You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Igor Chudov <ic...@Algebra.Com> on 2006/07/23 22:33:03 UTC

Started receiving a lot of spam

I started receiving a lot of spam in my mailbox. That spam regards one
of the most frequently spammed mede cations, with its name somewhat
misspelled in the Subject:. I am afraid that perhaps some of my rules
stopped working (like network identification of open spam relays). 

It is strange. Anyone else experienced something similar?

i

Re: Started receiving a lot of spam

Posted by jdow <jd...@earthlink.net>.

From: "Igor Chudov" <ic...@Algebra.Com>
>
> On Sun, Jul 23, 2006 at 03:33:03PM -0500, Igor Chudov wrote:
>> I started receiving a lot of spam in my mailbox. That spam regards one
>> of the most frequently spammed mede cations, with its name somewhat
>> misspelled in the Subject:. I am afraid that perhaps some of my rules
>> stopped working (like network identification of open spam relays).
>>
>> It is strange. Anyone else experienced something similar?
>
> Further investigation revealed the following. I run SA on a sitewide
> basis from root's procmailrc.
>
> Here's the tests from the root's run:
>
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
>        manifold.algebra.com
> X-Spam-Level:
> X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,FORGED_RCVD_HELO, HTML_MESSAGE 
> autolearn=ham version=3.1.3
> X-Spam-Relay-Country: US ES
>
> If I rerun SA manually from my own account, by doing
>
>   spamassassin < /tmp/badspam 2>&1 | less
>
> I get the following headers and proper identification of that spam as spam:
>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
>        manifold.algebra.com
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.6 required=3.0 tests=HTML_MESSAGE,URIBL_BLACK,
>        URIBL_SBL,URIBL_WS_SURBL autolearn=no version=3.1.3
>
> So, when I run it manually, it works great. Why does it not work from /etc/procmailrc?

I believe both procmail and spamassassin object to being run as root.
If there is a hole in either that opens the machine to malicious attacks.
It's believed there are no such holes. But our good fellows doing the
development are darned good but they're not Godlike enough to write
code that is absolutely guaranteed to be bug free. Besides, even if
their code is bug free are you willing to bet perl itself is?

{^_^}

Re: Started receiving a lot of spam

Posted by John Andersen <js...@pen.homeip.net>.

On Sunday 23 July 2006 12:39, Igor Chudov wrote:
> On Sun, Jul 23, 2006 at 03:33:03PM -0500, Igor Chudov wrote:
> > I started receiving a lot of spam in my mailbox. That spam regards one
> > of the most frequently spammed mede cations, with its name somewhat
> > misspelled in the Subject:. I am afraid that perhaps some of my rules
> > stopped working (like network identification of open spam relays).
> >
> > It is strange. Anyone else experienced something similar?
>
> Further investigation revealed the following. I run SA on a sitewide
> basis from root's procmailrc.
>
> Here's the tests from the root's run:
>
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
>         manifold.algebra.com
> X-Spam-Level:
> X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,FORGED_RCVD_HELO,
> HTML_MESSAGE autolearn=ham version=3.1.3 X-Spam-Relay-Country: US ES
>
> If I rerun SA manually from my own account, by doing
>
>    spamassassin < /tmp/badspam 2>&1 | less
>
> I get the following headers and proper identification of that spam as spam:
>
> X-Spam-Flag: YES
> X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
>         manifold.algebra.com
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.6 required=3.0 tests=HTML_MESSAGE,URIBL_BLACK,
>         URIBL_SBL,URIBL_WS_SURBL autolearn=no version=3.1.3
>
> So, when I run it manually, it works great. Why does it not work from
> /etc/procmailrc?
>
> thanks
>
> i

Because your spamd is not using network tests.

Prolly the -L flag in the spamd invocation.

-- 
_____________________________________
John Andersen

Re: Started receiving a lot of spam

Posted by Igor Chudov <ic...@Algebra.Com>.

On Sun, Jul 23, 2006 at 03:33:03PM -0500, Igor Chudov wrote:
> I started receiving a lot of spam in my mailbox. That spam regards one
> of the most frequently spammed mede cations, with its name somewhat
> misspelled in the Subject:. I am afraid that perhaps some of my rules
> stopped working (like network identification of open spam relays). 
> 
> It is strange. Anyone else experienced something similar?

Further investigation revealed the following. I run SA on a sitewide
basis from root's procmailrc. 

Here's the tests from the root's run: 

X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
        manifold.algebra.com
X-Spam-Level: 
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,FORGED_RCVD_HELO, HTML_MESSAGE autolearn=ham version=3.1.3
X-Spam-Relay-Country: US ES

If I rerun SA manually from my own account, by doing 

   spamassassin < /tmp/badspam 2>&1 | less

I get the following headers and proper identification of that spam as spam:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on 
        manifold.algebra.com
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.6 required=3.0 tests=HTML_MESSAGE,URIBL_BLACK,
        URIBL_SBL,URIBL_WS_SURBL autolearn=no version=3.1.3

So, when I run it manually, it works great. Why does it not work from /etc/procmailrc? 

thanks

i