Whitelist adding
Hi,
Another question
on my os x.4.8 server i want add some whitelist adress and domains ( like *@fnac.fr ....)
But exectly in what file can i add them ?
Thanks
I found this topic interesting and looked for samples for user_prefs and found these two files on my system:
/usr/local/share/spamassassin/user_prefs.template
/usr/share/spamassassin/user_prefs.template
These templates state as follows:
#* Note: this file is not read by SpamAssassin until copied into the user
#* directory. At runtime, if a user has no preferences in their home directory
#* already, it will be copied for them, allowing them to perform personalised
#* customisation. If you want to make changes to the site-wide defaults,
#* create a file in /etc/spamassassin or /etc/mail/spamassassin instead.
Does this mean if we place the user_prefs file either in /etc/mail/spamassassin or where you say Alex, in /var/clamav/.spamassassin/ that it will be copied to user's directories as it says?
Where are these user directories? What if we want to create user specific whitelist settings? Does this mean we need to make a home folder for the mail user's shortname and place a .spamasssassin folder in it, i.e. ~/.spamassassin/user_prefs? or is it more like the Cyrus user folder at /var/spool/imap/users/j/jay folder?
Similar Messages
-
Lenovo s10-3t boots up to portrait mode
I recently got my s10-3t and it has been great. However, recently, I am getting a strange behavior. When cold starting the lenovo, the screen is defaulted to portrait mode. The only way for me to change it back into landscape mode is to turn the netbook into a tablet and then rotate the screen that way. The rotate screen button does not work in netbook mode.
Has anyone experience this and what is the fix to it?Hi there... did you update to latest BIOS.. ? there is an Update for auto detection function
that could be the one...
IdeaPad S10-3t
Version 25
24CN25WW.exe
http://consumersupport.lenovo.com/us/en/DriversDow nloads/drivers_show_3299.html
Summary of changes
==================
Fixed: Backlight sometimes turned off when resuming from S4
Added TV cards in whitelist
Added LCD panel brightness table auto detection function
Added CPT panel brightness table
Updated audio codec verb table
Fixed: Memory corruption during S3 resume
Fixed: Boot sequence changed when rebooting through system preload
sincerely KalvinKlein
Thinkies 2x X200s/X301 8GB 256GB SSD @ Win 7 64
Ideas Centre A520 ,Yoga 2 256GB SSD,Yoga 2 tablet @ Win 8.1 -
I want to configure FF so that I can optionally activate a whitelist of my legitimate banking websites. When the whitelist is turned on, FF should only be able to display those sites. When the whitelist is turned off, FF works as usual and displays all sites. I would create the whitelist by visiting my banking websites and somehow adding the server certificates of those sites to the whitelist. So the whitelist would consist of the server certs of my banking websites. When whitelisting is then turned on, FF would allow me to visit only those sites whose server certs match those on the whitelist. This would protect me against phishing sites. How can I do this? Thanks
I believe that did it! Thank you. I am running those changes on a secondary E-Mail address for the same job and server and it appears to be working properly.
-
Greetings,
not sure how many people still run 10.4 mail systems. but what the heck
I have a mail server that has been running spammassassin for years. pumping SA learn and running spamtrainer.
recently i received OS and postfix error messages regarding insufficient storage space although i had 30gig of room on the drive.
During a clone operation i discovered a very large Auto-whitelist file in /var/clamav/.spamassassin
i don't remember setting Auto-Whitelist 1
mylocal.cf doesn't mention AutoWhitelist
and my amavisd.conf has it commented out .
#$saautowhitelist = 0; # turn on AWL (default: false)
# Bayesian Auto Learn
auto_learn 1
# Safe Reporting
safe_reporting 0
# Full/Terse Reporting
usetersereport 0
# Subject Tag
subject_tag * Warning: Junk Mail *
# Rewrite the Subject
rewrite_subject 0
# Use Bayesian Filtering
use_bayes 1
# OK locals
ok_locales en
# OK languages
ok_languages en fr de ja
# Required hits to be marked as spam
required_hits 5
I ran a test message through SA, i did not see anything referencing Auto-Whitelist.
here is debug ::: ::
}mx1:/var/clamav root# spamassassin -D < /private/var/root/Documents/Message1.rtf
debug: SpamAssassin version 3.0.1
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "//usr/share/spamassassin" for default rules dir
debug: config: read file //usr/share/spamassassin/10_misc.cf
debug: config: read file //usr/share/spamassassin/20antiratware.cf
debug: config: read file //usr/share/spamassassin/20bodytests.cf
debug: config: read file //usr/share/spamassassin/20_compensate.cf
debug: config: read file //usr/share/spamassassin/20dnsbltests.cf
debug: config: read file //usr/share/spamassassin/20_drugs.cf
debug: config: read file //usr/share/spamassassin/20fake_helotests.cf
debug: config: read file //usr/share/spamassassin/20headtests.cf
debug: config: read file //usr/share/spamassassin/20htmltests.cf
debug: config: read file //usr/share/spamassassin/20metatests.cf
debug: config: read file //usr/share/spamassassin/20_phrases.cf
debug: config: read file //usr/share/spamassassin/20_****.cf
debug: config: read file //usr/share/spamassassin/20_ratware.cf
debug: config: read file //usr/share/spamassassin/20uritests.cf
debug: config: read file //usr/share/spamassassin/23_bayes.cf
debug: config: read file //usr/share/spamassassin/25body_testses.cf
debug: config: read file //usr/share/spamassassin/25body_testspl.cf
debug: config: read file //usr/share/spamassassin/25_hashcash.cf
debug: config: read file //usr/share/spamassassin/25head_testses.cf
debug: config: read file //usr/share/spamassassin/25head_testspl.cf
debug: config: read file //usr/share/spamassassin/25_spf.cf
debug: config: read file //usr/share/spamassassin/25_uribl.cf
debug: config: read file //usr/share/spamassassin/30textde.cf
debug: config: read file //usr/share/spamassassin/30textes.cf
debug: config: read file //usr/share/spamassassin/30textfr.cf
debug: config: read file //usr/share/spamassassin/30textit.cf
debug: config: read file //usr/share/spamassassin/30textnl.cf
debug: config: read file //usr/share/spamassassin/30textpl.cf
debug: config: read file //usr/share/spamassassin/30textsk.cf
debug: config: read file //usr/share/spamassassin/50_scores.cf
debug: config: read file //usr/share/spamassassin/60_whitelist.cf
debug: using "//etc/mail/spamassassin" for site rules dir
debug: config: read file //etc/mail/spamassassin/local.cf
debug: using "/private/var/root/.spamassassin" for user state dir
debug: using "/private/var/root/.spamassassin/user_prefs" for user prefs file
debug: config: read file /private/var/root/.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: config: SpamAssassin failed to parse line, skipping: auto_learn 1
debug: config: SpamAssassin failed to parse line, skipping: safe_reporting 0
debug: config: SpamAssassin failed to parse line, skipping: usetersereport 0
debug: config: SpamAssassin failed to parse line, skipping: subject_tag * Warning: Junk Mail *
debug: config: SpamAssassin failed to parse line, skipping: rewrite_subject 0
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: Score set 1 chosen.
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted:
debug: ---- MIME PARSER START ----
debug: main message type: text/plain
debug: parsing normal part
debug: added part, type: text/plain
debug: ---- MIME PARSER END ----
debug: decoding: no encoding detected
debug: Loading languages file...
debug: Can't determine language uniquely enough
debug: metadata: X-Languages:
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parsed_metadata'
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.66
debug: trying (3) sun.com...
debug: looking up NS for 'sun.com'
debug: NS lookup of sun.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: URIDNSBL: domains to query: beth.k12.pa.us hetnet.nl aim.com
debug: all '*From' addrs:
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for checkhashcash_doublespend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: registering glue method for checkfor_spf_helopass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkhashcashvalue (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: all '*To' addrs:
debug: registering glue method for checkfor_spfsoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkfor_spfpass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helosoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helofail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: running body-text per-line regexp tests; score so far=-2.801
debug: running uri tests; score so far=-2.801
debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840))
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'check_tick'
debug: URIDNSBL: query for hetnet.nl took 1 seconds to look up (multi.surbl.org.:hetnet.nl)
debug: URIDNSBL: query for aim.com took 1 seconds to look up (multi.surbl.org.:aim.com)
debug: URIDNSBL: query for beth.k12.pa.us took 1 seconds to look up (multi.surbl.org.:beth.k12.pa.us)
debug: URIDNSBL: queries completed: 6 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: running raw-body-text per-line regexp tests; score so far=-2.801
debug: running full-text regexp tests; score so far=-2.801
debug: Razor2 is not available
debug: Current PATH is: /bin:/sbin:/usr/bin:/usr/sbin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Running tests for priority: 500
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'checkpostdnsbl'
debug: URIDNSBL: queries completed: 8 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: waiting 2 seconds for URIDNSBL lookups to complete
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=8 at Mon Mar 8 18:06:35 2010
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:132.51.12.64)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:2.96.96.209)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:80.73.200.207)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:107.1.236.64)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:34.63.75.213)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:69.63.75.213)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:232.157.188.205)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:20.3.172.207)
debug: URIDNSBL: queries completed: 8 started: 0
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:36 2010
debug: done waiting for URIDNSBL lookups to complete
debug: running meta tests; score so far=-2.801
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: Running tests for priority: 1000
debug: running meta tests; score so far=-1.231
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: auto-learn: currently using scoreset 1.
debug: auto-learn: message score: -1.231, computed score for autolearn: -1.231
debug: auto-learn? ham=0.1, spam=12, body-points=0, head-points=-2.801, learned-points=0
debug: auto-learn? yes, ham (-1.231 < 0.1)
debug: Learning Ham
debug: all '*From' addrs:
debug: all '*To' addrs:
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: lock: 17114 created /private/var/root/.spamassassin/bayes.lock.mx1.beth.k12.pa.us.17114
debug: lock: 17114 trying to get lock on /private/var/root/.spamassassin/bayes with 0 retries
debug: lock: 17114 link to /private/var/root/.spamassassin/bayes.lock: link ok
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: ebd3a443815ae7214b74ef30dfb2c5524e3adf7a@sa_generated: already learnt correctly, not learning twice
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: bayes: files locked, now unlocking lock
debug: unlock: 17114 unlink /private/var/root/.spamassassin/bayes.lock
debug: is spam? score=-1.231 required=5
debug: tests=ALLTRUSTED,MISSING_DATE,MISSINGSUBJECT
debug: subtests=_UNUSABLEMSGID
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mx1.beth.k12.pa.us
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALLTRUSTED,MISSINGDATE,
MISSING_SUBJECT autolearn=unavailable version=3.0.1
\f0\fs24 \cf0 Return-Path: <[email protected]>\
Received: from murder ([unix socket]) by bragg.beth.k12.pa.us (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Sun, 07 Mar 2010 22:32:43 -0500\
Received: from smtp3.beth.k12.pa.us (smtp3.beth.k12.pa.us [10.135.1.13]) by bragg.beth.k12.pa.us (Postfix) with ESMTP id 3D3F02CE4B19 for <[email protected]>; Sun, 7 Mar 2010 22:32:43 -0500 (EST)\
Received: from localhost (mx1.beth.k12.pa.us [10.135.1.6]) by smtp3.beth.k12.pa.us (Postfix) with ESMTP id 7E5EB2425D0C for <[email protected]>; Sun, 7 Mar 2010 22:32:07 -0500 (EST)\
Received: from mx1.beth.k12.pa.us ([127.0.0.1]) by localhost (mx1.beth.k12.pa.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11329-05 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from mail2.beth.k12.pa.us (mail2.beth.k12.pa.us [192.227.0.10]) by mx1.beth.k12.pa.us (Postfix) with ESMTP id 9DDDFCF9E5 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from cpsmtpb-ews07.kpnxchange.com (cpsmtpb-ews07.kpnxchange.com [213.75.39.10]) by mail2.beth.k12.pa.us (Postfix) with ESMTP id 36E83E51479 for <[email protected]>; Sun, 7 Mar 2010 22:32:05 -0500 (EST)\
Received: from cpbrm-ews29.kpnxchange.com ([10.94.84.160]) by cpsmtpb-ews07.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:05 +0100\
Received: from CPSMTPM-EML04.kpnxchange.com ([213.75.39.74]) by cpbrm-ews29.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:04 +0100\
Received: from localhost ([10.94.77.199]) by CPSMTPM-EML04.kpnxchange.com with Microsoft SMTPSVC(7.0.6001.18000); Mon, 8 Mar 2010 04:32:04 +0100\
X-Sieve: CMU Sieve 2.2\
Content-Class: urn:content-classes:message\
Mime-Version: 1.0\
Content-Type: multipart/alternative; boundary="----=_NextPart_00101CABE6F.E8E7FFDB"\
X-Mimeole: Produced By Microsoft Exchange V6.5\
Message-Id: <[email protected]>\
X-Ms-Has-Attach: \
X-Ms-Tnef-Correlator: \
Thread-Topic: EU INT LOTTO\
Thread-Index: Acqbc/3PXjmnUcQsGeSny2PogEEg==\
X-Originalarrivaltime: 08 Mar 2010 03:32:04.0493 (UTC) FILETIME=[EC150BD0:01CABE6F]\
X-Recipientdomain: beth.k12.pa.us\
X-Spam-Status: No, hits=4.117 tagged_above=-999 required=5 tests=BAYES_50, HTML5060, HTML_MESSAGE, MIMEQP_LONGLINE, NOREALNAME, SUBJALLCAPS, UNDISC_RECIPS, UPPERCASE5075\
X-Spam-Level: **\
EU INT LOTTO\
YOUR EMAIL ID HAS WON \'db1,000,000.00, IN THE FIRST CATEGORY, ALL THE E-MAIL ADDRESSES WERE SELECTED THROUGH ELECTRONIC BALLOTING SYSTEM OF INTERNET E-MAIL USERS, FROM WHICH YOUR E-MAIL ADDRESS CAME OUT AS THE WINNING COUPON.\
Clarification and procedure Contact: [email protected]\
Tel:\'ca\'ca\'ca\'ca +31-630-861-292\'ca\'ca\'ca\'ca\'ca\'ca\'ca\'ca \
Miss. Gillian Rowland \
Qualification winning Number [EU/ILO-564/003/008] \
Expiring date is 19th of March, 2010.\
All response should be send Via Email: [email protected]\
}mx1:/var/clamav root#postfix receives the mail, then passes it to amavisd.
amavisd decides what scanners to use (clamav/spamassassin and possibly others) and performs the scan
amavisd might not scan the messages if certain criteria are met (size too large, white list, etc), this is all configurable in amavisd.conf. For example, the size threshold by default may be too small, so messages with large graphics may not be scanned.
after amavis processes the message, depending on the config of amavis, certain actions are performed (add headers, discard, reject, bounce, etc).
then amavisd passes the mail back to postfix
postfix delivers any deliverable mail to cyrus/dovecot and/or processes and bounce/rejection.
a rejection doesn't work in the above scenario because it's already been accepted by postfix.
best to discard.
if you would like to learn more about the flow and logic, look at the amavisd config file
/etc/amavisd.conf
and check out the docs
http://www.ijs.si/software/amavisd/
Jeff -
Whitelist in Reader X doesn't work
Hello everyone,
Anybody can help me figure out this?
I have a plug-in which will call functions in a DLL to invoke 3rd-party application's UI. It works in Reader 9.0, none-protect mode in Reader X. But it doesn't work in protect mode in Reader X.
(Here, it used COM to make the communication. )
To make this plug-in be trusted. I followed the document to make whitelist:
1. Set registry to enable the configurable file of white-list.
Create a key-value named bUseWhitelistConfigFile with value 1, under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown.
2. Create the configure file named ProtectedModeWhitelistConfig.txt under Reader X’s installation folder.
3. Write configure file in #2 with following content to allow it access to Tamale Software
; Files Section
FILES_ALLOW_ANY = *
; Processes
PROCESS_ALL_EXEC = *
; Registry
REG_ALLOW_ANY = *
; Mutants
MUTANT_ALLOW_ANY = *
; Sections
SECTION_ALLOW_ANY = *
I think my configure will allow all access to local. Same as disable the protect mode. Right?
Why my plug-in can work when protect mode is disabled but cannot work in my setting of whitelist?
Thanks a lot~ ^_^
=================
More information about this topic:
I got log from Reader X:
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: MSFT.VSA.COM.DISABLE.4092
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: MSFT.VSA.IEC.STATUS.6c736db0
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: Global\CLR_PerfMon_StartEnumEvent
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: Global\CLR_PerfMon_StartEnumEvent
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:52] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:52] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:52] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:52] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:52] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:52] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:54] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:54] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:54] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:54] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:54] name: MSFT.VSA.COM.DISABLE.4092
[03:22/01:20:54] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:54] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:54] name: MSFT.VSA.IEC.STATUS.6c736db0
[03:22/01:20:54] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:21:00] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:21:00] name: _fCanRegisterWithShellService
[03:22/01:21:00] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:21:07] NtOpenSection: STATUS_ACCESS_DENIED
All status are Denied. Why? I feel confused about this.
=================
I updated my policy rules. Now, I will not get STATUS_ACCESS_DENIED in the log anymore.
But still, my plug-in does not work.
The latest log is:
[03:22/01:51:22] Adobe Reader Protected Mode Logging Initiated
[03:22/01:51:22] Found custom policy file: C:\Program Files\Adobe\Reader 10.0\Reader\ProtectedModeWhitelistConfig.txt
[03:22/01:51:22] Adding custom policy: FILES_ALLOW_ANY = c:\*
[03:22/01:51:22] Adding custom policy: PROCESS_ALL_EXEC = c:\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CLASSES_ROOT\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CURRENT_USER\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_USERS\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CURRENT_CONFIG\*
[03:22/01:51:22] Adding custom policy: MUTANT_ALLOW_ANY = \BaseNamedObjects\MS*
[03:22/01:51:22] Adding custom policy: SECTION_ALLOW_ANY = \BaseNamedObjects\MS*
[03:22/01:51:22] Adding custom policy: SECTION_ALLOW_ANY = \BaseNamedObjects\Local*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = MS*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = _fC*
[03:22/01:51:22] Adding custom policy: NAMEDPIPES_ALLOW_ANY = MS*
[03:22/01:51:22] Adding custom policy: FILES_ALLOW_DIR_ANY = c:\*
Then, nothing else. Any idea of my issue?
Thanks a lot.
=================
To update my current status of this issue again.
Now, I can catch the error when I try to create the instance of COM object. It will throw an error said: Class not registered.
I still feel confused about this.Hello everyone,
Anybody can help me figure out this?
I have a plug-in which will call functions in a DLL to invoke 3rd-party application's UI. It works in Reader 9.0, none-protect mode in Reader X. But it doesn't work in protect mode in Reader X.
(Here, it used COM to make the communication. )
To make this plug-in be trusted. I followed the document to make whitelist:
1. Set registry to enable the configurable file of white-list.
Create a key-value named bUseWhitelistConfigFile with value 1, under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown.
2. Create the configure file named ProtectedModeWhitelistConfig.txt under Reader X’s installation folder.
3. Write configure file in #2 with following content to allow it access to Tamale Software
; Files Section
FILES_ALLOW_ANY = *
; Processes
PROCESS_ALL_EXEC = *
; Registry
REG_ALLOW_ANY = *
; Mutants
MUTANT_ALLOW_ANY = *
; Sections
SECTION_ALLOW_ANY = *
I think my configure will allow all access to local. Same as disable the protect mode. Right?
Why my plug-in can work when protect mode is disabled but cannot work in my setting of whitelist?
Thanks a lot~ ^_^
=================
More information about this topic:
I got log from Reader X:
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: MSFT.VSA.COM.DISABLE.4092
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: MSFT.VSA.IEC.STATUS.6c736db0
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: Global\CLR_PerfMon_StartEnumEvent
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:51] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:51] name: Global\CLR_PerfMon_StartEnumEvent
[03:22/01:20:51] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:52] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:52] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:52] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:52] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:52] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:52] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:54] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:54] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] NtCreateMutant: STATUS_ACCESS_DENIED
[03:22/01:20:54] real_path: \BaseNamedObjects\MSCTF.GCompartListMUTEX.DefaultS-1-5-21-212926602-4 199581602-1198870392-1007
[03:22/01:20:54] Consider modifying policy using this policy rule: MUTANT_ALLOW_ANY
[03:22/01:20:54] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:54] name: MSFT.VSA.COM.DISABLE.4092
[03:22/01:20:54] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:20:54] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:20:54] name: MSFT.VSA.IEC.STATUS.6c736db0
[03:22/01:20:54] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:21:00] OpenEvent: STATUS_ACCESS_DENIED
[03:22/01:21:00] name: _fCanRegisterWithShellService
[03:22/01:21:00] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:22/01:21:07] NtOpenSection: STATUS_ACCESS_DENIED
All status are Denied. Why? I feel confused about this.
=================
I updated my policy rules. Now, I will not get STATUS_ACCESS_DENIED in the log anymore.
But still, my plug-in does not work.
The latest log is:
[03:22/01:51:22] Adobe Reader Protected Mode Logging Initiated
[03:22/01:51:22] Found custom policy file: C:\Program Files\Adobe\Reader 10.0\Reader\ProtectedModeWhitelistConfig.txt
[03:22/01:51:22] Adding custom policy: FILES_ALLOW_ANY = c:\*
[03:22/01:51:22] Adding custom policy: PROCESS_ALL_EXEC = c:\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CLASSES_ROOT\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CURRENT_USER\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_USERS\*
[03:22/01:51:22] Adding custom policy: REG_ALLOW_ANY = HKEY_CURRENT_CONFIG\*
[03:22/01:51:22] Adding custom policy: MUTANT_ALLOW_ANY = \BaseNamedObjects\MS*
[03:22/01:51:22] Adding custom policy: SECTION_ALLOW_ANY = \BaseNamedObjects\MS*
[03:22/01:51:22] Adding custom policy: SECTION_ALLOW_ANY = \BaseNamedObjects\Local*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = MS*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:22/01:51:22] Adding custom policy: EVENTS_ALLOW_ANY = _fC*
[03:22/01:51:22] Adding custom policy: NAMEDPIPES_ALLOW_ANY = MS*
[03:22/01:51:22] Adding custom policy: FILES_ALLOW_DIR_ANY = c:\*
Then, nothing else. Any idea of my issue?
Thanks a lot.
=================
To update my current status of this issue again.
Now, I can catch the error when I try to create the instance of COM object. It will throw an error said: Class not registered.
I still feel confused about this. -
Can the C160 be configured to automatically add an email address that is being sent by one of our users?
I can see where I can manually add an address to an incoming mail policy but I would like to have it automatically happen each time we send out a message.I assume that you are talking about a list of sender email addresses in an incoming mail policy? There is no way that I know of to automatically add an address to the list of recipient addresses. You would have to have some sort of external process looking at logs and then script the addition on the CLI (expect).
If you wanted to do that it would probably be easier to add them to an LDAP directory and configure an incoming mail policy to use ldap. It seems like you are looking for an automated whitelist which is an idea that has proven to be a huge security hole.
Just a couple (of many) issues that I can think of:
1) Your appliance can & should reject a lot of messages based on IP rather than just mail-from.
2) It would be very hard to not add typos that people send to as well as emails sent based on auto-responders. I am thinking of out-of-office messages. (The list would get huge very quickly)
3) If I knew or suspected that you had this set up you are asking for trouble. It would not be hard to predict an email that your userbase might have sent to, or use an auto-responder to get whatever I wanted added and then leverage that to send you spam/phishing/viruses.
Recommendation: Focus on blocking by IP Reputation as much as possible. If you are seeing a high number of false positives being blocked then there are ways to solve that without the holes that an automated whitelisting brings. -
I am using a Whitelist, and in the AdbeReaderBroker.log here is an excerpt of what error I am getting.
[03:29/15:03:41] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
[03:29/15:03:41] name: Global\CLR_PerfMon_StartEnumEvent
[03:29/15:03:41] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
I have EVENTS_ALLOW_ANY = Gl* in my ProtectedModeWhitelistConfig.txt file. I don't know if this makes a difference, but the plugin is am creating an Active-X control that is made in VB.NET. I am pretty sure that the event that is trying to be opened is at the .NET layer for Performance Counter information. The Active-X Control is registered on the System.I am using a Whitelist, and in the AdbeReaderBroker.log here is an excerpt of what error I am getting.
[03:29/15:03:41] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
[03:29/15:03:41] name: Global\CLR_PerfMon_StartEnumEvent
[03:29/15:03:41] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
I have EVENTS_ALLOW_ANY = Gl* in my ProtectedModeWhitelistConfig.txt file. I don't know if this makes a difference, but the plugin is am creating an Active-X control that is made in VB.NET. I am pretty sure that the event that is trying to be opened is at the .NET layer for Performance Counter information. The Active-X Control is registered on the System. -
1. I have set my hp ePrint only accept and print email from specific address.
2. I have forward emails to ePrint from 3 email account, from PC and iPhone. Sometimes it will print out, but sometimes it cannot because spam detected.
I hope HP can program the allowed email address list as spam filter whitelist, that means any address on allowed email address list will direct bypass spam filter so we can always print from those email address without any problem.
Your help are mostly appreciated.The "spam/virus" message often occurs because the email did not contain any text in the subject line. Please try re-sending an email to your printer and adding text in the email's subject line.
mails are mostly forward, I can confirm no subject issue
1. Are there any attachments being sent? If so, which attachment file type is being used (PDF or Word documents, JPG photos, etc)?
Some got attachment, some did not got attachment. PDF type, excel type and jpg photo type is the types of attachments that I attached when send print job.
2. Which email address/addresses are used to send ePrint emails?
[email protected], [email protected]
3. The results of a test email (success/fail) which will help isolate the source of the issue. Please follow the instructions below:
The result of test email is successful print out, but the purpose we use eprint center is for print out document we need on the way back to office then we can save time as the documents already standby there for us. But this spam issue has make this feature no user friendly, most of the time when we reach office the ducuments no print out then we have to reprint and it wasted our time.
I suggest it is best to let the allowed email address list equal to spam white list, so your spam engine would not filter out our email. All those email I forward to print are no verify by yahoo and gmail as spam, hope your server also do not. Thanks. -
I've gotten very frustrated by the lack of controls that OSX Server offers.
I have some internal emails that are coming from one server to another, but they are being flagged as SPAM. They will pass the OSX server first that acts as a gateway towards a Windows 2003 box which is running Lyris listserv. The Lyris listserv sends some of the messages back to local users on the OSX server, and they get caught by Spamassasin.
I have tried whitelisting the internal address using the format
trusted_networks 10.0.0/24
in my local.cf file of spamassasin directory, but nothing is Whitelisted, and spamassassin still catches it.
I have local users and customers complaining ... I'm at my end trying to make this work ...
Any suggestions?
DavidThe "spam/virus" message often occurs because the email did not contain any text in the subject line. Please try re-sending an email to your printer and adding text in the email's subject line.
mails are mostly forward, I can confirm no subject issue
1. Are there any attachments being sent? If so, which attachment file type is being used (PDF or Word documents, JPG photos, etc)?
Some got attachment, some did not got attachment. PDF type, excel type and jpg photo type is the types of attachments that I attached when send print job.
2. Which email address/addresses are used to send ePrint emails?
[email protected], [email protected]
3. The results of a test email (success/fail) which will help isolate the source of the issue. Please follow the instructions below:
The result of test email is successful print out, but the purpose we use eprint center is for print out document we need on the way back to office then we can save time as the documents already standby there for us. But this spam issue has make this feature no user friendly, most of the time when we reach office the ducuments no print out then we have to reprint and it wasted our time.
I suggest it is best to let the allowed email address list equal to spam white list, so your spam engine would not filter out our email. All those email I forward to print are no verify by yahoo and gmail as spam, hope your server also do not. Thanks. -
We use several forms on our websites that are processed by a formmailer and then send to us via e-mail. In order to ensure that these forms are reaching us in any case, I want to whitelist my e-mail addresses in SpamAssassin.
I did so by adding these two lines to /etc/mail/spamassassin/local.cf:
whitelist_from *@starenterprise.com
whitelistfromrcvd *@starenterprise.com starenterprise.com
The first one whitelists all e-mails that come from our domain.
The second one should ensure that the header domain names are matching the reverse DNS lookup.
It also requires internal_networks to be specified, alternatively it takes over the values from trusted_networks - see http://spamassassin.apache.org/full/3.1.x/doc/MailSpamAssassin_Conf.html#whitelist_and_blacklistoptions
So far so good. I don't have internal_networks set, but trusted_networks and therefore believed that anything worked.
But now I got a spam mail with this header:
Von: [email protected]
Betreff: separation; hath brought me? The new wine, that he,
Datum: 22. November 2006 21:32:56 MEZ
An: [email protected]
Return-Path: <[email protected]>
Received: from murder ([unix socket]) by starenterprise.com (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Wed, 22 Nov 2006 21:32:54 +0100
Received: from localhost (localhost [127.0.0.1]) by starenterprise.com (Postfix) with ESMTP id 2D070506E93 for <[email protected]>; Wed, 22 Nov 2006 21:32:54 +0100 (CET)
Received: from starenterprise.com ([127.0.0.1]) by localhost (dns1.starenterprise.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06328-01 for <[email protected]>; Wed, 22 Nov 2006 21:32:52 +0100 (CET)
Received: from 132.248.108.40 (unknown [132.248.108.40]) by starenterprise.com (Postfix) with ESMTP id 86048506E80 for <[email protected]>; Wed, 22 Nov 2006 21:32:49 +0100 (CET)
Received: from c069we.forpsi.com (port=19458 helo=jiuqhxdyem) by 132.248.108.40 with smtp id NQFD3-kQ1YX8-4Qs for [email protected]; Wed, 22 Nov 2006 14:32:56 -0600
X-Sieve: CMU Sieve 2.2
Message-Id: <000a01c70e75$5c801990$062faa3c@jiuqhxdyem>
Mime-Version: 1.0
Content-Type: multipart/related; type="multipart/alternative"; boundary="----=NextPart_000_000C01C70E43.11E5A990"
X-Priority: 3
X-Msmail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2962
X-Spam-Status: No, hits=-85.89 tagged_above=-999 required=5 tests=BAYES_99, HTML8090, HTMLFONTBIG, HTMLIMAGE_ONLY08, HTMLIMAGE_RATIO02, HTML_MESSAGE, MIMEQP_LONGLINE, RCVDBYIP, RCVDIN_BL_SPAMCOPNET, RCVDINXBL, RCVDNUMERICHELO, USERINWHITELIST
X-Spam-Level:
Where is the problem that caused this mail being whitelisted and how can I prevent this by improving my settings ?I already use a SPF in my domain's DNS records, although I think that I haven't exactly understood their application (even with this information in DNS, why should a spammer care about ?).
Anyway, I noticed this morning that six spam mails came through, all claimed to be whitelisted. So I have commented out whitelisting in local.cf file.
I belive the tricky part is if your clients sometimes use their computers
elsewhere so that the outgoing mail / smtp server might not be your own and
that might hinder the receiving mailserver from accepting mail from your
users.
You mention an interesting part there, I haven't thought about: What happens when I'm using a dial-up ISP and then sending mails via my mail account ? Am I then not whitelisted although I authenticate myself correctly ?
Alternatively to an other solution someone can provide I also would simply set the score for "USERINWHITELIST" from -100 to let's say -5. Since my intended mails all have scores around two to three maximum, this could also work. Most spam mails came through had around -80 points, so deducting the whitelist score -100 we have +20 points for all other tests; subtracting five points (new whitelist score) we come to +15 - still marked as spam -
Bulk add users to WHitelist Sender
Migrating from a Barracuda and have lots of whitelisted IP's and senders. There was is a function in Barracuda to bulk add, is this possible in Ironport running latest code?? I really don't want to manaully enter all these items.
Thanks,
DaveCongrats on the switch. You'll be impressed with the ESA's accuracy and throughput.
There's not bulk add button but what you can do is add a few entries to the "Mail Policies > HAT Overview > Whitelist" section. Click on the help/? when you're about to add an entry and it will give you an example of the correct format. After you've added a few entries as examples, go to "System Administration > Configuration File" and export the configuration file. Make sure the password is included.
Then, open the configuration file in an editor like Wordpad or Textpad and then search for the entries that you added earlier. Examine the formatting of those entries.
You can then paste in your whitelist ip from the Barracua appliance so that it resembles the exact same formatting of the ESA's format. Then, re-upload the configuration file, save changes and then you can check if the whitelist IP'swere added.
Migrating from a Barracuda and have lots of whitelisted IP's and senders. There was is a function in Barracuda to bulk add, is this possible in Ironport running latest code?? I really don't want to manaully enter all these items.
Thanks,
Dave -
Hey,
From the interface a user with the permission of "Helpdesk User", is there a way to allow them to add a blocked email to the users whitelist? If we hand out helpdesk user logins to our customer support team, and a subscriber calls in with a request about some blocked mail, the helpdesk user can login and release the message, but that doesn't help the sub for future requests. There needs to be a way for the helpdesk user to add that email to the whitelist as an option. Is there anything like the currently or coming down the road?
MattI understand that through the end user quarantine, the user can add it to the Safe or Black lists. But having the option for a helpdesk user to login and track messages, but then tell a customer that they need to login and whitelist the email address becomes a burden. There should or needs to be a way for the helpdesk user to add an email to a users whitelist or blacklist when looking through the quarantine. This can easily be done using the quarantine search of a helpdesk user and having the option to whitelist or blacklist a message when it is found through the advanced search. You have the full message, sender, to, etc to do such a function. Any hopes in getting this added into the interface? Maybe a nice needed API to help do this?
Matt -
I'm wondering if someone could answer a couple of quick whitelist questions as it pertains to 10.6 Server?
Would adding domains to a whitelist bypass 10.6's greylist? Ensuring that mail received from whitelisted domains is accepted immediately (as opposed to waiting for a resend/greylist training period).
Is the procedure for creating and managing a whitelist unchanged from 10.5?
Bonus ?:
Has anyone done a nice writeup on greylisting and how it functions by default on 10.6? Does it train itself to recognize domains over time? How so? What options are available?
Thanks!
- ArtPlease mac people, find away to prevent adobe from forcing us to use reader instead of preview.
Adobe is doing nothing of the kind. Not intentionally, anyway. They add new features to each release of Acrobat (after all, PDF is their invention). It's then Apple's job to try and figure out how to handle the new features so Preview can open PDF files created with them. Apple is always playing catch-up with Preview with no help from Adobe to figure out how the format was changed/updated.
It's no different with Office. MS has no need or reason to tell the people who update the free open source Office-like software (Neo Office, Open Office, etc.) what they're going to add to Excel, Word, or PowerPoint. It's up to them to figure out what MS did to change the format to add the new features, and then how to read and write them to be compatible. They too are always playing the game of catch-up. -
/Whitelist and app.execMenuItem('Reload')
I tried adding Reload to AR9.3.x's /Whitelist to see if I could reload a document using:
app.execMenuItem('Reload');
but when the JavaScript is executed, the current document closes as expected
but it is not then reloaded. Is this a bug, or am I just trying to do something
which is currently unsupported. If the action is unsupported, is that by
considered design, or just an oversight?
Thanks,
James QuirkThanks for reporting this; we are tracking this through a bug now.
-vaibhav -
Whitelist implementation and test?
I want to configure a whitelist for SpamAssassin
I have modified local.cf, adding 'whitelist_from [email protected]' and restarted amavisd successfully but the amavis.log does not indicate that the whitelist lookup is working. Specifically it reports 'lookup (whitelist_sender) => undef' still.
Is there an explicit test of whitelist function? Is this appropriately configured? Is whitelist_sender or whitelist_from the correct form?OK after further googling and analysing I have found the cause myself (and post it here for other readers
There seems to be a huge difference between /etc/amavisd.conf in 10.5.4 & 10.5.5 server (just look at the line numbers), despite the version being the same ((amavisd-new-2.5.1 (20070531)):
10.5.4
93 $satag_leveldeflt = 2.0; # add spam info headers if at, or above that level
94 $satag2_leveldeflt = 5.0; # add 'spam detected' headers at that level
95 $sakill_leveldeflt = $satag2_leveldeflt; # triggers spam evasive actions
96 $sadsn_cutofflevel = 10; # spam level beyond which a DSN is not sent
97 # $saquarantine_cutofflevel = 20; # spam level beyond which quarantine is off
98 # $penpalsbonusscore = 5; # (no effect without a @storagesqldsn database)
99 # $penpalsthresholdhigh = $sakill_leveldeflt; # don't waste time on hi spam
10.5.5
1058 $satag_leveldeflt = -999; # add spam info headers if at, or above that level
1059 $satag2_leveldeflt = 5.0; # add 'spam detected' headers at that level
1060 $sakill_leveldeflt = $satag2_leveldeflt;
1061 #$sakill_leveldeflt = $satag2_leveldeflt; # triggers spam evasive actions
1062 # at or above that level: bounce/reject/drop,
1063 # quarantine, and adding mail address extension
1064 #
1065 # The $satag_leveldeflt, $satag2_leveldeflt and $sakill_leveldeflt
1066 # may also be hashrefs to hash lookup tables, to make static per-recipient
1067 # settings possible without having to resort to SQL or LDAP lookups.
1068
1069 # a quick reference:
1070 # tag_level controls adding the X-Spam-Status and X-Spam-Level headers,
1071 # tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
1072 # kill_level controls 'evasive actions' (reject, quarantine, extensions);
1073 # it only makes sense to maintain the relationship:
1074 # tag_level <= tag2_level <= kill_level
I wonder why /must upgrade the live server to 10.5.5 soon to see what happens…
Maybe you are looking for
-
Report preview issue in SQL Server Data Tools for VS2013 2013
I have a basic table based report backed by an SQL2012 stored procedure. When I try to preview the report I get this error: There was no endpoint listening at net.pipe://localhost/PreviewProcessingService6476/ReportProcessing that could accept the m
-
HT201262 screen on the TV flickering purple when connecting mini mac to TV through HDMI
anybody come across a problem with the TV connected to Mini mac, when i connect my HDMI cable to my TV and open up safari click onto Apple.com watch a video on their home page in full screen the screen flickers purple any ideas what could be the prob
-
How to add a contact no people tab windows 7
I have a laptop and Windows 7. I can find no people icon and no way to add a contact using their Skype ID name. Help.Steven
-
My ipod is stolen,, how can i disable it ?
pls help my it's a big problem to me
-
Hi, We have installed ECC 6.0 and we are tring to install WAS Java 7.0 and EP 7.0 ( NW 04s SR1 ). We also wanted to go for ESS / MSS version which is compatible with NW 04 SR1 .We have Dev/ QA / PROd environments . My questions are 1) Once we install