ALL_TRUSTED problems
Scott Silva
ssilva at sgvwater.com
Thu Feb 2 17:02:53 GMT 2006
dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM:
> At 07:59 PM 2/1/2006, you wrote:
>
>> Glenn Steen wrote:
>> > On 01/02/06, Richard Edge <Edge at twu.ca> wrote:
>> >> If I change the line:
>> >>
>> >> Score ALL_TRUSTED 0
>> >>
>> >> To:
>> >>
>> >> core ALL_TRUSTED
>> >>
>> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint"
>> >> gives me a:
>> >>
>> >> [22778] warn: config: failed to parse line, skipping: core
>> ALL_TRUSTED 0
>> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled
>> >> for more information
>> >>
>> > <me grasping at straws:-)>
>> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf "
>> > too? You shouldn't need use it as a preference file</me grapsing at
>> > straws:-)> anymore, since it should be part of the site rules... A
>> > plain "spamassassin --lint" should suffice.
>> > </me grasping at straws:-)>
>>
>> Erm, what on earth is mailscanner.cf doing in /etc/mail/??
>>
>> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other
>> directory containing the word "spamassassin" depending on how your SA
>> is configured.
>>
>> Realistically you should *NEVER*, EVER under any condition use -p to
>> point to
>> any site-level file. It should only point to a user level file.
>>
>> Mailscanner.cf is NOT a user level file.
>>
>> The whole reason mailscanner.cf was created was to ensure it was NOT
>> used as a
>> user prefs file. mailscanner.cf contains options that are ONLY valid
>> at the
>> site-wide level. Do NOT pass this -p. It belongs in the SA site-config
>> directory
>> so SA always parses it, and to make sure that SA correctly parses it.
>>
>> If it's not in the site config directory, SA won't parse it when
>> mailscanner runs.
>>
>> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs
>> file,
>> thus by adding -p you are changing the behavior of spamassassin to be
>> different
>> than what Mailscanner does with it.
>>
>> I know this is contrary to how old versions of MS worked. In old
>> versions,
>> spam.assassin.prefs.conf was passed as a user_prefs replacement.
>> However, This
>> file kept pushing options in which are only valid at the site level.
>> It also
>> pushed options such as bayes_path which need to be passed to all
>> instances of sa
>> on the system, such as sa-learn.
>>
>> After some prodding, Julian finally created MailScanner.cf, a file to
>> be placed
>> alongside local.cf and other site-wide config files. This way any call
>> to SA
>> automatically parses this file.
>>
>
> This is what got my pulse going yesterday and prompted me to join the
> thread! This plopped into my personal mail address and the only reason
> it did not get tagged was due to the ALL_TRUSTED rule.
>
> Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt
> Movies
> MIME-Version: 1.0
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: 7bit
>
> X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917,
> required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09,
> SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46)
>
> I operate on Sprint public IP space that is not NAT'd. I am priviledged
> to answer my own PTR - RDNS. No gateway.
>
> I do not have any trusted hosts defined. Here is the output of my '
> spamassassin --lint -D'
>
> debug: SpamAssassin version 3.0.3
> debug: Score set 0 chosen.
> debug: running in taint mode? yes
> debug: Running in taint mode, removing unsafe env vars, and resetting PATH
> debug: PATH included '/usr/kerberos/sbin', keeping.
> debug: PATH included '/usr/kerberos/bin', keeping.
> debug: PATH included '/usr/local/sbin', keeping.
> debug: PATH included '/usr/local/bin', keeping.
> debug: PATH included '/sbin', keeping.
> debug: PATH included '/bin', keeping.
> debug: PATH included '/usr/sbin', keeping.
> debug: PATH included '/usr/bin', keeping.
> debug: PATH included '/usr/X11R6/bin', keeping.
> debug: PATH included '/root/bin', which doesn't exist, dropping.
> debug: Final PATH set to:
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
>
> debug: diag: module installed: DBI, version 1.32
> debug: diag: module installed: DB_File, version 1.810
> debug: diag: module installed: Digest::SHA1, version 2.10
> debug: diag: module installed: IO::Socket::UNIX, version 1.2
> debug: diag: module installed: MIME::Base64, version 2.12
> debug: diag: module installed: Net::DNS, version 0.48
> debug: diag: module not installed: Net::LDAP ('require' failed)
> debug: diag: module not installed: Razor2::Client::Agent ('require' failed)
> debug: diag: module installed: Storable, version 2.06
> debug: diag: module installed: URI, version 1.35
> debug: ignore: using a test message to lint rules
> debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
> debug: config: read file /etc/mail/spamassassin/init.pre
> debug: using "/usr/share/spamassassin" for default rules dir
> debug: config: read file /usr/share/spamassassin/10_misc.cf
> debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
> debug: config: read file /usr/share/spamassassin/20_body_tests.cf
> debug: config: read file /usr/share/spamassassin/20_compensate.cf
> debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
> debug: config: read file /usr/share/spamassassin/20_drugs.cf
> debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
> debug: config: read file /usr/share/spamassassin/20_head_tests.cf
> debug: config: read file /usr/share/spamassassin/20_html_tests.cf
> debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
> debug: config: read file /usr/share/spamassassin/20_phrases.cf
> debug: config: read file /usr/share/spamassassin/20_porn.cf
> debug: config: read file /usr/share/spamassassin/20_ratware.cf
> debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
> debug: config: read file /usr/share/spamassassin/23_bayes.cf
> debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
> debug: config: read file /usr/share/spamassassin/25_hashcash.cf
> debug: config: read file /usr/share/spamassassin/25_spf.cf
> debug: config: read file /usr/share/spamassassin/25_uribl.cf
> debug: config: read file /usr/share/spamassassin/30_text_de.cf
> debug: config: read file /usr/share/spamassassin/30_text_fr.cf
> debug: config: read file /usr/share/spamassassin/30_text_nl.cf
> debug: config: read file /usr/share/spamassassin/30_text_pl.cf
> debug: config: read file /usr/share/spamassassin/50_scores.cf
> debug: config: read file /usr/share/spamassassin/60_whitelist.cf
> debug: using "/etc/mail/spamassassin" for site rules dir
> debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_html.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_random.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf
> debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf
> debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf
> debug: config: read file
> /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
> debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf
> debug: config: read file /etc/mail/spamassassin/local.cf
> debug: config: read file /etc/mail/spamassassin/tripwire.cf
> debug: using "/root/.spamassassin" for user state dir
> debug: using "/root/.spamassassin/user_prefs" for user prefs file
> debug: config: read file /root/.spamassassin/user_prefs
> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> debug: plugin: registered
> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
> debug: plugin: registered
> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> implements 'parse_config'
> debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
> implements 'parse_config'
> debug: using "/root/.spamassassin" for user state dir
> debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
> debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
> debug: bayes: found bayes db version 3
> debug: using "/root/.spamassassin" for user state dir
> debug: Score set 3 chosen.
> debug: ---- MIME PARSER START ----
> debug: main message type: text/plain
> debug: parsing normal part
> debug: added part, type: text/plain
> debug: ---- MIME PARSER END ----
> debug: metadata: X-Spam-Relays-Trusted:
> debug: metadata: X-Spam-Relays-Untrusted:
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> implements 'parsed_metadata'
> debug: is Net::DNS::Resolver available? yes
> debug: Net::DNS version: 0.48
> debug: trying (3) gmx.net...
> debug: looking up NS for 'gmx.net'
> debug: NS lookup of gmx.net succeeded => Dns available (set
> dns_available to hardcode)
> debug: is DNS available? 1
> debug: decoding: no encoding detected
> debug: URIDNSBL: domains to query:
> debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
> debug: Running tests for priority: 0
> debug: running header regexp tests; score so far=0
> debug: registering glue method for check_hashcash_double_spend
> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
> debug: registering glue method for check_for_spf_helo_pass
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: SPF: message was delivered entirely via trusted relays, not required
> debug: registering glue method for check_hashcash_value
> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
> debug: all '*To' addrs:
> debug: registering glue method for check_for_spf_softfail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: SPF: message was delivered entirely via trusted relays, not required
> debug: registering glue method for check_for_spf_pass
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: registering glue method for check_for_spf_helo_softfail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: registering glue method for check_for_spf_fail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: registering glue method for check_for_spf_helo_fail
> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> debug: running body-text per-line regexp tests; score so far=-3.174
> debug: running uri tests; score so far=-3.174
> debug: registering glue method for check_uridnsbl
> (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c))
> debug: bayes corpus size: nspam = 4620, nham = 408
> debug: tokenize: header tokens for *F = "U*ignore
> D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org
> D*org"
> debug: tokenize: header tokens for *m = " 1138895936 lint_rules "
> debug: tokenize: header tokens for *RT = " "
> debug: tokenize: header tokens for *RU = " "
> debug: bayes token 'body' => 0.946350853491789
> debug: bayes token 'H*Ad:D*org' => 0.0946204880029939
> debug: bayes: score = 0.429821922703648
> debug: bayes: 28513 untie-ing
> debug: bayes: 28513 untie-ing db_toks
> debug: bayes: 28513 untie-ing db_seen
> debug: Razor2 is not available
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> implements 'check_tick'
> debug: running raw-body-text per-line regexp tests; score so far=-3.173
> debug: running full-text regexp tests; score so far=-3.173
> debug: Razor2 is not available
> debug: Current PATH is:
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
>
> debug: Pyzor is not available: pyzor not found
> debug: DCCifd is not available: no r/w dccifd socket found.
> debug: DCC is not available: no executable dccproc found.
> debug: Running tests for priority: 500
> debug: RBL: success for 1 of 1 queries
> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> implements 'check_post_dnsbl'
> debug: running meta tests; score so far=-3.173
> debug: running header regexp tests; score so far=-1.947
> debug: running body-text per-line regexp tests; score so far=-1.947
> debug: running uri tests; score so far=-1.947
> debug: running raw-body-text per-line regexp tests; score so far=-1.947
> debug: running full-text regexp tests; score so far=-1.947
> debug: Running tests for priority: 1000
> debug: running meta tests; score so far=-1.947
> debug: running header regexp tests; score so far=-1.947
> debug: using "/root/.spamassassin" for user state dir
> debug: lock: 28513 created
> /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513
> debug: lock: 28513 trying to get lock on
> /root/.spamassassin/auto-whitelist with 0 retries
> debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok
> debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
> debug: auto-whitelist (db-based):
> ignore at compiling.spamassassin.taint.org|ip=none scores 0/0
> debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean:
> undef, IP: undef
> debug: DB addr list: untie-ing and unlocking.
> debug: DB addr list: file locked, breaking lock.
> debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock
> debug: Post AWL score: -1.947
> debug: running body-text per-line regexp tests; score so far=-1.947
> debug: running uri tests; score so far=-1.947
> debug: running raw-body-text per-line regexp tests; score so far=-1.947
> debug: running full-text regexp tests; score so far=-1.947
> debug: is spam? score=-1.947 required=4.57
> debug:
> tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME
> debug:
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
>
>
> Any advice greatly appreciated. Comments to the effect that this
> messagewas a fluke at getting by would be acceptable at this point too.
> I think I do understand the issue a lot better, now.
>
> Thanks,
> Glenn Parsons
Have you considered upgrading to spamassassin 3.1.0?
Maybe a munged file in spamassassin, and the upgrade might kick it into
submission.
--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!
More information about the MailScanner
mailing list