You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chuck Campbell <ca...@accelinc.com> on 2010/09/18 22:57:29 UTC
user_prefs questions/problem
I have SA set up and working (mostly) on my mail machine, however I've put the
following into my user_prefs:
whitelist_from *@zyngamail.com
and
whitelist_from_rcvd *@zyngamail.com zyngamail.com
and
whitelist_allows_relays *@zyngamail.com
when email comes in from them it is flagged as spam.
Here is an example spam report from the headers:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on helium.inexs.com
X-Spam-Flag: YES
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,
MIME_HTML_ONLY,RDNS_NONE,SPF_FAIL,TO_NO_BRKTS_NORDNS_HTML
+autolearn=disabled
version=3.3.1
X-Spam-Report:
* 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
* 0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
* [SPF failed: Please see
+http://www.openspf.org/Why?s=mfrom;id=notifications%2Bvvvo8mu4wy%40zyngamail.co
+m;ip=10.49.16.82;r=helium.inexs.com]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
+author's
* domain
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
* headers
* 0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML
+only
I have contacted them about their SPF failure, and am awaiting a response, but
I don't see any reference to my whitelisting, is it not working as I
anticipated?
If it is there, and I just don't see it, let me know where, and how to
increase it's score to ensure whitelisted emails are not flagged as spam.
thanks,
-chuck
--
Re: user_prefs questions/problem
Posted by Matt Kettler <mk...@verizon.net>.
On 9/18/2010 4:57 PM, Chuck Campbell wrote:
> I have SA set up and working (mostly) on my mail machine, however I've put the
> following into my user_prefs:
>
> whitelist_from *@zyngamail.com
> and
> whitelist_from_rcvd *@zyngamail.com zyngamail.com
> and
> whitelist_allows_relays *@zyngamail.com
>
>
> when email comes in from them it is flagged as spam.
>
> Here is an example spam report from the headers:
>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on helium.inexs.com
> X-Spam-Flag: YES
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
> DKIM_VALID_AU,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,
> MIME_HTML_ONLY,RDNS_NONE,SPF_FAIL,TO_NO_BRKTS_NORDNS_HTML
> +autolearn=disabled
> version=3.3.1
> X-Spam-Report:
> * 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1
> * 0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
> * [SPF failed: Please see
> +http://www.openspf.org/Why?s=mfrom;id=notifications%2Bvvvo8mu4wy%40zyngamail.co
> +m;ip=10.49.16.82;r=helium.inexs.com]
>
Your trusted_networks is broken. SA thinks that helium.inexs.com is not
a part of your normal mail delivery, and thus is assuming that is the
originating outside server for zynga.
Looking at the message you sent to the list, helium is actually your server.
Re: user_prefs questions/problem
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
Follow-up to self. *gnarf*
On Wed, 2010-09-22 at 00:35 +0200, Karsten Bräckelmann wrote:
> On Tue, 2010-09-21 at 17:18 -0500, Chuck Campbell wrote:
> > > Done this in /etc/mail/spamassassin/local.cf
> > > waiting for appropriate message(s) to arrive and check headers.
> >
> > OK, this works properly now, and I see a USER_IN_WHITELIST under spam tests.
You did keep a sample this time, so you don't have to wait for another
one, right? ;)
> > How do I sort out the per_user prefs issues I've got (they clearly aren't
> > working).
> If the same (user) settings work in site-wide config, but not in
> user_prefs, the issue most likely is that the user_prefs are not used
> for some reason.
Key for debugging is to have a sample, and to reproduce the issue by
passing the sample to SA exactly as your mail processing chain would.
(IIRC you didn't mention how you integrate SA.)
> There are some relevant spamd command line options, that might cause
> this. And of course, using some glue to SA that does not provide the
> user for per-user settings to work at all comes to mind.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: user_prefs questions/problem
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2010-09-21 at 17:18 -0500, Chuck Campbell wrote:
> > > Try putting those white-list statements in the global "local.cf" config
> > > file (do a --lint check & what ever steps are necessary to restart SA so
> > > that it will see the changes) and then test to see if the whitelist works.
> >
> > Done this in /etc/mail/spamassassin/local.cf
> >
> > waiting for appropriate message(s) to arrive and check headers.
>
> OK, this works properly now, and I see a USER_IN_WHITELIST under spam tests.
>
> How do I sort out the per_user prefs issues I've got (they clearly aren't
> working).
>
> I need to find where to look for info on how to turn them on.
As I said in a previous reply, white and blacklist options *are* per
user settings and do not need to be turned on -- or rather, cannot be
turned off as user settings for that matter.
If the same (user) settings work in site-wide config, but not in
user_prefs, the issue most likely is that the user_prefs are not used
for some reason.
There are some relevant spamd command line options, that might cause
this. And of course, using some glue to SA that does not provide the
user for per-user settings to work at all comes to mind.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: user_prefs questions/problem
Posted by Chuck Campbell <ca...@accelinc.com>.
> >
> > Try putting those white-list statements in the global "local.cf" config
> > file (do a --lint check & what ever steps are necessary to restart SA so
> > that it will see the changes) and then test to see if the whitelist works.
>
> Done this in /etc/mail/spamassassin/local.cf
>
> waiting for appropriate message(s) to arrive and check headers.
OK, this works properly now, and I see a USER_IN_WHITELIST under spam tests.
How do I sort out the per_user prefs issues I've got (they clearly aren't
working).
I need to find where to look for info on how to turn them on.
thanks,
-chuck
Re: user_prefs questions/problem
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 20 Sep 2010, Chuck Campbell wrote:
> > enabled). Is SA integrated in your mail system in a way that it "knows"
>
> Not sure where to enable this. Will dig more in the docs.
>
> > the user name of the recipient? (some integration methods do not make that
> > info avaialble to SA so the per-user prefs don't work).
> > Have you checked to make sure that your user_prefs are available/readable
> > to the SA daemon?
>
> How do I test this?
Assuming you're running spamd with standard logging enabled, look at the
spamd logs. You should see the username associated in each log entry. EG:
Sep 20 17:39:24 server33 spamd[20757]: spamd: connection from s-l104.engr.uiowa.edu [128.255.17.210] at port 36478
Sep 20 17:39:24 server33 spamd[20757]: spamd: checking message <20...@mx1.whitebeek.com> for astockda:115
Sep 20 17:39:25 server33 spamd[20757]: spamd: identified spam (29.1/6.0) for astockda:115 in 1.2 seconds, 19513 bytes.
Sep 20 17:39:25 server33 spamd[20757]: spamd: result: Y 29 - BAYES_99,COMBINED_FROM,FS_DEGREE,FVGT_m_MULTI_ODD2,HTML_90_100,HTML_MESSAGE,HTML_TAG_BALANCE_BODY,HTML_TINY_FONT,L_CLAMAV,MY_CLAMAV,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_PASS,T__BOTNET_NOTRUST,T__MY_CLAMAV,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_WS_SURBL
scantime=1.2,size=19513,user=astockda,uid=115,required_score=6.0,rhost=s-l104.engr.uiowa.edu,raddr=128.255.17.210,rport=36478,mid=<20...@mx1.whitebeek.com>,bayes=1,autolearn=spam
That "for astockda" and "user=astockda" part is the username that spamd
received from the milter that I use to connect sendmail to spamd
To check user_prefs readablilty, do this:
1) on the machine running spamd (or what ever SA mechanism) login (or su)
to the user in question.
2) create or obtain a test mail message, store in a text file.
3) run it thru spamassassin in debug mode:
% spamassassin -D < test-message.txt > /tmp/test.out 2>&1
Then grep for 'user' in the output file:
% grep user /tmp/test.out
[21751] dbg: config: using "/home/bill/.spamassassin" for user state dir
[21751] dbg: config: using "/home/bill/.spamassassin/user_prefs" for user prefs file
[21751] dbg: config: read file /home/bill/.spamassassin/user_prefs
[21751] dbg: Botnet: adding (\b|\d)user(\b|\d) to botnet_clientwords
Note the line that says "read file /home/bill/.spamassassin/user_prefs"
that file should exist and be readable by your spamd process AND be the
file that you've put the user config stuff in.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: user_prefs questions/problem
Posted by Chuck Campbell <ca...@accelinc.com>.
On Sat, Sep 18, 2010 at 06:46:18PM -0500, Dave Funk wrote:
> On Sat, 18 Sep 2010, Chuck Campbell wrote:
>
> >I have SA set up and working (mostly) on my mail machine, however I've put
> >the
> >following into my user_prefs:
> >
> >whitelist_from *@zyngamail.com
> >and
> >whitelist_from_rcvd *@zyngamail.com zyngamail.com
> >and
> >whitelist_allows_relays *@zyngamail.com
> >
> >
> >when email comes in from them it is flagged as spam.
> >
> >Here is an example spam report from the headers:
> >
> >X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on helium.inexs.com
> >X-Spam-Flag: YES
> >X-Spam-Level: *****
> >X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
> > DKIM_VALID_AU,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,
> > MIME_HTML_ONLY,RDNS_NONE,SPF_FAIL,TO_NO_BRKTS_NORDNS_HTML
> >+autolearn=disabled
> [snip..]
> >I have contacted them about their SPF failure, and am awaiting a response,
> >but
> >I don't see any reference to my whitelisting, is it not working as I
> >anticipated?
> >
> >If it is there, and I just don't see it, let me know where, and how to
> >increase it's score to ensure whitelisted emails are not flagged as spam.
> >
> >thanks,
> >-chuck
>
First, thanks for the reply.
> I assume when you say "into my user_prefs" you mean the per-user prefs
> (as opposed to the site-wide config).
yes, those in the /home/user/.spamassassin/user_prefs file
>
> Have you enabled per-user prefs in the site-wide config? (default is not
> enabled). Is SA integrated in your mail system in a way that it "knows"
Not sure where to enable this. Will dig more in the docs.
> the user name of the recipient? (some integration methods do not make that
> info avaialble to SA so the per-user prefs don't work).
> Have you checked to make sure that your user_prefs are available/readable
> to the SA daemon?
How do I test this?
>
> Try putting those white-list statements in the global "local.cf" config
> file (do a --lint check & what ever steps are necessary to restart SA so
> that it will see the changes) and then test to see if the whitelist works.
Done this in /etc/mail/spamassassin/local.cf
waiting for appropriate message(s) to arrive and check headers.
> If it does then there's an issue with your per-user prefs, if not then
> there's an issue with the white-listing itself.
I'll be back...
Re: user_prefs questions/problem
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sat, 2010-09-18 at 18:46 -0500, Dave Funk wrote:
> On Sat, 18 Sep 2010, Chuck Campbell wrote:
> > I have SA set up and working (mostly) on my mail machine, however I've put the
> > following into my user_prefs:
> > I don't see any reference to my whitelisting, is it not working as I
> > anticipated?
> I assume when you say "into my user_prefs" you mean the per-user prefs
> (as opposed to the site-wide config).
>
> Have you enabled per-user prefs in the site-wide config? (default is not
White and blacklist options are user preferences.
I assume you are thinking allow_user_rules, aren't you? That indeed
defaults to disabled, but applies to rule definitions only.
> enabled). Is SA integrated in your mail system in a way that it "knows"
> the user name of the recipient? (some integration methods do not make that
> info avaialble to SA so the per-user prefs don't work).
> Have you checked to make sure that your user_prefs are available/readable
> to the SA daemon?
This, however, is a good point indeed. :)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: user_prefs questions/problem
Posted by Dave Funk <db...@engineering.uiowa.edu>.
On Sat, 18 Sep 2010, Chuck Campbell wrote:
> I have SA set up and working (mostly) on my mail machine, however I've put the
> following into my user_prefs:
>
> whitelist_from *@zyngamail.com
> and
> whitelist_from_rcvd *@zyngamail.com zyngamail.com
> and
> whitelist_allows_relays *@zyngamail.com
>
>
> when email comes in from them it is flagged as spam.
>
> Here is an example spam report from the headers:
>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on helium.inexs.com
> X-Spam-Flag: YES
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
> DKIM_VALID_AU,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,
> MIME_HTML_ONLY,RDNS_NONE,SPF_FAIL,TO_NO_BRKTS_NORDNS_HTML
> +autolearn=disabled
[snip..]
> I have contacted them about their SPF failure, and am awaiting a response, but
> I don't see any reference to my whitelisting, is it not working as I
> anticipated?
>
> If it is there, and I just don't see it, let me know where, and how to
> increase it's score to ensure whitelisted emails are not flagged as spam.
>
> thanks,
> -chuck
I assume when you say "into my user_prefs" you mean the per-user prefs
(as opposed to the site-wide config).
Have you enabled per-user prefs in the site-wide config? (default is not
enabled). Is SA integrated in your mail system in a way that it "knows"
the user name of the recipient? (some integration methods do not make that
info avaialble to SA so the per-user prefs don't work).
Have you checked to make sure that your user_prefs are available/readable
to the SA daemon?
Try putting those white-list statements in the global "local.cf" config
file (do a --lint check & what ever steps are necessary to restart SA so
that it will see the changes) and then test to see if the whitelist works.
If it does then there's an issue with your per-user prefs, if not then
there's an issue with the white-listing itself.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: user_prefs questions/problem
Posted by Benny Pedersen <me...@junc.org>.
On lør 18 sep 2010 23:26:45 CEST, Karsten Bräckelmann wrote
>> whitelist_from *@zyngamail.com
> This generally is not a good idea, and it is much better to use the con-
> strained variants, whitelist_from_rcvd or whitelist_auth. Besides, it
> renders the following entries redundant... ;)
i will vote for this to be removed in 3.4.x, or should it be called
whitelistaassin :)
whitelist_from have pratical examples of working as expected ?
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: user_prefs questions/problem
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sat, 2010-09-18 at 15:57 -0500, Chuck Campbell wrote:
> I have SA set up and working (mostly) on my mail machine, however I've put the
> following into my user_prefs:
>
> whitelist_from *@zyngamail.com
This generally is not a good idea, and it is much better to use the con-
strained variants, whitelist_from_rcvd or whitelist_auth. Besides, it
renders the following entries redundant... ;)
> whitelist_from_rcvd *@zyngamail.com zyngamail.com
> whitelist_allows_relays *@zyngamail.com
The second argument to whitelist_from_rcvd is matched against the rDNS.
> X-Spam-Status: Yes, score=5.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
> DKIM_VALID_AU,FSL_HELO_NON_FQDN_1,HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,
> MIME_HTML_ONLY,RDNS_NONE,SPF_FAIL,TO_NO_BRKTS_NORDNS_HTML
> * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> * valid
> * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
> * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
But there is no rDNS.
> If it is there, and I just don't see it, let me know where, and how to
> increase it's score to ensure whitelisted emails are not flagged as spam.
Nope, the whitelisting did not trigger indeed. The rcvd one did not,
because there is no rDNS. Dunno why the unconstrained didn't fire, you
did not provide the relevant headers.
Anyway, assuming at least one of the matched addresses for whitelisting
(see the docs) matches the message, and seeing that DKIM is valid (even
though they borked rDNS), you probably should try whitelist_auth.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}