[SA-exim] greylisting
Marcin Krol
mrkafk at gmail.com
Mon Dec 1 03:53:30 PST 2008
(shortened this a bit due to mailing list 40KB limit)
> Ok, I apologize for my brain not working too well. I can't think of what may
> not be working too well right now, but you can do this to debug and know for
> sure what on earth is happening:
> spamassassin -t -D < /tmp/message
> (pick a message that relates to undefined vars error in the exim logs)
What's strange is that now all of a sudden temp rejecting stopped
working. Anyway, here's output, there's a lot of it:
[1885] dbg: logger: adding facilities: all
[1885] dbg: logger: logging level is DBG
[1885] dbg: generic: SpamAssassin version 3.2.3
[1885] dbg: config: score set 0 chosen.
[1885] dbg: util: running in taint mode? yes
[1885] dbg: util: taint mode: deleting unsafe environment variables,
resetting PATH
[1885] dbg: util: PATH included '/usr/local/sbin', keeping
[1885] dbg: util: PATH included '/usr/local/bin', keeping
[1885] dbg: util: PATH included '/usr/sbin', keeping
[1885] dbg: util: PATH included '/usr/bin', keeping
[1885] dbg: util: PATH included '/sbin', keeping
[1885] dbg: util: PATH included '/bin', keeping
[1885] dbg: util: PATH included '.', which is not absolute, dropping
[1885] dbg: util: PATH included
[...]
[1885] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[1885] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[1885] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[1885] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[1885] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[1885] dbg: config: read file /usr/share/spamassassin/20_dynrdns.cf
[1885] dbg: config: read file /usr/share/spamassassin/72_active.cf
[...]
[1885] dbg: config: using "/etc/spamassassin" for site rules dir
[1885] dbg: config: read file /etc/spamassassin/65_debian.cf
[1885] dbg: config: read file /etc/spamassassin/Botnet.cf
[1885] dbg: config: read file /etc/spamassassin/local.cf
[1885] dbg: config: using "/root/.spamassassin" for user state dir
[1885] dbg: config: using "/root/.spamassassin/user_prefs" for user
prefs file
[1885] dbg: config: read file /root/.spamassassin/user_prefs
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from
/etc/spamassassin/Botnet.pm
[1885] dbg: Botnet: version 0.8
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[1885] dbg: pyzor: network tests on, attempting Pyzor
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC
[1885] dbg: razor2: razor2 is not available
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[1885] dbg: reporter: network tests on, attempting SpamCop
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[1885] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject
from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
@INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Check from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTTPSMismatch
from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDetail from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Bayes from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::BodyEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::DNSEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HTMLEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::HeaderEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::RelayEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::WLBLEval from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::VBounce from @INC
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::ImageInfo from @INC
[1885] dbg: config: fixed relative path: /etc/spamassassin/Botnet.pm
[1885] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from
/etc/spamassassin/Botnet.pm
[1885] dbg: Botnet: version 0.8
[...]
[1885] dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords
[1885] dbg: plugin: loading Greylisting from
/usr/share/perl5/Mail/SpamAssassin/Plugin/Greylisting.pm
[1885] dbg: rules: __MO_OL_9B90B merged duplicates: __MO_OL_C65FA
[1885] dbg: rules: __XM_OL_22B61 merged duplicates: __XM_OL_A842E
[1885] dbg: rules: __MO_OL_07794 merged duplicates: __MO_OL_8627E
__MO_OL_F3B05
[1885] dbg: rules: __XM_OL_07794 merged duplicates: __XM_OL_25340
__XM_OL_3857F __XM_OL_4F240 __XM_OL_58CB5 __XM_OL_6554A __XM_OL_812FF
__XM_OL_C65FA __XM_OL_CF0C0 __XM_OL_F475E __XM_OL_F6D01
[1885] dbg: rules: FH_MSGID_01C67 merged duplicates: __MSGID_VGA
[1885] dbg: rules: FS_NEW_SOFT_UPLOAD merged duplicates:
HS_SUBJ_NEW_SOFTWARE
[1885] dbg: rules: __FH_HAS_XMSMAIL merged duplicates: __HAS_MSMAIL_PRI
[1885] dbg: rules: __MO_OL_015D5 merged duplicates: __MO_OL_6554A
[1885] dbg: rules: __MO_OL_91287 merged duplicates: __MO_OL_B30D1
__MO_OL_CF0C0
[1885] dbg: rules: KAM_STOCKOTC merged duplicates: KAM_STOCKTIP15
KAM_STOCKTIP20 KAM_STOCKTIP21 KAM_STOCKTIP4 KAM_STOCKTIP6
[1885] dbg: rules: __XM_OL_015D5 merged duplicates: __XM_OL_4BF4C
__XM_OL_4EEDB __XM_OL_5B79A __XM_OL_9B90B __XM_OL_ADFF7 __XM_OL_B30D1
__XM_OL_B4B40 __XM_OL_BC7E6 __XM_OL_F3B05 __XM_OL_FF5C8
[1885] dbg: rules: __XM_OL_5E7ED merged duplicates: __XM_OL_D03AB
[1885] dbg: rules: __MO_OL_22B61 merged duplicates: __MO_OL_4F240
__MO_OL_ADFF7
[1885] dbg: rules: __MO_OL_812FF merged duplicates: __MO_OL_BC7E6
[1885] dbg: rules: __MO_OL_25340 merged duplicates: __MO_OL_4EEDB
__MO_OL_7533E
[1885] dbg: rules: __MO_OL_58CB5 merged duplicates: __MO_OL_B4B40
[1885] dbg: rules: __DOS_HAS_ANY_URI merged duplicates: __HAS_ANY_URI
[1885] dbg: rules: __XM_OL_C7C33 merged duplicates: __XM_OL_C9068
__XM_OL_EF20B
[1885] dbg: rules: __MO_OL_72641 merged duplicates: __MO_OL_A842E
[1885] dbg: rules: __MO_OL_5E7ED merged duplicates: __MO_OL_C7C33
[1885] dbg: rules: __MO_OL_F475E merged duplicates: __MO_OL_FF5C8
[1885] dbg: rules: __MO_OL_4BF4C merged duplicates: __MO_OL_F6D01
[1885] dbg: conf: finish parsing
[1885] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x90df96c) implements
'finish_parsing_end', priority 0
[1885] dbg: replacetags: replacing tags
[1885] dbg: replacetags: done replacing tags
[1885] dbg: config: using "/root/.spamassassin" for user state dir
[1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks
[1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen
[1885] dbg: bayes: found bayes db version 3
[1885] dbg: bayes: DB journal sync: last sync: 0
[1885] dbg: config: using "/root/.spamassassin" for user state dir
[1885] dbg: bayes: not available for scanning, only 1 spam(s) in bayes
DB < 200
[1885] dbg: bayes: untie-ing
[1885] dbg: config: score set 1 chosen.
[1885] dbg: message: main message type: text/plain
[1885] dbg: plugin: Mail::SpamAssassin::Plugin::DNSEval=HASH(0x9175620)
implements 'check_start', priority 0
[1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_toks
[1885] dbg: bayes: tie-ing to DB file R/O /root/.spamassassin/bayes_seen
[1885] dbg: bayes: found bayes db version 3
[1885] dbg: bayes: DB journal sync: last sync: 0
[1885] dbg: bayes: not available for scanning, only 1 spam(s) in bayes
DB < 200
[1885] dbg: bayes: untie-ing
[1885] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x912ac00)
implements 'check_main', priority 0
[1885] dbg: conf: internal_networks not configured, using
trusted_networks configuration for internal_networks; if you really want
internal_networks to only contain the required 127/8 add
'internal_networks !0/0' to your configuration
[1885] dbg: received-header: parsed as [ ip=87.204.147.140
rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident=
envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ]
[1885] dbg: received-header: relay 87.204.147.140 trusted? no internal?
no msa? no
[1885] dbg: metadata: X-Spam-Relays-Trusted:
[1885] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=87.204.147.140
rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident=
envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ]
[1885] dbg: metadata: X-Spam-Relays-Internal:
[1885] dbg: metadata: X-Spam-Relays-External: [ ip=87.204.147.140
rdns=da2.domeny.com helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident=
envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= msa=0 ]
[1885] dbg: message: ---- MIME PARSER START ----
[1885] dbg: message: parsing normal part
[1885] dbg: message: ---- MIME PARSER END ----
[1885] dbg: message: no encoding detected
[1885] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8cfe938)
implements 'parsed_metadata', priority 0
[1885] dbg: dns: is_dns_available() last checked 1227892224 seconds ago;
re-checking
[1885] dbg: dns: name server: 192.168.50.1, LocalAddr: 0.0.0.0
[1885] dbg: dns: testing resolver nameservers: 192.168.50.1
[1885] dbg: dns: trying (3) intel.com...
[1885] dbg: dns: looking up NS for 'intel.com'
[1885] dbg: dns: NS lookup of intel.com using 192.168.50.1 succeeded =>
DNS available (set dns_available to override)
[1885] dbg: dns: is DNS available? 1
[1885] dbg: uridnsbl: domains to query:
[1885] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs:
[1885] dbg: dns: checking RBL combined.njabl.org., set njabl
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.combined.njabl.org. in background
[1885] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS TXT query for
140.147.204.87.bl.spamcop.net. in background
[1885] dbg: dns: _check_rbl_addresses RBL blackhole.securitysage.com.,
set securitysage
[1885] dbg: dns: launching DNS A query for
trashmail.net.blackhole.securitysage.com. in background
[1885] dbg: dns: _check_rbl_addresses RBL rhsbl.ahbl.org., set ahbl
[1885] dbg: dns: launching DNS A query for trashmail.net.rhsbl.ahbl.org.
in background
[1885] dbg: dns: checking RBL dob.sibl.support-intelligence.net., set dob
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.dob.sibl.support-intelligence.net. in background
[1885] dbg: dns: checking A and MX for host trashmail.net
[1885] dbg: dns: launching DNS A query for trashmail.net in background
[1885] dbg: dns: launching DNS MX query for trashmail.net in background
[1885] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.zen.spamhaus.org. in background
[1885] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-lastexternal
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.dnsbl.sorbs.net. in background
[1885] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: _check_rbl_addresses RBL
dob.sibl.support-intelligence.net., set dob
[1885] dbg: dns: launching DNS A query for
trashmail.net.dob.sibl.support-intelligence.net. in background
[1885] dbg: dns: checking RBL zen.spamhaus.org., set zen-lastexternal
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: checking RBL list.dnswl.org., set dnswl-firsttrusted
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.list.dnswl.org. in background
[1885] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.sa-accredit.habeas.com. in background
[1885] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.combined-HIB.dnsiplists.completewhois.com. in background
[1885] dbg: dns: checking RBL list.dsbl.org., set dsbl-lastexternal
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS TXT query for
140.147.204.87.list.dsbl.org. in background
[1885] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS TXT query for
140.147.204.87.sa-trusted.bondedsender.org. in background
[1885] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-lastexternal
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: checking RBL zen.spamhaus.org., set zen
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: _check_rbl_addresses RBL bl.open-whois.org., set openwhois
[1885] dbg: dns: launching DNS A query for
trashmail.net.bl.open-whois.org. in background
[1885] dbg: dns: _check_rbl_addresses RBL fulldom.rfc-ignorant.org., set
rfci_envfrom
[1885] dbg: dns: launching DNS A query for
trashmail.net.fulldom.rfc-ignorant.org. in background
[1885] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[1885] dbg: dns: IPs found: full-external: 87.204.147.140 untrusted:
87.204.147.140 originating:
[1885] dbg: dns: only inspecting the following IPs: 87.204.147.140
[1885] dbg: dns: launching DNS A query for
140.147.204.87.iadb.isipp.com. in background
[1885] dbg: check: running tests for priority: -1000
[1885] dbg: rules: running head tests; score so far=0
[1885] dbg: rules: compiled head tests
[1885] dbg: eval: all '*From' addrs: vriycavv at trashmail.net
[1885] dbg: eval: all '*To' addrs: mark at btw2.pl
[1885] dbg: rules: running body tests; score so far=0
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=0
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=0
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=0
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=0
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: -950
[1885] dbg: rules: running head tests; score so far=0
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: running body tests; score so far=0
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=0
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=0
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=0
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=0
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: -900
[1885] dbg: rules: running head tests; score so far=0
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: running body tests; score so far=0
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=0
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=0
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=0
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=0
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: -400
[1885] dbg: rules: running head tests; score so far=0
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: running body tests; score so far=0
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=0
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=0
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=0
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=0
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: 0
[1885] dbg: rules: running head tests; score so far=0
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: ran header rule MISSING_MID ======> got hit: "UNSET"
[1885] dbg: rules: ran header rule __LAST_UNTRUSTED_RELAY_NO_AUTH
======> got hit: "[ ip=87.204.147.140 rdns=da2.domeny.com
helo=da2.domeny.com by=fidkar.wbp.krakow.pl ident=
envfrom=vriycavv at trashmail.net intl=0 id=1L4e1c-00040d-H4 auth= "
[1885] dbg: rules: ran header rule __BOTNET_NOTRUST ======> got hit:
"negative match"
[1885] dbg: rules: ran header rule __DOS_SINGLE_EXT_RELAY ======> got
hit: "[ ip=87.204.147.140 rdns=da2.domeny.com helo=da2.domeny.com
by=fidkar.wbp.krakow.pl ident= envfrom=vriycavv at trashmail.net intl=0
id=1L4e1c-00040d-H4 auth= msa=0 ]"
[1885] dbg: rules: ran header rule __MISSING_REF ======> got hit: "UNSET"
[1885] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[1885] dbg: rules: ran header rule __DOS_RCVD_MON ======> got hit: " Mon, "
[1885] dbg: rules: ran header rule MISSING_DATE ======> got hit: "UNSET"
[1885] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "*"
[1885] dbg: spf: checking to see if the message has a Received-SPF
header that we can use
[1885] dbg: spf: cannot load Mail::SPF module or create
Mail::SPF::Server object: Can't locate Mail/SPF.pm in @INC (@INC
contains: /usr/share/perl5 /etc/perl /usr/local/lib/perl/5.8.8
/usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/lib/perl/5.8
/usr/share/perl/5.8 /usr/local/lib/site_perl) at
/usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm line 390.
[1885] dbg: spf: attempting to use legacy Mail::SPF::Query module instead
[1885] dbg: spf: cannot load Mail::SPF::Query module: Can't locate
Mail/SPF/Query.pm in @INC (@INC contains: /usr/share/perl5 /etc/perl
/usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5
/usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl) at
/usr/share/perl5/Mail/SpamAssassin/Plugin/SPF.pm line 414.
[1885] dbg: spf: one of Mail::SPF or Mail::SPF::Query is required for
SPF checks, SPF checks disabled
[1885] dbg: Botnet: checking BADDNS
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: BADDNS miss
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: Botnet: checking CLIENTWORDS
[1885] dbg: Botnet: client words regexp
is((\b|\d).*dsl.*(\b|\d))|((\b|\d)cable(\b|\d))|((\b|\d)catv(\b|\d))|((\b|\d)ddns(\b|\d))|((\b|\d)dhcp(\b|\d))|((\b|\d)dial(-?up)?(\b|\d))|((\b|\d)dip(\b|\d))|((\b|\d)docsis(\b|\d))|((\b|\d)dyn(amic)?(ip)?(\b|\d))|((\b|\d)modem(\b|\d))|((\b|\d)ppp(oe)?(\b|\d))|((\b|\d)res(net|ident(ial)?)?(\b|\d))|((\b|\d)bredband(\b|\d))|((\b|\d)client(\b|\d))|((\b|\d)fixed(\b|\d))|((\b|\d)ip(\b|\d))|((\b|\d)pool(\b|\d))|((\b|\d)static(\b|\d))|((\b|\d)user(\b|\d))
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: CLIENTWORDS miss
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: Botnet: checking SERVERWORDS
[1885] dbg: Botnet: server words list
is((\b|\d)e?mail(out)?(\b|\d))|((\b|\d)mta(\b|\d))|((\b|\d)mx(pool)?(\b|\d))|((\b|\d)relay(\b|\d))|((\b|\d)smtp(\b|\d))|((\b|\d)exch(ange)?(\b|\d))
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: SERVERWORDS miss
[1885] dbg: Botnet: starting
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: sender 'vriycavv at trashmail.net'
[1885] dbg: Botnet: miss (none)
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: Botnet: checking IPINHOSTNAME
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: IPINHOSTNAME miss
[1885] dbg: Botnet: checking for CLIENT
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: CLIENT miss (none)
[1885] dbg: Botnet: checking for SOHO server
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: EnvelopeFrom is vriycavv at trashmail.net
[1885] dbg: Botnet: mail domain is trashmail.net
[1885] dbg: Botnet: SOHO miss
[1885] dbg: Botnet: checking NORDNS
[1885] dbg: Botnet: no trusted relays
[1885] dbg: Botnet: get_relay good RDNS
[1885] dbg: Botnet: IP is '87.204.147.140'
[1885] dbg: Botnet: RDNS is 'da2.domeny.com'
[1885] dbg: Botnet: HELO is 'da2.domeny.com'
[1885] dbg: Botnet: NORDNS miss
[1885] dbg: spf: found Envelope-From in first external Received header
[1885] dbg: spf: def_whitelist_from_spf: vriycavv at trashmail.net is not
in DEF_WHITELIST_FROM_SPF
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: spf: already checked for Received-SPF headers, proceeding
with DNS based checks
[1885] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit (1)
[1885] dbg: spf: whitelist_from_spf: vriycavv at trashmail.net is not in
user's WHITELIST_FROM_SPF
[1885] dbg: rules: running body tests; score so far=2.881
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: ran body rule FRT_VALIUM2 ======> got hit: "V.a.l.i.u.m"
[1885] dbg: rules: ran body rule __DRUGS_ERECTILE_C ======> got hit:
"Cialis"
[1885] dbg: rules: ran body rule ONLINE_PHARMACY ======> got hit:
"Online Pharmacy"
[...]
[1885] dbg: rules: ran body rule __DRUGS_ANXIETY3 ======> got hit: "
V.a.l.i.u.m"
[1885] dbg: rules: running uri tests; score so far=12.43
[1885] dbg: rules: compiled uri tests
[1885] dbg: eval: stock info total: 0
[1885] dbg: rules: relay da2.domeny.com doesn't match any whitelist
[1885] dbg: rules: running rawbody tests; score so far=12.43
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: ran rawbody rule __DRUGS_ERECTILE10 ======> got hit:
"Viagra"
[1885] dbg: rules: running full tests; score so far=12.43
[1885] dbg: rules: compiled full tests
[1885] dbg: util: current PATH is:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/jvm/java-1.5.0-sun-1.5.0.14/bin
[1885] dbg: pyzor: pyzor is not available: no pyzor executable found
[1885] dbg: pyzor: no pyzor found, disabling Pyzor
[1885] dbg: rules: running meta tests; score so far=12.43
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: 500
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=13 DNSBL-MX=1 DNSBL-TXT=3 at
Fri Nov 28 18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=12 DNSBL-MX=1 DNSBL-TXT=3 at
Fri Nov 28 18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=11 DNSBL-MX=1 DNSBL-TXT=3 at
Fri Nov 28 18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=10 DNSBL-MX=1 DNSBL-TXT=3 at
Fri Nov 28 18:10:24 2008
[1885] dbg: dns: hit <dns:trashmail.net> 213.155.82.90
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=9 DNSBL-MX=1 DNSBL-TXT=3 at
Fri Nov 28 18:10:24 2008
[1885] dbg: dns: hit <dns:trashmail.net?type=MX> 10 smtp.trashmail.net.
[1885] dbg: dns: hit <dns:trashmail.net?type=MX> 20 mx2.mailhop.org.
[1885] dbg: dns: hit <dns:trashmail.net?type=MX> 30 smtp.trashmail.net.
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=9 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=8 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=7 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=6 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: dns: hit <dns:140.147.204.87.list.dnswl.org> 127.0.5.0
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=5 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=4 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: dns: hit
<dns:140.147.204.87.combined-HIB.dnsiplists.completewhois.com>
216.151.193.222
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=3 DNSBL-TXT=3 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=3 DNSBL-TXT=2 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=2 DNSBL-TXT=2 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-A=1 DNSBL-TXT=2 at Fri Nov 28
18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-TXT=2 at Fri Nov 28 18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: DNSBL-TXT=1 at Fri Nov 28 18:10:24 2008
[1885] dbg: async: select found 1 socks ready
[1885] dbg: async: queries completed: 1 started: 0
[1885] dbg: async: queries active: at Fri Nov 28 18:10:24 2008
[1885] dbg: dns: success for 17 of 18 queries
[1885] dbg: rules: running head tests; score so far=12.43
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: running body tests; score so far=12.43
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=12.43
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=12.43
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=12.43
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=12.43
[1885] dbg: rules: meta test DIGEST_MULTIPLE has undefined dependency
'DCC_CHECK'
[1885] info: rules: meta test FM_DDDD_TIMES_2 has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[1885] info: rules: meta test FM_SEX_HOSTDDDD has dependency
'FH_HOST_EQ_D_D_D_D' with a zero score
[1885] info: rules: meta test HS_PHARMA_1 has dependency
'HS_SUBJ_ONLINE_PHARMACEUTICAL' with a zero score
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: 1000
[1885] dbg: rules: running head tests; score so far=15.409
[1885] dbg: rules: compiled head tests
[1885] dbg: rules: running body tests; score so far=15.409
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=15.409
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=15.409
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=15.409
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=15.409
[1885] dbg: rules: compiled meta tests
[1885] dbg: check: running tests for priority: 99999
[1885] dbg: rules: running head tests; score so far=15.409
[1885] dbg: rules: compiled head tests
[1885] dbg: GREYLISTING: called function
[1885] dbg: GREYLISTING: skipping greylisting on , since score is
already 15.409 and you configured greylisting not to bother with
anything above 15
[1885] dbg: rules: running body tests; score so far=15.409
[1885] dbg: rules: compiled body tests
[1885] dbg: rules: running uri tests; score so far=15.409
[1885] dbg: rules: compiled uri tests
[1885] dbg: rules: running rawbody tests; score so far=15.409
[1885] dbg: rules: compiled rawbody tests
[1885] dbg: rules: running full tests; score so far=15.409
[1885] dbg: rules: compiled full tests
[1885] dbg: rules: running meta tests; score so far=15.409
[1885] dbg: rules: compiled meta tests
[1885] dbg: plugin:
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x8ca8e38)
implements 'autolearn_discriminator', priority 0
[1885] dbg: learn: auto-learn: currently using scoreset 1
[1885] dbg: learn: auto-learn: message score: 15.409, computed score for
autolearn: 15.409
[1885] dbg: learn: auto-learn? ham=0.1, spam=12, body-points=15.409,
head-points=15.409, learned-points=0
[1885] dbg: learn: auto-learn? yes, spam (15.409 > 12)
[1885] dbg: learn: initializing learner
[1885] dbg: learn: learning spam
[1885] dbg: plugin: Mail::SpamAssassin::Plugin::WLBLEval=HASH(0x925ba48)
implements 'check_wb_list', priority 0
[1885] dbg: eval: all '*From' addrs:
[1885] dbg: eval: all '*To' addrs: mark at btw2.pl
[1885] dbg: locker: safe_lock: created
/root/.spamassassin/bayes.lock.fidkar.wbp.krakow.pl.1885
[1885] dbg: locker: safe_lock: trying to get lock on
/root/.spamassassin/bayes with 0 retries
[1885] dbg: locker: safe_lock: link to /root/.spamassassin/bayes.lock:
link ok
[1885] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_toks
[1885] dbg: bayes: tie-ing to DB file R/W /root/.spamassassin/bayes_seen
[1885] dbg: bayes: found bayes db version 3
[1885] dbg: bayes: 8c92bd0f7785d2fd72b1c369b127cba69e2041e3 at sa_generated
already learnt correctly, not learning twice
[1885] dbg: bayes: untie-ing
[1885] dbg: bayes: files locked, now unlocking lock
[1885] dbg: locker: safe_unlock: unlink /root/.spamassassin/bayes.lock
[1885] dbg: learn: initializing learner
[1885] dbg: check: is spam? score=15.409 required=15
[1885] dbg: check:
tests=DRUGS_ANXIETY,DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_ERECTILE,DRUGS_MUSCLE,FB_CIALIS_LEO3,FRT_VALIUM2,FRT_XANAX2,FUZZY_VLIUM,FUZZY_XPILL,MISSING_DATE,MISSING_HEADERS,MISSING_MID,ONLINE_PHARMACY,TVD_VISIT_PHARMA
[1885] dbg: check:
subtests=__BOTNET_NOTRUST,__DOS_RCVD_MON,__DOS_SINGLE_EXT_RELAY,__DRUGS_ANXIETY1,__DRUGS_ANXIETY3,__DRUGS_ERECTILE1,__DRUGS_ERECTILE10,__DRUGS_ERECTILE3,__DRUGS_ERECTILE_C,__DRUGS_ERECTILE_V,__DRUGS_MUSCLE1,__HAS_RCVD,__HAS_SUBJECT,__LAST_UNTRUSTED_RELAY_NO_AUTH,__MISSING_REF,__NONEMPTY_BODY,__RCVD_IN_DNSWL
[1885] dbg: plugin: Greylisting=HASH(0x86ab870) implements 'check_end',
priority 0
From vriycavv at trashmail.net Thu Jan 1 00:00:01 1970
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
fidkar.wbp.krakow.pl
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.4 required=15.0 tests=DRUGS_ANXIETY,
DRUGS_ANXIETY_EREC,DRUGS_ANXIETY_OBFU,DRUGS_ERECTILE,DRUGS_MUSCLE,
FB_CIALIS_LEO3,FRT_VALIUM2,FRT_XANAX2,FUZZY_VLIUM,FUZZY_XPILL,MISSING_DATE,
MISSING_HEADERS,MISSING_MID,ONLINE_PHARMACY,TVD_VISIT_PHARMA
autolearn=unavailable version=3.2.3
X-Spam-Report:
* 0.5 MISSING_MID Missing Message-Id: header
* 0.8 MISSING_DATE Missing Date: header
* 1.6 MISSING_HEADERS Missing To: header
* 1.9 FRT_VALIUM2 BODY: ReplaceTags: Valium (2)
* 1.5 ONLINE_PHARMACY BODY: Online Pharmacy
* 0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam
* 3.3 FUZZY_XPILL BODY: Attempt to obfuscate words in spam
* 0.0 FRT_XANAX2 BODY: ReplaceTags: Xanax (2)
* 0.0 TVD_VISIT_PHARMA BODY: TVD_VISIT_PHARMA
* 2.8 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis.
* 1.3 DRUGS_ANXIETY Refers to an anxiety control drug
* 0.0 DRUGS_MUSCLE Refers to a muscle relaxant
* 0.0 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety
control drug
* 0.6 DRUGS_ERECTILE Refers to an erectile drug
* 1.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an
anxiety drug
Received: from da2.domeny.com ([87.204.147.140]:50973)
by fidkar.wbp.krakow.pl with esmtp (Exim 4.63)
(envelope-from <vriycavv at trashmail.net>)
id 1L4e1c-00040d-H4
for mark at btw2.pl; Mon, 24 Nov 2008 17:11:00 +0100
X-SA-Exim-Connect-IP: 87.204.147.140
X-SA-Exim-Rcpt-To: mark at btw2.pl
X-SA-Exim-Mail-From: vriycavv at trashmail.net
Subject: *****SPAM***** [score: 15.4] test
X-Spam-Prev-Subject: test
X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
X-SA-Exim-Scanned: Yes (on fidkar.wbp.krakow.pl)
X-Spam-Prev-Subject: *****SPAM***** [score: 15.4] test
Viagra Cialis Replica watches
X.anax V.a.l.i.u.m s.o.m.a Online Pharmacy
Spam detection software, running on the system "fidkar.wbp.krakow.pl", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Viagra Cialis Replica watches X.anax V.a.l.i.u.m s.o.m.a
Online Pharmacy [...]
Content analysis details: (15.4 points, 15.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
0.5 MISSING_MID Missing Message-Id: header
0.8 MISSING_DATE Missing Date: header
1.6 MISSING_HEADERS Missing To: header
1.9 FRT_VALIUM2 BODY: ReplaceTags: Valium (2)
1.5 ONLINE_PHARMACY BODY: Online Pharmacy
0.0 FUZZY_VLIUM BODY: Attempt to obfuscate words in spam
3.3 FUZZY_XPILL BODY: Attempt to obfuscate words in spam
0.0 FRT_XANAX2 BODY: ReplaceTags: Xanax (2)
0.0 TVD_VISIT_PHARMA BODY: TVD_VISIT_PHARMA
2.8 FB_CIALIS_LEO3 BODY: Uses a mis-spelled version of cialis.
1.3 DRUGS_ANXIETY Refers to an anxiety control drug
0.0 DRUGS_MUSCLE Refers to a muscle relaxant
0.0 DRUGS_ANXIETY_OBFU Obfuscated reference to an anxiety control drug
0.6 DRUGS_ERECTILE Refers to an erectile drug
1.0 DRUGS_ANXIETY_EREC Refers to both an erectile and an anxiety drug
Regards,
Marcin Krol
More information about the SA-Exim
mailing list