From mrkafk at gmail.com Mon Dec 1 03:53:30 2008 From: mrkafk at gmail.com (Marcin Krol) Date: Mon, 01 Dec 2008 12:53:30 +0100 Subject: [SA-exim] greylisting In-Reply-To: <20081126162010.GA20946@merlins.org> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> <492BDBC4.9070403@gmail.com> <20081126162010.GA20946@merlins.org> Message-ID: <4933D03A.60304@gmail.com> (shortened this a bit due to mailing list 40KB limit) > Ok, I apologize for my brain not working too well. I can't think of what may > not be working too well right now, but you can do this to debug and know for > sure what on earth is happening: > spamassassin -t -D < /tmp/message > (pick a message that relates to undefined vars error in the exim logs) What's strange is that now all of a sudden temp rejecting stopped working. Anyway, here's output, there's a lot of it: [1885] dbg: logger: adding facilities: all [1885] dbg: logger: logging level is DBG [1885] dbg: generic: SpamAssassin version 3.2.3 [1885] dbg: config: score set 0 chosen. [1885] dbg: util: running in taint mode? yes [1885] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [1885] dbg: util: PATH included '/usr/local/sbin', keeping [1885] dbg: util: PATH included '/usr/local/bin', keeping [1885] dbg: util: PATH included '/usr/sbin', keeping [1885] dbg: util: PATH included '/usr/bin', keeping [1885] dbg: util: PATH included '/sbin', keeping [1885] dbg: util: PATH included '/bin', keeping [1885] dbg: util: PATH included '.', which is not absolute, dropping [1885] dbg: util: PATH included [...] [1885] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [1885] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [1885] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [1885] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [1885] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [1885] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf [1885] dbg: config: read file /usr/share/spamassassin/72_active.cf [...] [1885] dbg: config: using "/etc/spamassassin" for site rules dir [1885] dbg: config: read file /etc/spamassassin/65_debian.cf [1885] dbg: config: read file /etc/spamassassin/Botnet.cf [1885] dbg: config: read file /etc/spamassassin/local.cf [1885] dbg: config: using "/root/.spamassassin" for user state dir [1885] dbg: config: using "/root/.spamassassin/user_prefs" for user prefs file [1885] dbg: config: read file /root/.spamassassin/user_prefs [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from /etc/spamassassin/Botnet.pm [1885] dbg: Botnet: version 0.8 [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [1885] dbg: pyzor: network tests on, attempting Pyzor [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [1885] dbg: razor2: razor2 is not available [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [1885] dbg: reporter: network tests on, attempting SpamCop [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC [1885] dbg: config: fixed relative path: /etc/spamassassin/Botnet.pm [1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from /etc/spamassassin/Botnet.pm [1885] dbg: Botnet: version 0.8 [...] [1885] dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords [1885] dbg: plugin: loading Greylisting from /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm [1885] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA [1885] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E [1885] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E __MO_OL_F3B05 [1885] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340 __XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF __XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01 [1885] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA [1885] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates: HS_SUBJ_NEW_SOFTWARE [1885] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI [1885] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A [1885] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1 __MO_OL_CF0C0 [1885] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15 KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6 [1885] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C __XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1 __XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8 [1885] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB [1885] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240 __MO_OL_ADFF7 [1885] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6 [1885] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB __MO_OL_7533E [1885] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40 [1885] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI [1885] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068 __XM_OL_EF20B [1885] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E [1885] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33 [1885] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8 [1885] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01 [1885] dbg: conf: finish parsing [1885] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90df96c) implements 'finish_parsing_end', priority 0 [1885] dbg: replacetags: replacing tags [1885] dbg: replacetags: done replacing tags [1885] dbg: config: using "/root/.spamassassin" for user state dir [1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [1885] dbg: bayes: found bayes db version 3 [1885] dbg: bayes: DB journal sync: last sync: 0 [1885] dbg: config: using "/root/.spamassassin" for user state dir [1885] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 [1885] dbg: bayes: untie-ing [1885] dbg: config: score set 1 chosen. [1885] dbg: message: main message type: text/plain [1885] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x9175620) implements 'check_start', priority 0 [1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks [1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen [1885] dbg: bayes: found bayes db version 3 [1885] dbg: bayes: DB journal sync: last sync: 0 [1885] dbg: bayes: not available for scanning, only 1 spam(s) in bayes DB < 200 [1885] dbg: bayes: untie-ing [1885] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x912ac00) implements 'check_main', priority 0 [1885] dbg: conf: internal_networks not configured, using trusted_networks configuration for internal_networks; if you really want internal_networks to only contain the required 127/8 add 'internal_networks !0/0' to your configuration [1885] dbg: received-header: parsed as [ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ] [1885] dbg: received-header: relay 87.204.147.140 trusted? no internal? no msa? no [1885] dbg: metadata: X-Spam-Relays-Trusted: [1885] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ] [1885] dbg: metadata: X-Spam-Relays-Internal: [1885] dbg: metadata: X-Spam-Relays-External: [ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ] [1885] dbg: message: ---- MIME PARSER START ---- [1885] dbg: message: parsing normal part [1885] dbg: message: ---- MIME PARSER END ---- [1885] dbg: message: no encoding detected [1885] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cfe938) implements 'parsed_metadata', priority 0 [1885] dbg: dns: is_dns_available() last checked 1227892224 seconds ago; re-checking [1885] dbg: dns: name server: 192.168.50.1, LocalAddr: 0.0.0.0 [1885] dbg: dns: testing resolver nameservers: 192.168.50.1 [1885] dbg: dns: trying (3) intel.com... [1885] dbg: dns: looking up NS for 'intel.com' [1885] dbg: dns: NS lookup of intel.com using 192.168.50.1 succeeded => DNS available (set dns_available to override) [1885] dbg: dns: is DNS available? 1 [1885] dbg: uridnsbl: domains to query: [1885] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: [1885] dbg: dns: checking RBL combined.njabl.org., set njabl [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.combined.njabl.org. in background [1885] dbg: dns: checking RBL bl.spamcop.net., set spamcop [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS TXT query for 140.147.204.87.bl.spamcop.net. in background [1885] dbg: dns: _check_rbl_addresses RBL blackhole.securitysage.com., set securitysage [1885] dbg: dns: launching DNS A query for trashmail.net.blackhole.securitysage.com. in background [1885] dbg: dns: _check_rbl_addresses RBL rhsbl.ahbl.org., set ahbl [1885] dbg: dns: launching DNS A query for trashmail.net.rhsbl.ahbl.org. in background [1885] dbg: dns: checking RBL dob.sibl.support-intelligence.net., set dob [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.dob.sibl.support-intelligence.net. in background [1885] dbg: dns: checking A and MX for host trashmail.net [1885] dbg: dns: launching DNS A query for trashmail.net in background [1885] dbg: dns: launching DNS MX query for trashmail.net in background [1885] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.zen.spamhaus.org. in background [1885] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.dnsbl.sorbs.net. in background [1885] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: _check_rbl_addresses RBL dob.sibl.support-intelligence.net., set dob [1885] dbg: dns: launching DNS A query for trashmail.net.dob.sibl.support-intelligence.net. in background [1885] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.list.dnswl.org. in background [1885] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.sa-accredit.habeas.com. in background [1885] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.combined-HIB.dnsiplists.completewhois.com. in background [1885] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS TXT query for 140.147.204.87.list.dsbl.org. in background [1885] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS TXT query for 140.147.204.87.sa-trusted.bondedsender.org. in background [1885] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: checking RBL zen.spamhaus.org., set zen [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: _check_rbl_addresses RBL bl.open-whois.org., set openwhois [1885] dbg: dns: launching DNS A query for trashmail.net.bl.open-whois.org. in background [1885] dbg: dns: _check_rbl_addresses RBL fulldom.rfc-ignorant.org., set rfci_envfrom [1885] dbg: dns: launching DNS A query for trashmail.net.fulldom.rfc-ignorant.org. in background [1885] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted: 87.204.147.140 originating: [1885] dbg: dns: only inspecting the following IPs: 87.204.147.140 [1885] dbg: dns: launching DNS A query for 140.147.204.87.iadb.isipp.com. in background [1885] dbg: check: running tests for priority: -1000 [1885] dbg: rules: running head tests; score so far=0 [1885] dbg: rules: compiled head tests [1885] dbg: eval: all '*From' addrs: vriycavv at trashmail.net [1885] dbg: eval: all '*To' addrs: mark at btw2.pl [1885] dbg: rules: running body tests; score so far=0 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=0 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=0 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=0 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=0 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: -950 [1885] dbg: rules: running head tests; score so far=0 [1885] dbg: rules: compiled head tests [1885] dbg: rules: running body tests; score so far=0 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=0 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=0 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=0 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=0 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: -900 [1885] dbg: rules: running head tests; score so far=0 [1885] dbg: rules: compiled head tests [1885] dbg: rules: running body tests; score so far=0 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=0 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=0 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=0 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=0 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: -400 [1885] dbg: rules: running head tests; score so far=0 [1885] dbg: rules: compiled head tests [1885] dbg: rules: running body tests; score so far=0 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=0 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=0 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=0 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=0 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: 0 [1885] dbg: rules: running head tests; score so far=0 [1885] dbg: rules: compiled head tests [1885] dbg: rules: ran header rule MISSING_MID ======> got hit: "UNSET" [1885] dbg: rules: ran header rule __LAST_UNTRUSTED_RELAY_NO_AUTH ======> got hit: "[ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= " [1885] dbg: rules: ran header rule __BOTNET_NOTRUST ======> got hit: "negative match" [1885] dbg: rules: ran header rule __DOS_SINGLE_EXT_RELAY ======> got hit: "[ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ]" [1885] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET" [1885] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f" [1885] dbg: rules: ran header rule __DOS_RCVD_MON ======> got hit: " Mon, " [1885] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET" [1885] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "*" [1885] dbg: spf: checking to see if the message has a Received-SPF header that we can use [1885] dbg: spf: cannot load Mail::SPF module or create Mail::SPF::Server object: Can't locate Mail/SPF.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm line 390. [1885] dbg: spf: attempting to use legacy Mail::SPF::Query module instead [1885] dbg: spf: cannot load Mail::SPF::Query module: Can't locate Mail/SPF/Query.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at /usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm line 414. [1885] dbg: spf: one of Mail::SPF or Mail::SPF::Query is required for SPF checks, SPF checks disabled [1885] dbg: Botnet: checking BADDNS [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: BADDNS miss [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: Botnet: checking CLIENTWORDS [1885] dbg: Botnet: client words regexp is((\b|\d).*dsl.*(\b|\d))|((\b|\d)cable(\b|\d))|((\b|\d)catv(\b|\d))|((\b|\d)ddns(\b|\d))|((\b|\d)dhcp(\b|\d))|((\b|\d)dial(-?up)?(\b|\d))|((\b|\d)dip(\b|\d))|((\b|\d)docsis(\b|\d))|((\b|\d)dyn(amic)?(ip)?(\b|\d))|((\b|\d)modem(\b|\d))|((\b|\d)ppp(oe)?(\b|\d))|((\b|\d)res(net|ident(ial)?)?(\b|\d))|((\b|\d)bredband(\b|\d))|((\b|\d)client(\b|\d))|((\b|\d)fixed(\b|\d))|((\b|\d)ip(\b|\d))|((\b|\d)pool(\b|\d))|((\b|\d)static(\b|\d))|((\b|\d)user(\b|\d)) [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: CLIENTWORDS miss [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: Botnet: checking SERVERWORDS [1885] dbg: Botnet: server words list is((\b|\d)e?mail(out)?(\b|\d))|((\b|\d)mta(\b|\d))|((\b|\d)mx(pool)?(\b|\d))|((\b|\d)relay(\b|\d))|((\b|\d)smtp(\b|\d))|((\b|\d)exch(ange)?(\b|\d)) [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: SERVERWORDS miss [1885] dbg: Botnet: starting [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: sender 'vriycavv at trashmail.net' [1885] dbg: Botnet: miss (none) [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: Botnet: checking IPINHOSTNAME [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: IPINHOSTNAME miss [1885] dbg: Botnet: checking for CLIENT [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: CLIENT miss (none) [1885] dbg: Botnet: checking for SOHO server [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: EnvelopeFrom is vriycavv at trashmail.net [1885] dbg: Botnet: mail domain is trashmail.net [1885] dbg: Botnet: SOHO miss [1885] dbg: Botnet: checking NORDNS [1885] dbg: Botnet: no trusted relays [1885] dbg: Botnet: get_relay good RDNS [1885] dbg: Botnet: IP is '87.204.147.140' [1885] dbg: Botnet: RDNS is 'da2.domeny.com' [1885] dbg: Botnet: HELO is 'da2.domeny.com' [1885] dbg: Botnet: NORDNS miss [1885] dbg: spf: found Envelope-From in first external Received header [1885] dbg: spf: def_whitelist_from_spf: vriycavv at trashmail.net is not in DEF_WHITELIST_FROM_SPF [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: spf: already checked for Received-SPF headers, proceeding with DNS based checks [1885] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1) [1885] dbg: spf: whitelist_from_spf: vriycavv at trashmail.net is not in user's WHITELIST_FROM_SPF [1885] dbg: rules: running body tests; score so far=2.881 [1885] dbg: rules: compiled body tests [1885] dbg: rules: ran body rule FRT_VALIUM2 ======> got hit: "V.a.l.i.u.m" [1885] dbg: rules: ran body rule __DRUGS_ERECTILE_C ======> got hit: "Cialis" [1885] dbg: rules: ran body rule ONLINE_PHARMACY ======> got hit: "Online Pharmacy" [...] [1885] dbg: rules: ran body rule __DRUGS_ANXIETY3 ======> got hit: " V.a.l.i.u.m" [1885] dbg: rules: running uri tests; score so far=12.43 [1885] dbg: rules: compiled uri tests [1885] dbg: eval: stock info total: 0 [1885] dbg: rules: relay da2.domeny.com doesn't match any whitelist [1885] dbg: rules: running rawbody tests; score so far=12.43 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: ran rawbody rule __DRUGS_ERECTILE10 ======> got hit: "Viagra" [1885] dbg: rules: running full tests; score so far=12.43 [1885] dbg: rules: compiled full tests [1885] dbg: util: current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.5.0-sun-1.5.0.14/bin [1885] dbg: pyzor: pyzor is not available: no pyzor executable found [1885] dbg: pyzor: no pyzor found, disabling Pyzor [1885] dbg: rules: running meta tests; score so far=12.43 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: 500 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=13 DNSBL-MX=1 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=12 DNSBL-MX=1 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=11 DNSBL-MX=1 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=10 DNSBL-MX=1 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: dns: hit 213.155.82.90 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=9 DNSBL-MX=1 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: dns: hit 10 smtp.trashmail.net. [1885] dbg: dns: hit 20 mx2.mailhop.org. [1885] dbg: dns: hit 30 smtp.trashmail.net. [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=9 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=8 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=7 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=6 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: dns: hit 127.0.5.0 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=5 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=4 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: dns: hit 216.151.193.222 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=3 DNSBL-TXT=3 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=3 DNSBL-TXT=2 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=2 DNSBL-TXT=2 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-A=1 DNSBL-TXT=2 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-TXT=2 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: DNSBL-TXT=1 at Fri Nov 28 18:10:24 2008 [1885] dbg: async: select found 1 socks ready [1885] dbg: async: queries completed: 1 started: 0 [1885] dbg: async: queries active: at Fri Nov 28 18:10:24 2008 [1885] dbg: dns: success for 17 of 18 queries [1885] dbg: rules: running head tests; score so far=12.43 [1885] dbg: rules: compiled head tests [1885] dbg: rules: running body tests; score so far=12.43 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=12.43 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=12.43 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=12.43 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=12.43 [1885] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [1885] info: rules: meta test FM_DDDD_TIMES_2 has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [1885] info: rules: meta test FM_SEX_HOSTDDDD has dependency 'FH_HOST_EQ_D_D_D_D' with a zero score [1885] info: rules: meta test HS_PHARMA_1 has dependency 'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: 1000 [1885] dbg: rules: running head tests; score so far=15.409 [1885] dbg: rules: compiled head tests [1885] dbg: rules: running body tests; score so far=15.409 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=15.409 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=15.409 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=15.409 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=15.409 [1885] dbg: rules: compiled meta tests [1885] dbg: check: running tests for priority: 99999 [1885] dbg: rules: running head tests; score so far=15.409 [1885] dbg: rules: compiled head tests [1885] dbg: GREYLISTING: called function [1885] dbg: GREYLISTING: skipping greylisting on , since score is already 15.409 and you configured greylisting not to bother with anything above 15 [1885] dbg: rules: running body tests; score so far=15.409 [1885] dbg: rules: compiled body tests [1885] dbg: rules: running uri tests; score so far=15.409 [1885] dbg: rules: compiled uri tests [1885] dbg: rules: running rawbody tests; score so far=15.409 [1885] dbg: rules: compiled rawbody tests [1885] dbg: rules: running full tests; score so far=15.409 [1885] dbg: rules: compiled full tests [1885] dbg: rules: running meta tests; score so far=15.409 [1885] dbg: rules: compiled meta tests [1885] dbg: plugin: Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ca8e38) implements 'autolearn_discriminator', priority 0 [1885] dbg: learn: auto-learn: currently using scoreset 1 [1885] dbg: learn: auto-learn: message score: 15.409, computed score for autolearn: 15.409 [1885] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=15.409, head-points=15.409, learned-points=0 [1885] dbg: learn: auto-learn? yes, spam (15.409 > 12) [1885] dbg: learn: initializing learner [1885] dbg: learn: learning spam [1885] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x925ba48) implements 'check_wb_list', priority 0 [1885] dbg: eval: all '*From' addrs: [1885] dbg: eval: all '*To' addrs: mark at btw2.pl [1885] dbg: locker: safe_lock: created /root/.spamassassin/bayes.lock.fidkar.wbp.krakow.pl.1885 [1885] dbg: locker: safe_lock: trying to get lock on /root/.spamassassin/bayes with 0 retries [1885] dbg: locker: safe_lock: link to /root/.spamassassin/bayes.lock: link ok [1885] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks [1885] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen [1885] dbg: bayes: found bayes db version 3 [1885] dbg: bayes: 8c92bd0f7785d2fd72b1c369b127cba69e2041e3 at sa_generated already learnt correctly, not learning twice [1885] dbg: bayes: untie-ing [1885] dbg: bayes: files locked, now unlocking lock [1885] dbg: locker: safe_unlock: unlink /root/.spamassassin/bayes.lock [1885] dbg: learn: initializing learner [1885] dbg: check: is spam? score=15.409 required=15 [1885] dbg: check: tests=DRUGS_ANXIETY,DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_ERECTILE,DRUGS_MUSCLE,FB_CIALIS_LEO3,FRT_VALIUM2,FRT_XANAX2,FUZZY_VLIUM,FUZZY_XPILL,MISSING_DATE,MISSING_HEADERS,MISSING_MID,ONLINE_PHARMACY,TVD_VISIT_PHARMA [1885] dbg: check: subtests=__BOTNET_NOTRUST,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__DRUGS_ANXIETY1,__DRUGS_ANXIETY3,__DRUGS_ERECTILE1,__DRUGS_ERECTILE10,__DRUGS_ERECTILE3,__DRUGS_ERECTILE_C,__DRUGS_ERECTILE_V,__DRUGS_MUSCLE1,__HAS_RCVD,__HAS_SUBJECT,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MISSING_REF,__NONEMPTY_BODY,__RCVD_IN_DNSWL [1885] dbg: plugin: Greylisting=HASH(0x86ab870) implements 'check_end', priority 0 From vriycavv at trashmail.net Thu Jan 1 00:00:01 1970 X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on fidkar.wbp.krakow.pl X-Spam-Level: *************** X-Spam-Status: Yes, score=15.4 required=15.0 tests=DRUGS_ANXIETY, DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_ERECTILE,DRUGS_MUSCLE, FB_CIALIS_LEO3,FRT_VALIUM2,FRT_XANAX2,FUZZY_VLIUM,FUZZY_XPILL,MISSING_DATE, MISSING_HEADERS,MISSING_MID,ONLINE_PHARMACY,TVD_VISIT_PHARMA autolearn=unavailable version=3.2.3 X-Spam-Report: * 0.5 MISSING_MID Missing Message-Id: header * 0.8 MISSING_DATE Missing Date: header * 1.6 MISSING_HEADERS Missing To: header * 1.9 FRT_VALIUM2 BODY: ReplaceTags: Valium (2) * 1.5 ONLINE_PHARMACY BODY: Online Pharmacy * 0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam * 3.3 FUZZY_XPILL BODY: Attempt to obfuscate words in spam * 0.0 FRT_XANAX2 BODY: ReplaceTags: Xanax (2) * 0.0 TVD_VISIT_PHARMA BODY: TVD_VISIT_PHARMA * 2.8 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis. * 1.3 DRUGS_ANXIETY Refers to an anxiety control drug * 0.0 DRUGS_MUSCLE Refers to a muscle relaxant * 0.0 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug * 0.6 DRUGS_ERECTILE Refers to an erectile drug * 1.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug Received: from da2.domeny.com ([87.204.147.140]:50973) by fidkar.wbp.krakow.pl with esmtp (Exim 4.63) (envelope-from ) id 1L4e1c-00040d-H4 for mark at btw2.pl; Mon, 24 Nov 2008 17:11:00 +0100 X-SA-Exim-Connect-IP: 87.204.147.140 X-SA-Exim-Rcpt-To: mark at btw2.pl X-SA-Exim-Mail-From: vriycavv at trashmail.net Subject: *****SPAM***** [score: 15.4] test X-Spam-Prev-Subject: test X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000) X-SA-Exim-Scanned: Yes (on fidkar.wbp.krakow.pl) X-Spam-Prev-Subject: *****SPAM***** [score: 15.4] test Viagra Cialis Replica watches X.anax V.a.l.i.u.m s.o.m.a Online Pharmacy Spam detection software, running on the system "fidkar.wbp.krakow.pl", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Viagra Cialis Replica watches X.anax V.a.l.i.u.m s.o.m.a Online Pharmacy [...] Content analysis details: (15.4 points, 15.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.5 MISSING_MID Missing Message-Id: header 0.8 MISSING_DATE Missing Date: header 1.6 MISSING_HEADERS Missing To: header 1.9 FRT_VALIUM2 BODY: ReplaceTags: Valium (2) 1.5 ONLINE_PHARMACY BODY: Online Pharmacy 0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam 3.3 FUZZY_XPILL BODY: Attempt to obfuscate words in spam 0.0 FRT_XANAX2 BODY: ReplaceTags: Xanax (2) 0.0 TVD_VISIT_PHARMA BODY: TVD_VISIT_PHARMA 2.8 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis. 1.3 DRUGS_ANXIETY Refers to an anxiety control drug 0.0 DRUGS_MUSCLE Refers to a muscle relaxant 0.0 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug 0.6 DRUGS_ERECTILE Refers to an erectile drug 1.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug Regards, Marcin Krol From marc at merlins.org Tue Dec 2 08:46:55 2008 From: marc at merlins.org (Marc MERLIN) Date: Tue, 2 Dec 2008 08:46:55 -0800 Subject: [SA-exim] greylisting In-Reply-To: <4933D03A.60304@gmail.com> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> <492BDBC4.9070403@gmail.com> <20081126162010.GA20946@merlins.org> <4933D03A.60304@gmail.com> Message-ID: <20081202164655.GC31530@merlins.org> On Mon, Dec 01, 2008 at 12:53:30PM +0100, Marcin Krol wrote: > > (shortened this a bit due to mailing list 40KB limit) > > > Ok, I apologize for my brain not working too well. I can't think of what may > > not be working too well right now, but you can do this to debug and know for > > sure what on earth is happening: > > spamassassin -t -D < /tmp/message > > (pick a message that relates to undefined vars error in the exim logs) > > What's strange is that now all of a sudden temp rejecting stopped > working. Anyway, here's output, there's a lot of it: look for greylisting in there: > /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm (...) > [1885] dbg: GREYLISTING: called function > [1885] dbg: GREYLISTING: skipping greylisting on , since score is > already 15.409 and you configured greylisting not to bother with > anything above 15 try this again, and it should tell you what's happening :) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ From mrkafk at gmail.com Wed Dec 3 08:32:32 2008 From: mrkafk at gmail.com (Marcin Krol) Date: Wed, 03 Dec 2008 17:32:32 +0100 Subject: [SA-exim] greylisting In-Reply-To: <20081202164655.GC31530@merlins.org> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> <492BDBC4.9070403@gmail.com> <20081126162010.GA20946@merlins.org> <4933D03A.60304@gmail.com> <20081202164655.GC31530@merlins.org> Message-ID: <4936B4A0.7030607@gmail.com> Hello Marc, First of all, thanks a lot for patience and sticking out with me on this. > look for greylisting in there: > >> /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm > (...) >> [1885] dbg: GREYLISTING: called function >> [1885] dbg: GREYLISTING: skipping greylisting on , since score is >> already 15.409 and you configured greylisting not to bother with >> anything above 15 > > try this again, and it should tell you what's happening :) Hmm I tried running spamassassin -t -D on that message again and I got exactly the same output: [25955] dbg: GREYLISTING: called function [25955] dbg: GREYLISTING: skipping greylisting on , since score is already 15.409 and you configured greylisting not to bother with anything above 15 I ran that on another message and got this again: [11418] dbg: GREYLISTING: called function [11418] dbg: GREYLISTING: skipping greylisting on , since score is already 36.326 and you configured greylisting not to bother with anything above 15 This is so much weirder due to fact that I configured SApermreject: 20.0 (at some time for testing purposes I reconfigured it for SApermreject: 30.0, but that was it). I don't want to sound daft, but I have no idea what's going on with this. Perhaps this has to do with the fact that I configured required_score 15.0 in local.cf and SAtempreject: 15 in sa-exim.conf? Thanks again, Marcin Krol From marc at merlins.org Wed Dec 3 08:54:07 2008 From: marc at merlins.org (Marc MERLIN) Date: Wed, 3 Dec 2008 08:54:07 -0800 Subject: [SA-exim] greylisting In-Reply-To: <4936B4A0.7030607@gmail.com> References: <492AD3F6.6010200@gmail.com> <20081124163916.GE7858@merlins.org> <492BDBC4.9070403@gmail.com> <20081126162010.GA20946@merlins.org> <4933D03A.60304@gmail.com> <20081202164655.GC31530@merlins.org> <4936B4A0.7030607@gmail.com> Message-ID: <20081203165407.GE13960@merlins.org> On Wed, Dec 03, 2008 at 05:32:32PM +0100, Marcin Krol wrote: > > look for greylisting in there: > > > >> /usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm > > (...) > >> [1885] dbg: GREYLISTING: called function > >> [1885] dbg: GREYLISTING: skipping greylisting on , since score is > >> already 15.409 and you configured greylisting not to bother with > >> anything above 15 > > > > try this again, and it should tell you what's happening :) > > Hmm I tried running spamassassin -t -D on that message again and I got > exactly the same output: Sorry, by "try this again", I meant 'by reading the documentation" /etc/spamassassin/local.cf:header GREYLIST_ISWHITE eval:greylisting("( 'dir' => '/var/spool/sa-exim/tuplets'; 'method' => 'dir'; 'greylistsecs' => '1800'; 'dontgreylistthreshold' => 11; 'connectiphdr' => 'X-SA-Exim-Connect-IP'; 'envfromhdr' => 'X-SA-Exim-Mail-From'; 'rcpttohdr' => 'X-SA-Exim-Rcpt-To'; 'greylistnullfrom' => 1; 'greylistfourthbyte' => 0 )") 'dontgreylistthreshold' => 11 says greylisting won't happen for spam scores over 11, 15 in your case. Make sure you re-read /usr/share/doc/sa-exim/README.greylisting.gz and that you understand how scores are changed on both sides. If it's confusing, just leave the default numbers I gave, they work :) > I ran that on another message and got this again: > > [11418] dbg: GREYLISTING: called function > [11418] dbg: GREYLISTING: skipping greylisting on , since score is > already 36.326 and you configured > greylisting not to bother with anything above 15 > > This is so much weirder due to fact that I configured SApermreject: 20.0 The setting you care about it dontgreylistthreshold, but you really need to re-read the documentation. Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/