efa-project.org

Quick question: Are you using the ole2macro.pm spamassassin module?

I think that may be where the perl-File-BaseDir module came from.

Also, how do you know it is working?

I assume I need to install additional perl modules to get senderbase to work correctly with spamassassin?

What changes did you make?

That's not a bad idea. I think it'd be unlikely that spam has a low spam score and a valid dkim + spf.

Sorry, I have no idea, but what I am going to do is to remove those packages and see if my error goes away.

If the error does go away, I will try to find out why that package was installed in the first place.

Weird.

Why did you remove perl-File-BaseDir?

looks interesting.

has anyone else used this before?

Alternatively, we could write your example as either of these two: #header REPLY_KE_INREPLYTO In-Reply-To =~ /\@domain[1-3].tld/i #header REPLY_KE_INREPLYTO In-Reply-To =~ /\@(domain1.tld|domain2.tld|domain3.tld)/i More information about writing spamassassin rules and using perl regular expressions ...

Good question. Answer? No idea. However, we can look to the existing spamassassin tests to see if we can find a workable example for you to start with and from what I can see, they do something like the following: header __MY_DOMAIN_1 In-Reply-To =~ /\@domain1.tld/i header __MY_DOMAIN_2 In-Reply-To ...

So, sending a DKIM signed message into my system results in the following spam score DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10 for a total score change of -0.1 The descriptions are describe DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid describe DKIM_VALID Messag...

yep. you're right. the information is not there. I have one mail gateway with three public ip addresses, but that information of the receiving ip address is not recorded in the headers, only the information defined in the postfix configuration files (myhostname). So, to make what you want to do work...

As far as I know, spamassassin only supports regular expressions and does not support includes. So, you'll have to create a chain of "or" conditions to test the domains, or create a rule for each tested domain.

No. A valid DKIM header doesn't mean spam or not spam, it is just an additional weighting factor used by spamassassin to determine the legitimacy of the message. Using it allows other mail systems to trust the message more, so messages sent on your behalf by other providers without DKIM will be cons...

If you can describe in words what makes these messages spammy, then you can adjust your spamassassin rules or weightings to match your description. You said that BAYES thinks it spam, even though it is from gmail, thus I suggested giving the BAYES_xx values of interest to you a greater weight. If yo...

I wouldn't want to do this myself, as having higher value MX records is important and necessary, especially if you do have multiple mail servers accepting your incoming mail, or a backup mail host. However, if you wish to do this, it shouldn't be hard to set a rule to check for the domain. I'm not a...

You might want to adjust the BAYES_XX scores upwards to get the result you want.

Ha! I bet you say that to all the spam filters.

Yes, I'm using the defaults. The domain has existed for a long time and attracts a lot of junk. More than 3/4's of the delivery attempts are rejected outright by the mta, and of the remaining, 30% is still junk.

Well, since we're comparing the size of our mountains, here's mine. I'm sure one of you guys has an even bigger one that you're just dying to show off.

/etc/MailScanner/MailScanner.conf 2227 # This replaces the SpamAssassin configuration value 'required_hits'. 2228 # If a message achieves a SpamAssassin score higher than this value, 2229 # it is spam. See also the High SpamAssassin Score configuration option. 2230 # This can also be the filename of...

If you're interested in playing with SQL, you can run a query to list which messages were affected by certain rules. Of course, you may want to process the results further to make it a little more readable. select timestamp, id, from_address, to_address, subject isspam, ishighspam, issaspam, sascore...

The best place to put that is in the local.cf. That way it won't be overwritten during an upgrade, and you know that these entries will be loaded last.

There is a report that'll show you the spam assassin rule hits and the spam/non spam scoring.

Sorry, not at a computer so cannot tell you exactly where. Look under reports or tools and you'll find it.

I believe so. /etc/MailScanner/filename.rules.conf has the following line which suggests it is blocked by default. deny \.lnk$ Possible Eudora *.lnk security hole attack Eudora *.lnk security hole attack But rather than guess, send yourself a text file with the extension .lnk and see what happens. I...

Yes, Denyhosts is under active development again

http://denyhost.sourceforge.net/news.php

Consider implementing Denyhosts or fail2ban

I've used denyhosts for many years, but developement stopped at one point. It looks like someone is continuing the work again so fingers crossed.