jolumape_al at hotmail
Nov 25, 2009, 9:59 AM
Post #1 of 4
(495 views)
Permalink
|
|
Problems with whitelists and simscan
|
|
Dear Sirs
I noticed a problem with Spamassassin whitelists and Simscan:
Spamassassin is configured to use white lists using mysql (for example)
mysql> select * from userpref;
+------------------------------+----------------+-------------------------+--------+
| username | preference | value | prefid |
+------------------------------+----------------+-------------------------+--------+
| jmarin [at] enlaceaduanero | whitelist_from | jolumape_al [at] hotmail | 2 |
| lcampo [at] enlaceaduanero | whitelist_from | jolumape_al [at] hotmail | 3 |
+------------------------------+----------------+-------------------------+--------+
2 rows in set (0.01 sec)
When I send mail to these accounts individually operate normally white list (SIMSCAN DEBUG):
@400000004b0d6d6c1ea5738c qmail-smtpd: pid 27178 Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.221:unknown H:col0-omc4-s19.col0.hotmail.com F:jolumape_al [at] hotmail T:jmarin [at] enlaceaduanero
@400000004b0d6d6c2c0e677c simscan: cdb looking up
@400000004b0d6d6c2c11da4c simscan: cdb for found clam=yes,spam=yes,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c12862c simscan: pelookup clam = yes
@400000004b0d6d6c2c1312cc simscan: pelookup spam = yes
@400000004b0d6d6c2c137474 simscan: pelookup spam_hits = 5.0
@400000004b0d6d6c2c14b0dc simscan: Per Domain Hits set to : 5.000000
@400000004b0d6d6c2c15260c simscan: pelookup attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c1587b4 simscan: attachment flag attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c2c162bc4 simscan: .pif is attachment number 0
@400000004b0d6d6c2c16953c simscan: .scr is attachment number 1
@400000004b0d6d6c2c16f2fc simscan: .vbs is attachment number 2
@400000004b0d6d6c2c174cd4 simscan: .bat is attachment number 3
@400000004b0d6d6c2c17a6ac simscan: .bas is attachment number 4
@400000004b0d6d6c2c180084 simscan: .cmd is attachment number 5
@400000004b0d6d6c2c185a5c simscan: .com is attachment number 6
@400000004b0d6d6c2c18b04c simscan: .exe is attachment number 7
@400000004b0d6d6c2c190a24 simscan: .dll is attachment number 8
@400000004b0d6d6c2c19fc54 simscan: starting: work dir: /var/qmail/simscan/1259171170.739859.27217
@400000004b0d6d6c3998fccc simscan: pelookup: called with jolumape_al [at] hotmail
@400000004b0d6d6c3999143c simscan: pelookup: domain is hotmail.com
@400000004b0d6d6c399923dc simscan: cdb looking up hotmail.com
@400000004b0d6d6c3999337c simscan: pelookup: local part is jolumape_al
@400000004b0d6d6c3999431c simscan: cdb looking up jolumape_al [at] hotmail
@400000004b0d6d6c399952bc simscan: pelookup: called with jmarin [at] enlaceaduanero
@400000004b0d6d6c39995e74 simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6d6c399a5c5c simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6d6c399a6bfc simscan: cdb for enlaceaduanero.com.pe found clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399a7f84 simscan: pelookup clam = yes
@400000004b0d6d6c399a8f24 simscan: pelookup spam = yes
@400000004b0d6d6c399a9adc simscan: pelookup spam_passthru = no
@400000004b0d6d6c399aaa7c simscan: unimplemented flag spam_passthru = no
@400000004b0d6d6c399ac9bc simscan: pelookup spam_hits = 5.0
@400000004b0d6d6c399ad95c simscan: Per Domain Hits set to : 5.000000
@400000004b0d6d6c399ae8fc simscan: pelookup attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399af89c simscan: attachment flag attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6d6c399b083c simscan: .pif is attachment number 0
@400000004b0d6d6c399b17dc simscan: .scr is attachment number 1
@400000004b0d6d6c399b3334 simscan: .vbs is attachment number 2
@400000004b0d6d6c399b42d4 simscan: .bat is attachment number 3
@400000004b0d6d6c399b7d6c simscan: .bas is attachment number 4
@400000004b0d6d6c399b8924 simscan: .cmd is attachment number 5
@400000004b0d6d6c399b98c4 simscan: .com is attachment number 6
@400000004b0d6d6c399ba864 simscan: .exe is attachment number 7
@400000004b0d6d6c399bb804 simscan: .dll is attachment number 8
@400000004b0d6d6c399bc3bc simscan: pelookup: local part is jmarin
@400000004b0d6d6c399bd35c simscan: cdb looking up jmarin [at] enlaceaduanero
@400000004b0d6d6c399bf29c simscan: regex opening message file msg.1259171170.739859.27217
@400000004b0d6d6c399c023c simscan: regex reading message
@400000004b0d6d6c399c11dc simscan: regex freeing memory
@400000004b0d6d6c399c1d94 simscan: cdb looking up version regex
@400000004b0d6d6c39bebcdc simscan: cdb looking up version attach
@400000004b0d6d6c39bfce4c simscan: calling clamdscan
@400000004b0d6d6c3a7bf644 simscan: cdb looking up version clamav
@400000004b0d6d6c3a7d51ec simscan: normal clamdscan return code: 0
@400000004b0d6d6c3a7efbb4 simscan: calling spamc
@400000004b0d6d6c3a7fe22c simscan: calling /usr/bin/spamc spamc -s 200000 -t 60 -U /tmp/spamd.sock -u jmarin [at] enlaceaduanero
@400000004b0d6d701fda26e4 simscan: cdb looking up version spam
@400000004b0d6d701fda3e54 simscan:[27178]:CLEAN (-69.30/5.00):3.7908s:Correo 1-18:65.55.34.221:jolumape_al [at] hotmail:jmarin [at] enlaceaduanero
@400000004b0d6d701fda51dc simscan: done, execing qmail-queue
@400000004b0d6d7027f1652c simscan: qmail-queue exited 0
@400000004b0d6d70349fcb4c tcpserver: end 27178 status 0
@400000004b0d6d7034a0b1c4 tcpserver: status: 0/800
But when I send mail to both emails (CC or BCC) does not work properly whitelisted and assigns a value close to 5.0 (SIMSCAN DEBUG):
@400000004b0d6e222906c4fc tcpserver: ok 27737 :172.16.4.5:25 :65.55.34.24::2436
@400000004b0d6e2502164f34 qmail-smtpd: pid 27737 Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.24:unknown H:col0-omc1-s14.col0.hotmail.com F:jolumape_al [at] hotmail T:lcampo [at] enlaceaduanero
@400000004b0d6e25021666a4 qmail-smtpd: pid 27737 Accept::RCPT::Rcpthosts_Rcptto: P:ESMTP S:65.55.34.24:unknown H:col0-omc1-s14.col0.hotmail.com F:jolumape_al [at] hotmail T:jmarin [at] enlaceaduanero
@400000004b0d6e250be1773c simscan: cdb looking up
@400000004b0d6e250be4ceb4 simscan: cdb for found clam=yes,spam=yes,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be576ac simscan: pelookup clam = yes
@400000004b0d6e250be60734 simscan: pelookup spam = yes
@400000004b0d6e250be66cc4 simscan: pelookup spam_hits = 5.0
@400000004b0d6e250be7d424 simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e250be8550c simscan: pelookup attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be8ba9c simscan: attachment flag attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e250be96a64 simscan: .pif is attachment number 0
@400000004b0d6e250bea1e14 simscan: .scr is attachment number 1
@400000004b0d6e250bed370c simscan: .vbs is attachment number 2
@400000004b0d6e250bed4a94 simscan: .bat is attachment number 3
@400000004b0d6e250bed5a34 simscan: .bas is attachment number 4
@400000004b0d6e250bed69d4 simscan: .cmd is attachment number 5
@400000004b0d6e250bed758c simscan: .com is attachment number 6
@400000004b0d6e250bed852c simscan: .exe is attachment number 7
@400000004b0d6e250bed94cc simscan: .dll is attachment number 8
@400000004b0d6e250beda084 simscan: starting: work dir: /var/qmail/simscan/1259171355.199932.27747
@400000004b0d6e2516196304 simscan: pelookup: called with jolumape_al [at] hotmail
@400000004b0d6e2516197e5c simscan: pelookup: domain is hotmail.com
@400000004b0d6e2516198dfc simscan: cdb looking up hotmail.com
@400000004b0d6e25161999b4 simscan: pelookup: local part is jolumape_al
@400000004b0d6e251619a954 simscan: cdb looking up jolumape_al [at] hotmail
@400000004b0d6e251619b8f4 simscan: pelookup: called with lcampo [at] enlaceaduanero
@400000004b0d6e251619c894 simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6e25161a35f4 simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6e25161a4594 simscan: cdb for enlaceaduanero.com.pe found clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161a591c simscan: pelookup clam = yes
@400000004b0d6e25161a68bc simscan: pelookup spam = yes
@400000004b0d6e25161a7474 simscan: pelookup spam_passthru = no
@400000004b0d6e25161a8414 simscan: unimplemented flag spam_passthru = no
@400000004b0d6e25161a9f6c simscan: pelookup spam_hits = 5.0
@400000004b0d6e25161af55c simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e25161b04fc simscan: pelookup attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161b149c simscan: attachment flag attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161b243c simscan: .pif is attachment number 0
@400000004b0d6e25161b33dc simscan: .scr is attachment number 1
@400000004b0d6e25161b531c simscan: .vbs is attachment number 2
@400000004b0d6e25161b62bc simscan: .bat is attachment number 3
@400000004b0d6e25161b996c simscan: .bas is attachment number 4
@400000004b0d6e25161ba524 simscan: .cmd is attachment number 5
@400000004b0d6e25161bb4c4 simscan: .com is attachment number 6
@400000004b0d6e25161bc464 simscan: .exe is attachment number 7
@400000004b0d6e25161bd01c simscan: .dll is attachment number 8
@400000004b0d6e25161bdfbc simscan: pelookup: local part is lcampo
@400000004b0d6e25161bef5c simscan: cdb looking up lcampo [at] enlaceaduanero
@400000004b0d6e25161c0e9c simscan: pelookup: called with jmarin [at] enlaceaduanero
@400000004b0d6e25161c1e3c simscan: pelookup: domain is enlaceaduanero.com.pe
@400000004b0d6e25161c2ddc simscan: cdb looking up enlaceaduanero.com.pe
@400000004b0d6e25161c3994 simscan: cdb for enlaceaduanero.com.pe found clam=yes,spam=yes,spam_passthru=no,spam_hits=5.0,attach=.pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161c4d1c simscan: pelookup clam = yes
@400000004b0d6e25161d106c simscan: pelookup spam = yes
@400000004b0d6e25161d200c simscan: pelookup spam_passthru = no
@400000004b0d6e25161d2bc4 simscan: unimplemented flag spam_passthru = no
@400000004b0d6e25161d3b64 simscan: pelookup spam_hits = 5.0
@400000004b0d6e25161d4b04 simscan: Per Domain Hits set to : 5.000000
@400000004b0d6e25161d5aa4 simscan: pelookup attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161d6a44 simscan: attachment flag attach = .pif:.scr:.vbs:.bat:.bas:.cmd:.com:.exe:.dll
@400000004b0d6e25161d8984 simscan: .pif is attachment number 0
@400000004b0d6e25161d9924 simscan: .scr is attachment number 1
@400000004b0d6e25161dd3bc simscan: .vbs is attachment number 2
@400000004b0d6e25161de35c simscan: .bat is attachment number 3
@400000004b0d6e25161def14 simscan: .bas is attachment number 4
@400000004b0d6e25161dfeb4 simscan: .cmd is attachment number 5
@400000004b0d6e25161e0e54 simscan: .com is attachment number 6
@400000004b0d6e25161e1a0c simscan: .exe is attachment number 7
@400000004b0d6e25161e29ac simscan: .dll is attachment number 8
@400000004b0d6e25161e394c simscan: pelookup: local part is jmarin
@400000004b0d6e25161e588c simscan: cdb looking up jmarin [at] enlaceaduanero
@400000004b0d6e25161e682c simscan: regex opening message file msg.1259171355.199932.27747
@400000004b0d6e25161e77cc simscan: regex reading message
@400000004b0d6e25161e8384 simscan: regex freeing memory
@400000004b0d6e25161e9324 simscan: cdb looking up version regex
@400000004b0d6e2516423824 simscan: cdb looking up version attach
@400000004b0d6e251642537c simscan: calling clamdscan
@400000004b0d6e2516fe872c simscan: cdb looking up version clamav
@400000004b0d6e2517002154 simscan: normal clamdscan return code: 0
@400000004b0d6e251701c34c simscan: calling spamc
@400000004b0d6e2517029254 simscan: calling /usr/bin/spamc spamc -s 200000 -t 60 -U /tmp/spamd.sock
@400000004b0d6e273143b79c simscan: cdb looking up version spam
@400000004b0d6e273143cf0c simscan:[27737]:CLEAN (4.10/5.00):2.6227s:Correo 1-21:65.55.34.24:jolumape_al [at] hotmail:lcampo [at] enlaceaduanero,jmarin [at] enlaceaduanero
What is wrong?
Thanks
Jose Luis
SETTINGS:
Mail Server: Qmail + Spamassassin + ClamAV + Simscan
/etc/init.d/spamassassin.rc
#!/bin/sh
# spamassassin This script starts and stops the spamd daemon
#
PATH=$PATH:/usr/local/sbin:/usr/local/bin
case "$1" in
start)
cd /
/usr/bin/spamd -v -u vpopmail -m 3 -x -q -s stderr -r /var/run/spamd/spamd.pid \
--socketpath=/tmp/spamd.sock 2>&1 | \
/usr/local/bin/setuidgid qmaill \
/usr/local/bin/multilog t !spamdappend /var/log/qmail/spamd &
echo "spamd started"
;;
stop)
if [ -r /var/run/spamd/spamd.pid ]; then
pid=`cat /var/run/spamd/spamd.pid`
kill $pid || ( echo "failed to stop spamd" && exit 1 )
echo "spamd (pid $pid) stopped"
else
echo "/var/run/spamd/spamd.pid doesn't exist, is spamd running?"
fi
;;
restart)
$0 stop && sleep 2 && $0 start
;;
*)
echo "usage: spamassassin.rc (start|stop|restart)"
;;
esac
/etc/mail/spamassassin/local.cf
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
###########################################################################
#
# rewrite_header Subject *****SPAM*****
# report_safe 1
# trusted_networks 212.17.35.
# lock_method flock
required_score 5.0
rewrite_header Subject *****SPAM*****
report_safe 0
add_header spam Flag _YESNOCAPS_
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ bayes=_BAYES_ report=_REPORT_ autolearn=_AUTOLEARN_ version=_VERSIO
N_
add_header all Level _STARS(*)_
add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_
ok_locales all
skip_rbl_checks 0
auto_whitelist_factor 0.5
bayes_auto_learn 1
bayes_file_mode 0666
whitelist_from *@surfcontrol.com
whitelist_from servicios [at] profuturo
whitelist_from juan.enciso [at] gmail
# auto_whitelist_file_mode 0666
#####################
user_scores_dsn DBI:mysql:spamassassin:localhost
user_scores_sql_username spamuser
user_scores_sql_password spampass
user_scores_sql_custom_query SELECT preference, value FROM _TABLE_ WHERE username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) OR userna
me = _USERNAME_ ORDER BY username ASC
auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn DBI:mysql:spamassassin:localhost
user_awl_sql_username spamuser
user_awl_sql_password spampass
user_awl_sql_table awl
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:spamassassin:localhost
bayes_sql_username spamuser
bayes_sql_password spampass
#####################
header PUBLICIDAD_ASUNTO Subject =~ /publicidad/i
describe PUBLICIDAD_ASUNTO Subject: comienza con publicidad
score PUBLICIDAD_ASUNTO 5.0
Simscan
./configure --enable-clamav=y --enable-clamdscan=/usr/local/bin/clamdscan --enable-dropmsg=y --enable-custom-smtp-reject=n --enable-per-domain=y --enable-attach=y --enable-spam=y --enable-ripmime=/usr/local/bin/ripmime --enable-received=y --enable-spam-hits=5.0 --enable-spamc=/usr/bin/spamc --enable-spamc-args="-s 200000 -t 60 -U /tmp/spamd.sock" --enable-spamc-user=y --enable-regex=y --with-pcre-include=/usr/local/include --enable-quarantinedir
qmail-smtpd
#!/bin/bash
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
export NOP0FCHECK="1"
export MFDNSCHECK=""
export BADMIMETYPE=""
export BADLOADERTYPE="M"
export HELOCHECK=""
export SIMSCAN_DEBUG=2
exec /usr/local/bin/softlimit -m 24000000 \
/usr/local/bin/tcpserver -H -p -R -x /usr/vpopmail/etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID -v -c 800 0 smtp rblsmtpd -t 180 \
-r zen.spamhaus.org \
-r bl.spamcop.net \
-r dnsbl.njabl.org \
/usr/local/bin/fixcrio /var/qmail/bin/qmail-smtpd 2>&1
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
|
