You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by René Berber <r....@computer.org> on 2006/12/05 05:31:14 UTC
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Daryl C. W. O'Shea wrote:
[snip]
> Sendmail should be putting a "(authenticated bits=0)" line in its
> Received header when the user authenticates. SA will automatically use
> this to extend the trust path if the header above it is trusted.
Let's start by saying two things:
1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify what happened to
the original subject.
2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's authentication
under some circumstances. I assume that it does recognize it for other
messages, even if I have not seen evidence to that effect.
If I change Received.pm, line 414, like this:
# Sendmail, MDaemon, some webmail servers, and others
- elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
+ elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
It does recognize the authentication line I showed before, and the message is
not scored by Botnet which is what I wanted.
The relevant debug output:
...
[2932] dbg: received-header: parsed as [ ip=189.149.70.163
rdns=dsl-189-149-70-163.prod-infinitum.com.mx helo=MARISELA
by=mail.legosoft.com.mx ident= envfrom= intl=0 id=kB3G26P6019032 auth=Sendmail ]
[2932] dbg: received-header: relay 189.149.70.163 trusted? yes internal? yes
[2932] dbg: metadata: X-Spam-Relays-Trusted: [ ip=200.52.129.137
rdns=mail.legosoft.com.mx helo= by=cactus-soft.dyndns.org ident=
envfrom=m@legosoft.com.mx intl=1 id=J9POUJ-0001MC-JY auth= ] [ ip=189.149.70.163
rdns=dsl-189-149-70-163.prod-infinitum.com.mx helo=MARISELA
by=mail.legosoft.com.mx ident= envfrom= intl=1 id=kB3G26P6019032 auth=Sendmail ]
...
The full path to the patched file is
/usr/lib/perl5/site_perl/5.8/Mail/SpamAssassin/Message/Metadata/Received.pm
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
So I did some digging, and by deliberately breaking the REGEX (adding
NOMATCH to the middle of the line) I confirmed several things:
1. The line works properly on my system with the patch
2. If the line matches then ALL_TRUSTED is applied
3. ALL_TRUSTED does nothing to negate SPF checks
René Berber wrote:
> Daryl C. W. O'Shea wrote:
> [snip]
>> Sendmail should be putting a "(authenticated bits=0)" line in its
>> Received header when the user authenticates. SA will automatically use
>> this to extend the trust path if the header above it is trusted.
>
> Let's start by saying two things:
>
> 1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify what happened to
> the original subject.
>
> 2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's authentication
> under some circumstances. I assume that it does recognize it for other
> messages, even if I have not seen evidence to that effect.
>
> If I change Received.pm, line 414, like this:
>
> # Sendmail, MDaemon, some webmail servers, and others
> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>
> It does recognize the authentication line I showed before, and the message is
> not scored by Botnet which is what I wanted.
>
> The relevant debug output:
> ...
> [2932] dbg: received-header: parsed as [ ip=189.149.70.163
> rdns=dsl-189-149-70-163.prod-infinitum.com.mx helo=MARISELA
> by=mail.legosoft.com.mx ident= envfrom= intl=0 id=kB3G26P6019032 auth=Sendmail ]
> [2932] dbg: received-header: relay 189.149.70.163 trusted? yes internal? yes
> [2932] dbg: metadata: X-Spam-Relays-Trusted: [ ip=200.52.129.137
> rdns=mail.legosoft.com.mx helo= by=cactus-soft.dyndns.org ident=
> envfrom=m@legosoft.com.mx intl=1 id=J9POUJ-0001MC-JY auth= ] [ ip=189.149.70.163
> rdns=dsl-189-149-70-163.prod-infinitum.com.mx helo=MARISELA
> by=mail.legosoft.com.mx ident= envfrom= intl=1 id=kB3G26P6019032 auth=Sendmail ]
> ...
>
> The full path to the patched file is
> /usr/lib/perl5/site_perl/5.8/Mail/SpamAssassin/Message/Metadata/Received.pm
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
> Jo Rhett wrote:
>> Do you know why the SMTP authenticating server was forging the
>> HELO name? Normal mail clients will give their IP address,
>> right? And the "may be forged" only appears if they gave a full
>> name and resolution succeeded *and* none of the addresses returned
>> matched the helo name.
On Dec 5, 2006, at 12:47 PM, Kelson wrote:
> Actually, there are a number of SMTP clients that will use the
> local system's hostname (either partial or FQDN) as the HELO
> string. Outlook Express, Opera, and KMail are examples.
>
> Eudora has an annoying habit of using the local hostname plus the
> domain name of the email address, which often results in a
> nonexistent FQDN.
Heh, got me on assumptions. I use 7 different mail clients and have
never seen this problem with my mail but you've just named 4 clients
I don't use :-)
FYI partial names are fine by my reading of the sendmail code.
"forged" only appears when a FQDN is provided but isn't valid.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Kelson <ke...@speed.net>.
Jo Rhett wrote:
> Do you know why the SMTP authenticating server was forging the HELO
> name? Normal mail clients will give their IP address, right? And the
> "may be forged" only appears if they gave a full name and resolution
> succeeded *and* none of the addresses returned matched the helo name.
Actually, there are a number of SMTP clients that will use the local
system's hostname (either partial or FQDN) as the HELO string. Outlook
Express, Opera, and KMail are examples.
Eudora has an annoying habit of using the local hostname plus the domain
name of the email address, which often results in a nonexistent FQDN.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by René Berber <r....@computer.org>.
Jo Rhett wrote:
> René Berber wrote:
>> Jo Rhett wrote:
>>
>>> René Berber wrote:
>>>> The change I made works on a test from someone that was on vacation and sending
>>>> a message (to me) using his ISP account, the header includes a lot of extra text
>>>> with the usual dynamic IP stuff and "may be forged" and there was no way it
>>>> would be a match by the original line. With my change, there is a match.
>>> Can you post the line with the hostnames obscured? I'd like to see it.
>>
>> It's the same one I posted before:
>>
>> Received: from MARISELA (dsl-189-149-70-163.prod-infinitum.com.mx
>> [189.149.70.163] (may be forged))
>> (authenticated bits=0)
>> by mail.legosoft.com.mx (8.13.8/8.13.8) with ESMTP id kB3G26P6019032
>> for <rb...@cactus-soft.dyndns.org>; Sun, 3 Dec 2006 10:02:16
>> -0600 (CST)
>>
>> The original test is looking for a pair of closing parenthesis ")]" or "])"
>> which is not there (not together, but a fixed IP probably has those), or
>> something followed by colon and there is no colon at all (the test is done
>> starting with "from").
>
> Do you know why the SMTP authenticating server was forging the HELO
> name? Normal mail clients will give their IP address, right? And the
> "may be forged" only appears if they gave a full name and resolution
> succeeded *and* none of the addresses returned matched the helo name.
>
> In short, this may have been a deliberate choice to prevent a match on
> hosts with forged helo names. It would make sense.
I don't agree, there is no HELO forging, the name MARISELA is the laptop's name
(set in Windows), the address is the dynamic IP given by the ISP. The IP does
have a reverse but no name for the IP which is normal for the big pool of
addresses from that ISP and produces the "may be forged" part.
You say "normal clients", well this client is Microsoft Outlook (Office 200x
edition), I don't see anything abnormal in what it is doing. Giving the IP
address is probably useless if they are, most of the time, inside a private
network (no name resolution at all).
The test in question is doing only one thing: check if there was authentication
or not. No attempt is made, and IMO should be made, to check if the HELO is
forged; that is another test done somewhere else. Remember the context, SA only
takes authentication in consideration if it was done with a trusted server, in
this case it was so it counts.
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Jo Rhett wrote:
>
> On Dec 5, 2006, at 2:02 AM, David B Funk wrote:
>> It still should not matter. So long as the client can authenticate to
>> the server's statisfaction, SA should honor its decision regardless of
>> how bogus the HELO or client's DNS entrys look.
>
> That's your argument. That may not have been the thought process of the
> person who wrote that rule, was all I was trying to say.
Just an oversight. I have no ham that is both authenticated and
includes the "may be forged" comment so I missed considering it in the
regex.
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
On Dec 5, 2006, at 2:02 AM, David B Funk wrote:
> Jo you are mistaken. Sendmail adds the "(may be forged)" comment when
> the client's IP rDNS and DNS don't match, it has -nothing- to do
> with the
> HELO name.
RTFC (...code)
If the hello is numeric or non a domain name, the "may be forged" is
*NOT* added to the Received line. It's only added when what Sendmail
was told appears to be false.
> It still should not matter. So long as the client can authenticate to
> the server's statisfaction, SA should honor its decision regardless of
> how bogus the HELO or client's DNS entrys look.
That's your argument. That may not have been the thought process of
the person who wrote that rule, was all I was trying to say.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
David B Funk wrote:
> On Tue, 5 Dec 2006, Jo Rhett wrote:
>> In short, this may have been a deliberate choice to prevent a match on
>> hosts with forged helo names. It would make sense.
>
> Jo you are mistaken. Sendmail adds the "(may be forged)" comment when
> the client's IP rDNS and DNS don't match, it has -nothing- to do with the
> HELO name.
>
> It still should not matter. So long as the client can authenticate to
> the server's statisfaction, SA should honor its decision regardless of
> how bogus the HELO or client's DNS entrys look.
Yeah, simply an oversight on my part. I get extremely little ham with
"(may be forged)" and zero that also is authenticated at that relay.
I'll be fixed.
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 5 Dec 2006, Jo Rhett wrote:
> René Berber wrote:
> > It's the same one I posted before:
> >
> > Received: from MARISELA (dsl-189-149-70-163.prod-infinitum.com.mx
> > [189.149.70.163] (may be forged))
> > (authenticated bits=0)
> > by mail.legosoft.com.mx (8.13.8/8.13.8) with ESMTP id kB3G26P6019032
> > for <rb...@cactus-soft.dyndns.org>; Sun, 3 Dec 2006 10:02:16 -0600 (CST)
> >
> > The original test is looking for a pair of closing parenthesis ")]" or "])"
> > which is not there (not together, but a fixed IP probably has those), or
> > something followed by colon and there is no colon at all (the test is done
> > starting with "from").
>
> Do you know why the SMTP authenticating server was forging the HELO
> name? Normal mail clients will give their IP address, right? And the
> "may be forged" only appears if they gave a full name and resolution
> succeeded *and* none of the addresses returned matched the helo name.
>
> In short, this may have been a deliberate choice to prevent a match on
> hosts with forged helo names. It would make sense.
Jo you are mistaken. Sendmail adds the "(may be forged)" comment when
the client's IP rDNS and DNS don't match, it has -nothing- to do with the
HELO name.
It still should not matter. So long as the client can authenticate to
the server's statisfaction, SA should honor its decision regardless of
how bogus the HELO or client's DNS entrys look.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
René Berber wrote:
> Jo Rhett wrote:
>
>> René Berber wrote:
>>> The change I made works on a test from someone that was on vacation and sending
>>> a message (to me) using his ISP account, the header includes a lot of extra text
>>> with the usual dynamic IP stuff and "may be forged" and there was no way it
>>> would be a match by the original line. With my change, there is a match.
>> Can you post the line with the hostnames obscured? I'd like to see it.
>
> It's the same one I posted before:
>
> Received: from MARISELA (dsl-189-149-70-163.prod-infinitum.com.mx
> [189.149.70.163] (may be forged))
> (authenticated bits=0)
> by mail.legosoft.com.mx (8.13.8/8.13.8) with ESMTP id kB3G26P6019032
> for <rb...@cactus-soft.dyndns.org>; Sun, 3 Dec 2006 10:02:16 -0600 (CST)
>
> The original test is looking for a pair of closing parenthesis ")]" or "])"
> which is not there (not together, but a fixed IP probably has those), or
> something followed by colon and there is no colon at all (the test is done
> starting with "from").
Do you know why the SMTP authenticating server was forging the HELO
name? Normal mail clients will give their IP address, right? And the
"may be forged" only appears if they gave a full name and resolution
succeeded *and* none of the addresses returned matched the helo name.
In short, this may have been a deliberate choice to prevent a match on
hosts with forged helo names. It would make sense.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by René Berber <r....@computer.org>.
Jo Rhett wrote:
> René Berber wrote:
>>
>> The change I made works on a test from someone that was on vacation and sending
>> a message (to me) using his ISP account, the header includes a lot of extra text
>> with the usual dynamic IP stuff and "may be forged" and there was no way it
>> would be a match by the original line. With my change, there is a match.
>
> Can you post the line with the hostnames obscured? I'd like to see it.
It's the same one I posted before:
Received: from MARISELA (dsl-189-149-70-163.prod-infinitum.com.mx
[189.149.70.163] (may be forged))
(authenticated bits=0)
by mail.legosoft.com.mx (8.13.8/8.13.8) with ESMTP id kB3G26P6019032
for <rb...@cactus-soft.dyndns.org>; Sun, 3 Dec 2006 10:02:16 -0600 (CST)
The original test is looking for a pair of closing parenthesis ")]" or "])"
which is not there (not together, but a fixed IP probably has those), or
something followed by colon and there is no colon at all (the test is done
starting with "from").
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
René Berber wrote:
>> Or send me a copy of your recieved line and I'll do the patch for you.
>
> The change I made works on a test from someone that was on vacation and sending
> a message (to me) using his ISP account, the header includes a lot of extra text
> with the usual dynamic IP stuff and "may be forged" and there was no way it
> would be a match by the original line. With my change, there is a match.
Can you post the line with the hostnames obscured? I'd like to see it.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by René Berber <r....@computer.org>.
Jo Rhett wrote:
> René Berber wrote:
>> Jo Rhett wrote:
>>
>>> René Berber wrote:
>>>> If I change Received.pm, line 414, like this:
>>>>
>>>> # Sendmail, MDaemon, some webmail servers, and others
>>>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>>>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>>> This can't be right. You have mismatched parens. Perl agrees with me:
>>
>> Yes, it's a typo, should be:
>>
>> elsif (/^from .*?\(.*?authenticated.*?\).*? by/) {
>
> So just FYI, with both plain sendmail and with amavisd-milter, the
> original line worked fine for me.
Thanks for the info; more comments below.
> If you are using a different MTA then perhaps you should submit this as
> a patch with its own elsif {} container for that mailer?
I'm using sendmail 8.13.8, the line before the one I changed says it is for
sendmail and others (that's why I included the original comment in the code) so
that is the correct line.
> Or send me a copy of your recieved line and I'll do the patch for you.
The change I made works on a test from someone that was on vacation and sending
a message (to me) using his ISP account, the header includes a lot of extra text
with the usual dynamic IP stuff and "may be forged" and there was no way it
would be a match by the original line. With my change, there is a match.
It is probable that other, fixed, IPs can be matched by that original line, but
I haven't even look at them since the sendmail configuration I'm using is some
fixed IPs defined in relay-domains and access db, those don't need to use
authentication, every other IP (all dynamic) does need authentication if they
want to relay from the server.
A comment, the original line looks suspicious to me first because it looks like
a modified copy of the previous match on the code (for qmail), that one used a
match field that is unnecessary on the sendmail's line. But if you say it
works, then I must be mistaken; anyway the modified line should also work so
there is no damage in my change.
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
René Berber wrote:
> Jo Rhett wrote:
>
>> René Berber wrote:
>>> If I change Received.pm, line 414, like this:
>>>
>>> # Sendmail, MDaemon, some webmail servers, and others
>>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>> This can't be right. You have mismatched parens. Perl agrees with me:
>
> Yes, it's a typo, should be:
>
> elsif (/^from .*?\(.*?authenticated.*?\).*? by/) {
So just FYI, with both plain sendmail and with amavisd-milter, the
original line worked fine for me.
If you are using a different MTA then perhaps you should submit this as
a patch with its own elsif {} container for that mailer?
Or send me a copy of your recieved line and I'll do the patch for you.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by René Berber <r....@computer.org>.
Jo Rhett wrote:
> René Berber wrote:
>> If I change Received.pm, line 414, like this:
>>
>> # Sendmail, MDaemon, some webmail servers, and others
>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>
> This can't be right. You have mismatched parens. Perl agrees with me:
Yes, it's a typo, should be:
elsif (/^from .*?\(.*?authenticated.*?\).*? by/) {
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Mark Martinec wrote:
> Not sure if the following one is relevant, but it just fell into my hands:
>
> Received: from 10.235.209.117
> (SquirrelMail authenticated user uuuusername)
> by xxx.ijs.si with HTTP;
> Tue, 5 Dec 2006 15:31:13 +0100 (CET)
Thanks Mark. Anything with a with protocol type of HTTP is considered
authenticated and in the case of SquirrelMail we ignore the relay
altogether (a hold over from before we did any auth detection).
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Mark Martinec <Ma...@ijs.si>.
> SMTP-AUTH:
> Received: from [128.114.2.223] (account jrudd@ucsc.edu HELO
> [128.114.2.223]) by silver.ucsc.edu (CommuniGate Pro SMTP 4.3.7)
> with ESMTPSA id 88402416 for systems@ucsc.edu; Mon, 04 Dec 2006 13:15:07 -0800
>
> Webmail:
> Received: from [128.114.2.223] (account jrudd@ucsc.edu)
> by tin.ucsc.edu (CommuniGate Pro WebUser 4.3.7)
> with HTTP id 109780632 for jrudd@ucsc.edu; Tue, 05 Dec 2006 11:17:51 -0800
Not sure if the following one is relevant, but it just fell into my hands:
Received: from 10.235.209.117
(SquirrelMail authenticated user uuuusername)
by xxx.ijs.si with HTTP;
Tue, 5 Dec 2006 15:31:13 +0100 (CET)
Mark
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
John Rudd wrote:
> Daryl C. W. O'Shea wrote:
>> Could you provide me with some sample headers so that I can add these?
>> I can't add them without regression tests.
>>
>>
>
> SMTP-AUTH:
>
> Received: from [128.114.2.223] (account jrudd@ucsc.edu HELO
> [128.114.2.223])
> by silver.ucsc.edu (CommuniGate Pro SMTP 4.3.7)
> with ESMTPSA id 88402416 for systems@ucsc.edu; Mon, 04 Dec 2006
> 13:15:07 -0800
Great, already handled via the RFC 3848 with protocol type of ESMTPSA
and I assume ESMTPA.
> Webmail:
>
> Received: from [128.114.2.223] (account jrudd@ucsc.edu)
> by tin.ucsc.edu (CommuniGate Pro WebUser 4.3.7)
> with HTTP id 109780632 for jrudd@ucsc.edu; Tue, 05 Dec 2006 11:17:51
> -0800
Also handled via the HTTP with protocol type.
Thanks!
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by John Rudd <jr...@ucsc.edu>.
Daryl C. W. O'Shea wrote:
> John Rudd wrote:
>> Daryl C. W. O'Shea wrote:
>>> John Rudd wrote:
>>>
>>>> Though, CommuniGate Pro's authenticated received header looks like
>>>> this:
>>>>
>>>> from [$ipaddr] (acccount $account HELO $helostring) by $host
>>>> (CommuniGate Pro
>>>>
>>>> So, you could match that with:
>>>>
>>>> /^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
>>>
>>> Cool, I don't think we currently support that.
>>>
>>> Daryl
>>>
>>
>> That works for CGP's SMTP-AUTH, but not for CGP's webmail (which are
>> also, technically, authenticated users, just not SMTP-AUTH
>> authenticated). The following regexp will catch both:
>>
>> /^from \[\S+\] \(account \S+\@\S+( .*)?\) by \S+ \(CommuniGate Pro/
>
> Could you provide me with some sample headers so that I can add these? I
> can't add them without regression tests.
>
>
SMTP-AUTH:
Received: from [128.114.2.223] (account jrudd@ucsc.edu HELO [128.114.2.223])
by silver.ucsc.edu (CommuniGate Pro SMTP 4.3.7)
with ESMTPSA id 88402416 for systems@ucsc.edu; Mon, 04 Dec 2006
13:15:07 -0800
Webmail:
Received: from [128.114.2.223] (account jrudd@ucsc.edu)
by tin.ucsc.edu (CommuniGate Pro WebUser 4.3.7)
with HTTP id 109780632 for jrudd@ucsc.edu; Tue, 05 Dec 2006 11:17:51
-0800
(CGP does this odd thing of putting the relay's IP addr out front,
instead of the HELO string.. and then putting the Helo string, for SMTP,
inside the ()'s ... and it doesn't appear to ever put the relay's RDNS)
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
John Rudd wrote:
> Daryl C. W. O'Shea wrote:
>> John Rudd wrote:
>>
>>> Though, CommuniGate Pro's authenticated received header looks like this:
>>>
>>> from [$ipaddr] (acccount $account HELO $helostring) by $host
>>> (CommuniGate Pro
>>>
>>> So, you could match that with:
>>>
>>> /^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
>>
>> Cool, I don't think we currently support that.
>>
>> Daryl
>>
>
> That works for CGP's SMTP-AUTH, but not for CGP's webmail (which are
> also, technically, authenticated users, just not SMTP-AUTH
> authenticated). The following regexp will catch both:
>
> /^from \[\S+\] \(account \S+\@\S+( .*)?\) by \S+ \(CommuniGate Pro/
Could you provide me with some sample headers so that I can add these?
I can't add them without regression tests.
Thanks,
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by John Rudd <jr...@ucsc.edu>.
Daryl C. W. O'Shea wrote:
> John Rudd wrote:
>
>> Though, CommuniGate Pro's authenticated received header looks like this:
>>
>> from [$ipaddr] (acccount $account HELO $helostring) by $host
>> (CommuniGate Pro
>>
>> So, you could match that with:
>>
>> /^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
>
> Cool, I don't think we currently support that.
>
> Daryl
>
That works for CGP's SMTP-AUTH, but not for CGP's webmail (which are
also, technically, authenticated users, just not SMTP-AUTH
authenticated). The following regexp will catch both:
/^from \[\S+\] \(account \S+\@\S+( .*)?\) by \S+ \(CommuniGate Pro/
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
John Rudd wrote:
> Though, CommuniGate Pro's authenticated received header looks like this:
>
> from [$ipaddr] (acccount $account HELO $helostring) by $host
> (CommuniGate Pro
>
> So, you could match that with:
>
> /^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
Cool, I don't think we currently support that.
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
Sorry, in my reply I meant to point out that the original line was
working properly for me (Sendmail environment) but that the line working
did not solve my problem.
John Rudd wrote:
> Jo Rhett wrote:
>> René Berber wrote:
>>> If I change Received.pm, line 414, like this:
>>>
>>> # Sendmail, MDaemon, some webmail servers, and others
>>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>>
>> This can't be right. You have mismatched parens. Perl agrees with me:
>>
>
> I think, given one of the escaped parens, he meant this:
>
> + elsif (/^from .*?\(.*?authenticated.*?\).*? by/) {
>
>
>
> Though, CommuniGate Pro's authenticated received header looks like this:
>
> from [$ipaddr] (acccount $account HELO $helostring) by $host
> (CommuniGate Pro
>
> So, you could match that with:
>
> /^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
>
>
>
>
>
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by John Rudd <jr...@ucsc.edu>.
Jo Rhett wrote:
> René Berber wrote:
>> If I change Received.pm, line 414, like this:
>>
>> # Sendmail, MDaemon, some webmail servers, and others
>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>
> This can't be right. You have mismatched parens. Perl agrees with me:
>
I think, given one of the escaped parens, he meant this:
+ elsif (/^from .*?\(.*?authenticated.*?\).*? by/) {
Though, CommuniGate Pro's authenticated received header looks like this:
from [$ipaddr] (acccount $account HELO $helostring) by $host
(CommuniGate Pro
So, you could match that with:
/^from \[\S+\] \(account \S+\@\S+ .*\) by \S+ \(CommuniGate Pro/
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
René Berber wrote:
> If I change Received.pm, line 414, like this:
>
> # Sendmail, MDaemon, some webmail servers, and others
> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
This can't be right. You have mismatched parens. Perl agrees with me:
perl -wc
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm
Unmatched ( in regex; marked by <-- HERE in m/^from .*?( <-- HERE
.*?authenticated.*?\).*? by/ at
/usr/local/lib/perl5/site_perl/5.8.7/Mail/SpamAssassin/Message/Metadata/Received.pm
line 415.
--
Jo Rhett
Network/Software Engineer
Net Consonance
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by René Berber <r....@computer.org>.
Daryl C. W. O'Shea wrote:
> René Berber wrote:
[snip]
>> 1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify what
>> happened to
>> the original subject.
>
> It's solely a workaround, suggested by Dana from UW's CIS dept before
> there was any support at all for detecting authenticated relays, for how
> you might workaround the problem. As I said yesterday, I updated the
> wiki page to hopefully make this clear. If it's still somehow not clear
> that it's only a workaround please let me know, or take a shot at making
> it clearer yourself.
OK, but it would be better if you showed the full workaround (i.e. add a line
with "score LOCAL_AUTH_RCVD -10.0").
>> 2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's
>> authentication
>> under some circumstances. I assume that it does recognize it for other
>> messages, even if I have not seen evidence to that effect.
>>
>> If I change Received.pm, line 414, like this:
>>
>> # Sendmail, MDaemon, some webmail servers, and others
>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
-----------------------^
watch out for the typo, it should be \(
> Yeah, as you've found, the regex doesn't match when Sendmail adds a
> comment about a connection's funky DNS entries. Amazingly nobody has
> had the same problem and brought it to our attention in the more than
> two years since I wrote that code.
>
> It'll be fixed in the next version of SpamAssassin to be released.
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5223
Thanks!
--
René Berber
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
This is now bug 5235
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5235
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
On Dec 5, 2006, at 4:17 PM, Daryl C. W. O'Shea wrote:
> Jo Rhett wrote:
>> While you are fixing bugs related to authentication, any chance
>> you'll fix the SPF plugin to skip checks on authenticated
>> delivery? Or have an option to enable this behavior?
>> Or do you want a patch from me? It'll take me a lot longer than
>> you, since I'll spend hours just tracing down the data structures....
>
> I know for sure that if there are no external relays detected there
> will be no SPF checks. There might be checks done (read I'm almost
> certain there is) if all the relays are trusted, but one or more of
> them are external.
I can show you extensive logs of SPF checks against me, submitting
authenticated mail for my own domain to my relayhost using SA :-) I
guess my host is considered external, but it is also TRUSTED so in my
opinion the logic should be fixed to handle this.
> Your other email about this didn't include the necessary debug info
> to confirm the bug as you reported it.
> If you'd like me to look at it, I'd need a full debug output,
> including the complete message headers, of a message that exhibits
> the bug.
Here it is again, first the received headers then the entire, very
verbose debug including SA startup
From: jrhett@netconsonance.com
Subject: testing SPF relay
Date: December 7, 2006 12:38:32 PM PST
To: jrhett@lizardarts.com
Return-Path: <jr...@netconsonance.com>
Received: from triceratops.lizardarts.com ([unix socket]) by
triceratops.lizardarts.com (Cyrus v2.3.7) with LMTPA; Thu, 07 Dec
2006 12:38:40 -0800
Received: from [10.66.240.106] (public-wireless.sv.svcolo.com
[64.13.135.30]) (authenticated bits=0) by triceratops.lizardarts.com
(8.13.8/8.13.8) with ESMTP id kB7Kcc5v015458 for
<jr...@lizardarts.com>; Thu, 7 Dec 2006 12:38:38 -0800 (PST)
(envelope-from jrhett@netconsonance.com)
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Transfer-Encoding: 7bit
Message-Id: <0E...@netconsonance.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
X-Mailer: Apple Mail (2.752.2)
X-Spam-Status: No, score=-3.776 tagged_above=-999 required=4 tests=
[ALL_TRUSTED=-1.44, AWL=4.164, LOCAL_AUTH_RCVD=-10, SPF_FAIL=3.5]
X-Spam-Level:
X-Spam-Score: -3.776
X-Virus-Scanned: amavisd-new at netconsonance.com
[15504] dbg: logger: adding facilities: all
[15504] dbg: logger: logging level is DBG
[15504] dbg: generic: SpamAssassin version 3.1.7
[15504] dbg: config: score set 0 chosen.
[15504] dbg: util: running in taint mode? yes
[15504] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[15504] dbg: util: PATH included '/usr/local/sbin', keeping
[15504] dbg: util: PATH included '/usr/local/bin', keeping
[15504] dbg: util: PATH included '/usr/sbin', keeping
[15504] dbg: util: PATH included '/sbin', keeping
[15504] dbg: util: PATH included '/usr/bin', keeping
[15504] dbg: util: PATH included '/bin', keeping
[15504] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/
usr/sbin:/sbin:/usr/bin:/bin
[15504] dbg: message: ---- MIME PARSER START ----
[15504] dbg: message: main message type: text/plain
[15504] dbg: message: parsing normal part
[15504] dbg: message: added part, type: text/plain
[15504] dbg: message: ---- MIME PARSER END ----
[15504] dbg: dns: is Net::DNS::Resolver available? yes
[15504] dbg: dns: Net::DNS version: 0.58
[15504] dbg: ignore: test message to precompile patterns and load
modules
[15504] dbg: config: using "/usr/local/etc/mail/spamassassin" for
site rules pre files
[15504] dbg: config: read file /usr/local/etc/mail/spamassassin/init.pre
[15504] dbg: config: read file /usr/local/etc/mail/spamassassin/v310.pre
[15504] dbg: config: read file /usr/local/etc/mail/spamassassin/v312.pre
[15504] dbg: config: using "/var/lib/spamassassin/3.001007" for sys
rules pre files
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org.pre
[15504] dbg: config: using "/var/lib/spamassassin/3.001007" for
default rules dir
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_adult_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum2_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_genlsubj_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_genlsubj_eng_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_header_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_header_eng_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_html_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_html_eng_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_obfu_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_oem_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_random_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_specific_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_unsub_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri0_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri1_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri2_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_whitelist_rcvd_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sc_top200_cf_sare_sa-update_dostech_net.cf
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org.cf
[15504] dbg: config: using "/usr/local/etc/mail/spamassassin" for
site rules dir
[15504] dbg: config: read file /usr/local/etc/mail/spamassassin/local.cf
[15504] dbg: config: using "/var/amavis/.spamassassin/user_prefs" for
user prefs file
[15504] dbg: config: read file /var/amavis/.spamassassin/user_prefs
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL
from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8d0dda8)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash
from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d0d6c4)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[15504] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH
(0x8d0df04)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[15504] dbg: pyzor: network tests on, attempting Pyzor
[15504] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH
(0x9da7cf0)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from
@INC
[15504] dbg: razor2: razor2 is available, version 2.82
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Razor2=HASH(0x8d0f31c)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from
@INC
[15504] dbg: reporter: network tests on, attempting SpamCop
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x9d9f0ac)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[15504] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH
(0x9d9f154)
[15504] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x9d9f46c)
[15504] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9da7e4c)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader
from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9da7ea0)
[15504] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags
from @INC
[15504] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x9dcad9c)
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/empty.pre
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/empty.pre" for included file
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_adult_cf_sare_sa-update_dostech_net/200611141100.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_adult_cf_sare_sa-update_dostech_net/200611141100.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_adult_cf_sare_sa-update_dostech_net/200611141100.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/200510052000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/
200510052000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum0_cf_sare_sa-update_dostech_net/200510052000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/200506020000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/
200506020000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum1_cf_sare_sa-update_dostech_net/200506020000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_evilnum2_cf_sare_sa-update_dostech_net/200506020000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_evilnum2_cf_sare_sa-update_dostech_net/
200506020000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_evilnum2_cf_sare_sa-update_dostech_net/200506020000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_genlsubj_cf_sare_sa-update_dostech_net/200611141600.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_genlsubj_cf_sare_sa-update_dostech_net/
200611141600.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_genlsubj_cf_sare_sa-update_dostech_net/200611141600.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_genlsubj_eng_cf_sare_sa-update_dostech_net/
200512270000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_genlsubj_eng_cf_sare_sa-update_dostech_net/
200512270000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_genlsubj_eng_cf_sare_sa-update_dostech_net/
200512270000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_header_cf_sare_sa-update_dostech_net/200510301100.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_header_cf_sare_sa-update_dostech_net/
200510301100.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_header_cf_sare_sa-update_dostech_net/200510301100.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_header_eng_cf_sare_sa-update_dostech_net/
200605212000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_header_eng_cf_sare_sa-update_dostech_net/
200605212000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_header_eng_cf_sare_sa-update_dostech_net/
200605212000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_html_cf_sare_sa-update_dostech_net/200606040500.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_html_cf_sare_sa-update_dostech_net/200606040500.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_html_cf_sare_sa-update_dostech_net/200606040500.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_html_eng_cf_sare_sa-update_dostech_net/200606040500.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_html_eng_cf_sare_sa-update_dostech_net/
200606040500.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_html_eng_cf_sare_sa-update_dostech_net/200606040500.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_obfu_cf_sare_sa-update_dostech_net/200510012000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_obfu_cf_sare_sa-update_dostech_net/200510012000.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_obfu_cf_sare_sa-update_dostech_net/200510012000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_oem_cf_sare_sa-update_dostech_net/200512271200.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_oem_cf_sare_sa-update_dostech_net/200512271200.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_oem_cf_sare_sa-update_dostech_net/200512271200.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_random_cf_sare_sa-update_dostech_net/200512121000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_random_cf_sare_sa-update_dostech_net/
200512121000.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_random_cf_sare_sa-update_dostech_net/200512121000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/200605280300.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/
200605280300.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_specific_cf_sare_sa-update_dostech_net/200605280300.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200607251600.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200607251600.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_spoof_cf_sare_sa-update_dostech_net/200607251600.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/200612040900.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/
200612040900.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_stocks_cf_sare_sa-update_dostech_net/200612040900.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_unsub_cf_sare_sa-update_dostech_net/200511121000.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_unsub_cf_sare_sa-update_dostech_net/200511121000.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_unsub_cf_sare_sa-update_dostech_net/200511121000.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_uri0_cf_sare_sa-update_dostech_net/200510042200.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_uri0_cf_sare_sa-update_dostech_net/200510042200.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri0_cf_sare_sa-update_dostech_net/200510042200.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_uri1_cf_sare_sa-update_dostech_net/200510102200.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_uri1_cf_sare_sa-update_dostech_net/200510102200.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri1_cf_sare_sa-update_dostech_net/200510102200.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_uri2_cf_sare_sa-update_dostech_net/200510050800.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_uri2_cf_sare_sa-update_dostech_net/200510050800.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_uri2_cf_sare_sa-update_dostech_net/200510050800.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_whitelist_rcvd_cf_sare_sa-update_dostech_net/
200605160300.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_whitelist_rcvd_cf_sare_sa-update_dostech_net/
200605160300.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_whitelist_rcvd_cf_sare_sa-update_dostech_net/
200605160300.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/
200608271034.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/
200608271034.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sare_whitelist_spf_cf_sare_sa-update_dostech_net/
200608271034.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/70_sc_top200_cf_sare_sa-update_dostech_net/200612061600.cf
[15504] dbg: config: using "/var/lib/spamassassin/
3.001007/70_sc_top200_cf_sare_sa-update_dostech_net/200612061600.cf"
for included file
[15504] dbg: config: read file /var/lib/spamassassin/
3.001007/70_sc_top200_cf_sare_sa-update_dostech_net/200612061600.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/10_misc.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/10_misc.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/10_misc.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_advance_fee.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_advance_fee.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_advance_fee.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_anti_ratware.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_anti_ratware.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_anti_ratware.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_body_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_body_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_body_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_compensate.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_compensate.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_compensate.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_dnsbl_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_dnsbl_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_dnsbl_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_drugs.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_drugs.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_drugs.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_fake_helo_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_fake_helo_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_fake_helo_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_head_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_head_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_head_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_html_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_html_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_html_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_meta_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_meta_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_meta_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_net_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_net_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_net_tests.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_phrases.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_phrases.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_phrases.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_porn.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_porn.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_porn.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_ratware.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_ratware.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_ratware.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/20_uri_tests.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_uri_tests.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/20_uri_tests.cf
[15504] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet
\.com\/chkpt\/\w+\/(.*)$/i
[15504] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?
\.nate\.com\/r\/\w+\/(.*)$/i
[15504] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/
(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[15504] dbg: config: adding redirector regex: /^http:\/\/redir
\.internet\.com\/.+?\/.+?\/(.*)$/i
[15504] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?
adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[15504] dbg: config: adding redirector regex: m'^http.*?/redirect\.php
\?.*(?<=[?&])goto=(.*?)(?:$|[&#])'i
[15504] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?
emf\d\.com/r\.cfm.*?&r=(.*)'i
[15504] dbg: config: adding redirector regex: m'/(?:index.php)?\?.*(?
<=[?&])URL=(.*?)(?:$|[&#])'i
[15504] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?
google(?:\.\w{2,3}){1,2}/url\?.*?(?<=[?&])q=(.*?)(?:$|[&#])'i
[15504] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?
google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])
site:(.*?)(?:$|%20|[\s+&#])'i
[15504] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?
google(?:\.\w{2,3}){1,2}/search\?.*?(?<=[?&])q=[^&]*?(?<=%20|..[=+\s])
(?:"|%22)(.*?)(?:$|%22|["\s+&#])'i
[15504] dbg: config: adding redirector regex: m'^http:/*(?:\w+\.)?
google(?:\.\w{2,3}){1,2}/translate\?.*?(?<=[?&])u=(.*?)(?:$|[&#])'i
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/23_bayes.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/23_bayes.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/23_bayes.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_accessdb.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_accessdb.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_accessdb.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_antivirus.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_antivirus.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_antivirus.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_body_tests_es.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_body_tests_es.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_body_tests_es.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_body_tests_pl.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_body_tests_pl.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_body_tests_pl.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_dcc.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_dcc.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_dcc.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_dkim.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_dkim.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_dkim.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_domainkeys.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_domainkeys.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_domainkeys.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_hashcash.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_hashcash.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_hashcash.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_pyzor.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_pyzor.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_pyzor.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_razor2.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_razor2.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_razor2.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_replace.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_replace.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_replace.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_spf.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_spf.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_spf.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_textcat.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_textcat.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_textcat.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/25_uribl.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_uribl.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/25_uribl.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_de.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_de.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_de.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_fr.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_fr.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_fr.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_it.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_it.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_it.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_nl.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_nl.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_nl.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_pl.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_pl.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_pl.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/30_text_pt_br.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_pt_br.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/30_text_pt_br.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/50_scores.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/50_scores.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/50_scores.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_awl.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_awl.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_awl.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_whitelist.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_whitelist_dk.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_dk.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_dk.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_whitelist_dkim.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_dkim.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_dkim.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_whitelist_spf.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_spf.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_spf.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/60_whitelist_subject.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_subject.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/60_whitelist_subject.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/70_iadb.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/70_iadb.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/70_iadb.cf
[15504] dbg: plugin: fixed relative path: /var/lib/spamassassin/
3.001007/updates_spamassassin_org/80_additional.cf
[15504] dbg: config: using "/var/lib/spamassassin/3.001007/
updates_spamassassin_org/80_additional.cf" for included file
[15504] dbg: config: read file /var/lib/spamassassin/3.001007/
updates_spamassassin_org/80_additional.cf
[15504] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH
(0x9dcad9c) implements 'finish_parsing_end'
[15504] dbg: replacetags: replacing tags
[15504] dbg: replacetags: done replacing tags
[15504] dbg: config: score set 1 chosen.
[15504] dbg: message: ---- MIME PARSER START ----
[15504] dbg: message: main message type: text/plain
[15504] dbg: message: parsing normal part
[15504] dbg: message: added part, type: text/plain
[15504] dbg: message: ---- MIME PARSER END ----
[15504] dbg: dns: name server: 64.13.143.18, family: 2, ipv6: 0
[15504] dbg: dns: testing resolver nameservers: 64.13.143.18,
64.13.135.16
[15504] dbg: dns: trying (3) sun.com...
[15504] dbg: dns: looking up NS for 'sun.com'
[15504] dbg: dns: NS lookup of sun.com using 64.13.143.18 succeeded
=> DNS available (set dns_available to override)
[15504] dbg: dns: is DNS available? 1
[15504] dbg: metadata: X-Spam-Relays-Trusted:
[15504] dbg: metadata: X-Spam-Relays-Untrusted:
[15504] dbg: metadata: X-Spam-Relays-Internal:
[15504] dbg: metadata: X-Spam-Relays-External:
[15504] dbg: message: no encoding detected
[15504] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH
(0x8d0dda8) implements 'parsed_metadata'
[15504] dbg: uridnsbl: domains to query:
[15504] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[15504] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-
untrusted
[15504] dbg: dns: checking RBL combined.njabl.org., set njabl-
lastexternal
[15504] dbg: dns: checking RBL combined.njabl.org., set njabl
[15504] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[15504] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[15504] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[15504] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-
lastexternal
[15504] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-
firsttrusted
[15504] dbg: dns: checking RBL combined-
HIB.dnsiplists.completewhois.com., set whois
[15504] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[15504] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-
firsttrusted
[15504] dbg: dns: checking RBL combined-
HIB.dnsiplists.completewhois.com., set whois-lastexternal
[15504] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[15504] dbg: check: running tests for priority: 0
[15504] dbg: rules: running header regexp tests; score so far=0
[15504] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[15504] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<11...@spamassassin_spamd_init>
[15504] dbg: rules: "
[15504] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@spamassassin_spamd_init>"
[15504] dbg: rules: ran header rule NO_REAL_NAME ======> got hit:
"ignore@compiling.spamassassin.taint.org
[15504] dbg: rules: "
[15504] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got
hit: "i"
[15504] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got
hit: "1165524077"
[15504] dbg: spf: no suitable relay for spf use found, skipping SPF-
helo check
[15504] dbg: eval: all '*From' addrs:
ignore@compiling.spamassassin.taint.org
[15504] dbg: eval: all '*To' addrs:
[15504] dbg: spf: no suitable relay for spf use found, skipping SPF
check
[15504] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[15504] dbg: spf: cannot get Envelope-From, cannot use SPF
[15504] dbg: spf: def_spf_whitelist_from: could not find useable
envelope sender
[15504] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[15504] dbg: spf: spf_whitelist_from: could not find useable envelope
sender
[15504] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[15504] dbg: rules: running body-text per-line regexp tests; score so
far=1.739
[15504] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[15504] dbg: uri: running uri tests; score so far=1.739
[15504] dbg: rules: running raw-body-text per-line regexp tests;
score so far=1.739
[15504] dbg: rules: running full-text regexp tests; score so far=1.739
[15504] dbg: info: entering helper-app run mode
[15504] dbg: info: leaving helper-app run mode
[15504] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[15504] dbg: razor2: results: spam? 0
[15504] dbg: razor2: results: engine 8, highest cf score: 0
[15504] dbg: razor2: results: engine 4, highest cf score: 0
[15504] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/
usr/sbin:/sbin:/usr/bin:/bin
[15504] dbg: pyzor: pyzor is not available: no pyzor executable found
[15504] dbg: pyzor: no pyzor found, disabling Pyzor
[15504] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH
(0x8d0dda8) implements 'check_tick'
[15504] dbg: check: running tests for priority: 500
[15504] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH
(0x8d0dda8) implements 'check_post_dnsbl'
[15504] dbg: rules: running meta tests; score so far=1.739
[15504] info: rules: meta test DIGEST_MULTIPLE has undefined
dependency 'DCC_CHECK'
[15504] info: rules: meta test SARE_SPEC_PROLEO_M2a has dependency
'MIME_QP_LONG_LINE' with a zero score
[15504] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_XMAIL_SUSP2'
[15504] info: rules: meta test SARE_HEAD_SUBJ_RAND has undefined
dependency 'SARE_HEAD_XAUTH_WARN'
[15504] info: rules: meta test SARE_HEAD_SUBJ_RAND has dependency
'X_AUTH_WARN_FAKED' with a zero score
[15504] info: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined
dependency '__SARE_HEAD_8BIT_DATE'
[15504] info: rules: meta test SARE_HEAD_8BIT_NOSPM has undefined
dependency '__SARE_HEAD_8BIT_RECV'
[15504] info: rules: meta test SARE_MULT_RATW_03 has undefined
dependency '__SARE_MULT_RATW_03E'
[15504] info: rules: meta test SARE_MSGID_LONG40 has undefined
dependency '__SARE_MSGID_LONG50'
[15504] info: rules: meta test SARE_MSGID_LONG40 has undefined
dependency '__SARE_MSGID_LONG55'
[15504] info: rules: meta test SARE_MSGID_LONG40 has undefined
dependency '__SARE_MSGID_LONG65'
[15504] info: rules: meta test SARE_MSGID_LONG40 has undefined
dependency '__SARE_MSGID_LONG75'
[15504] info: rules: meta test SARE_MSGID_LONG45 has undefined
dependency '__SARE_MSGID_LONG50'
[15504] info: rules: meta test SARE_MSGID_LONG45 has undefined
dependency '__SARE_MSGID_LONG55'
[15504] info: rules: meta test SARE_MSGID_LONG45 has undefined
dependency '__SARE_MSGID_LONG65'
[15504] info: rules: meta test SARE_MSGID_LONG45 has undefined
dependency '__SARE_MSGID_LONG75'
[15504] info: rules: meta test SARE_OBFU_CIALIS has undefined
dependency 'SARE_OBFU_CIALIS2'
[15504] dbg: rules: running header regexp tests; score so far=5.218
[15504] dbg: rules: running body-text per-line regexp tests; score so
far=5.218
[15504] dbg: uri: running uri tests; score so far=5.218
[15504] dbg: rules: running raw-body-text per-line regexp tests;
score so far=5.218
[15504] dbg: rules: running full-text regexp tests; score so far=5.218
[15504] dbg: check: running tests for priority: 1000
[15504] dbg: rules: running meta tests; score so far=5.218
[15504] dbg: rules: running header regexp tests; score so far=5.218
[15504] dbg: locker: safe_lock: created /var/amavis/.spamassassin/
auto-whitelist.lock.triceratops.lizardarts.com.15504
[15504] dbg: locker: safe_lock: trying to get lock on /var/
amavis/.spamassassin/auto-whitelist with 0 retries
[15504] dbg: locker: safe_lock: link to /var/amavis/.spamassassin/
auto-whitelist.lock: link ok
[15504] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W
in /var/amavis/.spamassassin/auto-whitelist
[15504] dbg: auto-whitelist: db-based
ignore@compiling.spamassassin.taint.org|ip=none scores 0/0
[15504] dbg: auto-whitelist: AWL active, pre-score: 5.218, autolearn
score: 5.218, mean: undef, IP: undef
[15504] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
[15504] dbg: auto-whitelist: DB addr list: file locked, breaking lock
[15504] dbg: locker: safe_unlock: unlink /var/amavis/.spamassassin/
auto-whitelist.lock
[15504] dbg: auto-whitelist: post auto-whitelist score: 5.218
[15504] dbg: rules: running body-text per-line regexp tests; score so
far=5.218
[15504] dbg: uri: running uri tests; score so far=5.218
[15504] dbg: rules: running raw-body-text per-line regexp tests;
score so far=5.218
[15504] dbg: rules: running full-text regexp tests; score so far=5.218
[15504] dbg: check: is spam? score=5.218 required=5
[15504] dbg: check:
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS
,TO_CC_NONE
[15504] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,_
_SANE_MSGID,__SARE_WHITELIST_FLAG,__UNUSABLE_MSGID
[15505] dbg: dns: name server: 64.13.143.18, family: 2, ipv6: 0
[15505] dbg: received-header: parsed as [ ip=64.13.135.30 rdns=public-
wireless.sv.svcolo.com helo=!10.66.240.106!
by=triceratops.lizardarts.com ident= envfrom=jrhett@netconsonance.com
intl=0 id=kB7KfcoY015510 auth=Sendmail ]
[15505] dbg: dns: looking up A records for 'triceratops.lizardarts.com'
[15505] dbg: dns: A records for 'triceratops.lizardarts.com':
64.13.134.178
[15505] dbg: received-header: authentication method Sendmail
[15505] dbg: received-header: 'from' 64.13.135.30 is near to first 'by'
[15505] dbg: received-header: relay 64.13.135.30 trusted? yes
internal? no
[15505] dbg: metadata: X-Spam-Relays-Trusted: [ ip=64.13.135.30
rdns=public-wireless.sv.svcolo.com helo=!10.66.240.106!
by=triceratops.lizardarts.com ident= envfrom=jrhett@netconsonance.com
intl=0 id=kB7KfcoY015510 auth=Sendmail ]
[15505] dbg: metadata: X-Spam-Relays-Untrusted:
[15505] dbg: metadata: X-Spam-Relays-Internal:
[15505] dbg: metadata: X-Spam-Relays-External: [ ip=64.13.135.30
rdns=public-wireless.sv.svcolo.com helo=!10.66.240.106!
by=triceratops.lizardarts.com ident= envfrom=jrhett@netconsonance.com
intl=0 id=kB7KfcoY015510 auth=Sendmail ]
[15505] dbg: message: ---- MIME PARSER START ----
[15505] dbg: message: main message type: text/plain
[15505] dbg: message: parsing normal part
[15505] dbg: message: added part, type: text/plain
[15505] dbg: message: ---- MIME PARSER END ----
[15505] dbg: message: decoding other encoding type (7bit), ignoring
[15505] dbg: uridnsbl: domains to query:
[15505] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[15505] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-
untrusted
[15505] dbg: dns: checking RBL combined.njabl.org., set njabl-
lastexternal
[15505] dbg: dns: checking RBL combined.njabl.org., set njabl
[15505] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[15505] dbg: dns: _check_rbl_addresses RBL
blackhole.securitysage.com., set securitysage
[15505] dbg: dns: launching DNS A query for
netconsonance.com.blackhole.securitysage.com. in background
[15505] dbg: dns: _check_rbl_addresses RBL rhsbl.ahbl.org., set ahbl
[15505] dbg: dns: launching DNS A query for
netconsonance.com.rhsbl.ahbl.org. in background
[15505] dbg: dns: checking A and MX for host netconsonance.com
[15505] dbg: dns: launching DNS A query for netconsonance.com in
background
[15505] dbg: dns: launching DNS MX query for netconsonance.com in
background
[15505] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[15505] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[15505] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-
lastexternal
[15505] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-
firsttrusted
[15505] dbg: dns: checking RBL combined-
HIB.dnsiplists.completewhois.com., set whois
[15505] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[15505] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-
firsttrusted
[15505] dbg: dns: checking RBL combined-
HIB.dnsiplists.completewhois.com., set whois-lastexternal
[15505] dbg: dns: _check_rbl_addresses RBL fulldom.rfc-ignorant.org.,
set rfci_envfrom
[15505] dbg: dns: launching DNS A query for
netconsonance.com.fulldom.rfc-ignorant.org. in background
[15505] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[15505] dbg: check: running tests for priority: 0
[15505] dbg: rules: running header regexp tests; score so far=0
[15505] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[15505] dbg: rules: ran header rule LOCAL_AUTH_RCVD ======> got hit:
"(authenticated bits=0) by triceratops.lizardarts.com "
[15505] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<91...@netconsonance.com>
[15505] dbg: rules: "
[15505] dbg: rules: ran header rule __CT_TEXT_PLAIN ======> got hit:
"text/plain"
[15505] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@netconsonance.com>"
[15505] dbg: rules: ran header rule __CTE ======> got hit: "7"
[15505] dbg: rules: ran header rule __SARE_HEAD_MIME_VALID ======>
got hit: "1.0"
[15505] dbg: rules: ran header rule __CT ======> got hit: "t"
[15505] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "J"
[15505] dbg: rules: ran header rule __X_MAILER_APPLEMAIL ======> got
hit: "Apple Mail (2.752.2)"
[15505] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "t"
[15505] dbg: rules: ran header rule __SARE_HEAD_SUBJ_RAND ======> got
hit: "testing "
[15505] dbg: rules: ran header rule __SARE_WHITELIST_FLAG ======> got
hit: "J"
[15505] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[15505] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "A"
[15505] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[15505] dbg: rules: ran header rule __MSGID_APPLEMAIL ======> got
hit: "<91...@netconsonance.com>"
[15505] dbg: rules: ran header rule __MIME_VERSION_APPLEMAIL ======>
got hit: "1.0 (Apple Message framework v752.2)"
[15505] dbg: spf: checking HELO (helo=!10.66.240.106!, ip=64.13.135.30)
[15505] dbg: spf: query for /64.13.135.30/!10.66.240.106!: result:
unknown, comment: Please see http://www.openspf.org/why.html?sender=!
10.66.240.106!&ip=64.13.135.30&receiver=triceratops.lizardarts.com:
domain of sender !10.66.240.106! does not exist
[15505] dbg: eval: all '*From' addrs: jrhett@netconsonance.com
[15505] dbg: eval: trying Received header date for real time: 7 Dec
2006 12:41:38 -0800
[15505] dbg: eval: time_t from date=1165524098, rcvd= 7 Dec 2006
12:41:38 -0800
[15505] dbg: eval: all '*To' addrs: jrhett@lizardarts.com
[15505] dbg: spf: found Envelope-From in first external Received header
[15505] dbg: spf: checking EnvelopeFrom (helo=!10.66.240.106!,
ip=64.13.135.30, envfrom=jrhett@netconsonance.com)
[15505] dbg: spf: query for jrhett@netconsonance.com/64.13.135.30/!
10.66.240.106!: result: fail, comment: Please see http://
www.openspf.org/why.html?sender=jrhett%
40netconsonance.com&ip=64.13.135.30&receiver=triceratops.lizardarts.com
[15505] dbg: rules: ran eval rule ALL_TRUSTED ======> got hit
[15505] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======>
got hit
[15505] dbg: spf: def_whitelist_from_spf: jrhett@netconsonance.com is
not in DEF_WHITELIST_FROM_SPF
[15505] dbg: rules: ran eval rule SPF_FAIL ======> got hit
[15505] dbg: eval: date chosen from message: Thu Dec 7 12:41:38 2006
[15505] dbg: spf: whitelist_from_spf: jrhett@netconsonance.com is not
in user's WHITELIST_FROM_SPF
[15505] dbg: rules: running body-text per-line regexp tests; score so
far=-7.94
[15505] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "t"
[15505] dbg: uri: running uri tests; score so far=-7.94
[15505] dbg: bayes: not scoring message, returning undef
[15505] dbg: bayes: opportunistic call attempt failed, DB not readable
[15505] dbg: rules: ran eval rule __SARE_BODY_BLNK_5_100 ======> got hit
[15505] dbg: rules: running raw-body-text per-line regexp tests;
score so far=-7.94
[15505] dbg: rules: running full-text regexp tests; score so far=-7.94
[15505] dbg: info: entering helper-app run mode
[15505] dbg: info: leaving helper-app run mode
[15505] dbg: razor2: part=0 engine=4 contested=0 confidence=0
[15505] dbg: razor2: results: spam? 0
[15505] dbg: razor2: results: engine 8, highest cf score: 0
[15505] dbg: razor2: results: engine 4, highest cf score: 0
[15505] dbg: pyzor: pyzor is not available: no pyzor executable found
[15505] dbg: pyzor: no pyzor found, disabling Pyzor
[15505] dbg: check: running tests for priority: 500
[15505] dbg: dns: success for 4 of 5 queries
[15505] dbg: dns: timeout for rfci_envfrom after 5 seconds
[15505] dbg: rules: running meta tests; score so far=-7.94
[15505] dbg: rules: running header regexp tests; score so far=-7.94
[15505] dbg: rules: running body-text per-line regexp tests; score so
far=-7.94
[15505] dbg: uri: running uri tests; score so far=-7.94
[15505] dbg: rules: running raw-body-text per-line regexp tests;
score so far=-7.94
[15505] dbg: rules: running full-text regexp tests; score so far=-7.94
[15505] dbg: check: running tests for priority: 1000
[15505] dbg: rules: running meta tests; score so far=-7.94
[15505] dbg: rules: running header regexp tests; score so far=-7.94
[15505] dbg: locker: safe_lock: created /var/amavis/.spamassassin/
auto-whitelist.lock.triceratops.lizardarts.com.15505
[15505] dbg: locker: safe_lock: trying to get lock on /var/
amavis/.spamassassin/auto-whitelist with 0 retries
[15505] dbg: locker: safe_lock: link to /var/amavis/.spamassassin/
auto-whitelist.lock: link ok
[15505] dbg: auto-whitelist: tie-ing to DB file of type DB_File R/W
in /var/amavis/.spamassassin/auto-whitelist
[15505] dbg: auto-whitelist: db-based jrhett@netconsonance.com|
ip=64.13 scores 245/86.59
[15505] dbg: auto-whitelist: AWL active, pre-score: -7.94, autolearn
score: -7.94, mean: 0.353428571428571, IP: 64.13.135.30
[15505] dbg: auto-whitelist: add_score: new count: 246, new totscore:
78.65
[15505] dbg: auto-whitelist: DB addr list: untie-ing and unlocking
[15505] dbg: auto-whitelist: DB addr list: file locked, breaking lock
[15505] dbg: locker: safe_unlock: unlink /var/amavis/.spamassassin/
auto-whitelist.lock
[15505] dbg: auto-whitelist: post auto-whitelist score:
-3.79328571428571
[15505] dbg: rules: running body-text per-line regexp tests; score so
far=-3.79328571428571
[15505] dbg: uri: running uri tests; score so far=-3.79328571428571
[15505] dbg: rules: running raw-body-text per-line regexp tests;
score so far=-3.79328571428571
[15505] dbg: rules: running full-text regexp tests; score so
far=-3.79328571428571
[15505] dbg: check: is spam? score=-3.793 required=5
[15505] dbg: check: tests=ALL_TRUSTED,AWL,LOCAL_AUTH_RCVD,SPF_FAIL
[15505] dbg: check:
subtests=__CT,__CTE,__CT_TEXT_PLAIN,__ENV_AND_HDR_FROM_MATCH,__HAS_MSGID
,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__MIME_VERSION,__MIME_VERSION_A
PPLEMAIL,__MSGID_APPLEMAIL,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,
__SARE_BODY_BLNK_5_100,__SARE_HEAD_MIME_VALID,__SARE_HEAD_SUBJ_RAND,__SA
RE_WHITELIST_FLAG,__TOCC_EXISTS,__USER_AGENT_APPLEMAIL,__X_MAILER_APPLEM
AIL
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
Jo Rhett wrote:
> While you are fixing bugs related to authentication, any chance you'll
> fix the SPF plugin to skip checks on authenticated delivery? Or have an
> option to enable this behavior?
>
> Or do you want a patch from me? It'll take me a lot longer than you,
> since I'll spend hours just tracing down the data structures....
I know for sure that if there are no external relays detected there will
be no SPF checks. There might be checks done (read I'm almost certain
there is) if all the relays are trusted, but one or more of them are
external.
Your other email about this didn't include the necessary debug info to
confirm the bug as you reported it.
If you'd like me to look at it, I'd need a full debug output, including
the complete message headers, of a message that exhibits the bug.
Daryl
Re: Recognizing Sendmail's authentication -- patch included (WAS: How is LOCAL_AUTH_RCVD used?)
Posted by Jo Rhett <jr...@netconsonance.com>.
While you are fixing bugs related to authentication, any chance
you'll fix the SPF plugin to skip checks on authenticated delivery?
Or have an option to enable this behavior?
Or do you want a patch from me? It'll take me a lot longer than you,
since I'll spend hours just tracing down the data structures....
On Dec 5, 2006, at 11:22 AM, Daryl C. W. O'Shea wrote:
> René Berber wrote:
>> Daryl C. W. O'Shea wrote:
>> [snip]
>>> Sendmail should be putting a "(authenticated bits=0)" line in its
>>> Received header when the user authenticates. SA will
>>> automatically use
>>> this to extend the trust path if the header above it is trusted.
>> Let's start by saying two things:
>> 1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify
>> what happened to
>> the original subject.
>
> It's solely a workaround, suggested by Dana from UW's CIS dept
> before there was any support at all for detecting authenticated
> relays, for how you might workaround the problem. As I said
> yesterday, I updated the wiki page to hopefully make this clear.
> If it's still somehow not clear that it's only a workaround please
> let me know, or take a shot at making it clearer yourself.
>
>
>> 2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's
>> authentication
>> under some circumstances. I assume that it does recognize it for
>> other
>> messages, even if I have not seen evidence to that effect.
>> If I change Received.pm, line 414, like this:
>> # Sendmail, MDaemon, some webmail servers, and others
>> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*?
>> by/) {
>> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
>
> Yeah, as you've found, the regex doesn't match when Sendmail adds a
> comment about a connection's funky DNS entries. Amazingly nobody
> has had the same problem and brought it to our attention in the
> more than two years since I wrote that code.
>
> It'll be fixed in the next version of SpamAssassin to be released.
>
> http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5223
>
>
> Daryl
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
Re: Recognizing Sendmail's authentication -- patch included (WAS:
How is LOCAL_AUTH_RCVD used?)
Posted by "Daryl C. W. O'Shea" <sp...@dostech.ca>.
René Berber wrote:
> Daryl C. W. O'Shea wrote:
> [snip]
>> Sendmail should be putting a "(authenticated bits=0)" line in its
>> Received header when the user authenticates. SA will automatically use
>> this to extend the trust path if the header above it is trusted.
>
> Let's start by saying two things:
>
> 1) LOCAL_AUTH_RCVD doesn't do anything useful, just to clarify what happened to
> the original subject.
It's solely a workaround, suggested by Dana from UW's CIS dept before
there was any support at all for detecting authenticated relays, for how
you might workaround the problem. As I said yesterday, I updated the
wiki page to hopefully make this clear. If it's still somehow not clear
that it's only a workaround please let me know, or take a shot at making
it clearer yourself.
> 2) SA 3.1.7 (and 3.1.5) doesn't seem to recognize Sendmail's authentication
> under some circumstances. I assume that it does recognize it for other
> messages, even if I have not seen evidence to that effect.
>
> If I change Received.pm, line 414, like this:
>
> # Sendmail, MDaemon, some webmail servers, and others
> - elsif (/^from .*?(?:\]\)|\)\]) .*?\(.*?authenticated.*?\).*? by/) {
> + elsif (/^from .*?(.*?authenticated.*?\).*? by/) {
Yeah, as you've found, the regex doesn't match when Sendmail adds a
comment about a connection's funky DNS entries. Amazingly nobody has
had the same problem and brought it to our attention in the more than
two years since I wrote that code.
It'll be fixed in the next version of SpamAssassin to be released.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5223
Daryl