You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Graham Murray <gr...@gmurray.org.uk> on 2010/01/28 14:40:56 UTC
SpamAssassin 3.3.0, Botnet FP with IPv6
Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
positive on every email I receive via IPv6.
Re: SpamAssassin 3.3.0, Botnet FP with IPv6
Posted by RW <rw...@googlemail.com>.
On Fri, 29 Jan 2010 06:43:02 -0800
Bill Landry <bi...@inetmsg.com> wrote:
> Mark Martinec wrote:
> > On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
> >> Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a
> >> false positive on every email I receive via IPv6.
> >
> > Has anyone contacted the author?
>
> As most here on the list know: "Good luck with that". From what I've
> seen botnet is an orphaned project, and the author is non-responsive
> to reported issues and user requests. If you really want this fixed,
> someone else other than the author will most likely need to provide a
> patch.
The BOTNET eval test is equivalent to:
meta BOTNET (BOTNET_CLIENT || BOTNET_BADDNS || BOTNET_NORDNS) && !
BOTNET_SOHO
As a workaround I would suggest BOTNET be redefined as above but with
an additional IPV6 exclusion to avoid the FPs. Then take a look at the
individual subtest results to see if any functionality can be salvaged
for IPv6.
Re: SpamAssassin 3.3.0, Botnet FP with IPv6
Posted by Bill Landry <bi...@inetmsg.com>.
Mark Martinec wrote:
> On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
>> Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
>> positive on every email I receive via IPv6.
>
> Has anyone contacted the author?
As most here on the list know: "Good luck with that". From what I've
seen botnet is an orphaned project, and the author is non-responsive to
reported issues and user requests. If you really want this fixed,
someone else other than the author will most likely need to provide a patch.
Bill
Re: SpamAssassin 3.3.0, Botnet FP with IPv6
Posted by Mark Martinec <Ma...@ijs.si>.
On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
> Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
> positive on every email I receive via IPv6.
Has anyone contacted the author?
A sample header field:
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
by mail.ijs.si (Postfix) with ESMTP
for <xx...@xxx>; Fri, 29 Jan 2010 12:01:43 +0100 (CET)
And the associated logging:
dbg: config: read file /etc/mail/spamassassin/Botnet.cf
dbg: config: fixed relative path: /etc/mail/spamassassin/Botnet.pm
dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from /etc/mail/spamassassin/Botnet.pm
dbg: Botnet: version 0.8
dbg: plugin: Mail::SpamAssassin::Plugin::Botnet=HASH(0x452a79f0) implements 'parse_config', priority 0
dbg: Botnet: setting botnet_pass_auth to 0
dbg: Botnet: setting botnet_pass_trusted to public
dbg: Botnet: adding ^127\.0\.0\.1$ to botnet_skip_ip
dbg: Botnet: adding ^10\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.1[6789]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.2[0-9]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.3[01]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^192\.168\..*$ to botnet_skip_ip
dbg: Botnet: adding ^128\.223\.98\.16$ to botnet_pass_ip
dbg: Botnet: adding (\.|\A)amazon\.com$ to botnet_pass_domains
dbg: Botnet: adding (\.|\A)apple\.com$ to botnet_pass_domains
dbg: Botnet: adding (\.|\A)ebay\.com$ to botnet_pass_domains
dbg: Botnet: adding (\b|\d).*dsl.*(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)cable(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)catv(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ddns(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dhcp(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dial(-?up)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dip(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)docsis(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dyn(amic)?(ip)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)modem(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ppp(oe)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)res(net|ident(ial)?)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)bredband(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)client(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)fixed(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ip(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)pool(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)static(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)user(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)e?mail(out)?(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)mta(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)mx(pool)?(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)smtp(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords
dbg: Botnet: starting
dbg: Botnet: public trusted relays not found
dbg: Botnet: get_relay good RDNS
dbg: Botnet: IP is '2001:4f8:fff6::35'
dbg: Botnet: RDNS is 'mx2.freebsd.org'
dbg: Botnet: HELO is 'mx2.freebsd.org'
dbg: Botnet: sender 'owner-freebsd-current@freebsd.org'
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $b in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $c in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $d in addition (+) at /etc/mail/spamassassin/Botnet.pm line 772.
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $b in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $c in addition (+) at /etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $b in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 775.
warn: Use of uninitialized value $c in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 775.
warn: Use of uninitialized value $d in addition (+) at /etc/mail/spamassassin/Botnet.pm line 775.
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 776.
warn: Use of uninitialized value $b in addition (+) at /etc/mail/spamassassin/Botnet.pm line 776.
warn: Use of uninitialized value $b in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 777.
warn: Use of uninitialized value $c in addition (+) at /etc/mail/spamassassin/Botnet.pm line 777.
warn: Use of uninitialized value $c in multiplication (*) at /etc/mail/spamassassin/Botnet.pm line 778.
warn: Use of uninitialized value $d in addition (+) at /etc/mail/spamassassin/Botnet.pm line 778.
warn: Argument "2001:4f8:fff6::35" isn't numeric in sprintf at /etc/mail/spamassassin/Botnet.pm line 783.
warn: Use of uninitialized value $b in sprintf at /etc/mail/spamassassin/Botnet.pm line 784.
warn: Use of uninitialized value $c in sprintf at /etc/mail/spamassassin/Botnet.pm line 785.
warn: Use of uninitialized value $d in sprintf at /etc/mail/spamassassin/Botnet.pm line 786.
warn: Use of uninitialized value $b in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $d in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $d in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at /etc/mail/spamassassin/Botnet.pm line 795.
dbg: Botnet: hit (baddns)
dbg: rules: ran eval rule BOTNET ======> got hit (1)
dbg: check:
tests=AWL,BAYES_20,BOTNET,BOTNET_OTHER,CRM114_CHECK,DCC_CHECK,DKIM_SIGNED,RP_MATCHES_RCVD,SPF_PASS,T_DKIM_INVALID,T_DNSBL_INDIRECT_UNSAFE,T_DNSBL_INDIRECT_UNSAFE_2,T_RP_MATCHES_RCVD,VIA_ML
0.1 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=2001:4f8:fff6::35,rdns=mx2.freebsd.org,maildomain=freebsd.org,baddns]
Mark