You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by da...@chaosreigns.com on 2014/04/08 23:37:03 UTC

Having difficulty following instructions for testing a rule

I'm using a script recommended on the wiki for running masscheck.  One of
the directories it uses is ~/masscheckwork/nightly_mass_check/

Under that directory, to the file masses/spamassassin/user_prefs, I
appended:

rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms

(which I have successfully tested by adding it to
 /etc/spamassassin/local.cf)

Then I ran this for a couple hours:

./mass-check ham:dir:$HOME/masscheckwork/ham/ spam:dir:$HOME/masscheckwork/spam/

Then:

./hit-frequencies -x -p -a > freqs

And freqs contains no evidence of my new rule.  user_prefs still has that
new rule in it.  I'm confident that file is in the right place.

What am I missing?

Related wiki pages:
https://wiki.apache.org/spamassassin/MassCheck
http://wiki.apache.org/spamassassin/HitFrequencies

-- 
"Happiness does not depend on what you have or who you are;
it solely relies on what you think."
- Zig Ziglar, Steps to the Top, p 186
http://www.ChaosReigns.com

Re: Having difficulty following instructions for testing a rule

Posted by John Hardin <jh...@impsec.org>.

On Fri, 11 Apr 2014, darxus@chaosreigns.com wrote:

> On 04/08, John Hardin wrote:
>> I think allow_user_rules needs to go into the system local.cf. If
>> the user can put it into their own private config file it offers no
>> security.
>
> That makes some sense, but didn't help.
>
> $ tail -n 1 /etc/spamassassin/local.cf
> allow_user_rules 1
>
> $ tail -n 1 spamassassin/user_prefs
> rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms
>
> $ grep -c FOUR_BLANK_LINES freqs
> 0
>
>> A piece of advice: put the rules into a sandbox .cf script instead.
>> You don't need to check it in, and compiling SA prior to the
>> masscheck will incorporate them into the rules.
>
> I guess I should try that.  Just create a new directory under
> rulesrc/sandbox, and put a file containing the rule in it?

I think that's all. A quick scan of the code doesn't indicate it's looking 
for only a specific list of user dirs under sandbox.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   USMC Rules of Gunfighting #20: The faster you finish the fight,
   the less shot you will get.
-----------------------------------------------------------------------
  2 days until Thomas Jefferson's 271st Birthday

Re: Having difficulty following instructions for testing a rule

Posted by da...@chaosreigns.com.

On 04/08, John Hardin wrote:
> I think allow_user_rules needs to go into the system local.cf. If
> the user can put it into their own private config file it offers no
> security.

That makes some sense, but didn't help.

$ tail -n 1 /etc/spamassassin/local.cf
allow_user_rules 1

$ tail -n 1 spamassassin/user_prefs 
rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms

$ grep -c FOUR_BLANK_LINES freqs
0

> A piece of advice: put the rules into a sandbox .cf script instead.
> You don't need to check it in, and compiling SA prior to the
> masscheck will incorporate them into the rules.

I guess I should try that.  Just create a new directory under
rulesrc/sandbox, and put a file containing the rule in it?

-- 
"This hurts quite a bit. Very painful."
"Think of the sensation as reassurance that you are not dead yet. What
you are feeling is life in you!" - Johnny The Homicidal Maniac
http://www.ChaosReigns.com

Re: Having difficulty following instructions for testing a rule

Posted by John Hardin <jh...@impsec.org>.

On Tue, 8 Apr 2014, darxus@chaosreigns.com wrote:

> On 04/08, John Hardin wrote:
>>> And freqs contains no evidence of my new rule.  user_prefs still has that
>>> new rule in it.  I'm confident that file is in the right place.
>>
>> Did you enable allow_user_rules ?
>
> I had not, but adding it didn't help.
>
> $ grep -c FOUR_BLANK_LINES freqs
> 0
>
> $ cat spamassassin/user_prefs
> bayes_auto_learn 0
> lock_method flock
> bayes_store_module Mail::SpamAssassin::BayesStore::SDBM
> use_auto_whitelist 0
> whitelist_bounce_relays example.com
> score ANY_BOUNCE_MESSAGE 0
> score BOUNCE_MESSAGE 0
> trusted_networks [redacted]
> internal_networks [redacted]
> allow_user_rules 1
> rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms

I think allow_user_rules needs to go into the system local.cf. If the user 
can put it into their own private config file it offers no security.

A piece of advice: put the rules into a sandbox .cf script instead. You 
don't need to check it in, and compiling SA prior to the masscheck will 
incorporate them into the rules.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Christian martyrs don't explode.                         -- Marisol
-----------------------------------------------------------------------
  5 days until Thomas Jefferson's 271st Birthday

Re: Having difficulty following instructions for testing a rule

Posted by da...@chaosreigns.com.

On 04/08, John Hardin wrote:
> >And freqs contains no evidence of my new rule.  user_prefs still has that
> >new rule in it.  I'm confident that file is in the right place.
> 
> Did you enable allow_user_rules ?

I had not, but adding it didn't help.

$ grep -c FOUR_BLANK_LINES freqs
0

$ cat spamassassin/user_prefs 
bayes_auto_learn 0
lock_method flock
bayes_store_module Mail::SpamAssassin::BayesStore::SDBM
use_auto_whitelist 0
whitelist_bounce_relays example.com
 score ANY_BOUNCE_MESSAGE 0
 score BOUNCE_MESSAGE 0
trusted_networks [redacted]
internal_networks [redacted]
allow_user_rules 1
rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms

-- 
"I'd rather be happy than right any day."
- Slartiblartfast, The Hitchhiker's Guide to the Galaxy
http://www.ChaosReigns.com

Re: Having difficulty following instructions for testing a rule

Posted by John Hardin <jh...@impsec.org>.

On Tue, 8 Apr 2014, darxus@chaosreigns.com wrote:

> I'm using a script recommended on the wiki for running masscheck.  One of
> the directories it uses is ~/masscheckwork/nightly_mass_check/
>
> Under that directory, to the file masses/spamassassin/user_prefs, I
> appended:
>
> rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms
>
> (which I have successfully tested by adding it to
> /etc/spamassassin/local.cf)
>
> And freqs contains no evidence of my new rule.  user_prefs still has that
> new rule in it.  I'm confident that file is in the right place.

Did you enable allow_user_rules ?

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin@impsec.org    FALaholic #11174     pgpk -a jhardin@impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   News flash: Lowest Common Denominator down 50 points
-----------------------------------------------------------------------
  5 days until Thomas Jefferson's 271st Birthday