From nomad at null.net Thu Oct 4 01:10:51 2007 From: nomad at null.net (Mark Lawrence) Date: Thu, 4 Oct 2007 10:10:51 +0200 Subject: [SA-exim] [ANNOUNCE] MySpam - Manage your quarantined SPAM Message-ID: <20071004081051.GC8901@lifebook.rekudos.net> Have you been wondering what to do with that ever growing collection of files building up in /var/spool/sa-exim/SApermreject/new? Does SpamAssassin occasionally generate a false positive that you need to recover? Then perhaps MySpam is for you. I've built an application that stores sa-exim quarantined mails in a database, and lets users query that database to list or recover mails. There is both an email interface to the database and a command-line interface. I've attached an example email response (that comes in both text/plain and text/html parts) to the 'list' command. MySpam is written entirely in Perl and runs efficiently on my personal server with an SQLite backend. It is also running on three SMTP gateways supporting over 25,000 addresses with a single MySQL backend. Most likely it also works with PostgreSQL but that hasn't been tested. All modules and scripts are fully documented and licensed under the GPL. You can obtain/install MySpam manually from CPAN: $ wget http://search.cpan.org/CPAN/authors/id/M/ML/MLAWREN/MySpam-0.05.tar.gz $ tar zxf MySpam-0.05.tar.gz $ cd MySpam-0.05 $ perl Makefile.PL $ make install Automatically install MySpam from CPAN $ sudo perl -MCPAN -e 'install MySpam' Or if you run a Debian derivative you can add 'deb http://rekudos.net stable main' to /etc/apt/sources.list and run: $ sudo apt-get update $ sudo apt-get install myspam The first two options will probably need some post-installation effort for cron(8) files, permissions and/or exim integration. Once things are installed you can send a mail to myspam at your.domain with the subject 'help', or jump right in with the myspam(1) manpage. I welcome any feedback, comments and/or installation stories. Patches for bugs or RPM packaging will also get your name in the credits :-) Regards, Mark. -- Mark Lawrence -------------- next part -------------- MySpam for root at rekudos.net The following mail is held in quarantine: Date: 2007-10-02 19:23 From: =?koi8-r?B?4czFy9PBzsTS?= Subject: =?koi8-r?B?9M/Sx8/XwdEgzcHSy8EgliDQz9TSxcLJ1MXM2Dogy8zA3sXX2cUg3A==?= =?koi8-r?B?1MHQ2SDQ0s/E18nWxc7J0Q==?= ID: 3061 To release send mailto:myspam at localhost?subject=Release:3061 Date: 2007-10-02 20:29 From: "Mr. Alexander Borsala" Subject: THIS IS FOR YOUR ATTENTION. ID: 3062 To release send mailto:myspam at localhost?subject=Release:3062 Date: 2007-10-02 21:52 From: "Peter Egwu" Subject: Your urgent response needed ID: 3063 To release send mailto:myspam at localhost?subject=Release:3063 Date: 2007-10-02 21:57 From: =?koi8-r?B?7sHMz8cuINDMwc4=?= Subject: =?koi8-r?B?99kgy8HLINLB2iDJ08vBzMkg3NTP1CDTxc3JzsHS?= ID: 3064 To release send mailto:myspam at localhost?subject=Release:3064 Date: 2007-10-03 00:09 From: abdul aheed Subject: VERY URGENT AND CONFIDENCIAL ID: 3065 To release send mailto:myspam at localhost?subject=Release:3065 Date: 2007-10-03 02:53 From: "Chad Lugo" Subject: Microsoft Windows Vista Business, collapsible ID: 3066 To release send mailto:myspam at localhost?subject=Release:3066 Date: 2007-10-03 03:16 From: "PayPal" Subject: Notification from Billing Departament ID: 3067 To release send mailto:myspam at localhost?subject=Release:3067 Date: 2007-10-03 05:22 From: "Muriel K. Figueroa" Subject: have ShortDick? Safe, effective and 100% natural way to add 1-4 inches m071rp16bb ID: 3068 To release send mailto:myspam at localhost?subject=Release:3068 Date: 2007-10-03 05:39 From: St. George Online Subject: Your Account Is Blocked ID: 3069 To release send mailto:myspam at localhost?subject=Release:3069 Date: 2007-10-03 05:57 From: "EMMANUEL ABALO" Subject: Lets partner to pull this through ID: 3070 To release send mailto:myspam at localhost?subject=Release:3070 Date: 2007-10-03 08:46 From: "MR. WILLIAM R. HOWELL" Subject: OPPORTUNITY FROM EXXONMOBIL LONDON ID: 3071 To release send mailto:myspam at localhost?subject=Release:3071 Date: 2007-10-03 11:04 From: "claude guillette" Subject: claude guillette ID: 3072 To release send mailto:myspam at localhost?subject=Release:3072 Date: 2007-10-03 11:34 From: "Senator Jubril Aminu" Subject: Sent 3rd October 2007 ID: 3073 To release send mailto:myspam at localhost?subject=Release:3073 Date: 2007-10-03 12:28 From: =?koi8-r?B?6fPvIDkwMDE6MjAwMA==?= Subject: =?koi8-r?B?UmU6IOTPy9XNxc7UydLP18HOycUg8+3rINDPIElTTyA5MDAxOjIwMA==?= =?koi8-r?B?MA==?= ID: 3074 To release send mailto:myspam at localhost?subject=Release:3074 Date: 2007-10-03 12:44 From: Royal Heritage Mega Jackpot Lottery Subject: LICENSED. ONLINE BALLOT LOTTERY ID: 3075 To release send mailto:myspam at localhost?subject=Release:3075 Date: 2007-10-03 12:49 From: deco kelvin Subject: Mr Deco Kelvin ID: 3076 To release send mailto:myspam at localhost?subject=Release:3076 Date: 2007-10-03 14:04 From: INFOBOX80 at aol.in Subject: CONGRATULASTION,YOU HAVE WON A LOTTERY ID: 3077 To release send mailto:myspam at localhost?subject=Release:3077 Date: 2007-10-03 16:12 From: HALIMA AHMED Subject: PLS BE OUR GUADIAN FROM HALIMA,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ID: 3078 To release send mailto:myspam at localhost?subject=Release:3078 Date: 2007-10-03 19:06 From: MySpam Subject: Re: list ID: 3079 To release send mailto:myspam at localhost?subject=Release:3079 Date: 2007-10-03 19:06 From: MAILER-DAEMON at spf16.us4.outblaze.com (Mail Delivery System) Subject: Undelivered Mail Returned to Sender ID: 3080 To release send mailto:myspam at localhost?subject=Release:3080 Some mail clients (particularly Blackberries, and certain WebMail applications) will not generate the correct email when you click on the release link. In this situation simply copy the 'Release:12345678910' text into the clipboard. Then compose a new email using your mail client to myspam at localhost and paste the Release:12345678910' text (without the quotes) into the subject field. Current Whitelist None Subscription Status None If you have questions about this mail recovery mechanism please contact your local IT support or postmaster at localhost Response generated in 0.148 seconds -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.merlins.org/archives/sa-exim/attachments/20071004/bfbf762b/attachment-0001.html From michael at heiming.de Fri Oct 5 04:20:24 2007 From: michael at heiming.de (Michael Heiming) Date: Fri, 05 Oct 2007 13:20:24 +0200 Subject: [SA-exim] user_prefs overruled by high scores? Message-ID: <47061DF8.9080103@heiming.de> Hi all! It seems SA user_prefs aren't applied concerning whitelist_from, if the score is above the one configured in exim.conf (domain depended). Mails with scores below will be taken into account from user_prefs. Despite whitelist_from inside an include file sourced from SA local.cf is used in any case, no matter about the score. Is there any workaround for this problem? The nice thing about user_prefs is that it doesn't require SA restart, which eases up automatically filling. No completely sure if this is sa-exim related or not? Best regards Michael Heiming -- From rraffaelli at adaconsulting.net Tue Oct 9 04:21:46 2007 From: rraffaelli at adaconsulting.net (Riccardo Raffaelli) Date: Tue, 9 Oct 2007 13:21:46 +0200 Subject: [SA-exim] Double sa-exim check? Message-ID: Hi to all. I'm new in sa-exim intergration, and I googled to find a response to my question without success. Let me explain: I have an exim4 server with sa-exim configured that is checking well emails, but in some case i look in the log this: 2007-10-09 13:00:34 no IP address found for host 137-96-177-194.serverdedicati.yyy.xxx (during SMTP connection from [194.177.yyy.xxx]) 2007-10-09 13:00:36 1IfEhO-0008Fb-Ql SA: Action: scanned but message isn't spam: score=-2.6 required=5.0 (scanned in 2/2 secs | Message-Id: !_!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJM3h 7kBAAAAAA==@adaconsulting.xxx). From (host=NULL [194.177.96.137]) for gorlando at yyy.xxx 2007-10-09 13:00:36 1IfEhO-0008Fb-Ql <= rraffaelli at adaconsulting.xxx H=(vps.adaconsulting.xxx) [194.177.96.xxx] P=esmtp S=2810 id=!&!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJ M3h7kBAAAAAA==@adaconsulting.xxx 2007-10-09 13:00:38 1IfEhR-0008Fp-7m SA: Action: scanned but message isn't spam: score=-2.6 required=5.0 (scanned in 1/1 secs | Message-Id: !_!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJM3h 7kBAAAAAA==@adaconsulting.xxx). From (host=localhost [127.0.0.1]) for gorlando at yyy.xxx 2007-10-09 13:00:38 1IfEhR-0008Fp-7m <= rraffaelli at adaconsulting.xxx H=localhost [127.0.0.1] P=esmtp S=3307 id=!&!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJ M3h7kBAAAAAA==@adaconsulting.xxx 2007-10-09 13:00:38 1IfEhO-0008Fb-Ql => gorlando at yyy.xxx R=amavis_router T=amavis_smtp H=localhost [127.0.0.1] 2007-10-09 13:00:38 1IfEhO-0008Fb-Ql Completed 2007-10-09 13:00:39 1IfEhR-0008Fp-7m => gorlando at yyy.xxx R=hubbed_hosts T=remote_smtp H=10.4.2.9 [10.0.0.1] 2007-10-09 13:00:39 1IfEhR-0008Fp-7m Completed It's normal that I get 2 time the " SA: Action: scanned but message isn't spam" message? On the second connection (the one from itself) the server shouldn't pass without scan the same email? Riccardo. From marc at merlins.org Tue Oct 9 23:56:24 2007 From: marc at merlins.org (Marc MERLIN) Date: Tue, 9 Oct 2007 23:56:24 -0700 Subject: [SA-exim] Double sa-exim check? In-Reply-To: References: Message-ID: <20071010065624.GA14900@merlins.org> On Tue, Oct 09, 2007 at 01:21:46PM +0200, Riccardo Raffaelli wrote: > Hi to all. > I'm new in sa-exim intergration, and I googled to find a response to my > question without success. > > Let me explain: > > I have an exim4 server with sa-exim configured that is checking well emails, > but in some case i look in the log this: > > 2007-10-09 13:00:34 no IP address found for host > 137-96-177-194.serverdedicati.yyy.xxx (during SMTP connection from > [194.177.yyy.xxx]) > 2007-10-09 13:00:36 1IfEhO-0008Fb-Ql SA: Action: scanned but message isn't > spam: score=-2.6 required=5.0 (scanned in 2/2 secs | Message-Id: > !_!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJM3h > 7kBAAAAAA==@adaconsulting.xxx). From > (host=NULL [194.177.96.137]) for gorlando at yyy.xxx > 2007-10-09 13:00:36 1IfEhO-0008Fb-Ql <= rraffaelli at adaconsulting.xxx > H=(vps.adaconsulting.xxx) [194.177.96.xxx] P=esmtp S=2810 > id=!&!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJ > M3h7kBAAAAAA==@adaconsulting.xxx > 2007-10-09 13:00:38 1IfEhR-0008Fp-7m SA: Action: scanned but message isn't > spam: score=-2.6 required=5.0 (scanned in 1/1 secs | Message-Id: > !_!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJM3h > 7kBAAAAAA==@adaconsulting.xxx). From > (host=localhost [127.0.0.1]) for gorlando at yyy.xxx > 2007-10-09 13:00:38 1IfEhR-0008Fp-7m <= rraffaelli at adaconsulting.xxx > H=localhost [127.0.0.1] P=esmtp S=3307 > id=!&!AAAAAAAAAAAYAAAAAAAAAE2ruGaQ4cJKsoWp4t1zhHnCgAAAEAAAALpi6O5k3UFPv2xPYJ > M3h7kBAAAAAA==@adaconsulting.xxx > 2007-10-09 13:00:38 1IfEhO-0008Fb-Ql => gorlando at yyy.xxx R=amavis_router > T=amavis_smtp H=localhost [127.0.0.1] > 2007-10-09 13:00:38 1IfEhO-0008Fb-Ql Completed > 2007-10-09 13:00:39 1IfEhR-0008Fp-7m => gorlando at yyy.xxx R=hubbed_hosts > T=remote_smtp H=10.4.2.9 [10.0.0.1] > 2007-10-09 13:00:39 1IfEhR-0008Fp-7m Completed > > It's normal that I get 2 time the " SA: Action: scanned but message isn't > spam" message? Well, it looks like the message comes in twice in your exim config, with two different message-Ids. > On the second connection (the one from itself) the server shouldn't pass > without scan the same email? Without seeing your exim.conf, it's hard to say (and quite frankly, I'm hazy on them anyway now that mine has been working and left untouched for years), but my guess is that your amavis config is what splits the mail and refeeds it to you, not sa-exim: > 2007-10-09 13:00:38 1IfEhO-0008Fb-Ql => gorlando at yyy.xxx R=amavis_router > T=amavis_smtp H=localhost [127.0.0.1] > 2007-10-09 13:00:39 1IfEhR-0008Fp-7m => gorlando at yyy.xxx R=hubbed_hosts > T=remote_smtp H=10.4.2.9 [10.0.0.1] amavis seems to accept the mail and then send it to exim local. sa-exim in its default config will run in both cases. If your config is meant to run exim twice per Email, you could configure sa-exim to recognize the second call and not re-scan stuff that's already been scanned when it came from the outside the first time. If you can't figure it out, you could disable sa-exim for now, see that your mails still get processed twice, and ask for further help on the exim-users list to sort it out. Once you have what you need, you can turn sa-exim back on (just so that you get to deal with one thing at a time) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/