Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
Kai Schaetzl wrote: Theo Van Dinter wrote on Sun, 19 Jun 2005 13:28:29 -0400: Which module are you talking about? I'm assuming the Mail::DomainKeys module. If so, you need to install that from CPAN, it's not part of SA. I'm adding that to the list of optional modules in the INSTALL doc. Yes, Mail::DomainKeys. It seems there is a mixture of plugins that are commented out, some are included in the distribution, some are not. So, there's no way to know from the v310.pre file if that particular plugin is included or not. I think this is confusing. Kai Every single one of the plugins in init.pre and v310.pre are included in the tarball. The plugins are all located in the lib/Mail/SpamAssassin/Plugin directory. Some plugins are commented out by default for licensing or other reasons, but they're all included. Module dependencies aren't included, but that's nothing new, nor non-standard. Daryl
Re: failing test bayesdbm_flock
On 21-Jun-2005 Michael Parker wrote: > Christine Kuhlmey wrote: > >>I get errors in "make test" in the t/bayesdbm_flock routine. >>I try to get spamassassin 3.0.4 running under Solaris 9 >>(each of the earlier versions I got running without test errors) >> >> >> > Odd, you aren't by chance running on an NFS mounted directory are you? Thanks for your reply. You are right - I made another test on a local filesystem and it went through without any error. So I simply got an nfs file-locking problem on my server. Christine
Re: Exchange/Outlook - how do you learn spam?
Hey Matt, Thanks heaps for the update. That certainly really helps my mystery! If this is the case, I will try to live with these facts! oh well *sob* Christian. Subject: Re: Exchange/Outlook - how do you learn spam? Date: Tue, Jun 21, 2005 at 10:40:00PM -0500 Quoting Matt Yackley ([EMAIL PROTECTED]): : Christian Purnomo said: : > I have a similiar approach, I noticed though that when the email is : > copied across to a public folder OR an IMAP folder, the email : > header/body is changed with ms-application/tnef. So whatever you feed : > sa-learn, it's not going to be effective as the body of the email has : > changed since from the original email. : > : > I get my exchange users to drop all the spams (undetected by : > spamassassin) to a public folder and I use imap (exchange is imap : > enabled) to retrieve the email from the exchange to my linux box, and : > scp && ssh to copy and run sa-learn on the remote mailgateway. : > : > I am still trying to figure out how to fix this tnef problem, has anyone : > experience / noticed the tnef / winmail.dat thing in the email message? : > apparently this only happens if the email has been read by a Microsoft : > email client who is tnef aware, and it automaticaly changes the email!!! : > : > CP : : Hi Christian, : : I have a ticket open with MS support on this issue, so far the news is not good. MS : has confirmed the problem and the Exchange dev team has said that they will not be : able to release a hotfix or patch to change the behaviour of their IMAP/POP3 code : due to the change required to fix this possibly causing issues with other pieces of : Exchange. : : Here is what I know of the issue. : 1. Email that has only been stored in user mailbox and then pulled from a mailbox : via IMAP/POP3 will retain the full headers of the email. : 2. Email that is moved into a public folder, then pulled out via IMAP/POP3 will have : the headers converted to the TNEF style which removes most X- headers, but does : leave the received headers, date/time headers but adds in some of the MS headers : including the TNEF. : 3. Emails that are moved to a public folder, then moved to a user mailbox, then : pulled out via IMAP/POP3 will suffer the same header issues as #2 : : MS is trying to come up with a work-around for the problem, also in his spare time : our developer at work is looking to see if he can come up with a work-around. If I : find a better way to pull messages out of Exchange, I'll let everyone know. : : --matt
Re: Exchange/Outlook - how do you learn spam?
Christian Purnomo said: > I have a similiar approach, I noticed though that when the email is > copied across to a public folder OR an IMAP folder, the email > header/body is changed with ms-application/tnef. So whatever you feed > sa-learn, it's not going to be effective as the body of the email has > changed since from the original email. > > I get my exchange users to drop all the spams (undetected by > spamassassin) to a public folder and I use imap (exchange is imap > enabled) to retrieve the email from the exchange to my linux box, and > scp && ssh to copy and run sa-learn on the remote mailgateway. > > I am still trying to figure out how to fix this tnef problem, has anyone > experience / noticed the tnef / winmail.dat thing in the email message? > apparently this only happens if the email has been read by a Microsoft > email client who is tnef aware, and it automaticaly changes the email!!! > > CP Hi Christian, I have a ticket open with MS support on this issue, so far the news is not good. MS has confirmed the problem and the Exchange dev team has said that they will not be able to release a hotfix or patch to change the behaviour of their IMAP/POP3 code due to the change required to fix this possibly causing issues with other pieces of Exchange. Here is what I know of the issue. 1. Email that has only been stored in user mailbox and then pulled from a mailbox via IMAP/POP3 will retain the full headers of the email. 2. Email that is moved into a public folder, then pulled out via IMAP/POP3 will have the headers converted to the TNEF style which removes most X- headers, but does leave the received headers, date/time headers but adds in some of the MS headers including the TNEF. 3. Emails that are moved to a public folder, then moved to a user mailbox, then pulled out via IMAP/POP3 will suffer the same header issues as #2 MS is trying to come up with a work-around for the problem, also in his spare time our developer at work is looking to see if he can come up with a work-around. If I find a better way to pull messages out of Exchange, I'll let everyone know. --matt
Re: Varying scores for same message ?
On Wed, Jun 22, 2005 at 12:57:26AM +0100, [EMAIL PROTECTED] wrote: > Why does the same e-mail, when processed on the same machine, through > the same spamc, for differing users, have different values for > RAZOR2_CF_RANGE_51_100 (1,5, 0.1), RAZOR2_CHECK (0.1, 1.5), > PYZOR_CHECK (2.0, 3.5)? As far as I krow, these tests aren't affected > by Bayes DBs score RAZOR2_CF_RANGE_51_100 0 1.485 0 0.056 score RAZOR2_CHECK 0 0.150 0 1.511 score PYZOR_CHECK 0 2.041 0 3.451 One of the users does not have Bayes active, so they use scoreset 1 (1.5, 0.2, 2.0 == 3.7). The other user does have Bayes active, so they use scoreset 3 (0.1, 1.5, 3.5 == 5.1). For more information, please see the POD. -- Randomly Generated Tagline: "M: Would anybody like some wine? W: What flavors do you have? M: You mean besides grape? W: Oh, ok." - Dream On pgpnsbBQ1SapU.pgp Description: PGP signature
Re: Varying scores for same message ?
> pts rule name > -- > 0.6 J_CHICKENPOX_72 > 0.1 HTML_30_40 > 0.0 HTML_MESSAGE > 1.5 RAZOR2_CF_RANGE_51_100 > pts rule name > -- > 0.6 J_CHICKENPOX_72 > 0.0 HTML_30_40 > 0.0 HTML_MESSAGE > 0.1 RAZOR2_CF_RANGE_51_100 > 3.5 BAYES_99 > Why does the same e-mail, when processed on the same machine, through > the same spamc, for differing users, have different values for > RAZOR2_CF_RANGE_51_100 (1,5, 0.1), RAZOR2_CHECK (0.1, 1.5), > PYZOR_CHECK (2.0, 3.5)? As far as I krow, these tests aren't affected > by Bayes DBs I suspect they are. There are four possible scoresets, and I would expect that one user is in scoreset 3 and the other in scoreset 4, at a guess. Loren
Re: Exchange/Outlook - how do you learn spam?
I have a similiar approach, I noticed though that when the email is copied across to a public folder OR an IMAP folder, the email header/body is changed with ms-application/tnef. So whatever you feed sa-learn, it's not going to be effective as the body of the email has changed since from the original email. I get my exchange users to drop all the spams (undetected by spamassassin) to a public folder and I use imap (exchange is imap enabled) to retrieve the email from the exchange to my linux box, and scp && ssh to copy and run sa-learn on the remote mailgateway. I am still trying to figure out how to fix this tnef problem, has anyone experience / noticed the tnef / winmail.dat thing in the email message? apparently this only happens if the email has been read by a Microsoft email client who is tnef aware, and it automaticaly changes the email!!! CP Subject: Re: Exchange/Outlook - how do you learn spam? Date: Tue, Jun 21, 2005 at 02:17:13PM -0500 Quoting E. Falk ([EMAIL PROTECTED]): : Easiest way to get them out of the Exchange public folder without : messing up the headers is via IMAP. There are some scripts available to : open the folder and read the messages (can't recall exactly where, but : if you can't find them let me know and I'll pass mine onto you - they're : modified versions of the scripts available online). : : Works very nicely. : : Evan : : Jon Dossey wrote: : >I'm sure a lot of us have a similar setup, linux/bsd mx gateways : >(running SA) relaying mail to Exchange, and Outlook clients. I'm just : >curious how everyone handles learning? : > : >It seems like a lot of people recommend a public folder for users to : >dump spam in, but how do you get it back out into a useable format that : >sa-learn will understand? Saving messages out of Outlook (for me : >anyway) into a txt file removes all the internet headers. : > : >So how else do you handle getting your messages back out of : >exchange/outlook, and sa-learn'ed? : > : >.jon
Re: Problems after update SA 2.64 => 3.0.4
> Theo Van Dinter writes: >> > > I don't believe anything was changed about this. The 3.1 code, for instance, > > still looks for 50 chars: > > > > while ( ($k,$v) = each %{$conf->{tests}} ) { > > if ($conf->{lint_rules}) { > > if (length($k) > 50 && $k !~ /^__/ && $k !~ /^T_/) { > > warn "config: warning: rule name '$k' is over 50 chars\n"; > > $conf->{errors}++; > > } > > } > > [...] > > } > > 3.1 no longer complains about descriptions over (what was it?) 70 chars -- > it does complain about overlong rule names, but descriptions have a much > higher limit now iirc. So that aspect shouldn't be a problem for > translators in 3.1. > > - --j. Hum. If the code Theo shows actually is from 3.1, then it either needs to be bypassed for non-english rules, or it is a place that got missed in the 70-character change and needs to be fixed. Is this something that should have a BZ ticket to make sure it gets checked? Loren
Re: Net::DNS problem?
[EMAIL PROTECTED] wrote: Irina wrote: I decided to downgrade it by downloading TAR. Installed prerequisites and the module itself just fine. Running spamassassin --lint and see the complaint about version of it is not numeric (0.49_03), therefore it can not compare 2 versions Argument "0.49_03" isn't numeric in numeric lt (<) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line 1230 But 0.49_03 IS numeric. Perl allows embedded _'s in numeric literals. Even if you put it in quotes - "0.49_03" - it's STILL numeric. perl -e "print 1 if 1 < 1.2_3" 1 perl -e "print 1 if 1 < '1.2_3'" 1 I ran across this as well, I'd have to dig a bit to find the exact reference, but one of the perl modules that's used by the spamassassin CPAN compile actually spits out the error - not perl itself. I think it was one of the Test:: sub modules. Might have been Digest::MD5, however. (I did it three days ago, and I didn't write down which one was related to it) BW
Re: Net::DNS problem?
> But 0.49_03 IS numeric. Perl allows embedded _'s in numeric literals. > > Even if you put it in quotes - "0.49_03" - it's STILL numeric. > > perl -e "print 1 if 1 < 1.2_3" > 1 > > perl -e "print 1 if 1 < '1.2_3'" > 1 This seems to be a problem with some internal perl statement parser and the way the developer declared the version number as a string. There is a fair thtread about it over on the dev list. The result seems to be benign, other than the annoying warning message. Loren
Re: SA efficency degrades quickly
> but after few days, the > efficency of SpamAssassin degrades from >90% of spam correctly > identified to a 60%... I tried to learn it again with new, not You must have something really wrong here. SA does degrade with time, but it is over months, not days, and it is only around 10% degredation. You don't say what kind of learning you are doing, Bayes or Awl. I will assume it is probably Bayes, but maybe you are doing both. You also don't show an example spam that didn't get marked, so we don't know what rules it hit. So all we can really do is make guesses rather than telling you what the real problem is. I'm hesitant to guess at what the problem is, so you should probably show an excerpt of a spam that failed to be marked, including the rules that hit on it. Loren
Varying scores for same message ?
Hi, I've recently been seeing some rather strange behaviour with Bayes and AWLs. Basically, I have a SA 3.0.4 installation running through Spamd on a server, to handle spam filtering. I find, though, that the same message, presented to two different users running through the same spamc for filtering, are presented with significantly different scores, by scores which I would have assumed do NOT have any connection to Bayes or AWLs. For example, one mail might get the following list with one user: Content analysis details: (18.4 points, 5.0 required) pts rule name -- 0.6 J_CHICKENPOX_72 0.1 HTML_30_40 0.0 HTML_MESSAGE 1.5 RAZOR2_CF_RANGE_51_100 1.2 MIME_HTML_ONLY 0.1 RAZOR2_CHECK 2.0 PYZOR_CHECK 1.4 DCC_CHECK 0.4 DNS_FROM_RFC_ABUSE 0.5 DNS_FROM_RFC_WHOIS 1.4 DNS_FROM_RFC_POST 0.6 URIBL_SBL 1.5 URIBL_JP_SURBL 2.0 URIBL_OB_SURBL 3.9 URIBL_SC_SURBL 0.2 DIGEST_MULTIPLE 1.0 DRUGS_ERECTILE While the same mail would trigger the following list and get the differing score: Content analysis details: (25.4 points, 5.0 required) pts rule name -- 0.6 J_CHICKENPOX_72 0.0 HTML_30_40 0.0 HTML_MESSAGE 0.1 RAZOR2_CF_RANGE_51_100 3.5 BAYES_99 0.2 MIME_HTML_ONLY 1.5 RAZOR2_CHECK 3.5 PYZOR_CHECK 2.2 DCC_CHECK 0.3 DNS_FROM_RFC_WHOIS 1.6 DNS_FROM_RFC_POST 1.0 URIBL_SBL 2.5 URIBL_JP_SURBL 3.2 URIBL_OB_SURBL 4.3 URIBL_SC_SURBL 0.1 DIGEST_MULTIPLE 1.0 DRUGS_ERECTILE Why does the same e-mail, when processed on the same machine, through the same spamc, for differing users, have different values for RAZOR2_CF_RANGE_51_100 (1,5, 0.1), RAZOR2_CHECK (0.1, 1.5), PYZOR_CHECK (2.0, 3.5)? As far as I krow, these tests aren't affected by Bayes DBs I find that the user processing the first set of results is in fact very good at it's scoring, with spam mail usually getting a fairly high mark, while ham mails might even be AWLd into finally having a negative total score. Would appreciate any help in clearing this up. Best wishes, Roshan
Re: spamd starting error
On Tue, Jun 21, 2005 at 07:19:16PM -0400, Jeff Koch wrote: > On both 3.0.2 and 3.0.4 I'm getting the following error when trying to > start spamd on a CentOS 3.4 mailserver (Redhat ES 3.4 clone). > > /etc/init.d/spamd has SPAMDOPTIONS="-d -c -m5 -q -x -v -H" which works > successfully with a number of Redhat 8.0 mailservers. Hrm. I'd look at the init script and see what it's doing. It looks like there's a default of -a that you're not overriding. -- Randomly Generated Tagline: Zapp: The spirit is willing but the flesh is spongey and bruised. pgpsMrIiAryTc.pgp Description: PGP signature
Re: SA efficency degrades quickly
Hello Mailing, Tuesday, June 21, 2005, 10:48:44 AM, you wrote: MLANC> Hi! MLANC> I have a little problem with spam recognition. I have re-learned MLANC> SpamAssassin (deleting old file from ".spamassassin" directory, to clear MLANC> old information) and it worked really nice... but after few days, the MLANC> efficency of SpamAssassin degrades from >90% of spam correctly MLANC> identified to a 60%... I tried to learn it again with new, not MLANC> recognized spam (and with all new ham, to respect a 1:1 - about - ratio MLANC> of spam:ham) but without any result. My experience is the opposite -- after wiping a Bayes database SA is initially 70%-80% accurate, and then rises steadily to 95% and better (better = with SARE rules). I'm guessing you may have auto-learn enabled with the default limits, and spam that sneaks by with 0.0 or 0.1 scores are learned as non-spam, polluting your database. If you have reliable negative-scoring ham rules (which generally are domain- or user-specific, then set your auto-learn ham threshold to some negative score (-0.2 or -0.5 or something like that). If you have no reliable negative-scoring ham rules, then turn off auto-learn and ONLY use sa-learn manually as you describe above. That may take care of your problem. Alternately, are you using SARE rules? Start with the most reliable SARE rules files, expand slowly, and they'll probably help you avoid Bayes degredation. Bob Menschel
spamd starting error
Hi: On both 3.0.2 and 3.0.4 I'm getting the following error when trying to start spamd on a CentOS 3.4 mailserver (Redhat ES 3.4 clone). /etc/init.d/spamd has SPAMDOPTIONS="-d -c -m5 -q -x -v -H" which works successfully with a number of Redhat 8.0 mailservers. I tried local.cf with 'use_auto_whitelist 0' and without. Has anyone else seen this error? Any solutions? TIA Starting spamd: The -a option has been removed. Please look at the use_auto_whitelist config option instead. [FAILED] Best Regards, Jeff Koch
RE: Exchange/Outlook - how do you learn spam?
Ben O'Hara wrote: > On 6/21/05, E. Falk <[EMAIL PROTECTED]> wrote: >> Jon Dossey wrote: >>> My problem is I don't like my MX (sitting in DMZ's), to connect >>> back to the Exchange server (private network) via IMAP. > > If your MX already connects back to the exchange server via smtp/25 > then what difference does imap/143 make? Simply ACL the access to > only your MXs IPs and do it the easy way with shared folders and IMAP > access. > Because SMTP just adds data. IMAP can delete data. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
Re: Exchange/Outlook - how do you learn spam?
On 6/21/05, E. Falk <[EMAIL PROTECTED]> wrote: > Jon Dossey wrote: > > (moved to bottom quote for you) > > > > I think I know the document you're referring to... > > http://wiki.apache.org/spamassassin/RemoteImapFolder?highlight=%28imap%2 > > 9 > > > > My problem is I don't like my MX (sitting in DMZ's), to connect back to > > the Exchange server (private network) via IMAP. > > > > My ideal solution would be to find a way to push the e-mail to SA, > > instead > > of letting them reach back inside my network to pull them out. > > > > > > Possibly FTP or SCP to a specific folder on the mail exchangers, and a > > cron job to check for anything, sa-learn it, and then rm it. > > > > > > .jon > > I see your problem. SCP is a very nice solution, since you can use keys > rather than passwords and push just as easily as pull. I use a similar > idea for pulling logs off the MX onto a Windows box with a tape backup. > > The only trick would be automating the export. It looks like a few > options have been posted to the list already... one other would be to > run perl on one of your machines (even your Exchange box, possibly) > inside the network to fetch the messages from the public folder and > create a message file (or files). > > From there, schedule a task to scp and remove the files and have a cron > job on your MX process them periodically as you said. > > Evan > If your MX already connects back to the exchange server via smtp/25 then what difference does imap/143 make? Simply ACL the access to only your MXs IPs and do it the easy way with shared folders and IMAP access. Ben -- "The Edge ... there is no honest way to explain it because the only people who really know where it is are the ones who have gone over." Hunter S. Thompson (1939-2005)
Re: Bayes database under MySQL
I have SA 3.0.2 set up with vpopmail, using MySQL for user preferences, auto whitelisting and bayesian storage. It seems that with auto_learn turned on, SA is keeping a per-user bayes DB in MySQL, which is great. However, I can't figure out how I can teach SA about spam/ham on a per-user basis. The best I've been able to find is on a global basis. Could anyone point me in the right direction on this? Use the -u username flag to sa-learn, or run sa-learn as the user via su or sudo. Mike Jackson Tech Administrator, Datahost www.datahost.com
Re: Net::DNS problem?
Hmmm, I wonder why it complained with 0.49_03 and was ok when I left 0.49 only. Irina === - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Tuesday, June 21, 2005 5:22 PM Subject: RE: Net::DNS problem? Irina wrote: > I decided to downgrade it by downloading TAR. Installed > prerequisites and the module itself just fine. > > Running spamassassin --lint and see the complaint about version of it > is not numeric (0.49_03), therefore it can not compare 2 versions > Argument "0.49_03" isn't numeric in numeric lt (<) at > /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line > 1230 But 0.49_03 IS numeric. Perl allows embedded _'s in numeric literals. Even if you put it in quotes - "0.49_03" - it's STILL numeric. perl -e "print 1 if 1 < 1.2_3" 1 perl -e "print 1 if 1 < '1.2_3'" 1 -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
Bayes database under MySQL
I have SA 3.0.2 set up with vpopmail, using MySQL for user preferences, auto whitelisting and bayesian storage. It seems that with auto_learn turned on, SA is keeping a per-user bayes DB in MySQL, which is great. However, I can't figure out how I can teach SA about spam/ham on a per-user basis. The best I've been able to find is on a global basis. Could anyone point me in the right direction on this? Thanks, Chris I apologize if this shows up twice; I originally sent this from an unsubscribed address, and it didn't arrive.
RE: Net::DNS problem?
Irina wrote: > I decided to downgrade it by downloading TAR. Installed > prerequisites and the module itself just fine. > > Running spamassassin --lint and see the complaint about version of it > is not numeric (0.49_03), therefore it can not compare 2 versions > Argument "0.49_03" isn't numeric in numeric lt (<) at > /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line > 1230 But 0.49_03 IS numeric. Perl allows embedded _'s in numeric literals. Even if you put it in quotes - "0.49_03" - it's STILL numeric. perl -e "print 1 if 1 < 1.2_3" 1 perl -e "print 1 if 1 < '1.2_3'" 1 -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
Re: Net::DNS problem?
I decided to downgrade it by downloading TAR. Installed prerequisites and the module itself just fine. Running spamassassin --lint and see the complaint about version of it is not numeric (0.49_03), therefore it can not compare 2 versions Argument "0.49_03" isn't numeric in numeric lt (<) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Dns.pm line 1230 Here is the line: $Net::DNS::VERSION < 0.34 I overwrote $Net::DNS::VERSION with 0.49 - so does not complain anymore :-))) Trying to figure out if this version is working. And don't see any of SURBL inside scores :- Irina - Original Message - From: "email builder" <[EMAIL PROTECTED]> To: Sent: Tuesday, June 21, 2005 4:18 PM Subject: Re: Net::DNS problem? > All, > > I also ran into this problem: > > > 0.51 has already been released that addresses the overlooked debug > > statement (http://www.net-dns.org/).I still get failures in > > the "11-escapedchars.t" test under Solaris-8/Perl-5.8.6 though. > > I contacted the author and he said it's fixed in SVN: > > "I fixed this bug about 2 days ago. If you need it quickly you can use > the SVN repository. > > svn co http://www.net-dns/svn/net-dns/trunk > > I plan do post a developers release this week. 0.51_02 that will > contain the fix." > > > > > > > Yahoo! Sports > Rekindle the Rivalries. Sign up for Fantasy Football > http://football.fantasysports.yahoo.com >
Re: Perl incompatibility causes spamc/spamd to fail
On Fri, Jun 17, 2005 at 04:50:49PM -0400, [EMAIL PROTECTED] wrote: > I'm running SpamAssassin 3.0.4 on a SuSE Linux 8.2 box. > > Ever since I ugraded to SA 3.0.1 and in all subsequent revs, SA installs > just fine, the spamassassin binary works perfectly, but spamc/spamd fail > miserably. > > spamd starts fine and ps ax shows it running fine. However when I run > spamc: > > cat SpamMessage | spamc -x > > I get a return status of 74 (EX_IOERR) and no spam headers inserted in the > message on stdout. > > If I run > > cat SpamMessage | spamassassin > > everything works perfectly, and spam headers are inserted in the message > on stdout. > > Looking at /var/log/mail, I noticed the following: > > Jun 17 16:30:55 pannier spamd[18747]: error: &Time::HiRes::constant not > defined > at /usr/lib/perl5/5.8.0/i586-linux-thread-multi/Time/HiRes.pm line 25._ > Illegal seek, continuing > Jun 17 16:31:00 pannier spamd[18748]: error: &Time::HiRes::constant not > defined > at /usr/lib/perl5/5.8.0/i586-linux-thread-multi/Time/HiRes.pm line 25._ > Illegal seek, continuing > > There seems to be a perl incompatibiluty problem here. Is there any way of > just fixing this, without possibly killing my entire system? I am very > reluctant to update perl overall because of worries it could break all > sorts of unexpected applications. This is a known issue in fact, explained at: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/56501 If you edit /etc/init.d/spamd to change the line: SPAMD_BIN=/usr/sbin/spamd To read: SPAMD_BIN=/usr/bin/spamd Then stop and restart spamd and use the YaST Runlevel Editor to configure spamd to automatically start in runlevels 3 & 5, that should provide a resolution for you. -- Anthony Edwards [EMAIL PROTECTED]
Re: Net::DNS problem?
All, I also ran into this problem: > 0.51 has already been released that addresses the overlooked debug > statement (http://www.net-dns.org/).I still get failures in > the "11-escapedchars.t" test under Solaris-8/Perl-5.8.6 though. I contacted the author and he said it's fixed in SVN: "I fixed this bug about 2 days ago. If you need it quickly you can use the SVN repository. svn co http://www.net-dns/svn/net-dns/trunk I plan do post a developers release this week. 0.51_02 that will contain the fix." Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com
Re: Exchange/Outlook - how do you learn spam?
Jon Dossey wrote: (moved to bottom quote for you) I think I know the document you're referring to... http://wiki.apache.org/spamassassin/RemoteImapFolder?highlight=%28imap%2 9 My problem is I don't like my MX (sitting in DMZ's), to connect back to the Exchange server (private network) via IMAP. My ideal solution would be to find a way to push the e-mail to SA, instead of letting them reach back inside my network to pull them out. Possibly FTP or SCP to a specific folder on the mail exchangers, and a cron job to check for anything, sa-learn it, and then rm it. .jon I see your problem. SCP is a very nice solution, since you can use keys rather than passwords and push just as easily as pull. I use a similar idea for pulling logs off the MX onto a Windows box with a tape backup. The only trick would be automating the export. It looks like a few options have been posted to the list already... one other would be to run perl on one of your machines (even your Exchange box, possibly) inside the network to fetch the messages from the public folder and create a message file (or files). From there, schedule a task to scp and remove the files and have a cron job on your MX process them periodically as you said. Evan
Exchange/Outlook - how do you learn spam?
> > Jon Dossey wrote: > > > I'm sure a lot of us have a similar setup, linux/bsd mx gateways > > > (running SA) relaying mail to Exchange, and Outlook clients. I'm just > > > curious how everyone handles learning? > > > > > > It seems like a lot of people recommend a public folder for users to > > > dump spam in, but how do you get it back out into a useable format > that > > > sa-learn will understand? Saving messages out of Outlook (for me > > > anyway) into a txt file removes all the internet headers. > > > > > > So how else do you handle getting your messages back out of > > > exchange/outlook, and sa-learn'ed? > > > > > > Easiest way to get them out of the Exchange public folder without > > messing up the headers is via IMAP. There are some scripts available to > > open the folder and read the messages (can't recall exactly where, but > > if you can't find them let me know and I'll pass mine onto you - they're > > modified versions of the scripts available online). > > > > Works very nicely. > > > > Evan > > > (moved to bottom quote for you) I think I know the document you're referring to... http://wiki.apache.org/spamassassin/RemoteImapFolder?highlight=%28imap%2 9 My problem is I don't like my MX (sitting in DMZ's), to connect back to the Exchange server (private network) via IMAP. My ideal solution would be to find a way to push the e-mail to SA, instead of letting them reach back inside my network to pull them out. Possibly FTP or SCP to a specific folder on the mail exchangers, and a cron job to check for anything, sa-learn it, and then rm it. .jon
RE: Exchange/Outlook - how do you learn spam?
Some people use various IMAP clients to do it, but I use the Outlook object model using Win32::OLE (probably because of my Windows background) and a COM object created by Dmitry Streblechenko (www.dimastr.com) called Outlook Redemption.. There's a charge for it's use with any commercial application (that you might try to sell it with), but I use the developer version. No restrictions are present. SaveAs creates a nice RFC822 mail message as a TXT file that sa-learn can gobble up. And it bypasses Outlook restrictions on programmatic access so that none of those annoying Outlook pop-up messages come up asking you to allow access for X minutes. He's got some really cool new security features allowing you to change the name of the COM object and the GUID, or even keep the DLL unregistered (and load access to it only when needed) so that would be hackers/viri shouldn't be able to use it against you in a fight for control over your PC's email. The problem you may be encountering is that once the user forwards a SPAM to someone to feed into bayes, Exchange strips the header info. That's why the public folder works so well, because the user drags it over to the public folder (headers in tact) and you can get to it without problem from there as well. Steven -Original Message- From: Jon Dossey [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 21, 2005 12:10 PM To: users@spamassassin.apache.org Subject: Exchange/Outlook - how do you learn spam? I'm sure a lot of us have a similar setup, linux/bsd mx gateways (running SA) relaying mail to Exchange, and Outlook clients. I'm just curious how everyone handles learning? It seems like a lot of people recommend a public folder for users to dump spam in, but how do you get it back out into a useable format that sa-learn will understand? Saving messages out of Outlook (for me anyway) into a txt file removes all the internet headers. So how else do you handle getting your messages back out of exchange/outlook, and sa-learn'ed? .jon
Re: Exchange/Outlook - how do you learn spam?
Jon Dossey writes: > > I'm sure a lot of us have a similar setup, linux/bsd mx gateways > (running SA) relaying mail to Exchange, and Outlook clients. I'm just > curious how everyone handles learning? > > It seems like a lot of people recommend a public folder for users to > dump spam in, but how do you get it back out into a useable format that > sa-learn will understand? Saving messages out of Outlook (for me > anyway) into a txt file removes all the internet headers. > > So how else do you handle getting your messages back out of > exchange/outlook, and sa-learn'ed? You need to setup the public folder so that messages placed there are not treated as a forward. Under properties/Admistration set Drag/Drop posting is a: Move/Copy After which: Well the way I do it is via IMAP Started from a script: http://www.dmzs.com/tools/files/spam/DMZS-sa-learn.pl And modified it a bit to suit my needs. (basically tossed in a call to formail so I can have a text copy that I can work with if need be)
RE: Exchange/Outlook - how do you learn spam?
I use Thunderbird to download the messages from Exchange via IMAP. I create local folders (making sure to set Thunderbird for MBOX format) and then copy to the local folders, one for Spam and one for Ham. Then I go into the profile, grab the mbox files, and upload to the server for import. This could (and maybe should) be automated, but I only do it every couple of months to catch spam that slips by the SURBLs and SARE rules. The key is to use something other than Outlook, which is useless for downloading in any standard format. > -Original Message- > From: Jon Dossey [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 21, 2005 12:10 PM > To: users@spamassassin.apache.org > Subject: Exchange/Outlook - how do you learn spam? > > I'm sure a lot of us have a similar setup, linux/bsd mx > gateways (running SA) relaying mail to Exchange, and Outlook > clients. I'm just curious how everyone handles learning? > > It seems like a lot of people recommend a public folder for > users to dump spam in, but how do you get it back out into a > useable format that sa-learn will understand? Saving > messages out of Outlook (for me > anyway) into a txt file removes all the internet headers. > > So how else do you handle getting your messages back out of > exchange/outlook, and sa-learn'ed? > > .jon > >
Re: Exchange/Outlook - how do you learn spam?
Easiest way to get them out of the Exchange public folder without messing up the headers is via IMAP. There are some scripts available to open the folder and read the messages (can't recall exactly where, but if you can't find them let me know and I'll pass mine onto you - they're modified versions of the scripts available online). Works very nicely. Evan Jon Dossey wrote: I'm sure a lot of us have a similar setup, linux/bsd mx gateways (running SA) relaying mail to Exchange, and Outlook clients. I'm just curious how everyone handles learning? It seems like a lot of people recommend a public folder for users to dump spam in, but how do you get it back out into a useable format that sa-learn will understand? Saving messages out of Outlook (for me anyway) into a txt file removes all the internet headers. So how else do you handle getting your messages back out of exchange/outlook, and sa-learn'ed? .jon
Exchange/Outlook - how do you learn spam?
I'm sure a lot of us have a similar setup, linux/bsd mx gateways (running SA) relaying mail to Exchange, and Outlook clients. I'm just curious how everyone handles learning? It seems like a lot of people recommend a public folder for users to dump spam in, but how do you get it back out into a useable format that sa-learn will understand? Saving messages out of Outlook (for me anyway) into a txt file removes all the internet headers. So how else do you handle getting your messages back out of exchange/outlook, and sa-learn'ed? .jon
Re: problem with SURBL checks
> Hello at SA list, > > I enabled SURBL in SA 3.0.2 from init.pre. Then checked > on people's mailboxes for this string > SURBL (I even checked for RBL string) > > But I don't see if any of RBL scores were assigned for 10 > minutes. Do you know what and how I can test. I tried to > use the test from http://www.stearns.org/sa-blacklist/ Have you restarted SA? Tried spamassassin -D --lint? = Kevin W. Gagel Network Administrator Information Technology Services (250) 561-5848 local 448 --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca ---
SA writing X-Spam-Status twice
I used atomicrocketturtle.com's project-gamera to isntall SA/clam/qmail-scanner. After getting it all setup, as you can see below, messages are being tagged twice in the headers. I am running spamd in debug mode so I watch messages go through, it doesn't SEEM like it's being scanned for spam twice - but I'm not sure. The headers at the very bottom are added via my /etc/mail/spamassassin/local.cf file - I'm not sure where the first X-Spam-Status is coming from, though. Any thoughts? Thank you very much. Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 30960 invoked by uid 508); 21 Jun 2005 18:41:36 - Received: from unknown (HELO mailer-03) (172.30.3.40) by 0 with SMTP; 21 Jun 2005 18:41:36 - Received: (qmail 7981 invoked by uid 104); 21 Jun 2005 18:41:17 - Received: from 172.29.128.245 by mailer-03 (envelope-from <[EMAIL PROTECTED]>, uid 101) with qmail-scanner-1.25st (spamassassin: 3.0.3. perlscan: 1.25st. Clear:RC:0(172.29.128.245):SA:0(-2.4/5.0):. Processed in 3.256041 secs); 21 Jun 2005 18:41:17 - X-Spam-Status: No, hits=-2.4 required=5.0 X-Qmail-Scanner-Mail-From: [EMAIL PROTECTED] via mailer-03 X-Qmail-Scanner: 1.25st (Clear:RC:0(172.29.128.245):SA:0(-2.4/5.0):. Processed in 3.256041 secs Process 7964) X-Envelope-From: [EMAIL PROTECTED] Received: from unknown (HELO MAPCINOC1) (172.29.128.245) by mailer-03 with SMTP; 21 Jun 2005 18:41:13 - Message-ID: <[EMAIL PROTECTED]> From: "matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: sdkfj Date: Tue, 21 Jun 2005 14:45:36 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0168_01C5766F.E2985A50" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on mailer-03 X-Spam-Status: No, score=-2.4 required=5.0 tests=ALL_TRUSTED,AWL,HTML_90_100, HTML_MESSAGE -- Matthew Yette Senior Engineer - NOC/Operations MA Polce Consulting, Inc. [EMAIL PROTECTED] 315-838-1644 (w) 315-356-0597 (f) AIM/Yahoo: MAPolceNOC MSN: [EMAIL PROTECTED]
problem with SURBL checks
Hello at SA list, I enabled SURBL in SA 3.0.2 from init.pre. Then checked on people's mailboxes for this string SURBL (I even checked for RBL string) But I don't see if any of RBL scores were assigned for 10 minutes. Do you know what and how I can test. I tried to use the test from http://www.stearns.org/sa-blacklist/ == MAIL FROM: [EMAIL PROTECTED] 250 [EMAIL PROTECTED] sender accepted RCPT TO: [EMAIL PROTECTED] 250 [EMAIL PROTECTED] will relay mail from a client address DATA 354 Enter mail, end with "." on a line by itself From: [EMAIL PROTECTED] Subject: Test mail for blacklist This is a test message http://www.sendmails.com";>www.sendmails.com . 250 1110389 message accepted for delivery quit == After I checked on the score in the arrived message, I did not see any RBL in it. Then checked by sending a message from mail.ru with http://surbl-org-permanent-test-point.com in it. It had a score of 0. After I enabled SURBL checks I also noticed I did not have NET::DNS, I only then installed it. I saw the suggestions from David B Funk about running SA with -D. We don't run spamd, we run cgpsa. Not sure how to debug with it. Can somebody point out where I can check/test? I may be missing another step or a perl module. Thank you for your help in advance. Irina
SA efficency degrades quickly
Hi! I have a little problem with spam recognition. I have re-learned SpamAssassin (deleting old file from ".spamassassin" directory, to clear old information) and it worked really nice... but after few days, the efficency of SpamAssassin degrades from >90% of spam correctly identified to a 60%... I tried to learn it again with new, not recognized spam (and with all new ham, to respect a 1:1 - about - ratio of spam:ham) but without any result. Can you help me? Thank you, Claudio!
Re: Problems after update SA 2.64 => 3.0.4
On Tue, Jun 21, 2005 at 09:49:36AM -0700, Justin Mason wrote: > > warn "config: warning: rule name '$k' is over 50 chars\n"; > > 3.1 no longer complains about descriptions over (what was it?) 70 chars -- > it does complain about overlong rule names, but descriptions have a much > higher limit now iirc. So that aspect shouldn't be a problem for > translators in 3.1. Aha -- I missed that the code line said "rule name". I kind of saw the warning and the "50 chars" bit and skipped the part in the middle. Sorry. -- Randomly Generated Tagline: Stand on the toilet, get high on pot. pgpsP36vwTM5T.pgp Description: PGP signature
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
On Tue, Jun 21, 2005 at 09:48:28AM -0700, Justin Mason wrote: > Descriptions being set for non-existent rules is a thoroughly minor > issue and hardly has any effect, and scattering "ifplugin" lines Well, yes, it's minor, but the message only occurs when running --lint. This is something worth noting via --lint, but not any other time. > throughout all the translation files will be quite a bit harder > to maintain... Yes and no. First, we haphazardly get translations now, so I don't think it'll be harder to deal with. Second, we could put the translation version in the plugin rule file (25_uribl, etc,) and that way there's only 1 section to worry about. -- Randomly Generated Tagline: Bender to Zoidberg: "You're looking less nuts, crabby." pgpl2jtHJZhFZ.pgp Description: PGP signature
Re: Problems after update SA 2.64 => 3.0.4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: > On Mon, Jun 20, 2005 at 09:09:24PM -0700, Loren Wilton wrote: > > Theo, I thought the warning on rule name length and description > > length had either been eliminated to drastically lengthened for > > non-English rules. Or was this only in the 3.1 stream? I know > > there was work done on this somewhere. > > I don't believe anything was changed about this. The 3.1 code, for instance, > still looks for 50 chars: > > while ( ($k,$v) = each %{$conf->{tests}} ) { > if ($conf->{lint_rules}) { > if (length($k) > 50 && $k !~ /^__/ && $k !~ /^T_/) { > warn "config: warning: rule name '$k' is over 50 chars\n"; > $conf->{errors}++; > } > } > [...] > } 3.1 no longer complains about descriptions over (what was it?) 70 chars -- it does complain about overlong rule names, but descriptions have a much higher limit now iirc. So that aspect shouldn't be a problem for translators in 3.1. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCuEUgMJF5cimLx9ARAsl6AJsF7/nvftfVY2f1g5SpBCfy+rTS9ACfZmTu zH79kb9zGARYypaKp/CK7qo= =PCy6 -END PGP SIGNATURE-
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: > On Tue, Jun 21, 2005 at 02:32:07PM +0200, Kai Schaetzl wrote: > > The interesting part concerning sa is that the warnings only appeared > > *after* I commented out the hashcash plugin. Unexpected, isn't it? > > The problem is that the translation files don't use the ifplugin bits to > correctly limit the descriptions to when the plugin is in use. > > Can you open a ticket about this? We'll need to fix it before release. BTW I'd be +1 to remove the lint warning about this, replacing it with something (possibly an external script?) that is only run for developer sanity tests. Descriptions being set for non-existent rules is a thoroughly minor issue and hardly has any effect, and scattering "ifplugin" lines throughout all the translation files will be quite a bit harder to maintain... - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCuETbMJF5cimLx9ARAjfIAKCPHMYID52B7rScF9Wm3vFwV7MBzQCgot9i 5cqjvvInd9cyZqM2muPQnmY= =OXCB -END PGP SIGNATURE-
Re: spamassassin smtp domino exchange passthru
SSK1 <[EMAIL PROTECTED]> wrote on 06/20/2005 08:31:01 PM: > Our inbound/outbound SMTP mail is traversing via MessageLabs.. > > Cut a long story stort - I want to bypass messagelabs (costs) and > implement an (in-house) Antispam solution. > > (domain1.com) I have 12 (W2K/Linux) Domino Servers including the (w2k) > Passthru Server. > (domain2.com) I have 1 2003 exchange server. > > 2 of the above servers receive smtp traffic and forward it to the > users/other servers. > > Basically I would like to know if it's possible to have a > linux/SpamAssassin server receive smtp traffic and then pass it on to > the passthru/exchange server once checked. > If it is possible, apart from Spamassassin, what other ingredients do I > need ? ie qmail ?? etc.. > Any other suggestions would be very much appreciated.. > Shouldn't be a problem at all. That's probably how a lot of SA installations are set up. You'll need an MTA of your choice, Sendmail, QMail, Postfix, etc., and a way of calling SA, milter, mailscanner, amavisd, etc. My SA setup uses sendmail and spamass-milter running on FreeBSD frontending several domino servers. Works like a champ. Andy
RE: spamassassin smtp domino exchange passthru
I'm running Postfix:amavisd-new:ClamAV:SpamAssassin on Debian Sarge, as a gateway for our Exchange server. Works like a charm. Elliot -Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 10:27 PM To: users@spamassassin.apache.org Subject: Re: spamassassin smtp domino exchange passthru On Tue, Jun 21, 2005 at 11:31:01AM +1000, SSK1 wrote: > Basically I would like to know if it's possible to have a > linux/SpamAssassin server receive smtp traffic and then pass it on to > the passthru/exchange server once checked. > If it is possible, apart from Spamassassin, what other ingredients do > I need ? ie qmail ?? etc.. Sure. I'm a fan of postfix/MailScanner/SpamAssassin. There's various options available, I believe a bunch of them are on the wiki. -- Randomly Generated Tagline: Have an adequate day.
Re: failing test bayesdbm_flock
Christine Kuhlmey wrote: >I get errors in "make test" in the t/bayesdbm_flock routine. >I try to get spamassassin 3.0.4 running under Solaris 9 >(each of the earlier versions I got running without test errors) > > > Odd, you aren't by chance running on an NFS mounted directory are you? Michael signature.asc Description: OpenPGP digital signature
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
On Tue, Jun 21, 2005 at 02:32:07PM +0200, Kai Schaetzl wrote: > The interesting part concerning sa is that the warnings only appeared > *after* I commented out the hashcash plugin. Unexpected, isn't it? The problem is that the translation files don't use the ifplugin bits to correctly limit the descriptions to when the plugin is in use. Can you open a ticket about this? We'll need to fix it before release. -- Randomly Generated Tagline: Beam me up, Scotty, it ate my phasor! pgptLnaKNQlNt.pgp Description: PGP signature
Re: Problems after update SA 2.64 => 3.0.4
On Mon, Jun 20, 2005 at 09:09:24PM -0700, Loren Wilton wrote: > Theo, I thought the warning on rule name length and description length had > either been eliminated to drastically lengthened for non-English rules. Or > was this only in the 3.1 stream? I know there was work done on this > somewhere. I don't believe anything was changed about this. The 3.1 code, for instance, still looks for 50 chars: while ( ($k,$v) = each %{$conf->{tests}} ) { if ($conf->{lint_rules}) { if (length($k) > 50 && $k !~ /^__/ && $k !~ /^T_/) { warn "config: warning: rule name '$k' is over 50 chars\n"; $conf->{errors}++; } } [...] } -- Randomly Generated Tagline: "And Fry, we owe you a tremendous debt as well. Were it not for your twentieth century garbage-making skills, we'd all be buried under twentieth century garbage." -Mayor pgpNukspMpA81.pgp Description: PGP signature
Re: SA 3.04 and RHEL4, Net::DNS isn't working
Steven Stern wrote: On a brand new RHEL4 installation, I've having problems with Net::DNS: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.51 debug: trying (3) apache.org... debug: looking up NS for 'apache.org' debug: NS lookup of apache.org failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 Dig is able to find apache.org. I've seen some posts on downgrading Net::DNS, but I can't find explicit instructions on how to do it. I installed it via CPAN inside perl. Steven, I use a local DNS cache on my machine, and this for some reason is confusing the tests. When I configure the server to use "real" DNS servers, that test "passes" without problems, so I thought it's just a problem on how the test was designed. I "force" installed the upgrade and added the following in my "local.cf": # ## Force DNS ## dns_available yes Bingo... that did the trick, and now DNS checks are enabled and have not had problems with my setup. I even changed the configuracion back to use my local DNS cache and still have not seen problems... Hope it helps. -- Jorge Valdes Intercom El Salvador [EMAIL PROTECTED]
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
wrote on Mon, 20 Jun 2005 15:40:13 -0700: > > Where's that warning coming from? > > Perhaps the ä? Yes, thanks for the hint. I removed the file with the German descriptions and all is well. Those custom-language environments are a real trap. I prefer to have it all in en-us on my own server systems, except for the time, but that's usually not administered by me. The interesting part concerning sa is that the warnings only appeared *after* I commented out the hashcash plugin. Unexpected, isn't it? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
RE: uribl
Check out http://www.uribl.com/. Click on the "Usage" link on the left. Cheers, Phil Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: Ron McKeating [mailto:[EMAIL PROTECTED] > Sent: 21 June 2005 12:03 > To: SPAMASSASSIN > Subject: uribl > > A little confused here, just got a spammy email for dodgy > watches and checked them on the surbl site, they were listed > in black.uribl.com but it only got a score of 1.3 > > Our scores for surbl stuff is > > score URIBL_AB_SURBL 5.5 > score URIBL_OB_SURBL 5.5 > score URIBL_PH_SURBL 5.5 > score URIBL_SBL 5.5 > score URIBL_SC_SURBL 5.5 > score URIBL_WS_SURBL 5.5 > > and the spam report gave > > 1.3 points, 6.0 required) pts rule name description > -- > -- 0.2 > DATE_IN_PAST_06_12 Date: is 6 to 12 hours before > Received: date 1.1 > RCVD_IN_SBLRBL: Received via a relay in Spamhaus SBL > [222.65.54.104 listed in sbl-xbl.spamhaus.org] > > > Do we need to do something for it to check the black.uribl list? > > Ron > > > -- > Ron McKeating > Senior IT Services Specialist > Computing Services > Loughborough University > 01509 222329 >
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
Theo Van Dinter wrote on Sun, 19 Jun 2005 13:28:29 -0400: > Which module are you talking about? I'm assuming the Mail::DomainKeys > module. If so, you need to install that from CPAN, it's not part of SA. > I'm adding that to the list of optional modules in the INSTALL doc. Yes, Mail::DomainKeys. It seems there is a mixture of plugins that are commented out, some are included in the distribution, some are not. So, there's no way to know from the v310.pre file if that particular plugin is included or not. I think this is confusing. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Re: Phishing: My rule and thoughts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I know emails from eBay with links and other emails with url links in signature are hit with my custom rules...but as I said, one can lower the scores all the way to 0.01 if needed. I also believe that ebay, paypal and amazon are the top items for phishermen. Sad but true. So ebay,paypal, amazon are not safe and not suitable for most ordinary people, only advanced users. Anyway, I appreciate all the feedback I got from the list users. > Hi Murty, > > I just believe that you can have legitimate emails where ebay and an > unrelated url > go together as a very simple case a friend might write he got / is > trying to get a product through > ebay that is described on some site. > There has been a discussion about writing a plugin that could discover > visible links vastly > different from their urls. > However, at least ebay works together with some company that uses > ebay.someserver.com > style addresses that tend to look like phish at first glance > > Wolfgang Hamann > > > > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCt/MPTjCkEJGBE14RAjBVAKCZgcYaFb2ruRXVZq6+Oe09eI11YACfXyRX UdEC1hwdJ1Qr9FKnQq1BOmI= =0oHm -END PGP SIGNATURE-
uribl
A little confused here, just got a spammy email for dodgy watches and checked them on the surbl site, they were listed in black.uribl.com but it only got a score of 1.3 Our scores for surbl stuff is score URIBL_AB_SURBL 5.5 score URIBL_OB_SURBL 5.5 score URIBL_PH_SURBL 5.5 score URIBL_SBL 5.5 score URIBL_SC_SURBL 5.5 score URIBL_WS_SURBL 5.5 and the spam report gave 1.3 points, 6.0 required) pts rule name description -- -- 0.2 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date 1.1 RCVD_IN_SBLRBL: Received via a relay in Spamhaus SBL [222.65.54.104 listed in sbl-xbl.spamhaus.org] Do we need to do something for it to check the black.uribl list? Ron -- Ron McKeating Senior IT Services Specialist Computing Services Loughborough University 01509 222329
Re: 3.1pre local.cf syntax errors
Ronan wrote: SA 3.1pre spamassassin --lint -D warn: config: failed to parse line, skipping: use_dcc 1 warn: config: failed to parse line, skipping: use_razor2 1 although use_pyzor 1 doesnt flag an error!?? DCC and Razor are disabled by default due to their license terms. Pyzor is enabled by default. To enable these see v310.pre in your local config directory. Daryl
Re: report settings
On Mon, 2005-06-20 at 16:55 +0100, Matthew Newton wrote: > On Mon, Jun 20, 2005 at 02:06:11PM +0100, Ron McKeating wrote: > > Is it possible to have a standard setting that does not put a full > > report in the header for normal users, but does for one or 2 selected > > users? > > If it is exiscan you are currently using, then I guess you currently > have something like...? > > # reject messages over score 10 (don't check if size is too big though) > deny message = Sorry, that looks like spam. > condition = ${if <{$message_size}{1048576}{1}{0}} > spam = nobody:true > condition = ${if >= {$spam_score_int}{100}{1}{0}} > > # add headers to messages that got through the last one > warn message = X-Spam-Score: ($spam_bar) $spam_score\n >X-Spam-Report: $spam_report > condition = ${if <{$message_size}{1048576}{1}{0}} > > accept > I tried this but when I put in the line X-Spam-Report exim refuses to start and complains it does on recognise the acl. > > In which case you could add conditions on the "warn" statement, i.e. > > warn message = X-Spam-Score: ($spam_bar) $spam_score\n > X-Spam-Report: $spam_report > condition = ${if <{$message_size}{1048576}{1}{0}} > condition = ${if eq {$sender_address_local_part}{postmaster} \ > {yes}{no}} > > warn message = X-Spam-Score: ($spam_bar) $spam_score > condition = ${if <{$message_size}{1048576}{1}{0}} > condition = ${if ! eq {$sender_address_local_part}{postmaster} \ > {yes}{no}} > > (untested) which would add the full report to the postmaster@ address, > but not for everyone else. You could use a file lookup as the condition, > of course. > > Matthew > > -- Ron McKeating Senior IT Services Specialist Computing Services Loughborough University 01509 222329
Re: Problems after update SA 2.64 => 3.0.4
Jim Knuth wrote on Tue, 21 Jun 2005 06:05:10 +0200: > sorry, but that`s not all. lint has 187 issues detected. Which is > (see attachment warning.txt) Got the same when I reviewed a 3.0.1 installation from rpm on CentOS with German environment the other day. I simply removed the rpm installation and installed 3.1-prelease from source. All issues gone. Either the rule names have been shortened in that distribution or the warning eliminated. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Empty subjects not rewritten
Hi, Recently I have received a couple of messages with empty bodies and subjects. The messages generate 8.3 hits yet the subject is still not rewritten, required hits is set to 6.0. I am running Spamassassin-3.0.3 with qmail on SUSE Linux 9.1. Is this a known problem or a bug? Mike Peters Linux System and Website Administrator Misys Financial Systems Tel: 01905 754455 Ext. 2242 www.misysgi.co.uk This message is intended for the named recipient only and may be privileged and/or confidential. If you are not the intended or named recipient or have received this email in error then you should not copy forward or disclose it to any other persons. If you have received this email in error you should destroy it and contact the sender so that we may take appropriate action. The views and opinions expressed in this email may not represent the views and opinions of Misys plc or any of its subsidiaries and are made without prejudice and subject to contract. The Company Reserves the right to intercept and review all email communications.
Re: Listening on local interface
On Mon, 20 Jun 2005 14:00:16 -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: > On Mon, Jun 20, 2005 at 06:17:25PM +0200, Marco Herrn wrote: > > udp 368 0 *:34602 *:* > >10608/spamd child > > udp 368 0 *:34603 *:* > >10608/spamd child > > udp 368 0 *:34604 *:* > >10608/spamd child > > > > What does that mean? All udp connections listen on the whole internet. Is > > this a bug? Have I configured spamd incorrectly? > > Those look like DNS queries waiting for a response. Should be fine, they're > short-lived. Ok, so they need to listen on all interfaces? Or is there a way to restrict this (if this makes sense)?
Re: Listening on local interface
Hi, Matt Kettler <[EMAIL PROTECTED]> wrote: > Marco Herrn wrote: > > What does that mean? All udp connections listen on the whole internet. Is > > this a bug? Have I configured spamd incorrectly? > > > > What plugins are you using? Any chance you've got a SA plugin that does it's > own > UDP based communications? What do you mean by plugins? I do not use (knowingly) any plugins.
Upgrading SA 2.64 - 3.0.3/4
Hi, I'm currently trying to move from a pair of machines running MD 2.43 & SA 2.64 to a pair of much faster systems running MD 2.52 & SA 3.0.4. I'd like to use my existing bayes and awl DBs as these have been built up over quite some time. I've tried using the db-to-txt.pl script to dump out the existing bayes db, but after running out of space at 10Gb I gave up. I'm now trying to use the sa-learn script to resync instead. The old bayes db is around 83 Mb, containing over 8 for ham and the same again for nham. Yesterday, after that had been running for almost a week I gave up trying to use this as well. To me this sounds a little excesive. Is this normal or has something gone horribly wrong ? I had debug set on the sa-learn and that itself had well over 200 Mb in size. The lines being written say Debug: refresh: 13295 /var/spool/MIMEDefang-bayes/bayes.mutex I've got Berkerley DB installed as well. Do I need to do a sa-learn --import instead ? Also, how do I go about converting the awl db ? Many thanks in advance. Richard
3.1pre local.cf syntax errors
SA 3.1pre spamassassin --lint -D warn: config: failed to parse line, skipping: use_dcc 1 warn: config: failed to parse line, skipping: use_razor2 1 although use_pyzor 1 doesnt flag an error!??
failing test bayesdbm_flock
Hi, I get errors in "make test" in the t/bayesdbm_flock routine. I try to get spamassassin 3.0.4 running under Solaris 9 (each of the earlier versions I got running without test errors) Any help is highly appreciated! Thanks in advance Christine Kuhlmey these are the errors: t/bayesdbm_flock1..44 # Running under perl version 5.008002 for solaris # Current time local: Tue Jun 21 10:22:18 2005 # Current time GMT: Tue Jun 21 08:22:18 2005 # Using Test.pm version 1.24 ok 1 ok 2 ok 3 ok 4 ok 5 ok 6 ok 7 ok 8 ok 9 Cannot open bayes databases ./log/user_state/bayes_* R/W: lock failed: No record locks available # Failed test 10 in t/bayesdbm_flock.t at line 70 not ok 10 ok 11 Cannot open bayes databases ./log/user_state/bayes_* R/W: lock failed: No record locks available # Failed test 12 in t/bayesdbm_flock.t at line 76 not ok 12 Cannot open bayes databases ./log/user_state/bayes_* R/W: lock failed: No record locks available ok 13 Cannot open bayes databases ./log/user_state/bayes_* R/W: lock failed: No record locks available # Failed test 14 in t/bayesdbm_flock.t at line 80 not ok 14 Use of uninitialized value in string eq at t/bayesdbm_flock.t line 82. # Failed test 15 in t/bayesdbm_flock.t at line 82 not ok 15 Cannot open bayes databases ./log/user_state/bayes_* R/W: lock failed: No record locks available # Failed test 16 in t/bayesdbm_flock.t at line 86 not ok 16 Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. ... ... Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. ... ... Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1772. Use of uninitialized value in numeric ge (>=) at ../blib/lib/Mail/SpamAssassin/B ayesStore/DBM.pm line 1758. Use of uninitialized value in numeric eq (==) at ../blib/lib/Mail/SpamAssassin/B ayesS