Dr Fragen in the operating room


  • False Positive

    Just a personal reminder to keep in the memory bank.
    When running OS X Server and SpamAssassin, if you have spam set up to be quarantined it gets stored in /var/virusmails. A method of viewing and releasing quarantined mail mostly from the command line follows.
    First, to do anything with the quarantined message you need to know it’s mail-file. That’s usually something like spam-kFLGPbnGHO3a.gz.
    Using TextExpander’s snippets and the clipboard I have the following snippets.
    To view the quarantined message I copy the quarantined file to /Users/Shared/ and then unzip it, read it into a new mail message to me. If it looks OK then I release it. I delete the file from /Users/Shared/ when I’m done.
    To send it myself I have the following snippet. The snippet begins by copying the mail-file to the clipboard. If you don’t have TextExpander just replace all instances of %clipboard with the mail-file.
    [code lang=bash]
    sudo cp /var/virusmails/%clipboard /Users/Shared/;gunzip /Users/Shared/%clipboard;/usr/bin/mail -s "%clipboard" me@example.com < /Users/Shared/`echo %clipboard | sed 's/.gz//g'`;rm /Users/Shared/`echo %clipboard | sed 's/.gz//g'`
    If I want to release the file from quarantine and send it to notjunkmail.
    [code lang=bash]
    sudo amavisd-release %clipboard ; sudo amavisd-release %clipboard "" notjunkmail
    I did have to do a few things to get amavisd-release working. First, it was looking for amavisd.sock in the /var/amavis/home directory and it’s really located in the /var/amavis directory. It was simple to create a new directory and then create a symlink to the amavisd.sock file.
    [code lang=bash]
    sudo mkdir /var/amavis/home; sudo ln -s /var/amavis/amavisd.sock /var/amavis/home
    Now, using only the command line and a mail app, I can check on quarantined email and release it. All this just so I can make sure that I can do this task from an iPhone or iPad. 馃槈
    FWIW, I have amavis-blocked (by Uwe S. Fuerst)
    a log file parser for amavisd-new 2.x, written in Perl
    set up to send me logs each night at 23:59. That’s where I get the mail-file from.

  • Amavisd settings

    I run my own mail server on OS X Server. For the most part I have my SpamAssassin settings tweaked pretty well. Unfortunately, there is some spam that seems to have malformed or incomplete MIME boundaries and these messages don’t seem to be getting passed off from Amavisd to SpamAssassin. As such, they seem to be getting through to the recipient with a null value for the spam score.
    After a little Googling I found Amavisd critical settings and I think the $final_bad_header_destiny is the key. The default setting is set to D_PASS. I’ve changed mine to D_REJECT now I’ll see what the logs say and see how much non-spam gets caught. Obviously, if enough good stuff doesn’t get through then I’ll have to think of something else.
    But the obvoious question remains, Why doesn’t SpamAssassin score these messages?

  • Unforeseen Circumstances

    Due to unforeseen circumstances I accidentally trashed my server installation. Don’t ask me for details but I think I accidentally unloaded all my launch daemons. I figured no big deal just restart the machine and everything’s fine. Not so fine.
    I restart and my mail server doesn’t seem to be working correctly.
    Several reinstalls later and I would still have a wonky mail server. It only got screwy after I tried to restore my mail stores. I was using mailbfr so it should have gone smoothly.
    After several attempts I decided to change my plan. I reinstalled the OS, and didn’t update the software to 10.5.2. I then copied over calendars, files, etc. after setting up the server software.
    Then I hand edited the SpamAssassin local.cf file to it’s previous settings and used mailbfr to selectively restore only specific users. Everything’s working. So I let it chug along checking my logs and finally decide to do the Software Update.
    Everything’s still working. My wife thinks I should not run my own server as the aggravation is so great. I told her that it only continues to demonstrate how little comparative aggravation I receive from her. 馃檪

  • Running SpamAssassin locally

    While I haven’t yet gotten an iPhone I’m making preparations. I realized that I was going to need to do something about email spam so that I could use an email address on my domain with the iPhone. My problem is that since I don’t run my mail server I’ve got no way to pull spam off the server before I have to download it. That is until now.
    My initial test was with my Mom’s email account. She had to have been getting over 500 spam/day. She was gone for a couple of weeks and there were over 6000 messages in her account on the server. Anyone care to guess how many were legit?
    A bit of googling and I found DisSpam. It looked like a reasonable solution.

    DisSpam is a personal solution to combat unwanted email (i.e. not for mail servers/ISPs). It is a Perl script that accesses POP3 mailboxes and can block/forward mail based on SpamAssassin, built-in blacklist (RBL) checks, or configurable expression matches. It can be run through a variety of ways, including cron, and uses a very simple yet versatile configuration file.

    Yes, it does mean that I have to access the email accounts in a cron job but it’s been working great. I won’t go into all the details of setting up SpamAssassin but between the combination of CPAN and the terminal everything’s working.
    Recently I’ve noticed that DisSpam, when it calls SpamAssassin, will download the entire message before it checks to see if it’s already been checked before. If you’ve got DisSpam configured to only check messages once it will store a hash of the headers and if it finds the hash then it won’t pass the message through SpamAssassin again. The problem was I found one of my accounts had a bunch of photos in messages still on the server and it was a long time to download the entire message before checking to see if it had already been checked. I was able to tweak the code so that it would only download the message headers and check that against the hash file and not download the entire message unless necessary. It brings up an exponential increase in speed when there are lots of messages on the server or when some of the messages are very large. I’ve created a patch file for it, patch_disspam.
    In the patch are also some additions to the code that will report some statistics and performance.
    So far it’s working great. 馃檪