Milter-greylist

Friends,

I recently added dacl to my existing milter-greylist configuration.

It appears that the dacl checks are ignoring my configuration for auth and
report.

I don't have noauth uncommented in my greylist.conf.  Before I started using
dacl with spamd support, messages from Authenticated Users were skipped by
milter-greylist.  After I started using dacl with spamd, I had to add these
two lines to the first part of greylist.conf:

racl whitelist auth /.*/ report "skipping dacl greylist because user is
authenticated."
dacl whitelist auth /.*/ report "skipping dacl greylist because user is
authenticated."

However, greylist is ignoring the report part of these lines.  I have
reportdelays set.

The rest of my dacl settings are:

dacl whitelist addr 127.0.0.1 nolog
dacl whitelist rcpt support@... report "skipping dacl greylist because
user is whitelisted."
dacl whitelist auth /.*/ report "skipping dacl greylist because user is
authenticated."
dacl blacklist rcpt /.*@.*/ spamd > 10 msg "Your message is considered
high-scoring spam by SpamAssassin."
dacl blacklist rcpt /.*@.*/ spamd > 5 msg "Your message is considered spam
by SpamAssassin.  Contact support@... if this is an error."
dacl whitelist default nolog

Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
put 5.0 in the dacl line.

Jim

On Fri, Mar 13, 2009 at 09:58:57AM -0500, Jim Hermann - UUN Hostmaster wrote:
> 
> Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> put 5.0 in the dacl line.

Would you mind pasting some logs? (incl. spamassassin/spamd output)



   Petar Bogdanovic

Jim Hermann - UUN Hostmaster <hostmaster@...> wrote:

> dacl blacklist rcpt /.*@.*/ spamd > 5 msg "Your message is considered spam
> by SpamAssassin.  Contact support@... if this is an error."
> dacl whitelist default nolog
> 
> Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> put 5.0 in the dacl line.

You get an error?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Jim Hermann - UUN Hostmaster <hostmaster@...> wrote:

> It appears that the dacl checks are ignoring my configuration for auth and
> report.

Is it ignored? DATA-stage ACL just overwrite the X-Greylist header with
another message, doesn't it?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> Jim Hermann - UUN Hostmaster <hostmaster@...> wrote:
> 
> > dacl blacklist rcpt /.*@.*/ spamd > 5 msg "Your message is considered spam
> > by SpamAssassin.  Contact support@... if this is an error."
> > dacl whitelist default nolog
> > 
> > Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> > put 5.0 in the dacl line.
> 
> You get an error?

Yep.

dacl blacklist rcpt /.*@.*/ spamd > 10.0 msg "Your message is considered high-scoring spam by SpamAssassin."

then

Mar 14 11:51:08 host milter-greylist: config error at line 426: syntax error
Mar 14 11:51:08 host sm-acceptingconnections[24142]: n2EGp70J024142: milter_sys_read(milter-greylist): cmd read returned 0, expecting 5
Mar 14 11:51:08 host sm-acceptingconnections[24142]: n2EGp70J024142: Milter (milter-greylist): to error state

and so on.

Jim

--- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:
>
> On Fri, Mar 13, 2009 at 09:58:57AM -0500, Jim Hermann - UUN Hostmaster wrote:
> > 
> > Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> > put 5.0 in the dacl line.
> 
> Would you mind pasting some logs? (incl. spamassassin/spamd output)

Actually, it appears that the problem is with spamd scores between 5.00 and 5.05.

Mar 10 07:20:18 host sm-acceptingconnections[16729]: n2ACK3Zk016729: from=<info@...>, size=2541, class=0, nrcpts=1, msgid=<20090306140313.M58348@lawfirm.com>, proto=ESMTP, daemon=MTA, relay=server.arinsa.com.pe [161.132.180.62]
Mar 10 07:20:18 host spamd[16591]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45863
Mar 10 07:20:18 host spamd[16591]: spamd: checking message <20090306140313.M58348@...> for (unknown):98
Mar 10 07:20:19 host spamd[16591]: spamd: identified spam (5.0/5.0) for (unknown):98 in 0.8 seconds, 3006 bytes.
Mar 10 07:20:19 host spamd[16591]: spamd: result: Y 5 - ADVANCE_FEE_2,BAYES_50,SUBJ_ALL_CAPS scantime=0.8,size=3006,user=(unknown),uid=98,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45863,mid=<20090306140313.M58348@lawfirm.com>,bayes
=0.430686,autolearn=no
Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: Milter add: header: X-Greylist: ....
Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: to=<xxxxx@...>, delay=00:00:02, mailer=virthostmail, pri=32541, stat=queued

spamd also will report non-spam messages with the same score report:

Mar 11 15:50:01 host spamd[23462]: spamd: clean message (5.0/5.0) for (unknown):98 in 2.1 seconds, 4701 bytes.

I tried using just spamd without the > score and it did not work.  Of course, I wanted to differentiate between high-scoring spam and regular spam, so I'd like for the score to work.

dacl blacklist rcpt /.*@.*/ spamd > 10 msg "Your message is considered high-scoring spam by SpamAssassin."
dacl blacklist rcpt /.*@.*/ spamd > 5 msg "Your message is considered spam by SpamAssassin.  Contact support@uuism.net if this is an error."

Jim

--- In milter-greylist@yahoogroups.com, manu@... wrote:
>
> Jim Hermann - UUN Hostmaster <hostmaster@...> wrote:
> 
> > It appears that the dacl checks are ignoring my configuration for auth and
> > report.
> 
> Is it ignored? DATA-stage ACL just overwrite the X-Greylist header with
> another message, doesn't it?

With report=delays in the greylist.conf, I don't get any X-Greylist Headers in messages that are accepted with dacl whitelist report "xxx"

With report=all in the greylist.conf and the message is accepted with dacl whitelist report "xxx", I get:

X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2b1 (host.uuserver.net [69.94.104.180]); Sat, 14 Mar 2009 15:37:08 -0500 (CDT)

because of line 324 in my greylist.conf:

racl whitelist addr 68.142.198.0/24 

greylist logs that two lines in the greylist.conf were applicable:

Mar 14 14:43:38 host milter-greylist: n2EJgk0F011931: skipping greylist because address 68.142.198.200 is whitelisted, (from=<xxxx@...>, rcpt=<xxxx@...>, addr=smtp101.sbc.mail.mud.yahoo.com[68.142.198.200]) ACL 324
Mar 14 14:43:39 host milter-greylist: n2EJgk0F011931: skipping greylist because (from=<xxxx@...>, rcpt=(nil), addr=smtp101.sbc.mail.mud.yahoo.com[68.142.198.200]) ACL 415

Line 415 is:

dacl whitelist rcpt xxxx@... report "skipping dacl greylist because user is whitelisted."

On Sat, Mar 14, 2009 at 06:21:16PM -0000, Jim Hermann wrote:
> --- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:
> >
> > On Fri, Mar 13, 2009 at 09:58:57AM -0500, Jim Hermann - UUN Hostmaster wrote:
> > > 
> > > Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> > > put 5.0 in the dacl line.
> > 
> > Would you mind pasting some logs? (incl. spamassassin/spamd output)
> 
> Actually, it appears that the problem is with spamd scores between 5.00 and 5.05.
> 
> Mar 10 07:20:18 host sm-acceptingconnections[16729]: n2ACK3Zk016729: from=<info@...>, size=2541, class=0, nrcpts=1, msgid=<20090306140313.M58348@...>, proto=ESMTP, daemon=MTA, relay=server.arinsa.com.pe [161.132.180.62]
> Mar 10 07:20:18 host spamd[16591]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45863
> Mar 10 07:20:18 host spamd[16591]: spamd: checking message <20090306140313.M58348@...> for (unknown):98
> Mar 10 07:20:19 host spamd[16591]: spamd: identified spam (5.0/5.0) for (unknown):98 in 0.8 seconds, 3006 bytes.
> Mar 10 07:20:19 host spamd[16591]: spamd: result: Y 5 - ADVANCE_FEE_2,BAYES_50,SUBJ_ALL_CAPS scantime=0.8,size=3006,user=(unknown),uid=98,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45863,mid=<20090306140313.M58348@...>,bayes
> =0.430686,autolearn=no
> Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: Milter add: header: X-Greylist: ....
> Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: to=<xxxxx@...>, delay=00:00:02, mailer=virthostmail, pri=32541, stat=queued

I don't understand. The score of this message is exactly 5. And since 5
is not >5, the message gets queued.


> spamd also will report non-spam messages with the same score report:
> 
> Mar 11 15:50:01 host spamd[23462]: spamd: clean message (5.0/5.0) for (unknown):98 in 2.1 seconds, 4701 bytes.

There is a difference between spamd and milter-greylist when it comes to
the decision, whether a message is spam or not. The former decides based
on the required_score threshold in local.cf and the latter based on
dacls in greylist.conf. Therefore, even if spamd considers the message
as being spam does not necessary mean that milter-greylist thinks the
same and since it's milter-greylist who decides, the reported result by
spamd is irrelevant.



   Petar Bogdanovic

--- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:
>
> On Sat, Mar 14, 2009 at 06:21:16PM -0000, Jim Hermann wrote:
> > --- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@> wrote:
> > >
> > > On Fri, Mar 13, 2009 at 09:58:57AM -0500, Jim Hermann - UUN Hostmaster wrote:
> > > > 
> > > > Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> > > > put 5.0 in the dacl line.
> > > 
> > > Would you mind pasting some logs? (incl. spamassassin/spamd output)
> > 
> > Actually, it appears that the problem is with spamd scores between 5.00 and 5.05.
> > 
> > Mar 10 07:20:18 host sm-acceptingconnections[16729]: n2ACK3Zk016729: from=<info@...>, size=2541, class=0, nrcpts=1, msgid=<20090306140313.M58348@...>, proto=ESMTP, daemon=MTA, relay=server.arinsa.com.pe [161.132.180.62]
> > Mar 10 07:20:18 host spamd[16591]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45863
> > Mar 10 07:20:18 host spamd[16591]: spamd: checking message <20090306140313.M58348@...> for (unknown):98
> > Mar 10 07:20:19 host spamd[16591]: spamd: identified spam (5.0/5.0) for (unknown):98 in 0.8 seconds, 3006 bytes.
> > Mar 10 07:20:19 host spamd[16591]: spamd: result: Y 5 - ADVANCE_FEE_2,BAYES_50,SUBJ_ALL_CAPS scantime=0.8,size=3006,user=(unknown),uid=98,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45863,mid=<20090306140313.M58348@...>,bayes
> > =0.430686,autolearn=no
> > Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: Milter add: header: X-Greylist: ....
> > Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: to=<xxxxx@...>, delay=00:00:02, mailer=virthostmail, pri=32541, stat=queued
> 
> I don't understand. The score of this message is exactly 5. And since 5
> is not >5, the message gets queued.

Peter,

I KNOW the message score was >5.00

The logs only show the tenths place.  The spamd application reported it as 5.01

Jim

On Wed, Mar 18, 2009 at 03:26:33AM -0000, Jim Hermann wrote:
> --- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@...> wrote:
> >
> > On Sat, Mar 14, 2009 at 06:21:16PM -0000, Jim Hermann wrote:
> > > --- In milter-greylist@yahoogroups.com, Petar Bogdanovic <petar@> wrote:
> > > >
> > > > On Fri, Mar 13, 2009 at 09:58:57AM -0500, Jim Hermann - UUN Hostmaster wrote:
> > > > > 
> > > > > Also, the spamd > 5 only blocks messages with a score above 5.5.  I can't
> > > > > put 5.0 in the dacl line.
> > > > 
> > > > Would you mind pasting some logs? (incl. spamassassin/spamd output)
> > > 
> > > Actually, it appears that the problem is with spamd scores between 5.00 and 5.05.
> > > 
> > > Mar 10 07:20:18 host sm-acceptingconnections[16729]: n2ACK3Zk016729: from=<info@...>, size=2541, class=0, nrcpts=1, msgid=<20090306140313.M58348@...>, proto=ESMTP, daemon=MTA, relay=server.arinsa.com.pe [161.132.180.62]
> > > Mar 10 07:20:18 host spamd[16591]: spamd: connection from localhost.localdomain [127.0.0.1] at port 45863
> > > Mar 10 07:20:18 host spamd[16591]: spamd: checking message <20090306140313.M58348@...> for (unknown):98
> > > Mar 10 07:20:19 host spamd[16591]: spamd: identified spam (5.0/5.0) for (unknown):98 in 0.8 seconds, 3006 bytes.
> > > Mar 10 07:20:19 host spamd[16591]: spamd: result: Y 5 - ADVANCE_FEE_2,BAYES_50,SUBJ_ALL_CAPS scantime=0.8,size=3006,user=(unknown),uid=98,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=45863,mid=<20090306140313.M58348@...>,bayes
> > > =0.430686,autolearn=no
> > > Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: Milter add: header: X-Greylist: ....
> > > Mar 10 07:20:19 host sm-acceptingconnections[16729]: n2ACK3Zk016729: to=<xxxxx@...>, delay=00:00:02, mailer=virthostmail, pri=32541, stat=queued
> > 
> > I don't understand. The score of this message is exactly 5. And since 5
> > is not >5, the message gets queued.
> 
> Peter,
> 
> I KNOW the message score was >5.00
> 
> The logs only show the tenths place.  The spamd application reported it as 5.01

http://wiki.apache.org/spamassassin/RoundingIssues



   Petar Bogdanovic