You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matthew Dickinson <ma...@ire.org> on 2007/07/19 20:05:43 UTC
Rule not firing in spamd
Hi,
I'm using milter-p0f to add a "X-milter-p0f-Report:" to emails. Email are
passed via spamassass-milter to spamd. I've written some rules, that I
thought would catch things in the headers with spamd, but unfortunately they
don't appear to work with spamd, but spamassassin -D < msg shows that they
hit:
the rule itself is in a .cf file /etc/mail/spamassassin/p0f.cf - spamd
(3.2.1) is running on RHEL4
X-milter-p0f-Report: server.example.com [nn.nn.nn.nn] (unknown) Linux 2.6,
seldom 2.4 (older, 4) hops 19 link ethernet/modem up 6311 score 0 flags 0x0
header P0F_LINUX X-milter-p0f-Report =~ /Linux/i
describe P0F_LINUX catch the word Linux in the P0F header
score P0F_LINUX 0.0
When running spamd I get:
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,TVD_SPACE_RATIO,U
NPARSEABLE_RELAY
With spamassassin -D:
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,JD_SPACES_KEYWORD
S,P0F_Linux,TVD_SPACE_RATIO
Any ideas?
Thanks,
Matthew
RE: Rule not firing in spamd
Posted by Matthew Dickinson <ma...@ire.org>.
I'm beginning to think that maybe spamass-milter (spamass-milter-0.3.1)
isn't passing the header to spamc/d - I've had exactly 1 hit on this rule
all afternoon thru spamd, despite 2500+ headers being added to emails:
[root@svr1 matt]# tail -400000 /var/log/maillog | grep p0f | grep
"\bLinux\b" | wc -l
2504
Jul 19 14:57:45 svr1 sendmail[19122]: l6JJvT9m019122: Milter add: header:
X-milter-p0f-Report: server.example.com [nn.nn.nn.nn] (unknown) Linux 2.6,
seldom 2.4 (older, 4) hops 23 link ethernet/modem up 185 score 0 flags 0x0
Jul 19 14:57:47 svr1 sendmail[19231]: l6JJvbxY019231: Milter add: header:
X-milter-p0f-Report: server.example.com [nn.nn.nn.nn] (unknown) Linux 2.6?
(barebone, rare!) hops 1 link ethernet/modem score 0 flags 0x0
Just ONE email thru spamd has matched
Matthew
> -----Original Message-----
> From: Matthew Dickinson [mailto:matt-lists-mm@ire.org]
> Sent: Thursday, July 19, 2007 14:30
> To: users@spamassassin.apache.org
> Subject: RE: Rule not firing in spamd
>
> > -----Original Message-----
> > From: Theo Van Dinter [mailto:felicity@apache.org]
> > Sent: Thursday, July 19, 2007 14:05
> > To: users@spamassassin.apache.org
> > Subject: Re: Rule not firing in spamd
> >
> > On Thu, Jul 19, 2007 at 01:05:43PM -0500, Matthew Dickinson wrote:
> > > When running spamd I get:
> > >
>
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,TVD_SPACE_RATIO,U
> > > NPARSEABLE_RELAY
> > >
> > > With spamassassin -D:
> > >
>
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,JD_SPACES_KEYWORD
> > > S,P0F_Linux,TVD_SPACE_RATIO
> >
> > have you restarted spamd since adding the rule?
>
>
>
> Yup - and sa-compile in case that affected it too
>
> Matthew
RE: Rule not firing in spamd
Posted by Matthew Dickinson <ma...@ire.org>.
> -----Original Message-----
> From: Theo Van Dinter [mailto:felicity@apache.org]
> Sent: Thursday, July 19, 2007 14:05
> To: users@spamassassin.apache.org
> Subject: Re: Rule not firing in spamd
>
> On Thu, Jul 19, 2007 at 01:05:43PM -0500, Matthew Dickinson wrote:
> > When running spamd I get:
> >
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,TVD_SPACE_RATIO,U
> > NPARSEABLE_RELAY
> >
> > With spamassassin -D:
> >
tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,JD_SPACES_KEYWORD
> > S,P0F_Linux,TVD_SPACE_RATIO
>
> have you restarted spamd since adding the rule?
Yup - and sa-compile in case that affected it too
Matthew
Re: Rule not firing in spamd
Posted by Theo Van Dinter <fe...@apache.org>.
On Thu, Jul 19, 2007 at 01:05:43PM -0500, Matthew Dickinson wrote:
> When running spamd I get:
> tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,TVD_SPACE_RATIO,U
> NPARSEABLE_RELAY
>
> With spamassassin -D:
> tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,JD_SPACES_KEYWORD
> S,P0F_Linux,TVD_SPACE_RATIO
have you restarted spamd since adding the rule?
--
Randomly Selected Tagline:
"See, you not only have to be a good coder to create a system like Linux,
you have to be a sneaky bastard too ;-)" - Linus Torvalds
Re: Rule not firing in spamd
Posted by Matthew Dickinson <ma...@ire.org>.
On Thu, 19 Jul 2007, SM wrote:
> At 18:23 19-07-2007, David B Funk wrote:
>> You can control the order that milers are run but IIRC, each milter
>> gets a copy of the -original- input message before any local
>> modifications are done. So the final message will have the headers
>> added by each milter but neither milter will see the other's work.
>
> Later milters will see changes made by earlier ones.
>
> Regards,
> -sm
Thanks for the idea - it turns out my milters weren't running in the right
order, so the spam filtering happened before the X-p0f header was added,
Problem solved :-)
Matthew
Re: Rule not firing in spamd
Posted by SM <sm...@resistor.net>.
At 18:23 19-07-2007, David B Funk wrote:
>You can control the order that milers are run but IIRC, each milter
>gets a copy of the -original- input message before any local
>modifications are done. So the final message will have the headers
>added by each milter but neither milter will see the other's work.
Later milters will see changes made by earlier ones.
Regards,
-sm
Re: Rule not firing in spamd
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Thu, 19 Jul 2007, Matthew Dickinson wrote:
> Hi,
>
> I'm using milter-p0f to add a "X-milter-p0f-Report:" to emails. Email are
> passed via spamassass-milter to spamd. I've written some rules, that I
> thought would catch things in the headers with spamd, but unfortunately they
> don't appear to work with spamd, but spamassassin -D < msg shows that they
> hit:
>
>
> the rule itself is in a .cf file /etc/mail/spamassassin/p0f.cf - spamd
> (3.2.1) is running on RHEL4
>
> X-milter-p0f-Report: server.example.com [nn.nn.nn.nn] (unknown) Linux 2.6,
> seldom 2.4 (older, 4) hops 19 link ethernet/modem up 6311 score 0 flags 0x0
>
> header P0F_LINUX X-milter-p0f-Report =~ /Linux/i
> describe P0F_LINUX catch the word Linux in the P0F header
> score P0F_LINUX 0.0
>
> When running spamd I get:
> tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,TVD_SPACE_RATIO,U
> NPARSEABLE_RELAY
>
> With spamassassin -D:
> tests=AWL,BAYES_00,DKIM_POLICY_SIGNSOME,DK_POLICY_SIGNSOME,JD_SPACES_KEYWORD
> S,P0F_Linux,TVD_SPACE_RATIO
If I understand you, I don't think this works the way you want.
You're using two different milters (milter-p0f & spamassass-milter).
You want milter-p0f to run to completion and modify the message, you
want spamassass-milter to then take that modified message and do its
filtering (IE you wan the 'X-milter-p0f-Report' header added by milter-p0f
to be available to SA via spamassass-milter). I don't think it works that
way.
You can control the order that milers are run but IIRC, each milter
gets a copy of the -original- input message before any local
modifications are done. So the final message will have the headers
added by each milter but neither milter will see the other's work.
You can check over at the sendmail list to see if this is acurate.
To get the results that you want, I think that you'll have to somehow
have spamassass-milter call milter-p0f (or imbedd milter-p0f functionality
into an augmented spamassass-milter).
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{