You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by dh...@harrisonburg.k12.va.us on 2010/09/30 19:33:21 UTC
new install
Im testing spamassassin as a replacement for bogofilter. So far I
have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H
-r /var/run/spamd.pid, Im using procmail and have added:
###spamassassin test
:0fw: spamassassin.lock
* < 256000
| spamassassin
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
almost-certainly-spam
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to "probably-spam".
:0:
* ^X-Spam-Status: Yes
/opt/spam/spam
to my procmail script. Looking at the headers on emails coming in I see:
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on
mail.harrisonburg.k12.va.us
X-Spam-Level:
X-Spam-Status: No, score=-0.1 required=6.0 tests=RCVD_IN_BSP_OTHER
autolearn=ham version=3.1.9
I can also see that there is a spamassassin config file getting
created in each users home directory. The setup was way to easy and I
know that I am missing something in order for it to start grabbing
spam. What am I missing in my config file? I did run the sa-update
and it seems to be working also. My goal is to allow each user to
report as spam emails or report as innocent in horde webmail, and
allow them management of their own spam.
thanks,
ddh
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
Re: new install
Posted by Jason Bertoch <ja...@i6ix.com>.
On 9/30/2010 9:09 PM, dhottinger@harrisonburg.k12.va.us wrote:
> So I added our domain to the local.cf file:
> whitelist_from*@harrisonburg.k12.va.us.
Ouch, bad idea, unless this daemon is dedicated to internal mail only,
and even then it's still not a good solution. If you're having issues
that this fixes, you should address the internal_networks and
trusted_networks options.
/Jason
Re: new install
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Fri, 2010-10-01 at 04:27 +0200, Karsten Bräckelmann wrote:
> On Thu, 2010-09-30 at 21:09 -0400, dhottinger@... wrote:
> > [...] I did have some mail going to /opt/spam, however it was
> > internal mail. So I added our domain to the local.cf file:
> > whitelist_from *@harrisonburg.k12.va.us
>
> What Jason said. Do NOT do this. This is the most obvious and often
Since it has come to my attention, the previous sentence might be
mis-leading...
I do not object to what Jason said. In fact, I fully agree with what he
wrote, just felt some additional info might be warranted. "This" in all
above sentences refer to the OPs whitelist_from, the unconstrained
variant that *never* should be used without a really solid reason.
Especially *not* with the recipient's domain.
> abused forgery of a sender. IFF you really need white-listing at all,
> use one of the constrained variants, but not the plain _from one.
>
> Besides, if you even need something like that, your problem usually is
> something else. Like outgoing SMTP equals MX, or scanning outbound mail.
> Both can easily be fixed my using SMTP AUTH.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: new install
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Fri, 2010-10-01 at 08:43 -0400, dhottinger@harrisonburg.k12.va.us
wrote:
>
> Lint test yes. What do you mean you added a space after the _from myself?
Well, this is the relevant quote from your previous post.
> [...] So I added our domain to the local.cf file:
> whitelist_from*@harrisonburg.k12.va.us. Help [...]
See how there's a space missing? As-is, this is incorrect configuration
and will not even pass lint check. That's why I pointed it out.
I massaged that quote of yours in my previous post, to at least be
syntactically correct and inserted that space -- altering your quote.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: new install
Posted by dh...@harrisonburg.k12.va.us.
Lint test yes. What do you mean you added a space after the _from myself?
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
Re: new install
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2010-09-30 at 21:09 -0400, dhottinger@harrisonburg.k12.va.us
wrote:
> Thanks for all the replies. I did run an sa-update. Mail is getting
> scored now. /opt/spam/spam users dont have access to, but that is
> where I always had bogofilter put mail. Not all users at this stage
> have a spam folder in place. The main reason I had an older version
> is I started on this project last year and just got involved in other
> things. I did have some mail going to /opt/spam, however it was
> internal mail. So I added our domain to the local.cf file:
> whitelist_from *@harrisonburg.k12.va.us
What Jason said. Do NOT do this. This is the most obvious and often
abused forgery of a sender. IFF you really need white-listing at all,
use one of the constrained variants, but not the plain _from one.
Besides, if you even need something like that, your problem usually is
something else. Like outgoing SMTP equals MX, or scanning outbound mail.
Both can easily be fixed my using SMTP AUTH.
Note: In the quote above I added a space after the _from myself. If you
do not have that space, your rules do not pass a lint check. You did run
a --lint test, did you?
> Help me with the relative
> path? Users imap mbox in /home/username, would I use /home/*/spam?
This would be a procmail question.
Just drop the leading slash! There, path relative to $MAILDIR. Yeah,
right, you should adjust that remaining leading stuff, too, since I
don't assume you really want an opt/ mail folder for your users. ;)
Also, you must ensure all directories are created, procmail will create
the file, if it doesn't exist yet.
Do not use * in procmail receipts delivery files, unless you know what
you are doing. 'man procmailrc' will be your friend, and understanding
what $MAILDIR is. As would re-reading parts of my previous post.
> Also, is there anyway I can pull in my bogofilter database to
> spamassassin?
Not that I would know of.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: new install
Posted by dh...@harrisonburg.k12.va.us.
Quoting Karsten Bräckelmann <gu...@rudersport.de>:
> With 3.3, absolutely *do* run sa-update. First, then use SA.
>
> Also, from your SA host's domain I can tell you're a school. Plus, since
> this is (was) an *old* installation, I wonder if you had used SA before,
> though not filtered on it.
>
> Point being, if you did, you might have hit some DNSBL free service
> usage limits. Which also could happen just as well, if you are using the
> same (forwarder) DNS server as other schools. If so, you likely want
> your own, local caching (non-forwarding) DNS server.
>
>
>> I can also see that there is a spamassassin config file getting
>> created in each users home directory. The setup was way to easy and I
>> know that I am missing something in order for it to start grabbing
>> spam. What am I missing in my config file? I did run the sa-update
>> and it seems to be working also. My goal is to allow each user to
>> report as spam emails or report as innocent in horde webmail, and
>> allow them management of their own spam.
>
> Then you absolutely MUST NOT use absolute paths in your procmail
> delivery recipes. But relative ones.
>
>
> --
> char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
> (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
>
Thanks for all the replies. I did run an sa-update. Mail is getting
scored now. /opt/spam/spam users dont have access to, but that is
where I always had bogofilter put mail. Not all users at this stage
have a spam folder in place. The main reason I had an older version
is I started on this project last year and just got involved in other
things. I did have some mail going to /opt/spam, however it was
internal mail. So I added our domain to the local.cf file:
whitelist_from*@harrisonburg.k12.va.us. Help me with the relative
path? Users imap mbox in /home/username, would I use /home/*/spam?
Also, is there anyway I can pull in my bogofilter database to
spamassassin?
thanks,
ddh
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
Re: new install
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Thu, 2010-09-30 at 13:33 -0400, dhottinger@harrisonburg.k12.va.us
wrote:
> Im testing spamassassin as a replacement for bogofilter. So far I
> have it installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H
> -r /var/run/spamd.pid, Im using procmail and have added:
> ###spamassassin test
> :0fw: spamassassin.lock
> * < 256000
Default in recent versions is 512000 [byte].
> | spamassassin
This seriously should be spamc, but you corrected this already after
John pointed it out.
> :0:
> * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
> almost-certainly-spam
This is relative to each user's $MAILDIR.
> :0:
> * ^X-Spam-Status: Yes
> /opt/spam/spam
This is not. And appears to be horribly broken. (Users don't have write
access there, I hope. Procmail will deliver it to Inbox then, or
whatever matches next.)
> to my procmail script. Looking at the headers on emails coming in I see:
>
> X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on mail.harrisonburg.k12.va.us
3.1.x is ancient. Someone please change the Subject, this is not
"new". ;) OK, you fixed that already, too.
> X-Spam-Level:
> X-Spam-Status: No, score=-0.1 required=6.0 tests=RCVD_IN_BSP_OTHER autolearn=ham version=3.1.9
Same as with your other sample headers, where John wondered why nothing
else triggers. Important steps:
With 3.3, absolutely *do* run sa-update. First, then use SA.
Also, from your SA host's domain I can tell you're a school. Plus, since
this is (was) an *old* installation, I wonder if you had used SA before,
though not filtered on it.
Point being, if you did, you might have hit some DNSBL free service
usage limits. Which also could happen just as well, if you are using the
same (forwarder) DNS server as other schools. If so, you likely want
your own, local caching (non-forwarding) DNS server.
> I can also see that there is a spamassassin config file getting
> created in each users home directory. The setup was way to easy and I
> know that I am missing something in order for it to start grabbing
> spam. What am I missing in my config file? I did run the sa-update
> and it seems to be working also. My goal is to allow each user to
> report as spam emails or report as innocent in horde webmail, and
> allow them management of their own spam.
Then you absolutely MUST NOT use absolute paths in your procmail
delivery recipes. But relative ones.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: new install
Posted by Michael Scheidell <mi...@secnap.com>.
On 9/30/10 1:33 PM, dhottinger@harrisonburg.k12.va.us wrote:
> X-Spam-Status: No, score=-0.1 required=6.0 tests=RCVD_IN_BSP_OTHER
> autolearn=ham version=3.1.9
Lets start off with a current version of sa first. then you can get
current sa-updates.
3.1.9 is terribly old, rules are old,
go to spamassassin's web site to see current version.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: new install
Posted by John Hardin <jh...@impsec.org>.
On Thu, 30 Sep 2010, dhottinger@harrisonburg.k12.va.us wrote:
> Thanks for the info. I was using the older version because this is a project
> that I started sometime ago and just got back to. I downloaded the latest
> version and built it out. Now I have the following in my headers:
>
> X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
> mail.harrisonburg.k12.va.us
> X-Spam-Level:
> X-Spam-Status: No, score=0.0 required=6.0 tests=FREEMAIL_FROM
> autolearn=unavailable version=3.3.1
>
>
> My local.cf Shows:
> bayes_path /opt/spamassassin/bayes
> bayes_file_mode 0666
> auto_whitelist_path /opt/spamassassin/auto-whitelist
> bayes_expiry_max_db_size 600000
>
> I changed the portion of my procmail script to reflect spamc. Im
> reading through the link you sent. Im not seeing any scores on emails
> yet. Is my procmail recipe still not correct?
Messages are hitting SA and getting processed, or you wouldn't see the
X-Spam-* headers. Procmail isn't the problem. I'm surprised that the only
rule that hit above was FREEMAIL_FROM...
You did run sa-update, did you not?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #4: If your shooting stance is good,
you're probably not moving fast enough nor using cover correctly.
-----------------------------------------------------------------------
78 days until TRON Legacy
Re: new install
Posted by dh...@harrisonburg.k12.va.us.
Quoting John Hardin <jh...@impsec.org>:
> On Thu, 30 Sep 2010, dhottinger@harrisonburg.k12.va.us wrote:
>
>> Im testing spamassassin as a replacement for bogofilter. So far I
>> have it installed, and am calling it with: /usr/bin/spamd -d -c -m5
>> -H -r /var/run/spamd.pid, Im using procmail and have added:
>> ###spamassassin test
>> : 0fw: spamassassin.lock
>> * < 256000
>> | spamassassin
>
> That should be spamc, not spamassassin.
>
>> What am I missing in my config file? I did run the sa-update and
>> it seems to be working also. My goal is to allow each user to
>> report as spam emails or report as innocent in horde webmail, and
>> allow them management of their own spam.
>
> Take a look at the sample procmail recipes and user learning scripts
> under http://www.impsec.org/~jhardin/antispam/
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> Think Microsoft cares about your needs at all?
> "A company wanted to hold off on upgrading Microsoft Office for a
> year in order to do other projects. So Microsoft gave a 'free' copy
> of the new Office to the CEO -- a copy that of course generated
> errors for anyone else in the firm reading his documents. The CEO
> got tired of getting the 'please re-send in XX format' so he
> ordered other projects put on hold and the Office upgrade to be top
> priority." -- Cringely, 4/8/2004
> -----------------------------------------------------------------------
> 78 days until TRON Legacy
Thanks for the info. I was using the older version because this is a
project that I started sometime ago and just got back to. I
downloaded the latest version and built it out. Now I have the
following in my headers:
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
mail.harrisonburg.k12.va.us
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=6.0 tests=FREEMAIL_FROM
autolearn=unavailable version=3.3.1
My local.cf Shows:
bayes_path /opt/spamassassin/bayes
bayes_file_mode 0666
auto_whitelist_path /opt/spamassassin/auto-whitelist
bayes_expiry_max_db_size 600000
I changed the portion of my procmail script to reflect spamc. Im
reading through the link you sent. Im not seeing any scores on emails
yet. Is my procmail recipe still not correct?
--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
"Everything should be made as simple as possible, but not simpler."
-- Albert Einstein
"The hottest places in Hell are reserved for those who, in times of moral
crisis, preserved their neutrality."
-- Dante
Re: new install
Posted by John Hardin <jh...@impsec.org>.
On Thu, 30 Sep 2010, dhottinger@harrisonburg.k12.va.us wrote:
> Im testing spamassassin as a replacement for bogofilter. So far I have it
> installed, and am calling it with: /usr/bin/spamd -d -c -m5 -H -r
> /var/run/spamd.pid, Im using procmail and have added:
> ###spamassassin test
> : 0fw: spamassassin.lock
> * < 256000
> | spamassassin
That should be spamc, not spamassassin.
> What am I missing in my config file? I did run the sa-update and it
> seems to be working also. My goal is to allow each user to report as
> spam emails or report as innocent in horde webmail, and allow them
> management of their own spam.
Take a look at the sample procmail recipes and user learning scripts under
http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Think Microsoft cares about your needs at all?
"A company wanted to hold off on upgrading Microsoft Office for a
year in order to do other projects. So Microsoft gave a 'free' copy
of the new Office to the CEO -- a copy that of course generated
errors for anyone else in the firm reading his documents. The CEO
got tired of getting the 'please re-send in XX format' so he
ordered other projects put on hold and the Office upgrade to be top
priority." -- Cringely, 4/8/2004
-----------------------------------------------------------------------
78 days until TRON Legacy