You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Josef Karliak <ka...@ajetaci.cz> on 2010/08/15 14:36:37 UTC
Spamassassin and no whitelisting
Hi, guys,
I've some problem with whitelisting.
In the local.cf file I've for example:
whitelist_from *@ajetaci.cz
But spamassassisn don't whitelist me that domain. Runs other test, but
no USER_IN_WHITELIST... :
X-Spam-Status: No, score=-29.5 required=8.0 tests=SPF_CHECK_PASS,dkpass
autolearn=ham
Spamassassin version :
spamassassin-3.2.5-28.5.1.x86_64
perl-spamassassin-3.2.5-28.5.1.x86_64
Running on opensuse 11.2, 64-bit on AMD CPU.
" include /etc/mail/spamassassin/whitelist_users " don't works me
either, contains for example "whitelist_from neduveryhodne@ajetaci.cz"
lines.
What did I missed ?
Thanks
J.K.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by Benny Pedersen <me...@junc.org>.
On søn 15 aug 2010 14:36:37 CEST, Josef Karliak wrote
> Hi, guys,
> I've some problem with whitelisting.
> In the local.cf file I've for example:
>
> whitelist_from *@ajetaci.cz
dont do this, you will regret it when spammers know you did this
whitelist_from is considered unsafe here
use whitelist_from_spf or whitelist_from_dkim or both with whitelist_auth
remember to enable spf or dkim plugin for this to work
>
>
> But spamassassisn don't whitelist me that domain. Runs other test,
> but no USER_IN_WHITELIST... :
>
> X-Spam-Status: No, score=-29.5 required=8.0 tests=SPF_CHECK_PASS,dkpass
> autolearn=ham
>
>
> Spamassassin version :
> spamassassin-3.2.5-28.5.1.x86_64
> perl-spamassassin-3.2.5-28.5.1.x86_64
>
> Running on opensuse 11.2, 64-bit on AMD CPU.
>
> " include /etc/mail/spamassassin/whitelist_users " don't works me
> either, contains for example "whitelist_from
> neduveryhodne@ajetaci.cz" lines.
rename whitelist_users to whitelist_users.cf
and restart spamd if used
debug with
spamassassin 2>&1 --lint -D | less
is whitelist_users.cf listed ? :)
include is not spamassassin style for more config files
> What did I missed ?
perldoc Mail::SpamAssassin::Conf
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: Spamassassin and no whitelisting
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Tue, 2010-08-17 at 14:31 +0200, Josef Karliak wrote:
> > It is needed to run sa-update after every editing of the local.cf
> > or whitelist file?
On 17.08.10 13:46, Martin Gregorie wrote:
> No.
they are something different. However after editing config files (or
sa-update if it updates anything) you may need to reload spamd if you use
it.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody
Re: Spamassassin and no whitelisting
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2010-08-17 at 14:31 +0200, Josef Karliak wrote:
> It is needed to run sa-update after every editing of the local.cf
> or whitelist file?
>
No.
Martin
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
I had suse factory repository active, this is where comes 3.3.x
version. Interesting is why rpm told me that 3.2.5 is install (rpm -qa
| grep spamassassin).
From suse factory repository came newer perl, ...
After downgrading perl and many many dependences (grrrrrrrr), I'm
on 5.10.x perl, spamass 3.2.5 and all is excelent:
Aug 17 18:06:13 radio-hk spamd[31856]: spamd: result: . -135 -
BAYES_00,SPF_CHECK_PASS,SPF_PASS,SUBJECT_NEEDS_ENCODING,SUBJ_ILLEGAL_CHARS,USER_IN_WHITELIST,spammedium
scantime=0.3,size=2292,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=54022,mid=<94...@seznam.cz>,bayes=0.000000,autolearn=ham
"USER_IN_WHITELIST" test runs too.
Maybe there were some fights in the system, but not logged. This is
how starts work to me
Thanks a lot !
J.K.
Cituji Benny Pedersen <me...@junc.org>:
> On tir 17 aug 2010 14:31:21 CEST, Josef Karliak wrote
>
>> Good news everyone ! :)
>
> rpm distro was problem ? :)
>
>> Seems like there were some rpm mismatch.
>
> newer happended for me at the time i used rpm based distro, nearly
> all else was happend
>
>> rpm -qa gets me spamassassin ver. 3.2.5, but there is a 3.3.0
>
> both versions installed via rpm ?
>
> if no remove ALL again, delete all dirs that are listed in
> spamassassin -D --lint
>
> but first do it with rpm !
>
>> spamass. After running sa-update WHITELISTING works too. It is
>> weird, who knows ? :-/
>
> sa-update is not changing your local whitelists
>
>> It is needed to run sa-update after every editing of the local.cf
>> or whitelist file?
>
> no sa-update does not touch you local files where you self maintains
> your config in
>
> only need to restart spamd if used
>
> make sure anything that belongs to 3.2.5 is deleted
>
> rpm have a command to make local md5 checksumming to find if
> something is brokken, do this to verify it all ok
>
> --
> xpoint http://www.unicom.com/pw/reply-to-harmful.html
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by Benny Pedersen <me...@junc.org>.
On tir 17 aug 2010 14:31:21 CEST, Josef Karliak wrote
> Good news everyone ! :)
rpm distro was problem ? :)
> Seems like there were some rpm mismatch.
newer happended for me at the time i used rpm based distro, nearly all
else was happend
> rpm -qa gets me spamassassin ver. 3.2.5, but there is a 3.3.0
both versions installed via rpm ?
if no remove ALL again, delete all dirs that are listed in
spamassassin -D --lint
but first do it with rpm !
> spamass. After running sa-update WHITELISTING works too. It is
> weird, who knows ? :-/
sa-update is not changing your local whitelists
> It is needed to run sa-update after every editing of the local.cf
> or whitelist file?
no sa-update does not touch you local files where you self maintains
your config in
only need to restart spamd if used
make sure anything that belongs to 3.2.5 is deleted
rpm have a command to make local md5 checksumming to find if something
is brokken, do this to verify it all ok
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
Good news everyone ! :)
Seems like there were some rpm mismatch.
rpm -qa gets me spamassassin ver. 3.2.5, but there is a 3.3.0
spamass. After running sa-update WHITELISTING works too. It is weird,
who knows ? :-/
It is needed to run sa-update after every editing of the local.cf
or whitelist file?
Thanks
J.K.
Cituji Martin Gregorie <ma...@gregorie.org>:
> On Tue, 2010-08-17 at 09:37 +0200, Josef Karliak wrote:
>> Hi,
>> when I starts spamd daemon, in log file I see that spamd is parsing
>> "/etc/mail/spamassassin/local.cf"
>>
>> Of course, when I spamassassin without -c:
>>
> That's finding and reading the configuration files I expect to see
> in /etc/mail/spamassassin.
>
> Since version 3.3.0 the standard rule set is no longer distributed with
> the programs, so you must run sa_update before starting SA 3.3.x for the
> first time or SA will not find any rules.
>
> Have you run sa_update yet?
>
>
> Martin
>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by Martin Gregorie <ma...@gregorie.org>.
On Tue, 2010-08-17 at 09:37 +0200, Josef Karliak wrote:
> Hi,
> when I starts spamd daemon, in log file I see that spamd is parsing
> "/etc/mail/spamassassin/local.cf"
>
> Of course, when I spamassassin without -c:
>
That's finding and reading the configuration files I expect to see
in /etc/mail/spamassassin.
Since version 3.3.0 the standard rule set is no longer distributed with
the programs, so you must run sa_update before starting SA 3.3.x for the
first time or SA will not find any rules.
Have you run sa_update yet?
Martin
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
Hi,
when I starts spamd daemon, in log file I see that spamd is parsing
"/etc/mail/spamassassin/local.cf"
Of course, when I spamassassin without -c:
radio-hk:/etc/mail/spamassassin # spamassassin -t -D
</var/spool/vbms/archive/A313D5EDFFB
Aug 17 09:35:32.394 [20409] dbg: logger: adding facilities: all
Aug 17 09:35:32.394 [20409] dbg: logger: logging level is DBG
Aug 17 09:35:32.394 [20409] dbg: generic: SpamAssassin version 3.3.1
Aug 17 09:35:32.394 [20409] dbg: generic: Perl 5.010000, PREFIX=/usr,
DEF_RULES_DIR=/usr/share/spamassassin,
LOCAL_RULES_DIR=/etc/mail/spamassassin,
LOCAL_STATE_DIR=/var/lib/spamassassin
Aug 17 09:35:32.394 [20409] dbg: config: timing enabled
Aug 17 09:35:32.394 [20409] dbg: config: score set 0 chosen.
Aug 17 09:35:32.396 [20409] dbg: util: running in taint mode? yes
Aug 17 09:35:32.396 [20409] dbg: util: taint mode: deleting unsafe
environment variables, resetting PATH
Aug 17 09:35:32.396 [20409] dbg: util: PATH included
'/usr/lib64/mpi/gcc/openmpi/bin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/sbin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/usr/sbin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included
'/usr/local/sbin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/root/bin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/usr/local/bin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/usr/bin', keeping
Aug 17 09:35:32.396 [20409] dbg: util: PATH included '/bin', keeping
Aug 17 09:35:32.397 [20409] dbg: util: PATH included '/usr/bin/X11', keeping
Aug 17 09:35:32.397 [20409] dbg: util: PATH included '/usr/X11R6/bin', keeping
Aug 17 09:35:32.397 [20409] dbg: util: PATH included '/usr/games', keeping
Aug 17 09:35:32.397 [20409] dbg: util: PATH included
'/usr/lib64/jvm/jre/bin', keeping
Aug 17 09:35:32.397 [20409] dbg: util: PATH included
'/usr/lib/mit/bin', which is unusable, dropping: No such file or
directory
Aug 17 09:35:32.397 [20409] dbg: util: PATH included
'/usr/lib/mit/sbin', which is unusable, dropping: No such file or
directory
Aug 17 09:35:32.397 [20409] dbg: util: final PATH set to:
/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin
Aug 17 09:35:32.401 [20409] dbg: dns: is Net::DNS::Resolver available? yes
Aug 17 09:35:32.401 [20409] dbg: dns: Net::DNS version: 0.65
Aug 17 09:35:32.403 [20409] dbg: config: using
"/etc/mail/spamassassin" for site rules pre files
Aug 17 09:35:32.403 [20409] dbg: config: read file
/etc/mail/spamassassin/init.pre
Aug 17 09:35:32.403 [20409] dbg: config: read file
/etc/mail/spamassassin/v310.pre
Aug 17 09:35:32.403 [20409] dbg: config: read file
/etc/mail/spamassassin/v312.pre
Aug 17 09:35:32.403 [20409] dbg: config: read file
/etc/mail/spamassassin/v320.pre
Aug 17 09:35:32.403 [20409] dbg: config: read file
/etc/mail/spamassassin/v330.pre
Aug 17 09:35:32.403 [20409] dbg: config: using
"/usr/share/spamassassin" for sys rules pre files
Aug 17 09:35:32.403 [20409] dbg: config: using
"/usr/share/spamassassin" for default rules dir
config: no rules were found! Do you need to run 'sa-update'? at
/usr/bin/spamassassin line 403.
But "sa-update" updated only rules from network, isn't it ?
Thanks.
J.K.
Cituji jdow <jd...@earthlink.net>:
> That -c shows what you are doing wrong. "-c /etc/mail/spamassassin" is the
> path to the directory. That is what you should use. I am not sure what
> SpamAssassin is using for its configuration.
>
> {^_^}
>
> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
> To: "jdow" <jd...@earthlink.net>
> Cc: <us...@spamassassin.apache.org>
> Sent: Monday, 2010/August/16 04:19
> Subject: Re: Spamassassin and no whitelisting
>
>
>> radio-hk:/etc/mail/spamassassin # sudo -u chose spamassassin --lint -c
>> /etc/mail/spamassassin/local.cf
>> Aug 16 13:00:05.859 [4857] warn: netset: cannot include
>> 200.200.200.0/24 as it has already been included
>> Aug 16 13:00:05.868 [4857] warn: netset: cannot include
>> 200.200.200.0/24 as it has already been included
>>
>> Whitelist file contains for example:
>> whitelist_from horde@lists.horde.org
>> whitelist_from imp@lists.horde.org
>>
>> Spamd doesn't complains on that
>> I've no blacklisting
>>
>> Spamass test with debug on the mail that has sender (From:) whitelisted:
>> Aug 16 13:08:10.361 [5096] dbg: logger: adding facilities: all
>> Aug 16 13:08:10.361 [5096] dbg: logger: logging level is DBG
>> Aug 16 13:08:10.361 [5096] dbg: generic: SpamAssassin version 3.3.1
>> Aug 16 13:08:10.361 [5096] dbg: generic: Perl 5.010000, PREFIX=/usr,
>> DEF_RULES_DIR=/usr/share/spamassassin,
>> LOCAL_RULES_DIR=/etc/mail/spamassassin,
>> LOCAL_STATE_DIR=/var/lib/spamassassin
>> Aug 16 13:08:10.361 [5096] dbg: config: timing enabled
>> Aug 16 13:08:10.362 [5096] dbg: config: score set 0 chosen.
>> Aug 16 13:08:10.363 [5096] dbg: util: running in taint mode? yes
>> Aug 16 13:08:10.363 [5096] dbg: util: taint mode: deleting unsafe
>> environment variables, resetting PATH
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included
>> '/usr/lib64/mpi/gcc/openmpi/bin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/sbin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/sbin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included
>> '/usr/local/sbin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/root/bin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included
>> '/usr/local/bin', keeping
>> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/bin', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/bin', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/bin/X11', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
>> '/usr/X11R6/bin', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/games', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
>> '/usr/lib64/jvm/jre/bin', keeping
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
>> '/usr/lib/mit/bin', which is unusable, dropping: No such file or
>> directory
>> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
>> '/usr/lib/mit/sbin', which is unusable, dropping: No such file or
>> directory
>> Aug 16 13:08:10.364 [5096] dbg: util: final PATH set to:
>> /usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin
>> Aug 16 13:08:10.368 [5096] dbg: dns: is Net::DNS::Resolver available? yes
>> Aug 16 13:08:10.368 [5096] dbg: dns: Net::DNS version: 0.65
>> Aug 16 13:08:10.369 [5096] dbg: config: using "/etc/mail/spamassassin"
>> for site rules pre files
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/init.pre
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/v310.pre
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/v312.pre
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/v320.pre
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/v330.pre
>> Aug 16 13:08:10.370 [5096] dbg: config: using
>> "/etc/mail/spamassassin/local.cf" for sys rules pre files
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/local.cf
>> Aug 16 13:08:10.370 [5096] dbg: config: using
>> "/etc/mail/spamassassin/local.cf" for default rules dir
>> Aug 16 13:08:10.370 [5096] dbg: config: read file
>> /etc/mail/spamassassin/local.cf
>> Aug 16 13:08:10.371 [5096] dbg: config: using "/etc/mail/spamassassin"
>> for site rules dir
>> Aug 16 13:08:10.371 [5096] dbg: config: read file
>> /etc/mail/spamassassin/local.cf
>> Aug 16 13:08:10.371 [5096] dbg: config: read file
>> /etc/mail/spamassassin/whitelist_users.cf
>> Aug 16 13:08:10.371 [5096] dbg: config: using "/root/.spamassassin"
>> for user state dir
>> Aug 16 13:08:10.371 [5096] dbg: config: using
>> "/root/.spamassassin/user_prefs" for user prefs file
>> Aug 16 13:08:10.371 [5096] dbg: config: read file
>> /root/.spamassassin/user_prefs
>> Aug 16 13:08:10.374 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIDNSBL from @INC
>> Aug 16 13:08:10.378 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Hashcash from @INC
>> Aug 16 13:08:10.385 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::SPF from @INC
>> Aug 16 13:08:10.387 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::TextCat from @INC
>> Aug 16 13:08:10.389 [5096] dbg: textcat: loading languages file...
>> Aug 16 13:08:10.446 [5096] dbg: textcat: loaded 73 language models
>> Aug 16 13:08:10.452 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Pyzor from @INC
>> Aug 16 13:08:10.454 [5096] dbg: pyzor: network tests on, attempting Pyzor
>> Aug 16 13:08:10.455 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Razor2 from @INC
>> Aug 16 13:08:10.492 [5096] dbg: razor2: razor2 is available, version 2.84
>> Aug 16 13:08:10.493 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::SpamCop from @INC
>> Aug 16 13:08:10.501 [5096] dbg: reporter: network tests on,
>> attempting SpamCop
>> Aug 16 13:08:10.501 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AWL from @INC
>> Aug 16 13:08:10.504 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
>> Aug 16 13:08:10.505 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
>> Aug 16 13:08:10.506 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::MIMEHeader from @INC
>> Aug 16 13:08:10.507 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
>> Aug 16 13:08:10.508 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::DKIM from @INC
>> Aug 16 13:08:10.513 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Check from @INC
>> Aug 16 13:08:10.519 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
>> Aug 16 13:08:10.520 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIDetail from @INC
>> Aug 16 13:08:10.521 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::Bayes from @INC
>> Aug 16 13:08:10.529 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::BodyEval from @INC
>> Aug 16 13:08:10.530 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::DNSEval from @INC
>> Aug 16 13:08:10.532 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HTMLEval from @INC
>> Aug 16 13:08:10.534 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::HeaderEval from @INC
>> Aug 16 13:08:10.539 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::MIMEEval from @INC
>> Aug 16 13:08:10.542 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::RelayEval from @INC
>> Aug 16 13:08:10.544 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::URIEval from @INC
>> Aug 16 13:08:10.545 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::WLBLEval from @INC
>> Aug 16 13:08:10.546 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::PerMsgStatus from @INC
>> Aug 16 13:08:10.547 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::VBounce from @INC
>> Aug 16 13:08:10.548 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::ImageInfo from @INC
>> Aug 16 13:08:10.550 [5096] dbg: plugin: loading
>> Mail::SpamAssassin::Plugin::FreeMail from @INC
>> Aug 16 13:08:10.554 [5096] dbg: config: using
>> "/etc/mail/spamassassin/whitelist_users.cf" for included file
>> Aug 16 13:08:10.554 [5096] dbg: config: read file
>> /etc/mail/spamassassin/whitelist_users.cf
>> Aug 16 13:08:10.568 [5096] warn: netset: cannot include
>> 200.200.200.0/24 as it has already been included
>> Aug 16 13:08:10.569 [5096] dbg: config: using
>> "/etc/mail/spamassassin/whitelist_users.cf" for included file
>> Aug 16 13:08:10.569 [5096] dbg: config: read file
>> /etc/mail/spamassassin/whitelist_users.cf
>> Aug 16 13:08:10.583 [5096] warn: netset: cannot include
>> 200.200.200.0/24 as it has already been included
>> Aug 16 13:08:10.584 [5096] dbg: config: using
>> "/etc/mail/spamassassin/whitelist_users.cf" for included file
>> Aug 16 13:08:10.584 [5096] dbg: config: read file
>> /etc/mail/spamassassin/whitelist_users.cf
>> Aug 16 13:08:10.603 [5096] dbg: config: finish parsing
>> Aug 16 13:08:10.603 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x2710060) implements
>> 'finish_parsing_end', priority 0
>> Aug 16 13:08:10.603 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::FreeMail=HASH(0x2c70bc0) implements
>> 'finish_parsing_end', priority 0
>> Aug 16 13:08:10.604 [5096] dbg: replacetags: replacing tags
>> Aug 16 13:08:10.604 [5096] dbg: replacetags: done replacing tags
>> Aug 16 13:08:10.604 [5096] dbg: FreeMail: no freemail_domains entries
>> defined, disabling plugin
>> Aug 16 13:08:10.605 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
>> 'learner_new', priority 0
>> Aug 16 13:08:10.605 [5096] dbg: bayes: learner_new
>> self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8),
>> bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
>> Aug 16 13:08:10.614 [5096] dbg: bayes: learner_new: got
>> store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x1be9110)
>> Aug 16 13:08:10.614 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
>> 'learner_is_scan_available', priority 0
>> Aug 16 13:08:10.614 [5096] dbg: config: using "/root/.spamassassin"
>> for user state dir
>> Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
>> /root/.spamassassin/bayes_toks
>> Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
>> /root/.spamassassin/bayes_seen
>> Aug 16 13:08:10.616 [5096] dbg: bayes: found bayes db version 3
>> Aug 16 13:08:10.616 [5096] dbg: bayes: DB journal sync: last sync: 0
>> Aug 16 13:08:10.616 [5096] dbg: config: using "/root/.spamassassin"
>> for user state dir
>> Aug 16 13:08:10.617 [5096] dbg: config: score set 3 chosen.
>> Aug 16 13:08:10.617 [5096] dbg: config: time limit 300.0 s
>> Aug 16 13:08:10.617 [5096] dbg: message: line ending changed to CRLF
>> Aug 16 13:08:10.618 [5096] dbg: message: main message type: text/plain
>> Aug 16 13:08:10.618 [5096] dbg: check: pms new, time limit in 299.751 s
>> Aug 16 13:08:10.619 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::DNSEval=HASH(0x7f20b7264e78) implements
>> 'check_start', priority 0
>> Aug 16 13:08:10.619 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
>> 'check_main', priority 0
>> Aug 16 13:08:10.620 [5096] dbg: config: internal_networks not
>> configured, using trusted_networks configuration for
>> internal_networks; if you really want internal_networks to only
>> contain the required 127/8 add 'internal_networks !0/0' to your
>> configuration
>> Aug 16 13:08:10.620 [5096] dbg: received-header: parsed as [
>> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
>> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0 ]
>> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.119
>> trusted? no internal? no msa? no
>> Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
>> ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY ident=
>> envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ]
>> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 127.0.0.1
>> trusted? no internal? no msa? no
>> Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
>> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
>> envfrom= intl=0 id=74C04FA616B auth= msa=0 ]
>> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.98
>> trusted? no internal? no msa? no
>> Aug 16 13:08:10.624 [5096] dbg: received-header: parsed as [
>> ip=192.168.24.50 rdns= helo=?192.168.24.50? by=kost.fnhk.cz ident=
>> envfrom= intl=0 id= auth= msa=0 ]
>> Aug 16 13:08:10.624 [5096] dbg: received-header: relay 192.168.24.50
>> trusted? no internal? no msa? no
>> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Trusted:
>> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Untrusted: [
>> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
>> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
>> ] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
>> ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
>> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
>> envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
>> helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
>> msa=0 ]
>> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Internal:
>> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-External: [
>> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
>> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
>> ] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
>> ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
>> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
>> envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
>> helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
>> msa=0 ]
>> Aug 16 13:08:10.625 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::TextCat=HASH(0x1d0a020) implements
>> 'extract_metadata', priority 0
>> Aug 16 13:08:10.625 [5096] dbg: message: ---- MIME PARSER START ----
>> Aug 16 13:08:10.625 [5096] dbg: message: parsing normal part
>> Aug 16 13:08:10.626 [5096] dbg: message: ---- MIME PARSER END ----
>> Aug 16 13:08:10.626 [5096] dbg: message: decoding other encoding type
>> (7bit), ignoring
>> Aug 16 13:08:10.626 [5096] dbg: textcat: message too short for
>> language analysis
>> Aug 16 13:08:10.626 [5096] dbg: textcat: X-Languages: "",
>> X-Languages-Length: 11
>> Aug 16 13:08:10.626 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1b72968) implements
>> 'parsed_metadata', priority 0
>> Aug 16 13:08:10.626 [5096] dbg: dns: is_dns_available() last checked
>> 1281956890.6 seconds ago; re-checking
>> Aug 16 13:08:10.627 [5096] dbg: dns: is Net::DNS::Resolver available? yes
>> Aug 16 13:08:10.627 [5096] dbg: dns: Net::DNS version: 0.65
>> Aug 16 13:08:10.627 [5096] dbg: dns: name server: 127.0.0.1,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:10.628 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:10.628 [5096] dbg: dns: testing resolver nameservers:
>> 127.0.0.1, 193.165.192.9, 217.11.237.6, 194.8.253.11, 194.8.252.1
>> Aug 16 13:08:10.628 [5096] dbg: dns: trying (3) cingular.com...
>> Aug 16 13:08:10.628 [5096] dbg: dns: looking up NS for 'cingular.com'
>> Aug 16 13:08:10.628 [5096] dbg: dns: providing a callback for id:
>> 31127/cingular.com/NS/IN
>> Aug 16 13:08:10.992 [5096] dbg: dns: NS lookup of cingular.com using
>> 127.0.0.1 succeeded => DNS available (set dns_available to override)
>> Aug 16 13:08:10.993 [5096] dbg: dns: name server: 193.165.192.9,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:10.993 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:10.993 [5096] dbg: dns: trying (3) gmx.net...
>> Aug 16 13:08:10.993 [5096] dbg: dns: looking up NS for 'gmx.net'
>> Aug 16 13:08:10.993 [5096] dbg: dns: providing a callback for id:
>> 42540/gmx.net/NS/IN
>> Aug 16 13:08:11.003 [5096] dbg: dns: NS lookup of gmx.net using
>> 193.165.192.9 succeeded => DNS available (set dns_available to override)
>> Aug 16 13:08:11.004 [5096] dbg: dns: name server: 217.11.237.6,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:11.005 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:11.005 [5096] dbg: dns: trying (3) w3.org...
>> Aug 16 13:08:11.005 [5096] dbg: dns: looking up NS for 'w3.org'
>> Aug 16 13:08:11.006 [5096] dbg: dns: providing a callback for id:
>> 60502/w3.org/NS/IN
>> Aug 16 13:08:11.012 [5096] dbg: dns: NS lookup of w3.org using
>> 217.11.237.6 failed, no results found
>> Aug 16 13:08:11.012 [5096] dbg: dns: trying (2) motorola.com...
>> Aug 16 13:08:11.012 [5096] dbg: dns: looking up NS for 'motorola.com'
>> Aug 16 13:08:11.013 [5096] dbg: dns: providing a callback for id:
>> 34234/motorola.com/NS/IN
>> Aug 16 13:08:11.019 [5096] dbg: dns: NS lookup of motorola.com using
>> 217.11.237.6 failed, no results found
>> Aug 16 13:08:11.019 [5096] dbg: dns: trying (1) apache.org...
>> Aug 16 13:08:11.019 [5096] dbg: dns: looking up NS for 'apache.org'
>> Aug 16 13:08:11.020 [5096] dbg: dns: providing a callback for id:
>> 12712/apache.org/NS/IN
>> Aug 16 13:08:11.026 [5096] dbg: dns: NS lookup of apache.org using
>> 217.11.237.6 failed, no results found
>> Aug 16 13:08:11.026 [5096] dbg: dns: name server: 194.8.253.11,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:11.028 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:11.028 [5096] dbg: dns: trying (3) yahoo.com...
>> Aug 16 13:08:11.028 [5096] dbg: dns: looking up NS for 'yahoo.com'
>> Aug 16 13:08:11.029 [5096] dbg: dns: providing a callback for id:
>> 45594/yahoo.com/NS/IN
>> Aug 16 13:08:11.065 [5096] dbg: dns: NS lookup of yahoo.com using
>> 194.8.253.11 succeeded => DNS available (set dns_available to override)
>> Aug 16 13:08:11.065 [5096] dbg: dns: name server: 194.8.252.1,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:11.066 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:11.067 [5096] dbg: dns: trying (3) ebay.com...
>> Aug 16 13:08:11.067 [5096] dbg: dns: looking up NS for 'ebay.com'
>> Aug 16 13:08:11.068 [5096] dbg: dns: providing a callback for id:
>> 58487/ebay.com/NS/IN
>> Aug 16 13:08:11.297 [5096] dbg: dns: NS lookup of ebay.com using
>> 194.8.252.1 succeeded => DNS available (set dns_available to override)
>> Aug 16 13:08:11.297 [5096] dbg: dns: name server: 194.8.252.1,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:11.298 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:11.299 [5096] dbg: dns: NS list: 127.0.0.1,
>> 193.165.192.9, 194.8.253.11, 194.8.252.1
>> Aug 16 13:08:11.299 [5096] dbg: dns: name server: 127.0.0.1,
>> LocalAddr: 0.0.0.0
>> Aug 16 13:08:11.300 [5096] dbg: dns: resolver socket rx buffer size is
>> 129024 bytes
>> Aug 16 13:08:11.300 [5096] dbg: dns: is DNS available? 1
>> Aug 16 13:08:11.301 [5096] dbg: uridnsbl: domains to query: fnhk.cz
>> Aug 16 13:08:11.302 [5096] dbg: check: check_main, time limit in 299.067 s
>> Aug 16 13:08:11.302 [5096] dbg: check: running tests for priority: 0
>> Aug 16 13:08:11.303 [5096] dbg: rules: running head tests; score so far=0
>> Aug 16 13:08:11.304 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 6414 chars of
>> Mail::SpamAssassin::Plugin::Check::_head_tests_0_1
>> Aug 16 13:08:11.305 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: head, priority 0
>> Aug 16 13:08:11.305 [5096] dbg: rules: compiled head tests
>> Aug 16 13:08:11.305 [5096] dbg: rules: ran header rule dkpass ======>
>> got hit: "domainkeys=pass"
>> Aug 16 13:08:11.306 [5096] dbg: rules: ran header rule SPF_CHECK_PASS
>> ======> got hit: "pass"
>> Aug 16 13:08:11.306 [5096] dbg: rules: running head_eval tests; score
>> so far=-29.5
>> Aug 16 13:08:11.306 [5096] dbg: rules: run_eval_tests - compiling eval
>> code: 9, priority 0
>> Aug 16 13:08:11.306 [5096] dbg: rules: running body tests; score so
>> far=-29.5
>> Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 215 chars of
>> Mail::SpamAssassin::Plugin::Check::_body_tests_0_1
>> Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: body, priority 0
>> Aug 16 13:08:11.307 [5096] dbg: rules: compiled body tests
>> Aug 16 13:08:11.307 [5096] dbg: rules: running uri tests; score so far=-29.5
>> Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 213 chars of
>> Mail::SpamAssassin::Plugin::Check::_uri_tests_0_1
>> Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: uri, priority 0
>> Aug 16 13:08:11.307 [5096] dbg: rules: compiled uri tests
>> Aug 16 13:08:11.308 [5096] dbg: rules: running rawbody tests; score so
>> far=-29.5
>> Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 221 chars of
>> Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0_1
>> Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: rawbody, priority 0
>> Aug 16 13:08:11.308 [5096] dbg: rules: compiled rawbody tests
>> Aug 16 13:08:11.308 [5096] dbg: rules: running full tests; score so
>> far=-29.5
>> Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 250 chars of
>> Mail::SpamAssassin::Plugin::Check::_full_tests_0_1
>> Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: full, priority 0
>> Aug 16 13:08:11.309 [5096] dbg: rules: compiled full tests
>> Aug 16 13:08:11.309 [5096] dbg: rules: running meta tests; score so
>> far=-29.5
>> Aug 16 13:08:11.309 [5096] dbg: rules: flush_evalstr
>> (run_generic_tests) compiling 275 chars of
>> Mail::SpamAssassin::Plugin::Check::_meta_tests_0_1
>> Aug 16 13:08:11.309 [5096] dbg: rules: run_generic_tests - compiling
>> eval code: meta, priority 0
>> Aug 16 13:08:11.309 [5096] dbg: rules: compiled meta tests
>> Aug 16 13:08:11.309 [5096] dbg: dns: harvest_dnsbl_queries
>> Aug 16 13:08:11.310 [5096] dbg: check: is spam? score=-29.5 required=8
>> Aug 16 13:08:11.310 [5096] dbg: check: tests=SPF_CHECK_PASS,dkpass
>> Aug 16 13:08:11.310 [5096] dbg: check: subtests=
>> Aug 16 13:08:11.310 [5096] dbg: timing: total 940 ms - init: 247
>> (26.3%), parse: 1.71 (0.2%), extract_message_metadata: 682 (72.5%),
>> poll_dns_idle: 643 (68.4%), get_uri_detail_list: 0.52 (0.1%),
>> tests_pri_0: 7 (0.7%), compile_gen: 1.24 (0.1%), compile_eval: 0.26
>> (0.0%)
>> X-Spam-Status: No, score=-29.5 required=8.0 tests=SPF_CHECK_PASS,dkpass
>> autolearn=disabled
>> X-Spam-Level:
>> X-Spam-Checker-Version: Antispam PPCHC
>> X-From: <ka...@fnhk.cz>
>> X-RcptTo: <ch...@ppchc.cz>
>> X-Target: default
>> X-Templt: incoming
>> X-TpList: incoming
>> X-TrgLst: default
>> X-WlFlgs: 01
>> X-RBL: N
>> X-PeerIP: 127.0.0.1
>> X-RealIP: 195.113.123.119
>> Received-SPF: pass (fnhk.cz: 195.113.123.119 is authorized to use
>> 'karliak@fnhk.cz' in 'mfrom' identity (mechanism 'a:antivir1.fnhk.cz'
>> matched)) receiver=radio-hk.ppchc.cz; identity=mailfrom;
>> envelope-from="karliak@fnhk.cz"; helo=antivir1.fnhk.cz;
>> client-ip=195.113.123.119
>> X-DKIM: Sendmail DKIM Filter v2.7.2 radio-hk.ppchc.cz DAC7530CB3
>> Authentication-Results: radio-hk.ppchc.cz; dkim=none (no signature)
>> header.i=unknown; dkim-adsp=fail
>> Received: from antivir1.fnhk.cz (antivir1.fnhk.cz [195.113.123.119])
>> by radio-hk.ppchc.cz (Postfix) with ESMTP id DAC7530CB3
>> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:17 +0200 (CEST)
>> Received: by antivir1.fnhk.cz (Postfix, from userid 8)
>> id 02803FA6170; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
>> Received: from antivir1.fnhk.cz (localhost [127.0.0.1])
>> by vbms.DUMMY (Postfix) with SMTP id A0B2FFA6190
>> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
>> X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 vbms.DUMMY A0B2FFA6190
>> Authentication-Results: vbms.DUMMY; domainkeys=fail (testing)
>> header.from=karliak@fnhk.cz
>> Received: from kost.fnhk.cz (unknown [195.113.123.98])
>> by antivir1.fnhk.cz (Postfix) with SMTP id 74C04FA616B
>> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
>> X-DKIM: Sendmail DKIM Filter v2.7.2 antivir1.fnhk.cz 74C04FA616B
>> Authentication-Results: antivir1.fnhk.cz; dkim=none (no signature)
>> header.i=unknown; dkim-adsp=fail
>> X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 antivir1.fnhk.cz 74C04FA616B
>> Authentication-Results: antivir1.fnhk.cz; domainkeys=pass (testing)
>> header.from=karliak@fnhk.cz
>> Received: (qmail 23590 invoked from network); 16 Aug 2010 11:07:16 -0000
>> Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
>> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
>> s=default; d=fnhk.cz;
>>
>> b=Sekotc6jO+orDWbGvlfAnLkMvv/Eh2wKcTDb4+D7IpONSFUDOMiGqg93NI7dWae4AocBcDNlX6G83fH49v5IQeJPPznuk+2aLK0MH5A8b3cP3CKzGJ5aftj2qH/KE1xvOguFqtplMLietRa2wfG3HYlnCpxB7Cb7biQu7muEXlo=
>> ;
>> Received: from unknown (HELO ?192.168.24.50?) (192.168.24.50)
>> by kost.fnhk.cz with SMTP; 16 Aug 2010 11:07:16 -0000
>> Subject: 1307
>> From: Josef Karliak <ka...@fnhk.cz>
>> To: chose@ppchc.cz
>> Content-Type: text/plain
>> Date: Mon, 16 Aug 2010 13:07:16 +0200
>> Message-Id: <12...@chose.fnhk.cz>
>> Mime-Version: 1.0
>> X-Mailer: Evolution 2.24.1.1
>> Content-Transfer-Encoding: 7bit
>> X-VBSHLD-SCLID: A13CB488489
>> X-VBSHLD-SCLID: A113D5EDFFB
>>
>> test
>>
>> (no report template found)
>>
>> Aug 16 13:08:11.312 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x26f7e98) implements
>> 'finish_tests', priority 0
>> Aug 16 13:08:11.312 [5096] dbg: plugin:
>> Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
>> 'finish_tests', priority 0
>> Aug 16 13:08:11.312 [5096] dbg: plugin:
>> Mail::SpamAssassin::PerMsgStatus=HASH(0x2bda910) implements
>> 'finish_tests', priority 0
>> Aug 16 13:08:11.314 [5096] dbg: bayes: untie-ing
>>
>>
>> Seems like no whitelisting is fired ?
>> Thanks
>> J.K.
>>
>> Cituji jdow <jd...@earthlink.net>:
>>
>>> Off hand I don't see a problem. What does "spamassassin --lint" say as a
>>> user (not as root?) It's almost as if your whitelist rules are not being
>>> parsed because of an error in the file above the whitelist rules.
>>>
>>> If lint passes I'd use "spamassassin -t -D <testemail". Note, I'd NOT
>>> use spamc to make that test, at least at first.
>>>
>>> This will tell you what rules are found and fired. It might also tell you
>>> why the whitelist file is not being found.
>>>
>>> Also do you have any blacklist entries? Could one of them be misfiring and
>>> negating your whitelist somehow.
>>>
>>> How are you including the whitelist entries? (The usual would be a
>>> whitelist.cf file in /etc/mail/spamassassin.)
>>>
>>> {^_^}
>>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>>> To: "jdow" <jd...@earthlink.net>
>>> Cc: <us...@spamassassin.apache.org>
>>> Sent: Sunday, 2010/August/15 22:20
>>> Subject: Re: Spamassassin and no whitelisting
>>>
>>>
>>>> Hi,
>>>> local.cf is in /etc/mail/spamassassisn, spamd load it at startup.
>>>> Spamassassisn work, test runs except whitelist :-/ :
>>>>
>>>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: setuid to mail succeeded
>>>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: processing message
>>>> <20...@kirke.atweb.cz> for mail:8
>>>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: clean message (1.0/8.0)
>>>> for mail:8 in 0.0 seconds, 7706 bytes.
>>>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: result: . 1 -
>>>> SPF_CHECK_NONE
>>>> scantime=0.0,size=7706,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=33320,mid=<20...@kirke.atweb.cz>,autolearn=no
>>>>
>>>> After debug start of the spamd all seems ok:
>>>>
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>>> Mail::SpamAssassin::Plugin::WLBLEval from @INC
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>>> Mail::SpamAssassin::PerMsgStatus from @INC
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>>> Mail::SpamAssassin::Plugin::VBounce from @INC
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>>> Mail::SpamAssassin::Plugin::ImageInfo from @INC
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>>> Mail::SpamAssassin::Plugin::FreeMail from @INC
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: config: using
>>>> "/etc/mail/spamassassin/whitelist_users" for included file
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: config: read file
>>>> /etc/mail/spamassassin/whitelist_users
>>>> Aug 16 07:18:10 radio-hk spamd[32557]: conf: finish parsing
>>>>
>>>>
>>>> So do I missing some module load ? Or so ?
>>>> Thanks
>>>> J.K.
>>>>
>>>> Cituji jdow <jd...@earthlink.net>:
>>>>
>>>>> OK, you use the file local.cf. Are you sure you are modifying the
>>>>> correct local.cf. You rather need to be able to use, advisable or not,
>>>>> whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
>>>>> variants are going to work. So let's get that working first.
>>>>>
>>>>> Determine where the REAL local.cf SHOULD be on your system. That file
>>>>> is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
>>>>> setup to live in /etc/mail/spamassassin. Your description of what is
>>>>> happening suggests you modified a file that is not being used.
>>>>>
>>>>> Note that you can leave spamd running while you test if you use the
>>>>> "spamassassin -t <testemail" approach. You can throw in a -D to get
>>>>> debug messages and see why the whitelist_from line fails for you.
>>>>>
>>>>> THEN it is appropriate to discuss what you should be using.
>>>>>
>>>>> {^_-}
>>>>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>>>>> To: <us...@spamassassin.apache.org>
>>>>> Sent: Sunday, 2010/August/15 09:35
>>>>> Subject: Re: Spamassassin and no whitelisting
>>>>>
>>>>>
>>>>>> Yes, our users (from local LAN) are authorized over Domainkeys
>>>>>> (all emails frou our network are signed), and SA has a "trusted"
>>>>>> network. All from our company is OK and solved.
>>>>>> But we want to create whitelist for companies that our users mails
>>>>>> to. When outside company answers for email, and they don't have
>>>>>> DKIM, SPF, ... and sends emails that look like spam (HTML,
>>>>>> SUBJ_ALL_CAPS, ...) this whitelisted email adress that we get from
>>>>>> his "Sent Items" folder pass this email and it is not filtered.
>>>>>> I know, all this is crazy, but DKIM or even "stupid" SPF is not
>>>>>> used often. And arogant domain admins of "rejected" domains :-/.
>>>>>> How do you solve false positives ? And complains on that ? I don't
>>>>>> want do decrease scores, I thought that whitelisting to senders
>>>>>> get from our users could help. If you emailed him, his reply is
>>>>>> wanted. If not emailed him, lets see results of the test. Nobody
>>>>>> from our company emailed you, but you use DKIM/SPF/... , we want
>>>>>> this mail. Grr, authorized spam ? -> sends to abuse.
>>>>>> What do you think ?
>>>>>> Thanks for advices and help.
>>>>>> J.K.
>>>>>>
>>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>>
>>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>>
>>>>>>>> My idea is to create whitelist file for inluding to SA from
>>>>>>>> emails sent
>>>>>>>> by our users (from Sent Items folders in cyrus emails). SA is
>>>>>>>> a content
>>>>>>>> filter in the Postfix. Only global, not user prefs.
>>>>>>>
>>>>>>> Is there some easy way to identify your users other than the
>>>>>>> domain they claim to be sending from? In other words, is this a
>>>>>>> corporate MTA where all the local mail originates from a specific
>>>>>>> subnet, or an ISP where users send mail via authenticated SMTP?
>>>>>>>
>>>>>>> If so, then there should be some way to tell postfix to trust
>>>>>>> messages originating from those sources and not run them through
>>>>>>> SA at all.
>>>>>>>
>>>>>>> I am not a postfix guru. You might want to do some searches of the
>>>>>>> SA list archives for posts that discuss postfix, there may be
>>>>>>> some config examples already available that will work for you.
>>>>>>>
>>>>>>> Best of luck.
>>>>>>>
>>>>>>>> Interesting is that I've many installs but on this server doesn't mark
>>>>>>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>>>>>>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>>>>>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>>>>>>
>>>>>>> whitelist_from_rcvd specifying your local network may be another
>>>>>>> option for this.
>>>>>>>
>>>>>>>> Thanks.
>>>>>>>> J.K.
>>>>>>>>
>>>>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>>>>
>>>>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>>>>
>>>>>>>>>> I've some problem with whitelisting.
>>>>>>>>>> In the local.cf file I've for example:
>>>>>>>>>>> whitelist_from *@ajetaci.cz
>>>>>>>>>
>>>>>>>>> You do not want to do that. The From address on an email is
>>>>>>>>> trivially easy to forge, and it is common practice for spammers
>>>>>>>>> to forge a From address in the same domain as the target
>>>>>>>>> address. whitelist_from is only to be used if nothing else will
>>>>>>>>> work, as it is a naive whitelist.
>>>>>>>>>
>>>>>>>>> You want to use whitelist_from_auth or one of the other
>>>>>>>>> authenticated variants.
>>>>>>>>>
>>>>>>>>>> What did I missed ?
>>>>>>>>>
>>>>>>>>> The best way to skip SA for local users is in the glue layer.
>>>>>>>>> Tell it to recognize mail that originates from your local
>>>>>>>>> network and for those messages simply _not call SA_ at all.
>>>>>>>>> Then you save the processing overhead.
>>>>>>>>>
>>>>>>>>> You didn't tell us how you're gluing SA onto your MTA. How are
>>>>>>>>> you doing that?
>>>>>>>
>>>>>>> --
>>>>>>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>>>>>>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>>>>>>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>>>>>>> -----------------------------------------------------------------------
>>>>>>> If someone has a gun and is trying to kill you, it would be
>>>>>>> reasonable to shoot back with your own gun.
>>>>>>> -- the Dalai Lama, May 15, 2001
>>>>>>> -----------------------------------------------------------------------
>>>>>>> Today: the 65th anniversary of the end of World War II
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------
>>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------
>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by jdow <jd...@earthlink.net>.
That -c shows what you are doing wrong. "-c /etc/mail/spamassassin" is the
path to the directory. That is what you should use. I am not sure what
SpamAssassin is using for its configuration.
{^_^}
----- Original Message -----
From: "Josef Karliak" <ka...@ajetaci.cz>
To: "jdow" <jd...@earthlink.net>
Cc: <us...@spamassassin.apache.org>
Sent: Monday, 2010/August/16 04:19
Subject: Re: Spamassassin and no whitelisting
> radio-hk:/etc/mail/spamassassin # sudo -u chose spamassassin --lint -c
> /etc/mail/spamassassin/local.cf
> Aug 16 13:00:05.859 [4857] warn: netset: cannot include
> 200.200.200.0/24 as it has already been included
> Aug 16 13:00:05.868 [4857] warn: netset: cannot include
> 200.200.200.0/24 as it has already been included
>
> Whitelist file contains for example:
> whitelist_from horde@lists.horde.org
> whitelist_from imp@lists.horde.org
>
> Spamd doesn't complains on that
> I've no blacklisting
>
> Spamass test with debug on the mail that has sender (From:) whitelisted:
> Aug 16 13:08:10.361 [5096] dbg: logger: adding facilities: all
> Aug 16 13:08:10.361 [5096] dbg: logger: logging level is DBG
> Aug 16 13:08:10.361 [5096] dbg: generic: SpamAssassin version 3.3.1
> Aug 16 13:08:10.361 [5096] dbg: generic: Perl 5.010000, PREFIX=/usr,
> DEF_RULES_DIR=/usr/share/spamassassin,
> LOCAL_RULES_DIR=/etc/mail/spamassassin,
> LOCAL_STATE_DIR=/var/lib/spamassassin
> Aug 16 13:08:10.361 [5096] dbg: config: timing enabled
> Aug 16 13:08:10.362 [5096] dbg: config: score set 0 chosen.
> Aug 16 13:08:10.363 [5096] dbg: util: running in taint mode? yes
> Aug 16 13:08:10.363 [5096] dbg: util: taint mode: deleting unsafe
> environment variables, resetting PATH
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included
> '/usr/lib64/mpi/gcc/openmpi/bin', keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/sbin', keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/sbin', keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/local/sbin',
> keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/root/bin', keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/local/bin',
> keeping
> Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/bin', keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/bin', keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/bin/X11',
> keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/X11R6/bin',
> keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/games', keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
> '/usr/lib64/jvm/jre/bin', keeping
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
> '/usr/lib/mit/bin', which is unusable, dropping: No such file or
> directory
> Aug 16 13:08:10.364 [5096] dbg: util: PATH included
> '/usr/lib/mit/sbin', which is unusable, dropping: No such file or
> directory
> Aug 16 13:08:10.364 [5096] dbg: util: final PATH set to:
> /usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin
> Aug 16 13:08:10.368 [5096] dbg: dns: is Net::DNS::Resolver available? yes
> Aug 16 13:08:10.368 [5096] dbg: dns: Net::DNS version: 0.65
> Aug 16 13:08:10.369 [5096] dbg: config: using "/etc/mail/spamassassin"
> for site rules pre files
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/init.pre
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/v310.pre
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/v312.pre
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/v320.pre
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/v330.pre
> Aug 16 13:08:10.370 [5096] dbg: config: using
> "/etc/mail/spamassassin/local.cf" for sys rules pre files
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/local.cf
> Aug 16 13:08:10.370 [5096] dbg: config: using
> "/etc/mail/spamassassin/local.cf" for default rules dir
> Aug 16 13:08:10.370 [5096] dbg: config: read file
> /etc/mail/spamassassin/local.cf
> Aug 16 13:08:10.371 [5096] dbg: config: using "/etc/mail/spamassassin"
> for site rules dir
> Aug 16 13:08:10.371 [5096] dbg: config: read file
> /etc/mail/spamassassin/local.cf
> Aug 16 13:08:10.371 [5096] dbg: config: read file
> /etc/mail/spamassassin/whitelist_users.cf
> Aug 16 13:08:10.371 [5096] dbg: config: using "/root/.spamassassin"
> for user state dir
> Aug 16 13:08:10.371 [5096] dbg: config: using
> "/root/.spamassassin/user_prefs" for user prefs file
> Aug 16 13:08:10.371 [5096] dbg: config: read file
> /root/.spamassassin/user_prefs
> Aug 16 13:08:10.374 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> Aug 16 13:08:10.378 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Hashcash from @INC
> Aug 16 13:08:10.385 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::SPF from @INC
> Aug 16 13:08:10.387 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::TextCat from @INC
> Aug 16 13:08:10.389 [5096] dbg: textcat: loading languages file...
> Aug 16 13:08:10.446 [5096] dbg: textcat: loaded 73 language models
> Aug 16 13:08:10.452 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Pyzor from @INC
> Aug 16 13:08:10.454 [5096] dbg: pyzor: network tests on, attempting Pyzor
> Aug 16 13:08:10.455 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Razor2 from @INC
> Aug 16 13:08:10.492 [5096] dbg: razor2: razor2 is available, version 2.84
> Aug 16 13:08:10.493 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::SpamCop from @INC
> Aug 16 13:08:10.501 [5096] dbg: reporter: network tests on, attempting
> SpamCop
> Aug 16 13:08:10.501 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AWL from @INC
> Aug 16 13:08:10.504 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
> Aug 16 13:08:10.505 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
> Aug 16 13:08:10.506 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::MIMEHeader from @INC
> Aug 16 13:08:10.507 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::ReplaceTags from @INC
> Aug 16 13:08:10.508 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::DKIM from @INC
> Aug 16 13:08:10.513 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Check from @INC
> Aug 16 13:08:10.519 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
> Aug 16 13:08:10.520 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIDetail from @INC
> Aug 16 13:08:10.521 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::Bayes from @INC
> Aug 16 13:08:10.529 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::BodyEval from @INC
> Aug 16 13:08:10.530 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::DNSEval from @INC
> Aug 16 13:08:10.532 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HTMLEval from @INC
> Aug 16 13:08:10.534 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::HeaderEval from @INC
> Aug 16 13:08:10.539 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::MIMEEval from @INC
> Aug 16 13:08:10.542 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::RelayEval from @INC
> Aug 16 13:08:10.544 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::URIEval from @INC
> Aug 16 13:08:10.545 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::WLBLEval from @INC
> Aug 16 13:08:10.546 [5096] dbg: plugin: loading
> Mail::SpamAssassin::PerMsgStatus from @INC
> Aug 16 13:08:10.547 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::VBounce from @INC
> Aug 16 13:08:10.548 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::ImageInfo from @INC
> Aug 16 13:08:10.550 [5096] dbg: plugin: loading
> Mail::SpamAssassin::Plugin::FreeMail from @INC
> Aug 16 13:08:10.554 [5096] dbg: config: using
> "/etc/mail/spamassassin/whitelist_users.cf" for included file
> Aug 16 13:08:10.554 [5096] dbg: config: read file
> /etc/mail/spamassassin/whitelist_users.cf
> Aug 16 13:08:10.568 [5096] warn: netset: cannot include
> 200.200.200.0/24 as it has already been included
> Aug 16 13:08:10.569 [5096] dbg: config: using
> "/etc/mail/spamassassin/whitelist_users.cf" for included file
> Aug 16 13:08:10.569 [5096] dbg: config: read file
> /etc/mail/spamassassin/whitelist_users.cf
> Aug 16 13:08:10.583 [5096] warn: netset: cannot include
> 200.200.200.0/24 as it has already been included
> Aug 16 13:08:10.584 [5096] dbg: config: using
> "/etc/mail/spamassassin/whitelist_users.cf" for included file
> Aug 16 13:08:10.584 [5096] dbg: config: read file
> /etc/mail/spamassassin/whitelist_users.cf
> Aug 16 13:08:10.603 [5096] dbg: config: finish parsing
> Aug 16 13:08:10.603 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x2710060) implements
> 'finish_parsing_end', priority 0
> Aug 16 13:08:10.603 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::FreeMail=HASH(0x2c70bc0) implements
> 'finish_parsing_end', priority 0
> Aug 16 13:08:10.604 [5096] dbg: replacetags: replacing tags
> Aug 16 13:08:10.604 [5096] dbg: replacetags: done replacing tags
> Aug 16 13:08:10.604 [5096] dbg: FreeMail: no freemail_domains entries
> defined, disabling plugin
> Aug 16 13:08:10.605 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
> 'learner_new', priority 0
> Aug 16 13:08:10.605 [5096] dbg: bayes: learner_new
> self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8),
> bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
> Aug 16 13:08:10.614 [5096] dbg: bayes: learner_new: got
> store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x1be9110)
> Aug 16 13:08:10.614 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
> 'learner_is_scan_available', priority 0
> Aug 16 13:08:10.614 [5096] dbg: config: using "/root/.spamassassin"
> for user state dir
> Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
> /root/.spamassassin/bayes_toks
> Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
> /root/.spamassassin/bayes_seen
> Aug 16 13:08:10.616 [5096] dbg: bayes: found bayes db version 3
> Aug 16 13:08:10.616 [5096] dbg: bayes: DB journal sync: last sync: 0
> Aug 16 13:08:10.616 [5096] dbg: config: using "/root/.spamassassin"
> for user state dir
> Aug 16 13:08:10.617 [5096] dbg: config: score set 3 chosen.
> Aug 16 13:08:10.617 [5096] dbg: config: time limit 300.0 s
> Aug 16 13:08:10.617 [5096] dbg: message: line ending changed to CRLF
> Aug 16 13:08:10.618 [5096] dbg: message: main message type: text/plain
> Aug 16 13:08:10.618 [5096] dbg: check: pms new, time limit in 299.751 s
> Aug 16 13:08:10.619 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::DNSEval=HASH(0x7f20b7264e78) implements
> 'check_start', priority 0
> Aug 16 13:08:10.619 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
> 'check_main', priority 0
> Aug 16 13:08:10.620 [5096] dbg: config: internal_networks not
> configured, using trusted_networks configuration for
> internal_networks; if you really want internal_networks to only
> contain the required 127/8 add 'internal_networks !0/0' to your
> configuration
> Aug 16 13:08:10.620 [5096] dbg: received-header: parsed as [
> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0 ]
> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.119
> trusted? no internal? no msa? no
> Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
> ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY ident=
> envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ]
> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 127.0.0.1
> trusted? no internal? no msa? no
> Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
> envfrom= intl=0 id=74C04FA616B auth= msa=0 ]
> Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.98
> trusted? no internal? no msa? no
> Aug 16 13:08:10.624 [5096] dbg: received-header: parsed as [
> ip=192.168.24.50 rdns= helo=?192.168.24.50? by=kost.fnhk.cz ident=
> envfrom= intl=0 id= auth= msa=0 ]
> Aug 16 13:08:10.624 [5096] dbg: received-header: relay 192.168.24.50
> trusted? no internal? no msa? no
> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Trusted:
> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Untrusted: [
> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
> ] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
> ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
> envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
> helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
> msa=0 ]
> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Internal:
> Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-External: [
> ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
> by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
> ] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
> ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
> ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
> envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
> helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
> msa=0 ]
> Aug 16 13:08:10.625 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::TextCat=HASH(0x1d0a020) implements
> 'extract_metadata', priority 0
> Aug 16 13:08:10.625 [5096] dbg: message: ---- MIME PARSER START ----
> Aug 16 13:08:10.625 [5096] dbg: message: parsing normal part
> Aug 16 13:08:10.626 [5096] dbg: message: ---- MIME PARSER END ----
> Aug 16 13:08:10.626 [5096] dbg: message: decoding other encoding type
> (7bit), ignoring
> Aug 16 13:08:10.626 [5096] dbg: textcat: message too short for
> language analysis
> Aug 16 13:08:10.626 [5096] dbg: textcat: X-Languages: "",
> X-Languages-Length: 11
> Aug 16 13:08:10.626 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1b72968) implements
> 'parsed_metadata', priority 0
> Aug 16 13:08:10.626 [5096] dbg: dns: is_dns_available() last checked
> 1281956890.6 seconds ago; re-checking
> Aug 16 13:08:10.627 [5096] dbg: dns: is Net::DNS::Resolver available? yes
> Aug 16 13:08:10.627 [5096] dbg: dns: Net::DNS version: 0.65
> Aug 16 13:08:10.627 [5096] dbg: dns: name server: 127.0.0.1,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:10.628 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:10.628 [5096] dbg: dns: testing resolver nameservers:
> 127.0.0.1, 193.165.192.9, 217.11.237.6, 194.8.253.11, 194.8.252.1
> Aug 16 13:08:10.628 [5096] dbg: dns: trying (3) cingular.com...
> Aug 16 13:08:10.628 [5096] dbg: dns: looking up NS for 'cingular.com'
> Aug 16 13:08:10.628 [5096] dbg: dns: providing a callback for id:
> 31127/cingular.com/NS/IN
> Aug 16 13:08:10.992 [5096] dbg: dns: NS lookup of cingular.com using
> 127.0.0.1 succeeded => DNS available (set dns_available to override)
> Aug 16 13:08:10.993 [5096] dbg: dns: name server: 193.165.192.9,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:10.993 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:10.993 [5096] dbg: dns: trying (3) gmx.net...
> Aug 16 13:08:10.993 [5096] dbg: dns: looking up NS for 'gmx.net'
> Aug 16 13:08:10.993 [5096] dbg: dns: providing a callback for id:
> 42540/gmx.net/NS/IN
> Aug 16 13:08:11.003 [5096] dbg: dns: NS lookup of gmx.net using
> 193.165.192.9 succeeded => DNS available (set dns_available to override)
> Aug 16 13:08:11.004 [5096] dbg: dns: name server: 217.11.237.6,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:11.005 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:11.005 [5096] dbg: dns: trying (3) w3.org...
> Aug 16 13:08:11.005 [5096] dbg: dns: looking up NS for 'w3.org'
> Aug 16 13:08:11.006 [5096] dbg: dns: providing a callback for id:
> 60502/w3.org/NS/IN
> Aug 16 13:08:11.012 [5096] dbg: dns: NS lookup of w3.org using
> 217.11.237.6 failed, no results found
> Aug 16 13:08:11.012 [5096] dbg: dns: trying (2) motorola.com...
> Aug 16 13:08:11.012 [5096] dbg: dns: looking up NS for 'motorola.com'
> Aug 16 13:08:11.013 [5096] dbg: dns: providing a callback for id:
> 34234/motorola.com/NS/IN
> Aug 16 13:08:11.019 [5096] dbg: dns: NS lookup of motorola.com using
> 217.11.237.6 failed, no results found
> Aug 16 13:08:11.019 [5096] dbg: dns: trying (1) apache.org...
> Aug 16 13:08:11.019 [5096] dbg: dns: looking up NS for 'apache.org'
> Aug 16 13:08:11.020 [5096] dbg: dns: providing a callback for id:
> 12712/apache.org/NS/IN
> Aug 16 13:08:11.026 [5096] dbg: dns: NS lookup of apache.org using
> 217.11.237.6 failed, no results found
> Aug 16 13:08:11.026 [5096] dbg: dns: name server: 194.8.253.11,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:11.028 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:11.028 [5096] dbg: dns: trying (3) yahoo.com...
> Aug 16 13:08:11.028 [5096] dbg: dns: looking up NS for 'yahoo.com'
> Aug 16 13:08:11.029 [5096] dbg: dns: providing a callback for id:
> 45594/yahoo.com/NS/IN
> Aug 16 13:08:11.065 [5096] dbg: dns: NS lookup of yahoo.com using
> 194.8.253.11 succeeded => DNS available (set dns_available to override)
> Aug 16 13:08:11.065 [5096] dbg: dns: name server: 194.8.252.1,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:11.066 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:11.067 [5096] dbg: dns: trying (3) ebay.com...
> Aug 16 13:08:11.067 [5096] dbg: dns: looking up NS for 'ebay.com'
> Aug 16 13:08:11.068 [5096] dbg: dns: providing a callback for id:
> 58487/ebay.com/NS/IN
> Aug 16 13:08:11.297 [5096] dbg: dns: NS lookup of ebay.com using
> 194.8.252.1 succeeded => DNS available (set dns_available to override)
> Aug 16 13:08:11.297 [5096] dbg: dns: name server: 194.8.252.1,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:11.298 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:11.299 [5096] dbg: dns: NS list: 127.0.0.1,
> 193.165.192.9, 194.8.253.11, 194.8.252.1
> Aug 16 13:08:11.299 [5096] dbg: dns: name server: 127.0.0.1,
> LocalAddr: 0.0.0.0
> Aug 16 13:08:11.300 [5096] dbg: dns: resolver socket rx buffer size is
> 129024 bytes
> Aug 16 13:08:11.300 [5096] dbg: dns: is DNS available? 1
> Aug 16 13:08:11.301 [5096] dbg: uridnsbl: domains to query: fnhk.cz
> Aug 16 13:08:11.302 [5096] dbg: check: check_main, time limit in 299.067 s
> Aug 16 13:08:11.302 [5096] dbg: check: running tests for priority: 0
> Aug 16 13:08:11.303 [5096] dbg: rules: running head tests; score so far=0
> Aug 16 13:08:11.304 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 6414 chars of
> Mail::SpamAssassin::Plugin::Check::_head_tests_0_1
> Aug 16 13:08:11.305 [5096] dbg: rules: run_generic_tests - compiling
> eval code: head, priority 0
> Aug 16 13:08:11.305 [5096] dbg: rules: compiled head tests
> Aug 16 13:08:11.305 [5096] dbg: rules: ran header rule dkpass ======>
> got hit: "domainkeys=pass"
> Aug 16 13:08:11.306 [5096] dbg: rules: ran header rule SPF_CHECK_PASS
> ======> got hit: "pass"
> Aug 16 13:08:11.306 [5096] dbg: rules: running head_eval tests; score
> so far=-29.5
> Aug 16 13:08:11.306 [5096] dbg: rules: run_eval_tests - compiling eval
> code: 9, priority 0
> Aug 16 13:08:11.306 [5096] dbg: rules: running body tests; score so
> far=-29.5
> Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 215 chars of
> Mail::SpamAssassin::Plugin::Check::_body_tests_0_1
> Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
> eval code: body, priority 0
> Aug 16 13:08:11.307 [5096] dbg: rules: compiled body tests
> Aug 16 13:08:11.307 [5096] dbg: rules: running uri tests; score so
> far=-29.5
> Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 213 chars of
> Mail::SpamAssassin::Plugin::Check::_uri_tests_0_1
> Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
> eval code: uri, priority 0
> Aug 16 13:08:11.307 [5096] dbg: rules: compiled uri tests
> Aug 16 13:08:11.308 [5096] dbg: rules: running rawbody tests; score so
> far=-29.5
> Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 221 chars of
> Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0_1
> Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
> eval code: rawbody, priority 0
> Aug 16 13:08:11.308 [5096] dbg: rules: compiled rawbody tests
> Aug 16 13:08:11.308 [5096] dbg: rules: running full tests; score so
> far=-29.5
> Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 250 chars of
> Mail::SpamAssassin::Plugin::Check::_full_tests_0_1
> Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
> eval code: full, priority 0
> Aug 16 13:08:11.309 [5096] dbg: rules: compiled full tests
> Aug 16 13:08:11.309 [5096] dbg: rules: running meta tests; score so
> far=-29.5
> Aug 16 13:08:11.309 [5096] dbg: rules: flush_evalstr
> (run_generic_tests) compiling 275 chars of
> Mail::SpamAssassin::Plugin::Check::_meta_tests_0_1
> Aug 16 13:08:11.309 [5096] dbg: rules: run_generic_tests - compiling
> eval code: meta, priority 0
> Aug 16 13:08:11.309 [5096] dbg: rules: compiled meta tests
> Aug 16 13:08:11.309 [5096] dbg: dns: harvest_dnsbl_queries
> Aug 16 13:08:11.310 [5096] dbg: check: is spam? score=-29.5 required=8
> Aug 16 13:08:11.310 [5096] dbg: check: tests=SPF_CHECK_PASS,dkpass
> Aug 16 13:08:11.310 [5096] dbg: check: subtests=
> Aug 16 13:08:11.310 [5096] dbg: timing: total 940 ms - init: 247
> (26.3%), parse: 1.71 (0.2%), extract_message_metadata: 682 (72.5%),
> poll_dns_idle: 643 (68.4%), get_uri_detail_list: 0.52 (0.1%),
> tests_pri_0: 7 (0.7%), compile_gen: 1.24 (0.1%), compile_eval: 0.26
> (0.0%)
> X-Spam-Status: No, score=-29.5 required=8.0 tests=SPF_CHECK_PASS,dkpass
> autolearn=disabled
> X-Spam-Level:
> X-Spam-Checker-Version: Antispam PPCHC
> X-From: <ka...@fnhk.cz>
> X-RcptTo: <ch...@ppchc.cz>
> X-Target: default
> X-Templt: incoming
> X-TpList: incoming
> X-TrgLst: default
> X-WlFlgs: 01
> X-RBL: N
> X-PeerIP: 127.0.0.1
> X-RealIP: 195.113.123.119
> Received-SPF: pass (fnhk.cz: 195.113.123.119 is authorized to use
> 'karliak@fnhk.cz' in 'mfrom' identity (mechanism 'a:antivir1.fnhk.cz'
> matched)) receiver=radio-hk.ppchc.cz; identity=mailfrom;
> envelope-from="karliak@fnhk.cz"; helo=antivir1.fnhk.cz;
> client-ip=195.113.123.119
> X-DKIM: Sendmail DKIM Filter v2.7.2 radio-hk.ppchc.cz DAC7530CB3
> Authentication-Results: radio-hk.ppchc.cz; dkim=none (no signature)
> header.i=unknown; dkim-adsp=fail
> Received: from antivir1.fnhk.cz (antivir1.fnhk.cz [195.113.123.119])
> by radio-hk.ppchc.cz (Postfix) with ESMTP id DAC7530CB3
> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:17 +0200 (CEST)
> Received: by antivir1.fnhk.cz (Postfix, from userid 8)
> id 02803FA6170; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
> Received: from antivir1.fnhk.cz (localhost [127.0.0.1])
> by vbms.DUMMY (Postfix) with SMTP id A0B2FFA6190
> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
> X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 vbms.DUMMY A0B2FFA6190
> Authentication-Results: vbms.DUMMY; domainkeys=fail (testing)
> header.from=karliak@fnhk.cz
> Received: from kost.fnhk.cz (unknown [195.113.123.98])
> by antivir1.fnhk.cz (Postfix) with SMTP id 74C04FA616B
> for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
> X-DKIM: Sendmail DKIM Filter v2.7.2 antivir1.fnhk.cz 74C04FA616B
> Authentication-Results: antivir1.fnhk.cz; dkim=none (no signature)
> header.i=unknown; dkim-adsp=fail
> X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 antivir1.fnhk.cz
> 74C04FA616B
> Authentication-Results: antivir1.fnhk.cz; domainkeys=pass (testing)
> header.from=karliak@fnhk.cz
> Received: (qmail 23590 invoked from network); 16 Aug 2010 11:07:16 -0000
> Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
> DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
> s=default; d=fnhk.cz;
>
> b=Sekotc6jO+orDWbGvlfAnLkMvv/Eh2wKcTDb4+D7IpONSFUDOMiGqg93NI7dWae4AocBcDNlX6G83fH49v5IQeJPPznuk+2aLK0MH5A8b3cP3CKzGJ5aftj2qH/KE1xvOguFqtplMLietRa2wfG3HYlnCpxB7Cb7biQu7muEXlo=
> ;
> Received: from unknown (HELO ?192.168.24.50?) (192.168.24.50)
> by kost.fnhk.cz with SMTP; 16 Aug 2010 11:07:16 -0000
> Subject: 1307
> From: Josef Karliak <ka...@fnhk.cz>
> To: chose@ppchc.cz
> Content-Type: text/plain
> Date: Mon, 16 Aug 2010 13:07:16 +0200
> Message-Id: <12...@chose.fnhk.cz>
> Mime-Version: 1.0
> X-Mailer: Evolution 2.24.1.1
> Content-Transfer-Encoding: 7bit
> X-VBSHLD-SCLID: A13CB488489
> X-VBSHLD-SCLID: A113D5EDFFB
>
> test
>
> (no report template found)
>
> Aug 16 13:08:11.312 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x26f7e98) implements
> 'finish_tests', priority 0
> Aug 16 13:08:11.312 [5096] dbg: plugin:
> Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
> 'finish_tests', priority 0
> Aug 16 13:08:11.312 [5096] dbg: plugin:
> Mail::SpamAssassin::PerMsgStatus=HASH(0x2bda910) implements
> 'finish_tests', priority 0
> Aug 16 13:08:11.314 [5096] dbg: bayes: untie-ing
>
>
> Seems like no whitelisting is fired ?
> Thanks
> J.K.
>
> Cituji jdow <jd...@earthlink.net>:
>
>> Off hand I don't see a problem. What does "spamassassin --lint" say as a
>> user (not as root?) It's almost as if your whitelist rules are not being
>> parsed because of an error in the file above the whitelist rules.
>>
>> If lint passes I'd use "spamassassin -t -D <testemail". Note, I'd NOT
>> use spamc to make that test, at least at first.
>>
>> This will tell you what rules are found and fired. It might also tell you
>> why the whitelist file is not being found.
>>
>> Also do you have any blacklist entries? Could one of them be misfiring
>> and
>> negating your whitelist somehow.
>>
>> How are you including the whitelist entries? (The usual would be a
>> whitelist.cf file in /etc/mail/spamassassin.)
>>
>> {^_^}
>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>> To: "jdow" <jd...@earthlink.net>
>> Cc: <us...@spamassassin.apache.org>
>> Sent: Sunday, 2010/August/15 22:20
>> Subject: Re: Spamassassin and no whitelisting
>>
>>
>>> Hi,
>>> local.cf is in /etc/mail/spamassassisn, spamd load it at startup.
>>> Spamassassisn work, test runs except whitelist :-/ :
>>>
>>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: setuid to mail succeeded
>>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: processing message
>>> <20...@kirke.atweb.cz> for mail:8
>>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: clean message (1.0/8.0)
>>> for mail:8 in 0.0 seconds, 7706 bytes.
>>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: result: . 1 -
>>> SPF_CHECK_NONE
>>> scantime=0.0,size=7706,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=33320,mid=<20...@kirke.atweb.cz>,autolearn=no
>>>
>>> After debug start of the spamd all seems ok:
>>>
>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>> Mail::SpamAssassin::Plugin::WLBLEval from @INC
>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>> Mail::SpamAssassin::PerMsgStatus from @INC
>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>> Mail::SpamAssassin::Plugin::VBounce from @INC
>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>> Mail::SpamAssassin::Plugin::ImageInfo from @INC
>>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>>> Mail::SpamAssassin::Plugin::FreeMail from @INC
>>> Aug 16 07:18:10 radio-hk spamd[32557]: config: using
>>> "/etc/mail/spamassassin/whitelist_users" for included file
>>> Aug 16 07:18:10 radio-hk spamd[32557]: config: read file
>>> /etc/mail/spamassassin/whitelist_users
>>> Aug 16 07:18:10 radio-hk spamd[32557]: conf: finish parsing
>>>
>>>
>>> So do I missing some module load ? Or so ?
>>> Thanks
>>> J.K.
>>>
>>> Cituji jdow <jd...@earthlink.net>:
>>>
>>>> OK, you use the file local.cf. Are you sure you are modifying the
>>>> correct local.cf. You rather need to be able to use, advisable or not,
>>>> whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
>>>> variants are going to work. So let's get that working first.
>>>>
>>>> Determine where the REAL local.cf SHOULD be on your system. That file
>>>> is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
>>>> setup to live in /etc/mail/spamassassin. Your description of what is
>>>> happening suggests you modified a file that is not being used.
>>>>
>>>> Note that you can leave spamd running while you test if you use the
>>>> "spamassassin -t <testemail" approach. You can throw in a -D to get
>>>> debug messages and see why the whitelist_from line fails for you.
>>>>
>>>> THEN it is appropriate to discuss what you should be using.
>>>>
>>>> {^_-}
>>>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>>>> To: <us...@spamassassin.apache.org>
>>>> Sent: Sunday, 2010/August/15 09:35
>>>> Subject: Re: Spamassassin and no whitelisting
>>>>
>>>>
>>>>> Yes, our users (from local LAN) are authorized over Domainkeys
>>>>> (all emails frou our network are signed), and SA has a "trusted"
>>>>> network. All from our company is OK and solved.
>>>>> But we want to create whitelist for companies that our users mails
>>>>> to. When outside company answers for email, and they don't have
>>>>> DKIM, SPF, ... and sends emails that look like spam (HTML,
>>>>> SUBJ_ALL_CAPS, ...) this whitelisted email adress that we get from
>>>>> his "Sent Items" folder pass this email and it is not filtered.
>>>>> I know, all this is crazy, but DKIM or even "stupid" SPF is not
>>>>> used often. And arogant domain admins of "rejected" domains :-/.
>>>>> How do you solve false positives ? And complains on that ? I don't
>>>>> want do decrease scores, I thought that whitelisting to senders
>>>>> get from our users could help. If you emailed him, his reply is
>>>>> wanted. If not emailed him, lets see results of the test. Nobody
>>>>> from our company emailed you, but you use DKIM/SPF/... , we want
>>>>> this mail. Grr, authorized spam ? -> sends to abuse.
>>>>> What do you think ?
>>>>> Thanks for advices and help.
>>>>> J.K.
>>>>>
>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>
>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>
>>>>>>> My idea is to create whitelist file for inluding to SA from emails
>>>>>>> sent
>>>>>>> by our users (from Sent Items folders in cyrus emails). SA is a
>>>>>>> content
>>>>>>> filter in the Postfix. Only global, not user prefs.
>>>>>>
>>>>>> Is there some easy way to identify your users other than the
>>>>>> domain they claim to be sending from? In other words, is this a
>>>>>> corporate MTA where all the local mail originates from a specific
>>>>>> subnet, or an ISP where users send mail via authenticated SMTP?
>>>>>>
>>>>>> If so, then there should be some way to tell postfix to trust
>>>>>> messages originating from those sources and not run them through
>>>>>> SA at all.
>>>>>>
>>>>>> I am not a postfix guru. You might want to do some searches of the
>>>>>> SA list archives for posts that discuss postfix, there may be
>>>>>> some config examples already available that will work for you.
>>>>>>
>>>>>> Best of luck.
>>>>>>
>>>>>>> Interesting is that I've many installs but on this server doesn't
>>>>>>> mark
>>>>>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST"
>>>>>>> test
>>>>>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>>>>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>>>>>
>>>>>> whitelist_from_rcvd specifying your local network may be another
>>>>>> option for this.
>>>>>>
>>>>>>> Thanks.
>>>>>>> J.K.
>>>>>>>
>>>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>>>
>>>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>>>
>>>>>>>>> I've some problem with whitelisting.
>>>>>>>>> In the local.cf file I've for example:
>>>>>>>>>> whitelist_from *@ajetaci.cz
>>>>>>>>
>>>>>>>> You do not want to do that. The From address on an email is
>>>>>>>> trivially easy to forge, and it is common practice for spammers
>>>>>>>> to forge a From address in the same domain as the target
>>>>>>>> address. whitelist_from is only to be used if nothing else will
>>>>>>>> work, as it is a naive whitelist.
>>>>>>>>
>>>>>>>> You want to use whitelist_from_auth or one of the other
>>>>>>>> authenticated variants.
>>>>>>>>
>>>>>>>>> What did I missed ?
>>>>>>>>
>>>>>>>> The best way to skip SA for local users is in the glue layer.
>>>>>>>> Tell it to recognize mail that originates from your local
>>>>>>>> network and for those messages simply _not call SA_ at all.
>>>>>>>> Then you save the processing overhead.
>>>>>>>>
>>>>>>>> You didn't tell us how you're gluing SA onto your MTA. How are
>>>>>>>> you doing that?
>>>>>>
>>>>>> --
>>>>>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>>>>>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>>>>>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>>>>>> -----------------------------------------------------------------------
>>>>>> If someone has a gun and is trying to kill you, it would be
>>>>>> reasonable to shoot back with your own gun.
>>>>>> -- the Dalai Lama, May 15, 2001
>>>>>> -----------------------------------------------------------------------
>>>>>> Today: the 65th anniversary of the end of World War II
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ----------------------------------------------------------------
>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
radio-hk:/etc/mail/spamassassin # sudo -u chose spamassassin --lint -c
/etc/mail/spamassassin/local.cf
Aug 16 13:00:05.859 [4857] warn: netset: cannot include
200.200.200.0/24 as it has already been included
Aug 16 13:00:05.868 [4857] warn: netset: cannot include
200.200.200.0/24 as it has already been included
Whitelist file contains for example:
whitelist_from horde@lists.horde.org
whitelist_from imp@lists.horde.org
Spamd doesn't complains on that
I've no blacklisting
Spamass test with debug on the mail that has sender (From:) whitelisted:
Aug 16 13:08:10.361 [5096] dbg: logger: adding facilities: all
Aug 16 13:08:10.361 [5096] dbg: logger: logging level is DBG
Aug 16 13:08:10.361 [5096] dbg: generic: SpamAssassin version 3.3.1
Aug 16 13:08:10.361 [5096] dbg: generic: Perl 5.010000, PREFIX=/usr,
DEF_RULES_DIR=/usr/share/spamassassin,
LOCAL_RULES_DIR=/etc/mail/spamassassin,
LOCAL_STATE_DIR=/var/lib/spamassassin
Aug 16 13:08:10.361 [5096] dbg: config: timing enabled
Aug 16 13:08:10.362 [5096] dbg: config: score set 0 chosen.
Aug 16 13:08:10.363 [5096] dbg: util: running in taint mode? yes
Aug 16 13:08:10.363 [5096] dbg: util: taint mode: deleting unsafe
environment variables, resetting PATH
Aug 16 13:08:10.363 [5096] dbg: util: PATH included
'/usr/lib64/mpi/gcc/openmpi/bin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/sbin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/sbin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/local/sbin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/root/bin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/local/bin', keeping
Aug 16 13:08:10.363 [5096] dbg: util: PATH included '/usr/bin', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/bin', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/bin/X11', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/X11R6/bin', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included '/usr/games', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included
'/usr/lib64/jvm/jre/bin', keeping
Aug 16 13:08:10.364 [5096] dbg: util: PATH included
'/usr/lib/mit/bin', which is unusable, dropping: No such file or
directory
Aug 16 13:08:10.364 [5096] dbg: util: PATH included
'/usr/lib/mit/sbin', which is unusable, dropping: No such file or
directory
Aug 16 13:08:10.364 [5096] dbg: util: final PATH set to:
/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin
Aug 16 13:08:10.368 [5096] dbg: dns: is Net::DNS::Resolver available? yes
Aug 16 13:08:10.368 [5096] dbg: dns: Net::DNS version: 0.65
Aug 16 13:08:10.369 [5096] dbg: config: using "/etc/mail/spamassassin"
for site rules pre files
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/init.pre
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/v310.pre
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/v312.pre
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/v320.pre
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/v330.pre
Aug 16 13:08:10.370 [5096] dbg: config: using
"/etc/mail/spamassassin/local.cf" for sys rules pre files
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/local.cf
Aug 16 13:08:10.370 [5096] dbg: config: using
"/etc/mail/spamassassin/local.cf" for default rules dir
Aug 16 13:08:10.370 [5096] dbg: config: read file
/etc/mail/spamassassin/local.cf
Aug 16 13:08:10.371 [5096] dbg: config: using "/etc/mail/spamassassin"
for site rules dir
Aug 16 13:08:10.371 [5096] dbg: config: read file
/etc/mail/spamassassin/local.cf
Aug 16 13:08:10.371 [5096] dbg: config: read file
/etc/mail/spamassassin/whitelist_users.cf
Aug 16 13:08:10.371 [5096] dbg: config: using "/root/.spamassassin"
for user state dir
Aug 16 13:08:10.371 [5096] dbg: config: using
"/root/.spamassassin/user_prefs" for user prefs file
Aug 16 13:08:10.371 [5096] dbg: config: read file
/root/.spamassassin/user_prefs
Aug 16 13:08:10.374 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::URIDNSBL from @INC
Aug 16 13:08:10.378 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Hashcash from @INC
Aug 16 13:08:10.385 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::SPF from @INC
Aug 16 13:08:10.387 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::TextCat from @INC
Aug 16 13:08:10.389 [5096] dbg: textcat: loading languages file...
Aug 16 13:08:10.446 [5096] dbg: textcat: loaded 73 language models
Aug 16 13:08:10.452 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Pyzor from @INC
Aug 16 13:08:10.454 [5096] dbg: pyzor: network tests on, attempting Pyzor
Aug 16 13:08:10.455 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Razor2 from @INC
Aug 16 13:08:10.492 [5096] dbg: razor2: razor2 is available, version 2.84
Aug 16 13:08:10.493 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::SpamCop from @INC
Aug 16 13:08:10.501 [5096] dbg: reporter: network tests on, attempting SpamCop
Aug 16 13:08:10.501 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AWL from @INC
Aug 16 13:08:10.504 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
Aug 16 13:08:10.505 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
Aug 16 13:08:10.506 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::MIMEHeader from @INC
Aug 16 13:08:10.507 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::ReplaceTags from @INC
Aug 16 13:08:10.508 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::DKIM from @INC
Aug 16 13:08:10.513 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Check from @INC
Aug 16 13:08:10.519 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC
Aug 16 13:08:10.520 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::URIDetail from @INC
Aug 16 13:08:10.521 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::Bayes from @INC
Aug 16 13:08:10.529 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::BodyEval from @INC
Aug 16 13:08:10.530 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::DNSEval from @INC
Aug 16 13:08:10.532 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::HTMLEval from @INC
Aug 16 13:08:10.534 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::HeaderEval from @INC
Aug 16 13:08:10.539 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::MIMEEval from @INC
Aug 16 13:08:10.542 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::RelayEval from @INC
Aug 16 13:08:10.544 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::URIEval from @INC
Aug 16 13:08:10.545 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WLBLEval from @INC
Aug 16 13:08:10.546 [5096] dbg: plugin: loading
Mail::SpamAssassin::PerMsgStatus from @INC
Aug 16 13:08:10.547 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::VBounce from @INC
Aug 16 13:08:10.548 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::ImageInfo from @INC
Aug 16 13:08:10.550 [5096] dbg: plugin: loading
Mail::SpamAssassin::Plugin::FreeMail from @INC
Aug 16 13:08:10.554 [5096] dbg: config: using
"/etc/mail/spamassassin/whitelist_users.cf" for included file
Aug 16 13:08:10.554 [5096] dbg: config: read file
/etc/mail/spamassassin/whitelist_users.cf
Aug 16 13:08:10.568 [5096] warn: netset: cannot include
200.200.200.0/24 as it has already been included
Aug 16 13:08:10.569 [5096] dbg: config: using
"/etc/mail/spamassassin/whitelist_users.cf" for included file
Aug 16 13:08:10.569 [5096] dbg: config: read file
/etc/mail/spamassassin/whitelist_users.cf
Aug 16 13:08:10.583 [5096] warn: netset: cannot include
200.200.200.0/24 as it has already been included
Aug 16 13:08:10.584 [5096] dbg: config: using
"/etc/mail/spamassassin/whitelist_users.cf" for included file
Aug 16 13:08:10.584 [5096] dbg: config: read file
/etc/mail/spamassassin/whitelist_users.cf
Aug 16 13:08:10.603 [5096] dbg: config: finish parsing
Aug 16 13:08:10.603 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x2710060) implements
'finish_parsing_end', priority 0
Aug 16 13:08:10.603 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::FreeMail=HASH(0x2c70bc0) implements
'finish_parsing_end', priority 0
Aug 16 13:08:10.604 [5096] dbg: replacetags: replacing tags
Aug 16 13:08:10.604 [5096] dbg: replacetags: done replacing tags
Aug 16 13:08:10.604 [5096] dbg: FreeMail: no freemail_domains entries
defined, disabling plugin
Aug 16 13:08:10.605 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
'learner_new', priority 0
Aug 16 13:08:10.605 [5096] dbg: bayes: learner_new
self=Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8),
bayes_store_module=Mail::SpamAssassin::BayesStore::DBM
Aug 16 13:08:10.614 [5096] dbg: bayes: learner_new: got
store=Mail::SpamAssassin::BayesStore::DBM=HASH(0x1be9110)
Aug 16 13:08:10.614 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::Bayes=HASH(0x7f20b724d4a8) implements
'learner_is_scan_available', priority 0
Aug 16 13:08:10.614 [5096] dbg: config: using "/root/.spamassassin"
for user state dir
Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
/root/.spamassassin/bayes_toks
Aug 16 13:08:10.615 [5096] dbg: bayes: tie-ing to DB file R/O
/root/.spamassassin/bayes_seen
Aug 16 13:08:10.616 [5096] dbg: bayes: found bayes db version 3
Aug 16 13:08:10.616 [5096] dbg: bayes: DB journal sync: last sync: 0
Aug 16 13:08:10.616 [5096] dbg: config: using "/root/.spamassassin"
for user state dir
Aug 16 13:08:10.617 [5096] dbg: config: score set 3 chosen.
Aug 16 13:08:10.617 [5096] dbg: config: time limit 300.0 s
Aug 16 13:08:10.617 [5096] dbg: message: line ending changed to CRLF
Aug 16 13:08:10.618 [5096] dbg: message: main message type: text/plain
Aug 16 13:08:10.618 [5096] dbg: check: pms new, time limit in 299.751 s
Aug 16 13:08:10.619 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::DNSEval=HASH(0x7f20b7264e78) implements
'check_start', priority 0
Aug 16 13:08:10.619 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
'check_main', priority 0
Aug 16 13:08:10.620 [5096] dbg: config: internal_networks not
configured, using trusted_networks configuration for
internal_networks; if you really want internal_networks to only
contain the required 127/8 add 'internal_networks !0/0' to your
configuration
Aug 16 13:08:10.620 [5096] dbg: received-header: parsed as [
ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0 ]
Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.119
trusted? no internal? no msa? no
Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY ident=
envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ]
Aug 16 13:08:10.621 [5096] dbg: received-header: relay 127.0.0.1
trusted? no internal? no msa? no
Aug 16 13:08:10.621 [5096] dbg: received-header: parsed as [
ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
envfrom= intl=0 id=74C04FA616B auth= msa=0 ]
Aug 16 13:08:10.621 [5096] dbg: received-header: relay 195.113.123.98
trusted? no internal? no msa? no
Aug 16 13:08:10.624 [5096] dbg: received-header: parsed as [
ip=192.168.24.50 rdns= helo=?192.168.24.50? by=kost.fnhk.cz ident=
envfrom= intl=0 id= auth= msa=0 ]
Aug 16 13:08:10.624 [5096] dbg: received-header: relay 192.168.24.50
trusted? no internal? no msa? no
Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Trusted:
Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Untrusted: [
ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
msa=0 ]
Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-Internal:
Aug 16 13:08:10.625 [5096] dbg: metadata: X-Spam-Relays-External: [
ip=195.113.123.119 rdns=antivir1.fnhk.cz helo=antivir1.fnhk.cz
by=radio-hk.ppchc.cz ident= envfrom= intl=0 id=DAC7530CB3 auth= msa=0
] [ ip=127.0.0.1 rdns=localhost helo=antivir1.fnhk.cz by=vbms.DUMMY
ident= envfrom= intl=0 id=A0B2FFA6190 auth= msa=0 ] [
ip=195.113.123.98 rdns= helo=kost.fnhk.cz by=antivir1.fnhk.cz ident=
envfrom= intl=0 id=74C04FA616B auth= msa=0 ] [ ip=192.168.24.50 rdns=
helo=?192.168.24.50? by=kost.fnhk.cz ident= envfrom= intl=0 id= auth=
msa=0 ]
Aug 16 13:08:10.625 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::TextCat=HASH(0x1d0a020) implements
'extract_metadata', priority 0
Aug 16 13:08:10.625 [5096] dbg: message: ---- MIME PARSER START ----
Aug 16 13:08:10.625 [5096] dbg: message: parsing normal part
Aug 16 13:08:10.626 [5096] dbg: message: ---- MIME PARSER END ----
Aug 16 13:08:10.626 [5096] dbg: message: decoding other encoding type
(7bit), ignoring
Aug 16 13:08:10.626 [5096] dbg: textcat: message too short for
language analysis
Aug 16 13:08:10.626 [5096] dbg: textcat: X-Languages: "",
X-Languages-Length: 11
Aug 16 13:08:10.626 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1b72968) implements
'parsed_metadata', priority 0
Aug 16 13:08:10.626 [5096] dbg: dns: is_dns_available() last checked
1281956890.6 seconds ago; re-checking
Aug 16 13:08:10.627 [5096] dbg: dns: is Net::DNS::Resolver available? yes
Aug 16 13:08:10.627 [5096] dbg: dns: Net::DNS version: 0.65
Aug 16 13:08:10.627 [5096] dbg: dns: name server: 127.0.0.1,
LocalAddr: 0.0.0.0
Aug 16 13:08:10.628 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:10.628 [5096] dbg: dns: testing resolver nameservers:
127.0.0.1, 193.165.192.9, 217.11.237.6, 194.8.253.11, 194.8.252.1
Aug 16 13:08:10.628 [5096] dbg: dns: trying (3) cingular.com...
Aug 16 13:08:10.628 [5096] dbg: dns: looking up NS for 'cingular.com'
Aug 16 13:08:10.628 [5096] dbg: dns: providing a callback for id:
31127/cingular.com/NS/IN
Aug 16 13:08:10.992 [5096] dbg: dns: NS lookup of cingular.com using
127.0.0.1 succeeded => DNS available (set dns_available to override)
Aug 16 13:08:10.993 [5096] dbg: dns: name server: 193.165.192.9,
LocalAddr: 0.0.0.0
Aug 16 13:08:10.993 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:10.993 [5096] dbg: dns: trying (3) gmx.net...
Aug 16 13:08:10.993 [5096] dbg: dns: looking up NS for 'gmx.net'
Aug 16 13:08:10.993 [5096] dbg: dns: providing a callback for id:
42540/gmx.net/NS/IN
Aug 16 13:08:11.003 [5096] dbg: dns: NS lookup of gmx.net using
193.165.192.9 succeeded => DNS available (set dns_available to override)
Aug 16 13:08:11.004 [5096] dbg: dns: name server: 217.11.237.6,
LocalAddr: 0.0.0.0
Aug 16 13:08:11.005 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:11.005 [5096] dbg: dns: trying (3) w3.org...
Aug 16 13:08:11.005 [5096] dbg: dns: looking up NS for 'w3.org'
Aug 16 13:08:11.006 [5096] dbg: dns: providing a callback for id:
60502/w3.org/NS/IN
Aug 16 13:08:11.012 [5096] dbg: dns: NS lookup of w3.org using
217.11.237.6 failed, no results found
Aug 16 13:08:11.012 [5096] dbg: dns: trying (2) motorola.com...
Aug 16 13:08:11.012 [5096] dbg: dns: looking up NS for 'motorola.com'
Aug 16 13:08:11.013 [5096] dbg: dns: providing a callback for id:
34234/motorola.com/NS/IN
Aug 16 13:08:11.019 [5096] dbg: dns: NS lookup of motorola.com using
217.11.237.6 failed, no results found
Aug 16 13:08:11.019 [5096] dbg: dns: trying (1) apache.org...
Aug 16 13:08:11.019 [5096] dbg: dns: looking up NS for 'apache.org'
Aug 16 13:08:11.020 [5096] dbg: dns: providing a callback for id:
12712/apache.org/NS/IN
Aug 16 13:08:11.026 [5096] dbg: dns: NS lookup of apache.org using
217.11.237.6 failed, no results found
Aug 16 13:08:11.026 [5096] dbg: dns: name server: 194.8.253.11,
LocalAddr: 0.0.0.0
Aug 16 13:08:11.028 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:11.028 [5096] dbg: dns: trying (3) yahoo.com...
Aug 16 13:08:11.028 [5096] dbg: dns: looking up NS for 'yahoo.com'
Aug 16 13:08:11.029 [5096] dbg: dns: providing a callback for id:
45594/yahoo.com/NS/IN
Aug 16 13:08:11.065 [5096] dbg: dns: NS lookup of yahoo.com using
194.8.253.11 succeeded => DNS available (set dns_available to override)
Aug 16 13:08:11.065 [5096] dbg: dns: name server: 194.8.252.1,
LocalAddr: 0.0.0.0
Aug 16 13:08:11.066 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:11.067 [5096] dbg: dns: trying (3) ebay.com...
Aug 16 13:08:11.067 [5096] dbg: dns: looking up NS for 'ebay.com'
Aug 16 13:08:11.068 [5096] dbg: dns: providing a callback for id:
58487/ebay.com/NS/IN
Aug 16 13:08:11.297 [5096] dbg: dns: NS lookup of ebay.com using
194.8.252.1 succeeded => DNS available (set dns_available to override)
Aug 16 13:08:11.297 [5096] dbg: dns: name server: 194.8.252.1,
LocalAddr: 0.0.0.0
Aug 16 13:08:11.298 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:11.299 [5096] dbg: dns: NS list: 127.0.0.1,
193.165.192.9, 194.8.253.11, 194.8.252.1
Aug 16 13:08:11.299 [5096] dbg: dns: name server: 127.0.0.1,
LocalAddr: 0.0.0.0
Aug 16 13:08:11.300 [5096] dbg: dns: resolver socket rx buffer size is
129024 bytes
Aug 16 13:08:11.300 [5096] dbg: dns: is DNS available? 1
Aug 16 13:08:11.301 [5096] dbg: uridnsbl: domains to query: fnhk.cz
Aug 16 13:08:11.302 [5096] dbg: check: check_main, time limit in 299.067 s
Aug 16 13:08:11.302 [5096] dbg: check: running tests for priority: 0
Aug 16 13:08:11.303 [5096] dbg: rules: running head tests; score so far=0
Aug 16 13:08:11.304 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 6414 chars of
Mail::SpamAssassin::Plugin::Check::_head_tests_0_1
Aug 16 13:08:11.305 [5096] dbg: rules: run_generic_tests - compiling
eval code: head, priority 0
Aug 16 13:08:11.305 [5096] dbg: rules: compiled head tests
Aug 16 13:08:11.305 [5096] dbg: rules: ran header rule dkpass ======>
got hit: "domainkeys=pass"
Aug 16 13:08:11.306 [5096] dbg: rules: ran header rule SPF_CHECK_PASS
======> got hit: "pass"
Aug 16 13:08:11.306 [5096] dbg: rules: running head_eval tests; score
so far=-29.5
Aug 16 13:08:11.306 [5096] dbg: rules: run_eval_tests - compiling eval
code: 9, priority 0
Aug 16 13:08:11.306 [5096] dbg: rules: running body tests; score so far=-29.5
Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 215 chars of
Mail::SpamAssassin::Plugin::Check::_body_tests_0_1
Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
eval code: body, priority 0
Aug 16 13:08:11.307 [5096] dbg: rules: compiled body tests
Aug 16 13:08:11.307 [5096] dbg: rules: running uri tests; score so far=-29.5
Aug 16 13:08:11.307 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 213 chars of
Mail::SpamAssassin::Plugin::Check::_uri_tests_0_1
Aug 16 13:08:11.307 [5096] dbg: rules: run_generic_tests - compiling
eval code: uri, priority 0
Aug 16 13:08:11.307 [5096] dbg: rules: compiled uri tests
Aug 16 13:08:11.308 [5096] dbg: rules: running rawbody tests; score so
far=-29.5
Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 221 chars of
Mail::SpamAssassin::Plugin::Check::_rawbody_tests_0_1
Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
eval code: rawbody, priority 0
Aug 16 13:08:11.308 [5096] dbg: rules: compiled rawbody tests
Aug 16 13:08:11.308 [5096] dbg: rules: running full tests; score so far=-29.5
Aug 16 13:08:11.308 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 250 chars of
Mail::SpamAssassin::Plugin::Check::_full_tests_0_1
Aug 16 13:08:11.308 [5096] dbg: rules: run_generic_tests - compiling
eval code: full, priority 0
Aug 16 13:08:11.309 [5096] dbg: rules: compiled full tests
Aug 16 13:08:11.309 [5096] dbg: rules: running meta tests; score so far=-29.5
Aug 16 13:08:11.309 [5096] dbg: rules: flush_evalstr
(run_generic_tests) compiling 275 chars of
Mail::SpamAssassin::Plugin::Check::_meta_tests_0_1
Aug 16 13:08:11.309 [5096] dbg: rules: run_generic_tests - compiling
eval code: meta, priority 0
Aug 16 13:08:11.309 [5096] dbg: rules: compiled meta tests
Aug 16 13:08:11.309 [5096] dbg: dns: harvest_dnsbl_queries
Aug 16 13:08:11.310 [5096] dbg: check: is spam? score=-29.5 required=8
Aug 16 13:08:11.310 [5096] dbg: check: tests=SPF_CHECK_PASS,dkpass
Aug 16 13:08:11.310 [5096] dbg: check: subtests=
Aug 16 13:08:11.310 [5096] dbg: timing: total 940 ms - init: 247
(26.3%), parse: 1.71 (0.2%), extract_message_metadata: 682 (72.5%),
poll_dns_idle: 643 (68.4%), get_uri_detail_list: 0.52 (0.1%),
tests_pri_0: 7 (0.7%), compile_gen: 1.24 (0.1%), compile_eval: 0.26
(0.0%)
X-Spam-Status: No, score=-29.5 required=8.0 tests=SPF_CHECK_PASS,dkpass
autolearn=disabled
X-Spam-Level:
X-Spam-Checker-Version: Antispam PPCHC
X-From: <ka...@fnhk.cz>
X-RcptTo: <ch...@ppchc.cz>
X-Target: default
X-Templt: incoming
X-TpList: incoming
X-TrgLst: default
X-WlFlgs: 01
X-RBL: N
X-PeerIP: 127.0.0.1
X-RealIP: 195.113.123.119
Received-SPF: pass (fnhk.cz: 195.113.123.119 is authorized to use
'karliak@fnhk.cz' in 'mfrom' identity (mechanism 'a:antivir1.fnhk.cz'
matched)) receiver=radio-hk.ppchc.cz; identity=mailfrom;
envelope-from="karliak@fnhk.cz"; helo=antivir1.fnhk.cz;
client-ip=195.113.123.119
X-DKIM: Sendmail DKIM Filter v2.7.2 radio-hk.ppchc.cz DAC7530CB3
Authentication-Results: radio-hk.ppchc.cz; dkim=none (no signature)
header.i=unknown; dkim-adsp=fail
Received: from antivir1.fnhk.cz (antivir1.fnhk.cz [195.113.123.119])
by radio-hk.ppchc.cz (Postfix) with ESMTP id DAC7530CB3
for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:17 +0200 (CEST)
Received: by antivir1.fnhk.cz (Postfix, from userid 8)
id 02803FA6170; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
Received: from antivir1.fnhk.cz (localhost [127.0.0.1])
by vbms.DUMMY (Postfix) with SMTP id A0B2FFA6190
for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 vbms.DUMMY A0B2FFA6190
Authentication-Results: vbms.DUMMY; domainkeys=fail (testing)
header.from=karliak@fnhk.cz
Received: from kost.fnhk.cz (unknown [195.113.123.98])
by antivir1.fnhk.cz (Postfix) with SMTP id 74C04FA616B
for <ch...@ppchc.cz>; Mon, 16 Aug 2010 13:07:11 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.7.2 antivir1.fnhk.cz 74C04FA616B
Authentication-Results: antivir1.fnhk.cz; dkim=none (no signature)
header.i=unknown; dkim-adsp=fail
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 antivir1.fnhk.cz 74C04FA616B
Authentication-Results: antivir1.fnhk.cz; domainkeys=pass (testing)
header.from=karliak@fnhk.cz
Received: (qmail 23590 invoked from network); 16 Aug 2010 11:07:16 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=fnhk.cz;
b=Sekotc6jO+orDWbGvlfAnLkMvv/Eh2wKcTDb4+D7IpONSFUDOMiGqg93NI7dWae4AocBcDNlX6G83fH49v5IQeJPPznuk+2aLK0MH5A8b3cP3CKzGJ5aftj2qH/KE1xvOguFqtplMLietRa2wfG3HYlnCpxB7Cb7biQu7muEXlo=
;
Received: from unknown (HELO ?192.168.24.50?) (192.168.24.50)
by kost.fnhk.cz with SMTP; 16 Aug 2010 11:07:16 -0000
Subject: 1307
From: Josef Karliak <ka...@fnhk.cz>
To: chose@ppchc.cz
Content-Type: text/plain
Date: Mon, 16 Aug 2010 13:07:16 +0200
Message-Id: <12...@chose.fnhk.cz>
Mime-Version: 1.0
X-Mailer: Evolution 2.24.1.1
Content-Transfer-Encoding: 7bit
X-VBSHLD-SCLID: A13CB488489
X-VBSHLD-SCLID: A113D5EDFFB
test
(no report template found)
Aug 16 13:08:11.312 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x26f7e98) implements
'finish_tests', priority 0
Aug 16 13:08:11.312 [5096] dbg: plugin:
Mail::SpamAssassin::Plugin::Check=HASH(0x27cf0e0) implements
'finish_tests', priority 0
Aug 16 13:08:11.312 [5096] dbg: plugin:
Mail::SpamAssassin::PerMsgStatus=HASH(0x2bda910) implements
'finish_tests', priority 0
Aug 16 13:08:11.314 [5096] dbg: bayes: untie-ing
Seems like no whitelisting is fired ?
Thanks
J.K.
Cituji jdow <jd...@earthlink.net>:
> Off hand I don't see a problem. What does "spamassassin --lint" say as a
> user (not as root?) It's almost as if your whitelist rules are not being
> parsed because of an error in the file above the whitelist rules.
>
> If lint passes I'd use "spamassassin -t -D <testemail". Note, I'd NOT
> use spamc to make that test, at least at first.
>
> This will tell you what rules are found and fired. It might also tell you
> why the whitelist file is not being found.
>
> Also do you have any blacklist entries? Could one of them be misfiring and
> negating your whitelist somehow.
>
> How are you including the whitelist entries? (The usual would be a
> whitelist.cf file in /etc/mail/spamassassin.)
>
> {^_^}
> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
> To: "jdow" <jd...@earthlink.net>
> Cc: <us...@spamassassin.apache.org>
> Sent: Sunday, 2010/August/15 22:20
> Subject: Re: Spamassassin and no whitelisting
>
>
>> Hi,
>> local.cf is in /etc/mail/spamassassisn, spamd load it at startup.
>> Spamassassisn work, test runs except whitelist :-/ :
>>
>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: setuid to mail succeeded
>> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: processing message
>> <20...@kirke.atweb.cz> for mail:8
>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: clean message (1.0/8.0)
>> for mail:8 in 0.0 seconds, 7706 bytes.
>> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: result: . 1 -
>> SPF_CHECK_NONE
>> scantime=0.0,size=7706,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=33320,mid=<20...@kirke.atweb.cz>,autolearn=no
>>
>> After debug start of the spamd all seems ok:
>>
>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>> Mail::SpamAssassin::Plugin::WLBLEval from @INC
>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>> Mail::SpamAssassin::PerMsgStatus from @INC
>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>> Mail::SpamAssassin::Plugin::VBounce from @INC
>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>> Mail::SpamAssassin::Plugin::ImageInfo from @INC
>> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
>> Mail::SpamAssassin::Plugin::FreeMail from @INC
>> Aug 16 07:18:10 radio-hk spamd[32557]: config: using
>> "/etc/mail/spamassassin/whitelist_users" for included file
>> Aug 16 07:18:10 radio-hk spamd[32557]: config: read file
>> /etc/mail/spamassassin/whitelist_users
>> Aug 16 07:18:10 radio-hk spamd[32557]: conf: finish parsing
>>
>>
>> So do I missing some module load ? Or so ?
>> Thanks
>> J.K.
>>
>> Cituji jdow <jd...@earthlink.net>:
>>
>>> OK, you use the file local.cf. Are you sure you are modifying the
>>> correct local.cf. You rather need to be able to use, advisable or not,
>>> whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
>>> variants are going to work. So let's get that working first.
>>>
>>> Determine where the REAL local.cf SHOULD be on your system. That file
>>> is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
>>> setup to live in /etc/mail/spamassassin. Your description of what is
>>> happening suggests you modified a file that is not being used.
>>>
>>> Note that you can leave spamd running while you test if you use the
>>> "spamassassin -t <testemail" approach. You can throw in a -D to get
>>> debug messages and see why the whitelist_from line fails for you.
>>>
>>> THEN it is appropriate to discuss what you should be using.
>>>
>>> {^_-}
>>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>>> To: <us...@spamassassin.apache.org>
>>> Sent: Sunday, 2010/August/15 09:35
>>> Subject: Re: Spamassassin and no whitelisting
>>>
>>>
>>>> Yes, our users (from local LAN) are authorized over Domainkeys
>>>> (all emails frou our network are signed), and SA has a "trusted"
>>>> network. All from our company is OK and solved.
>>>> But we want to create whitelist for companies that our users mails
>>>> to. When outside company answers for email, and they don't have
>>>> DKIM, SPF, ... and sends emails that look like spam (HTML,
>>>> SUBJ_ALL_CAPS, ...) this whitelisted email adress that we get from
>>>> his "Sent Items" folder pass this email and it is not filtered.
>>>> I know, all this is crazy, but DKIM or even "stupid" SPF is not
>>>> used often. And arogant domain admins of "rejected" domains :-/.
>>>> How do you solve false positives ? And complains on that ? I don't
>>>> want do decrease scores, I thought that whitelisting to senders
>>>> get from our users could help. If you emailed him, his reply is
>>>> wanted. If not emailed him, lets see results of the test. Nobody
>>>> from our company emailed you, but you use DKIM/SPF/... , we want
>>>> this mail. Grr, authorized spam ? -> sends to abuse.
>>>> What do you think ?
>>>> Thanks for advices and help.
>>>> J.K.
>>>>
>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>
>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>
>>>>>> My idea is to create whitelist file for inluding to SA from emails sent
>>>>>> by our users (from Sent Items folders in cyrus emails). SA is a content
>>>>>> filter in the Postfix. Only global, not user prefs.
>>>>>
>>>>> Is there some easy way to identify your users other than the
>>>>> domain they claim to be sending from? In other words, is this a
>>>>> corporate MTA where all the local mail originates from a specific
>>>>> subnet, or an ISP where users send mail via authenticated SMTP?
>>>>>
>>>>> If so, then there should be some way to tell postfix to trust
>>>>> messages originating from those sources and not run them through
>>>>> SA at all.
>>>>>
>>>>> I am not a postfix guru. You might want to do some searches of the
>>>>> SA list archives for posts that discuss postfix, there may be
>>>>> some config examples already available that will work for you.
>>>>>
>>>>> Best of luck.
>>>>>
>>>>>> Interesting is that I've many installs but on this server doesn't mark
>>>>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>>>>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>>>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>>>>
>>>>> whitelist_from_rcvd specifying your local network may be another
>>>>> option for this.
>>>>>
>>>>>> Thanks.
>>>>>> J.K.
>>>>>>
>>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>>
>>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>>
>>>>>>>> I've some problem with whitelisting.
>>>>>>>> In the local.cf file I've for example:
>>>>>>>>> whitelist_from *@ajetaci.cz
>>>>>>>
>>>>>>> You do not want to do that. The From address on an email is
>>>>>>> trivially easy to forge, and it is common practice for spammers
>>>>>>> to forge a From address in the same domain as the target
>>>>>>> address. whitelist_from is only to be used if nothing else will
>>>>>>> work, as it is a naive whitelist.
>>>>>>>
>>>>>>> You want to use whitelist_from_auth or one of the other
>>>>>>> authenticated variants.
>>>>>>>
>>>>>>>> What did I missed ?
>>>>>>>
>>>>>>> The best way to skip SA for local users is in the glue layer.
>>>>>>> Tell it to recognize mail that originates from your local
>>>>>>> network and for those messages simply _not call SA_ at all.
>>>>>>> Then you save the processing overhead.
>>>>>>>
>>>>>>> You didn't tell us how you're gluing SA onto your MTA. How are
>>>>>>> you doing that?
>>>>>
>>>>> --
>>>>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>>>>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>>>>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>>>>> -----------------------------------------------------------------------
>>>>> If someone has a gun and is trying to kill you, it would be
>>>>> reasonable to shoot back with your own gun.
>>>>> -- the Dalai Lama, May 15, 2001
>>>>> -----------------------------------------------------------------------
>>>>> Today: the 65th anniversary of the end of World War II
>>>>>
>>>>
>>>>
>>>>
>>>> ----------------------------------------------------------------
>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>
>>>>
>>>
>>
>>
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by jdow <jd...@earthlink.net>.
Off hand I don't see a problem. What does "spamassassin --lint" say as a
user (not as root?) It's almost as if your whitelist rules are not being
parsed because of an error in the file above the whitelist rules.
If lint passes I'd use "spamassassin -t -D <testemail". Note, I'd NOT
use spamc to make that test, at least at first.
This will tell you what rules are found and fired. It might also tell you
why the whitelist file is not being found.
Also do you have any blacklist entries? Could one of them be misfiring and
negating your whitelist somehow.
How are you including the whitelist entries? (The usual would be a
whitelist.cf file in /etc/mail/spamassassin.)
{^_^}
----- Original Message -----
From: "Josef Karliak" <ka...@ajetaci.cz>
To: "jdow" <jd...@earthlink.net>
Cc: <us...@spamassassin.apache.org>
Sent: Sunday, 2010/August/15 22:20
Subject: Re: Spamassassin and no whitelisting
> Hi,
> local.cf is in /etc/mail/spamassassisn, spamd load it at startup.
> Spamassassisn work, test runs except whitelist :-/ :
>
> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: setuid to mail succeeded
> Aug 16 07:08:18 radio-hk spamd[28279]: spamd: processing message
> <20...@kirke.atweb.cz> for mail:8
> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: clean message (1.0/8.0)
> for mail:8 in 0.0 seconds, 7706 bytes.
> Aug 16 07:08:19 radio-hk spamd[28279]: spamd: result: . 1 -
> SPF_CHECK_NONE
> scantime=0.0,size=7706,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=33320,mid=<20...@kirke.atweb.cz>,autolearn=no
>
> After debug start of the spamd all seems ok:
>
> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
> Mail::SpamAssassin::Plugin::WLBLEval from @INC
> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
> Mail::SpamAssassin::PerMsgStatus from @INC
> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
> Mail::SpamAssassin::Plugin::VBounce from @INC
> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
> Mail::SpamAssassin::Plugin::ImageInfo from @INC
> Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
> Mail::SpamAssassin::Plugin::FreeMail from @INC
> Aug 16 07:18:10 radio-hk spamd[32557]: config: using
> "/etc/mail/spamassassin/whitelist_users" for included file
> Aug 16 07:18:10 radio-hk spamd[32557]: config: read file
> /etc/mail/spamassassin/whitelist_users
> Aug 16 07:18:10 radio-hk spamd[32557]: conf: finish parsing
>
>
> So do I missing some module load ? Or so ?
> Thanks
> J.K.
>
> Cituji jdow <jd...@earthlink.net>:
>
>> OK, you use the file local.cf. Are you sure you are modifying the
>> correct local.cf. You rather need to be able to use, advisable or not,
>> whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
>> variants are going to work. So let's get that working first.
>>
>> Determine where the REAL local.cf SHOULD be on your system. That file
>> is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
>> setup to live in /etc/mail/spamassassin. Your description of what is
>> happening suggests you modified a file that is not being used.
>>
>> Note that you can leave spamd running while you test if you use the
>> "spamassassin -t <testemail" approach. You can throw in a -D to get
>> debug messages and see why the whitelist_from line fails for you.
>>
>> THEN it is appropriate to discuss what you should be using.
>>
>> {^_-}
>> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
>> To: <us...@spamassassin.apache.org>
>> Sent: Sunday, 2010/August/15 09:35
>> Subject: Re: Spamassassin and no whitelisting
>>
>>
>>> Yes, our users (from local LAN) are authorized over Domainkeys
>>> (all emails frou our network are signed), and SA has a "trusted"
>>> network. All from our company is OK and solved.
>>> But we want to create whitelist for companies that our users mails
>>> to. When outside company answers for email, and they don't have
>>> DKIM, SPF, ... and sends emails that look like spam (HTML,
>>> SUBJ_ALL_CAPS, ...) this whitelisted email adress that we get from
>>> his "Sent Items" folder pass this email and it is not filtered.
>>> I know, all this is crazy, but DKIM or even "stupid" SPF is not
>>> used often. And arogant domain admins of "rejected" domains :-/.
>>> How do you solve false positives ? And complains on that ? I don't
>>> want do decrease scores, I thought that whitelisting to senders
>>> get from our users could help. If you emailed him, his reply is
>>> wanted. If not emailed him, lets see results of the test. Nobody
>>> from our company emailed you, but you use DKIM/SPF/... , we want
>>> this mail. Grr, authorized spam ? -> sends to abuse.
>>> What do you think ?
>>> Thanks for advices and help.
>>> J.K.
>>>
>>> Cituji John Hardin <jh...@impsec.org>:
>>>
>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>
>>>>> My idea is to create whitelist file for inluding to SA from emails
>>>>> sent
>>>>> by our users (from Sent Items folders in cyrus emails). SA is a
>>>>> content
>>>>> filter in the Postfix. Only global, not user prefs.
>>>>
>>>> Is there some easy way to identify your users other than the
>>>> domain they claim to be sending from? In other words, is this a
>>>> corporate MTA where all the local mail originates from a specific
>>>> subnet, or an ISP where users send mail via authenticated SMTP?
>>>>
>>>> If so, then there should be some way to tell postfix to trust
>>>> messages originating from those sources and not run them through
>>>> SA at all.
>>>>
>>>> I am not a postfix guru. You might want to do some searches of the
>>>> SA list archives for posts that discuss postfix, there may be
>>>> some config examples already available that will work for you.
>>>>
>>>> Best of luck.
>>>>
>>>>> Interesting is that I've many installs but on this server doesn't mark
>>>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>>>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>>>
>>>> whitelist_from_rcvd specifying your local network may be another
>>>> option for this.
>>>>
>>>>> Thanks.
>>>>> J.K.
>>>>>
>>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>>
>>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>>
>>>>>>> I've some problem with whitelisting.
>>>>>>> In the local.cf file I've for example:
>>>>>>>> whitelist_from *@ajetaci.cz
>>>>>>
>>>>>> You do not want to do that. The From address on an email is
>>>>>> trivially easy to forge, and it is common practice for spammers
>>>>>> to forge a From address in the same domain as the target
>>>>>> address. whitelist_from is only to be used if nothing else will
>>>>>> work, as it is a naive whitelist.
>>>>>>
>>>>>> You want to use whitelist_from_auth or one of the other
>>>>>> authenticated variants.
>>>>>>
>>>>>>> What did I missed ?
>>>>>>
>>>>>> The best way to skip SA for local users is in the glue layer.
>>>>>> Tell it to recognize mail that originates from your local
>>>>>> network and for those messages simply _not call SA_ at all.
>>>>>> Then you save the processing overhead.
>>>>>>
>>>>>> You didn't tell us how you're gluing SA onto your MTA. How are
>>>>>> you doing that?
>>>>
>>>> --
>>>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>>>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>>>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>>>> -----------------------------------------------------------------------
>>>> If someone has a gun and is trying to kill you, it would be
>>>> reasonable to shoot back with your own gun.
>>>> -- the Dalai Lama, May 15, 2001
>>>> -----------------------------------------------------------------------
>>>> Today: the 65th anniversary of the end of World War II
>>>>
>>>
>>>
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
Hi,
local.cf is in /etc/mail/spamassassisn, spamd load it at startup.
Spamassassisn work, test runs except whitelist :-/ :
Aug 16 07:08:18 radio-hk spamd[28279]: spamd: setuid to mail succeeded
Aug 16 07:08:18 radio-hk spamd[28279]: spamd: processing message
<20...@kirke.atweb.cz> for mail:8
Aug 16 07:08:19 radio-hk spamd[28279]: spamd: clean message (1.0/8.0)
for mail:8 in 0.0 seconds, 7706 bytes.
Aug 16 07:08:19 radio-hk spamd[28279]: spamd: result: . 1 -
SPF_CHECK_NONE
scantime=0.0,size=7706,user=mail,uid=8,required_score=8.0,rhost=localhost,raddr=127.0.0.1,rport=33320,mid=<20...@kirke.atweb.cz>,autolearn=no
After debug start of the spamd all seems ok:
Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
Mail::SpamAssassin::Plugin::WLBLEval from @INC
Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
Mail::SpamAssassin::PerMsgStatus from @INC
Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
Mail::SpamAssassin::Plugin::VBounce from @INC
Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
Mail::SpamAssassin::Plugin::ImageInfo from @INC
Aug 16 07:18:10 radio-hk spamd[32557]: plugin: loading
Mail::SpamAssassin::Plugin::FreeMail from @INC
Aug 16 07:18:10 radio-hk spamd[32557]: config: using
"/etc/mail/spamassassin/whitelist_users" for included file
Aug 16 07:18:10 radio-hk spamd[32557]: config: read file
/etc/mail/spamassassin/whitelist_users
Aug 16 07:18:10 radio-hk spamd[32557]: conf: finish parsing
So do I missing some module load ? Or so ?
Thanks
J.K.
Cituji jdow <jd...@earthlink.net>:
> OK, you use the file local.cf. Are you sure you are modifying the
> correct local.cf. You rather need to be able to use, advisable or not,
> whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
> variants are going to work. So let's get that working first.
>
> Determine where the REAL local.cf SHOULD be on your system. That file
> is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
> setup to live in /etc/mail/spamassassin. Your description of what is
> happening suggests you modified a file that is not being used.
>
> Note that you can leave spamd running while you test if you use the
> "spamassassin -t <testemail" approach. You can throw in a -D to get
> debug messages and see why the whitelist_from line fails for you.
>
> THEN it is appropriate to discuss what you should be using.
>
> {^_-}
> ----- Original Message ----- From: "Josef Karliak" <ka...@ajetaci.cz>
> To: <us...@spamassassin.apache.org>
> Sent: Sunday, 2010/August/15 09:35
> Subject: Re: Spamassassin and no whitelisting
>
>
>> Yes, our users (from local LAN) are authorized over Domainkeys
>> (all emails frou our network are signed), and SA has a "trusted"
>> network. All from our company is OK and solved.
>> But we want to create whitelist for companies that our users mails
>> to. When outside company answers for email, and they don't have
>> DKIM, SPF, ... and sends emails that look like spam (HTML,
>> SUBJ_ALL_CAPS, ...) this whitelisted email adress that we get from
>> his "Sent Items" folder pass this email and it is not filtered.
>> I know, all this is crazy, but DKIM or even "stupid" SPF is not
>> used often. And arogant domain admins of "rejected" domains :-/.
>> How do you solve false positives ? And complains on that ? I don't
>> want do decrease scores, I thought that whitelisting to senders
>> get from our users could help. If you emailed him, his reply is
>> wanted. If not emailed him, lets see results of the test. Nobody
>> from our company emailed you, but you use DKIM/SPF/... , we want
>> this mail. Grr, authorized spam ? -> sends to abuse.
>> What do you think ?
>> Thanks for advices and help.
>> J.K.
>>
>> Cituji John Hardin <jh...@impsec.org>:
>>
>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>
>>>> My idea is to create whitelist file for inluding to SA from emails sent
>>>> by our users (from Sent Items folders in cyrus emails). SA is a content
>>>> filter in the Postfix. Only global, not user prefs.
>>>
>>> Is there some easy way to identify your users other than the
>>> domain they claim to be sending from? In other words, is this a
>>> corporate MTA where all the local mail originates from a specific
>>> subnet, or an ISP where users send mail via authenticated SMTP?
>>>
>>> If so, then there should be some way to tell postfix to trust
>>> messages originating from those sources and not run them through
>>> SA at all.
>>>
>>> I am not a postfix guru. You might want to do some searches of the
>>> SA list archives for posts that discuss postfix, there may be
>>> some config examples already available that will work for you.
>>>
>>> Best of luck.
>>>
>>>> Interesting is that I've many installs but on this server doesn't mark
>>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>>
>>> whitelist_from_rcvd specifying your local network may be another
>>> option for this.
>>>
>>>> Thanks.
>>>> J.K.
>>>>
>>>> Cituji John Hardin <jh...@impsec.org>:
>>>>
>>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>>
>>>>>> I've some problem with whitelisting.
>>>>>> In the local.cf file I've for example:
>>>>>>> whitelist_from *@ajetaci.cz
>>>>>
>>>>> You do not want to do that. The From address on an email is
>>>>> trivially easy to forge, and it is common practice for spammers
>>>>> to forge a From address in the same domain as the target
>>>>> address. whitelist_from is only to be used if nothing else will
>>>>> work, as it is a naive whitelist.
>>>>>
>>>>> You want to use whitelist_from_auth or one of the other
>>>>> authenticated variants.
>>>>>
>>>>>> What did I missed ?
>>>>>
>>>>> The best way to skip SA for local users is in the glue layer.
>>>>> Tell it to recognize mail that originates from your local
>>>>> network and for those messages simply _not call SA_ at all.
>>>>> Then you save the processing overhead.
>>>>>
>>>>> You didn't tell us how you're gluing SA onto your MTA. How are
>>>>> you doing that?
>>>
>>> --
>>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>>> -----------------------------------------------------------------------
>>> If someone has a gun and is trying to kill you, it would be
>>> reasonable to shoot back with your own gun.
>>> -- the Dalai Lama, May 15, 2001
>>> -----------------------------------------------------------------------
>>> Today: the 65th anniversary of the end of World War II
>>>
>>
>>
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by jdow <jd...@earthlink.net>.
OK, you use the file local.cf. Are you sure you are modifying the
correct local.cf. You rather need to be able to use, advisable or not,
whitelist_from if whitelist_from_rcvd or other whitelist_from_XXXX
variants are going to work. So let's get that working first.
Determine where the REAL local.cf SHOULD be on your system. That file
is USUALLY stored in /etc somewhere. On RedHat, as on my system, it is
setup to live in /etc/mail/spamassassin. Your description of what is
happening suggests you modified a file that is not being used.
Note that you can leave spamd running while you test if you use the
"spamassassin -t <testemail" approach. You can throw in a -D to get
debug messages and see why the whitelist_from line fails for you.
THEN it is appropriate to discuss what you should be using.
{^_-}
----- Original Message -----
From: "Josef Karliak" <ka...@ajetaci.cz>
To: <us...@spamassassin.apache.org>
Sent: Sunday, 2010/August/15 09:35
Subject: Re: Spamassassin and no whitelisting
> Yes, our users (from local LAN) are authorized over Domainkeys (all
> emails frou our network are signed), and SA has a "trusted" network.
> All from our company is OK and solved.
> But we want to create whitelist for companies that our users mails
> to. When outside company answers for email, and they don't have DKIM,
> SPF, ... and sends emails that look like spam (HTML, SUBJ_ALL_CAPS,
> ...) this whitelisted email adress that we get from his "Sent Items"
> folder pass this email and it is not filtered.
> I know, all this is crazy, but DKIM or even "stupid" SPF is not
> used often. And arogant domain admins of "rejected" domains :-/. How
> do you solve false positives ? And complains on that ? I don't want do
> decrease scores, I thought that whitelisting to senders get from our
> users could help. If you emailed him, his reply is wanted. If not
> emailed him, lets see results of the test. Nobody from our company
> emailed you, but you use DKIM/SPF/... , we want this mail. Grr,
> authorized spam ? -> sends to abuse.
> What do you think ?
> Thanks for advices and help.
> J.K.
>
> Cituji John Hardin <jh...@impsec.org>:
>
>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>
>>> My idea is to create whitelist file for inluding to SA from emails sent
>>> by our users (from Sent Items folders in cyrus emails). SA is a content
>>> filter in the Postfix. Only global, not user prefs.
>>
>> Is there some easy way to identify your users other than the domain
>> they claim to be sending from? In other words, is this a corporate
>> MTA where all the local mail originates from a specific subnet, or
>> an ISP where users send mail via authenticated SMTP?
>>
>> If so, then there should be some way to tell postfix to trust
>> messages originating from those sources and not run them through SA
>> at all.
>>
>> I am not a postfix guru. You might want to do some searches of the
>> SA list archives for posts that discuss postfix, there may be some
>> config examples already available that will work for you.
>>
>> Best of luck.
>>
>>> Interesting is that I've many installs but on this server doesn't mark
>>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>>> at all. I'll look over your recomendation about whitelist_from_auth,
>>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>>
>> whitelist_from_rcvd specifying your local network may be another
>> option for this.
>>
>>> Thanks.
>>> J.K.
>>>
>>> Cituji John Hardin <jh...@impsec.org>:
>>>
>>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>>
>>>>> I've some problem with whitelisting.
>>>>> In the local.cf file I've for example:
>>>>> > whitelist_from *@ajetaci.cz
>>>>
>>>> You do not want to do that. The From address on an email is
>>>> trivially easy to forge, and it is common practice for spammers to
>>>> forge a From address in the same domain as the target address.
>>>> whitelist_from is only to be used if nothing else will work, as it
>>>> is a naive whitelist.
>>>>
>>>> You want to use whitelist_from_auth or one of the other
>>>> authenticated variants.
>>>>
>>>>> What did I missed ?
>>>>
>>>> The best way to skip SA for local users is in the glue layer. Tell
>>>> it to recognize mail that originates from your local network and
>>>> for those messages simply _not call SA_ at all. Then you save the
>>>> processing overhead.
>>>>
>>>> You didn't tell us how you're gluing SA onto your MTA. How are you
>>>> doing that?
>>
>> --
>> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
>> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
>> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
>> -----------------------------------------------------------------------
>> If someone has a gun and is trying to kill you, it would be
>> reasonable to shoot back with your own gun.
>> -- the Dalai Lama, May 15, 2001
>> -----------------------------------------------------------------------
>> Today: the 65th anniversary of the end of World War II
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
Re: Spamassassin and no whitelisting
Posted by John Hardin <jh...@impsec.org>.
On Sun, 15 Aug 2010, Josef Karliak wrote:
> Yes, our users (from local LAN) are authorized over Domainkeys (all emails
> frou our network are signed), and SA has a "trusted" network. All from our
> company is OK and solved.
> But we want to create whitelist for companies that our users mails to.
Ah, okay. That makes more sense. That's also harder for a spammer to
abuse. The whitelist_from example using what appeared to be your own
domain misdirected me.
This should still be easier at the MTA level, as most MTAs have support
for databases of email addresses against which to apply policy, and those
databases can be updated without having to restart the application. You'd
create a database for correspondent email addresses and set up a postfix
policy that bypasses SA for those addresses.
Short of a custom plugin you'd probably be looking at a tool to extract
external email addresses from your outbound log and create a whitelist .cf
file that SA reads, and you'd periodically run this tool and then restart
SA.
Ideally the log parser would look for an inbound response from that email
address so that it could create whitelist_from_rcvd where possible. It
should probably also create whitelist_from_auth just in case the
correspondent _did_ have SPF or domainkeys set up.
Creating a plugin to do this without having to restart SA sounds like a
good idea...
> Cituji John Hardin <jh...@impsec.org>:
>
>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>
>> > My idea is to create whitelist file for inluding to SA from emails sent
>> > by our users (from Sent Items folders in cyrus emails). SA is a content
>> > filter in the Postfix. Only global, not user prefs.
>>
>> Is there some easy way to identify your users other than the domain they
>> claim to be sending from? In other words, is this a corporate MTA where all
>> the local mail originates from a specific subnet, or an ISP where users
>> send mail via authenticated SMTP?
>>
>> If so, then there should be some way to tell postfix to trust messages
>> originating from those sources and not run them through SA at all.
>>
>> I am not a postfix guru. You might want to do some searches of the SA list
>> archives for posts that discuss postfix, there may be some config examples
>> already available that will work for you.
>>
>> Best of luck.
>>
>> > Interesting is that I've many installs but on this server doesn't mark
>> > me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>> > at all. I'll look over your recomendation about whitelist_from_auth,
>> > but if don't mark one whitelist mode, it couldn't mark another :-/.
>>
>> whitelist_from_rcvd specifying your local network may be another option for
>> this.
>>
>> > Thanks.
>> > J.K.
>> >
>> > Cituji John Hardin <jh...@impsec.org>:
>> >
>> > > On Sun, 15 Aug 2010, Josef Karliak wrote:
>> > >
>> > > > I've some problem with whitelisting.
>> > > > In the local.cf file I've for example:
>> > > > > whitelist_from *@ajetaci.cz
>> > >
>> > > You do not want to do that. The From address on an email is trivially
>> > > easy to forge, and it is common practice for spammers to forge a From
>> > > address in the same domain as the target address. whitelist_from is
>> > > only to be used if nothing else will work, as it is a naive whitelist.
>> > >
>> > > You want to use whitelist_from_auth or one of the other authenticated
>> > > variants.
>> > >
>> > > > What did I missed ?
>> > >
>> > > The best way to skip SA for local users is in the glue layer. Tell it
>> > > to recognize mail that originates from your local network and for those
>> > > messages simply _not call SA_ at all. Then you save the processing
>> > > overhead.
>> > >
>> > > You didn't tell us how you're gluing SA onto your MTA. How are you
>> > > doing that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The difference is that Unix has had thirty years of technical
types demanding basic functionality of it. And the Macintosh has
had fifteen years of interface fascist users shaping its progress.
Windows has the hairpin turns of the Microsoft marketing machine
and that's all. -- Red Drag Diva
-----------------------------------------------------------------------
Today: the 65th anniversary of the end of World War II
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
Yes, our users (from local LAN) are authorized over Domainkeys (all
emails frou our network are signed), and SA has a "trusted" network.
All from our company is OK and solved.
But we want to create whitelist for companies that our users mails
to. When outside company answers for email, and they don't have DKIM,
SPF, ... and sends emails that look like spam (HTML, SUBJ_ALL_CAPS,
...) this whitelisted email adress that we get from his "Sent Items"
folder pass this email and it is not filtered.
I know, all this is crazy, but DKIM or even "stupid" SPF is not
used often. And arogant domain admins of "rejected" domains :-/. How
do you solve false positives ? And complains on that ? I don't want do
decrease scores, I thought that whitelisting to senders get from our
users could help. If you emailed him, his reply is wanted. If not
emailed him, lets see results of the test. Nobody from our company
emailed you, but you use DKIM/SPF/... , we want this mail. Grr,
authorized spam ? -> sends to abuse.
What do you think ?
Thanks for advices and help.
J.K.
Cituji John Hardin <jh...@impsec.org>:
> On Sun, 15 Aug 2010, Josef Karliak wrote:
>
>> My idea is to create whitelist file for inluding to SA from emails sent
>> by our users (from Sent Items folders in cyrus emails). SA is a content
>> filter in the Postfix. Only global, not user prefs.
>
> Is there some easy way to identify your users other than the domain
> they claim to be sending from? In other words, is this a corporate
> MTA where all the local mail originates from a specific subnet, or
> an ISP where users send mail via authenticated SMTP?
>
> If so, then there should be some way to tell postfix to trust
> messages originating from those sources and not run them through SA
> at all.
>
> I am not a postfix guru. You might want to do some searches of the
> SA list archives for posts that discuss postfix, there may be some
> config examples already available that will work for you.
>
> Best of luck.
>
>> Interesting is that I've many installs but on this server doesn't mark
>> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
>> at all. I'll look over your recomendation about whitelist_from_auth,
>> but if don't mark one whitelist mode, it couldn't mark another :-/.
>
> whitelist_from_rcvd specifying your local network may be another
> option for this.
>
>> Thanks.
>> J.K.
>>
>> Cituji John Hardin <jh...@impsec.org>:
>>
>>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>>
>>>> I've some problem with whitelisting.
>>>> In the local.cf file I've for example:
>>>> > whitelist_from *@ajetaci.cz
>>>
>>> You do not want to do that. The From address on an email is
>>> trivially easy to forge, and it is common practice for spammers to
>>> forge a From address in the same domain as the target address.
>>> whitelist_from is only to be used if nothing else will work, as it
>>> is a naive whitelist.
>>>
>>> You want to use whitelist_from_auth or one of the other
>>> authenticated variants.
>>>
>>>> What did I missed ?
>>>
>>> The best way to skip SA for local users is in the glue layer. Tell
>>> it to recognize mail that originates from your local network and
>>> for those messages simply _not call SA_ at all. Then you save the
>>> processing overhead.
>>>
>>> You didn't tell us how you're gluing SA onto your MTA. How are you
>>> doing that?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> If someone has a gun and is trying to kill you, it would be
> reasonable to shoot back with your own gun.
> -- the Dalai Lama, May 15, 2001
> -----------------------------------------------------------------------
> Today: the 65th anniversary of the end of World War II
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by John Hardin <jh...@impsec.org>.
On Sun, 15 Aug 2010, Josef Karliak wrote:
> My idea is to create whitelist file for inluding to SA from emails sent
> by our users (from Sent Items folders in cyrus emails). SA is a content
> filter in the Postfix. Only global, not user prefs.
Is there some easy way to identify your users other than the domain they
claim to be sending from? In other words, is this a corporate MTA where
all the local mail originates from a specific subnet, or an ISP where
users send mail via authenticated SMTP?
If so, then there should be some way to tell postfix to trust messages
originating from those sources and not run them through SA at all.
I am not a postfix guru. You might want to do some searches of the SA list
archives for posts that discuss postfix, there may be some config examples
already available that will work for you.
Best of luck.
> Interesting is that I've many installs but on this server doesn't mark
> me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
> at all. I'll look over your recomendation about whitelist_from_auth,
> but if don't mark one whitelist mode, it couldn't mark another :-/.
whitelist_from_rcvd specifying your local network may be another option
for this.
> Thanks.
> J.K.
>
> Cituji John Hardin <jh...@impsec.org>:
>
>> On Sun, 15 Aug 2010, Josef Karliak wrote:
>>
>> > I've some problem with whitelisting.
>> > In the local.cf file I've for example:
>> >
>> > whitelist_from *@ajetaci.cz
>>
>> You do not want to do that. The From address on an email is trivially easy
>> to forge, and it is common practice for spammers to forge a From address in
>> the same domain as the target address. whitelist_from is only to be used if
>> nothing else will work, as it is a naive whitelist.
>>
>> You want to use whitelist_from_auth or one of the other authenticated
>> variants.
>>
>> > What did I missed ?
>>
>> The best way to skip SA for local users is in the glue layer. Tell it to
>> recognize mail that originates from your local network and for those
>> messages simply _not call SA_ at all. Then you save the processing
>> overhead.
>>
>> You didn't tell us how you're gluing SA onto your MTA. How are you doing
>> that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If someone has a gun and is trying to kill you, it would be
reasonable to shoot back with your own gun.
-- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
Today: the 65th anniversary of the end of World War II
Re: Spamassassin and no whitelisting
Posted by Josef Karliak <ka...@ajetaci.cz>.
Yes,
I know. But tell it to users. And senders. SPF and DKIM exists, they
f*ck on that. I do SPF check on recieving. At least if whitelisted
email pass thru, we have a hammer for this email (blacklist for
example).
My idea is to create whitelist file for inluding to SA from emails
sent by our users (from Sent Items folders in cyrus emails).
SA is a content filter in the Postfix. Only global, not user prefs.
Interesting is that I've many installs but on this server doesn't mark
me whitelisted domain (or email address) with "USER_IN_WHITELIST" test
at all. I'll look over your recomendation about whitelist_from_auth,
but if don't mark one whitelist mode, it couldn't mark another :-/.
Thanks.
J.K.
Cituji John Hardin <jh...@impsec.org>:
> On Sun, 15 Aug 2010, Josef Karliak wrote:
>
>> I've some problem with whitelisting.
>> In the local.cf file I've for example:
>>
>> whitelist_from *@ajetaci.cz
>
> You do not want to do that. The From address on an email is
> trivially easy to forge, and it is common practice for spammers to
> forge a From address in the same domain as the target address.
> whitelist_from is only to be used if nothing else will work, as it
> is a naive whitelist.
>
> You want to use whitelist_from_auth or one of the other
> authenticated variants.
>
>> What did I missed ?
>
> The best way to skip SA for local users is in the glue layer. Tell
> it to recognize mail that originates from your local network and for
> those messages simply _not call SA_ at all. Then you save the
> processing overhead.
>
> You didn't tell us how you're gluing SA onto your MTA. How are you
> doing that?
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Vista is at best mildly annoying and at worst makes you want to
> rush to Redmond, Wash. and rip somebody's liver out. -- Forbes
> -----------------------------------------------------------------------
> Today: the 65th anniversary of the end of World War II
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Spamassassin and no whitelisting
Posted by John Hardin <jh...@impsec.org>.
On Sun, 15 Aug 2010, Josef Karliak wrote:
> I've some problem with whitelisting.
> In the local.cf file I've for example:
>
> whitelist_from *@ajetaci.cz
You do not want to do that. The From address on an email is trivially easy
to forge, and it is common practice for spammers to forge a From address
in the same domain as the target address. whitelist_from is only to be
used if nothing else will work, as it is a naive whitelist.
You want to use whitelist_from_auth or one of the other authenticated
variants.
> What did I missed ?
The best way to skip SA for local users is in the glue layer. Tell it to
recognize mail that originates from your local network and for those
messages simply _not call SA_ at all. Then you save the processing
overhead.
You didn't tell us how you're gluing SA onto your MTA. How are you doing
that?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista is at best mildly annoying and at worst makes you want to
rush to Redmond, Wash. and rip somebody's liver out. -- Forbes
-----------------------------------------------------------------------
Today: the 65th anniversary of the end of World War II