Tag Archives: spamassassin

Adding Envelope Sender in sendmail

Fair warning: This post is pretty darn technical and is of little interest to people who don’t muck around with Linux and/or mail servers.

Recently I had a problem with someone on a midrange.com mailing list where they sent obvious spam.

The problem was, they were a subscriber to the list and had posted before … so the normal counter measures for that didn’t work (the first post for all subscribers are held until approved, to prevent people from subscribing, posting spam, and unsubscribing).

The puzzling thing about this was … the ‘from address’ on the message was not in the subscriber list.

Turns out that Mailman will accept message based on the FROM address of the message or the SENDER address (also known as the envelope-from).  The sender addressed is set by the sending mail server and is not normally in the body of the message.

After a bit of digging around, I figured out a way to add this information to the message headers so I can more easily diagnose the problem in the future.

Continue reading

Related posts ...
I put together a new SpamAssassin rule that will help identify spam from spoofed email
Running SpamAssassin after a Fedora Core 6 update results in "Use of uninitialized value in
Recently I noticed that there's a lot of temporary files in the /tmp directory on
A while ago I added a new anti-spam technique to my mail server setup called

DKIM Rule – SpamAssassin

I put together a new SpamAssassin rule that will help identify spam from spoofed email addresses.

Some email providers always sign email with DKIM or DomainKeys … based on this assumption, if you get a message from one of those domains and it isn’t signed, you can assume its more likely to be spam.

This particular rule operates on the assumption that all mail from Yahoo & Gmail will be signed.  It does not, however, raise the score a huge amount … because it’s just more LIKELY to be spam if it’s not signed … it’s not guaranteed to be spam. Some people may use the Yahoo or Gmail account’s in the from address, but not actually send from that service.
Continue reading

Related posts ...
Well, our good friends at Yahoo are at it again. Once again they are deferring
It's nice that many of the major mail providers give you the ability to report
As I mentioned before ... even though I'm participating in Yahoo's Email Complaint Feedback Loop,
While doing a little searching, I found some information on email feedback loops for other

SpamAssassin problem on Fedora 6

Yesterday I found that the RPM database on my Fedora Core 6 linux system’s were corrupted and that the regularly running update process was failing (without telling me, unfortunately).

After fixing the RPM database problem (rm -f /var/lib/rpm/__db.* && rpm -vv --rebuilddb) and running the update (yum update), I found that SpamAssassin’s update process wasn’t working anymore.

root@rivendell ~]# sa-update
Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30.

Apparently one of the updates that were applied in the mass update caused SpamAssassin to break.

The same problem occurred when I tried to test the SpamAssassin rules.

root@rivendell ~]# spamassassin --lint
Use of uninitialized value in concatenation (.) or string at /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm line 30.

A bit of research turned up this link.

Luckily the fix was fairly easy … just update the Scalar-List-Utils CPAN package …

perl -MCPAN -e 'install "G/GB/GBARR/Scalar-List-Utils-1.18.tar.gz"

… and everything worked fine again.

Related posts ...
I've updated to release candidate 1 of WordPress. Hopefully there won't be any problems. So
Recently I noticed that there's a lot of temporary files in the /tmp directory on
A while ago I added a new anti-spam technique to my mail server setup called
Fair warning: This post is pretty darn technical and is of little interest to people

Clean up /tmp

Recently I noticed that there’s a lot of temporary files in the /tmp directory on my mail server … all the files have spamassassin in the file name. I figured that in some cases, SpamAssassin (or programs it calls) isn’t cleaning up properly.

I whipped up this script that will clean up any spamassassin files & directories that are older than a set number of minutes (60 in my case)…

#!/bin/sh

AGE=60

if [ "$1" == "--test" ]
then
        CMD="-exec echo"
        echo "$0: test mode"
else
        CMD="-exec"
fi

/usr/bin/find /tmp \
        -mmin +$AGE \
        -name spamassassin.ocr* \
        $CMD /bin/rm -f '{}' \;

/usr/bin/find /tmp \
        -maxdepth 1 \
        -mmin +$AGE \
        -type d \
        -name .spamassassin\* \
        $CMD /bin/rm -rf '{}' \;

If you run the script with a parameter of ‘–test’, it will just show the commands it would have executed.

I put the script in /etc/cron.hourly directory so it gets executed every hour.

Related posts ...
Fair warning: This post is pretty darn technical and is of little interest to people
I put together a new SpamAssassin rule that will help identify spam from spoofed email
Running SpamAssassin after a Fedora Core 6 update results in "Use of uninitialized value in
A while ago I added a new anti-spam technique to my mail server setup called