Hi,
Sorry for the length. This is really irritating.
While testing the rfc-ignorant.org DNSBL lookups, I noticed a problem
with spamassassin not reliably reading $HOME/.spamassassin/user_prefs.
Permissions are ok:
-rw-r--r-- 1 apthorpe users 3583 Jan 10 19:42
/home/apthorpe/.spamassassin/user_prefs
I'm running v2.43. The test involves an old spam (June 18. 2002) flagged
by SpamAssassin 2.20 as passing through Korea by checking the
korea.services.net DNSBL. I ran the spam through 'spamassassin -d' to
strip the previous tagging, then ran it through the script below to see
if my custom DNSBL checks are working.
In each of the three test cases below, the tagged output is identical
(MD5 checksums of korea.*.out are the same.) The debug output shows
differences due to DNS checks and timing of Razor2 lookups but but
otherwise there's no indication that my user_prefs are being used.
nslookup 4.100.57.211.korea.services.net. yields 127.0.0.2, showing that
analysis of
Received: from eudoramail.com ([211.57.100.4])
by mail21.jump.net (8.11.6/) with SMTP id g5IE76B04978
for <[EMAIL PROTECTED]>; Tue, 18 Jun 2002 09:07:06 -0500 (CDT)
should be flagged positive by the DNSBL check.
I'd try the same checks with spamc except I can't find a way to get
spamc to spit out detailed diagnostics. Otherwise it yields the same
output as from spamassassin except the RCVD_IN_RFGFORMMAIL test is
negative. Weird.
Is there another flag I should be using to get even more detailed
diagnostics of which checks were performed, not just the ones that
succeeded? Can someone else replicate this and verify I'm not smoking
discount crack?
Again, my personal checks seemed to be working fine in June with SA 2.20
when I first flagged this message. I don't understand what the code's
doing and it's not from lack of trying.
-- Bob
===== compare_flags_korea.sh =====
#!/bin/sh
CAT=/bin/cat
SPAMC=/usr/bin/spamc
SA=/usr/bin/spamassassin
USERNAME=apthorpe
PREFDIR=/home/$USERNAME/.spamassassin
PREFFILE=$PREFDIR/user_prefs
TARGET=$PREFDIR/korea.spam.txt
# spamassassin tests
FLAGS="--debug rulesrun=255 -x"
TESTNAME="korea.sa_no_prefs"
$CAT $TARGET | $SA $FLAGS 1>$PREFDIR/$TESTNAME.out 2>$PREFDIR/$TESTNAME.err
FLAGS="--debug rulesrun=255"
TESTNAME="korea.sa_default_prefs"
$CAT $TARGET | $SA $FLAGS 1>$PREFDIR/$TESTNAME.out 2>$PREFDIR/$TESTNAME.err
FLAGS="--debug rulesrun=255 -p $PREFFILE"
TESTNAME="korea.sa_given_prefs"
$CAT $TARGET | $SA $FLAGS 1>$PREFDIR/$TESTNAME.out 2>$PREFDIR/$TESTNAME.err
===== Sanitized version of /home/apthorpe/user_prefs ====
dcc_path /usr/local/bin/dccproc
rewrite_subject 0
required_hits 7
ok_languages en
# a bunch of whitelist_from delete...
header RCVD_IN_RFGFORMMAIL eval:check_rbl('formmail',
'formmail.relays.monkeys.com.')
describe RCVD_IN_RFGFORMMAIL Received from formmail script
score RCVD_IN_RFGFORMMAIL 2.0
header RCVD_IN_RFGPROXY eval:check_rbl('proxy', 'proxies.relays.monkeys.com.')
describe RCVD_IN_RFGPROXY Received from proxy
score RCVD_IN_RFGPROXIES 2.0
header RCVD_VIA_JRL_KOREA eval:check_rbl('asia', 'korea.services.net.')
describe RCVD_VIA_JRL_KOREA Received from Korea
score RCVD_VIA_JRL_KOREA 2.0
header RCVD_VIA_CHINA eval:check_rbl('asia', 'cn.rbl.cluecentral.net.')
describe RCVD_VIA_CHINA Received from China
score RCVD_VIA_CHINA 2.0
header RCVD_VIA_KOREA eval:check_rbl('asia', 'kr.rbl.cluecentral.net.')
describe RCVD_VIA_KOREA Received from Korea
score RCVD_VIA_KOREA 2.0
header IGNORANT_SENDER_POSTMASTER eval:check_rbl('rfci_postmaster',
'postmaster.rfc-ignorant.org.')
describe IGNORANT_SENDER_POSTMASTER Sender can't bother to have a working
postmaster address
score IGNORANT_SENDER_POSTMASTER 0.5
header IGNORANT_SENDER_ABUSE eval:check_rbl('rfci_abuse',
'abuse.rfc-ignorant.org.')
describe IGNORANT_SENDER_ABUSE Sender can't bother to have a working abuse
address
score IGNORANT_SENDER_ABUSE 0.5
header FROM_ENDS_IN_ALPHANUMNUM From =~ /\b[a-zA-Z]+\d+[a-zA-Z]\d\d\@/
describe FROM_ENDS_IN_ALPHANUMNUM From: ends in xnn
score FROM_ENDS_IN_ALPHANUMNUM 2.0
header BOGOFILTER X-Spam-Bogofiliter =~ /YES/o
describe BOGOFILTER Message has too many bogons and not enough ham
score BOGOFILTER 5.0
score RAZOR_CHECK 0 # 2.640
score RCVD_IN_VISI 0 # OOS
===== Report results =====
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (35.30 hits, 7 required)
SPAM: DATE_YEAR_ZERO_FIRST (3.0 points) Invalid Date: year begins with zero
SPAM: MIME_ODD_CASE (2.4 points) MiME-Version header (oddly capitalized)
SPAM: INVALID_DATE (1.5 points) Invalid Date: header (not RFC 2822)
SPAM: NO_REAL_NAME (1.3 points) From: does not include a real name
SPAM: FROM_ENDS_IN_NUMS (0.9 points) From: ends in numbers
SPAM: SUBJ_ENDS_IN_SPACE (0.4 points) Subject ends with lots of white space
SPAM: USER_AGENT_OE (0.2 points) X-Mailer header indicates a non-spam MUA
(Outlook Express)
SPAM: WANTS_CREDIT_CARD (2.9 points) BODY: Asks for credit card details
SPAM: BULK_EMAIL (1.7 points) BODY: Talks about bulk email
SPAM: ADDRESSES_ON_CD (1.3 points) BODY: Only thing addresses on CD are useful for
is spam
SPAM: NO_COST (1.0 points) BODY: No such thing as a free lunch (3)
SPAM: MAIL_IN_ORDER_FORM (0.6 points) BODY: Contains mail-in order form
SPAM: PRINT_FORM_SIGNATURE (0.5 points) BODY: Asks you for your signature on a
form
SPAM: LIMITED_TIME_ONLY (0.4 points) BODY: Offers a limited time offer
SPAM: LOW_PRICE (0.3 points) BODY: Lowest Price
SPAM: ACT_NOW (0.3 points) BODY: Act Now! Don't Hesitate!
SPAM: WHILE_SUPPLIES (0.3 points) BODY: While Supplies Last
SPAM: ORDER_NOW (0.2 points) BODY: Encourages you to waste no time in
ordering
SPAM: ONLY_COST (0.2 points) BODY: Only $$$
SPAM: SALE (0.2 points) BODY: Stuff on Sale
SPAM: NIGERIAN_TRANSACTION_1 (0.2 points) BODY: illegal Nigerian transactions (1)
SPAM: DEAR_SOMEBODY (0.1 points) BODY: Contains 'Dear Somebody'
SPAM: GAPPY_TEXT (0.0 points) BODY: Contains 'G.a.p.p.y-T.e.x.t'
SPAM: SPAM_PHRASE_13_21 (1.3 points) BODY: Spam phrases score is 13 to 21 (high)
SPAM: [score: 15]
SPAM: LINES_OF_YELLING_3 (0.3 points) BODY: 3 WHOLE LINES OF YELLING DETECTED
SPAM: LINES_OF_YELLING_2 (0.2 points) BODY: 2 WHOLE LINES OF YELLING DETECTED
SPAM: LINES_OF_YELLING (0.2 points) BODY: A WHOLE LINE OF YELLING DETECTED
SPAM: ASCII_FORM_ENTRY (0.1 points) BODY: Contains an ASCII-formatted form
SPAM: MAILTO_TO_SPAM_ADDR (0.7 points) URI: Includes a link to a likely spammer email
address
SPAM: MAILTO_WITH_SUBJ (0.4 points) URI: Includes a link to send a mail with
a subject
SPAM: RAZOR2_CHECK (3.9 points) Listed in Razor2, see http://razor.sf.net
SPAM: FORGED_EUDORAMAIL_RCVD (3.2 points) Forged eudoramail.com 'Received:' header
found
SPAM: DATE_IN_PAST_03_06 (0.3 points) Date: is 3 to 6 hours before Received: date
SPAM: RCVD_IN_RFCI (2.3 points) RBL: Received via a relay in
ipwhois.rfc-ignorant.org
SPAM: [RBL check: found 4.100.57.211.ipwhois.rfc-ignorant.org.,
type: 127.0.0.6]
SPAM: RCVD_IN_RFGFORMMAIL (2.0 points) RBL: Received from formmail script
SPAM: [RBL check: found 21.91.196.206.formmail.relays.monkeys.com.]
SPAM: MISSING_MIMEOLE (0.5 points) Message has X-MSMail-Priority, but no X-MimeOLE
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
===== Original spam =====
Return-Path: [EMAIL PROTECTED]
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from serv1.jump.net (serv1.jump.net [204.238.120.4])
by soyokaze.cynistar.net (Postfix) with ESMTP id 067542889D
for <[EMAIL PROTECTED]>; Tue, 18 Jun 2002 10:33:22 -0500 (CDT)
Received: by serv1.jump.net (arclight@localhost) (8.9.3/jump.1.11)
id JAA13543; for [EMAIL PROTECTED] Tue, 18 Jun 2002 09:07:13 -0500 (CDT)
Received: from mail21.jump.net by serv1.jump.net (mail21.jump.net [206.196.91.21])
(8.9.3/jump.1.11)
id JAA13539; for <[EMAIL PROTECTED]> Tue, 18 Jun 2002 09:07:11 -0500
(CDT)
From: [EMAIL PROTECTED]
Received: from eudoramail.com ([211.57.100.4])
by mail21.jump.net (8.11.6/) with SMTP id g5IE76B04978
for <[EMAIL PROTECTED]>; Tue, 18 Jun 2002 09:07:06 -0500 (CDT)
Reply-To: <[EMAIL PROTECTED]>
Message-ID: <036a46d11c0b$3631d0e3$0de67cb7@mjmqxi>
To: [EMAIL PROTECTED]
Subject: {*} Leads - Sales - Fast Response With E-Marketing
Date: Tue, 18 Jun 0102 11:52:45 +0200
MiME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Importance: Normal
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Status: RO
X-Status: O
Dear Consumers, Increase your Business Sales!
How??
By targeting millions of buyers via e-mail !!
25 MILLION EMAILS + Bulk Mailing Software For Only $150.00
super low price! ACT NOW !!!
Our Fresh Addresses Will Bring You
Incredible Results!
If you REALLY want to get the word out regarding
your services or products, Bulk Email is the BEST
way to do so, PERIOD! Advertising in newsgroups is
good but you're competing with hundreds even THOUSANDS
of other ads. Will your customer's see YOUR ad in the
midst of all the others?
Free Classifieds? (Don't work)
Web Site? (Takes thousands of visitors)
Banners? (Expensive and iffy)
E-Zine? (They better have a huge list)
Search Engines? (Easily buried with thousands of others)
Bulk Email will allow you to DIRECTLY contact your
potential customers. They are much more likely to
take the time to read about what you have to offer
if it was as easy as reading it via email rather
than searching through countless postings in
newsgroups.
The list's are divided into groups and are compressed.
This will allow you to use the names right off the cd.
ORDER IN THE NEXT 72 hours AND RECIEVE 4 BONUSES!!
ORDER IN THE NEXT 48 HOURS AND RECIEVE FULL TECHNICAL SUPPORT !!!
ACT NOW !!!!!!!!!!!!!!
*BONUS #1 Receive an additional cd-rom with millions of fresh,
deliverable general internet e-mail addresses free!!
*BONUS #2 Receive 2000 how to books, reports and manuals on cd-rom with
reprint resale rights! Produce for pennies and resell for BIG dollars!
*BONUS #3 Receive the Mass Mailer bulk delivery software, with full
operating instructions. This software will get the mail out QUICK!
*BONUS #4 Receive the Informational Guide to bulk e-mail. This guide
will give you all the information you need to get started!
THIS IS A ONE TIME PACKAGE DEAL WORTH HUNDREDS OF DOLLARS!!
ACT NOW! THIS IS A LIMITED TIME OFFER! ORDER WHILE SUPPLIES LAST!
RECEIVE THIS DREAM PACKAGE FOR THE UNBELIEVABLE LOW, LOW PRICE OF
ONLY $150.00
ORDERING INFORMATION:
CHECK BY FAX SERVICES OR CREDIT CARD INFO:
O R D E R N O W . . . SAME DAY SERVICE (M-F) if your order
is received before 3pm Central . To place an order, you can call us at:
1-308-650-5905 ext 121 Are fax your order to 1-415-873-2700
This Number is for credit Card Orders Only!!!
CHECK BY FAX SERVICES!
__________________________________________
To order, via credit card simply cut/paste and print out the
EZ ORDER FORM below and fax to our office today.
***** NOW ONLY $150! *****
This "Special Price" is in effect for the next seven days,
after that we go back to our regular price of $250.00 ...
Don't delay... you can be in business tomorrow!
We accept Visa, Mastercard, Amex, Disc and Checks by Fax.
----------------------Cut & Paste----------------------
---------------------EZ Order Form---------------------
_____Yes! I want everything! I am ordering within 72 hours.
Include my FREE "Business On A Disk" bonus along with your
Millions of E-Mail addresses on CD (plus 1,093,808 bonus addresses)
for the special price of only $150.00 + shipping as indicated
below.
_____Yes! I missed the 72 hour special, but I am ordering
CD WITH, super clean e-mail addresses within 7 days for the
"special" price of only $250.00 + s&h.
_____Oop's I missed the 72 hour and 7 day "specials". I am
ordering The Cd at the regular price of $250.00 + s&h.
***PLEASE SELECT YOUR SHIPPING OPTION***
____I would like to receive my package FedEx OVERNIGHT. I am
including $15 for shipping. (Hawaii & Alaska $20 - Canada $25,
all other International add an *additional* $25 [$40 total] for shipping)
____I would like to receive my package FedEx 2 DAY delivery.
I'm including $10 for shipping. (Sorry no Canada or International
delivery - Continental U.S. shipping addresses only)
***Please Print Carefully***
NOTE: Orders cannot be shipped without complete information
including your signature. No exceptions!
NAME____________________________________________________
COMPANY NAME____________________________________________
ADDRESS_________________________________________________
(FedEx can only ship to street addresses - no P.O. boxes)
CITY, STATE, ZIP________________________________________
PHONE NUMBER____________________________________________
(required for shipping & tracking)
EMAIL ADDRESS___________________________________________
(Print Carefully - required in case we have a question and to
send you a confirmation that your order has been shipped and for
technical support if you order within 24 hrs)
TYPE OF CREDIT CARD:
______VISA _____MASTERCARD ______AMEX ______DISC
CREDIT CARD# __________________________________________
EXPIRATION DATE________________________________________
NAME ON CARD___________________________________________
TOTAL AMOUNT (Including Shipping): $___________________
DATE:x__________________
(Required) SIGNATURE:x_________________________________
I understand that I am purchasing the e-mail address on CD,
and authorize the above charge to my credit card, the addresses are not rented,
but are mine to use for my own mailing, over-and-over. Free bonuses are included,
but cannot be considered part of the financial transaction. I understand that it
is my responsibility to comply with any laws applicable to my local area. As with
all software, once opened the CD may not be returned, however, if found defective
it will be replaced with like product at no charge.
O R D E R N O W . . . SAME DAY SERVICE (M-F) if your order
is received before 3pm Central . To place an order, you can call us at:
1-308-650-5905 ext 121 Are fax your order to1-415-873-2700
This Number is for credit Card Orders Only!!!
CHECK BY FAX SERVICES!
If you would like to fax a check, paste your check below and fax it to our office
along with the EZ Order Form forms to: 1-415-873-2700
**********************************************************
***24 HOUR FAX SERVICES*** PLEASE PASTE YOUR
CHECK HERE AND FAX IT TO US AT 1-415-873-2700
**********************************************************
If You fax a check, there is no need for you to mail the
original. We will draft a new check, with the exact
information from your original check. All checks will be
held for bank clearance. (7-10 days) Make payable to:
"S.C.I.S"
-=-=-=-=--=-=-=-=-=-=-=offlist Instructions=-=-=-=-=-=-=-=-=-=-=-=
**************************************************************
Do not reply to this message -
mailto:[EMAIL PROTECTED]?Subject=offnowc
**************************************************************
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
