Mail Classification
Hi, Some Anti Spam Engines classify mails as : Clean, Spam or Bulk What is this Bulk classification ? With SpamAssassin, i observed that only Spam or Clean classification are possible. Does not it classify the mail as Bulk ? Can anyone please clarify my doubts regards, Srilatha
Re: Mail Classification
Srilatha wrote: Hi, Some Anti Spam Engines classify mails as : Clean, Spam or Bulk What is this Bulk classification ? Difficult to guess without knowing which products you are referring to. With SpamAssassin, i observed that only Spam or Clean classification are possible. Does not it classify the mail as Bulk ? No. /Per Jessen, Zürich
Re: Mail Classification
Hi, For example, Commtouch AS engine classifies mails as Clean, Spam or Bulk. Some times i get unsolicited mails with subject decorated with [B-BULK] what is bulk classification ? Does SA too support this ? regards, Srilatha At 12:22 PM 9/21/2007, Per Jessen wrote: Srilatha wrote: Hi, Some Anti Spam Engines classify mails as : Clean, Spam or Bulk What is this Bulk classification ? Difficult to guess without knowing which products you are referring to. With SpamAssassin, i observed that only Spam or Clean classification are possible. Does not it classify the mail as Bulk ? No. /Per Jessen, Zürich This email message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential, proprietary and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please immediately notify the sender by reply email and destroy all copies of the original message. Thank you. Intoto Inc.
Delays in message processing
Hi list- We have been facing with delays in message processing for a couple of days already. It usually takes 7-12 seconds to check the message but now it takes ~30 seconds with some spam messages passing through (scored as SA:0(?/?) which means some checks were timed out). SA 3.2.3, called by qmail-scanner-st-2.01st [20070204], is running on FreeBSD 6.2-STABLE. Here is my local.cf: required_hits 5.5 skip_rbl_checks 0 dns_available yes add_header all DCC _DCCB_ _DCCR_ Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ trusted_networks 192.168.0. lock_method flock use_bayes 1 bayes_path /var/spool/spamd/.spamassassin/bayes bayes_file_mode 0666 bayes_min_ham_num 150 bayes_min_spam_num 150 bayes_auto_expire 0 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 1.1 bayes_auto_learn_threshold_spam 8.2 use_auto_whitelist 0 auto_whitelist_path /var/spool/spamd/.spamassassin/whitelist auto_whitelist_file_mode 0666 use_dcc 1 dcc_path /usr/local/bin/dccproc dcc_home /usr/local/dcc dcc_options -x 0 dcc_timeout 10 use_pyzor 1 pyzor_timeout 60 pyzor_options --homedir /usr/local/etc/mail/spamassassin use_razor2 1 razor_timeout 60 razor_config /usr/local/etc/mail/spamassassin/.razor/razor-agent.conf I also use rblsmtpd running checks on sbl-xbl.spamhaus.org, bl.spamcop.net, dul.dnsbl.sorbs.net and t1.dnsbl.net.au. The delay is around 30 seconds for *some* messages. I can't figure out what is causing it. I've faced with such delayed messages before but it was 1-2 message per month and spam only. Now it's quite a lot during a day for any messages. At the same time, there are messages being processed fast enough. I tried to disable razor/pyzor/dcc and turn off RBLs - it had no effect. I suspect some DNS checks are timing out but can't find which one. We have plenty of bandwidth available, and as far as I can see no problems with DNS. No errors reported by spamassassin -D --lint. The only error(?) I see comes from dnscache: @400046f24dfe37181e4c servfail 33.20.65.165.combined-hib.dnsiplists.completewhois.com. input/output error @400046f24dfe3719b874 servfail 45.35.65.165.combined-hib.dnsiplists.completewhois.com. input/output error but I'm not quite sure where this check comes from? Anyone with the similar symptoms? Any advise would be greatly appreciated. Thank you.
Re: Mail Classification
On 21.09.07 14:51, Srilatha wrote: For example, Commtouch AS engine classifies mails as Clean, Spam or Bulk. Some times i get unsolicited mails with subject decorated with [B-BULK] what is bulk classification ? probbaly mass message which is not spam. search in Commtouch AS docs. Does SA too support this ? No. SA only detects (more or less successfully) if the message is spam or not. I really wonder what was on Per Jessen's message hard to understand? Srilatha wrote: Some Anti Spam Engines classify mails as : Clean, Spam or Bulk What is this Bulk classification ? At 12:22 PM 9/21/2007, Per Jessen wrote: Difficult to guess without knowing which products you are referring to. With SpamAssassin, i observed that only Spam or Clean classification are possible. Does not it classify the mail as Bulk ? No. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete
RE: Delays in message processing
Do an sa-update without delay. The rulesets were updated yesterday and the completewhois rules removed. They were causing DNS timeouts. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK -Original Message- From: Roman Serbski [mailto:[EMAIL PROTECTED] Sent: 21 September 2007 10:42 To: users@spamassassin.apache.org Subject: Delays in message processing Hi list- We have been facing with delays in message processing for a couple of days already. It usually takes 7-12 seconds to check the message but now it takes ~30 seconds with some spam messages passing through (scored as SA:0(?/?) which means some checks were timed out). SA 3.2.3, called by qmail-scanner-st-2.01st [20070204], is running on FreeBSD 6.2-STABLE. Here is my local.cf: required_hits 5.5 skip_rbl_checks 0 dns_available yes add_header all DCC _DCCB_ _DCCR_ Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ trusted_networks 192.168.0. lock_method flock use_bayes 1 bayes_path /var/spool/spamd/.spamassassin/bayes bayes_file_mode 0666 bayes_min_ham_num 150 bayes_min_spam_num 150 bayes_auto_expire 0 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 1.1 bayes_auto_learn_threshold_spam 8.2 use_auto_whitelist 0 auto_whitelist_path /var/spool/spamd/.spamassassin/whitelist auto_whitelist_file_mode 0666 use_dcc 1 dcc_path /usr/local/bin/dccproc dcc_home /usr/local/dcc dcc_options -x 0 dcc_timeout 10 use_pyzor 1 pyzor_timeout 60 pyzor_options --homedir /usr/local/etc/mail/spamassassin use_razor2 1 razor_timeout 60 razor_config /usr/local/etc/mail/spamassassin/.razor/razor-agent.conf I also use rblsmtpd running checks on sbl-xbl.spamhaus.org, bl.spamcop.net, dul.dnsbl.sorbs.net and t1.dnsbl.net.au. The delay is around 30 seconds for *some* messages. I can't figure out what is causing it. I've faced with such delayed messages before but it was 1-2 message per month and spam only. Now it's quite a lot during a day for any messages. At the same time, there are messages being processed fast enough. I tried to disable razor/pyzor/dcc and turn off RBLs - it had no effect. I suspect some DNS checks are timing out but can't find which one. We have plenty of bandwidth available, and as far as I can see no problems with DNS. No errors reported by spamassassin -D --lint. The only error(?) I see comes from dnscache: @400046f24dfe37181e4c servfail 33.20.65.165.combined-hib.dnsiplists.completewhois.com. input/output error @400046f24dfe3719b874 servfail 45.35.65.165.combined-hib.dnsiplists.completewhois.com. input/output error but I'm not quite sure where this check comes from? Anyone with the similar symptoms? Any advise would be greatly appreciated. Thank you.
Re: Objective site to run spamcheck against?
Tuc at T-B-O-H.NET wrote: That Robtex is pretty nice. Saw other info that was interesting.. ANYWAY, it doesn't look like my server is in the lists, BUT..The IP I send from (RR.COM) is blacklisted here : If your mail-server is correctly set up, your IP should map to the name of your mail-server, not to your providers name (of the line). /Per Jessen, Zürich
SpamAssassin 3.1.9 not catching any emails
Hi all, As part of an ³Ensim² (Linux control panel) installation, I¹m running the Ensim-provided install of SpamAssassin 3.1.9. Unfortunately, I¹m finding that no emails are being caught as spam. Whilst I¹m sure that Ensim is doing some non-standard stufff around SpamAssassin, I¹m wondering if anyone can help me (as a relative newbie to SpamAssassin) to debug what may be causing the problem. I'm pretty sure that SpamAssassin is set up correctly. However, every single spam message seems to be getting through (assuming it is even being checked). All emails have a header of X-Spam-Status: No, No - which I assume means that SpamAssassin is checking the messages, and passing them all regardless of their spam-ness? I really don't know where to start in debugging this. spamd is definitely running. I've run sa-update. I've sent myself an email with the GTUBE string in it, as described in http://wiki.apache.org/spamassassin/TestingInstallation , and it also came through with the same header as above. I have Enable tests that connect to remote servers enabled in Ensim's Spam Filter Configuration settings, but disabling it doesn't seem to make a difference. Can anyone suggest some things I could investigate to find out where the problem may lie? Many thanks in advance, - maurj.
config: failed to parse line
Occasionally I am seeing the following log lines, they don't seem to be fatal, but I'd like to know what they are so I can decide if I need to fix something: Sep 21 07:24:07 spamd2 spamd[7749]: config: failed to parse line, skipping, in (no file): x-train Sep 21 07:24:07 spamd2 spamd[7749]: config: failed to parse line, skipping, in (no file): x-days 7 I can't find these config variables set in /etc/spamassassin/* This line also come along at the same time: Sep 21 07:24:07 spamd2 spamd[7749]: config: SpamAssassin failed to parse line, no value provided for use_bayes, skipping: use_bayes An odd line because my bayes is working, autolearning and classifying fine and my 'use_bayes' line has a '1' after it: local.cf:use_bayes 1 local.cf:bayes_auto_learn 1 local.cf:bayes_ignore_header Message-Id local.cf:bayes_ignore_header Delivered-To local.cf:bayes_ignore_header User-Agent local.cf:bayes_ignore_header In-Reply-To local.cf:bayes_ignore_header ReSent-Date local.cf:bayes_ignore_header ReSent-From local.cf:bayes_ignore_header ReSent-Message-ID local.cf:bayes_ignore_header ReSent-Subject local.cf:bayes_ignore_header ReSent-To local.cf:bayes_ignore_header Resent-Date local.cf:bayes_ignore_header Resent-From local.cf:bayes_ignore_header Resent-Message-ID local.cf:bayes_ignore_header Resent-Subject local.cf:bayes_ignore_header Resent-To local.cf:bayes_ignore_header X-Bogosity local.cf:bayes_ignore_header X-CRM114 local.cf:bayes_ignore_header X-Enigmail-Version local.cf:bayes_ignore_header X-Mailer local.cf:bayes_ignore_header X-MailScanner local.cf:bayes_ignore_header X-MailScanner-Information local.cf:bayes_ignore_header X-MailScanner-SpamCheck local.cf:bayes_ignore_header X-Mozilla-Status local.cf:bayes_ignore_header X-Mozilla-Status2 local.cf:bayes_ignore_header X-no-archive local.cf:bayes_ignore_header X-Original-To local.cf:bayes_ignore_header X-PerlMX-Spam local.cf:bayes_ignore_header X-Received-From-IP local.cf:bayes_ignore_header X-Sanitizer local.cf:bayes_ignore_header X-SA-Exim local.cf:bayes_ignore_header X-Scanned-By local.cf:bayes_ignore_header X-Sender local.cf:bayes_ignore_header X-Sequence local.cf:bayes_ignore_header X-Spam-Flags local.cf:bayes_ignore_header X-Spam-Level local.cf:bayes_ignore_header X-Spam-Score local.cf:bayes_ignore_header X-Spam-Status local.cf:bayes_ignore_header X-s.logic-spamassas-bar local.cf:bayes_ignore_header X-s.logic-spamassas local.cf:bayes_ignore_header X-Virus-Scanned local.cf:bayes_ignore_header X-Virus-Status local.cf:bayes_ignore_header X-Warning local.cf:bayes_store_module Mail::SpamAssassin::BayesStore::MySQL local.cf:bayes_sql_dsn DBI:mysql:bayes:dbw-pn local.cf:bayes_sql_username spamass local.cf:bayes_sql_password assmanspam local.cf:bayes_sql_override_username @GLOBAL local.cf:bayes_expiry_max_db_size 100 local.cf:bayes_learn_to_journal0 Thanks, micah
New distribution rule not working ?
Hi, In a spammail I found this rule : RCVD_IN_DNSWL_MED=-4 But it is a spammail. I have never seen this rule before. Looks like a DNS Whitelist ? Greetings... Richard Smits
Re: New distribution rule not working ?
2007/9/21, Richard Smits [EMAIL PROTECTED]: Hi, In a spammail I found this rule : RCVD_IN_DNSWL_MED=-4 The DNSWL check went stock over sa-update some time ago. However, it might happen that some spam could get passed through a server with a good reputation (or a medium one, lithe the header says). IMHO, you should report this message to the admin of that server, to alert him about the event. More info on this subject: http://www.dnswl.org Regards, Luis But it is a spammail. I have never seen this rule before. Looks like a DNS Whitelist ? Greetings... Richard Smits -- - GNU-GPL: May The Source Be With You... Linux Registered User #448382. When I grow up, I wanna be like Theo... -
Re: Mail Classification
Srilatha wrote: Some Anti Spam Engines classify mails as : Clean, Spam or Bulk What is this Bulk classification ? In theory, bulk could refer to anything that's sent out to large numbers of people, or automatically generated without human intervention. That would include newsletters, mailing lists, alerts, auto-responses, and so on. (Spam would also fit that definition, but since there's a separate spam category, it's probably safe to assume that it's bulk messages that aren't spam.) Or bulk could simply mean that the software can identify the message as a mass-mailing, but can't decide whether it's solicited or not. Or it could mean that it found a Precedence: bulk header in the message. I can't say what it means in any specific program, but if I were to set up a clean/spam/bulk classification scheme, I'd probably define them this way: Clean: not spam, person-to-person Spam: spam Bulk: not spam, large volume or automatically generated In any case, SpamAssassin only makes a binary distinction: spam or not spam. Depending on the program you use to call it, you can take the detailed results (which rules fired, what the final score is, etc.) and make further classifications. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: SpamAssassin 3.1.9 not catching any emails
Dave Addey wrote: Hi all, As part of an “Ensim” (Linux control panel) installation, I’m running the Ensim-provided install of SpamAssassin 3.1.9. Unfortunately, I’m finding that no emails are being caught as spam. Whilst I’m sure that Ensim is doing some non-standard stufff around SpamAssassin, I’m wondering if anyone can help me (as a relative newbie to SpamAssassin) to debug what may be causing the problem. I'm pretty sure that SpamAssassin is set up correctly. However, every single spam message seems to be getting through (assuming it is even being checked). All emails have a header of X-Spam-Status: No, No - which I assume means that SpamAssassin is checking the messages, and passing them all regardless of their spam-ness? I really don't know where to start in debugging this. spamd is definitely running. I've run sa-update. I've sent myself an email with the GTUBE string in it, as described in http://wiki.apache.org/spamassassin/TestingInstallation , and it also came through with the same header as above. I have Enable tests that connect to remote servers enabled in Ensim's Spam Filter Configuration settings, but disabling it doesn't seem to make a difference. Can anyone suggest some things I could investigate to find out where the problem may lie? Many thanks in advance, - maurj. First thing you need to know about running Ensim, is not to run Ensim. I had nothing but problems on the ensim server that I had. I thought it was going to be the low cost answer to my problems and it just was a high cost problem. Their support was horrid also. Do you have access to logs to see if the mail is actually being scanned? It doesn't sound like it at all. Is this your box or someone else's?
R: Non-DNS async support
-Messaggio originale-
Da: Mark Martinec [mailto:[EMAIL PROTECTED]
Giampaolo,
Well, I have 3.2.1 and the excerpt from AsyncLoop.pm was from there.
But anyway, how is supposed to be set the timeout value of a non-DNS
query?
The current code in trunk is able to specify and honour individual
timeouts for each async request - and it defaults to rbl_timeout
if not specified otherwise. See sub AsyncLoop::start_lookup()
and $ent-{timeout} attribute in an object passed to it.
Maybe my code stops due to a timeout: messages are non that clear...
See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5589
The current code in trunk deals with timeouts more accurately.
The patch in Bug 5589 can be applied to 3.2.3, if one wants
to avoid running the bleeding edge trunk code.
It may even be a timeout, then. It seems to me there is no way to set
a
lookup timeout in start_lookup() in AsyncLoop.pm. Right?
True in 3.2.3, not true in (3.3.0)SVN.
By the way, it may be that the Async code is undergoing many changes.
Is there any SA version in which it could be regarded as stable?
For doing new development it is best to start with the current code in
trunk, otherwise one could be solving problems which are already
solved.
Of course running the leading edge code bears its risks and offers no
guarantees (but there are no real guarantees for 3.2.3 either,
right?!),
so one should be prepared to peek into code and solve some glitch if
need arises - and subscribing to a 'dev' mailing list is advised.
Nevertheless, some people do run the trunk code in their test or even
in production environment. Generally the trunk code is supposed to
always be runnable on a mainstream environment - e.g. Perl 5.8.8 on
Unix,
with recent versions of external Perl modules. If running older Perl
or being on Windows, chances are much higher that some feature is
not yet thouroughly tested. Mishaps do happen on occasion, but are
usually sorted in a day or two, and reverting to a revision before
a breakage is always a quick-fix workaround. The decision mostly
depend on your willingness to get hands dirty on occasion, benefits
are that there is a quickest response to problems, old and new.
In my experience the current trunk is well behaved and quite stable
as it stands at the moment, and is still compatible with 3.2.3,
so one can revert to 3.2.3 in an emergency.
Mark,
thank you for your precious hints: I found SA 3.2.3 to fix the matter.
As you told me, however, I can't still specify a timeout in start_lookup().
Anyway, this isn't very important, because it seems to me that 3.2.3 raises
the default to 6 seconds, which is pretty fine.
I'll stick to 3.2.3 since I'm going to put this plugin into a production
server and of course I would prefer not to tie it to trunk code.
If I correctly understand you reply, the Async API didn't change too much in
the trunk (apart for the timeout enhancement), thereby I'm going to expect
this plugin to work against trunk too. If this will not be the case, I'll
adjust to the future needs when they'll get out...
Thank you again,
Giampaolo
Mark
Re: Problem logging from SA when running Amavisd
When SpamAssassin is invoked by amavisd, the SA debug log goes to STDERR. There is currently no configurable way to let amavisd hook into SA logging and capture its output, although it is doable and on a TODO list. For the moment you can redirect STDERR to a file and let it running for a while for diagnostic purposes, e.g.: Mark What I was hoping to do was write stuff to the log file for a week or two using the info() method. Then I could grep out my lines, get the data analyzed, and then finish the plugin. (I'm not the PhD in this operation I'm just an undergraduate.) I am a fairly experienced programmer but I have not used object oriented Perl before. Thankfully it doesn't seem that different from other OO languages. Anyway I don't mind hacking up a temporary version of Amavisd if you could tell me how to get SA to quit logging to STDERR. Jeff Moss
Re: Parsing Received Headers
Bret,
Bret Miller wrote:
Or perhaps I should just open a bug ticket to fix SA's not understanding
problem...
(Also posted to CGP mailing list)
If you are receiving false-positives with CGP and the SpamAssassin 3.2.x
RDNS_NONE test ...
If SpamAssassin 3.1.x cannot identify RDNS data in a Received: from header
(due to formatting or omission) it would perform a RDNS lookup itself. That
functionality has been removed from SpamAssassin 3.2.x as per:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5054
The author comments: we can move that lookup out to the eval test that uses
it, pretty easily, but the RDNS_NONE test (among others) in 20_dynrdns.cf
(among others) continues to just parse the X-Spam-Relays-Untrusted header
set in SpamAssassin/Message/Metadata/Received.pm. You can re-enable that
feature using the following patch.
80,83d79
# TJK Restore SA RDNS Resolution for CGP.
$self-{permsgstatus} = $permsgstatus;
$self-{is_dns_available} = $self-{permsgstatus}-is_dns_available();
1249,1258c1245
# TJK Restore SA RDNS Resolution for CGP.
if ($self-{is_dns_available}) {
$rdns = $self-{permsgstatus}-lookup_ptr($ip);
if (! $rdns) {
$rdns eq '';
$relay-{rdns_not_in_headers} = 1
}
} else {
$relay-{rdns_not_in_headers} = 1;
}
---
$relay-{rdns_not_in_headers} = 1;
Note that the verified flag that CGP sets in the Received: from header
denotes the status of the HELO command, not the RDNS of the connecting host.
---
Example:
Single sending host with an IP address of 123.456.789.200.
DNS:
name-x.source.com A 123.456.789.100
name-y.source.com A 123.456.789.200
name-z.source.com A 123.456.789.300
Reverse DNS:
123.456.789.100 PTR name-x.source.com
123.456.789.200 PTR name-z.source.com
123.456.789.300 PTR name-z.source.com
telnet cgp.destination.com 25
HELO 123.456.789.100
Received: from [123.456.789.200] (HELO 123.456.789.100) by
cgp.destination.com
# unverified HELO: 123.456.789.100 communicated from 123.456.789.200
telnet cgp.destination.com 25
HELO name-x.source.com
Received: from [123.456.789.200] (HELO nameof-123.456.789.101.com) by
cgp.destination.com
# unverified HELO: name-x.source.com aka 123.456.789.100 communicated from
123.456.789.200
telnet cgp.destination.com 25
HELO name-y.source.com
Received: from name-y.source.com ([123.456.789.200] verified) by
cgp.destination.com
# verified HELO: name-y.source.com aka 123.456.789.200 communicated from
123.456.789.200
# but reverse of 123.456.789.200 is name-z.source.com
--
Tom Kishel
Dark Horse Comics
--
View this message in context:
http://www.nabble.com/Parsing-Received-Headers-tf4361839.html#a12827592
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Re: OT: Spamtraps
Well normally you tried to keep your spamtraps secret. You want to be 100% sure that all email coming true is really spams. 2007/9/20, Michael Scheidell [EMAIL PROTECTED]: Or, better yet, just change the name on the email to lines when you complain to many isp's. They forward those to the spammers who happily add you to their 'known valid email address list'. Also, google for various opt-out pages. You opt out of the wrong page, you know you will get spam. Also, how about 'free porn in your inbox'? 24 hours later, you are getting mortgage ads from 5 banks. (yes, I all this is true) _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
