<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><div>On Jun 19, 2011, at 3:30 PM, Gary V wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div>On 6/19/11, jason hirsh wrote:<br><blockquote type="cite">I am running<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><blockquote type="cite"> amavisd-new 2.6.4_10.1<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Postfix 2.9<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Mysql server 5..5<br></blockquote></blockquote><blockquote type="cite">Freebsd 8.1<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">I am trying to find a way to blacklist specified domains and email address..<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">Mu current effort was tp try to block one of my own webmail accounts<br></blockquote><blockquote type="cite"><a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">This is what I put in amavisd.conf<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">@score_sender_maps = ({  # a by-recipient hash lookup table<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"># # per-recipient personal tables  (NOTE: positive: black, negative: white)<br></blockquote><blockquote type="cite"># <a href="mailto:'user1@example.com">'user1@example.com</a>'  => [{'bla-mobile.press@example.com' => 10.0}],<br></blockquote><blockquote type="cite"># <a href="mailto:'user3@example.com">'user3@example.com</a>'  => [{'.ebay.com'                 => -3.0}],<br></blockquote><blockquote type="cite"># <a href="mailto:'user4@example.com">'user4@example.com</a>'  => [{'cleargreen@cleargreen.com' => -7.0,<br></blockquote><blockquote type="cite">#                           '.cleargreen.com'           => -5.0}],<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">  # site-wide opinions about senders (the '.' matches any recipient)<br></blockquote><blockquote type="cite">  '.' => [  # the _first_ matching sender determines the score boost<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">   new_RE(  # regexp-type lookup table, just happens to be all<br></blockquote><blockquote type="cite">soft-blacklist<br></blockquote><blockquote type="cite">    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         =><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   =><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  =><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(your_friend|greatoffers)@'i                                =><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    =><br></blockquote><blockquote type="cite">5.0],<br></blockquote><blockquote type="cite">   ),<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">#  read_hash("/var/amavis/sender_scores_sitewide"),<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">   { # a hash-type lookup table (associative array)<br></blockquote><blockquote type="cite">     <a href="mailto:'nobody@cert.org">'nobody@cert.org</a>'                        => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'cert-advisory@us-cert.gov">'cert-advisory@us-cert.gov</a>'              => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'owner-alert@iss.net">'owner-alert@iss.net</a>'                    => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'slashdot@slashdot.org">'slashdot@slashdot.org</a>'                  => -3.0,<br></blockquote><blockquote type="cite">     'securityfocus.com'                      => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'ntbugtraq@listserv.ntbugtraq.com">'ntbugtraq@listserv.ntbugtraq.com</a>'       => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'security-alerts@linuxsecurity.com">'security-alerts@linuxsecurity.com</a>'      => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'mailman-announce-admin@python.org">'mailman-announce-admin@python.org</a>'      => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'amavis-user-admin@lists.sourceforge.net">'amavis-user-admin@lists.sourceforge.net</a>'=> -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'amavis-user-bounces@lists.sourceforge.net">'amavis-user-bounces@lists.sourceforge.net</a>' => -3.0,<br></blockquote><blockquote type="cite">     'spamassassin.apache.org'                => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'notification-return@lists.sophos.com">'notification-return@lists.sophos.com</a>'   => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'owner-postfix-users@postfix.org">'owner-postfix-users@postfix.org</a>'        => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'owner-postfix-announce@postfix.org">'owner-postfix-announce@postfix.org</a>'     => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'owner-sendmail-announce@lists.sendmail.org">'owner-sendmail-announce@lists.sendmail.org</a>'   => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'sendmail-announce-request@lists.sendmail.org">'sendmail-announce-request@lists.sendmail.org</a>' => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'donotreply@sendmail.org">'donotreply@sendmail.org</a>'                => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'ca+envelope@sendmail.org">'ca+envelope@sendmail.org</a>'               => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'noreply@freshmeat.net">'noreply@freshmeat.net</a>'                  => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'owner-technews@postel.acm.org">'owner-technews@postel.acm.org</a>'          => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'ietf-123-owner@loki.ietf.org">'ietf-123-owner@loki.ietf.org</a>'           => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'cvs-commits-list-admin@gnome.org">'cvs-commits-list-admin@gnome.org</a>'       => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'rt-users-admin@lists.fsck.com">'rt-users-admin@lists.fsck.com</a>'          => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'clp-request@comp.nus.edu.sg">'clp-request@comp.nus.edu.sg</a>'            => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'surveys-errors@lists.nua.ie">'surveys-errors@lists.nua.ie</a>'            => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'emailnews@genomeweb.com">'emailnews@genomeweb.com</a>'                => -5.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'yahoo-dev-null@yahoo-inc.com">'yahoo-dev-null@yahoo-inc.com</a>'           => -3.0,<br></blockquote><blockquote type="cite">     'returns.groups.yahoo.com'               => -3.0,<br></blockquote><blockquote type="cite">     <a href="mailto:'clusternews@linuxnetworx.com">'clusternews@linuxnetworx.com</a>'           => -3.0,<br></blockquote><blockquote type="cite">     lc(<a href="mailto:'lvs-users-admin@LinuxVirtualServer.org">'lvs-users-admin@LinuxVirtualServer.org</a>')    => -3.0,<br></blockquote><blockquote type="cite">     lc(<a href="mailto:'owner-textbreakingnews@CNNIMAIL12.CNN.COM">'owner-textbreakingnews@CNNIMAIL12.CNN.COM</a>') => -5.0,<br></blockquote><blockquote type="cite">#blacklist test<br></blockquote><blockquote type="cite">     # soft-blacklisting (positive score)<br></blockquote><blockquote type="cite">     <a href="mailto:'captcurrent@hotmail.com">'captcurrent@hotmail.com</a>'                     =>  4.0,<br></blockquote><blockquote type="cite">     '.example.net'                           =>  1.0,<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">   },<br></blockquote><blockquote type="cite">  ],  # end of site-wide tables<br></blockquote><blockquote type="cite">});<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">I went this approach to try to keep me from messing up to far<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">with the other checks this should be anough an email from this address into<br></blockquote><blockquote type="cite">spam<br></blockquote><blockquote type="cite">but the score remains at 2.092<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">i can any one tell from  this info what I am doing wrong?<br></blockquote><br>Did you remember to reload amavisd-new? I would look at the headers of<br>the message to see what rules did hit. I would also set:<br>$sa_tag_level_deflt  = undef;<br>so that all messages address to local domaions will have the X-Spam<br>headers inserted, which can be useful when trying to debug which rules<br>hit.<br><br>You may also choose to set:<br><br># If sender matches ACL, turn debugging fully up, just for this one message<br>@debug_sender_maps = ( ['captcurrent@hotmail.com'] );<br></div></blockquote><div><br></div><div><br></div>the maillog showed this whihc lloks like it found the address but didn't total the score</div><div><br></div><div><br></div><div><pre>Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup [whitelist_sender<<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>>,whitelist_sender] => undef, "<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>" does not match
Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup_re("<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>"), no matches
Jun 19 19:35:43 tuna amavis[84064]: (84064-01) query_keys: <a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>, captcurrent@, <a href="http://hotmail.com">hotmail.com</a>, .hotmail.com, .com, .
Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup_hash(<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>) matches key "<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>", result=4
Jun 19 19:35:43 tuna amavis[84064]: (84064-01) lookup [score_sender<<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>>] => true,  "<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>" matches, result="4", matching_key="<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>"
Jun 19 19:35:43 tuna amavis[84064]: (84064-01) wbl: soft-blacklisted (4) sender <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> => <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>, recip_key="."
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) SPAM-TAG, <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>, No, score=2.092 required=6.31 tests=[AM:BOOST=4, BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) (about to connect to [127.0.0.1]:10025) FWD via SMTP: <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) smtp cmd> MAIL FROM:<<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> BODY=7BIT
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) rw_loop sent 113> MAIL FROM:<<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> BODY=7BIT\r\nRCPT TO:<<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>> ORCPT=rfc822;jason@kasdivi.com\r\nDATA\r\n
Jun 19 19:35:44 tuna postfix/qmgr[76930]: 4E09C5C23: from=<<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>>, size=2151, nrcpt=1 (queue active)
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) FWD via SMTP: <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>,BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) DSN: sender NOT credible, SA: -1.908, <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>>
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) query_keys: <a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>, captcurrent@, <a href="http://hotmail.com">hotmail.com</a>, .hotmail.com, .com, .
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) lookup_hash(<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>) matches key "<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>", result=8
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) lookup [spam_dsn_cutoff_level_bysender] => true,  "<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>" matches, result="8", matching_key="<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>"
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) dsn: from MTA 250 NonBlocking:CleanTag <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=1, mta_resp: "250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23"
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) DSN: SUCC from MTA 250 NonBlocking:CleanTag, no DSN requested: <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) one_response_for_all <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>>: success, r=0,b=0,d=0, ndn_needed=0, '250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4E09C5C23'
Jun 19 19:35:44 tuna amavis[84064]: (84064-01) Passed CLEAN, [65.55.90.36] [65.55.90.8] <<a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>> -> <<a href="mailto:jason@kasdivi.com">jason@kasdivi.com</a>>, Message-ID: <<a href="mailto:SNT134-W5CB717938EADFCA9F5039A06F0@phx.gbl">SNT134-W5CB717938EADFCA9F5039A06F0@phx.gbl</a>>, mail_id: Nh1SDVuRLjDk, Hits: 2.092, size: 1396, queued_as: 4E09C5C23, 896 ms
</pre>
<form action="save_log.cgi" style="margin-left:1em">












Last <input class="ui_textbox" name="lines" value="20" size="3"> lines of <tt>/var/log/maillog</tt>
  
Only show lines with text <input class="ui_textbox" name="filter" value="hotmail" size="25">    </form><blockquote type="cite"><div><br>so you get full debugging for a message sent from <a href="mailto:captcurrent@hotmail.com">captcurrent@hotmail.com</a>.<br><br>-- <br>Gary V<br></div></blockquote></div><br></body></html>