does anyone out there have any information regarding two purported "styles" for SpamAssassin operation -
ACL and TRANSPORT?

I was recently made aware of this distinction but after searching for a couple days, I am unable to find any
further details nor any documentation discussing this topic let alone these two different styles.

Thanks in advance for any feedback...
Permalink | Reply | 6 comments |
headers
Kris Deugau | 3 Feb 19:44
Picon

Partial solution (Re: Burst of large messages sometimes causes spamd to lock up)

Kris Deugau wrote:
> I've adjusted one machine with min-spare and max-spare at 5, the other
> min-spare 2 and max-spare 5; but I don't think that's it. (Although even
> reducing the number of incidents will help...)

The senior systems guy bumped these up further after another incident 
with a 300K monitoring message sent to a staff alias yesterday;  so far 
so good (the same notice today didn't cause a failure, anyway).

We'll be watching for a little while to see if this is "good enough", or 
if we need to dig further.

-kgd
Permalink | Reply | 0 comments |
headers
Simon Loewenthal | 3 Feb 11:00
Picon

warn: config: SpamAssassin failed to parse line, no value provided for "body", skipping: body

    Hi,

    I have an error somewhere in a rule (not that I have added one for
ages so I cannot fathom how it slipped in).  The error message from -D
--lint is listed below.  I do not know if these RCVD_IN rules are
related. I have not referenced these in the local.cf. I cannot find a
undefined body in the local.cf.

Feb  3 10:38:49.782 [6592] dbg: plugin: loading ClamAV from
/etc/spamassassin/clamav.pm
Feb  3 10:38:49.793 [6592] dbg: plugin: did not register
Mail::SpamAssassin::Plugin::Rule2XSBody, already registered
Feb  3 10:38:50.121 [6592] warn: config: SpamAssassin failed to parse
line, no value provided for "body", skipping: body
Feb  3 10:38:50.257 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_WL
Feb  3 10:38:50.257 [6592] dbg: config: warning: score set for
non-existent rule MANY_PILL_PRICE
Feb  3 10:38:50.257 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_L4
Feb  3 10:38:50.257 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_H5
Feb  3 10:38:50.258 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_H2
Feb  3 10:38:50.258 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_ZBI
Feb  3 10:38:50.258 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_L3
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule ANY_PILL_PRICE
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_H3
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_L2
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_BL
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_H4
Feb  3 10:38:50.259 [6592] dbg: config: warning: score set for
non-existent rule RCVD_IN_MSPIKE_L5
Feb  3 10:38:50.260 [6592] dbg: config: warning: score set for
non-existent rule URIBL_SBL_A
...
Feb  3 10:38:51.765 [6592] warn: lint: 1 issues detected, please rerun
with debug enabled for more information

Any starting pointers?

Cheers, S

--

-- 
	     PGP is optional: 4BA78604
	     simon @ klunky  .     org
	     simon @ klunky  .   co.uk
	I won't accept your confidentiality
	agreement, and your Emails are kept.
      		       ~Ö¿Ö~
Permalink | Reply | 2 comments |
headers
Rejaine Monteiro | 2 Feb 19:51
Picon
Gravatar

blacklist_from exceptions

Hi list,

Is there any way to block an entire domain, except for a particular recipient?
Example: blacklist_from <at> orig.com except when  rcpt_to is myboos <at> mydomain.com 
Permalink | Reply | 13 comments |

Gmane