ALL_TRUSTED problems
dnsadmin 1bigthink.com
dnsadmin at 1bigthink.com
Thu Feb 2 17:56:28 GMT 2006
At 12:02 PM 2/2/2006, you wrote:
>dnsadmin 1bigthink.com spake the following on 2/2/2006 8:08 AM:
> > At 07:59 PM 2/1/2006, you wrote:
> >
> >> Glenn Steen wrote:
> >> > On 01/02/06, Richard Edge <Edge at twu.ca> wrote:
> >> >> If I change the line:
> >> >>
> >> >> Score ALL_TRUSTED 0
> >> >>
> >> >> To:
> >> >>
> >> >> core ALL_TRUSTED
> >> >>
> >> >> Then the output from "spamassassin -p /etc/mail/mailscanner.cf --lint"
> >> >> gives me a:
> >> >>
> >> >> [22778] warn: config: failed to parse line, skipping: core
> >> ALL_TRUSTED 0
> >> >> [22778] warn: lint: 1 issues detected, please rerun with debug enabled
> >> >> for more information
> >> >>
> >> > <me grasping at straws:-)>
> >> > Um, does it carp if you don't specify "-p /etc/mail/mailscanner.cf "
> >> > too? You shouldn't need use it as a preference file</me grapsing at
> >> > straws:-)> anymore, since it should be part of the site rules... A
> >> > plain "spamassassin --lint" should suffice.
> >> > </me grasping at straws:-)>
> >>
> >> Erm, what on earth is mailscanner.cf doing in /etc/mail/??
> >>
> >> it belongs in /etc/mail/spamassassin or /etc/spamassassin, or some other
> >> directory containing the word "spamassassin" depending on how your SA
> >> is configured.
> >>
> >> Realistically you should *NEVER*, EVER under any condition use -p to
> >> point to
> >> any site-level file. It should only point to a user level file.
> >>
> >> Mailscanner.cf is NOT a user level file.
> >>
> >> The whole reason mailscanner.cf was created was to ensure it was NOT
> >> used as a
> >> user prefs file. mailscanner.cf contains options that are ONLY valid
> >> at the
> >> site-wide level. Do NOT pass this -p. It belongs in the SA site-config
> >> directory
> >> so SA always parses it, and to make sure that SA correctly parses it.
> >>
> >> If it's not in the site config directory, SA won't parse it when
> >> mailscanner runs.
> >>
> >> New versions of Mailscanner do NOT pass mailscanner.cf as a user prefs
> >> file,
> >> thus by adding -p you are changing the behavior of spamassassin to be
> >> different
> >> than what Mailscanner does with it.
> >>
> >> I know this is contrary to how old versions of MS worked. In old
> >> versions,
> >> spam.assassin.prefs.conf was passed as a user_prefs replacement.
> >> However, This
> >> file kept pushing options in which are only valid at the site level.
> >> It also
> >> pushed options such as bayes_path which need to be passed to all
> >> instances of sa
> >> on the system, such as sa-learn.
> >>
> >> After some prodding, Julian finally created MailScanner.cf, a file to
> >> be placed
> >> alongside local.cf and other site-wide config files. This way any call
> >> to SA
> >> automatically parses this file.
> >>
> >
> > This is what got my pulse going yesterday and prompted me to join the
> > thread! This plopped into my personal mail address and the only reason
> > it did not get tagged was due to the ALL_TRUSTED rule.
> >
> > Subject: [#yruxdjtp] Shaved Teen Bending from Over & Showing Upskirt
> > Movies
> > MIME-Version: 1.0
> > Content-Type: text/plain; charset="iso-8859-1"
> > Content-Transfer-Encoding: 7bit
> >
> > X-1bigthink.com-MailScanner-SpamCheck: not spam, SpamAssassin (score=3.917,
> > required 5, ALL_TRUSTED -3.30, BAYES_50 0.00, HOT_NASTY 0.09,
> > SARE_ADULT2 1.67, URIBL_JP_SURBL 4.00, URIBL_WS_SURBL 1.46)
> >
> > I operate on Sprint public IP space that is not NAT'd. I am priviledged
> > to answer my own PTR - RDNS. No gateway.
> >
> > I do not have any trusted hosts defined. Here is the output of my '
> > spamassassin --lint -D'
> >
> > debug: SpamAssassin version 3.0.3
> > debug: Score set 0 chosen.
> > debug: running in taint mode? yes
> > debug: Running in taint mode, removing unsafe env vars, and resetting PATH
> > debug: PATH included '/usr/kerberos/sbin', keeping.
> > debug: PATH included '/usr/kerberos/bin', keeping.
> > debug: PATH included '/usr/local/sbin', keeping.
> > debug: PATH included '/usr/local/bin', keeping.
> > debug: PATH included '/sbin', keeping.
> > debug: PATH included '/bin', keeping.
> > debug: PATH included '/usr/sbin', keeping.
> > debug: PATH included '/usr/bin', keeping.
> > debug: PATH included '/usr/X11R6/bin', keeping.
> > debug: PATH included '/root/bin', which doesn't exist, dropping.
> > debug: Final PATH set to:
> >
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
> >
> > debug: diag: module installed: DBI, version 1.32
> > debug: diag: module installed: DB_File, version 1.810
> > debug: diag: module installed: Digest::SHA1, version 2.10
> > debug: diag: module installed: IO::Socket::UNIX, version 1.2
> > debug: diag: module installed: MIME::Base64, version 2.12
> > debug: diag: module installed: Net::DNS, version 0.48
> > debug: diag: module not installed: Net::LDAP ('require' failed)
> > debug: diag: module not installed: Razor2::Client::Agent ('require' failed)
> > debug: diag: module installed: Storable, version 2.06
> > debug: diag: module installed: URI, version 1.35
> > debug: ignore: using a test message to lint rules
> > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
> > debug: config: read file /etc/mail/spamassassin/init.pre
> > debug: using "/usr/share/spamassassin" for default rules dir
> > debug: config: read file /usr/share/spamassassin/10_misc.cf
> > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
> > debug: config: read file /usr/share/spamassassin/20_body_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_compensate.cf
> > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_drugs.cf
> > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_head_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_html_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
> > debug: config: read file /usr/share/spamassassin/20_phrases.cf
> > debug: config: read file /usr/share/spamassassin/20_porn.cf
> > debug: config: read file /usr/share/spamassassin/20_ratware.cf
> > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
> > debug: config: read file /usr/share/spamassassin/23_bayes.cf
> > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
> > debug: config: read file /usr/share/spamassassin/25_hashcash.cf
> > debug: config: read file /usr/share/spamassassin/25_spf.cf
> > debug: config: read file /usr/share/spamassassin/25_uribl.cf
> > debug: config: read file /usr/share/spamassassin/30_text_de.cf
> > debug: config: read file /usr/share/spamassassin/30_text_fr.cf
> > debug: config: read file /usr/share/spamassassin/30_text_nl.cf
> > debug: config: read file /usr/share/spamassassin/30_text_pl.cf
> > debug: config: read file /usr/share/spamassassin/50_scores.cf
> > debug: config: read file /usr/share/spamassassin/60_whitelist.cf
> > debug: using "/etc/mail/spamassassin" for site rules dir
> > debug: config: read file /etc/mail/spamassassin/70_sare_adult.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_evilnum0.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj0.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_genlsubj1.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_header.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_header0.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_header1.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_html.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_html0.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_html1.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_oem.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_random.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_specific.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_spoof.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_unsub.cf
> > debug: config: read file /etc/mail/spamassassin/70_sare_uri0.cf
> > debug: config: read file /etc/mail/spamassassin/72_sare_bml_post25x.cf
> > debug: config: read file
> > /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf
> > debug: config: read file /etc/mail/spamassassin/99_sare_fraud_post25x.cf
> > debug: config: read file /etc/mail/spamassassin/local.cf
> > debug: config: read file /etc/mail/spamassassin/tripwire.cf
> > debug: using "/root/.spamassassin" for user state dir
> > debug: using "/root/.spamassassin/user_prefs" for user prefs file
> > debug: config: read file /root/.spamassassin/user_prefs
> > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
> > debug: plugin: registered
> > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
> > debug: plugin: registered
> > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
> > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78)
> > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> > implements 'parse_config'
> > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168)
> > implements 'parse_config'
> > debug: using "/root/.spamassassin" for user state dir
> > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_toks
> > debug: bayes: 28513 tie-ing to DB file R/O /root/.spamassassin/bayes_seen
> > debug: bayes: found bayes db version 3
> > debug: using "/root/.spamassassin" for user state dir
> > debug: Score set 3 chosen.
> > debug: ---- MIME PARSER START ----
> > debug: main message type: text/plain
> > debug: parsing normal part
> > debug: added part, type: text/plain
> > debug: ---- MIME PARSER END ----
> > debug: metadata: X-Spam-Relays-Trusted:
> > debug: metadata: X-Spam-Relays-Untrusted:
> > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> > implements 'parsed_metadata'
> > debug: is Net::DNS::Resolver available? yes
> > debug: Net::DNS version: 0.48
> > debug: trying (3) gmx.net...
> > debug: looking up NS for 'gmx.net'
> > debug: NS lookup of gmx.net succeeded => Dns available (set
> > dns_available to hardcode)
> > debug: is DNS available? 1
> > debug: decoding: no encoding detected
> > debug: URIDNSBL: domains to query:
> > debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
> > debug: Running tests for priority: 0
> > debug: running header regexp tests; score so far=0
> > debug: registering glue method for check_hashcash_double_spend
> > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
> > debug: registering glue method for check_for_spf_helo_pass
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: SPF: message was delivered entirely via trusted relays, not required
> > debug: registering glue method for check_hashcash_value
> > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8c28168))
> > debug: all '*To' addrs:
> > debug: registering glue method for check_for_spf_softfail
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: SPF: message was delivered entirely via trusted relays, not required
> > debug: registering glue method for check_for_spf_pass
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: registering glue method for check_for_spf_helo_softfail
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: registering glue method for check_for_spf_fail
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: registering glue method for check_for_spf_helo_fail
> > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8c6fe78))
> > debug: running body-text per-line regexp tests; score so far=-3.174
> > debug: running uri tests; score so far=-3.174
> > debug: registering glue method for check_uridnsbl
> > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c))
> > debug: bayes corpus size: nspam = 4620, nham = 408
> > debug: tokenize: header tokens for *F = "U*ignore
> > D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org
> > D*org"
> > debug: tokenize: header tokens for *m = " 1138895936 lint_rules "
> > debug: tokenize: header tokens for *RT = " "
> > debug: tokenize: header tokens for *RU = " "
> > debug: bayes token 'body' => 0.946350853491789
> > debug: bayes token 'H*Ad:D*org' => 0.0946204880029939
> > debug: bayes: score = 0.429821922703648
> > debug: bayes: 28513 untie-ing
> > debug: bayes: 28513 untie-ing db_toks
> > debug: bayes: 28513 untie-ing db_seen
> > debug: Razor2 is not available
> > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> > implements 'check_tick'
> > debug: running raw-body-text per-line regexp tests; score so far=-3.173
> > debug: running full-text regexp tests; score so far=-3.173
> > debug: Razor2 is not available
> > debug: Current PATH is:
> >
> /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin
> >
> > debug: Pyzor is not available: pyzor not found
> > debug: DCCifd is not available: no r/w dccifd socket found.
> > debug: DCC is not available: no executable dccproc found.
> > debug: Running tests for priority: 500
> > debug: RBL: success for 1 of 1 queries
> > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8c3ef2c)
> > implements 'check_post_dnsbl'
> > debug: running meta tests; score so far=-3.173
> > debug: running header regexp tests; score so far=-1.947
> > debug: running body-text per-line regexp tests; score so far=-1.947
> > debug: running uri tests; score so far=-1.947
> > debug: running raw-body-text per-line regexp tests; score so far=-1.947
> > debug: running full-text regexp tests; score so far=-1.947
> > debug: Running tests for priority: 1000
> > debug: running meta tests; score so far=-1.947
> > debug: running header regexp tests; score so far=-1.947
> > debug: using "/root/.spamassassin" for user state dir
> > debug: lock: 28513 created
> > /root/.spamassassin/auto-whitelist.lock.mxt.1bigthink.com.28513
> > debug: lock: 28513 trying to get lock on
> > /root/.spamassassin/auto-whitelist with 0 retries
> > debug: lock: 28513 link to /root/.spamassassin/auto-whitelist.lock: link ok
> > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist
> > debug: auto-whitelist (db-based):
> > ignore at compiling.spamassassin.taint.org|ip=none scores 0/0
> > debug: AWL active, pre-score: -1.947, autolearn score: -1.947, mean:
> > undef, IP: undef
> > debug: DB addr list: untie-ing and unlocking.
> > debug: DB addr list: file locked, breaking lock.
> > debug: unlock: 28513 unlink /root/.spamassassin/auto-whitelist.lock
> > debug: Post AWL score: -1.947
> > debug: running body-text per-line regexp tests; score so far=-1.947
> > debug: running uri tests; score so far=-1.947
> > debug: running raw-body-text per-line regexp tests; score so far=-1.947
> > debug: running full-text regexp tests; score so far=-1.947
> > debug: is spam? score=-1.947 required=4.57
> > debug:
> > tests=ALL_TRUSTED,BAYES_50,MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME
> > debug:
> >
> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
> >
> >
> > Any advice greatly appreciated. Comments to the effect that this
> > messagewas a fluke at getting by would be acceptable at this point too.
> > I think I do understand the issue a lot better, now.
> >
> > Thanks,
> > Glenn Parsons
>Have you considered upgrading to spamassassin 3.1.0?
>Maybe a munged file in spamassassin, and the upgrade might kick it into
>submission.
>
I intended to upgrade SpamAssassin with MailScanner 4.50 this weekend.
Glenn Parsons
More information about the MailScanner
mailing list