On Thu, 18 Jun 2009, Jeff Drury wrote:
http://pastebin.ca/1465504
On 6/18/09 2:00 PM, "Benny Pedersen" <m...@junc.org> wrote:
On Thu, June 18, 2009 22:33, Jeff Drury wrote:
They donĀ¹t appear to be scored at all (see attached header)
test:
spamassassin 2>&1 -D --lint
any errors here ?
spamassassin 2>&1 -D -t msgtotest | less
press s in the less output and post on pastebin
i belive you miss envelope_sender_header in local.cf if i remember it right
envelope_sender_header Return-Path
Jeff,
Looking at your pastebin posting, noticed a few things.
1)
You mistyped that command that Benny wanted you to run:
"spamassassin 2>&1 -D -t msgtotest | less"
Note that the second part is '2>&1' Not '2>&l' that 4th character
is the digit 1 not the letter lowercase-l.
However it would be even better to use the following test:
save an example spam into a file (complete with full headers)
(call that file spam_example ).
Now run the command:
spamassassin -D -t < spam_example > spam_example_results.txt 2>&1
Note that the order of those command parts is important and the last
two characters on that line are "ampersand" "digit-1"
This will run spamassasin in debug mode, processing your saved spam
example and put all the output into the file spam_example_results.txt
which you can then view via "less" (or your favorite text file reader).
2) Your spamassasin install is missing a few optional Perl modules
which spamassasin can use to run addtional tests:
Razor2::Client
Mail::DKIM
Encode::Detect
IP::Country
The last 3 you can install using CPAN, Razor2 has to be explcitly fetched
installed and configured (but is worth it).
John Rudd's "BOTNET" is also worth fetching & installing but watch it
for FPs, you'll probably want to adjust its scoring.
3) It doesn't look like the RBL/DNSBL tests are working for you.
In that first spam example you posted the headers from, the IP address
of the machine that handed the message to your mail server hit several
DNS based tests that I use (bl.spamcop.net, cbl.abuseat.org,
zen.spamhaus.net).
Find out why your DNS tests aren't working. They & BOTNET often hit spams
from spam-bots.
4) Once you've got SPF working, you can create a custom rule that looks
for your domain in the From address, combined with SPF-fail result into
a meta-rule which adds points for a detected forgery of your address.
I know this sounds like a bunch of work, but when completed the results
should be worth it. ;)
Dave
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
