Re: [AMaViS-user] whitelist trouble (newbie)

This is a discussion on Re: [AMaViS-user] whitelist trouble (newbie) within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; On 6/1/05, Gary V <lists@johnmecham.com> wrote: >=20 > Testing on my system, the ...


Go Back   Usenet Forums > Anti-Spam and Anti-Virus Related Forums > Amavis User

Reload this Page Re: [AMaViS-user] whitelist trouble (newbie)

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-01-2005
Lima Union
 
Posts: n/a
Default Re: [AMaViS-user] whitelist trouble (newbie)
On 6/1/05, Gary V <lists@johnmecham.com> wrote:
>=20
> Testing on my system, the hits=3D in the header is the only place in the
> header I see a change. Show the entire header. Temporarily increase
> $log_level to 5 in amavisd.conf and try again.
>=20
> As an example, my /var/log/mail.log at level 5 shows:
>=20
> Jun 1 08:24:00 sf8 amavis[14899]: (14899-01) lookup
> (score_sender<someone@example.com>) =3D> true, "someone@example.com"
> matches, result=3D"-5", matching_key=3D"someone@example.com"
>=20
> Jun 1 08:24:00 sf8 amavis[14899]: (14899-01) wbl: soft-whitelisted
> (-5) sender <someone@example.com> =3D> <me@example.com>, recip_key=3D"."
>=20
> With the exception of adding your recipient, have you modified
> the @score_sender_maps section in other ways?
>=20
> Gary V
>=20

I've increased the log verbosity to 5, and made a search for
'soft-whitelisted' but didn't find the string in the entire log, so I
must be doing something wrong(?).

One interesting thing is that I've tried the same configuration but
for the @whitelist_sender_maps and it worked ok! (whitelisted as
desired and not tagged as spam) so this problem is only related to
score_sender_maps.

The complete score_sender_maps in my amavis.conf file is this one:

@score_sender_maps =3D ({ # a by-recipient hash lookup table

# # per-recipient personal tables (NOTE: positive: black, negative: white)
# 'user1@example.com' =3D> [{'bla-mobile.press@example.com' =3D> 10.0}],
# 'user3@example.com' =3D> [{'.ebay.com' =3D> -3.0}],
# 'user4@example.com' =3D> [{'cleargreen@cleargreen.com' =3D> -7.0,
# '.cleargreen.com' =3D> -5.0}],

# site-wide opinions about senders (the '.' matches any recipient)
'.' =3D> [ # the _first_ matching sender determines the score boost

new_RE( # regexp-type lookup table, just happens to be all soft-blackli=
st
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryo u)@'i =3D> 5=
..0],
[qr'^(greatcasino|investments|lose_weight_today|mar ket\.alert)@'i=3D> 5=
..0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=3D> 5=
..0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specia loffers)@'i =3D> 5=
..0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|ye sitsfree)@'i =3D> 5=
..0],
[qr'^(your_friend|greatoffers)@'i =3D> 5=
..0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i =3D> 5=
..0],
),

# read_hash("/var/amavis/sender_scores_sitewide"),

{ # a hash-type lookup table (associative array)
'user1@ntop.corp.pluspetrol.net' =3D> -100.0,
'nobody@cert.org' =3D> -3.0,
'cert-advisory@us-cert.gov' =3D> -3.0,
'owner-alert@iss.net' =3D> -3.0,
'slashdot@slashdot.org' =3D> -3.0,
'bugtraq@securityfocus.com' =3D> -3.0,
'ntbugtraq@listserv.ntbugtraq.com' =3D> -3.0,
'security-alerts@linuxsecurity.com' =3D> -3.0,
'mailman-announce-admin@python.org' =3D> -3.0,
'amavis-user-admin@lists.sourceforge.net'=3D> -3.0,
'notification-return@lists.sophos.com' =3D> -3.0,
'owner-postfix-users@postfix.org' =3D> -3.0,
'owner-postfix-announce@postfix.org' =3D> -3.0,
'owner-sendmail-announce@lists.sendmail.org' =3D> -3.0,
'sendmail-announce-request@lists.sendmail.org' =3D> -3.0,
'donotreply@sendmail.org' =3D> -3.0,
'ca+envelope@sendmail.org' =3D> -3.0,
'noreply@freshmeat.net' =3D> -3.0,
'owner-technews@postel.acm.org' =3D> -3.0,
'ietf-123-owner@loki.ietf.org' =3D> -3.0,
'cvs-commits-list-admin@gnome.org' =3D> -3.0,
'rt-users-admin@lists.fsck.com' =3D> -3.0,
'clp-request@comp.nus.edu.sg' =3D> -3.0,
'surveys-errors@lists.nua.ie' =3D> -3.0,
'emailnews@genomeweb.com' =3D> -5.0,
'yahoo-dev-null@yahoo-inc.com' =3D> -3.0,
'returns.groups.yahoo.com' =3D> -3.0,
'clusternews@linuxnetworx.com' =3D> -3.0,
lc('lvs-users-admin@LinuxVirtualServer.org') =3D> -3.0,
lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') =3D> -5.0,

# soft-blacklisting (positive score)
'sender@example.net' =3D> 3.0,
'.example.net' =3D> 1.0,

},
], # end of site-wide tables
});


The complete header is this:

From - Wed Jun 01 11:59:12 2005
X-Account-Key: account4
X-UIDL: 7492a817aeb10f89
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <user1@corp.example.net>
X-Original-To: user2ntop.corp.example.net
Delivered-To: user2ntop.corp.example.net
Received: from localhost (localhost.localdomain [127.0.0.1])
=09by ntop.corp.example.net (Postfix) with ESMTP id E426768727
=09for <user2ntop.corp.example.net>; Wed, 1 Jun 2005 11:59:05 -0300 (ART)
Received: from ntop.corp.example.net ([127.0.0.1])
by localhost (corp.example.net [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 12262-01 for <user2ntop.corp.example.net>;
Wed, 1 Jun 2005 11:59:05 -0300 (ART)
Received: from squid.corp.example.net (BASLXPXYBKP.corp.example.net
[10.1.240.150])
=09by ntop.corp.example.net (Postfix) with ESMTP id 99FA668711
=09for <user2ntop.corp.example.net>; Wed, 1 Jun 2005 11:59:05 -0300 (ART)
Received: from [10.2.2.11] (unknown [10.2.2.11])
=09by squid.corp.example.net (Postfix) with ESMTP id 68272EE28E
=09for <user2ntop.corp.example.net>; Wed, 1 Jun 2005 09:50:50 -0300 (ART)
Message-ID: <429DCD36.5060608@corp.example.net>
Date: Wed, 01 Jun 2005 11:59:02 -0300
From: User1 <user1@corp.example.net>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: user2ntop.corp.example.net
Subject: **[SPAM]** spam
Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, hits=3D8 tagged_above=3D2 required=3D6.31
tests=3D[SARE_EN_SET1_A1=3D2, SARE_EN_SET1_A2=3D2, SARE_EN_SET1_A3=3D2,
SARE_EN_SET1_A4=3D2]
X-Spam-Level: ++++++++
X-Spam-Flag: YES

6060 Center Drive Suite 300 Los Angeles
4712 Admiralty Way #604
3000 University Center Drive Tampa, FL
23 Old Kings Highway South, Darien, CT

I can send if you want the complete log from amavisd.=20

I'll keep trying some other things; thanks in advance for any other idea.
JC


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:38 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0