You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2005/12/12 21:32:21 UTC
Re: DomainKeys in SA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Kai Schaetzl" writes:
>Kai Schaetzl wrote on Mon, 12 Dec 2005 20:01:08 +0100:
>
>> Ok, patch run worked flawless. Now let's see if I get a different result
>> next time I get a mail from Yahoo.
>
>Still getting "message has an unverified signature". Hm?
It's pretty easy for normal mail transmission to break DK signatures;
that's DK's big problem, and there's not much we can do about it (apart
from the header-reordering we did in 3.1.0).
If you want a post-mortem, it might be worth forwarding a full message
with all headers...
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFDnd5VMJF5cimLx9ARAqFIAJ9Wrj86CjbQCbGdgy+TonvxX395AACdHoK5
4498nIZkKYL2+HrX7656jZE=
=vkdS
-----END PGP SIGNATURE-----
Re: DomainKeys in SA
Posted by Kai Schaetzl <ma...@conactive.com>.
Justin Mason wrote on Mon, 12 Dec 2005 12:32:21 -0800:
> If you want a post-mortem, it might be worth forwarding a full message
> with all headers...
Well, just saving it from my mail program may have broken it. I understand
that it's a "filigrane" method, that's probably why it's bound to fail in
the end. If it fails with these messages it's pretty useless, all dk
checks will probably fail then.
But I'm not so sure if that's the reason why it fails *here*.
Here's the debug output. As you see all tests result in "cannot load
message using Mail::DomainKeys::Message". Not clear to me if that means
the signature verification failed or if it means the method failed because
of a problem in the code or the message. Do you have any clues?
>From looking at 25_domainkeys.cf DK_SIGNED means the verification failed.
If you want to test just send a message to
autorespond+dk-nofws@dk.elandsys.com
That will autorespond with "nofws" canonicalization domainkeys which
should be more resistant to changes in transit.
[27621] dbg: plugin: registering glue method for check_domainkeys_signsome
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
[27621] dbg: plugin: registering glue method for check_domainkeys_verified
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
[27621] dbg: plugin: registering glue method for check_domainkeys_verified
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
[27621] dbg: plugin: registering glue method for check_domainkeys_signall
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
[27621] dbg: plugin: registering glue method for check_domainkeys_signed
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
[27621] dbg: plugin: registering glue method for check_domainkeys_testing
(Mail::SpamAssassin::Plugin::DomainKeys=HASH(0x90b0670))
[27621] dbg: dk: cannot load message using Mail::DomainKeys::Message
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Re: DomainKeys in SA
Posted by ar...@waikato.ac.nz.
jm@jmason.org (Justin Mason) writes:
> It's pretty easy for normal mail transmission to break DK
> signatures
It sure is. Kai's and Pollywog's problems prompted me to investigate
why my own DK plugin was not verifying signatures from Yahoo! and
gmail.com. I filled SA's DomainKeys plugin and
Mail::DomainKeys::Signature.pm with debugging and got busy with -D.
It turns out that gmail.com encodes its outgoing email as
quoted-printable and signs the content-transfer-encoding header.
sendmail converts quoted-printable to 8bit, changing
Content-Transfer-Encoding accordingly, and the signature fails to
verify.
So, bang goes gmail.
I didn't have any Yahoo correspondence lying around for me to test so
I tried the autoresponders at dk.elandsys.com (thank you Matthew van
Eerde for the pointers). In Domainkeys 0.80 we have:
# FIXME: only needs to match the end of the domain
$prms{'Sender'}->host eq $self->domain or
$self->errorstr("domain " . $self->domain
. " does not match address " . $prms{'Sender'}->host),
return;
...and sure enough, elandsys.com does not match dk.elandsys.com.
That is easily fixed.
I see now why SA's default scores for DK rules are so low.
On the upside, my implementation of hashcash was so old that upgrading
it allowed me to add another four bits of work to each outgoing
message. Go, hashcash!
--
_________________________________________________________________________
Andrew Donkin Waikato University, Hamilton, New Zealand
Re: DomainKeys in SA
Posted by Philip Prindeville <ph...@redfish-solutions.com>.
Benny Pedersen wrote:
>>>I had set up Postfix to check incoming mails for DK sigs but when I did
>>>that, I was no longer able to DISCARD emails sent by known spammers and spam networks. That was not
>>>acceptable, so SpamAssassin provides me with another way of doing it, without breaking any Postfix
>>>functionality.
>>>
>>>
>>I don't like to reject spam, I prefer to DISCARD so that the innocent
>>bystanders that own the addresses the spammers forged are not bothered with the bounces.
>>
>>
>
>http://www.t29.dk/header_check_notes.php
>
>think about it one more time :-)
>
>
I concur with Benny.
Knowledge is power, and you're usually better off knowing than not
knowing (what you don't know can hurt you).
You're also assuming that most people are clueless, or can't be bothered
to defend themselves.
What if someone really doesn't like having someone else impersonate him,
and decides to go after such parties with a vengeance? They need all the
data they can get to present in court.
If the person, on the other hand, really doesn't want to know or doesn't
care,
then let him make the extra effort to filter the bouncers (at his peril).
-Philip
Re: DomainKeys in SA
Posted by Benny Pedersen <me...@junc.org>.
>> I had set up Postfix to check incoming mails for DK sigs but when I did
>> that, I was no longer able to DISCARD emails sent by known spammers and spam networks. That was not
>> acceptable, so SpamAssassin provides me with another way of doing it, without breaking any Postfix
>> functionality.
>
> I don't like to reject spam, I prefer to DISCARD so that the innocent
> bystanders that own the addresses the spammers forged are not bothered with the bounces.
http://www.t29.dk/header_check_notes.php
think about it one more time :-)
Re: Statistics from logfile to SQL
Posted by Mike Jackson <mj...@barking-dog.net>.
> If you do large volumes of email, expect to have a table with millions
> upon
> millions of records, and slow access times :(
The altered script I'm using outputs spam/ham total summaries for each user,
and spam/ham message hits for each rule. In a properly built database, that
shouldn't be too terribly difficult to maintain, and I wouldn't think you'd
need to retain history for very long.
> On 12/15/05 12:48 PM, "Mike Jackson" <mj...@barking-dog.net> wrote:
>
>>> I have been trying to find a script which would allow me to copy data
>>> from spamd logfile to MySQL database. It would be usefull, since then I
>>> could provide datailed statistics to my users.
>>>
>>> Does anybody know a way to do it or I will just have to write a small
>>> script myself? Has anyone probably done it before? Any tips?
>>
>> There's competing scripts out there named sa-stats.pl (one's included in
>> the
>> contrib directory with the SA distribution, the other's listed in
>> Freshmeat
>> as "SpamAssassin logfile analyser"). While neither one does exactly what
>> you
>> want, it should be trivial to hack them to save to SQL rather than
>> outputting as text.
>>
>> If you're interested, I've made modifications to David Ramsden's script
>> that
>> also outputs stats on the rules, not just user statistics.
>>
>
> --
> Matthew Yette
> Senior Engineer (NOC/Operations)
> M.A. Polce Consulting
> 315-838-1644
>
>
Re: Statistics from logfile to SQL
Posted by mouss <us...@free.fr>.
Matthew Yette a écrit :
> If you do large volumes of email, expect to have a table with millions upon
> millions of records,
the w-illions of records take less space than the x-illions of messages
to which they correspond.
and slow access times :(
and the access time will be less than that of:
- SA matching test
- SA net tests
- MTA dns lookups
- MDA execution
- message queing
- message storing
and in any case, if one needs it, one has to do it.
Re: Statistics from logfile to SQL
Posted by Matthew Yette <my...@mapolce.com>.
If you do large volumes of email, expect to have a table with millions upon
millions of records, and slow access times :(
On 12/15/05 12:48 PM, "Mike Jackson" <mj...@barking-dog.net> wrote:
>> I have been trying to find a script which would allow me to copy data
>> from spamd logfile to MySQL database. It would be usefull, since then I
>> could provide datailed statistics to my users.
>>
>> Does anybody know a way to do it or I will just have to write a small
>> script myself? Has anyone probably done it before? Any tips?
>
> There's competing scripts out there named sa-stats.pl (one's included in the
> contrib directory with the SA distribution, the other's listed in Freshmeat
> as "SpamAssassin logfile analyser"). While neither one does exactly what you
> want, it should be trivial to hack them to save to SQL rather than
> outputting as text.
>
> If you're interested, I've made modifications to David Ramsden's script that
> also outputs stats on the rules, not just user statistics.
>
--
Matthew Yette
Senior Engineer (NOC/Operations)
M.A. Polce Consulting
315-838-1644
Re: Statistics from logfile to SQL
Posted by Mike Jackson <mj...@barking-dog.net>.
> I have been trying to find a script which would allow me to copy data
> from spamd logfile to MySQL database. It would be usefull, since then I
> could provide datailed statistics to my users.
>
> Does anybody know a way to do it or I will just have to write a small
> script myself? Has anyone probably done it before? Any tips?
There's competing scripts out there named sa-stats.pl (one's included in the
contrib directory with the SA distribution, the other's listed in Freshmeat
as "SpamAssassin logfile analyser"). While neither one does exactly what you
want, it should be trivial to hack them to save to SQL rather than
outputting as text.
If you're interested, I've made modifications to David Ramsden's script that
also outputs stats on the rules, not just user statistics.
Statistics from logfile to SQL
Posted by Raimonds Aronietis <ra...@atd.lv>.
Dear all,
I have been trying to find a script which would allow me to copy data
from spamd logfile to MySQL database. It would be usefull, since then I
could provide datailed statistics to my users.
Does anybody know a way to do it or I will just have to write a small
script myself? Has anyone probably done it before? Any tips?
Raimonds Aronietis
Re: DomainKeys in SA
Posted by Kai Schaetzl <ma...@conactive.com>.
Pollywog wrote on Wed, 14 Dec 2005 21:25:55 +0000:
> I meant that since I am getting some mails with DK_VERIFIED, it might mean
> that something is broken with Yahoo's DK, if you are not getting DK_VERIFIED
> in Yahoo mails.
Or it's broken on my end ;-) After all, I have none of these hits at all, but
maybe that's only because DK mails are so scarce.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com