You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sebastian Hoffmann <se...@pallas-group.de> on 2008/03/10 16:43:46 UTC
Milter (spamassassin): timeout before data read
Hello,
I've searched a lot to find a proper solution for my problem, but I
didn't find exaclty what I was searching for.
I'm running spamassassin 3.2.4 on suse 10.1 together with sendmail
8.13.8 and clamav 0.92.
Severeal times a day messages pass spamassassin without being correctly
scanned / redirected. The logfile throws entries like these:
[snip]
Mar 7 18:33:07 gw sendmail[5882]: m27HX5kl005882:
from=<3_...@aerofire.com>, size=3222, class=0, nrcpts=1,
msgid=<00...@ludebn>, proto=ESMTP, daemon=MTA,
relay=XXX [217.160.129.172]
Mar 7 18:33:07 gw spamd[2432]: spamd: connection from localhost
[127.0.0.1] at port 38822
Mar 7 18:33:07 gw spamd[2432]: spamd: processing message
<00...@ludebn> for root:110
Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter (spamassassin):
timeout before data read
Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter (spamassassin):
to error state
Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter add: header:
X-Virus-Scanned: ClamAV 0.92/6021/Thu Feb 28 00:55:48 2008 on gw.pallas
Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter add: header:
X-Virus-Status: Clean
Mar 7 18:33:18 gw spamd[2432]: spamd: identified spam (12.5/5.0) for
root:110 in 10.5 seconds, 3591 bytes.
Mar 7 18:33:18 gw spamd[2432]: spamd: result: Y 12 -
BAYES_99,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_NUMERIC_HELO,URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL
scantime=10.5,size=3591,user=root,uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=38822,mid=<00...@ludebn>,bayes=1.000000,autolearn=spam
Mar 7 18:33:18 gw spamass-milter[2443]: Thrown error: Failed to add
spambucket to recipients
Mar 7 18:33:18 gw spamd[22546]: prefork: child states: II
Mar 7 18:33:18 gw sendmail[5886]: m27HX5kl005882: to=xxx,
delay=00:00:11, xdelay=00:00:00, mailer=local, pri=123528, dsn=2.0.0,
stat=Sent
Mar 7 18:33:18 gw sendmail[5886]: m27HX5kl005882: to=xxx,
delay=00:00:11, xdelay=00:00:00, mailer=local, pri=123528, dsn=2.0.0,
stat=Sent
Mar 7 18:33:18 gw sendmail[5886]: m27HX5kl005882: to=xxx,
delay=00:00:11, xdelay=00:00:00, mailer=local, pri=123528, dsn=2.0.0,
stat=Sent
Mar 7 18:33:18 gw sendmail[5886]: m27HX5kl005882: to=xxx,
delay=00:00:11, xdelay=00:00:00, mailer=local, pri=123528, dsn=2.0.0,
stat=Sent
[snap]
Have a look at the timestamps. The timeout comes always 10 seconds after
the mail comes in an scanning starts. I've not found any entry that
seemes to describe this 10sec timeout-limit and how to increese it.
Below are my entries in the sendmail.mc file... all times are set in
minutes, nothing in seconds...
Any ideas?
Spamassassin's and clamav's entries in the sendmail.mc file look like this:
INPUT_MAIL_FILTER(`spamassassin',
S=local:/var/spamd/spamass-milter.sock,
F=,T=C:15m;S:4m;R:4m;E:10m')
INPUT_MAIL_FILTER(`clmilter',
S=local:/var/run/clamav/clmilter.socket,
F=,T=S:4m;R:4m´)
dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter')
-- Sebastian
Re: Milter (spamassassin): timeout before data read
Posted by Sebastian Hoffmann <se...@pallas-group.de>.
To be sure I made a new .cf file from the .mc yesterday and this
"phenom" still occurs.
The readme for libmilter says that the default values for the s: and r:
are set to 10sec if they are not set in the config.
But they are definitely set in the .mc/.cf :-(
am 11.03.2008 14:22 schrieb SM:
> At 02:38 11-03-2008, Sebastian Hoffmann wrote:
>> This was why I postet the settings from the sendmail-milter:
>
> I missed that when I replied.
>
>> "INPUT_MAIL_FILTER(`spamassassin',
>> S=local:/var/spamd/spamass-milter.sock,
>> F=,T=C:15m;S:4m;R:4m;E:10m')
>> INPUT_MAIL_FILTER(`clmilter',
>> S=local:/var/run/clamav/clmilter.socket,
>> F=,T=S:4m;R:4m�)
>> dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter') "
>>
>> All timeouts here are set in minutes for the milter, not in seconds,
>> or even a setting with ":10s". I thought that these were the settings
>> for the milter, arent't they?
>
> They are. Verify whether the above timeouts are what you have in the
> configuration file (.cf) used by sendmail.
>
> Regards,
> -sm
>
>
--
Mit freundlichen Gr��en,
Sebastian Hoffmann
-Pallas Group-
P+O Compact Disc GmbH
IT / Programmierung
Auf dem Esch 8
49356 Diepholz
Tel.: +49 5441 977-180
Fax: +49 5441 977-177
E-Mail: Sebastian.Hoffmann@pallas-group.de
Internet: www.pallas-group.de
Amtsgericht Walsrode HRB 100109
UST.ID.NR.: (VAT.REG.NO.): DE 116579198
Gesch�ftsf�hrer:
Rolf Neumann * Holger Neumann * Rainer Koppermann
P.S.: Wir sind offizieller Lizenzpartner von Toshiba, Philips und MPEG-2.
Re: Milter (spamassassin): timeout before data read
Posted by SM <sm...@resistor.net>.
At 02:38 11-03-2008, Sebastian Hoffmann wrote:
>This was why I postet the settings from the sendmail-milter:
I missed that when I replied.
>"INPUT_MAIL_FILTER(`spamassassin',
>S=local:/var/spamd/spamass-milter.sock,
>F=,T=C:15m;S:4m;R:4m;E:10m')
>INPUT_MAIL_FILTER(`clmilter',
>S=local:/var/run/clamav/clmilter.socket,
>F=,T=S:4m;R:4m´)
>dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter') "
>
>All timeouts here are set in minutes for the
>milter, not in seconds, or even a setting with
>":10s". I thought that these were the settings for the milter, arent't they?
They are. Verify whether the above timeouts are
what you have in the configuration file (.cf) used by sendmail.
Regards,
-sm
Re: Whitelist Question
Posted by Evan Platt <ev...@espphotography.com>.
Sure - a procmail recipe would work.
Or, provide an example header and an example entry from your local.cf
so maybe someone here can see if there's something incorrect.
At 09:39 AM 3/11/2008, JDavila@languageworks.com wrote:
>I add users to whitelist in the local.cf file "whitelist_from
>user@example.com" but they still get tagged as Spam, is there a
>altnerative solution.
>- Jeremy
Re: Milter (spamassassin): timeout before data read
Posted by Sebastian Hoffmann <se...@pallas-group.de>.
YES MAN! Thanks a lot!!! That was my mistake. I'm wondering why I
haven't found that comment on that page...
But... ymmd! Thank you :-)
am 12.03.2008 15:32 schrieb Jared Hall:
> Sebastian Hoffmann wrote:
>> Hi!
>>
>> I'm using the spamass-milter 0.3.1. I searched in the milter's
>> man-page for a command to specify the timeout but didn't find
>> anything. I also had a look at the options that are possible to set
>> when executing the ./configure.sh before starting "make" and "make
>> install" but... nothing to set here. Could you suggest another milter
>> for sendmail and spamassassin that is able to configure in that way?
> Are you missing the opening single quote before S=local in your
> sendmail milter definition?
>
> http://savannah.nongnu.org/bugs/?func=detailitem&item_id=16722
>
> FWIW, I use milter-spamc.
>
>
--
Mit freundlichen Gr��en,
Sebastian Hoffmann
-Pallas Group-
P+O Compact Disc GmbH
IT / Programmierung
Auf dem Esch 8
49356 Diepholz
Tel.: +49 5441 977-180
Fax: +49 5441 977-177
E-Mail: Sebastian.Hoffmann@pallas-group.de
Internet: www.pallas-group.de
Amtsgericht Walsrode HRB 100109
UST.ID.NR.: (VAT.REG.NO.): DE 116579198
Gesch�ftsf�hrer:
Rolf Neumann * Holger Neumann * Rainer Koppermann
P.S.: Wir sind offizieller Lizenzpartner von Toshiba, Philips und MPEG-2.
Re: Milter (spamassassin): timeout before data read
Posted by Jared Hall <jh...@tbi.net>.
Sebastian Hoffmann wrote:
> Hi!
>
> I'm using the spamass-milter 0.3.1. I searched in the milter's
> man-page for a command to specify the timeout but didn't find
> anything. I also had a look at the options that are possible to set
> when executing the ./configure.sh before starting "make" and "make
> install" but... nothing to set here. Could you suggest another milter
> for sendmail and spamassassin that is able to configure in that way?
Are you missing the opening single quote before S=local in your
sendmail milter definition?
http://savannah.nongnu.org/bugs/?func=detailitem&item_id=16722
FWIW, I use milter-spamc.
Re: Milter (spamassassin): timeout before data read
Posted by Sebastian Hoffmann <se...@pallas-group.de>.
Hi!
I'm using the spamass-milter 0.3.1. I searched in the milter's man-page
for a command to specify the timeout but didn't find anything. I also
had a look at the options that are possible to set when executing the
./configure.sh before starting "make" and "make install" but... nothing
to set here. Could you suggest another milter for sendmail and
spamassassin that is able to configure in that way?
--
Sebastian
am 11.03.2008 17:26 schrieb David B Funk:
> On Tue, 11 Mar 2008, Sebastian Hoffmann wrote:
>
>> This was why I postet the settings from the sendmail-milter:
>>
>> "INPUT_MAIL_FILTER(`spamassassin',
>> S=local:/var/spamd/spamass-milter.sock,
>> F=,T=C:15m;S:4m;R:4m;E:10m')
>> INPUT_MAIL_FILTER(`clmilter',
>> S=local:/var/run/clamav/clmilter.socket,
>> F=,T=S:4m;R:4m�)
>> dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter') "
>>
>> All timeouts here are set in minutes for the milter, not in seconds, or
>> even a setting with ":10s". I thought that these were the settings for
>> the milter, arent't they?
>> Does anybody know where I can increse an value that seemes to be set to
>> 10 seconds by default? I don't know where to start...
> [snip..]
>
> The timeout parameters in your sendmail .mc/.cf file are for the
> communications from sendmail -to- the milter daemon. There is another
> conversation that is going on between the milter daemon and spamd.
> (IE sendmail passes the message to the milter daemon, the milter daemon
> passes it on to spamd, spamd processes the message and replies to the
> milter daemon, the milter daemon then reports back to sendmail).
>
> So it looks like your milter daemon has a short (10s) timeout for when
> -it- talks to spamd, so if spamd takes more than 10s to process the
> message and reply back to the milter daemon, the milter daemon declares
> spamd to be non-responding and errors out. (that's an unrealisticly short
> timeout).
>
> So you need to look at the configuration of the milter daemon to see how
> to change its timeouts. That may be a config option or may be hardcoded
> inside the milter.
>
> Which specific milter are you using? Do you have the source code for it?
>
Re: Whitelist Question
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 11.03.08 17:26, JDavila@languageworks.com wrote:
> Here is the full header. But also the local.cf has around 12000 entries,
> is that a problem.
WHAT? 12000 entries? What the hell are you doing with that?
> Received: from smtp1.citigroup.com ([199.67.179.116]
> helo=mail.citigroup.com)
> by nyclns01.languageworks.com with esmtps
> (TLSv1:AES256-SHA:256)
> (Exim 4.66)
> (envelope-from <vi...@citi.com>)
> id 1JZ4xk-0008OC-Om
> for BHyatt@languageworks.com; Tue, 11 Mar 2008 09:56:25
> -0400
[...]
> 4.0 SARE_FORGED_CITI Message appears to be forged,
> (citibank.com)
I wonder why it matches SARE_FORGED_CITI when it was received from
smtp1.citigroup.com. I personally doesn't use SARE so I can't comment it,
but it looks problematic.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.
Re: Whitelist Question
Posted by JD...@languageworks.com.
Here is the full header. But also the local.cf has around 12000 entries,
is that a problem.
Received: from nyclns01.languageworks.com ([192.168.20.60])
by NYCDML02.languageworks.com (Lotus Domino Release 7.0.3)
with ESMTP id 2008031109551545-44621 ;
Tue, 11 Mar 2008 09:55:15 -0400
Received: from smtp1.citigroup.com ([199.67.179.116]
helo=mail.citigroup.com)
by nyclns01.languageworks.com with esmtps
(TLSv1:AES256-SHA:256)
(Exim 4.66)
(envelope-from <vi...@citi.com>)
id 1JZ4xk-0008OC-Om
for BHyatt@languageworks.com; Tue, 11 Mar 2008 09:56:25
-0400
Received: from imbarc-nj01.nj.ssmb.com (imbarc-nj01-2 [150.110.115.169])
by imbaspam-nj03.iplex.ssmb.com
(8.13.8/8.13.8/SSMB_EXT/ev: 16778 $) with ESMTP id m2BDuCkL008560
for <BH...@languageworks.com>; Tue, 11 Mar 2008 13:56:15
GMT
Received: from mailhub-nj04-1.nj.ssmb.com (mailhub-nj04-2.nj.ssmb.com
[150.110.236.237])
by imbarc-nj01.nj.ssmb.com (8.13.8/8.13.8/SSMB_QQQ_IN/1.1)
with ESMTP id m2BDu7hi010772
for <BH...@languageworks.com>; Tue, 11 Mar 2008 13:56:07
GMT
Received: from exnmdsm03.nam.nsroot.net (EXNMDSM03.nam.nsroot.net
[169.193.142.69])
by mailhub-nj04-1.nj.ssmb.com (8.13.8/8.13.8/CG_HUB) with
ESMTP id m2BDu1Qx017430
for <BH...@languageworks.com>; Tue, 11 Mar 2008 13:56:07
GMT
Received: from extxmb09.nam.nsroot.net ([165.203.15.26]) by
exnmdsm03.nam.nsroot.net with Microsoft SMTPSVC(5.0.2195.6713);
Tue, 11 Mar 2008 09:55:48 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6619.12
MIME-Version: 1.0
Disposition-Notification-To: "Brown, Vicci [GCG-CFNA]"
<vi...@citi.com>
Subject: RE: ESTIMATE - WI #80272(7/96)
Date: Tue, 11 Mar 2008 08:55:46 -0500
Message-ID:
<68...@EXTXMB09.nam.nsroot.net>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: ESTIMATE - WI #80272(7/96)
Thread-Index: AciDfpUqgb/6PeTNR9KYDZKznHoijgAAVcNw
From: "Brown, Vicci " <vi...@citi.com>
To: <BH...@languageworks.com>
X-OriginalArrivalTime: 11 Mar 2008 13:55:48.0027 (UTC)
FILETIME=[9BEEE8B0:01C8837F]
X-Scanned-By: MIMEDefang 2.52 on 199.67.177.247
X-Spam-Score: 5.7 (+++++)
X-Spam-Report: Spam detection software, running on the system
"nyclns01.languageworks.com", has
identified this incoming email as possible spam. The
original message
has been attached to this so you can view it (if it isn't
spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: I have faxed back the authorized quote,
please confirm receipt
_____ From: BHyatt@languageworks.com
[mailto:BHyatt@languageworks.com] Sent:
Tuesday, March 11, 2008 8:47 AM To: Brown, Vicci
[GCG-CFNA] Cc: Beaudette,
Kathleen M [GCG-CFNA]; Yasmin Menon Subject: ESTIMATE - WI
#80272(7/96) [...]
Content analysis details: (5.7 points, 10.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at
http://www.dnswl.org/, medium
trust
[199.67.179.116 listed in list.dnswl.org]
1.0 EXTRA_MPART_TYPE Header has extraneous
Content-type:...type= entry
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.8 SUBJ_ALL_CAPS Subject is all capitals
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
4.0 SARE_FORGED_CITI Message appears to be forged,
(citibank.com)
X-MIMETrack: Itemize by SMTP Server on
NYCDML02/Server/LanguageWorks(Release 7.0.3|September
26, 2007) at 03/11/2008 09:55:15 AM,
Serialize by Notes Client on Brett
Hyatt/LanguageWorks(Release 7.0.2|September
26, 2006) at 03/11/2008 10:51:18 AM
content-class: urn:content-classes:message
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----_=_NextPart_001_01C8837F.9AE5BBA2"
------_=_NextPart_001_01C8837F.9AE5BBA2
Content-Type: multipart/alternative;
boundary="----_=_NextPart_002_01C8837F.9AE5BBA2"
------_=_NextPart_002_01C8837F.9AE5BBA2
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
Jeremy Davila
Systems Administrator
Direct: 646-205-2136
The LanguageWorks, Inc.
1123 Broadway, Suite 201
New York, NY 10010
The LanguageWorks, Inc. is an ISO 9001:2000 certified company which:
"Facilitates global communication by providing foreign language
translation, editing, proofreading, and cultural analysis. Additional
services include on-site interpreting and document review, foreign
language page layout, conversion of web sites into multiple languages, and
multilingual voice-overs for radio spots and video productions."
CONFIDENTIALITY NOTICE:
The information in this E-Mail may be confidential and may be legally
privileged. It is intended solely for the addressee(s). If you are not the
intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on this E-Mail, is prohibited and
may be unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.
Randy Ramsdell <rr...@livedatagroup.com>
03/11/2008 05:22 PM
To
users@spamassassin.apache.org
cc
Subject
Re: Whitelist Question
JDavila@languageworks.com wrote:
>
> Here is the header info. What is the alternate solution to using
> whitelist_from ? I been also trying to setup AWL via MySQL.....no
> luck on that.
> I use Exim for mail then , it relays to Lotus Domino.....if that helps.
>
>
> Content analysis details: (5.7 points, 10.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at
> http://www.dnswl.org/, medium
> trust
> [199.67.179.116 listed in list.dnswl.org]
> 1.0 EXTRA_MPART_TYPE Header has extraneous
> Content-type:...type= entry
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> 1.8 SUBJ_ALL_CAPS Subject is all capitals
> -0.0 SPF_PASS SPF: sender matches SPF
record
> 0.0 HTML_MESSAGE BODY: HTML included in
message
> 1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
> 1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
>
>
This isn't the full header. A full header will show exactly what to
whitelist.
1. Did you restart spamd or amavis/spamd?
>
> On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
>
> > I add users to whitelist in the local.cf file "whitelist_from
> > user@example.com" but they still get tagged as Spam, is there a
> > altnerative solution.
>
> (2) Post *all* the headers from a message that was incorrectly marked as
> spam, as well as the whitelist command you put in that you think should
> have whitelisted that message.
>
Re: Whitelist Question
Posted by Randy Ramsdell <rr...@livedatagroup.com>.
JDavila@languageworks.com wrote:
>
> Here is the header info. What is the alternate solution to using
> whitelist_from ? I been also trying to setup AWL via MySQL.....no
> luck on that.
> I use Exim for mail then , it relays to Lotus Domino.....if that helps.
>
>
> Content analysis details: (5.7 points, 10.0 required)
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at
> http://www.dnswl.org/, medium
> trust
> [199.67.179.116 listed in list.dnswl.org]
> 1.0 EXTRA_MPART_TYPE Header has extraneous
> Content-type:...type= entry
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> 1.8 SUBJ_ALL_CAPS Subject is all capitals
> -0.0 SPF_PASS SPF: sender matches SPF record
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
> 1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
>
>
This isn't the full header. A full header will show exactly what to
whitelist.
1. Did you restart spamd or amavis/spamd?
>
> On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
>
> > I add users to whitelist in the local.cf file "whitelist_from
> > user@example.com" but they still get tagged as Spam, is there a
> > altnerative solution.
>
> (2) Post *all* the headers from a message that was incorrectly marked as
> spam, as well as the whitelist command you put in that you think should
> have whitelisted that message.
>
Re: Whitelist Question
Posted by John Hardin <jh...@impsec.org>.
On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
> Here is the header info.
*screenshots*? During the day I use a text-only mail client, so I can't
look at them for you until tonight unless you post the text version of the
full message headers. I can't say whether anyone else will bother to look.
> What is the alternate solution to using whitelist_from ?
There are several variants, whitelist_from_rcvd and whitelist_from_spf
being the most useful.
> I been also trying to setup AWL via MySQL.....no luck on
> that.
"AWL" is a misleading name; it is a score averager, not really a whitelist
- it's only a whitelist if someone with a history of sending ham happens
to send a spammy message.
> I use Exim for mail then , it relays to Lotus Domino.....if that helps.
At this point it's not relevant.
> Content analysis details: (5.7 points, 10.0 required)
Ah, good, this may be enough to give useful advice...
> pts rule name description
> ---- ----------------- --------------------------------------------------
> -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
> trust [199.67.179.116 listed in list.dnswl.org]
> 1.0 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
> -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
> 1.8 SUBJ_ALL_CAPS Subject is all capitals
> -0.0 SPF_PASS SPF: sender matches SPF record
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
> 1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
> 4.0 SARE_FORGED_CITI Message appears to be forged, (citibank.com)
Okay, given that it seems to be a Citibank mail, and SPF passes, you'd
want to use whitelist_from_SPF. See the documentation for the details.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #2: Anything worth shooting is worth
shooting twice. Ammo is cheap. Your life is expensive.
-----------------------------------------------------------------------
3 days until Albert Einstein's 129th Birthday
Re: Whitelist Question
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 12.03.08 10:41, JDavila@languageworks.com wrote:
> Even though it did not meet SA's threshold, the e-mails are still going to
> users Spam Box instead of their inbox. Maybe I should have made that more
> clear , sorry for the confusion.
it's not SA issue then. SA only classifies mail, it's something different
that delivers to mailboxes (procmail, maildrop, anything)
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.
Re: Whitelist Question
Posted by JD...@languageworks.com.
John ,
Even though it did not meet SA's threshold, the e-mails are still going to
users Spam Box instead of their inbox. Maybe I should have made that more
clear , sorry for the confusion.
Jeremy Davila
Systems Administrator
Direct: 646-205-2136
The LanguageWorks, Inc.
1123 Broadway, Suite 201
New York, NY 10010
The LanguageWorks, Inc. is an ISO 9001:2000 certified company which:
"Facilitates global communication by providing foreign language
translation, editing, proofreading, and cultural analysis. Additional
services include on-site interpreting and document review, foreign
language page layout, conversion of web sites into multiple languages, and
multilingual voice-overs for radio spots and video productions."
CONFIDENTIALITY NOTICE:
The information in this E-Mail may be confidential and may be legally
privileged. It is intended solely for the addressee(s). If you are not the
intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on this E-Mail, is prohibited and
may be unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.
John Hardin <jh...@impsec.org>
03/11/2008 05:28 PM
To
JDavila@languageworks.com
cc
users@spamassassin.apache.org
Subject
Re: Whitelist Question
On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
> Content analysis details: (5.7 points, 10.0 required)
Also: it didn't cross your spam threshold, so what are you complaining
about?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no doubt in my mind that millions of lives could have been
saved if the people were not "brainwashed" about gun ownership and
had been well armed. ... Gun haters always want to forget the Warsaw
Ghetto uprising, which is a perfect example of how a ragtag,
half-starved group of Jews took 10 handguns and made asses out of
the Nazis. -- Theodore Haas, Dachau Survivor
-----------------------------------------------------------------------
3 days until Albert Einstein's 129th Birthday
Re: Whitelist Question
Posted by John Hardin <jh...@impsec.org>.
On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
> Content analysis details: (5.7 points, 10.0 required)
Also: it didn't cross your spam threshold, so what are you complaining
about?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
There is no doubt in my mind that millions of lives could have been
saved if the people were not "brainwashed" about gun ownership and
had been well armed. ... Gun haters always want to forget the Warsaw
Ghetto uprising, which is a perfect example of how a ragtag,
half-starved group of Jews took 10 handguns and made asses out of
the Nazis. -- Theodore Haas, Dachau Survivor
-----------------------------------------------------------------------
3 days until Albert Einstein's 129th Birthday
Re: Whitelist Question
Posted by JD...@languageworks.com.
Here is the header info. What is the alternate solution to using
whitelist_from ? I been also trying to setup AWL via MySQL.....no luck on
that.
I use Exim for mail then , it relays to Lotus Domino.....if that helps.
Content analysis details: (5.7 points, 10.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at
http://www.dnswl.org/, medium
trust
[199.67.179.116 listed in list.dnswl.org]
1.0 EXTRA_MPART_TYPE Header has extraneous
Content-type:...type= entry
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.8 SUBJ_ALL_CAPS Subject is all capitals
-0.0 SPF_PASS SPF: sender matches SPF
record
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 SARE_GIF_ATTACH FULL: Email has a inline gif
1.5 MY_CID_AND_ARIAL2 SARE CID and Arial2
4.0 SARE_FORGED_CITI Message appears to be forged,
(citibank.com)
Jeremy Davila
Systems Administrator
Direct: 646-205-2136
The LanguageWorks, Inc.
1123 Broadway, Suite 201
New York, NY 10010
The LanguageWorks, Inc. is an ISO 9001:2000 certified company which:
"Facilitates global communication by providing foreign language
translation, editing, proofreading, and cultural analysis. Additional
services include on-site interpreting and document review, foreign
language page layout, conversion of web sites into multiple languages, and
multilingual voice-overs for radio spots and video productions."
CONFIDENTIALITY NOTICE:
The information in this E-Mail may be confidential and may be legally
privileged. It is intended solely for the addressee(s). If you are not the
intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on this E-Mail, is prohibited and
may be unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.
John Hardin <jh...@impsec.org>
03/11/2008 12:47 PM
To
JDavila@languageworks.com
cc
users@spamassassin.apache.org
Subject
Re: Whitelist Question
On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
> I add users to whitelist in the local.cf file "whitelist_from
> user@example.com" but they still get tagged as Spam, is there a
> altnerative solution.
(1) Don't use whitelist_from, it is too easy for spammers to spoof. Use
one of the other whitelist options. whitelist_from is a last resort
option.
(2) Post *all* the headers from a message that was incorrectly marked as
spam, as well as the whitelist command you put in that you think should
have whitelisted that message.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Win95: Where do you want to go today?
Vista: Where will Microsoft allow you to go today?
-----------------------------------------------------------------------
3 days until Albert Einstein's 129th Birthday
Re: Whitelist Question
Posted by John Hardin <jh...@impsec.org>.
On Tue, 11 Mar 2008, JDavila@languageworks.com wrote:
> I add users to whitelist in the local.cf file "whitelist_from
> user@example.com" but they still get tagged as Spam, is there a
> altnerative solution.
(1) Don't use whitelist_from, it is too easy for spammers to spoof. Use
one of the other whitelist options. whitelist_from is a last resort
option.
(2) Post *all* the headers from a message that was incorrectly marked as
spam, as well as the whitelist command you put in that you think should
have whitelisted that message.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Win95: Where do you want to go today?
Vista: Where will Microsoft allow you to go today?
-----------------------------------------------------------------------
3 days until Albert Einstein's 129th Birthday
Whitelist Question
Posted by JD...@languageworks.com.
I add users to whitelist in the local.cf file "whitelist_from
user@example.com" but they still get tagged as Spam, is there a
altnerative solution.
- Jeremy
Re: Milter (spamassassin): timeout before data read
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Tue, 11 Mar 2008, Sebastian Hoffmann wrote:
> This was why I postet the settings from the sendmail-milter:
>
> "INPUT_MAIL_FILTER(`spamassassin',
> S=local:/var/spamd/spamass-milter.sock,
> F=,T=C:15m;S:4m;R:4m;E:10m')
> INPUT_MAIL_FILTER(`clmilter',
> S=local:/var/run/clamav/clmilter.socket,
> F=,T=S:4m;R:4m´)
> dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter') "
>
> All timeouts here are set in minutes for the milter, not in seconds, or
> even a setting with ":10s". I thought that these were the settings for
> the milter, arent't they?
> Does anybody know where I can increse an value that seemes to be set to
> 10 seconds by default? I don't know where to start...
[snip..]
The timeout parameters in your sendmail .mc/.cf file are for the
communications from sendmail -to- the milter daemon. There is another
conversation that is going on between the milter daemon and spamd.
(IE sendmail passes the message to the milter daemon, the milter daemon
passes it on to spamd, spamd processes the message and replies to the
milter daemon, the milter daemon then reports back to sendmail).
So it looks like your milter daemon has a short (10s) timeout for when
-it- talks to spamd, so if spamd takes more than 10s to process the
message and reply back to the milter daemon, the milter daemon declares
spamd to be non-responding and errors out. (that's an unrealisticly short
timeout).
So you need to look at the configuration of the milter daemon to see how
to change its timeouts. That may be a config option or may be hardcoded
inside the milter.
Which specific milter are you using? Do you have the source code for it?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: Milter (spamassassin): timeout before data read
Posted by Sebastian Hoffmann <se...@pallas-group.de>.
This was why I postet the settings from the sendmail-milter:
"INPUT_MAIL_FILTER(`spamassassin',
S=local:/var/spamd/spamass-milter.sock,
F=,T=C:15m;S:4m;R:4m;E:10m')
INPUT_MAIL_FILTER(`clmilter',
S=local:/var/run/clamav/clmilter.socket,
F=,T=S:4m;R:4m�)
dnl define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin,clmilter') "
All timeouts here are set in minutes for the milter, not in seconds, or
even a setting with ":10s". I thought that these were the settings for
the milter, arent't they?
Does anybody know where I can increse an value that seemes to be set to
10 seconds by default? I don't know where to start...
am 10.03.2008 18:33 schrieb SM:
> At 08:43 10-03-2008, Sebastian Hoffmann wrote:
>> I'm running spamassassin 3.2.4 on suse 10.1 together with sendmail
>> 8.13.8 and clamav 0.92.
>>
>> Severeal times a day messages pass spamassassin without being
>> correctly scanned / redirected. The logfile throws entries like these:
>>
>> [snip]
>>
>> Mar 7 18:33:07 gw sendmail[5882]: m27HX5kl005882:
>> from=<3_...@aerofire.com>, size=3222, class=0, nrcpts=1,
>> msgid=<00...@ludebn>, proto=ESMTP,
>> daemon=MTA, relay=XXX [217.160.129.172]
>> Mar 7 18:33:07 gw spamd[2432]: spamd: connection from localhost
>> [127.0.0.1] at port 38822
>> Mar 7 18:33:07 gw spamd[2432]: spamd: processing message
>> <00...@ludebn> for root:110
>> Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter
>> (spamassassin): timeout before data read
> [snip]
>
>> Have a look at the timestamps. The timeout comes always 10 seconds
>> after the mail comes in an scanning starts. I've not found any entry
>> that seemes to describe this 10sec timeout-limit and how to increese it.
>
> The timeout is from your milter. You may be able to configure timeout
> if the software has such an option.
>
> Regards,
> -sm
>
--
Mit freundlichen Gr��en,
Sebastian Hoffmann
-Pallas Group-
P+O Compact Disc GmbH
IT / Programmierung
Auf dem Esch 8
49356 Diepholz
Tel.: +49 5441 977-180
Fax: +49 5441 977-177
E-Mail: Sebastian.Hoffmann@pallas-group.de
Internet: www.pallas-group.de
Amtsgericht Walsrode HRB 100109
UST.ID.NR.: (VAT.REG.NO.): DE 116579198
Gesch�ftsf�hrer:
Rolf Neumann * Holger Neumann * Rainer Koppermann
P.S.: Wir sind offizieller Lizenzpartner von Toshiba, Philips und MPEG-2.
Re: Milter (spamassassin): timeout before data read
Posted by SM <sm...@resistor.net>.
At 08:43 10-03-2008, Sebastian Hoffmann wrote:
>I'm running spamassassin 3.2.4 on suse 10.1 together with sendmail
>8.13.8 and clamav 0.92.
>
>Severeal times a day messages pass spamassassin without being
>correctly scanned / redirected. The logfile throws entries like these:
>
>[snip]
>
>Mar 7 18:33:07 gw sendmail[5882]: m27HX5kl005882:
>from=<3_...@aerofire.com>, size=3222, class=0, nrcpts=1,
>msgid=<00...@ludebn>, proto=ESMTP,
>daemon=MTA, relay=XXX [217.160.129.172]
>Mar 7 18:33:07 gw spamd[2432]: spamd: connection from localhost
>[127.0.0.1] at port 38822
>Mar 7 18:33:07 gw spamd[2432]: spamd: processing message
><00...@ludebn> for root:110
>Mar 7 18:33:17 gw sendmail[5882]: m27HX5kl005882: Milter
>(spamassassin): timeout before data read
[snip]
>Have a look at the timestamps. The timeout comes always 10 seconds
>after the mail comes in an scanning starts. I've not found any entry
>that seemes to describe this 10sec timeout-limit and how to increese it.
The timeout is from your milter. You may be able to configure
timeout if the software has such an option.
Regards,
-sm