Re: Request for spam from Kennedy-Western/kw.edu
On Monday, January 17, 2005, 3:51:14 PM, William Stearns wrote: Good evening, all, I have a favor to ask. Kennedy Western has written in asking to be removed from the sa-blacklist - the audacity! :-) Could I trouble any of you that keep your back spam to grab any Kennedy Wester spams and send them along to [EMAIL PROTECTED] (obviously, this address is for spam only; if you have questions or want to reach me, please use [EMAIL PROTECTED])? Strings to look for are: Kennedy-Western kw.edu kennedy-western-university.net KennedyWestern@ Kennedy Western I sincerely appreciate the help. Cheers, - Bill I see 43 NANAS hits on a 1996 domain (kw.edu) that probably has legitimate uses. I may whitelist their domains on SURBLs unless they are spammers on the order of a Ralsky or china pill spammers. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Score in Local.cf does not work
Hi Alex, Actually you should upgrade your current SA version to 3.0.2. Best Regards, -Cor alexander hachmann said: Hello, I am using Spamassassin 2.63 with SQL-Configuration. When I want to redefine scores in my local.cf it simply does not work. The new Score i am setting will not be used. score MSGID_FROM_MTA_SHORT 1.0 1.0 1.0 1.0 What else do I have to do to make Spamassassin use these new defaults? Thanks, Alexander
Re: Request for spam from Kennedy-Western/kw.edu
William Stearns wrote: Good evening, all, I have a favor to ask. Kennedy Western has written in asking to be removed from the sa-blacklist - the audacity! :-) Could I trouble any of you that keep your back spam to grab any Kennedy Wester spams and send them along to [EMAIL PROTECTED] (obviously, this address is for spam only; if you have questions or want to reach me, please use [EMAIL PROTECTED])? Strings to look for are: Kennedy-Western kw.edu kennedy-western-university.net KennedyWestern@ Kennedy Western I sincerely appreciate the help. Cheers, - Bill --- It is easy to be blinded to the essential uselessness of computers by the sense of accomplishment you get from getting them to work at all. -- Douglas Adams -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org -- if it's any help I have nothing for the last 4 weeks
URIBL_SBL
I have SpamAssassin 3.0.2 installed on Fedora Core 2 release. How do I get URIBL_SBL to work? I see in 25_uribl.cf: # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL On my box: [EMAIL PROTECTED] etc]# locate URIDNSBL /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm So I think its there, right? I see no hits on this though and I have a large amount of traffic on this box, 600+ email users. Any idea what I have set wrong? Matt
Semi-OT: Spammer sues spam-report
A spammer is suing someone who reported their spam for Tortuous Interference with Contract and Defamation: The defendant knew intentionally and improperly interfered with the performance of the said contract by inducing Lightship Telecom and Spectra Access, Inc., to terminate the contracts. ... The defenandt induced the termination by intentionally making misrepresentation about ATRIKS and Brian Haberstroh to the said third parties. It would be funny if it weren't for Jay Stuler having to pay legal fees for all this; Jay can seriously use donations to help fight this. I find it interesting that they aren't suing Spamhaus.org or Spews.org, which also have misrepresentations about the spammers; looks rather like a SLAPP lawsuit to me. Jay posted the following to USENET: From: Jay Stuler [EMAIL PROTECTED] Newsgroups: news.admin.net-abuse.email Subject: Atriks lawsuit update Date: Sat, 15 Jan 2005 22:22:03 -0500 Hello gentle NANAE readers... I found out this week that they declined my motion to dismiss. Yes - even though I am not a citizen of New Hampshire, and I have never been there, or done business there, they still decided I can be sued there. So the next stage of the suit begins - discovery. Some interesting things should come of this stage... Unfortunately, this will cost quite a bit of money - which I still don't have. I need more donations to go further. But if I am financially able to go further, I am sure that many interesting things about Haberstroh's operation will be unearthed, if you know what I mean. My lawyer made it quite clear to Haberstroh's lawyer that he will never receive any money, even with a judgement. Nevertheless, Haberstroh wishes to continue with the suit, to make spammers seem like the good guys. I am still taking donations through PayPal. Every little bit helps. If there is any extra left over at the end of this (for some reason) it will be proportionately returned to the donors. The site with information on the suit is still at: http://spamlawsuit.spamshield.org I will update the site with more information as it comes to me. Also please pass this on to anyone who you may think be interested... Thanks -- Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life. Advanced SPAM filtering software: http://spamassassin.org
Re: URIBL_SBL
On Monday, January 17, 2005, 6:01:28 PM, Matt Matt wrote: I have SpamAssassin 3.0.2 installed on Fedora Core 2 release. How do I get URIBL_SBL to work? I see in 25_uribl.cf: # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL On my box: [EMAIL PROTECTED] etc]# locate URIDNSBL /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm So I think its there, right? I see no hits on this though and I have a large amount of traffic on this box, 600+ email users. Any idea what I have set wrong? It it enabled in the default installation, but you need to have a recent version of Net::DNS and have network tests enabled. Here are some suggestions: http://www.surbl.org/faq.html#nettest Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SA 3.01 and BAYES probability too high
For some days BAYES probabilty jump for almost all messages, i've BAYES_50 for almost all message including ham... What can be the reason ? Why do you think bayes 50 is wrong? BTW: Bayes_50 I would consider as ham. Bayes_50 means that Bayes doesn't know if the message is ham or spam, since it hasn't seen enough tokens yet to determine. So it would be wrong to consider a bayes_50 (or bayes_49 or Bayes_51) to be either ham OR spam. It is an I don't know! case. This is not a case of bayes scoring too high, but if anything it is scoring too low. High scores for bayes are 00 or 99, and low is 50. Offhand I can't think of anything that would cause Bayes to score all messages with bayes_50, other than a very corrupted bayes database. In fact, I'm a little surprised that bayes_50 is even showing up. Since that is the oh nevermind case I thought that (at least in 2.6x) it didn't even bother sticking that result in the message. Loren
Re: Problem with a message that got through.
What part of the rule does the m in m2355 match?
{^_^}
- Original Message -
From: Steven W. Orr [EMAIL PROTECTED]
I have this in my local.cf
header MY_MNUMERIC_TO To =~ /[EMAIL PROTECTED]/i
score MY_MNUMERIC_TO 5.0
describeMY_MNUMERIC_TO All numeric address after M in To:
Despite that, the following message got through. The M in the regex is
inside an i operator so that shouldn't be the problem.
Anyone?
--
Time flies like the wind. Fruit flies like a banana. Stranger things have
.0.
happened but none stranger than this. Does your driver's license say Organ
..0
Donor?Black holes are where God divided by zero. Listen to me! We are all-
000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-- Forwarded message --
Return-Path: [EMAIL PROTECTED]
Received: from yankeeclipperinn.com (mail.myglassshop.com [38.119.170.63]
(may
be forged))
by syslang.net (8.12.10/8.12.10) with ESMTP id j0HNI1Wv023471
for [EMAIL PROTECTED]; Mon, 17 Jan 2005 18:18:07 -0500
Date: Mon, 17 Jan 2005 18:17:07 -0500
Message-Id: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: Postmaster [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Undeliverable Mail
X-Mailer: SMTP32 v8.05
X-Spam-Status: No, hits=0.1 required=5.0 tests=FORGED_RCVD_HELO
autolearn=failed version=3.0.2
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on saturn
No message body: [EMAIL PROTECTED]
Original message follows.
Re: Problem with a message that got through.
Never mind - as soon as I sent it my brain registered my mistrake.
{+_+} Duh!
- Original Message -
From: jdow [EMAIL PROTECTED]
What part of the rule does the m in m2355 match?
{^_^}
Re: URIBL_SBL
I just installed the latest version of 0.48 Net::DNS and still no go. This is how I start Spamd in rc.local. /usr/bin/spamd -d -c -m 5 This is running under Exim Exiscan. Looks like it uses spamc -u to connect to spamd as a given user. Any other ideas? Thanks. Matthew On Monday, January 17, 2005, 6:01:28 PM, Matt Matt wrote: I have SpamAssassin 3.0.2 installed on Fedora Core 2 release. How do I get URIBL_SBL to work? I see in 25_uribl.cf: # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL On my box: [EMAIL PROTECTED] etc]# locate URIDNSBL /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm So I think its there, right? I see no hits on this though and I have a large amount of traffic on this box, 600+ email users. Any idea what I have set wrong? It it enabled in the default installation, but you need to have a recent version of Net::DNS and have network tests enabled. Here are some suggestions: http://www.surbl.org/faq.html#nettest
Re: Problem with a message that got through.
I have this in my local.cf
header MY_MNUMERIC_TO To =~ /[EMAIL PROTECTED]/i
To: [EMAIL PROTECTED]
You have start of line followed by M. The To has start of line followed by
followed by M.
Try
header MY_MNUMERIC_TO To =~ /^?M\d{1,[EMAIL PROTECTED]/i
Loren
Re: Score in Local.cf does not work
I am using Spamassassin 2.63 with SQL-Configuration. When I want to redefine scores in my local.cf it simply does not work. The new Score i am setting will not be used. score MSGID_FROM_MTA_SHORT 1.0 1.0 1.0 1.0 What else do I have to do to make Spamassassin use these new defaults? Actually you should upgrade your current SA version to 3.0.2. But aside from that, run spamassassin -D and look at the output to see what paths it is using. There is a good chance that it isn't looking in whatever directory you have local.cf. Or it may be a permissions problem. Of course, if you are running spamc/spamd or amvis-new, you have to make sure that you restart spamd or amvis so that the new settings will take effect. Loren
DIGEX
Spam really did come from 164.109.26.27. Is DigiEx not marked in any
of the BLs around?
{^_^}
Re: Verizon hosting spammers :)
Hey now, you all. I have a Verizon address, and to the best of my ability, unless I set up SSH tunneling through them, I cannot send mail from any other account than mine. And don't blacklist me! Rob You have sent this mail to the list through out014pub.verizon.net and not directly from your own dsl-verizon.net address so you wouldn't have been blocked by me ;) Menno
Re: URIBL_SBL
Alright, I think I have figured something out by turning spamd -D debug mode on. Net::DNS version is 0.23, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 1230. Thing is I just installed perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm. So I double check. rpm -Uvh perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm warning: perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 Preparing...### [100%] package perl-Net-DNS-0.48-0.1.fc2.rf is already installed What now? Thanks. Matthew From: Matt Subject: URIBL_SBL Date: Tue, 18 Jan 2005 00:19:44 -0600 I just installed the latest version of 0.48 Net::DNS and still no go. This is how I start Spamd in rc.local. /usr/bin/spamd -d -c -m 5 This is running under Exim Exiscan. Looks like it uses spamc -u to connect to spamd as a given user. Any other ideas? Thanks. Matthew On Monday, January 17, 2005, 6:01:28 PM, Matt Matt wrote: I have SpamAssassin 3.0.2 installed on Fedora Core 2 release. How do I get URIBL_SBL to work? I see in 25_uribl.cf: # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL On my box: [EMAIL PROTECTED] etc]# locate URIDNSBL /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm So I think its there, right? I see no hits on this though and I have a large amount of traffic on this box, 600+ email users. Any idea what I have set wrong? It it enabled in the default installation, but you need to have a recent version of Net::DNS and have network tests enabled. Here are some suggestions: http://www.surbl.org/faq.html#nettest
Re: Verizon hosting spammers :)
On 2005-01-18, at 08.49, Menno van Bennekom wrote: You have sent this mail to the list through out014pub.verizon.net and not directly from your own dsl-verizon.net address so you wouldn't have been blocked by me ;) I was _hammered_ all throughout last year by messages to unknown accounts from machines in the sc0nnpub.verizon.net segment (nn = 01 - 99). Eventually I had to blacklist anything matching that pattern. Seems to be a lot more quiet now though. It is interesting to note that Verizon is the only ISP that I felt the need to single out specifically, all the others were successfully blocked by standard RBL, and also never stood out in the statistics like Verizon did. They seem to be a real virii / spam haven... j o a r
Re: URIBL_SBL
On Monday, January 17, 2005, 11:57:26 PM, Matt Matt wrote: Alright, I think I have figured something out by turning spamd -D debug mode on. Net::DNS version is 0.23, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 1230. Thing is I just installed perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm. So I double check. rpm -Uvh perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm warning: perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 Preparing...### [100%] package perl-Net-DNS-0.48-0.1.fc2.rf is already installed Perhaps you installed SA or Net::DNS from CPAN and the other another way like tarbals? Sometimes that confuses the installations. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SA 3.01 and BAYES probability too high
Loren Wilton wrote: For some days BAYES probabilty jump for almost all messages, i've BAYES_50 for almost all message including ham... What can be the reason ? Why do you think bayes 50 is wrong? BTW: Bayes_50 I would consider as ham. Bayes_50 means that Bayes doesn't know if the message is ham or spam, since it hasn't seen enough tokens yet to determine. So it would be wrong to consider a bayes_50 (or bayes_49 or Bayes_51) to be either ham OR spam. It is an "I don't know!" case. This is not a case of bayes scoring too high, but if anything it is scoring too low. "High" scores for bayes are 00 or 99, and "low" is 50. Offhand I can't think of anything that would cause Bayes to score all messages with bayes_50, other than a very corrupted bayes database. In fact, I'm a little surprised that bayes_50 is even showing up. Since that is the "oh nevermind" case I thought that (at least in 2.6x) it didn't even bother sticking that result in the message. Yes, i think my database was corrupted because the change appears suddenly... All my messages were scored between BAYES_50 and BAYES_99 How can i prevent bayes corruption ? I've two server sharring bayes files by NFS Thanks Guillaume
bayes 2
i rebuild the databases as root. with new unmarked spam and new ham. i used spamassassin as root like: spamassassin -D --lint test.txt where test.txt is a spam message i just used with sa-learn. here is what i get for the bayes: debug: cannot use bayes on this message; not enough usable tokens found debug: bayes: not scoring message, returning undef debug: bayes: 61998 untie-ing debug: bayes: 61998 untie-ing db_toks debug: bayes: 61998 untie-ing db_seen not enough tokens?! i just redid the databases - 552 spam and 603 ham - an the message i did the test with is part of the 552 spams. there is no line like: debug: bayes corpus size: nspam = , nham = what is wrong with this spamassassin? should i just reinstall? any input will be appreciated... --
Re: URIBL_SBL
Matt install Net::DNS from CPAN perl -MCPAN -eshell install Net::DNS the RH RPMs are nortious at sticking stuff in stupid places that only other RH RPM based packages can see. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Matt wrote: Alright, I think I have figured something out by turning spamd -D debug mode on. Net::DNS version is 0.23, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 1230. Thing is I just installed perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm. So I double check. rpm -Uvh perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm warning: perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 Preparing...### [100%] package perl-Net-DNS-0.48-0.1.fc2.rf is already installed What now? Thanks. Matthew From: Matt Subject: URIBL_SBL Date: Tue, 18 Jan 2005 00:19:44 -0600 I just installed the latest version of 0.48 Net::DNS and still no go. This is how I start Spamd in rc.local. /usr/bin/spamd -d -c -m 5 This is running under Exim Exiscan. Looks like it uses spamc -u to connect to spamd as a given user. Any other ideas? Thanks. Matthew On Monday, January 17, 2005, 6:01:28 PM, Matt Matt wrote: I have SpamAssassin 3.0.2 installed on Fedora Core 2 release. How do I get URIBL_SBL to work? I see in 25_uribl.cf: # Requires the Mail::SpamAssassin::Plugin::URIDNSBL plugin be loaded. # Note that this plugin defines a new config setting, 'uridnsbl', # which lists the zones to look up in advance. The rules will # not hit unless each rule has a corresponding 'uridnsbl' line. ifplugin Mail::SpamAssassin::Plugin::URIDNSBL On my box: [EMAIL PROTECTED] etc]# locate URIDNSBL /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/URIDNSBL.pm /usr/share/man/man3/Mail::SpamAssassin::Plugin::URIDNSBL.3pm So I think its there, right? I see no hits on this though and I have a large amount of traffic on this box, 600+ email users. Any idea what I have set wrong? It it enabled in the default installation, but you need to have a recent version of Net::DNS and have network tests enabled. Here are some suggestions: http://www.surbl.org/faq.html#nettest ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Deep recursion error
Hi There has been a few posts about this error but so far no solution. I have a mail which, when sent to spamd with spamc, causes spamd to consume a lot of memory and cpu time. The scanning takes about 30 seconds for this mail of approx. 200 kB but the real problem is that it causes spamd to go from 50 to 190 MB consumed memory. Additionally, spamd logs several errors about Deep recursion. The error log is attached below. The mail is a result of repeated bounces between two servers. That in itself is a problem but the mail should not trigger such bad behavior in spamd. I'm using spamassassin 3.0.1 with perl 5.8.3 on SuSE Linux 9.2 (kernel 2.6.5). The offending mail can be found at http://www.math.ku.dk/~zuziak/sa/satrigger.txt Can anyone help me with this? Thanks, Martin Zuziak [EMAIL PROTECTED] Jan 18 10:40:31 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::parse_body at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 521, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_do_parse at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 242, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_parse_normal at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 446, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_do_parse at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 242, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_parse_multipart at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 437, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_parse_normal at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 446, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_parse_normal at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 446, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::new at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 611, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::_parse_normal at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 446, GEN3284 line 6525. Jan 18 10:40:34 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::new at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message.pm line 611, GEN3284 line 6525. Jan 18 10:40:37 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::Node::_find_parts at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 122, GEN3284 line 6525. Jan 18 10:40:44 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::Node::_find_parts at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 122, GEN3284 line 6525. Jan 18 10:40:46 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::Node::_find_parts at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 122. Jan 18 10:40:46 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::Node::content_summary at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 460. Jan 18 10:40:50 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::Node::finish at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 659. Jan 18 10:41:02 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::finish at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 659. Jan 18 10:41:02 imf spamd[6173]: Deep recursion on subroutine Mail::SpamAssassin::Message::finish at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Message/Node.pm line 659.
Re: add_header in 3.0.2 not working
on 17.01.2005 19:47 Andy Jezierski said the following: [snip] I don't use qmail-scanner, but do you have to re-start it for new config changes to take effect? Does qmail-scanner have it's own config file that overrides SA like amavisd-new? qmail-scanner.pl is called when receiving and email. (Changes to this file are immediate and there are no external config files.) A tmp and working copy of the received message are created. The tmp copy's attachements are extracted and virus-scanned. Afterward, spamc is called by qmail-scanner.pl on the working copy like so: /usr/bin/spamc -c -u "[EMAIL PROTECTED]" /var/spool/qmailscan/working/new/myserver.domain.no110601543848712717 Then it's scanned for known viruses that fake sender-addresses in order to determine if a bounce message is worth sending. Once cleared it's dropped into the qmail-queue. I imagine that the SA headers are kept when spamc is called. So, when I try to even mod my /etc/mail/spamassassin/local.conf's add_header line with no effect, I get stumped. -Roger
Re: add_header in 3.0.2 not working
on 18.01.2005 12:30 Roger WJ Alterskjr said the following: on 17.01.2005 19:47 Andy Jezierski said the following: [snip] I don't use qmail-scanner, but do you have to re-start it for new config changes to take effect? Does qmail-scanner have it's own config file that overrides SA like amavisd-new? qmail-scanner.pl is called when receiving and email. (Changes to this file are immediate and there are no external config files.) A tmp and working copy of the received message are created. The tmp copy's attachements are extracted and virus-scanned. Afterward, spamc is called by qmail-scanner.pl on the working copy like so: /usr/bin/spamc -c -u "[EMAIL PROTECTED]" /var/spool/qmailscan/working/new/myserver.domain.no110601543848712717 Then it's scanned for known viruses that fake sender-addresses in order to determine if a bounce message is worth sending. Once cleared it's dropped into the qmail-queue. I imagine that the SA headers are kept when spamc is called. So, when I try to even mod my /etc/mail/spamassassin/local.conf's add_header line with no effect, I get stumped. [In my best Maxwell Smart imitation] Would you believe it was qmail-scanner.pl?! You got me thinking about what it does. Looking at the Q-S code showed that it parses the spamc output, picks only those things deemed interesting, then recreated it's own version of the SA X-Spam-Status header. So I guess I'll put my perl-programmer hat on and do some modifying. Thanks very much for the help!! (Sincerely!) -Roger
Re: add_header in 3.0.2 not working
FYI, to anyone who runs into the same problem, there is a patched version of qmail-scanner.pl that allow you to include SA-created headers (plus other cool options not in the original): http://xoomer.virgilio.it/j.toribio/qmail-scanner/READMEpatched.html -Roger
Use of uninitialized value
Hi list, I've upgraded to 3.0.2 and now I'm seeing this in my logs: Jan 18 10:03:17 qsmtp-mx-06 spamd[20906]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Message.pm line 225, GEN905 line 76. Jan 18 10:12:42 qsmtp-mx-01 spamd[29014]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Message.pm line 225, GEN668 line 76. The systems are RedHat8/9 and Fedora Core 2. Is this a reported bug? Thanks German
Re: Use of uninitialized value
Hi probably means you sa 2.x rules don't parse in the SA 3.x world have you spamassassin --lint checked to if it gives you any more info ot does it die here as well.?? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 German Staltari wrote: Hi list, I've upgraded to 3.0.2 and now I'm seeing this in my logs: Jan 18 10:03:17 qsmtp-mx-06 spamd[20906]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Message.pm line 225, GEN905 line 76. Jan 18 10:12:42 qsmtp-mx-01 spamd[29014]: Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/Message.pm line 225, GEN668 line 76. The systems are RedHat8/9 and Fedora Core 2. Is this a reported bug? Thanks German ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
spamassassin process a single message for 10 minutes !
here is the message: http://mail.units.it/6474 it contains a lot of email addresses and stops our mailserver these are the times on a dual PIII 1GHz (SpamAssassin 3.0.2) time spamc 6474 real9m59.995s user0m0.000s sys 0m0.000s any suggestions ??? Thanks Stefano
RE: spamassassin process a single message for 10 minutes !
Hm... time spamc 6474 real0m3.040s user0m0.001s sys 0m0.008s This is a PIII 1.3. (SA 3.0.2) Might be something in your config? -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Stefano Catani Sent: Tuesday, January 18, 2005 5:56 AM To: users@spamassassin.apache.org Subject: spamassassin process a single message for 10 minutes ! here is the message: http://mail.units.it/6474 it contains a lot of email addresses and stops our mailserver these are the times on a dual PIII 1GHz (SpamAssassin 3.0.2) time spamc 6474 real9m59.995s user0m0.000s sys 0m0.000s any suggestions ??? Thanks Stefano
Re: Verizon hosting spammers :)
Menno van Bennekom wrote: You have sent this mail to the list through out014pub.verizon.net and not directly from your own dsl-verizon.net address so you wouldn't have been blocked by me ;) Menno Alas, I'm moving to a Verizon business DSL account for my server. Is there any distinction between residential DSL and business DSL in their network addresses? I don't really have a choice of providers for my connection. My server is currently at a colo in LA, which has its own problems with having had a spamhaus reputation. Mojo -- Morris Jones Monrovia, CA http://www.whiteoaks.com Old Town Astronomers: http://www.otastro.org
whitelisting localhost
Hi, I use spamassassin 2.64 and i want to configure it so every mail sent by the local server is whitelisted or not even scanned by spamassassin. I tried quite a lot of config but whatever the config i try i allways have the localhost sent that is tagged as spam. spamassassin --lint and debug give no errors. I tried t whitelist any mail coming from the local server, so i setup : 1/ trusted_network for * trusted_networksmy.ip.is.here trusted_networks127.0.0.1 2/ whitelist setting whitelist_from_rcvd * local name like you have in uname -n whitelist_from_rcvd * localhost whitelist_from_rcvd * 127.0.0.1 whitelist_from_rcvd * my.ip.is.here i also tried [EMAIL PROTECTED] instead of * restarted spamd, but still i got nothing whitelisted, the whitelist for external name works withtout problem and are setup in the very same local.cf. But no way to make it work for local sent mail... I really cannot make it work foir the local machine. I just want that all emails sent from the server is NOT scanned by spamassassin and/or considered whitelisted. All the local messages are tagged with MSGID_FROM_MTA_SHORT that add 3 point and several other rules. I have changed the point for this rule but the real goal is to whitelist it. Any idea ? reagrds, Ghislain.
Re: whitelisting localhost
On Tue, Jan 18, 2005 at 04:58:12PM +0100, ADNET GHISLAIN wrote: I use spamassassin 2.64 and i want to configure it so every mail sent by the local server is whitelisted or not even scanned by spamassassin. The only way to skip being scanned by spamassassin is not to call it. You need to configure what you use to call SA to not call for outgoing mails. -- Randomly Generated Tagline: I am not Open Source, I do not want you playing with my internal organs. Thank you. - Obelisk pgpTvptwmIYC3.pgp Description: PGP signature
Re: URIBL_SBL
Works now. Thanks. Matt Matt install Net::DNS from CPAN perl -MCPAN -eshell install Net::DNS the RH RPMs are nortious at sticking stuff in stupid places that only other RH RPM based packages can see. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Matt wrote: Alright, I think I have figured something out by turning spamd -D debug mode on. Net::DNS version is 0.23, but need 0.34dnsavailable-1 at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Dns.pm line 1230. Thing is I just installed perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm. So I double check. rpm -Uvh perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm warning: perl-Net-DNS-0.48-0.1.fc2.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6 Preparing...### [100%] package perl-Net-DNS-0.48-0.1.fc2.rf is already installed What now? Thanks. Matthew
SpamAssassin Timing Out? Bayes?
Our system seems to be getting sporadic at times, all of the sudden spam will flood in and after checking the header I am finding this on the messages getting by: SpamAssassin (SpamAssassin rebuilding) We are running sa-learn as a cron job. I am currently running this in our cron job. #! /bin/sh sa-learn --ham --no-rebuild ham_directory sa-learn --spam --no-rebuild spam_directory sa-learn --rebuild I grabbed this off the SA WIKI What can I do to resolve this, it's almost as if spamassassin is timing out, which seems to produce the same results, a flood of unfiltered emails. I am also trying to Google the answer, but under the gun as our clients are getting testy about seeing spam. I told them it was a comparison on how effective we filter and every-now-and-then allow a bunch of spam in to show how great it works ;) Thanks! -- David Thurman The Web Presence Group http://www.the-presence.com Web Development/E-Commerce/CMS/Hosting/Dedicated Servers 800-399-6441/309-679-0774
Re: bayes 2
At 03:50 AM 1/18/2005, kalin mintchev wrote: spamassassin -D --lint test.txt where test.txt is a spam message i just used with sa-learn. here is what i get for the bayes: debug: cannot use bayes on this message; not enough usable tokens found debug: bayes: not scoring message, returning undef debug: bayes: 61998 untie-ing debug: bayes: 61998 untie-ing db_toks debug: bayes: 61998 untie-ing db_seen not enough tokens?! i just redid the databases - 552 spam and 603 ham - an the message i did the test with is part of the 552 spams. there is no line like: debug: bayes corpus size: nspam = , nham = what is wrong with this spamassassin? should i just reinstall? What does sa-learn --dump magic output?
Re: spamassassin process a single message for 10 minutes !
On Tue, Jan 18, 2005 at 10:56:22AM +, Stefano Catani wrote:
here is the message:
http://mail.units.it/6474
it contains a lot of email addresses and stops our mailserver
these are the times on a dual PIII 1GHz (SpamAssassin 3.0.2)
time spamc 6474
real9m59.995s
user0m0.000s
sys 0m0.000s
similar result here:
real10m0.067s
user0m0.010s
sys 0m0.000s
single PIII 1GHz 750MB SA 3.0.0
spamd (according to top) does not eat significantly CPU.
I called strace on the spamd process:
...
select(0, NULL, NULL, NULL, {1, 2}) = 0 (Timeout)
open(/etc/protocols, O_RDONLY)= -1 EMFILE (Too many open files)
open(/var/lib/misc/protocols.db, O_RDWR|O_LARGEFILE) = -1 EMFILE (Too many
open files)
...
this is reported endlessly
so there seems to be a file handle problem.
According to lsof:
lsof | grep ^spamd | awk '{print $1,$2}' | sort | uniq -c
NrOF PID
37 spamd 20696
126 spamd 20698
129 spamd 20699
130 spamd 20700
1055 spamd 20701
38 spamd 26284
This surely is insane.
Process 20701 which is the actually scanning child process
has openend 933 UDP sockets:
spamd 20701 root 1023u IPv4 555058UDP
*:38796
and 85 handles on bayes_toks:
spamd 20701 root 136u REG 58,2 5226496 656011
/home/chris/.spamassassin/bayes_toks
I'd guess the UDP sockets are from DNS lookups f. sender verify.
HTH, Chris
--
Christian Recktenwald : :
citecs GmbH: [EMAIL PROTECTED]
Unternehmensberatung fuer : voice +49 711 601 2090 : Boeblinger Strasse 189
EDV und Telekommunikation : fax +49 711 601 2092 : D-70199 Stuttgart
Memory problems with SA 3.0.1?
Are there any memory problems for SA version 3.0.1? We recently upgraded to 2 gigs of memory on the server and SA just gobbled up the memory. We dip down to under 20 megs here and there and 30-40 megs the rest of the time. I lowered the number of processes from 15 to 10 and according to top the RSS is reading at least 50 megs per process. When I stop and start SA I obviously gain back a lot of memory, but soon goes back down. Im running this on Fedora Core 2 with qmail, I average 25-35 emails a minute with spikes to 300 emails a minute. I just dont know if SA is suppose to take up that much memory. Any suggestions on what to look for? Or is there like a memory leak in this version? Thanks Robert Bartlett Digital Phoenix
Re: Verizon hosting spammers :)
Menno van Bennekom wrote: Mojo wrote: Alas, I'm moving to a Verizon business DSL account for my server. Is there any distinction between residential DSL and business DSL in their network addresses? I don't know but my postfix check on dsl-verizon.net is based on DNS not on ip-address. So if you change the dsl-verizon.net in something else it will be allowed (in our case). But if you don't send mail directly Huh. Reverse DNS on my business DSL line from Verizon comes out as bdsl.66.15.96.103.gte.net (One thing I've asked their tech is if they would delegate reverse DNS to my name server, but the tech had no idea what I was talking about. I'll try again later ...) Mojo -- Morris Jones Monrovia, CA http://www.whiteoaks.com Old Town Astronomers: http://www.otastro.org
Re: Verizon hosting spammers :)
j o a r wrote: I was _hammered_ all throughout last year by messages to unknown accounts from machines in the sc0nnpub.verizon.net segment (nn = 01 - 99). Eventually I had to blacklist anything matching that pattern. Seems to be a lot more quiet now though. Actually, I suspect those are (misguided?) attempts at sender verification*. We get hammered by those too, and they're always** from or [EMAIL PROTECTED] We know spammers are forging our domain name in the return address, using randomly-generated addresses which look just like the unknown users Verizon is trying to reach. * Since so many admins disable VRFY to guard against dictionary attacks, the new tactic is to try to send mail to an address, but then drop the connection before sending an actual message. It can be used to make dictionary attacks, or it can be used on the purported sender of a message to make sure the return address exists. ** I've only done spot checks, but every time I have, they've fit this pattern. -- Kelson Vibber SpeedGate Communications www.speed.net
RE: Verizon hosting spammers :)
Huh. Reverse DNS on my business DSL line from Verizon comes out as bdsl.66.15.96.103.gte.net (One thing I've asked their tech is if they would delegate reverse DNS to my name server, but the tech had no idea what I was talking about. I'll try again later ...) Ditto for Conversent :/ --Chris
Re: Memory problems with SA 3.0.1?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] writes: Are there any memory problems for SA version 3.0.1? We recently upgraded to 2 gigs of memory on the server and SA just gobbled up the memory. We dip down to under 20 megs here and there and 30-40 megs the rest of the time. I lowered the number of processes from 15 to 10 and according to top the RSS is reading at least 50 megs per process. When I stop and start SA I obviously gain back a lot of memory, but soon goes back down. Im running this on Fedora Core 2 with qmail, I average 25-35 emails a minute with spikes to 300 emails a minute. I just dont know if SA is suppose to take up that much memory. Any suggestions on what to look for? Or is there like a memory leak in this version? couple of things: - - recent versions of linux (most 2.4.x kernels in Fedora Core, and all 2.6.* kernels) report shared incorrectly in ps and top output, only counting the pages loaded from shared libs instead of the pages actually being shared by the kernel. In fact, quite a bit more memory is being shared. check list archives for details. - - SpamAssassin 3.1.0 will include an Apache-style preforking system, which is more sensible in its use of RAM -- it'll only start a minimum number of processes, attempts to keep a small number of those procs active to minimize paging, and kills off servers that aren't being used. In the meantime, I'd suggest lowering the number of spamd processes being used. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFB7V0eMJF5cimLx9ARAlThAKCSnhA0vCzLIPEoG/vptvbIew5seQCgkUgD /VRM5IEzl1oxejf0Jon6O20= =kb/0 -END PGP SIGNATURE-
Re: spamassassin process a single message for 10 minutes !
Christian Recktenwald wrote:
On Tue, Jan 18, 2005 at 10:56:22AM +, Stefano Catani wrote:
here is the message:
http://mail.units.it/6474
it contains a lot of email addresses and stops our mailserver
these are the times on a dual PIII 1GHz (SpamAssassin 3.0.2)
time spamc 6474
real9m59.995s
user0m0.000s
sys 0m0.000s
I have spamd on a Sparc Enterprize, I believe it is dual 400 with 2gb
ram, spamc is running on dial 3.2ghz box and FreeBSD. SA 3.0.1.
X-Spam-Status: Yes, hits=13.037 tagged_above=-999 required=5 tests=AWL,
MISSING_SUBJECT, MSGID_FROM_MTA_ID, NIGERIAN_BODY1, NIGERIAN_BODY2,
NIGERIAN_BODY3, NIGERIAN_BODY4, RCVD_IN_BL_SPAMCOP_NET, RISK_FREE,
SPF_HELO_PASS, SPF_PASS, URG_BIZ, URIBL_SBL, URIBL_WS_SURBL, US_DOLLARS_3
X-Spam-Level: *
X-Spam-Flag: YES
Subject: ***SPAM***
real0m0.174s
user0m0.001s
sys 0m0.003s
DAve
similar result here:
real10m0.067s
user0m0.010s
sys 0m0.000s
single PIII 1GHz 750MB SA 3.0.0
spamd (according to top) does not eat significantly CPU.
I called strace on the spamd process:
...
select(0, NULL, NULL, NULL, {1, 2}) = 0 (Timeout)
open(/etc/protocols, O_RDONLY)= -1 EMFILE (Too many open files)
open(/var/lib/misc/protocols.db, O_RDWR|O_LARGEFILE) = -1 EMFILE (Too many
open files)
...
this is reported endlessly
so there seems to be a file handle problem.
According to lsof:
lsof | grep ^spamd | awk '{print $1,$2}' | sort | uniq -c
NrOF PID
37 spamd 20696
126 spamd 20698
129 spamd 20699
130 spamd 20700
1055 spamd 20701
38 spamd 26284
This surely is insane.
Process 20701 which is the actually scanning child process
has openend 933 UDP sockets:
spamd 20701 root 1023u IPv4 555058UDP *:38796
and 85 handles on bayes_toks:
spamd 20701 root 136u REG 58,2 5226496 656011 /home/chris/.spamassassin/bayes_toks
I'd guess the UDP sockets are from DNS lookups f. sender verify.
HTH, Chris
--
Systems Administrator
http://www.tls.net
Get rid of Unwanted Emails...get TLS Spam Blocker!
Re: spamassassin process a single message for 10 minutes !
It seems ok on my system linux stock 2.2.17 perl 5.8.6 dunno what other libs might make a difference. i ran it like this: wget -O - http://mail.units.it/6474 |spamassassin -t -D it scored thus: X-Spam-Status: Yes, score=15.1 required=9.5 tests=BAYES_50,J_CHICKENPOX_26, J_CHICKENPOX_31,J_CHICKENPOX_32,J_CHICKENPOX_53,J_CHICKENPOX_65, J_CHICKENPOX_81,J_CHICKENPOX_93,MSGID_FROM_MTA_ID,NIGERIAN_BODY1, NIGERIAN_BODY2,NIGERIAN_BODY3,NIGERIAN_BODY4,RISK_FREE,TO_EMPTY, URG_BIZ,US_DOLLARS_3 autolearn=no version=3.0.2 i didn't time it with a clock, but the last of the debug output from URIDNSBL might be of interest debug: URIDNSBL: query for start.no took 14 seconds to look up (sbl.spamhaus.org.:201.0.159.195) debug: URIDNSBL: queries completed: 11 started: 0 debug: URIDNSBL: queries active: at Tue Jan 18 21:11:33 2005 debug: done waiting for URIDNSBL lookups to complete maybe you could try that on your system and see if it is the URIDNSBL queries that are taking so long. also, try running it through spamassassin as opposed to spamc, this might let us know if the problem is with spamd using too many handles as Christian suggests. good luck, keith.
command line to disable bayes?
Is there a way, or a work around to disable bayes on the command line, similar to using spamassassin -t -L to disable Network tests? i realise i could copy my config , disable bayes in the copied config and then use -C, but maybe a command line option that allowed the specification of a single config directive could be included in a future release? I would like to use -t -D to test rules, without the possibility of having bayes learn something wrongly thanks! Keith.
Might spamd be loading my machine?
Lately, I've been having rather high load averages lately on my web/mail server. From what I can tell, the html traffic hasn't gone up that much, so I've got to assume that it's mail-related. Here's the beginning of a top that I just ran, sorted by memory usage. 4:17pm up 3 days, 4:55, 4 users, load average: 7.92, 6.89, 6.63 106 processes: 103 sleeping, 1 running, 2 zombie, 0 stopped CPU states: 10.1% user, 3.5% system, 0.0% nice, 86.2% idle Mem: 517672K av, 438920K used, 78752K free, 169292K shrd, 122232K buff Swap: 705424K av, 0K used, 705424K free 129348K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 1737 lordenv_ 0 0 27736 27M 9472 D 0 0.0 5.3 0:06 spamd 1739 lordenv_ 2 0 24744 24M 9656 D 0 0.1 4.7 0:05 spamd 1740 root 5 0 24660 24M 9692 S 0 0.0 4.7 0:04 spamd 1736 root 2 0 24100 23M 9756 S 0 0.0 4.6 0:03 spamd 1738 ebccs 10 0 23948 23M 9776 D 0 0.1 4.6 0:03 spamd 320 root 0 0 21904 21M 9932 S 0 0.0 4.2 0:03 spamd spamd has all the top marks. Is this normal for spamd? If not, is there anything I can do about it? I just added use_auto_whitelist 0 to my local.cf file, but it didn't change anything when I HUP killed spamd. I have 13 users using spamassassin to filter their mail, if that matters. --pat-- -- Pat Traynor [EMAIL PROTECTED]
Re: bayes 2
At 03:50 AM 1/18/2005, kalin mintchev wrote: spamassassin -D --lint test.txt where test.txt is a spam message i just used with sa-learn. here is what i get for the bayes: debug: cannot use bayes on this message; not enough usable tokens found debug: bayes: not scoring message, returning undef debug: bayes: 61998 untie-ing debug: bayes: 61998 untie-ing db_toks debug: bayes: 61998 untie-ing db_seen not enough tokens?! i just redid the databases - 552 spam and 603 ham - an the message i did the test with is part of the 552 spams. there is no line like: debug: bayes corpus size: nspam = , nham = what is wrong with this spamassassin? should i just reinstall? What does sa-learn --dump magic output? sa-learn --dump magic 0.000 0 3 0 non-token data: bayes db version 0.000 0487 0 non-token data: nspam 0.000 0602 0 non-token data: nham 0.000 0 64030 0 non-token data: ntokens 0.000 0 1084541355 0 non-token data: oldest atime 0.000 0 1106011236 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 0 0 non-token data: last expiry atime 0.000 0 0 0 non-token data: last expire atime delta 0.000 0 0 0 non-token data: last expire reduction count --
bayes training with whitelisted addresses
How smart is SpamAssassin when dealing with whitelisted / blacklisted email addresses and the bayes module? For instance, is it necessary to retrain email which is spam (and would have been marked as spam other than the whitelisting) if the sender or recipient address is whitelisted?
A good stats script?
What is a good script that folks are using to generate SA stats off a mail log?
Re: Might spamd be loading my machine?
At 04:44 PM 1/18/2005, Pat Traynor wrote: Lately, I've been having rather high load averages lately on my web/mail server. From what I can tell, the html traffic hasn't gone up that much, so I've got to assume that it's mail-related. Here's the beginning of a top that I just ran, sorted by memory usage. 4:17pm up 3 days, 4:55, 4 users, load average: 7.92, 6.89, 6.63 106 processes: 103 sleeping, 1 running, 2 zombie, 0 stopped CPU states: 10.1% user, 3.5% system, 0.0% nice, 86.2% idle Mem: 517672K av, 438920K used, 78752K free, 169292K shrd, 122232K buff Swap: 705424K av, 0K used, 705424K free 129348K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 1737 lordenv_ 0 0 27736 27M 9472 D 0 0.0 5.3 0:06 spamd 1739 lordenv_ 2 0 24744 24M 9656 D 0 0.1 4.7 0:05 spamd 1740 root 5 0 24660 24M 9692 S 0 0.0 4.7 0:04 spamd 1736 root 2 0 24100 23M 9756 S 0 0.0 4.6 0:03 spamd 1738 ebccs 10 0 23948 23M 9776 D 0 0.1 4.6 0:03 spamd 320 root 0 0 21904 21M 9932 S 0 0.0 4.2 0:03 spamd spamd has all the top marks. Is this normal for spamd? Spamd is normally quite large, with 20-30mb being the norm, and 50mb not unheard of. This is why you should limit the number of children spamd spawns with the -m parameter. By default 3.x should limit to 5 children. 2.x has no limits by default.
Re: bayes training with whitelisted addresses
At 05:49 PM 1/18/2005, Will Yardley wrote: How smart is SpamAssassin when dealing with whitelisted / blacklisted email addresses and the bayes module? For instance, is it necessary to retrain email which is spam (and would have been marked as spam other than the whitelisting) if the sender or recipient address is whitelisted? The bayes autolearner intentionally does not consider the white/blacklist settings, because doing so would mean an accidental error in your whitelist settings could cause your bayes DB to become heavily poisoned by spammers. ie: the common mistake of adding whitelist_from [EMAIL PROTECTED] would very quickly result in a lot of spam being learned as ham, as many spammers forge your own email address, or another in your domain, as the sender. In order to fix the problem you'd probably have to wipe your whole bayes DB and start over again.
Re: DIGEX
At 02:42 AM 1/18/2005, jdow wrote: Spam really did come from 164.109.26.27. Is DigiEx not marked in any of the BLs around? Why would digex be listed? AFAIK they are an fairly well behaved nowdays. I mean, sure they were notorious in the 1990's, but recently? No listing in any blacklists: http://www.dnsstuff.com/tools/ip4r.ch?ip=164.109.26.27 No matches for that IP in google groups: http://groups-beta.google.com/groups?q=164.109.26.27 No digex zone at blackholes.us: http://www.blackholes.us/ However the hostname does reflect that this is honda's marketing listserv: Host name: ebizmail.honda.com IP address: 164.109.26.27 Alias(es): None The only SBL entries for the whole digex ISP are: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL22573SBL22573 and http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17550SBL17550 , both of which are single IP listings related to them hosting gevalia's main website. Spamhaus claims they contract out spam runs to folks like Eddy Marin, but they do not claim that they spam via the digex network. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL22573 Digging in google groups on NANAS I really find very few reports on them, and all the ones I do find are webhosting complaints, not spamming complaints. Although, really, digex is now owned by MCI.. so maybe they've turned back downhill...
