Page 2 of 4 FirstFirst 1234 LastLast
Results 21 to 40 of 73

Thread: SpamBlocker 3.2.6-RC now ready for testing

  1. #21
    Join Date
    Aug 2004
    Posts
    313
    Jeff,

    [RESOLVED DISREGARD]

    Just noticed this in comparison to the 3.0 I have been using. This new config is making two calls to spamd for some reason or another, whereas the old one only made one. This one makes one as user nobody then one as the actual user. That could be a little stressful on a production server. Any ideas what could be causing it?

    May 24 15:02:45 persephone spamd[60268]: spamd: connection from localhost [127.0.0.1] at port 60692
    May 24 15:02:45 persephone spamd[60268]: spamd: setuid to nobody succeeded
    May 24 15:02:45 persephone spamd[60268]: spamd: checking message <087401cafb8c$dd499260$97dcb720$@com> for nobody:65534
    May 24 15:02:46 persephone spamd[60268]: spamd: clean message (-0.0/5.0) for nobody:65534 in 0.8 seconds, 7236 bytes.
    May 24 15:02:46 persephone spamd[60268]: spamd: result: . 0 - SPF_PASS scantime=0.8,size=7236,user=nobody,uid=65534,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=60692,mid=<087401cafb8c$dd499260$97dcb720$@com>,autolearn=ham
    May 24 15:02:46 persephone spamd[60267]: prefork: child states: II
    May 24 15:02:46 persephone spamd[60268]: spamd: connection from localhost [127.0.0.1] at port 55102
    May 24 15:02:46 persephone spamd[60268]: spamd: setuid to petpimps succeeded
    May 24 15:02:46 persephone spamd[60268]: spamd: processing message <087401cafb8c$dd499260$97dcb720$@com> for petpimps:1012
    May 24 15:02:46 persephone spamd[60268]: spamd: clean message (0.4/2.0) for petpimps:1012 in 0.8 seconds, 7258 bytes.
    May 24 15:02:46 persephone spamd[60268]: spamd: result: . 0 - AWL,SPF_PASS scantime=0.8,size=7258,user=petpimps,uid=1012,required_score=2.0,rhost=localhost,raddr=127.0.0.1,rport=55102,mid=<087401cafb8c$dd499260$97dcb720$@com>,autolearn=ham
    May 24 15:02:46 persephone spamd[60267]: prefork: child states: II

    BigWil
    Last edited by BigWil; 05-25-2010 at 11:20 AM.

  2. #22
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I have no idea. But I'll check into it.

    In which logfile do you see this? If I have to do something to enable the logfile, what do I have to do?

    Which RC are you using?

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  3. #23
    Join Date
    Aug 2004
    Posts
    313
    Disregard Jeff. The unexplainable has occurred and the issue isn't there anymore.

    BigWil

  4. #24
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Quote Originally Posted by jstrzalko View Post
    Also, you can probably remove cbl.abuseat.org as its part of PBL which is part of zen.spamhaus.org. You also may want to consider adding the barracudacentral reputation blocklist.

    On our setup, spamcop and spamhaus capture 90% of the RBL blocks and Barracuda an additional 8-9%.

    Josh
    This has been mentioned before . 2 lists need to be removed as they are already covered by zen.
    BRBL is a great list, especially if you want to save $250/y in Spamhaus fees. BTW, this should be mentioned in the Spamblocker documentation.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  5. #25
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by BigWil View Post
    Disregard Jeff. The unexplainable has occurred and the issue isn't there anymore.
    I'd like to, BigWil; it's easier on me. But then what do I make of that post you've since deleted? Was there an error in your logic?

    Thanks for any clarification you can supply.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  6. #26
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    This has been mentioned before . 2 lists need to be removed as they are already covered by zen.
    Thanks for updating me; I'll fix this. After all, it's a bug, not a feature.
    BRBL is a great list, especially if you want to save $250/y in Spamhaus fees. BTW, this should be mentioned in the Spamblocker documentation.
    I'm not sure what I should mention. That you can save $250? I'm not sure we need to give reasons.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  7. #27
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Quote Originally Posted by jlasman View Post
    I'm not sure what I should mention. That you can save $250?
    I think you should mention in Spamblocker that using the Spamhaus RBLs is not free and requires a yearly subscription.
    http://www.spamhaus.org/organization/dnsblusage.html
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  8. #28
    Join Date
    Aug 2004
    Posts
    313
    Quote Originally Posted by jlasman View Post
    I'd like to, BigWil; it's easier on me. But then what do I make of that post you've since deleted? Was there an error in your logic?

    Thanks for any clarification you can supply.
    Not exactly sure and that's why I was trying to not confuse any future readers. That segment I can't even track down. I have searched my own archives and still can't find it. Thus I thought it came into play from RC6. However, looking over RC6 I don't see it in there either. So the "unexplainable" occurred. If that piece didn't look familiar then yah you can write it off as an error in my logic.

    BigWil

  9. #29
    Join Date
    Oct 2004
    Posts
    15
    There's still an issue in this version with the spamassassin logic. Currently messages are checked by SA if there is no 'X-Spam-Flag:' header. However we've seen a recent rise of incoming spam messages with this header already set so they bypass the spam filter and leads to complaints from customers.

    Maybe we should remove these headers on incoming messages right before they are passed through spamassassin? Any other suggestions?

  10. #30
    Join Date
    May 2004
    Location
    Turkiye
    Posts
    139
    There a spam mails scored with 102.7 points which drops to my inbox directly although I set it to send spam mails to spam folder and above 15 points to delete automatically. Is this problem causes by spamassassin or exim? How can I fix?

  11. #31
    Join Date
    Aug 2004
    Posts
    313
    Quote Originally Posted by cyril View Post
    Currently messages are checked by SA if there is no 'X-Spam-Flag:' header. However we've seen a recent rise of incoming spam messages with this header already set so they bypass the spam filter
    Cyril,

    I don't think that is an accurate statement. I can send emails from one of our servers to another and they get scanned. I know for a fact that the X-Spam-Flag: header element is being set on server_1 and when it comes into server_2 it is scanned again by spamassassin there.

    I think you need to look into other reasons that the receiving server isn't scanning. Some thing I have already noted that Jeff might want to adjust is this in the spamcheck_director. I have set ours to 200k instead:

    Code:
    {<{$message_size}{100k}} \
    I have noticed that many marketing companies are adding keywords and elements and sending in both HTML and plaintext in order to make their spam greater than 100kb. One company is sending stuff out in the 275kb range even so I am thinking that they may have caught on to this.

    Of course you will not know if a message was skipped or not unless you add something of this nature like I did right below acl_check_message. This tells me if it was skipped and what machine skipped it:

    Code:
    warn message   = X-Spam-Flag-Size: Skipped scanning on $primary_hostname; size greater than 200KB
      condition      = ${if >={$message_size}{200k} {1}{0}}
    Hope that is helpful.

    BigWil

  12. #32
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    I think you should mention in Spamblocker that using the Spamhaus RBLs is not free and requires a yearly subscription.
    http://www.spamhaus.org/organization/dnsblusage.html
    I've ready their TOS and I believe we comply with it. Please follow my logic.

    Here, specifically is what your link says:
    If you do not fit all three of these criteria then please do not use our public DNSBL servers, instead see 'Professional Use'.
    We do NOT use their public DNSBL servers. We look up a zone in our upstream's nameserver? Semantic? Maybe. Maybe not. I tend to follow the rules rather than try to understand why they were written.

    But my resolvers (the nameservers listed in /etc/resolv.conf) are big commercial companies such as Google, OpenDNS, etc., and since they're the ones who may be actually using the Spamhaus servers for lookups, they're the ones that actually qualify.

    Remember how DNS works? Once the lookup is made by the resolving server, it's kept in memory until it expires.

    My understanding is that if I don't run my own resolving servers there's no way I can use Spamhaus servers directly. Unless I do forwarding of DNS queries.

    I don't host resolving DNS servers, and I don't forward. So I don't require a paid license.

    That's exactly what their terms say.

    Perhaps I should put a disclaimer into the file itself, but you may be surprised when you see the actual release file; it will have almost NO comments; all comments will be in a separate file. So maybe the warning belongs in the separate file.

    But honestly, will most people understand what I've pointed out?

    If you disagree with me please feel free to do so, and to explain your argument to me here.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  13. #33
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    I think the best way to check your theory would be to ask them directly. The problem I see with it is that if everybody is using Google DNS, then in effect, Google becomes a sponsor of Spamhaus as it pays larger and larger fees because more and more people are using their DNS. Until they cut you off or ask you to participate because you're making 500 000 requests a day.
    Spamhaus doesn't mention resolvers, etc. in their TOS. They don't go technical at all.
    To me it reads: "If you use dnlist = zen.spamhaus.com in your exim.conf file and you're an ISP, then you should get a subscription".
    In their example, they mention that a spam filtering appliance needs a license. Obviously, such a device would be talking to resolvers and yet, they want money if you use the RBLs.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  14. #34
    Join Date
    Aug 2004
    Posts
    313
    Code:
    # deny if the HELO pretends to be one of the domains hosted on the server
        deny message = Bad HELO - Host impersonating domain name [$sender_helo_name]
            condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
            hosts = ! +relay_from_hosts
    Jeff,

    I think your +relay_from_hosts used here is supposed to be +relay_hosts. Simple deduction because relay_from_hosts is never defined only relay_hosts is. I believe this was pointed out in a previous thread as well.

    Unless it was meant to be like that for some reason. Dunno.

    BigWil

  15. #35
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    @BigWill:

    Thanks for bringing this to my attention. I'll fix it in the final release.

    @interfasys,

    The reality is of course that (not quite, but to some reasonably large extent) everyone is using Google DNS or OpenDNS.

    And SpamHaus has no way of checking to who the requests from Google are really from. Which means that only Google is in a position to see who's checking against Spamhaus DNS. It also means that whether or not you pay, SpamHaus may still cut you off by cutting off Google. They can't guarantee they'll continue serving you through Google (for example)...

    So if you do decide to pay Spamhaus you're either hoping they'll keep serving Google, or you're setting up your own authoritative server and using rsync. And hoping no one finds your server and misuses it.

    And of course with the amount of spam being checked, it's unlikely that one request from isn't being used by hundreds of servers, perhaps thousands or even more.

    Are you saying that SpamHaus, who presumably know quite a bit about how DNS works (at least I'd think so) wrote something in their TOS other than what they mean?

    In the final release SpamHaus will be in a separate stanza, and it will be commented out by default.

    But of course that means that some lists otherwise included in Spamhaus will need to be listed individually.

    Any server operator is welcome to (and probably should) clarify the SPamhaus TOS directly with the company if they're not sure they understand it.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  16. #36
    Join Date
    May 2010
    Posts
    9
    I just got this one. I'm quite puzzled how this can happen. The hostname is changed, but I can assure you the ip resolves to server.domain.tld and there's no typographic error in one of them.

    H=server.domain.tld [123.123.123.123] rejected EHLO or HELO server.domain.tld: Bad HELO - Host impersonating domain name [server.domain.tld]

  17. #37
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Since you've changed everything you've removed all the clues we could use to help you. You can assure us of all you want, but you'll have to fix it yourself if you're not willing to give us unadulterated information so we can test.

    As of right now all I can to help you is tell you that since server.domain.tld doesn't resolve to 123.123.123.123, your server did what it was supposed to do.

    Oh, you've already told us that. See above.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  18. #38
    Join Date
    Jul 2007
    Posts
    55
    I'm chomping at the bit to get this on my prod box!

  19. #39
    Join Date
    Jul 2007
    Posts
    55
    When I have sender verify enabled I'm getting this pretty often

    Could not complete sender verify
    Would it be possible if after 5-10 seconds there is no reply it proceeds along in the checks? Rather than failing?

    It seems that when this happens the remote server is bouncing a message to sender that the email was undeliverable.

  20. #40
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Most of us leave sender verify disabled.

    What would be the point of continuing after a few seconds? Do you have some kind of empirical proof that spammers stop trying and that good guys keep waiting? If that's not the case, then waiting won't do anything.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. SpamBlocker 3.2.5-RC now ready for testing
    By nobaloney in forum SpamBlocker3
    Replies: 28
    Last Post: 05-07-2010, 08:34 AM
  2. SpamBlocker 3.2.4-RC now ready for testing
    By nobaloney in forum SpamBlocker3
    Replies: 58
    Last Post: 04-13-2010, 01:02 PM
  3. SpamBlocker3 exim.conf file now ready for Beta testing
    By nobaloney in forum SpamBlocker3
    Replies: 103
    Last Post: 03-14-2010, 07:21 AM
  4. SpamBlocker 3.2.3-RC now ready for testing
    By nobaloney in forum SpamBlocker3
    Replies: 22
    Last Post: 11-10-2009, 06:34 AM
  5. SpamBlocker Version 3.1-RC Now Ready for Testing
    By nobaloney in forum SpamBlocker3
    Replies: 24
    Last Post: 09-04-2009, 01:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •