Re: HUGE bayes DB (non-sitewide) advice?
email builder wrote: In-memory storage: All data stored in each data node is kept in memory on the node's host computer. For each data node in the cluster, you must have available an amount of RAM equal to the size of the database times the number of replicas, This refers to the first line: "In-memory storage". Of course you can't do that with 160GB DBs. You can still cluster - look at DRBD http://www.drbd.org/ I guess the relevant point for this thread is that I don't necessarily think that this is the silver bullet as implied. Even if you use a high-availability clustering technology that can mirror writes and reads, you are STILL dealing with the possibility of a database that is just massive. Processing this size of database will still be disk-bound unless you have an unheard-of amount of memory; I don't think there's any reason to think that clustering the problem will make it go away. So I still wonder if anyone has any musings on my earlier questions? A few spamassassin hacks could help. 1. Have multiple mysql servers, split your users into A-J, K-S, T-Z OR smaller units and distribute them over different servers, with some HA / failover mechanism (possibly drbd). 2. Have 2 level of bayes, one large global and the other smaller per user if thats possible. Of course SA will need to be changed to use both the bayes'. This way you could have 2 large servers for the global bayes db and 2 for the per user bayes dbs. Also see if this SQL failover patch can help you in any way. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=2197 Finally to speed up the database have a look at this, the people at wikimedia / livejournal seem to be happy using it. http://www.danga.com/memcached/ Hope that helps, - dhawal
RE: HUGE bayes DB (non-sitewide) advice?
Sorry, only answered part of the question. My users are quite happy with overall markup of the spam. We occasionally get a HAM marked as SPAM. We have an odd client base though. -Original Message- From: email builder [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 8:58 PM To: Gary W. Smith; users@spamassassin.apache.org Subject: RE: HUGE bayes DB (non-sitewide) advice? > Our production database for a large number of emails (but using site > wide) is about 40mb. What is your bayes_expiry_max_db_size set to? Do you feel that it has been enough to effectively capture your various user email habits? __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
RE: HUGE bayes DB (non-sitewide) advice?
Default. Gart -Original Message- From: email builder [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 8:58 PM To: Gary W. Smith; users@spamassassin.apache.org Subject: RE: HUGE bayes DB (non-sitewide) advice? > Our production database for a large number of emails (but using site > wide) is about 40mb. What is your bayes_expiry_max_db_size set to? Do you feel that it has been enough to effectively capture your various user email habits? __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
Re: More spam getting through
> I'm not sure if Loren's rules made it into any particular > ruleset or if Leo "morph"'d too often to bother; Maybe someone They were in specific.cf as I recall. Yes, they were in there, and yes, Leo tended to get around them every few days. A couple of them are still there and still hit occasionally; some have been removed completely. However, a bunch of the other ninjas have gotten a thing against Leo, and it isn't unusual to see 5-10 mass checks a day against various Leo rules. I suspect that many of these may in fact be targeting some of Leo's competators as much as Leo himself - we really don't try to figure out who is sending this trash, just what we can find to catch it. If you have RDJ installed and correct and pulling down SARE rules, then you should be doing moderately well against most of these table spams. Of course, the urls are going to end up in SURBL before most of you get the spams, so those will aslo keep them away from the inbox. Loren
RE: HUGE bayes DB (non-sitewide) advice?
> Our production database for a large number of emails (but using site > wide) is about 40mb. What is your bayes_expiry_max_db_size set to? Do you feel that it has been enough to effectively capture your various user email habits? __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs
Re: HUGE bayes DB (non-sitewide) advice?
> > In-memory storage: > > All data stored in each data node is kept in memory on the node's > > host computer. For each data node in the cluster, you must have > > available an amount of RAM equal to the size of the database times > > the number of replicas, > > This refers to the first line: "In-memory storage". Of course you can't > do that with 160GB DBs. You can still cluster - look at DRBD > http://www.drbd.org/ I guess the relevant point for this thread is that I don't necessarily think that this is the silver bullet as implied. Even if you use a high-availability clustering technology that can mirror writes and reads, you are STILL dealing with the possibility of a database that is just massive. Processing this size of database will still be disk-bound unless you have an unheard-of amount of memory; I don't think there's any reason to think that clustering the problem will make it go away. So I still wonder if anyone has any musings on my earlier questions? __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
Re: More spam getting through
> If anyone can formulate a regex to catch these letters in any order, while avoiding a > repeating sequence like "A A A A A ", it would make this a safer rule. SARE has quite a number of rules specifically to catch these table drug spams. Loren
Re: Habeas?
On 2005-11-08 17:37:01 -0500, Matt Kettler wrote: > Actually, more to the point.. Habeas doesn't use or support plain-SWE anymore. Thanks. Habeas didn't bother to tell their "customers". Best Martin -- http://www.tm.oneiros.de
RE: More spam getting through
>... >From: List Mail User [mailto:[EMAIL PROTECTED] >> >> >... >> >I'm running SA 3.1 and I have started to notice more spam come through >> >recently. >> >[snip - original table drug spam] >> > >> >Has anyone else been having this problem? Any rules to catch medication >> >names in those types of tables? >> >> They should hit a well trained BAYES, and both Pyzor and DCC as >> well as Razor2 (your site may not be able to use them due to licensing >>[snip - original reply] > >I have a trained Bayes DB, but I didn't get anything from it. I'm >running Razor, but not Pyzor or DCC. I've got the default blacklists >and a bunch of SARE rules, but I'm not sure if I've got the one you >are referring to. > >Here's my current list (updated via RDJ): >70_sare_adult.cf >70_sare_evilnum0.cf >70_sare_genlsubj0.cf >70_sare_header0.cf >70_sare_html0.cf >70_sare_obfu0.cf >70_sare_random.cf >70_sare_specific.cf >70_sare_spoof.cf >70_sare_unsub.cf >70_sare_uri0.cf >70_sare_whitelist_rcvd.cf >70_sare_whitelist_spf.cf >99_sare_fraud_post25x.cf >chickenpox.cf >weeds.cf > >I don't have one to look at right now, but from memory, there was just >Razor and chickenpox that hit. > >No Bayes mention at all, which is odd now that you mention it. Maybe >I should check to make sure everything is working properly. > >Bowie > I'm not sure if Loren's rules made it into any particular ruleset or if Leo "morph"'d too often to bother; Maybe someone else could speak up who is using them (I seem to remember the first few cuts would only work for a few days, then were "beaten"). I'd expect the SARE set to be 70_sare_drugs.cf, but that one may now be obsolete or not appropriate for 3.1 (or possible even earlier, I admit I often read the SARE rules, but don't actually use them). If you're not using Pyzor, it is a bit of a memory hog (need to keep a copy of python running), but is a very valuable addition. Likewise, if you can accept the licensing run DCC - If you don't like or can't use it because of the license, consider running version 1.2.72 which generally works well and had the old license terms (i.e. basically unrestricted free, but no longer supported though it does work). Also, do check your Bayes DB - with a bunch of examples, if you run sa-learn on them, you should quickly get to where they trigger BAYES_99. A high Bayes score and one or two digest hits will stop them in most environments; Anything else is just icing and makes them easier still. Because of the nature of zombie delivery, it is important to hand train your Bayes DB even if you do enable auto-learning (i.e. they will often have too few header or body points to trigger auto-learn). Also, try to feed some old ones back into "spamassassin -t" and see if they now are hitting net tests; If they do now, but didn't when you received them, you had the misfortune to be at the start of a spam run (net tests are very, very helpful and good for everybody except the few people who get the spam first - they are the ones who report the spam and then "save" everyone else who gets it later - it is good altruistic behavior for everyone to report spam as much as possible to get it into the BL databases - i.e. SpamCop, etc. and digest reporting). Paul Shupak [EMAIL PROTECTED]
Re: More spam getting through
On Tuesday 08 November 2005 08:57 am, Bowie Bailey wrote: > I'm running SA 3.1 and I have started to notice more spam come through > recently. > > Some are porn and some are medication. They don't hit much of anything > beyond Razor2 and Chickenpox, which isn't enough to mark them as spam. > > Some of the medication spams are using an obnoxious html table structure > that makes the contents of each cell print vertically. > > For example: > > > a d g > b e h > c f i > > <\tr> > > > This results in: > a b c > d e f > g h i > > Has anyone else been having this problem? Any rules to catch medication > names in those types of tables? > > Bowie I've had a couple of these wind up just under my cutoff (5.0). What I've done is run spamassassin -r and once they make it to dcc/pyzor/razor the score jumps up quite a bit. -- Chris Registered Linux User 283774 http://counter.li.org 20:35:12 up 33 days, 57 min, 2 users, load average: 2.17, 1.60, 1.00 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
Re: [OTAnn] Feedback
Roomity.com -> Spammer list. No more mail from this site. It takes a REALLY stupid spammer to try this sort of . {^_-} - Original Message - From: "shenanigans" <[EMAIL PROTECTED]> To: Sent: 2005 November, 08, Tuesday 08:38 Subject: [OTAnn] Feedback I was interested in getting feedback from current mail group users. We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband. Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast video and social networking such as favorite authors and an html editor. It?s free to join and any feedback would be appreciated. S. Broadband interface (RIA) + mail box saftey = href="http://Spam_Assassin_Users_List.roomity.com";>Spam_Assassin_Users_List.roomity.com *Your* clubs, no sign up to read, ad supported; try broadband internet. ~~1131467917258~~
Re: Habeas?
Matt Kettler wrote: > Martin Schröder wrote: > >>On 2005-11-08 14:04:27 -0500, Matt Kettler wrote: >> >> >>>It's a DNS based test now, so you need Net::DNS installed and network tests >>>enabled... >> >> >>Why? >> >>Best >>Martin (whose mails are Habeas SWE) > > > SA 3.1.0 does NOT use the plain habeas SWE anymore. Period. > Actually, more to the point.. Habeas doesn't use or support plain-SWE anymore. See http://www.habeas.com/
Re: Habeas?
Martin Schröder wrote: > On 2005-11-08 14:04:27 -0500, Matt Kettler wrote: > >>It's a DNS based test now, so you need Net::DNS installed and network tests >>enabled... > > > Why? > > Best > Martin (whose mails are Habeas SWE) SA 3.1.0 does NOT use the plain habeas SWE anymore. Period. SA has been changed to only use the Habeas accreditation system. This system is completely different from the SWE and requires a network based DNS lookup to work. It cannot work any other way.
Re: child processing timeout
Ronan wrote: Justin Mason wrote: These are totally new ;) If you can track down a message that causes this, a bug report would be welcome. - --j. Are you looking for an example message or just headers or what? If you let me know ill have a hoke around and get one for ya! Whatever triggers the bug. It's likely going to be the complete message that triggers it. Daryl
Re: Habeas?
On Tue, Nov 08, 2005 at 10:45:26PM +0100, Martin Schröder wrote: > > It's a DNS based test now, so you need Net::DNS installed and network tests > > enabled... > > Why? > Martin (whose mails are Habeas SWE) In the same way that sending mail to spamassassin-users@incubator.apache.org has been deprecated in favor of users@spamassassin.apache.org ... The SWE has been deprecated in favor of the accreditation DNS versions. -- Randomly Generated Tagline: Above all else -- sky. pgphgsh4f53zq.pgp Description: PGP signature
Re: Habeas?
On 2005-11-08 14:04:27 -0500, Matt Kettler wrote: > It's a DNS based test now, so you need Net::DNS installed and network tests > enabled... Why? Best Martin (whose mails are Habeas SWE) -- http://www.tm.oneiros.de
Re: Qmail question..
Arvinn Løkkebakken wrote: > Qmail is dead. Concider something that is still getting developed. My > preference is Postfix. I have to make sure that qmail and qmail-ldap won't get mixed up at this point. Bye, Aiko -- Aiko Barz <[EMAIL PROTECTED]> signature.asc Description: OpenPGP digital signature
RE: More spam getting through
From: List Mail User [mailto:[EMAIL PROTECTED] > > >... > >I'm running SA 3.1 and I have started to notice more spam come through > >recently. > > > >Some are porn and some are medication. They don't hit much of anything > >beyond Razor2 and Chickenpox, which isn't enough to mark them as spam. > > > >Some of the medication spams are using an obnoxious html table structure > >that makes the contents of each cell print vertically. > > > >For example: > > > > > > a d g > > b e h > > c f i > > > ><\tr> > > > > > >This results in: > >a b c > >d e f > >g h i > > > >Has anyone else been having this problem? Any rules to catch medication > >names in those types of tables? > > They should hit a well trained BAYES, and both Pyzor and DCC as > well as Razor2 (your site may not be able to use them due to licensing > issues). I believe that Loren has written some SARE rules for these > also (check the archives). These are Leo Kuvayev's pill spams, and > also very often fail many net tests (XBL, SBL, etc. and after a while > they will hit the SURBLs and other URI tests as long as you are not > at the very start of a spam run). They tend to run > 20 points here, > peaking over 40 points at the end of a run (or a subsequent spam run). > I believe some people using the SARE rules report ~100 points for them > (after half a day or so, they fail every net test, and very > many "small" > rules). Also, the typical ones are delivered by zombies, so often the > DUL tests hit right away, and if you can afford to refuse bad DNS at > the MTA level (many large sites can't), you'll never see most of them. > > The last one I got hit: > BAYES_99,DIGEST_MULTIPLE,FORGED_MUA_IMS,HELO_DYNAMIC_COMCAST, > PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET, > RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL, > URIBL_COMPLETEWHOIS,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_ABUSE, > URIBL_RHS_AHBL,URIBL_RHS_DSN,URIBL_RHS_NOCOMPLAINTS,URIBL_RHS_NOSTDMAIL, > URIBL_RHS_POST,URIBL_RHS_URIBL_BLACK,URIBL_RHS_WHOIS,URIBL_SBL, > URIBL_SBL_COMWHOIS,URIBL_SC_SURBL,URIBL_WS_SURBL,URIBL_XS_SURBL > > A slightly earlier one got a much lower score with: > BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_80_90,HTML_MESSAGE,PYZ > OR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCO > P_NET,RCVD_IN_XBL,UPPERCASE_25_50,URIBL_RHS_POST,URIBL_RHS_WHOIS > > In both cases local URI rules increased the score, but were not > needed (i.e. they would be over most "reasonable" limits anyway). I have a trained Bayes DB, but I didn't get anything from it. I'm running Razor, but not Pyzor or DCC. I've got the default blacklists and a bunch of SARE rules, but I'm not sure if I've got the one you are referring to. Here's my current list (updated via RDJ): 70_sare_adult.cf 70_sare_evilnum0.cf 70_sare_genlsubj0.cf 70_sare_header0.cf 70_sare_html0.cf 70_sare_obfu0.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_unsub.cf 70_sare_uri0.cf 70_sare_whitelist_rcvd.cf 70_sare_whitelist_spf.cf 99_sare_fraud_post25x.cf chickenpox.cf weeds.cf I don't have one to look at right now, but from memory, there was just Razor and chickenpox that hit. No Bayes mention at all, which is odd now that you mention it. Maybe I should check to make sure everything is working properly. Bowie
Re: Habeas?
Raul Dias wrote: > My bad. I grep the wrong dir. > > Do I need to enable it? > > It doesn't seem to be working here. > > ( and now that I said that I can't find a habeas message here to test > *grin*) > It's a DNS based test now, so you need Net::DNS installed and network tests enabled... For what it's worth, I can tell you the motley fool investment newsletters from www.fool.com match HABEAS_ACCREDITED_SOI.
Re: Qmail question..
DAve wrote: Arvinn Løkkebakken wrote: Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn I currently run a cluster of qmail machines and find it reliable, the user base active, the tools up to date. I've run Sendmail, Exim, Postfix as well. All have their place. qmail works quite well with spamc and there are several ways to use the two together. I would argue there are more ways to combine spamc and qmail than any other mailserver. Choose the best tool for the job. DAve I of course agree that one should choose the best tool for the job and Qmail has been a great tool for years. I have glanced at the doc for Exim earlier and it looks like a very good alternative. Same goes for Courier MTA. I've been operating Qmail for some years and found it to fullfill most needs untill I experienced that the gap between available functions between my Postfix installation and Qmail installation just kept getting bigger. I don't enjoy using third-party patches and from experience I wouldn't recommend a self-claimed rookie to depend on third-party patches either. Standard Qmail lacks one must-have feature which is desent before-queue recipient validation. AUTH, STARTTLS/SSL and ldap/sql lookups support (the list goes on) isn't must-have features but I would certainly miss it if I picked up standard Qmail again. http://www.postfix.org/documentation.html is a very fine place to start if you are a rookie and need documentation and help for installation. I should have included that URL in my first post. If you are an experienced unix admin and postmaster you can make Qmail do anything (including the things I mentioned above) but I think a newcommer would appreciate to start with a product with more of these as out-of-the-box features. I feel like a newcommer myself and by using a more up to date software I really appreciate the fact that I don't have to inspect every patch to see if it is compatible with all the other user contributed patches I would choose to use with Qmail. I am not a troll, and people on the list claiming I am one (straight out or by beeing sarcastic), will not be replied to by me. Arvinn
Re: Habeas?
My bad. I grep the wrong dir. Do I need to enable it? It doesn't seem to be working here. ( and now that I said that I can't find a habeas message here to test *grin*) Raul Dias On Tue, 2005-11-08 at 13:28 -0500, Matt Kettler wrote: > Raul Dias wrote: > > Hi, > > > > What happened to Habeas support in SA? > > > > More than a year ago there was a discussion about using habeas. > > > > There were patchs in there site (gone/broken link) and it would be > > incorporated into SA 3.0.x. > > > > Now we have SA 3.1 and no sign of habeas support. > > > > Is it gone for good? > > eh? > > $ grep HABEAS 50_scores.cf > score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 > score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 > score HABEAS_CHECKED 0 -0.2 0 -0.2 > > Habeas has been in SA, in one form or another, since SA 2.40, it wasn't added > in > 3.0.x. Admittedly it's changed from the basic SWE/HIL setup to the DNS based > accreditation system, but it is still there. -- Raul Dias <[EMAIL PROTECTED]>
Re: Qmail question..
>> >> Rick Macdougall wrote: >> >> > Arvinn Løkkebakken wrote: >> > >> >> Robert Leonard wrote: >> >> >> >>> Can anybody point me to a good forum for Qmail? I'm a newb and a >> >>> windows guy >> >>> so this is quite the daunting thing! What I want to figure out is >> >>> how to >> >>> get qmail w/ tcpserver to allow incoming smtp connections from only >> >>> SPECIFIC >> >>> IP's.. I'm getting flooded by mail coming from places I shouldn't be >> >>> getting >> >>> mail from! >> >>> >> >>> Thanks in advance! >> >>> >> >>> >> >>> >> >> Qmail is dead. Concider something that is still getting developed. My >> >> preference is Postfix. >> >> >> >> Arvinn >> > >> > >> > Ha, great troll! >> > >> > >> I'm sorry if that's is how you read my posting, Didn't mean to be one. >> It would be nice to see a 2.0, but afaik that will never happen. >> >> Arvinn >> Hi, it seems that version numbers are of relative merit in a non-commercial software, where there is no need to tell users ("we have just jumped from 7 to 9, while our main competitor still is at 7.5") I recall that may years ago a mathematician and software writer decided to use E and PI for version numbers, just adding one decimal place after the other and avoiding that silly jump of version numbers altogether As an active qmail user, I would sayit cannot be dead because otherweise there would not be support for new stuff, e.g. domainkeys. Wolfgang Hamann
RE: [OTAnn] Feedback
>... >Duncan Hill wrote: >> On Tuesday 08 Nov 2005 16:38, shenanigans wrote: >>> I was interested in getting feedback from current mail group users. >>> >>> We have mirrored your mail list in a new application that provides a >>> more aggregated and safe environment which utilizes the power of >>> broadband. >>> >>> Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version >>> adds broadcast video and social networking such as favorite authors >>> and an html editor. >> >> This mail has hit several lists I'm on. The full-disclosure list had >> a bit of a field day with the concept of a java app required to see >> the content - considering the security problems that might imply. >> >> And I have to wonder what the 'power of broadband' has to do with >> mailing lists... > >The better to serve ads with, my dear: >"*Your* clubs, no sign up to read, ad supported; try broadband internet. >~~1131467917258~~" > >Guaranteeing a "safe environment", presumably free from spam, is ironic when >posted to an anti-spam list. Any reason why this is *not* spam? > -Don No, this *is* spam. They're hosted by Hurricane Electric, who clearly wouldn't care; But they are registered by easyDNS and get name service from them - who probably does care (it looks like a violation of easyDNS's TOS/AUP). Someone who has seen multiple copies of this should send an email to easyDNS. Paul Shupak [EMAIL PROTECTED]
Re: Habeas?
Raul Dias wrote: > Hi, > > What happened to Habeas support in SA? > > More than a year ago there was a discussion about using habeas. > > There were patchs in there site (gone/broken link) and it would be > incorporated into SA 3.0.x. > > Now we have SA 3.1 and no sign of habeas support. > > Is it gone for good? eh? $ grep HABEAS 50_scores.cf score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 score HABEAS_CHECKED 0 -0.2 0 -0.2 Habeas has been in SA, in one form or another, since SA 2.40, it wasn't added in 3.0.x. Admittedly it's changed from the basic SWE/HIL setup to the DNS based accreditation system, but it is still there.
Re: SA 3.1 reports in german
Hi, I recall that at some time I had to symlink some file to one with an @euro part in the name - but I am not exactly sure in which context Wolfgang Hamann >> >> Hi >> >> >> I would like to have SA generate German reports, not English reports.=20 >> >> Whatever I do either I'm getting no report (report template not found >> - although in /etc/mail/spamassassin/10_misc.cf the report template is >> defined with "lang de report blablabla") or there's an English report >> in the email.=20 >> >> is there a parameter I have to use when starting "spamd -du user" ? >> >> I've searched Dr Google, the SA docs as well as the SA FAQ.=20 >> >> Please help >> >> Thanks >> Philipp >> >> >>
Re: More spam getting through
>... >I'm running SA 3.1 and I have started to notice more spam come through >recently. > >Some are porn and some are medication. They don't hit much of anything >beyond Razor2 and Chickenpox, which isn't enough to mark them as spam. > >Some of the medication spams are using an obnoxious html table structure >that makes the contents of each cell print vertically. > >For example: > > > a d g > b e h > c f i > ><\tr> > > >This results in: >a b c >d e f >g h i > >Has anyone else been having this problem? Any rules to catch medication >names in those types of tables? > >Bowie > They should hit a well trained BAYES, and both Pyzor and DCC as well as Razor2 (your site may not be able to use them due to licensing issues). I believe that Loren has written some SARE rules for these also (check the archives). These are Leo Kuvayev's pill spams, and also very often fail many net tests (XBL, SBL, etc. and after a while they will hit the SURBLs and other URI tests as long as you are not at the very start of a spam run). They tend to run > 20 points here, peaking over 40 points at the end of a run (or a subsequent spam run). I believe some people using the SARE rules report ~100 points for them (after half a day or so, they fail every net test, and very many "small" rules). Also, the typical ones are delivered by zombies, so often the DUL tests hit right away, and if you can afford to refuse bad DNS at the MTA level (many large sites can't), you'll never see most of them. The last one I got hit: BAYES_99,DIGEST_MULTIPLE,FORGED_MUA_IMS,HELO_DYNAMIC_COMCAST,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,URIBL_AB_SURBL,URIBL_COMPLETEWHOIS,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_ABUSE,URIBL_RHS_AHBL,URIBL_RHS_DSN,URIBL_RHS_NOCOMPLAINTS,URIBL_RHS_NOSTDMAIL,URIBL_RHS_POST,URIBL_RHS_URIBL_BLACK,URIBL_RHS_WHOIS,URIBL_SBL,URIBL_SBL_COMWHOIS,URIBL_SC_SURBL,URIBL_WS_SURBL,URIBL_XS_SURBL A slightly earlier one got a much lower score with: BAYES_99,DCC_CHECK,DIGEST_MULTIPLE,HTML_80_90,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,UPPERCASE_25_50,URIBL_RHS_POST,URIBL_RHS_WHOIS In both cases local URI rules increased the score, but were not needed (i.e. they would be over most "reasonable" limits anyway). Paul Shupak [EMAIL PROTECTED]
Re: Qmail question..
Evan Platt wrote: At 09:39 AM 11/8/2005, you wrote: Thank you for your opinion. Consider learning to spell. There was, IMHO, nothing rude in Arvinn's post - just a suggestion to look at another product. Looking at Arvinn's name (Arvinn Løkkebakken), and a quick glance at the domain name (sandakerveien.net), English is likely not Arvinn's first language. Before telling him to spell in your native tongue, you may want to try spelling in his native tongue. I dont want to spell in any other tongue than my own. I live in the US and I speak English. We're all posting to an english mailing list. I take offense when people say things like "qmail is dead". Especially as a response to someone that was kindly asking if anyone knew of a forum for qmail. The OP wasnt asking for opinions on what software to use. It was clearly a troll which is why i reacted the way i did. Oh, and btw, you're still using the old SA incubator list address. -Jim
Habeas?
Hi, What happened to Habeas support in SA? More than a year ago there was a discussion about using habeas. There were patchs in there site (gone/broken link) and it would be incorporated into SA 3.0.x. Now we have SA 3.1 and no sign of habeas support. Is it gone for good? Raul Dias
Re: [OTAnn] Feedback
Matt Kettler wrote: shenanigans wrote: I was interested in getting feedback from current mail group users. We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband. Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast video and social networking such as favorite authors and an html editor. It?s free to join and any feedback would be appreciated. Oh, joy.. just what the world needs.. YAFWATSNRP. (Yet Another -- Web Applet That Serves No Real Purpose.) Actually, it's even better. It's a full fledged java app that requires full system privs to run' Of course I'll download and launch your trusted application, mr 'shenanigans', why not?! signature.asc Description: OpenPGP digital signature
Re: [OTAnn] Feedback
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: > shenanigans wrote: > > I was interested in getting feedback from current mail group users. > > > > We have mirrored your mail list in a new application that provides a > > more aggregated and safe environment which utilizes the power of broadband. > > > > Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version > > adds broadcast video and social networking such as favorite authors and > > an html editor. > > > > It?s free to join and any feedback would be appreciated. > > Oh, joy.. just what the world needs.. YAFWATSNRP. (Yet Another -- Web > Applet > That Serves No Real Purpose.) > > Mailing list archives of sa-users with broadcast video... brilliant. > > I'll give em that the do have a lot of cheek though, spamming an open-source > anti-spam software mailing list with commercial service advertisements. It was > good for a laugh. Yeah, it's 100% spam. At least it's a little more comprehensible than the last copy I saw, which billed itself as "a web2.01/RiA poster child", whatever that meant. http://groups.google.com/group/perl.daily-build.reports/browse_thread/thread/3c8f0a22b749852b/234e6efd14a83557#234e6efd14a83557 - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDcOhTMJF5cimLx9ARAvtmAJ9BRtQlCy4vEQqRQsyMRzQKjM42IgCeOx+U nIOivCUGovPlLwSuJONPiJU= =yImy -END PGP SIGNATURE-
RE: HUGE bayes DB (non-sitewide) advice?
I'd also through www.linux-ha.org into the mix. We use that to manage the cluster for the SA database and use DRBD for the filesystem. We also use the same concept backend email stores as well. It's more open source to complement this open source. -Original Message- From: Michael Monnerie [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 9:48 AM To: users@spamassassin.apache.org Subject: Re: HUGE bayes DB (non-sitewide) advice? On Dienstag, 8. November 2005 03:38 email builder wrote: > In-memory storage: > All data stored in each data node is kept in memory on the node's > host computer. For each data node in the cluster, you must have > available an amount of RAM equal to the size of the database times > the number of replicas, This refers to the first line: "In-memory storage". Of course you can't do that with 160GB DBs. You can still cluster - look at DRBD http://www.drbd.org/ mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import" // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879
RE: Qmail question..
Thanks for the tips! I had no intention of starting any type of debate.. Was simply looking for help. I'm a Microsoft guy who uses Linux as a tool, a tool that frustrates me to no end, yet I won't stoop to calling it names or comparing this vs. that.. Each has their place, and neither is perfect... And I use both! I am just not as literate in Linux as I'd like to be and/or should be.. But find me some time and I could remedy that! Now back to my IIS Server SSL issues (Hey, I just work here..).. Thanks again for the tips! And advice was duly noted.. -Original Message- From: Arvinn Løkkebakken [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 9:34 AM To: users@spamassassin.apache.org Subject: Re: Qmail question.. Robert Leonard wrote: >Can anybody point me to a good forum for Qmail? I'm a newb and a >windows guy so this is quite the daunting thing! What I want to figure >out is how to get qmail w/ tcpserver to allow incoming smtp connections >from only SPECIFIC IP's.. I'm getting flooded by mail coming from >places I shouldn't be getting mail from! > >Thanks in advance! > > > Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn
Re: Qmail question..
At 09:39 AM 11/8/2005, you wrote: Thank you for your opinion. Consider learning to spell. There was, IMHO, nothing rude in Arvinn's post - just a suggestion to look at another product. Looking at Arvinn's name (Arvinn Løkkebakken), and a quick glance at the domain name (sandakerveien.net), English is likely not Arvinn's first language. Before telling him to spell in your native tongue, you may want to try spelling in his native tongue.
Re: Qmail question..
Rick Macdougall wrote: Arvinn Løkkebakken wrote: Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn Ha, great troll! I'm sorry if that's is how you read my posting, Didn't mean to be one. It would be nice to see a 2.0, but afaik that will never happen. Arvinn
Re: HUGE bayes DB (non-sitewide) advice?
On Dienstag, 8. November 2005 03:38 email builder wrote: > In-memory storage: > All data stored in each data node is kept in memory on the node's > host computer. For each data node in the cluster, you must have > available an amount of RAM equal to the size of the database times > the number of replicas, This refers to the first line: "In-memory storage". Of course you can't do that with 160GB DBs. You can still cluster - look at DRBD http://www.drbd.org/ mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import" // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpQLe7GFJO3j.pgp Description: PGP signature
Re: Qmail question..
Arvinn Løkkebakken wrote: Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn I currently run a cluster of qmail machines and find it reliable, the user base active, the tools up to date. I've run Sendmail, Exim, Postfix as well. All have their place. qmail works quite well with spamc and there are several ways to use the two together. I would argue there are more ways to combine spamc and qmail than any other mailserver. Choose the best tool for the job. DAve
Re: HUGE bayes DB (non-sitewide) advice?
On Dienstag, 8. November 2005 03:50 email builder wrote: > From what I understand, MySQL cluster design is such that the data > nodes keep all the table data in memory, which would not be feasible > in a 160GB scenario... No. Cluster means: Take two machines of same config, and mirror them. It's kind of RAID-1 just for a whole server. DRBD is one tool for this. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: "lynx -source http://zmi.at/zmi2.asc | gpg --import" // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpAF7eTQo3Rp.pgp Description: PGP signature
Re: Qmail question..
Arvinn Løkkebakken wrote: Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn Ha, great troll!
Re: Qmail question..
Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Please this isn't the list for yet another qmail vs postfix flame war. I've seen to many. For a good place with a lot of usefull support look at the qmail mailinglist qmail@list.cr.yp.to see also http://qmail.org/top.html and for the latest version http://qmail.org/netqmail-1.05.tar.gz 192.168.1.:deny 192.168.2.1:deny will kill all traffic from 192.168.1.0/24 and 192.168.2.1/32 For the qmail mailinglist don't use qmailrocks but lifewithqmail.org qmailrocks will give you a qmail install with a lot of stuff you don't need like so many other mailserver software. With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT
Re: Qmail question..
Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! "Life with qmail" is your friend. Hint, use the below links or done your asbestoes undies. The qmail list is helpful to an extreme, if you are pulling your weight. They have zero tolerance for admins who expect people to just "give me the answer". Likely the answer you need is in the below link. http://www.lifewithqmail.org/ If you must ask for help, read the link below FIRST! http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html DAve
Re: Qmail question..
Arvinn Løkkebakken wrote: Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn Thank you for your opinion. Consider learning to spell. -Jim
Re: Qmail question..
Robert Leonard wrote: Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! Qmail is dead. Concider something that is still getting developed. My preference is Postfix. Arvinn
Re: spamd error
On Tue, Nov 08, 2005 at 12:21:57PM -0500, Ryan O'Neil wrote: > What's the plugin for and how would I fix it? It'd be the Mail::SpamAssassin::Plugin::SPF plugin, you could comment it out of the init.pre file and restart spamd. -- Randomly Generated Tagline: "I'm at the age where food has taken the place of sex in my life. In fact, I've just had a mirror placed over my kitchen table." - Rodney Dangerfield pgpzcl3bc1eZd.pgp Description: PGP signature
RE: Qmail question..
http://www.qmailrocks.org/ -Original Message- From: Robert Leonard [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 12:28 PM To: users@spamassassin.apache.org Subject: Qmail question.. Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance! -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005
Qmail question..
Can anybody point me to a good forum for Qmail? I'm a newb and a windows guy so this is quite the daunting thing! What I want to figure out is how to get qmail w/ tcpserver to allow incoming smtp connections from only SPECIFIC IP's.. I'm getting flooded by mail coming from places I shouldn't be getting mail from! Thanks in advance!
RE: spamd error
What's the plugin for and how would I fix it? -Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 08, 2005 12:18 PM To: users@spamassassin.apache.org Subject: Re: spamd error On Tue, Nov 08, 2005 at 12:09:01PM -0500, Ryan O'Neil wrote: > I upgraded my net::dns the other day and restarted spamd after adding some > new rules today and I’m getting this message in my logs. > > I’m guessing it’s a perl error? It means you don't have Mail::SPF::Query installed. Disable the plugin if you don't want to use it. > Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi [...] -- Randomly Generated Tagline: Chickens are how eggs make more eggs. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005
Re: spamd error
On Tue, Nov 08, 2005 at 12:09:01PM -0500, Ryan O'Neil wrote: > I upgraded my net::dns the other day and restarted spamd after adding some > new rules today and I’m getting this message in my logs. > > I’m guessing it’s a perl error? It means you don't have Mail::SPF::Query installed. Disable the plugin if you don't want to use it. > Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib > /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi [...] -- Randomly Generated Tagline: Chickens are how eggs make more eggs. pgpgXnfxbeB5i.pgp Description: PGP signature
spamd error
I upgraded my net::dns the other day and restarted spamd after adding some new rules today and I’m getting this message in my logs. I’m guessing it’s a perl error? Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/SPF.pm line 272, line 108. Nov 8 12:08:12 mail spamd[19775]: Can't locate Mail/SPF/Query.pm in @INC (@INC contains: ../lib /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/5.8.3/i386-linux-thread-multi /usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at /usr/lib/perl5/site_perl/5.8.3/Mail/SpamAssassin/Plugin/SPF.pm line 272, line 108. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/162 - Release Date: 11/5/2005
Re: [OTAnn] Feedback
shenanigans wrote: > I was interested in getting feedback from current mail group users. > > We have mirrored your mail list in a new application that provides a > more aggregated and safe environment which utilizes the power of broadband. > > Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version > adds broadcast video and social networking such as favorite authors and > an html editor. > > It?s free to join and any feedback would be appreciated. Oh, joy.. just what the world needs.. YAFWATSNRP. (Yet Another -- Web Applet That Serves No Real Purpose.) Mailing list archives of sa-users with broadcast video... brilliant. I'll give em that the do have a lot of cheek though, spamming an open-source anti-spam software mailing list with commercial service advertisements. It was good for a laugh.
RE: [OTAnn] Feedback
Duncan Hill wrote: > On Tuesday 08 Nov 2005 16:38, shenanigans wrote: >> I was interested in getting feedback from current mail group users. >> >> We have mirrored your mail list in a new application that provides a >> more aggregated and safe environment which utilizes the power of >> broadband. >> >> Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version >> adds broadcast video and social networking such as favorite authors >> and an html editor. > > This mail has hit several lists I'm on. The full-disclosure list had > a bit of a field day with the concept of a java app required to see > the content - considering the security problems that might imply. > > And I have to wonder what the 'power of broadband' has to do with > mailing lists... The better to serve ads with, my dear: "*Your* clubs, no sign up to read, ad supported; try broadband internet. ~~1131467917258~~" Guaranteeing a "safe environment", presumably free from spam, is ironic when posted to an anti-spam list. Any reason why this is *not* spam? -Don
Re: [OTAnn] Feedback
On Tuesday 08 Nov 2005 16:38, shenanigans wrote: > I was interested in getting feedback from current mail group users. > > We have mirrored your mail list in a new application that provides a more > aggregated and safe environment which utilizes the power of broadband. > > Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds > broadcast video and social networking such as favorite authors and an html > editor. This mail has hit several lists I'm on. The full-disclosure list had a bit of a field day with the concept of a java app required to see the content - considering the security problems that might imply. And I have to wonder what the 'power of broadband' has to do with mailing lists...
[OTAnn] Feedback
I was interested in getting feedback from current mail group users.We have mirrored your mail list in a new application that provides a more aggregated and safe environment which utilizes the power of broadband.Roomity.com v 1.5 is a web 2.01 community webapp. Our newest version adds broadcast video and social networking such as favorite authors and an html editor.It?s free to join and any feedback would be appreciated.S.Broadband interface (RIA) + mail box saftey = Spam_Assassin_Users_List.roomity.com*Your* clubs, no sign up to read, ad supported; try broadband internet. ~~1131467917258~~
RE: SA 3.1 reports in german
> > is there a parameter I have to use when starting "spamd -du user" ? > > > > I've searched Dr Google, the SA docs as well as the SA FAQ. > > > > There is no switch, you need to set the systems LANG > environment variable to change the language of the reports. thanx a lot. That works now. Philipp
Re: SA 3.1 reports in german
Philipp Snizek wrote: > Hi > > > I would like to have SA generate German reports, not English reports. > > Whatever I do either I'm getting no report (report template not found > - although in /etc/mail/spamassassin/10_misc.cf the report template is > defined with "lang de report blablabla") or there's an English report > in the email. > > is there a parameter I have to use when starting "spamd -du user" ? > > I've searched Dr Google, the SA docs as well as the SA FAQ. > There is no switch, you need to set the systems LANG environment variable to change the language of the reports.
Question about Ident
Hi all, i use Spamassassin with ProxSmtp and P3Scan. It works perfectly but i search more information about the --auth-ident option. I'am not sure but i think it won't work here since there is ProxSmtp and P3Scan, am i right? No, i would like to change spamassassin options according to the username, is there a solution for my problem? I think i should use Identd on the client computers, no? Or is it possible to do that kind of things with an ICAP server ? Thanks a lot for your help and sorry for my english. Best regards. lm.
SA 3.1 reports in german
Hi I would like to have SA generate German reports, not English reports. Whatever I do either I'm getting no report (report template not found - although in /etc/mail/spamassassin/10_misc.cf the report template is defined with "lang de report blablabla") or there's an English report in the email. is there a parameter I have to use when starting "spamd -du user" ? I've searched Dr Google, the SA docs as well as the SA FAQ. Please help Thanks Philipp
RE: More spam getting through
Pierre Thomson wrote: > Bowie Bailey wrote: >> >> Some of the medication spams are using an obnoxious html table >> structure that makes the contents of each cell print vertically. >> >> For example: >> >> >> a d g >> b e h >> c f i >> >> <\tr> >> >> >> This results in: >> a b c >> d e f >> g h i >> >> Has anyone else been having this problem? Any rules to catch >> medication names in those types of tables? >> > > Here's a simple rule I wrote a couple days ago: > > body PT_DRUG1 /([CVAXP] ){5}/ > describe PT_DRUG1 Drug names in table of 1-letter columns > score PT_DRUG1 3.0 > > It works for me, no FP's yet that I am aware of. There are also > variants for 2-letter and 3-letter bits of the same drug names. > If anyone can formulate a regex to catch these letters in any order, while avoiding a repeating sequence like "A A A A A ", it would make this a safer rule. Pierre
RE: More spam getting through
Bowie Bailey wrote: > > Some of the medication spams are using an obnoxious html table > structure that makes the contents of each cell print vertically. > > For example: > > > a d g > b e h > c f i > > <\tr> > > > This results in: > a b c > d e f > g h i > > Has anyone else been having this problem? Any rules to catch > medication names in those types of tables? > Here's a simple rule I wrote a couple days ago: body PT_DRUG1 /([CVAXP] ){5}/ describe PT_DRUG1 Drug names in table of 1-letter columns score PT_DRUG1 3.0 It works for me, no FP's yet that I am aware of. There are also variants for 2-letter and 3-letter bits of the same drug names. Good luck Pierre Thomson BIC
More spam getting through
I'm running SA 3.1 and I have started to notice more spam come through recently. Some are porn and some are medication. They don't hit much of anything beyond Razor2 and Chickenpox, which isn't enough to mark them as spam. Some of the medication spams are using an obnoxious html table structure that makes the contents of each cell print vertically. For example: a d g b e h c f i <\tr> This results in: a b c d e f g h i Has anyone else been having this problem? Any rules to catch medication names in those types of tables? Bowie
Spamassassin timeout
Dear List, From time to time we have the problem that spamassasin is timingout. This only happens when we recieve alot of mail at once. Is there anything to do against it ? I'm running Postfix+cyrus+spamassasin+clamv+amavisd I hope someone can help me Nov 8 10:18:43 mail.premiumxs.nl /usr/local/sbin/amavisd[3295]: (03295-14) SA TIMED OUT, backtrace: at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/DBBasedAddrList.pm line 109\n\teval {...} called at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/DBBasedAddrList.pm line 109\n\tMail::SpamAssassin::DBBasedAddrList::finish('Mail::SpamAssassin::DBBasedAddrList=HASH(0xa389c6c)') called at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/AutoWhitel ist.pm line 217\n\tMail::SpamAssassin::AutoWhitelist::finish('Mail::SpamAssassin::AutoWhitelist=HASH(0xa67d7ac)') called at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/EvalTests.pm line 931\n\teval {...} called at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/EvalTests.pm line 898\n\tMail::Spa mAssassin::PerMsgStatus::check_from_in_auto_whitelist('Mail::SpamAssassin::PerMsgStatus=HASH(0xa3ef970)') called at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line 2340\n\t... -- With kind regards, Richard Pijnenburg
Re: child processing timeout
Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronan writes: getting quite a few of the following in the logs which are letting messages through unscanned. running a dedicated server serving 3 mtas. SA 3.1 MTA exim 4.54 Nov 3 03:05:44 dung spamd[11633]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 29131 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 461. Nov 3 03:05:53 dung spamd[12035]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 65351 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 707. Nov 3 03:05:54 dung spamd[12042]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25206 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 295. Nov 3 03:06:02 dung spamd[12046]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 29131 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 461. Nov 3 03:06:07 dung spamd[12044]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25295 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 294. Nov 3 03:06:08 dung spamd[12046]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25401 bytes, got 1 7520 bytes) at /usr/bin/spamd line 1671, line 258. These are totally new ;) If you can track down a message that causes this, a bug report would be welcome. - --j. Are you looking for an example message or just headers or what? If you let me know ill have a hoke around and get one for ya! Ronan Nov 3 03:21:28 dung spamd[12035]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:28 dung spamd[12042]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:51 dung spamd[11946]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:51 dung spamd[12039]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:22:02 dung spamd[12046]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:22:02 dung spamd[12043]: bayes: child processing timeout at /usr/bin/spamd line 1085. Anyone have this or care to guess what it could be? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDakuoMJF5cimLx9ARAibpAJ9C7DHffUAMbyj5uhIgvWt6Ve+ehQCfVlIC mnYzNPMm1ENT1DoevQpa1kI= =z5u4 -END PGP SIGNATURE-