Spamassassin 3.4.2 released

Use this forum for discussions about SpamAssassin and anti-spam in general.
User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-09 11:44

Just received this in my Inbox. It has implications for those not using it:

Quoted extract (from the full announcement below):
Specifically, we will stop producing SHA-1 signatures for rule updates. This means that
while we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.

*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***

THE FULL ANNOUNCEMENT
Subject: Apache SpamAssassin 3.4.2 Release Candidate 1 is available
To: SpamAssassin Devel List <dev@spamassassin.apache.org>,
Spamassassin <users@SpamAssassin.apache.org>

From: "Kevin A. McGrail" <kmcgrail@apache.org>


Release Notes -- Apache SpamAssassin -- Version 3.4.2

Introduction
------------

Apache SpamAssassin 3.4.2 contains numerous tweaks and bug fixes over the
past three and 1/2 years. As we release 3.4.2, we are preparing 4.0.0 which
will move us into a full UTF-8 environment. We expect one final 3.4.3 release.

As with any release there are a number of functional patches, improvements as
well as security reasons to upgrade to 3.4.2. In this case we have over 3
years of issues being resolved at once. And we are laying thr groundwork for
version 4.0 which is is designed to more natively handle UTF-8.

However, there is one specific pressing reason to upgrade.
Specifically, we will stop producing SHA-1 signatures for rule updates. This means that
while we produce rule updates with the focus on them working for any release from
v3.3.2 forward, they will start failing SHA-1 validation for sa-update.

*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***

Many thanks to the committers, contributors, rule testers, mass checkers,
and code testers who have made this release possible.

Thanks to David Jones for stepping up and helping us found our SpamAssassin
SysAdmin's group.

And thanks to cPanel for helping making this release possible and contributing
to the continued development of SpamAssassin. Please visit support.cpanel.net
with any issues involving cPanel & WHM's integration with SpamAssassin.

Notable features:
=================

New plugins
-----------
There are four new plugins added with this release:

Mail::SpamAssassin::Plugin::HashBL

The HashBL plugin is the interface to The Email Blocklist (EBL).
The EBL is intended to filter spam that is sent from IP addresses
and domains that cannot be blocked without causing significant
numbers of false positives.

Mail::SpamAssassin::Plugin::ResourceLimits

This plugin leverages BSD::Resource to assure your spamd child processes
do not exceed specified CPU or memory limit. If this happens, the child
process will die. See the BSD::Resource for more details.

Mail::SpamAssassin::Plugin::FromNameSpoof

This plugin allows for detection of the From:name field being used to mislead
recipients into thinking an email is from another address. The man page
includes examples and we expect to put test rules for this plugin into rulesrc soon!

Mail::SpamAssassin::Plugin::Phishing

This plugin finds uris used in phishing campaigns detected by
OpenPhish (https://openphish.com) or PhishTank (https://phishtank.com) feeds.

These plugins are disabled by default. To enable, uncomment
the loadplugin configuration options in file v342.pre, or add it to
some local .pre file such as local.pre .

Notable changes
---------------

For security reasons SSLv3 support has been removed from spamc(1).

The spamd(1) daemon now is faster to start, thanks to code optimizations.

Four CVE security bugs are included in this release for PDFInfo.pm and the
SA core:
CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781

In sa-update script, optional support for SHA-256 / SHA-512 in addition
to or instead of SHA1 has been added for better validation of rules.
See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
on the end of SHA-1 signatures which will be the end of rule updates for
releases prior to 3.4.2.

Security updates include security improvements for TxRep, tmp file creation
was hardened, the group list and setuid is hardened for spamd workers,
eval tests have been hardened (Thanks to the cPanel Security Team!),
a bug in earlier Perl versions that caused URIs to be skipped has been
identified, and UTF-16 support is improved.

GeoIP2 support has been added to RelayCountry and URILocalBL plugins due
to GeoIP legacy API deprecations.

New configuration options
-------------------------

A new template tag _DKIMSELECTOR_ that maps to the DKIM selector (the 's' tag)
from valid signatures has been added.

A 'uri_block_cont' option to URILocalBL plugin to score uris per
continent has been added.
Possible continent codes are:
af, as, eu, na, oc, sa for Africa, Asia, Europe, North America,
Oceania and South America.

The 'country_db_type' and 'country_db_path' options has been added to be able
to choose in RelayCountry plugin between GeoIP legacy
(discontinued from 04/01/2018), GeoIP2, IP::Country::Fast and IP::Country::DB_File.
GeoIP legacy is still the default option but it will be deprecated in future releases.

A config option 'uri_country_db_path' has been added to be able to choose
in URILocalBL plugin between GeoIP legacy and new GeoIP2 api.

A config option 'resource_limit_cpu' (default: 0 or no limit) has been added
to configure how many cpu cycles are allowed on a child process before it dies.

A config option 'resource_limit_mem' (default: 0 or no limit) has been added
to configure the maximum number of bytes of memory allowed both for
(virtual) address space bytes and resident set size.

A new config option 'report_wrap_width' (default: 70) has been added
to set the wrap width for description lines in the X-Spam-Report header.

Notable Internal changes
------------------------

SpamAssassin can cope with new Net::DNS module versions.
The "bytes" pragma has been remove from both core modules and plugins for
better utf-8 compatibility, there has been also some other utf-8 related
fixes.
The spamc(1) client can now be build against OpenSSL 1.1.0.
The test framework has been switched to Test::More module.

Other updates
-------------

Documentation was updated or enhanced. Project's testing and evaluation
hosts and tools running on the ASF infrastructure were updated.

A list of top-level domains in registrar boundaries was updated.

Optimizations
-------------

Faster startup of the SpamAssassin daemon.
Spamc client now correctly free(3) all the memory it uses.

Downloading and availability
----------------------------

Downloads are available from:

http://spamassassin.apache.org/downloads.cgi

sha256sum of archive files:

a2d9fd2376fef3364d43e406ae735a47d5e54d0f6eb10e23374fc39bd4a2b596
Mail-SpamAssassin-3.4.2-rc1.tar.bz2
1685868d5b92b53c9c8f2719289855747c9dfe597cae2e9b0a12a0cdfa1d4837
Mail-SpamAssassin-3.4.2-rc1.tar.gz
ff83da73c2c033975a376fda6657bec9251674cf969204a77a03a46e525e0a98
Mail-SpamAssassin-3.4.2-rc1.zip
30acaa486faa6b8106878d4c30f13506112dd3f20200ae1424fbef232c03813f
Mail-SpamAssassin-rules-3.4.2-rc1.r1840278.tgz

sha512sum of archive files:


45e343c33d28083e71a673bad35ff4487044f24df7e3f12c1a217b70e53304536756591ff7fe37dff42a00c20e3deb80173fc14ac8ae8b67ce61dc7987b787ff
Mail-SpamAssassin-3.4.2-rc1.tar.bz2

7e68ac29ed8b302421eb1818e051f2f8e1cabc6f9c8c177ea4973e563a5aa2010f26bbfb776f9b7c771000ebef36cbaf9174c8b930620c8656c119d8c0983535
Mail-SpamAssassin-3.4.2-rc1.tar.gz

ac307580c81be8727d31a50a435db0f628308f6058a66c26e85abc6f7fab1ddae333ac95fb969db942e90867fce6b969a8f232a55af6ee6ac9d4810fedc07750
Mail-SpamAssassin-3.4.2-rc1.zip

092032fd73223a9abb35c1940971e06a57096455e28f7ec6d5fa8e6dabe669c573fff6fdf022a7eaf25f6ddc6b1c32592baf3c435a8accf2855a2a1935aa8df2
Mail-SpamAssassin-rules-3.4.2-rc1.r1840278.tgz

Note that the *-rules-*.tar.gz files are only necessary if you cannot,
or do not wish to, run "sa-update" after install to download the latest
fresh rules.

See the INSTALL and UPGRADE files in the distribution for important
installation notes.


GPG Verification Procedure
--------------------------
The release files also have a .asc accompanying them. The file serves
as an external GPG signature for the given release file. The signing
key is available via the wwwkeys.pgp.net key server, as well as
http://www.apache.org/dist/spamassassin/KEYS

The key information is:

pub 4096R/F7D39814 2009-12-02
Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
uid SpamAssassin Project Management Committee
<private@spamassassin.apache.org>
uid SpamAssassin Signing Key (Code Signing Key,
replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sub 4096R/7B3265A5 2009-12-02

To verify a release file, download the file with the accompanying .asc
file and run the following commands:

gpg --verbose --keyserver wwwkeys.pgp.net --recv-key F7D39814
gpg --verify Mail-SpamAssassin-3.4.1.tar.bz2.asc
gpg --fingerprint F7D39814

Then verify that the key matches the signature.

Note that older versions of gnupg may not be able to complete the steps
above. Specifically, GnuPG v1.0.6, 1.0.7 & 1.2.6 failed while v1.4.11
worked flawlessly.

See http://www.apache.org/info/verification.html for more information
on verifying Apache releases.


About Apache SpamAssassin
-------------------------

Apache SpamAssassin is a mature, widely-deployed open source project
that serves as a mail filter to identify spam. SpamAssassin uses a
variety of mechanisms including mail header and text analysis, Bayesian
filtering, DNS blocklists, and collaborative filtering databases. In
addition, Apache SpamAssassin has a modular architecture that allows
other technologies to be quickly incorporated as an addition or as a
replacement for existing methods.

Apache SpamAssassin typically runs on a server, classifies and labels
spam before it reaches your mailbox, while allowing other components of
a mail system to act on its results.

Most of the Apache SpamAssassin is written in Perl, with heavily
traversed code paths carefully optimized. Benefits are portability,
robustness and facilitated maintenance. It can run on a wide variety of
POSIX platforms.

The server and the Perl library feels at home on Unix and Linux platforms
and reportedly also works on MS Windows systems under ActivePerl.

For more information, visit http://spamassassin.apache.org/
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-09 11:46

This caught my eye that some of you would be interested in:
NEW CONFIGURATION OPTIONS

A 'uri_block_cont' option to URILocalBL plugin to score uris per
continent has been added.
Possible continent codes are:
af, as, eu, na, oc, sa for Africa, Asia, Europe, North America,
Oceania and South America.

The 'country_db_type' and 'country_db_path' options has been added to be able
to choose in RelayCountry plugin between GeoIP legacy
(discontinued from 04/01/2018), GeoIP2, IP::Country::Fast and IP::Country::DB_File.
GeoIP legacy is still the default option but it will be deprecated in future releases.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-09 15:59

*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
I don't understand the implication. Is it something to worry about normally?

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-09 17:10

A little something for the nerds :mrgreen:

https://fossies.org/diffs/Mail-SpamAssa ... index.html


Kevin McGrail: Apache Spamassassin 3.4.2 and beyond
https://www.youtube.com/watch?v=veLPOj1OUEI
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-09 19:33

palinka wrote:
2018-09-09 15:59
*** If you do not update to 3.4.2, you will be stuck at the last ruleset
with SHA-1 signatures in the near future. ***
I don't understand the implication. Is it something to worry about normally?
I'm guessing that if you don't update to 3.4.2 then your rules will never update.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-09 19:41

Do you think Jam will update and offer it before sha1 is phase out? Something to look into.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-12 21:55

The rule update failure is already in effect.
20:00:28.08 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840529
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

20:00:32.46 Backing up log files...
(I've checked and Jam is still offering 3.41)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-13 16:46

jimimaseye wrote:
2018-09-12 21:55
The rule update failure is already in effect.
20:00:28.08 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840529
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

20:00:32.46 Backing up log files...
(I've checked and Jam is still offering 3.41)
Interesting. Where did you find this log info? Did you run sa-update manually?

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-13 17:13

jimimaseye wrote:
2018-09-12 21:55
The rule update failure is already in effect.
20:00:28.08 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840529
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

20:00:32.46 Backing up log files...
(I've checked and Jam is still offering 3.41)
Nah... It's supposedly a glitch in SSL (SSLeay) with Perl LWP. My 3.4.0 says the same but if I try the URL in Chrome I can see what it is...

From 3.4.0, sa-update is supposed to be able to use "curl", "wget" or "fetch" over "LWP" (LWP do not support IPv6) but I can't figure out where to put "curl" for sa-update to find and use it. Debugging says it can't find it... :roll:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 19:05

palinka wrote:
2018-09-13 16:46
jimimaseye wrote:
2018-09-12 21:55
The rule update failure is already in effect.
20:00:28.08 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840529
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

20:00:32.46 Backing up log files...
(I've checked and Jam is still offering 3.41)
Interesting. Where did you find this log info? Did you run sa-update manually?
That from my backup log file. It's the sa-update failure coinciding with the announcement that this is going to happen.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 19:11

See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
on the end of SHA-1 signatures which will be the end of rule updates for
releases prior to 3.4.2.
Bill Cole 2018-09-08 17:23:19 UTC

Created attachment 5598 [details] Patch to remove SHA1 support from sa-update Removes SHA1 code and fixes documentation of the verification mechanics.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-13 19:21

jimimaseye wrote:
2018-09-13 19:05
palinka wrote:
2018-09-13 16:46
jimimaseye wrote:
2018-09-12 21:55
The rule update failure is already in effect.


(I've checked and Jam is still offering 3.41)
Interesting. Where did you find this log info? Did you run sa-update manually?
That from my backup log file. It's the sa-update failure coinciding with the announcement that this is going to happen.
Mine was OK. Update went OK with no errors. That was midnight -5 GMT last night.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 19:53

SorenR wrote:
2018-09-13 17:13
From 3.4.0, sa-update is supposed to be able to use "curl", "wget" or "fetch" over "LWP" (LWP do not support IPv6) but I can't figure out where to put "curl" for sa-update to find and use it. Debugging says it can't find it... :roll:
Whatever the reliance is it had already been that way. So why would its absence now be a problem when it hasn't for the previous time until now?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-13 21:11

jimimaseye wrote:
2018-09-13 19:53
SorenR wrote:
2018-09-13 17:13
From 3.4.0, sa-update is supposed to be able to use "curl", "wget" or "fetch" over "LWP" (LWP do not support IPv6) but I can't figure out where to put "curl" for sa-update to find and use it. Debugging says it can't find it... :roll:
Whatever the reliance is it had already been that way. So why would its absence now be a problem when it hasn't for the previous time until now?
LWP is unable to secure a session with SSL as it is too old... Something about LWP using Crypt::SSLeay so unable to do TLS 1.2.

The reason I want to use cURL is that it is still maintained and up to date on SSL and it's an external application thus not dependant of Perl and SpamAssassin.

https://curl.haxx.se/
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 22:23

SorenR wrote:
2018-09-13 17:13
From 3.4.0, sa-update is supposed to be able to use "curl", "wget" or "fetch" over "LWP" (LWP do not support IPv6) but I can't figure out where to put "curl" for sa-update to find and use it. Debugging says it can't find it... :roll:
Does this help you? viewtopic.php?p=205107&sid=b428e559d540 ... d3#p205107

(Im still not understanding why there is the error I am having since 3 or 4 nights now and yet you say it isnt connected to them saying they are stopping updating rules with SHA1 protection. Why would I NOW get "500 SSL negotiation failed:" when its never failed before? Has something/someone just turned off SSL3 or summat?)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 22:36

palinka wrote:
2018-09-13 19:21
Mine was OK. Update went OK with no errors. That was midnight -5 GMT last night.
What version of Spamassassin are you using? The 'spam in a box' or the free version? To be sure, do you have a "C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\runtime\" directory? (or just an SA-UPDATE.EXE in "C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin"?)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-13 22:47

Just found out why "curl" isn't working with sa-update... sa-update is looking for "curl" and trying to execute "curl" - without the ".exe" - somebody forgot to cater for that when porting to Windows *** JAM *** :!: :roll:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 23:00

I get the same error on both 3.4.0 and the more recent 3.4.1 (by Jam) on 2 separate machines (work Server and home laptop). Very strange that I am the only one getting the error.

3.4.1 (laptop)

C:\Program Files\JAM Software\SpamAssassin for Windows>sa-update -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1817017 -> 1840640
http: (lwp) hotpatching IO::Socket::INET by module IO::Socket::IP
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL_ca_file \inc\lib\Mozilla\CA\cacert.pem does not exist
error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file
error: no mirror data available for channel updates.spamassassin.org
channel: MIRRORED.BY file contents were missing, channel failed
Update failed, exiting with code 4
3.4.0 (server)
C:\Program Files (x86)\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1840397 -> 1840640
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file
error: no mirror data available for channel updates.spamassassin.org
channel: MIRRORED.BY file contents were missing, channel failed
Update failed, exiting with code 4
I think my next step is to email Jam and see what they say.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-13 23:02

jimimaseye wrote:
2018-09-13 22:36
palinka wrote:
2018-09-13 19:21
Mine was OK. Update went OK with no errors. That was midnight -5 GMT last night.
What version of Spamassassin are you using? The 'spam in a box' or the free version? To be sure, do you have a "C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\runtime\" directory? (or just an SA-UPDATE.EXE in "C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin"?)
Its the free version - thanks to your tutorial. :D

To be sure, I looked and C:\Program Files (x86)\Common Files\JAM Software\SpamAssassin\runtime\sa-update does exist. I have not (ever) updated SA program files. I'm on 3.4.1.

Perhaps SA made the change after I updated. Mighty nice of them to wait for me. If so I'll find out tomorrow morning.

Here's what my backup log shows:

Code: Select all

Ok! 
23:58:02.92 Stopping Spamassassin service...
.
The spamassassin service was stopped successfully.

Ok! 
23:58:05.47 Performing Spamassassin Update check...

-------------------------------------------------------------------------------
   ROBOCOPY     ::     Robust File Copy for Windows                              
-------------------------------------------------------------------------------

No error. And here's what I have in the backup/cleardown script. Minor changes:

Code: Select all

:2nd
if not "%SA_In_Use%" == "yes" goto 3rd
echo %time% Stopping Spamassassin service...>> %BackLog%&net stop spamassassin >> %BackLog%
set FailedSAService=Ok
set bold=%noBold%&set fontcolor=%fontBlack%
if errorlevel 1 set Failed=true&set FailedSAService=Failed to stop&set bold=b&set fontcolor=%colorfill%
echo %FailedSAService%! >> %BackLog%
echo ^<tr^>^<td^>^<%fontcolor%^>^<%bold%^>Spamassassin service shutdown:^</td^>^<td^>^<%fontcolor%^>^<%bold%^>%FailedSAService%^</td^>^</tr^> >>%outf%

@rem Update Spamassassin before restarting service
if "%FailedSAService%" == "Failed to stop" goto 3rd
echo %time% Performing Spamassassin Update check...>> %BackLog%
set FailedSAUpdate=Ok
cd /D "%SPAMASSASSINdir%"
sa-update.exe -v --nogpg --channelfile UpdateChannels.txt >> %BackLog%
wget -q http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O "C:\Program Files\JAM Software\SpamAssassin for Windows\etc\spamassassin\KAM.cf"
set hr=%time:~0,2%
if "%hr:~0,1%" equ " " set hr=0%hr:~1,1%
ren "C:\Program Files (x86)\hMailServer\Logs\spamd.log" spamd-%date:~-4,4%-%date:~-10,2%-%date:~-7,2%.log"
set bold=%noBold%&set fontcolor=%fontBlack%
if errorlevel 1 set Failed=true&set FailedSAUpdate=Failed&set bold=b&set fontcolor=%colorfill%
echo ^<tr^>^<td^>^<%fontcolor%^>^<%bold%^>Spam Assassin Def Update:^</td^>^<td^>^<%fontcolor%^>^<%bold%^>%FailedSAUpdate%^</td^>^</tr^> >>%outf%

Not sure if my changes maybe screwed up error reporting or not.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 23:06

SorenR wrote:
2018-09-13 22:47
Just found out why "curl" isn't working with sa-update... sa-update is looking for "curl" and trying to execute "curl" - without the ".exe" - somebody forgot to cater for that when porting to Windows *** JAM *** :!: :roll:
If you look in that link I posted above (to a thread) there is a new 'SA-UPDATE' perl script. To me, in that, it looks like it caters and translates to curl.exe.

Code: Select all

# Add JAM::Path::prefix() to $PATH because curl.exe is located there
  $ENV{'PATH'} = JAM::Path::prefix() . $Config{'path_sep'} . $ENV{'PATH'};

foreach my $try_prog ('curl.exe', 'curl', 'wget', 'fetch') {
    $cmd = Mail::SpamAssassin::Util::find_executable_in_env_path($try_prog);
    if (defined $cmd && $cmd ne '') { $ext_prog = $try_prog; last }
  }
However I cant see where curl.exe is. But it does suggest, if you obtain it, that you should put it in the jam program path.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-13 23:12

palinka wrote:
2018-09-13 23:02
Here's what my backup log shows:

Code: Select all

Ok! 
23:58:02.92 Stopping Spamassassin service...
.
The spamassassin service was stopped successfully.

Ok! 
23:58:05.47 Performing Spamassassin Update check...

-------------------------------------------------------------------------------
   ROBOCOPY     ::     Robust File Copy for Windows                              
-------------------------------------------------------------------------------
No error. And here's what I have in the backup/cleardown script. Minor changes:
Not sure if my changes maybe screwed up error reporting or not.
That is distinctly lacking in logging and I wouldnt trust what you see. Even if there is no update, or a successful update, it would show the process in the log.

On your server, go to CMD, and doe this:

Code: Select all

cd C:\Program Files\JAM Software\SpamAssassin for Windows
C:\Program Files\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
What happens?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-13 23:23

jimimaseye wrote:
2018-09-13 23:12
On your server, go to CMD, and doe this:

Code: Select all

cd C:\Program Files\JAM Software\SpamAssassin for Windows
C:\Program Files\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
What happens?

Code: Select all

C:\Program Files\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1819797 -> 1840640
http: (curl.exe) GET http://spamassassin.apache.org/updates/MIRRORED.BY, success
http: (curl.exe) GET http://www.sa-update.pccc.com/1840640.tar.gz, success
http: (curl.exe) GET http://www.sa-update.pccc.com/1840640.tar.gz.sha1, success
channel: SHA1 verification failed, channel failed
Update available for channel sa.zmi.at: 395 -> 398
http: (curl.exe) GET http://sa.zmi.at/sa-update-german/MIRRORED.BY, success
http: (curl.exe) GET http://sa.zmi.at/sa-update-german/398.tar.gz, success
http: (curl.exe) GET http://sa.zmi.at/sa-update-german/398.tar.gz.sha1, success
channel: SHA1 verification failed, channel failed
Update available for channel spamassassin.heinlein-support.de: 1374 -> 1452
http: (curl.exe) GET http://www.spamassassin.heinlein-support.de/MIRRORED.BY, success
http: (curl.exe) GET http://www.spamassassin.heinlein-support.de/1452.tar.gz, success
http: (curl.exe) GET http://www.spamassassin.heinlein-support.de/1452.tar.gz.sha1, success
channel: SHA1 verification failed, channel failed
Update failed, exiting with code 4

C:\Program Files\JAM Software\SpamAssassin for Windows>

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-14 01:37

I already have send Harald (JAM) a heads up on the new version..lets wait and see what they can do for us
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-14 02:40

This worked: viewtopic.php?p=205169#p205169

Code: Select all

C:\Program Files\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1819797 -> 1840640
http: (curl.exe) GET http://sa-update.secnap.net/1840640.tar.gz, success
http: (curl.exe) GET http://sa-update.secnap.net/1840640.tar.gz.sha1, success
Update available for channel sa.zmi.at: 395 -> 398
http: (curl.exe) GET http://sa.zmi.at/sa-update-german/398.tar.gz, success
http: (curl.exe) GET http://sa.zmi.at/sa-update-german/398.tar.gz.sha1, success
Update available for channel spamassassin.heinlein-support.de: 1374 -> 1452
http: (curl.exe) GET http://www.spamassassin.heinlein-support.de/1452.tar.gz, success
http: (curl.exe) GET http://www.spamassassin.heinlein-support.de/1452.tar.gz.sha1, success
Update was available, and was downloaded and installed successfully

C:\Program Files\JAM Software\SpamAssassin for Windows>

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-14 10:22

What exactly? i replaced that attached sa-update file but still get a error, eg:

Code: Select all

C:\Program Files (x86)\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1840278 -> 1840789
http: (lwp) hotpatching IO::Socket::INET by module IO::Socket::IP
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL_ca_file \inc\lib\Mozilla\CA\cacert.pem does
not exist
error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file
error: no mirror data available for channel updates.spamassassin.org
channel: MIRRORED.BY file contents were missing, channel failed
Update failed, exiting with code 4
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-14 10:32

This is a shot in the dark, but I have php running with curl extension enabled on the same machine.

All I did was replace the sa-update file.

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-14 12:55

RvdH wrote:
2018-09-14 10:22
What exactly? i replaced that attached sa-update file but still get a error, eg:

Code: Select all

C:\Program Files (x86)\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1840278 -> 1840789
http: (lwp) hotpatching IO::Socket::INET by module IO::Socket::IP
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL_ca_file \inc\lib\Mozilla\CA\cacert.pem does
not exist
error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file
error: no mirror data available for channel updates.spamassassin.org
channel: MIRRORED.BY file contents were missing, channel failed
Update failed, exiting with code 4
Your script is using LWP ... Download cURL from https://curl.haxx.se/ and install it in a folder listed in your %PATH%...

https://stackoverflow.com/questions/440 ... ion-failed
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-14 13:49

That worked, even without %PATH%

i downloaded binaries from:
https://skanthak.homepage.t-online.de/curl.html

Extracted curl-7.61.1.cab and placed the i386 version in "C:\Program Files (x86)\JAM Software\SpamAssassin for Windows"

Code: Select all

C:\Program Files (x86)\JAM Software\SpamAssassin for Windows>sa-update.exe -v --nogpg --channelfile UpdateChannels.txt
Update available for channel updates.spamassassin.org: 1840278 -> 1840789
http: (curl.exe) GET http://spamassassin.apache.org/updates/MIRRORED.BY, success
http: (curl.exe) GET http://sa-update.secnap.net/1840789.tar.gz, success
http: (curl.exe) GET http://sa-update.secnap.net/1840789.tar.gz.sha1, success
Update was available, and was downloaded and installed successfully
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

palinka
Senior user
Senior user
Posts: 819
Joined: 2017-09-12 17:57

Re: Spamassassin 3.4.2 released

Post by palinka » 2018-09-16 17:42

Looks like 3.4.2 final is being released today.
In sa-update script, optional support for SHA-256 / SHA-512 in addition
to or instead of SHA1 has been added for better validation of rules.
See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7614 for information
on the end of SHA-1 signatures which will be the end of rule updates for
releases prior to 3.4.2.
Can this be applied to 3.4.1? Does 3.4.1 support sha-256/512?

User avatar
katip
Senior user
Senior user
Posts: 639
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Spamassassin 3.4.2 released

Post by katip » 2018-09-18 08:11

after his official announcement about the new release, Kevin McGrail mentioned following DoS vulnerability.
short version: certain unclosed tags can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The exploit has been seen in the wild but not believe to have been purposefully part of a Denial of Service attempt.

i think we all know this error below and some spam slipping thru due to a temporarily scan failure/inability:

Code: Select all

"ERROR"	1004	"2018-09-17 09:17:14.533"	"Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from SpamAssassin but the connection to SpamAssassin was lost. The WinSock error code is 2. Enable debug logging to retrieve more information regarding this problem. The problem could be that SpamAssassin is malfunctioning."
this has been discussed here extensively, without any solution. one thing is clear that it's not directly related with JAM version.
i know that both HMS and spamd are services able to process multiple jobs concurrently. but i have no idea how HMS talks to spamd exactly.
i wonder if that weakness what Kevin described (and should have been addressed in 3.4.2) is the reason for that symptom - exclusively in an HMS <-> SA conversation.

i'll have an eye on next couple of leaked spam and check their body with a good HTML validator.
running SA 3.4.1-3 on Ubuntu.
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-18 22:26

jimimaseye wrote:
2018-09-12 21:55
The rule update failure is already in effect.
20:00:28.08 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840529
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

20:00:32.46 Backing up log files...
(I've checked and Jam is still offering 3.41)
This issue has been a problem for many.

Today, on the Spamassassin maillist, this:

Thanks. Had to add the path but now http://spamassassin.apache.org/updates/MIRRORED.BY is exempted from SSL redirection. This will help with older clients.
--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project
https://www.linkedin.com/in/kmcgrail - 703.798.0171


On Tue, Sep 18, 2018 at 8:22 AM Henrik K <hege@hege.li> wrote:


On Tue, Sep 18, 2018 at 07:41:09AM -0400, Kevin A. McGrail wrote:
> Hi Bill, I think it might be an older wget or LWP or what not that can't
> deal with MIRRORED.BY being https. Michael from linuxmagic also
> reported a similar issue.
>
> Can anyone help with a .htaccess that exempts the MIRRORED.BY?
>
> Current lines:
>
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80
> RewriteRule ^(.*)$ https://spamassassin.apache.org/$1 [R,L]

As it says, Kam has now exempted the rules from SSL redirection and the LWP updates are now working again. Here is a snippet of my log tonight:
20:00:35.98 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1841055
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz.sha1, 200 OK
Update was available, and was downloaded and installed successfully
The first successful update since last week.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-19 13:38

Fyi
Thanks for the feedback!

On Sep 19, 2018 03:14, xxx wrote:
Thanks Kevin

Both of my installations had stopped updating since 11th September due to this. Now the updates are working again.

From this:

11th Sep

20:00:26.57 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1840441
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 500 SSL negotiation failed:
Update failed, exiting with code 4

to this:

20:00:35.98 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1840397 -> 1841055
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz, 200 OK
http: (lwp) GET http://sa-update.verein-clean.net/1841055.tar.gz.sha1, 200 OK
Update was available, and was downloaded and installed successfully
Im sure many others would have been suffering too.

Thanks again.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-19 22:58

My 3.4.0 is also back in business.
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-20 11:48

katip wrote:
2018-09-18 08:11
after his official announcement about the new release, Kevin McGrail mentioned following DoS vulnerability.
short version: certain unclosed tags can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The exploit has been seen in the wild but not believe to have been purposefully part of a Denial of Service attempt.

i think we all know this error below and some spam slipping thru due to a temporarily scan failure/inability:

Code: Select all

"ERROR"	1004	"2018-09-17 09:17:14.533"	"Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from SpamAssassin but the connection to SpamAssassin was lost. The WinSock error code is 2. Enable debug logging to retrieve more information regarding this problem. The problem could be that SpamAssassin is malfunctioning."
this has been discussed here extensively, without any solution. one thing is clear that it's not directly related with JAM version.
i know that both HMS and spamd are services able to process multiple jobs concurrently. but i have no idea how HMS talks to spamd exactly.
i wonder if that weakness what Kevin described (and should have been addressed in 3.4.2) is the reason for that symptom - exclusively in an HMS <-> SA conversation.

i'll have an eye on next couple of leaked spam and check their body with a good HTML validator.
running SA 3.4.1-3 on Ubuntu.
I do not think found exploit is related to the The WinSock error code is 2 error, tests i made have shown this is totaally random, and happens even for (automated) messages that normally pass without problems
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-20 13:55

I would love to see this error from people running SpamAssassin on 'NIX hosts (where SpamAssassin really belong).

SPAMC/SPAMD "protocol" https://svn.apache.org/repos/asf/spamas ... d/PROTOCOL

hMailServer: SpamAssassinClient.cpp
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spamassassin 3.4.2 released

Post by mattg » 2018-09-21 01:42

This is the error that I get on my Ubuntu box way too often

Code: Select all

2018-09-20 07:07:55.156  OnError :- 2  5508  SpamAssassinTestConnect::TestConnect  The SpamAssassin tests did not complete. Please confirm that the configuration (host name and port) is valid and that SpamAssassin is running.
Sometimes that means that my SpamAssassin is NOT running (not re-start after an update of definitions normally). I am monitoring this manually, and trying to get 'Monit' to restart the SpamAssassin service if it fails. Still a work in progress.

Sometimes (much rarer) it means that my SpamAssassin took too long and a timeout occurred. It seems that 5 seconds in hard coded into hMailserver as the time out.

Very rarely (like last week when a DDOS storm attacked my server), that error means that SPamAssassin was overloaded and couldn't provide more threads or resources.

(I'd still love to greylist on SpamAssassin fail, or at least use an arbitrary score. I think I'll code an arbitrary score into onError...)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-21 02:35

mattg wrote:
2018-09-21 01:42
This is the error that I get on my Ubuntu box way too often

Code: Select all

2018-09-20 07:07:55.156  OnError :- 2  5508  SpamAssassinTestConnect::TestConnect  The SpamAssassin tests did not complete. Please confirm that the configuration (host name and port) is valid and that SpamAssassin is running.
Sometimes that means that my SpamAssassin is NOT running (not re-start after an update of definitions normally). I am monitoring this manually, and trying to get 'Monit' to restart the SpamAssassin service if it fails. Still a work in progress.

Sometimes (much rarer) it means that my SpamAssassin took too long and a timeout occurred. It seems that 5 seconds in hard coded into hMailserver as the time out.

Very rarely (like last week when a DDOS storm attacked my server), that error means that SPamAssassin was overloaded and couldn't provide more threads or resources.

(I'd still love to greylist on SpamAssassin fail, or at least use an arbitrary score. I think I'll code an arbitrary score into onError...)
Ho hum... Ubuntu Core REST API... Ask server from "Sub OnError()" using cURL to please start/restart SpamAssassin ??
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spamassassin 3.4.2 released

Post by mattg » 2018-09-21 03:24

SorenR wrote:
2018-09-21 02:35
Ho hum... Ubuntu Core REST API... Ask server from "Sub OnError()" using cURL to please start/restart SpamAssassin ??
Sounds about right...
Any idea where I can get some actual commands or technical detail of how to do that - google didn't give me much

PS I'm pretty sure that I have cURL installed on that machine
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-21 04:19

mattg wrote:
2018-09-21 03:24
SorenR wrote:
2018-09-21 02:35
Ho hum... Ubuntu Core REST API... Ask server from "Sub OnError()" using cURL to please start/restart SpamAssassin ??
Sounds about right...
Any idea where I can get some actual commands or technical detail of how to do that - google didn't give me much

PS I'm pretty sure that I have cURL installed on that machine
Maybe https://docs.ubuntu.com/core/en/reference/rest ?

You can use cURL, wget or CreateObject("MSXML2.ServerXMLHTTP.6.0") - it's just for Windows to issue a HTML GET/POST command to the Ubuntu machine.

You could also use an ActiveX SSH module ... https://www.example-code.com/vbscript/s ... mmands.asp
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-21 14:22

Let's not be hasty in wishing for 3.4.2:
We have another report on this issue at https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7629

Can you add debug output? Are you able to test if we can get you a patch?

Bill, it looks like get_user_groups is not always working in Util.pm

Adding this as a blocker for 3.4.3


Regards,
KAM
On 9/21/2018 1:48 AM, Mateusz Krawczyk wrote:
Hello,

I have just upgraded SA from 3.4.1 to 3.4.2.

OS: Centos 6.10

spamassassin -V

SpamAssassin version 3.4.2
running on Perl version 5.10.1

During message scanning there are errors in /var/log/maillog:

Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in numeric ne (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510, <GEN8> line 23.
Sep 20 11:50:38 spamd[13369]: Use of uninitialized value $( in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1513, <GEN8> line 23.
Sep 20 11:50:38 spamd[13369]: util: setuid: ruid=507 euid=507 rgid=510 egid=510
Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in numeric ne (!=) at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1510.
Sep 20 11:50:38 spamd[13370]: Use of uninitialized value $( in concatenation (.) or string at /usr/share/perl5/Mail/SpamAssassin/Util.pm line 1513.

Any help will be appreciated.
Perhaps we should wait for others to test, report and fix the bugs.

[Entered by mobile. Excuse my spelling.]
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-26 08:55

As of yesterday i get this message after restarting spamassassin,

Code: Select all

Wed Sep 26 08:32:35 2018 [292] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001 C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001/auto lib C:\Program Files\JAM Software\SpamAssassin for Windows\runtime\lib .) at (eval 1566) line 1.
Anyone else has this issue as well? Seems to have started after the 1841808 update

Code: Select all

Update available for channel updates.spamassassin.org: 1841720 -> 1841808
http: (curl.exe) GET http://spamassassin.apache.org/updates/MIRRORED.BY, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz.sha1, success
Update was available, and was downloaded and installed successfully
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-26 17:44

RvdH wrote:
2018-09-26 08:55
As of yesterday i get this message after restarting spamassassin,

Code: Select all

Wed Sep 26 08:32:35 2018 [292] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001 C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001/auto lib C:\Program Files\JAM Software\SpamAssassin for Windows\runtime\lib .) at (eval 1566) line 1.
Anyone else has this issue as well? Seems to have started after the 1841808 update

Code: Select all

Update available for channel updates.spamassassin.org: 1841720 -> 1841808
http: (curl.exe) GET http://spamassassin.apache.org/updates/MIRRORED.BY, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz.sha1, success
Update was available, and was downloaded and installed successfully
Any fancy RegEx rules you made ??

I see "sa-compile" mentioned with some of the Regex stuff but not for Windows...
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-26 18:37

Nothing fancy...default Jam SpamAssassin installation
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-26 23:11

RvdH wrote:
2018-09-26 08:55
As of yesterday i get this message after restarting spamassassin,

Code: Select all

Wed Sep 26 08:32:35 2018 [292] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001 C:\Program Files\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001/auto lib C:\Program Files\JAM Software\SpamAssassin for Windows\runtime\lib .) at (eval 1566) line 1.
Anyone else has this issue as well? Seems to have started after the 1841808 update

Code: Select all

Update available for channel updates.spamassassin.org: 1841720 -> 1841808
http: (curl.exe) GET http://spamassassin.apache.org/updates/MIRRORED.BY, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz, success
http: (curl.exe) GET http://sa-update.secnap.net/1841808.tar.gz.sha1, success
Update was available, and was downloaded and installed successfully
Nope.

Code: Select all

20:00:33.88 Performing Spamassassin Update check...
Update available for channel updates.spamassassin.org: 1841808 -> 1841911
http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 200 OK
http: (lwp) GET http://sa-update.ena.com/1841911.tar.gz, 200 OK
http: (lwp) GET http://sa-update.ena.com/1841911.tar.gz.sha1, 200 OK
Update was available, and was downloaded and installed successfully



Wed Sep 26 20:00:49 2018 [4200] info: spamd: server started on IO::Socket::INET [127.0.0.1]:783 (running version 3.4.0)
Wed Sep 26 20:00:49 2018 [4200] info: spamd: server pid: 4200
Wed Sep 26 20:00:49 2018 [4200] info: spamd: server successfully spawned child process, pid -3248
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-27 08:52

The only difference I see is the fact you use 3.4.0 and I 3.4.1

Code: Select all

Thu Sep 27 08:44:15 2018 [8952] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (you may need to install the Mail::SpamAssassin::CompiledRegexps::body_neg100 module) (@INC contains: C:\Program Files (x86)\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001 C:\Program Files (x86)\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001/auto lib C:\Program Files (x86)\JAM Software\SpamAssassin for Windows\runtime\lib .) at (eval 1581) line 1.
Thu Sep 27 08:44:15 2018 [8952] info: zoom: able to use 340/346 'body_0' compiled rules (98.265%)
Thu Sep 27 08:44:17 2018 [8952] info: spamd: server started on IO::Socket::IP [::1]:783, IO::Socket::IP [127.0.0.1]:783 (running version 3.4.1)
Thu Sep 27 08:44:17 2018 [8952] info: spamd: server pid: 8952
The folder: C:\Program Files (x86)\JAM Software\SpamAssassin for Windows\share/compiled/5.022/3.004001 doesn't exist, and never existed in the installation
The folder C:\Program Files (x86)\JAM Software\SpamAssassin for Windows\runtime\lib\Mail\SpamAssassin\CompiledRegexps\ only holds body_0.pm (this is a default folder/file in the 3.4.1 installation)

Weird thing is this started after the 1841808 update...before no error at all :?: :!:
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2018-09-27 08:59

I am away from home for a few days at the moment but i have 3.4.1 in my home laptop and will check it when i get back for comparison.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2018-09-27 20:51

Btw, i have enabled Mail::SpamAssassin::Plugin::Rule2XSBody in v320.pre...
but i did this years ago when i installed 3.4.1 at first, running without error since....thus still wondering why this error just recently start popping up?!

If i create a empty "body_neg100.pm" file in C:\Program Files\JAM Software\SpamAssassin for Windows\runtime\lib\Mail\SpamAssassin\CompiledRegexps the error goes away....weird!
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-27 23:23

RvdH wrote:
2018-09-27 20:51
Btw, i have enabled Mail::SpamAssassin::Plugin::Rule2XSBody in v320.pre...
but i did this years ago when i installed 3.4.1 at first, running without error since....thus still wondering why this error just recently start popping up?!

If i create a empty "body_neg100.pm" file in C:\Program Files\JAM Software\SpamAssassin for Windows\runtime\lib\Mail\SpamAssassin\CompiledRegexps the error goes away....weird!
I believe running "spamassassin --lint" should show if any rules need compiling.

Does 3.4.1 have a sa-compile.exe ??

Sounds very much like this problem...
https://www.davidpashley.com/2008/06/09/sa-compile/
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2018-09-28 00:34

Enabled Rule2XSBody on my 3.4.0 and got these...

Code: Select all

Fri Sep 28 00:25:10 2018 [2904] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_0.pm in @INC (@INC contains: ./share/compiled/5.008/3.004000 ./share/compiled/5.008/3.004000/auto lib C:\SpamAssassin) at (eval 1994) line 1.
Fri Sep 28 00:25:10 2018 [2904] error: Can't locate Mail/SpamAssassin/CompiledRegexps/body_neg100.pm in @INC (@INC contains: ./share/compiled/5.008/3.004000 ./share/compiled/5.008/3.004000/auto lib C:\SpamAssassin) at (eval 1996) line 1.
I have no sa-compile.exe in my installation... :roll:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2019-02-20 09:07

CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2019-02-20 10:11

Woo hoo.

So, who is the first to go for it and report back?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spamassassin 3.4.2 released

Post by mattg » 2019-02-20 10:26

I've been using 3.4.2 since 13 September 2018 on my Ubuntu box it seems
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2019-02-20 10:33

jimimaseye wrote:
2019-02-20 10:11
Woo hoo.

So, who is the first to go for it and report back?
So far so good.... make a backup off your \etc\spamassassin folder, as it seems the installer overwrites all .pre files inside (luckily i did that)
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
katip
Senior user
Senior user
Posts: 639
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Spamassassin 3.4.2 released

Post by katip » 2019-02-20 20:34

downloaded zip package and copied all on top of old installation, restarted SA service.
only problem was ClamAV error in spamd.log. in old installation the module was in \runtime\lib\file\scan now it needs to be in \runtime\inc\lib\file\scan.
it's been about 1 hour, all looks fine.

however! sa-update.exe throws this error:
CopyQ.if7260.png
CopyQ.if7260.png (5.93 KiB) Viewed 3692 times
followed by:

Code: Select all

Attempt to reload Net/DNS/Resolver/Base.pm aborted.
Compilation failed in require at base.pm line 100, <FILE> line 3.
        ...propagated at base.pm line 109, <FILE> line 3.
BEGIN failed--compilation aborted at Net/DNS/Resolver/UNIX.pm line 18, <FILE> line 3.
Compilation failed in require at base.pm line 100, <FILE> line 3.
        ...propagated at base.pm line 109, <FILE> line 3.
BEGIN failed--compilation aborted at Net/DNS/Resolver.pm line 23, <FILE> line 3.

Compilation failed in require at Net/DNS.pm line 46, <FILE> line 3.
BEGIN failed--compilation aborted at Net/DNS.pm line 46, <FILE> line 3.
Compilation failed in require at .\runtime\sa-update line 100, <FILE> line 3.
BEGIN failed--compilation aborted at .\runtime\sa-update line 100, <FILE> line 3.
any suggestion? thks.
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
katip
Senior user
Senior user
Posts: 639
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Spamassassin 3.4.2 released

Post by katip » 2019-02-20 21:31

//EDIT:
problem was \runtime\lib folder remained from old version which corresponds to Perl522.
just renamed it. now update runs fine too.
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
jimimaseye
Moderator
Moderator
Posts: 7949
Joined: 2011-09-08 17:48

Re: Spamassassin 3.4.2 released

Post by jimimaseye » 2019-02-20 23:55

It sounds like from above that the best course of action for the windows version is to backup the .PRE and local.cf files, uninstall existing Spamassassin, and then install 3.4.2 as new.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
katip
Senior user
Senior user
Posts: 639
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Spamassassin 3.4.2 released

Post by katip » 2019-02-21 11:33

Code: Select all

"Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from SpamAssassin but the connection to SpamAssassin was lost. The WinSock error code is 2. Enable debug logging to retrieve more information regarding this problem. The problem could be that SpamAssassin is malfunctioning."
still the same with 3.4.2
but we know this has nothing to do with SA itself.
jfyi..
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
RvdH
Senior user
Senior user
Posts: 741
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Spamassassin 3.4.2 released

Post by RvdH » 2019-02-21 21:10

katip wrote:
2019-02-21 11:33

Code: Select all

"Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from SpamAssassin but the connection to SpamAssassin was lost. The WinSock error code is 2. Enable debug logging to retrieve more information regarding this problem. The problem could be that SpamAssassin is malfunctioning."
still the same with 3.4.2
but we know this has nothing to do with SA itself.
jfyi..
I have none (until) now...usually (read: before with 3.4.1) i get those between 1 and 5 a day
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
katip
Senior user
Senior user
Posts: 639
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Spamassassin 3.4.2 released

Post by katip » 2019-02-26 10:04

RvdH wrote:
2019-02-21 21:10
I have none (until) now...usually (read: before with 3.4.1) i get those between 1 and 5 a day
sorry, no avail. albeit seems to have decreased for now but this is persistent.

my workaround:

(luckily) i was using auto whitelisting & cleanup script since more than 1 year now. whitelist is all mature.
i added few lines to the script, now it adds a header (such as X-HMSWL-From: Yes or No) if FromAddress is local OR whitelisted external.
near to top of global rules i added a rule to forward and delete messages with those header not equal to Yes AND X-Spam-Checker-Version doesn't contain my server name ( eq. non existent at all), to admin account .
i.e. messages which should be checked and properly returned by SA, but failed somehow go directly to admin to be reviewed.

this is quite fail-safe in our usual content. and seeing daily 1-2 crap in admin mailbox doesn't bother i think.
good thing is users stop nagging our antispam sucks & me trying to tell them they see 1/1000 what's been blocked.
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
SorenR
Senior user
Senior user
Posts: 3134
Joined: 2006-08-21 15:38
Location: Denmark

Re: Spamassassin 3.4.2 released

Post by SorenR » 2019-02-27 03:41

1 observation...

Vanilla 3.4.0: Header eval fails on hotmail addresses as these now come from "outlook.com" !!

Code: Select all

*  0.9 FORGED_HOTMAIL_RCVD2 hotmail.com 'From' address, but no 'Received:'
It turns out this issue dates back to 2017. It took until today that my son received mail from a girl who is using hotmail and her mail went down the SPAM folder :roll:

I have "hacked" my 3.4.0 with some of the new 3.4.2 plugin code, will report back when and if I get another mail from a hotmail user ... 8) :mrgreen: :idea:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Post Reply