ALL_TRUSTED problems
dnsadmin 1bigthink.com
dnsadmin at 1bigthink.com
Thu Feb 2 16:08:36 GMT 2006
At 07:59 PM 2/1/2006, you wrote:
>Glenn Steen wrote:
> > On 01/02/06, Richard Edge <Edge at twu.ca> wrote:
> >> If I change the line:
> >>
> >> Score ALL_TRUSTED 0
> >>
> >> To:
> >>
> >> core ALL_TRUSTED
> >>
> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint"
> >> gives me a:
> >>
> >> [22778] warn: config: failed to parse line, skipping: core ALL_TRUSTED 0
> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled
> >> for more information
> >>
> > <me grasping at straws:-)>
> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf "
> > too? You shouldn't need use it as a preference file</me grapsing at
> > straws:-)> anymore, since it should be part of the site rules... A
> > plain "spamassassin --lint" should suffice.
> > </me grasping at straws:-)>
>
>Erm, what on earth is mailscanner.cf doing in /etc/mail/??
>
>it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other
>directory containing the word "spamassassin" depending on how your
>SA is configured.
>
>Realistically you should *NEVER*, EVER under any condition use -p to point to
>any site-level file. It should only point to a user level file.
>
>Mailscanner.cf is NOT a user level file.
>
>The whole reason mailscanner.cf was created was to ensure it was NOT used as a
>user prefs file. mailscanner.cf contains options that are ONLY valid at the
>site-wide level. Do NOT pass this -p. It belongs in the SA
>site-config directory
>so SA always parses it, and to make sure that SA correctly parses it.
>
>If it's not in the site config directory, SA won't parse it when
>mailscanner runs.
>
>New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs file,
>thus by adding -p you are changing the behavior of spamassassin to
>be different
>than what Mailscanner does with it.
>
>I know this is contrary to how old versions of MS worked. In old versions,
>spam.assassin.prefs.conf was passed as a user_prefs replacement. However, This
>file kept pushing options in which are only valid at the site level. It also
>pushed options such as bayes_path which need to be passed to all
>instances of sa
>on the system, such as sa-learn.
>
>After some prodding, Julian finally created MailScanner.cf, a file
>to be placed
>alongside local.cf and other site-wide config files. This way any call to SA
>automatically parses this file.
>
This is what got my pulse going yesterday and prompted me to join the
thread! This plopped into my personal mail address and the only
reason it did not get tagged was due to the ALL_TRUSTED rule.
Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt Movies
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917,
required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09,
SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46)
I operate on Sprint public IP space that is not NAT'd. I am
priviledged to answer my own PTR - RDNS. No gateway.
I do not have any trusted hosts defined. Here is the output of my '
spamassassin --lint -D'
debug: SpamAssassin version 3.0.3
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/usr/kerberos/sbin', keeping.
debug: PATH included '/usr/kerberos/bin', keeping.
debug: PATH included '/usr/local/sbin', keeping.
debug: PATH included '/usr/local/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/X11R6/bin', keeping.
debug: PATH included '/root/bin', which doesn't exist, dropping.
debug: Final PATH set to:
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
debug: diag: module installed: DBI, version 1.32
debug: diag: module installed: DB_File, version 1.810
debug: diag: module installed: Digest::SHA1, version 2.10
debug: diag: module installed: IO::Socket::UNIX, version 1.2
debug: diag: module installed: MIME::Base64, version 2.12
debug: diag: module installed: Net::DNS, version 0.48
debug: diag: module not installed: Net::LDAP ('require' failed)
debug: diag: module not installed: Razor2::Client::Agent ('require' failed)
debug: diag: module installed: Storable, version 2.06
debug: diag: module installed: URI, version 1.35
debug: ignore: using a test message to lint rules
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "/usr/share/spamassassin" for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using "/etc/mail/spamassassin" for site rules dir
debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf
debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf
debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf
debug: config: read file /etc/mail/spamassassin/70_sare_random.cf
debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf
debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf
debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf
debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf
debug: config: read file /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf
debug: config: read file /etc/mail/spamassassin/local.cf
debug: config: read file /etc/mail/spamassassin/tripwire.cf
debug: using "/root/.spamassassin" for user state dir
debug: using "/root/.spamassassin/user_prefs" for user prefs file
debug: config: read file /root/.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
implements 'parse_config'
debug: using "/root/.spamassassin" for user state dir
debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: using "/root/.spamassassin" for user state dir
debug: Score set 3 chosen.
debug: ---- MIME PARSER START ----
debug: main message type: text/plain
debug: parsing normal part
debug: added part, type: text/plain
debug: ---- MIME PARSER END ----
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted:
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
implements 'parsed_metadata'
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.48
debug: trying (3) gmx.net...
debug: looking up NS for 'gmx.net'
debug: NS lookup of gmx.net succeeded => Dns available (set
dns_available to hardcode)
debug: is DNS available? 1
debug: decoding: no encoding detected
debug: URIDNSBL: domains to query:
debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for check_hashcash_double_spend
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
debug: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
debug: all '*To' addrs:
debug: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: registering glue method for check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: registering glue method for check_for_spf_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: registering glue method for check_for_spf_helo_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
debug: running body-text per-line regexp tests; score so far=-3.174
debug: running uri tests; score so far=-3.174
debug: registering glue method for check_uridnsbl
(Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c))
debug: bayes corpus size: nspam = 4620, nham = 408
debug: tokenize: header tokens for *F = "U*ignore
D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org"
debug: tokenize: header tokens for *m = " 1138895936 lint_rules "
debug: tokenize: header tokens for *RT = " "
debug: tokenize: header tokens for *RU = " "
debug: bayes token 'body' => 0.946350853491789
debug: bayes token 'H*Ad:D*org' => 0.0946204880029939
debug: bayes: score = 0.429821922703648
debug: bayes: 28513 untie-ing
debug: bayes: 28513 untie-ing db_toks
debug: bayes: 28513 untie-ing db_seen
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
implements 'check_tick'
debug: running raw-body-text per-line regexp tests; score so far=-3.173
debug: running full-text regexp tests; score so far=-3.173
debug: Razor2 is not available
debug: Current PATH is:
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Running tests for priority: 500
debug: RBL: success for 1 of 1 queries
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
implements 'check_post_dnsbl'
debug: running meta tests; score so far=-3.173
debug: running header regexp tests; score so far=-1.947
debug: running body-text per-line regexp tests; score so far=-1.947
debug: running uri tests; score so far=-1.947
debug: running raw-body-text per-line regexp tests; score so far=-1.947
debug: running full-text regexp tests; score so far=-1.947
debug: Running tests for priority: 1000
debug: running meta tests; score so far=-1.947
debug: running header regexp tests; score so far=-1.947
debug: using "/root/.spamassassin" for user state dir
debug: lock: 28513 created
/root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513
debug: lock: 28513 trying to get lock on
/root/.spamassassin/auto-whitelist with 0 retries
debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok
debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
debug: auto-whitelist (db-based):
ignore at compiling.spamassassin.taint.org|ip=none scores 0/0
debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean:
undef, IP: undef
debug: DB addr list: untie-ing and unlocking.
debug: DB addr list: file locked, breaking lock.
debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock
debug: Post AWL score: -1.947
debug: running body-text per-line regexp tests; score so far=-1.947
debug: running uri tests; score so far=-1.947
debug: running raw-body-text per-line regexp tests; score so far=-1.947
debug: running full-text regexp tests; score so far=-1.947
debug: is spam? score=-1.947 required=4.57
debug: tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME
debug:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
Any advice greatly appreciated. Comments to the effect that this
messagewas a fluke at getting by would be acceptable at this point
too. I think I do understand the issue a lot better, now.
Thanks,
Glenn Parsons
More information about the MailScanner
mailing list