You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Nelson Serafica <nt...@gmail.com> on 2009/01/13 04:46:30 UTC
how to change score of spf
I want to enable spf. AFAIK, it was enabled by default. However, I want to
change the score. Instead of -0.001, I want it to change to -2. So I edit
local.cf and put:
header SPF_PASS eval:check_for_spf_pass()
describe SPF_PASS SPF: sender matches SPF record
score SPF_PASS -2
Then I update rules by doing spamassassin -D --lint. The debug says there
are 1 issues detected. When I check the output of the debug, it says:
[1217] warn: rules: failed to run SPF_PASS test, skipping:
[1217] warn: (Can't locate object method "check_for_spf_pass" via package
"Mail::SpamAssassin::PerMsgStatus" at (eval 1248) line 1288.
[1217] warn: )
I have 25_spf.cf in my spamassassin default rules directory. Does this mean
that spf is not really enabled at all? Please advise how to enable it if not
and what is the proper way to change the score if my way is not correct.
I tried to check Mail::SpamAssassin::PerMsgStatus in
http://search.cpan.organd it point me to
Mail-SpamAssassin-3.2.5.tar.gz. However, I'm already
using SpamAssassin Server version 3.2.5
--
Nelson Serafica
http://nelsontux.blogspot.com
Re: how to change score of spf
Posted by Matt Kettler <mk...@verizon.net>.
Nelson Serafica wrote:
> I want to enable spf. AFAIK, it was enabled by default. However, I
> want to change the score. Instead of -0.001, I want it to change to
> -2. So I edit local.cf <http://local.cf> and put:
>
> header SPF_PASS eval:check_for_spf_pass()
> describe SPF_PASS SPF: sender matches SPF record
> score SPF_PASS -2
>
> Then I update rules by doing spamassassin -D --lint. The debug says
> there are 1 issues detected. When I check the output of the debug, it
> says:
>
> [1217] warn: rules: failed to run SPF_PASS test, skipping:
> [1217] warn: (Can't locate object method "check_for_spf_pass" via
> package "Mail::SpamAssassin::PerMsgStatus" at (eval 1248) line 1288.
> [1217] warn: )
>
> I have 25_spf.cf <http://25_spf.cf> in my spamassassin default rules
> directory. Does this mean that spf is not really enabled at all?
> Please advise how to enable it if not and what is the proper way to
> change the score if my way is not correct.
>
> I tried to check Mail::SpamAssassin::PerMsgStatus in
> http://search.cpan.org and it point me to
> Mail-SpamAssassin-3.2.5.tar.gz. However, I'm already using
> SpamAssassin Server version 3.2.5
First, to change a rule score, all you need is a score statement. You do
not need to re-declare the entire rule from scratch, and you're just
wasting space in your local.cf. Also, if the rule is ever upgraded by
sa-update, the copy in local.cf will over-ride it, and downgrade the rule.
Second, it looks like SPF is not enabled on your system, otherwise the
eval would not have errored. Check your .pre files and make sure the
loadplugin statement for SPF is not commented out, and make sure you
have the appropriate supporting SPF libraries installed.
Third, I would *strongly* discourage assigning a significant score to
SPF_PASS.
I strongly support SPF, but people really need to understand its
limitations when using it.
Passing SPF is not a reliable indicator of nonspam. All it does is
verify the sending server was authorized by the controller of the domain
used in the envelope FROM. However, if a spammer controls the domain, he
will obviously approve his own spam sending servers. SPF is completely
self-certified, with no external authorities, so SPF is only as
trustworthy as the domain it is included in.
SPF by itself is only useful in the negative. Failure indicates forgery.
Passing SPF indicates nothing, unless you also trust the domain owner,
but that's a per-domain thing. All you can verify from passing SPF is
that the sending server matches the claims of the domain owner.. but who
is that, and why do you trust them? Now, if you have a particular domain
in mind, things like whitelist_from_spf work well, but that's only
effective because you trust the domain owner to not be a spammer.
Many people confuse passing SPF with being a general-purpose whitelist
criteria. It is not designed for this use, and won't work when used this
way. Many of the more misguided arguments against SPF boil down to folks
who expect that it needs to work as a white tool, and realize it won't
work that way. SPF is a forgery detection technology, which has some
uses in spam detection, but it's use as a whitelist has notable limitations.
Re: how to change score of spf
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Tue, 2009-01-13 at 05:09 +0100, Benny Pedersen wrote:
> On Tue, January 13, 2009 04:46, Nelson Serafica wrote:
> > I tried to check Mail::SpamAssassin::PerMsgStatus in
> > http://search.cpan.organd it point me to
> > Mail-SpamAssassin-3.2.5.tar.gz. However, I'm already
> > using SpamAssassin Server version 3.2.5
>
> newer mix cpan with distro install of packages, so if your
> spamassassin is rpm based use cpan2rpm
cpan2rpm is deprecated. use cpan2dist instead...
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
Re: how to change score of spf
Posted by Benny Pedersen <me...@junc.org>.
On Tue, January 13, 2009 04:46, Nelson Serafica wrote:
> I want to enable spf.
so far so good :)
> AFAIK, it was enabled by default.
> However, I want to change the score. Instead of -0.001,
> I want it to change to -2.
no no, see below
> So I edit local.cf and put:
>
> header SPF_PASS eval:check_for_spf_pass()
> describe SPF_PASS SPF: sender matches SPF record
> score SPF_PASS -2
this way spammer can benefit for -2 in score by add there sending
domain with spf, was this wanted ?
> Then I update rules by doing spamassassin -D --lint. The debug says
> there are 1 issues detected.
> When I check the output of the debug, it says:
>
> [1217] warn: rules: failed to run SPF_PASS test, skipping:
> [1217] warn: (Can't locate object method "check_for_spf_pass" via
> package
> "Mail::SpamAssassin::PerMsgStatus" at (eval 1248) line 1288.
> [1217] warn: )
is spf plugin loaded in init.pre ? (same dir as local.cf)
do "spamassassin 2>&1 -D --lint" reveals more missing perl modules ?
> I have 25_spf.cf in my spamassassin default rules directory. Does
> this mean that spf is not really enabled at all? Please advise how
> to enable it if not and what is the proper way to change the
> score if my way is not correct.
you should not change default score as you did above but white
list_auth the sender good way is so:
whitelist_auth foo@example.net
def_whitelist_auth *@example.com
then maybe change the scores for USER-IN-*
that way spammer can add spf as thay wish, and you are still in
control :)
> I tried to check Mail::SpamAssassin::PerMsgStatus in
> http://search.cpan.organd it point me to
> Mail-SpamAssassin-3.2.5.tar.gz. However, I'm already
> using SpamAssassin Server version 3.2.5
newer mix cpan with distro install of packages, so if your
spamassassin is rpm based use cpan2rpm
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: how to change score of spf
Posted by Kelson <ke...@speed.net>.
Matus UHLAR - fantomas wrote:
> positive SPF results mean NOTHING - any spammer
> can register a domain and create SPF for it. Only the *FAILs are useful
> since it means someone is (probably) spoofing. Maybe NEUTRAL can indicate
> anything, but PASS has non-zero score only because zero score would cause it
> not to appear.
More precisely, a positive SPF result *by itself* is not an indicator of
non-spam. It can be combined with other data, such as a whitelist of
domain names, and be quite useful, as in the whitelist_spf and
whitelist_auth rules.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: how to change score of spf
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 13.01.09 11:46, Nelson Serafica wrote:
> I want to enable spf. AFAIK, it was enabled by default.
uncomment loading of the plugin, and you need to have Mail::SPF or
Mail::SPF::Query installed (the former is preferred)
> However, I want to change the score.
there are many rules for SPF. Do not change them unless you understand what
they mean...
> Instead of -0.001, I want it to change to -2. So I edit
> local.cf and put:
>
> score SPF_PASS -2
... and you clearly do not. positive SPF results mean NOTHING - any spammer
can register a domain and create SPF for it. Only the *FAILs are useful
since it means someone is (probably) spoofing. Maybe NEUTRAL can indicate
anything, but PASS has non-zero score only because zero score would cause it
not to appear.
> header SPF_PASS eval:check_for_spf_pass()
> describe SPF_PASS SPF: sender matches SPF record
This is defined in 25_spf.cf, do not redefine it. It could cause problems if
the code would change
> Then I update rules by doing spamassassin -D --lint. The debug says there
> are 1 issues detected. When I check the output of the debug, it says:
>
> [1217] warn: rules: failed to run SPF_PASS test, skipping:
> [1217] warn: (Can't locate object method "check_for_spf_pass" via package
> "Mail::SpamAssassin::PerMsgStatus" at (eval 1248) line 1288.
> [1217] warn: )
You apparently do not have SPF enabled or required perl modules installed.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
If Barbie is so popular, why do you have to buy her friends?
Re: how to change score of spf
Posted by Benny Pedersen <me...@junc.org>.
disable html on maillists please
On Tue, January 13, 2009 05:02, Michael Scheidell wrote:
>> All you need is the score new score.
>> score SPF_PASS -2
no, se my previous post
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Re: how to change score of spf
Posted by Michael Scheidell <sc...@secnap.net>.
> I want to enable spf. AFAIK, it was enabled by default. However, I want to
> change the score. Instead of -0.001, I want it to change to -2. So I edit
> local.cf <http://local.cf> and put:
>
>
> All you need is the score new score.
>
>
>
> score SPF_PASS -2
>
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________