date:20080619

Re: prefork error

2008-06-19 Thread Matus UHLAR - fantomas

On 19.06.08 13:54, raulbe wrote:
> were do I find these lines?

> confQUEUE_LA
> confREFUSE_LA
> confDELAY_LA 

> I looked in both the sendmail.cf file and the sendmail.mc  file and didnt
> see them?

you'll see them in cf.README(.gz) and you can add them to sendmail.mc
-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)

Re: how to stop SPF checks from going past trusted host?

2008-06-19 Thread John Hardin


On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:

> header  XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by 
> arran\.svcolo\.com (/
> score  XX  -5

Oops. Need some plusses in there...

/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com
(/

-- 
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Perfect Security is unattainable; beware those who would try to sell
  it to you, regardless of the cost, for they are trying to sell you
  your own slavery.
---
 15 days until the 232nd anniversary of the Declaration of Independence

Re: how to stop SPF checks from going past trusted host?

2008-06-19 Thread Matt Kettler


Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated on 
an internal rfc1918 network and routed through a trusted host.


Host A: generates mail, origin IP 10.x.x.x

Host B: relays mail for Host A, to Host C

Host C: receives mail, marks SPF_FAIL

Host B is both in the valid SPF record, and in trusted networks.

Example:

host A: 10.0.0.1 generates e-mail, routes via HostB

Host B: has outside IP 64.13.143.16

Host C: sees message from Host B, sees Host B is valid SPF sender, 
sees Host B is trusted Host


_APPARENTLY_ skips to the next Received header because B is trusted.
That is correct, SPF checks are applied to the first untrusted host. The 
question here would be if 10.x.x.x is in fact an internal, and 
presumably trusted, network, why isn't it trusted?


Also, presuming we're talking about your own domain, why aren't you 
using split DNS and declaring 10.x.x.x as a valid source in your 
internal SPF record (but not the one you expose to the outside world)



Received: from arran.svcolo.com (arran.sc.svcolo.com 
[64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP 
id m5K2o3it016795 for <[EMAIL PROTECTED]>; Thu, 19 Jun 2008 
19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED])


Received: from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by 
arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for 
<[EMAIL PROTECTED]>; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) 
(envelope-from [EMAIL PROTECTED])


X-Spam-Status: Yes, score=4.157 tagged_above=-10 required=4 
tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5


Obviously, putting 10/8 into the published SPF record makes no sense 
at all, nor does adding 10/8 to the trusted_networks.
Why do neither of those options make sense? I do both in my network, 
albeit that version SPF is only in my internal view, and I actually use 
10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8)


Is there some detail that's missing here? ie: do you have a compelling 
reason to not trust your internal hosts using 10/8?



So... how can I say "I trust Host B so much that I don't want to go 
any farther for SPF checks?"

Modify the SPF code. There's no such option at present.

Re: how to stop SPF checks from going past trusted host?

2008-06-19 Thread John Hardin


On Thu, 2008-06-19 at 20:37 -0700, Jo Rhett wrote:


> Example:
> 
>  host A: 10.0.0.1 generates e-mail, routes via HostB
> 
>  Host B: has outside IP 64.13.143.16

> > Received:   from arran.svcolo.com (arran.sc.svcolo.com  
> > [64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP  
> > id m5K2o3it016795 for <[EMAIL PROTECTED]>; Thu, 19 Jun 2008  
> > 19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED])
> >
> > Received:   from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by  
> > arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for <[EMAIL 
> > PROTECTED] 
> > >; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED] 
> > )
> >
> > X-Spam-Status:  Yes, score=4.157 tagged_above=-10 required=4  
> > tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5
> >
> Obviously, putting 10/8 into the published SPF record makes no sense  
> at all, nor does adding 10/8 to the trusted_networks.
> 
> So... how can I say "I trust Host B so much that I don't want to go  
> any farther for SPF checks?"

Do you *need* to get the SPF test to pass, or do you just want to lower
the score?

If the latter, how about:

header  XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\])
by arran\.svcolo\.com (/
score  XX  -5


-- 
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Perfect Security is unattainable; beware those who would try to sell
  it to you, regardless of the cost, for they are trying to sell you
  your own slavery.
---
 15 days until the 232nd anniversary of the Declaration of Independence

how to stop SPF checks from going past trusted host?

2008-06-19 Thread Jo Rhett

I'm trying to figure out how to stop SPF_FAIL on messages generated on  
an internal rfc1918 network and routed through a trusted host.


Host A: generates mail, origin IP 10.x.x.x

Host B: relays mail for Host A, to Host C

Host C: receives mail, marks SPF_FAIL

Host B is both in the valid SPF record, and in trusted networks.

Example:

host A: 10.0.0.1 generates e-mail, routes via HostB

Host B: has outside IP 64.13.143.16

Host C: sees message from Host B, sees Host B is valid SPF  
sender, sees Host B is trusted Host


_APPARENTLY_ skips to the next Received header because B is trusted.



Received: 	from arran.svcolo.com (arran.sc.svcolo.com  
[64.13.143.17]) by kininvie.sv.svcolo.com (8.14.1/8.14.1) with ESMTP  
id m5K2o3it016795 for <[EMAIL PROTECTED]>; Thu, 19 Jun 2008  
19:50:03 -0700 (PDT) (envelope-from [EMAIL PROTECTED])


Received: 	from apc0.sv.svcolo.com (apc0.sv [10.0.0.1]) by  
arran.svcolo.com (8.13.8/8.13.4) with SMTP id m5K2o1sL002910 for <[EMAIL PROTECTED] 
>; Thu, 19 Jun 2008 19:50:02 -0700 (PDT) (envelope-from [EMAIL PROTECTED] 
)


X-Spam-Status: 	Yes, score=4.157 tagged_above=-10 required=4  
tests=[AWL=0.656, NORMAL_HTTP_TO_IP=0.001, SPF_FAIL=3.5


Obviously, putting 10/8 into the published SPF record makes no sense  
at all, nor does adding 10/8 to the trusted_networks.


So... how can I say "I trust Host B so much that I don't want to go  
any farther for SPF checks?"


--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness

RE: script to upgrade SpamAssassin (itself, not just rule sets)

2008-06-19 Thread Robert - elists


Typically we do something like this basic outline

login to non-root account and change to proper directory

wget
http://www.apache.org/dist/spamassassin/source/Mail-SpamAssassin-3.2.5.tar.g
z

rpmbuild -tb Mail-SpamAssassin-3.2.5.tar.gz

su to root and change to proper directory

yum localinstall perl-Mail-SpamAssassin-3.2.5-1.i386.rpm
spamassassin-3.2.5-1.i386.rpm

then when done we run sa-update script and check log files for problems

 - rh

script to upgrade SpamAssassin (itself, not just rule sets)

2008-06-19 Thread jidanni

Gentlemen, every few months we must upgrade Spamassassin (the software
itself, not just doing sa-update).

So what script do you use to take the bore out of the process?

Need something like:
set -xeu
set /tmp/$USER.SpamassassinUpgrade
mkdir $1
cd $1
latest=`(fancy code to determine latest version on nearest mirror or
just master)`
wget $latest
bunzip2 *.bz2
cd `ls|sed q`
echo|perl Makefile.PL PREFIX=$HOME #answer the question with RETurn
make
make install

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Chris

On Thursday 19 June 2008 7:50 pm, Sahil Tandon wrote:
> Chris <[EMAIL PROTECTED]> wrote:
> > On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote:
> > > Guys, you're being hit with hacked web site URIs showing up in a heavy
> > > spam flood. I see Uribl.com got most of them, but in case:
> > >
> > > rawbody  GMD_R_DOT_HTML /\/r\.html$/
> > > describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
> > > score  GMD_R_DOT_HTML  3.5
> > >
> > I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran
> > spamassassin --lint and got:
>
> > I know it can't be that hard to c/p a rule, though it seems I either
> > messed something up or SA didn't like the rule.
>
> I think something went awry with your whitespace during the cut&paste.  Try
> editing the local.cf in vim, delete what appear to be spaces in the GMD
> rules, re-insert them, and then --lint again.

That did the trick, I should have learned from prior experience and typed it 
in manually in the first place.

Thanks
Chris

-- 
Chris
KeyID 0xE372A7DA98E6705C


pgpe3pN3wFhas.pgp
Description: PGP signature

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Sahil Tandon

Chris <[EMAIL PROTECTED]> wrote:

> On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote:
> > Guys, you're being hit with hacked web site URIs showing up in a heavy
> > spam flood. I see Uribl.com got most of them, but in case:
> >
> > rawbody  GMD_R_DOT_HTML /\/r\.html$/
> > describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
> > scoreGMD_R_DOT_HTML  3.5
> >
> > Note: making it an uri rule doesn't hit them all.
> >
> > enjoy
> 
> I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran 
> spamassassin --lint and got:

[...]

> I know it can't be that hard to c/p a rule, though it seems I either messed 
> something up or SA didn't like the rule.

I think something went awry with your whitespace during the cut&paste.  Try 
editing the local.cf in vim, delete what appear to be spaces in the GMD 
rules, re-insert them, and then --lint again.

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Chris

On Thursday 19 June 2008 9:33 am, Yet Another Ninja wrote:
> Guys, you're being hit with hacked web site URIs showing up in a heavy
> spam flood. I see Uribl.com got most of them, but in case:
>
> rawbody  GMD_R_DOT_HTML /\/r\.html$/
> describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
> score  GMD_R_DOT_HTML  3.5
>
> Note: making it an uri rule doesn't hit them all.
>
> enjoy

I'd like to enjoy, stuck the above in my local.cf, restarted SA, ran 
spamassassin --lint and got:

[EMAIL PROTECTED] ~]$ spamassassin --lint
[25034] warn: config: failed to parse line, skipping, in 
"/etc/mail/spamassassin/local.cf": score    GMD_R_DOT_HTML  3.5
[25034] warn: config: warning: description exists for non-existent rule 
GMD_R_DOT_HTML
[25034] warn: lint: 2 issues detected, please rerun with debug enabled for 
more information

I know it can't be that hard to c/p a rule, though it seems I either messed 
something up or SA didn't like the rule.

-- 
Chris
KeyID 0xE372A7DA98E6705C


pgp2gZfCUVttl.pgp
Description: PGP signature

yahoo.com adds new domains.

2008-06-19 Thread Michael Scheidell

As if email from freebie @yahoo.com addresses isn't enough, Yahoo has 
now announces two new domains that the freebie spammers can spam from:


ymail.com and rocketmail.com

*SAN FRANCISCO — Yahoo Inc. is offering free e-mail accounts under two 
new designations in an effort to attract Web surfers unhappy with their 
current addresses.*


The Sunnyvale-based company expects to begin registering new addresses 
under the domains of "ymail" and "rocketmail" around noon PDT Thursday 
at http://mail.yahoo.com.


It will be the first time that Yahoo has offered e-mail accounts under 
umbrellas other than its own company name since it became a 
correspondence conduit in 1997.


Yahoo began offering free e-mail shortly after its $80 million 
acquisition of Four11 Corp., which included the rocketmail domain. 
Rocketmail users at the time of the acquisition were allowed to keep 
their existing accounts, but Yahoo hadn't accepted any new addresses 
under that name until now.


The diversification into new e-mail designations is being driven by the 
difficulty that people are having as they try to find an appealing 
e-mail handle under the Yahoo domain.


Read full story at:

http://www.foxnews.com/printer_friendly_wires/2008Jun19/0,4675,TECYahooMail,00.html



sharpen up your SA rules, justin: time to watch those rules, including 
the 'forged from yahoo' rules.


no spf records. wonder if they will dkim sign them:

$ host -t txt ymail.com
ymail.com has no TXT record
$ host -t txt rocketmail.com
rocketmail.com has no TXT record

--
Michael Scheidell, President
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ 

_
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com

_

RE: The rules has more weigh than bayesian-learn ?

2008-06-19 Thread Giampaolo Tomassoni

> -Original Message-
> From: Thiago Henrique Rodrigues [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2008 11:11 PM
> To: users@spamassassin.apache.org
> Subject: Re: The rules has more weigh than bayesian-learn ?
> 
> 
> > Your question doesn't really make sense.  The results of the Bayes
> > examination
> > are rules based on the 0-100 spam probability.
> >
> > If I understand what you're asking though, the Bayes system results
> in
> > 1 rule
> > hit, whereas there are hundreds of other rules that can all hit, so
> > generally
> > rules would outweigh Bayes, unless you change the weighting (score)
> of
> > the
> > Bayes rule in relation to the other rules.
> >
> 
> Thanks for helping. I didn´t understand until now. All make sense.
> 
> I'm trying to use SpamAssassin in a structure as such: Postfix + Amavis
> + Clamav + SpamAssassin. Will I lose much considerably in the quality
> of
> my anti-spam if I not use the bayesian rule?

Bayes is a good piece of code, which fits fine in SA. Thereby I would suggest 
not to avoid using it.

Nevertheless, if you still prefer not to rely on it, you may lower a bit the 
spam tag and kill levels in Amavis such that pattern rules and network tests 
may suffice.

I find bayes quite useful also in avoiding FPs, not only in detecting spam...

Giampaolo


> 
> Best Regards,
> 
> --
> []'s
> Thiago Henrique
> Network Administration
> Digirati Networks
> K8 Networks
> Hostnet Hosting
> 
> 
>

Re: The rules has more weigh than bayesian-learn ?

2008-06-19 Thread Thiago Henrique Rodrigues


> Your question doesn't really make sense.  The results of the Bayes
> examination
> are rules based on the 0-100 spam probability.
> 
> If I understand what you're asking though, the Bayes system results in
> 1 rule
> hit, whereas there are hundreds of other rules that can all hit, so
> generally
> rules would outweigh Bayes, unless you change the weighting (score) of
> the
> Bayes rule in relation to the other rules.
> 

Thanks for helping. I didn´t understand until now. All make sense.

I'm trying to use SpamAssassin in a structure as such: Postfix + Amavis
+ Clamav + SpamAssassin. Will I lose much considerably in the quality of
my anti-spam if I not use the bayesian rule?

Best Regards,

--
[]'s
Thiago Henrique
Network Administration
Digirati Networks
K8 Networks
Hostnet Hosting

Re: Moving ham/spam from Exchange folders to sa-learn?

2008-06-19 Thread James Wilkinson

Henry Kwan wrote:

> Thanks for the script but I don't think I can use it as Exchange2K7
> has dropped IMAP support for public folders.  Or least this blog post
> from MSFT seems to indicate:
>
> http://msexchangeteam.com/archive/2006/02/20/419994.aspx

I don't have any Exchange 2007 experience, but at least on 2003 "public
folder" and "normal mailbox into which everyone can copy e-mail and to
which no-one can send e-mail" are two separate concepts. And you can use
IMAP to read the contents of the latter.

Unfortunately, setting that up involves configuring Outlook on each
client PC, so depending on the number of users, this may not be
practical.

Hope this helps,

James.
-- 
E-mail: james@ | Never ask, "Oh, why were things so much better in the old
aprilcottage.co.uk | days?" It's not an intelligent question.
   | -- Ecclesiastes 7 v. 10

Re: prefork error

2008-06-19 Thread raulbe


were do I find these lines?

adjust

confQUEUE_LA
confREFUSE_LA
confDELAY_LA 


I looked in both the sendmail.cf file and the sendmail.mc  file and didnt
see them?


thanks

Benny Pedersen wrote:
> 
> 
> On Torsdag, 19/6 2008, 18:36, raulbe wrote:
>>
>> I am using sendmail as my mta
> 
> http://www.sendmail.org/m4/tweaking_config.html
> 
> adjust
> 
> confQUEUE_LA
> confREFUSE_LA
> confDELAY_LA
> 
> delay is default 0, but in your case it should be little more then what
> time
> spamd uses pr scan msgs
> 
> all the abouve settings help on the specifik problem you have that
> sendmail
> accepts to much msgs at once so migh need to be adjusted
> 
> and i use postfix so my advice can be bogus, but i belive it this
> 
> 
> Benny Pedersen
> Need more webspace ? http://www.servage.net/?coupon=cust37098
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/prefork-error-tp17989187p18017921.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: prefork error

2008-06-19 Thread David B Funk

On Thu, 19 Jun 2008, raulbe wrote:

>
> I am using sendmail as my mta
>
>
> # rpm -q sendmail
> sendmail-8.13.1-3.2.el4
>
>
> What wierd is that the error clears up and then starts again after a while.
> Also I noticed we are getting hit with a considerable amount of spam. Plus I
> think our spamassassin version is old
>
> # rpm -q spamassassin
> spamassassin-3.1.9-1.el4

Try using round-robin rather than prefork scheduling with your SA.
( add the "--round-robin" command line option to your spamd startup).
We had similar prefork issues with our installation and switching to
round-robin fixed it.

-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

Re: prefork error

2008-06-19 Thread Benny Pedersen


On Torsdag, 19/6 2008, 18:37, raulbe wrote:

> I also notice this error in the maillog
>  spamd: still running as root: user not specified with -u, not found, or set
> to root, falling back to nobody

make a bug on this issue to your distro, its not really a bug but it could be
solved in the rpm file


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: prefork error

2008-06-19 Thread Benny Pedersen


On Torsdag, 19/6 2008, 18:36, raulbe wrote:
>
> I am using sendmail as my mta

http://www.sendmail.org/m4/tweaking_config.html

adjust

confQUEUE_LA
confREFUSE_LA
confDELAY_LA

delay is default 0, but in your case it should be little more then what time
spamd uses pr scan msgs

all the abouve settings help on the specifik problem you have that sendmail
accepts to much msgs at once so migh need to be adjusted

and i use postfix so my advice can be bogus, but i belive it this


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: prefork error

2008-06-19 Thread raulbe


I also notice this error in the maillog

 spamd: still running as root: user not specified with -u, not found, or set
to root, falling back to nobody






raulbe wrote:
> 
> I am using sendmail as my mta
> 
> 
> # rpm -q sendmail
> sendmail-8.13.1-3.2.el4
> 
> 
> What wierd is that the error clears up and then starts again after a
> while. Also I noticed we are getting hit with a considerable amount of
> spam. Plus I think our spamassassin version is old
> 
> # rpm -q spamassassin
> spamassassin-3.1.9-1.el4
> 
> 
> 
> 
> 
> 
> 
> Benny Pedersen wrote:
>> 
>> 
>> On Wed, June 18, 2008 20:36, raulbe wrote:
>> 
>>> What I did was edit etc/sysconfig/spamassassin  and up the max from 8 to
>>> 10
>>> now that worked for a while but now the error has returned. What could
>>> be
>>> causing the server not to be able to handle all the processes?
>> 
>> problem might be that you mta accepts to much spam, or even to much
>> connections that your spamd cant handle at once :/
>> 
>> tell us what mta you use
>> 
>> 
>> Benny Pedersen
>> Need more webspace ? http://www.servage.net/?coupon=cust37098
>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/prefork-error-tp17989187p18013025.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: prefork error

2008-06-19 Thread raulbe


I am using sendmail as my mta


# rpm -q sendmail
sendmail-8.13.1-3.2.el4


What wierd is that the error clears up and then starts again after a while.
Also I noticed we are getting hit with a considerable amount of spam. Plus I
think our spamassassin version is old

# rpm -q spamassassin
spamassassin-3.1.9-1.el4







Benny Pedersen wrote:
> 
> 
> On Wed, June 18, 2008 20:36, raulbe wrote:
> 
>> What I did was edit etc/sysconfig/spamassassin  and up the max from 8 to
>> 10
>> now that worked for a while but now the error has returned. What could be
>> causing the server not to be able to handle all the processes?
> 
> problem might be that you mta accepts to much spam, or even to much
> connections that your spamd cant handle at once :/
> 
> tell us what mta you use
> 
> 
> Benny Pedersen
> Need more webspace ? http://www.servage.net/?coupon=cust37098
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/prefork-error-tp17989187p18013023.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: [Rule Set proposal] French Rules

2008-06-19 Thread Justin Mason


Giampaolo Tomassoni writes:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, June 19, 2008 5:49 PM
> > To: Giampaolo Tomassoni
> > Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> > Subject: Re: [Rule Set proposal] French Rules
> > 
> > ...omissis...
> >
> 
> Ok, I see I have to get a copy of some reference mass-check: mine is mostly
> in Italian and I'm getting a lot of stuff which could easily result in FPs.
> See:
> 
> #  1.000   6.655   0.000
> body SEEK_OKRP_V  /We/
> #  1.000   4.292   0.000
> body SEEK_ZHYXLF  / Redmond, WA /
> #  1.000   4.292   0.000
> body SEEK_EFMKIR  /Microsoft/
> #  1.000   4.040   0.000
> body SEEK_V__XNS  /Get/
> #  1.000   3.841   0.000
> body SEEK_EXHMOF  /This/

yeah, you'll need to ensure your ham corpus contains lots of both english
_and_ Italian text ;)

--j.

Re: Spamassassin doesn't learn / debug outputs

2008-06-19 Thread Benny Pedersen


On Torsdag, 19/6 2008, 18:11, heinztomato wrote:

> That helped (wrong position for 2>&1 but sometimes I surprisingly manage to
> think for myself :)

good

> So everything looks ok, but I still got mails from a sender which always get
> through.

whitelisted ?

> I saved mails from him a dozen times in spam... Is there a
> possibility that spamassassin ignores the learned data but only uses
> white/blacklists?!?

sa-learn --dump magic

if both nham, nspam is over 200 then show me

spamassassin 2>&1 -D -t /tmp/log
and maybe olso
spamassassin 2>&1 -D --lint >/tmp/lint

post log and lint file somewhere


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Raymond Dijkxhoorn


Hi!


Message-id: 
Message-id: 
Message-id: 
Message-id: 

also, odd spaces:

Date:   Thu, 19 Jun 2008 17:04:32 +0200
Date:   Thu, 19 Jun 2008 18:03:54 +0300
Date:   Thu, 19 Jun 2008 17:03:49 +0200
Date:   Thu, 19 Jun 2008 10:02:50 -0500


Yups... hits SPACED_DATE also ;)

Bye,
Raymond.

RE: [Rule Set proposal] French Rules

2008-06-19 Thread Giampaolo Tomassoni

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2008 5:49 PM
> To: Giampaolo Tomassoni
> Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> Subject: Re: [Rule Set proposal] French Rules
> 
> ...omissis...
>

Ok, I see I have to get a copy of some reference mass-check: mine is mostly
in Italian and I'm getting a lot of stuff which could easily result in FPs.
See:

#  1.000   6.655   0.000
body SEEK_OKRP_V  /We/
#  1.000   4.292   0.000
body SEEK_ZHYXLF  / Redmond, WA /
#  1.000   4.292   0.000
body SEEK_EFMKIR  /Microsoft/
#  1.000   4.040   0.000
body SEEK_V__XNS  /Get/
#  1.000   3.841   0.000
body SEEK_EXHMOF  /This/

Thank you Justing,

Giampaolo

Re: Spamassassin doesn't learn / debug outputs

2008-06-19 Thread heinztomato



Benny Pedersen wrote:
> 
> seems ok :-)
> 
> /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn
> 2>&1
> -D --spam' >>/var/log/assassinspam.log
> 
> i hope its this, not tested
> 
> 

That helped (wrong position for 2>&1 but sometimes I surprisingly manage to
think for myself :)

So everything looks ok, but I still got mails from a sender which always get
through. I saved mails from him a dozen times in spam... Is there a
possibility that spamassassin ignores the learned data but only uses
white/blacklists?!?
-- 
View this message in context: 
http://www.nabble.com/Spamassassin-doesn%27t-learn---debug-outputs-tp18011818p18012471.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

RE: Spamassassin doesn't learn / debug outputs

2008-06-19 Thread Giampaolo Tomassoni

> -Original Message-
> From: heinztomato [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2008 5:41 PM
> To: users@spamassassin.apache.org
> Subject: Spamassassin doesn't learn / debug outputs
> 
> 
> Hi there. It seems my Spamassassin does not learn very well...
> 
> I use the following statements to learn spam/ham:
> 
> /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-
> learn -D
> --spam' >>/var/log/assassinspam.log
> /usr/bin/fetchmail -a -s -n --folder assassin/ham -m '/usr/bin/sa-learn
> -D
> --ham' >>/var/log/assassinham.log
> 
> when watchig the logfiles the only information I get is
>
> Learned tokens from 1 message(s) (1 message(s) examined)
> Learned tokens from 0 message(s) (1 message(s) examined)
> Learned tokens from 0 message(s) (1 message(s) examined)
> Learned tokens from 1 message(s) (1 message(s) examined)
> Learned tokens from 1 message(s) (1 message(s) examined)

Are you training the right user?

Maybe you have to use something like:

/usr/bin/fetchmail -a -s -n --folder assassin/spam -m 'su -s /bin/sh -c
\'/usr/bin/sa-learn --spam\' - amavis' >>/var/log/assassinspam.log

or whatever user owns the "right" bayes db...

Giampaolo


> No more informations to be seen even with the "-D" Parameter. Is there
> a way
> to get more information so I can check out what is going wrong?!?
> 
> thx in advance
> --
> View this message in context: http://www.nabble.com/Spamassassin-
> doesn%27t-learn---debug-outputs-tp18011818p18011818.html
> Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Justin Mason


Jeff Chan writes:
> On Thursday, June 19, 2008, 7:33:44 AM, Yet Ninja wrote:
> > Guys, you're being hit with hacked web site URIs showing up in a heavy
> > spam flood. I see Uribl.com got most of them, but in case:
> 
> > rawbody  GMD_R_DOT_HTML /\/r\.html$/
> > describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
> > scoreGMD_R_DOT_HTML  3.5
> 
> > Note: making it an uri rule doesn't hit them all.

if you can find a case where the uri rule doesn't match but the rawbody
does, and the URL works, please open a bug!

> > enjoy
> 
> It and video.exe are Storm.

yeah, I was thinking it looked familiar. 

BAD_ENC_HEADER hits them all btw, on the Subject line's encoding. and
there's some interesting regularity in the Message-ID:

Message-id: 
Message-id: 
Message-id: 
Message-id: 

also, odd spaces:

Date:   Thu, 19 Jun 2008 17:04:32 +0200
Date:   Thu, 19 Jun 2008 18:03:54 +0300
Date:   Thu, 19 Jun 2008 17:03:49 +0200
Date:   Thu, 19 Jun 2008 10:02:50 -0500

--j.

Re: Spamassassin doesn't learn / debug outputs

2008-06-19 Thread Benny Pedersen


On Thu, June 19, 2008 17:41, heinztomato wrote:

> /usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn -D
> --spam' >>/var/log/assassinspam.log

> Learned tokens from 1 message(s) (1 message(s) examined)

seems ok :-)

/usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn 2>&1
-D --spam' >>/var/log/assassinspam.log

i hope its this, not tested


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: [Rule Set proposal] French Rules

2008-06-19 Thread Justin Mason


Giampaolo Tomassoni writes:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, June 19, 2008 5:28 PM
> > To: Giampaolo Tomassoni
> > Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> > Subject: Re: [Rule Set proposal] French Rules
> > 
> > 
> > Giampaolo Tomassoni writes:
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > > > Sent: Wednesday, June 18, 2008 12:10 PM
> > > > To: John GALLET
> > > > Cc: users@spamassassin.apache.org
> > > > Subject: Re: [Rule Set proposal] French Rules
> > > >
> > > > ...omissis...
> > > >
> > > > by the way, if you're reasonably perl-capable, it might be
> > worthwhile
> > > > using the algorithm I use to generate the JM_SOUGHT ruleset for
> > english
> > > > spam: http://taint.org/tag/rule-discovery
> > > >
> > > > you just give it a corpus of spam samples and it generates the
> > rules
> > > > for
> > > > you.  The code is in SpamAssassin SVN.
> > > >
> > > > --j.
> > >
> > > Nah, that's great!
> > >
> > > I regret I can only occasionally read interesting messages due to my
> > own
> > > time constraints. I could have read about this set of scripts weeks
> > ago,
> > > otherwise...
> > >
> > > How this code is supposed to be used? I see these scripts in rule-
> > dev:
> > > maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and
> > > strip-high-scorers-from-log.
> > >
> > > Give us a brief description of their work and usage.
> > 
> > Basically, you collect 2 corpora:
> > 
> > 1. a big corpus of ham samples, stuff that you do not want to match.
> > 
> > 2. a smaller corpus of spam samples.
> > 
> > You run "seek-phrases-in-corpus" over the 2 corpora, and it'll spit out
> > the patterns; you can then write rules based on these.
> > 
> > Alternatively run "mass-check" and "seek-phrases-in-log" directly as
> > that
> > script does, to get a bit more control (and generate real SpamAssassin
> > rules).  That's what the JM_SOUGHT scripts do.  See below:
> > 
> >   http://taint.org/x/2008/seekrules_run
> > 
> > that script also calls "mk_meta_rule", which is here:
> > http://taint.org/x/2008/mk_meta_rule
> 
> Running seek-phrases-in-corpus I get a lot of these:
> 
>   "Wide character in print at
> /home/whatever/masses/plugins/Dumptext.pm line 26."
> 
> Is it an issue with UTF-8 multibyte characters?

yes. It seems harmless -- I never got around to tracking it down.

RE: [Rule Set proposal] French Rules

2008-06-19 Thread Giampaolo Tomassoni

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2008 5:28 PM
> To: Giampaolo Tomassoni
> Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> Subject: Re: [Rule Set proposal] French Rules
> 
> 
> Giampaolo Tomassoni writes:
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, June 18, 2008 12:10 PM
> > > To: John GALLET
> > > Cc: users@spamassassin.apache.org
> > > Subject: Re: [Rule Set proposal] French Rules
> > >
> > > ...omissis...
> > >
> > > by the way, if you're reasonably perl-capable, it might be
> worthwhile
> > > using the algorithm I use to generate the JM_SOUGHT ruleset for
> english
> > > spam: http://taint.org/tag/rule-discovery
> > >
> > > you just give it a corpus of spam samples and it generates the
> rules
> > > for
> > > you.  The code is in SpamAssassin SVN.
> > >
> > > --j.
> >
> > Nah, that's great!
> >
> > I regret I can only occasionally read interesting messages due to my
> own
> > time constraints. I could have read about this set of scripts weeks
> ago,
> > otherwise...
> >
> > How this code is supposed to be used? I see these scripts in rule-
> dev:
> > maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and
> > strip-high-scorers-from-log.
> >
> > Give us a brief description of their work and usage.
> 
> Basically, you collect 2 corpora:
> 
> 1. a big corpus of ham samples, stuff that you do not want to match.
> 
> 2. a smaller corpus of spam samples.
> 
> You run "seek-phrases-in-corpus" over the 2 corpora, and it'll spit out
> the patterns; you can then write rules based on these.
> 
> Alternatively run "mass-check" and "seek-phrases-in-log" directly as
> that
> script does, to get a bit more control (and generate real SpamAssassin
> rules).  That's what the JM_SOUGHT scripts do.  See below:
> 
>   http://taint.org/x/2008/seekrules_run
> 
> that script also calls "mk_meta_rule", which is here:
> http://taint.org/x/2008/mk_meta_rule

Running seek-phrases-in-corpus I get a lot of these:

"Wide character in print at
/home/whatever/masses/plugins/Dumptext.pm line 26."

Is it an issue with UTF-8 multibyte characters?

Giampaolo


> 
> --j.

Making SA exposed to flood, stretch test for SA

2008-06-19 Thread NGSS

Is there a good way to make SA exposed to spam flood , preferably with wide
variety of diff spam patterns, to check/measure how well the rule sets work
against them?

Spamassassin doesn't learn / debug outputs

2008-06-19 Thread heinztomato


Hi there. It seems my Spamassassin does not learn very well...

I use the following statements to learn spam/ham:

/usr/bin/fetchmail -a -s -n --folder assassin/spam -m '/usr/bin/sa-learn -D
--spam' >>/var/log/assassinspam.log
/usr/bin/fetchmail -a -s -n --folder assassin/ham -m '/usr/bin/sa-learn -D
--ham' >>/var/log/assassinham.log

when watchig the logfiles the only information I get is 

Learned tokens from 1 message(s) (1 message(s) examined)
Learned tokens from 0 message(s) (1 message(s) examined)
Learned tokens from 0 message(s) (1 message(s) examined)
Learned tokens from 1 message(s) (1 message(s) examined)
Learned tokens from 1 message(s) (1 message(s) examined)

No more informations to be seen even with the "-D" Parameter. Is there a way
to get more information so I can check out what is going wrong?!?

thx in advance
-- 
View this message in context: 
http://www.nabble.com/Spamassassin-doesn%27t-learn---debug-outputs-tp18011818p18011818.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: EMERGENCY RULE: porntube redirect

2008-06-19 Thread Jeff Chan

On Thursday, June 19, 2008, 7:33:44 AM, Yet Ninja wrote:
> Guys, you're being hit with hacked web site URIs showing up in a heavy
> spam flood. I see Uribl.com got most of them, but in case:

> rawbody  GMD_R_DOT_HTML /\/r\.html$/
> describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
> scoreGMD_R_DOT_HTML  3.5

> Note: making it an uri rule doesn't hit them all.

> enjoy

It and video.exe are Storm.

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: [Rule Set proposal] French Rules

2008-06-19 Thread Justin Mason


Giampaolo Tomassoni writes:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, June 18, 2008 12:10 PM
> > To: John GALLET
> > Cc: users@spamassassin.apache.org
> > Subject: Re: [Rule Set proposal] French Rules
> > 
> > ...omissis...
> >
> > by the way, if you're reasonably perl-capable, it might be worthwhile
> > using the algorithm I use to generate the JM_SOUGHT ruleset for english
> > spam: http://taint.org/tag/rule-discovery
> > 
> > you just give it a corpus of spam samples and it generates the rules
> > for
> > you.  The code is in SpamAssassin SVN.
> > 
> > --j.
> 
> Nah, that's great!
> 
> I regret I can only occasionally read interesting messages due to my own
> time constraints. I could have read about this set of scripts weeks ago,
> otherwise...
> 
> How this code is supposed to be used? I see these scripts in rule-dev:
> maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and
> strip-high-scorers-from-log.
> 
> Give us a brief description of their work and usage.

Basically, you collect 2 corpora:

1. a big corpus of ham samples, stuff that you do not want to match.

2. a smaller corpus of spam samples.

You run "seek-phrases-in-corpus" over the 2 corpora, and it'll spit out
the patterns; you can then write rules based on these.

Alternatively run "mass-check" and "seek-phrases-in-log" directly as that
script does, to get a bit more control (and generate real SpamAssassin
rules).  That's what the JM_SOUGHT scripts do.  See below:

  http://taint.org/x/2008/seekrules_run

that script also calls "mk_meta_rule", which is here:
http://taint.org/x/2008/mk_meta_rule

--j.

EMERGENCY RULE: porntube redirect

2008-06-19 Thread Yet Another Ninja

Guys, you're being hit with hacked web site URIs showing up in a heavy 
spam flood. I see Uribl.com got most of them, but in case:


rawbody  GMD_R_DOT_HTML /\/r\.html$/
describe GMD_R_DOT_HTML Possible hacked site with porntube redirect
scoreGMD_R_DOT_HTML  3.5

Note: making it an uri rule doesn't hit them all.

enjoy

RE: [Rule Set proposal] French Rules

2008-06-19 Thread Giampaolo Tomassoni

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 18, 2008 12:10 PM
> To: John GALLET
> Cc: users@spamassassin.apache.org
> Subject: Re: [Rule Set proposal] French Rules
> 
> ...omissis...
>
> by the way, if you're reasonably perl-capable, it might be worthwhile
> using the algorithm I use to generate the JM_SOUGHT ruleset for english
> spam: http://taint.org/tag/rule-discovery
> 
> you just give it a corpus of spam samples and it generates the rules
> for
> you.  The code is in SpamAssassin SVN.
> 
> --j.

Nah, that's great!

I regret I can only occasionally read interesting messages due to my own
time constraints. I could have read about this set of scripts weeks ago,
otherwise...

How this code is supposed to be used? I see these scripts in rule-dev:
maildir-scan-headers, seek-phrases-in-corpus, seek-phrases-in-log and
strip-high-scorers-from-log.

Give us a brief description of their work and usage.

Nice idea, Justin!

Giampaolo

Re: [Rule Set proposal] French Rules

2008-06-19 Thread John GALLET



I still miss samples for two rules, even if I did had hits according to 
/var/spool/maillog I did not save them.


I added a sample for the FR_NOTSPAM rule, and I removed the 
FR_YOURELUCKY rule as I see other forms of the text getting through so 
it is not efficient. On the other hand, nearly all these messages are 
caught with RBL rules so I might even remove it completely if I can't find 
an efficient one.


John
PS: reminder, rules and samples avaible at
http://www.saphirtech.fr/spam/

Re: points for for user in Awl

2008-06-19 Thread Benny Pedersen


On Thu, June 19, 2008 10:48, Robert Schetterer wrote:

>> http://wiki.apache.org/spamassassin/AutoWhitelist
>> http://wiki.apache.org/spamassassin/AwlWrongWay
> thanks i allready found and fixed it

fix is ?


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: Invalid byte sequence for encoding

2008-06-19 Thread Benny Pedersen


On Thu, June 19, 2008 09:25, Peter Sørensen wrote:

> [16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence for
> encoding "UTF8": 0xd3ce
> [16119] dbg: bayes: HINT: This error can also happen if the byte sequence does
> not match the encoding expected by the server, which is controlled by
> "client_encoding".

use latin in postgresql will solve it


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: open of auto-whitelist file failed

2008-06-19 Thread Obantec Support

- Original Message - 
From: "Obantec Support" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, June 19, 2008 8:12 AM
Subject: open of auto-whitelist file failed

Hi

SA 3.2.4 on FC3

spamd is started by script and is running as root.

maillog shows various users with
spamd[5648]: auto-whitelist: open of auto-whitelist file failed: 
auto-whitelist: cannot open auto_whitelist_path 
/home/domain/domain71/.spamassassin/auto-whitelist

No such file or directory

auto-whitelist exists as a flie and is chmod 0600 owned by 
username.domain71 in this example but all other users are having the same 
"auto-whitelist: open of auto-whitelist file failed"

other than the above all seems to work well.

any ideas?

googled out :(

Mark

from a posting by Matus "Re: points for awl users" the url 
http://wiki.apache.org/spamassassin/AutoWhitelist suggests that my 
auto-whitelist files are wrong format.

Easy solution it to delete them all. But! is this the only way to do this?

Mark

Re: Moving ham/spam from Exchange folders to sa-learn?

2008-06-19 Thread Henry Kwan

Martin.Hepworth  solidstatelogic.com> writes:

> 
> Henry
> 
> Make sure the spam/ham folders are imap folders. Make sure they drag the
messages into that folder and not
> email them as it'll muck up the headers otherwise.
> 
> Then grab a perl script (heck here's one below) to get messages from those
folders and place into the bayes.
> 
> Make sure you're running this script as the user mailscanner run's as
(mailnull, postfix etc) is not
> running as root.

Hi Martin,

Thanks for the script but I don't think I can use it as Exchange2K7 has dropped
IMAP support for public folders.  Or least this blog post from MSFT seems to
indicate:

http://msexchangeteam.com/archive/2006/02/20/419994.aspx

"# E12's client access server has some limitations in public folder support: no
IMAP, NNTP, nor OWA access to E12 public folders (OWA access to E2K and E2K3
public folders will be possible for E12 mailbox users)."

Perhaps I can track down some type of MSG->mbox/mbx/maildir conversion utility.

Re: points for for user in Awl

2008-06-19 Thread Robert Schetterer


Matus UHLAR - fantomas schrieb:

On 19.06.08 10:24, Robert Schetterer wrote:
i got some mail which got positive points for beeing in the 
autowhitelist can someone enlight me ?


http://wiki.apache.org/spamassassin/AutoWhitelist
http://wiki.apache.org/spamassassin/AwlWrongWay


thanks i allready found and fixed it

--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

Re: points for for user in Awl

2008-06-19 Thread Matus UHLAR - fantomas

On 19.06.08 10:24, Robert Schetterer wrote:
> i got some mail which got positive points for beeing in the 
> autowhitelist can someone enlight me ?

http://wiki.apache.org/spamassassin/AutoWhitelist
http://wiki.apache.org/spamassassin/AwlWrongWay

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Re: Moving ham/spam from Exchange folders to sa-learn?

2008-06-19 Thread Matus UHLAR - fantomas

On 19.06.08 09:18, Martin.Hepworth wrote:

Please, set up your mailer to wrap lines below 80 characters per line, 72 to
76 is usually OK.

> Make sure the spam/ham folders are imap folders. Make sure they drag the
> messages into that folder and not email them as it'll muck up the headers
> otherwise.

note that exchange still m(f)ucks up headers, often recodes body, so it may
lower the effectiveness if you are running SA before mails hit exchange

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #9: Out of error messages.

points for for user in Awl

2008-06-19 Thread Robert Schetterer


Hi,
i got some mail which got positive points for beeing in the 
autowhitelist can someone enlight me ?


-Spam-Report:
 *  1.0 NO_REAL_NAME From: does not include a real name
 *  0.0 DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails
 *  0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay 
lines

 * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
 *  [score: 0.]
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  1.4 HTML_10_20 BODY: Message is 10% to 20% HTML
 *  7.8 AWL AWL: From: address is in the auto white-list
--
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

RE: Moving ham/spam from Exchange folders to sa-learn?

2008-06-19 Thread Martin.Hepworth

Henry

Make sure the spam/ham folders are imap folders. Make sure they drag the 
messages into that folder and not email them as it'll muck up the headers 
otherwise.

Then grab a perl script (heck here's one below) to get messages from those 
folders and place into the bayes.

Make sure you're running this script as the user mailscanner run's as 
(mailnull, postfix etc) is not running as root.

#!/usr/bin/perl -w
use strict;
use Mail::IMAPClient;
use Shell;
use Env qw(HOME);
use Getopt::Long;

use File::Temp qw/ tempfile tempdir /;

my $imapserver = "myserver.domain.com";

# set to 1 to enable imapclient debugging
my $debug = 0;

# set to 1 if running under cron (disables output)
my $cron = 1;

my $filename;
my $fh;

my %options =
(
 uid => undef,
 pwd => undef
);

my $cmdsts = GetOptions ("uid=s" => \$options{uid}, "pwd=s" =>
\$options{pwd});

if (!$options {uid}) { die "[SPAMASSASSIN] uid not set
(-uid=username)\n"; }
if (!$options {pwd}) { die "[SPAMASSASSIN] pwd not set
(-pwd=password)\n"; }

my $uid = $options{uid};
my $pwd = $options{pwd};

# login to imap server
my $imap = Mail::IMAPClient->new (Server=>$imapserver, User=>$uid, Password=>$pw
d, Debug=>$debug)
or die "Can't connect to [EMAIL PROTECTED]: $@ $\n";

if ($imap)
{
  my $count;

  # Deal with spam first
  learn_mail ($HOME."/spam/", ".spam", "spam", 0, "--spam --showdots");

  # Now deal with ham
  learn_mail ($HOME."/ham/", ".ham", "ham", 0, "--ham --showdots");

}
else
{
  die "[SPAMASSASSIN] Unable to logon to IMAP mail account!
$options{uid}\n";
}

exit;

#
# read and learn mail from imap server
#
# arguments
#  $dir directory to place retrieved messages in
#  $ext file extension to use on retrieved messages
#  $folder  imap folder name on server
#  $shared  0 if imap folder is in users mailbox
#   1 if imap folder is in shared name space or
#  $sa_args additional arguments to specify to sa-learn
#   (e.g. --spam or --ham)
#
sub learn_mail {
  my $dir = shift (@_);
  my $ext = shift (@_);
  my $folder = shift (@_);
  my $shared = shift (@_);
  my $sa_args = shift (@_);

  my $count = 0;

  # tidy up directory before run
  clear_directory ($dir, $ext);

  # read mail from server
  $count = read_mail ($dir, $ext, $folder, $shared);
  if ($count > 0)
  {
# learn about mail
sa_learn ($dir, $ext, $sa_args);

# tidy up files after sa-learn is called
clear_directory ($dir, $ext);
  }
}


#
# reads mail from an imap folder and saves in a local directory
#
# arguments
#  $dir directory to place retrieved messages in
#  $ext file extension to use on retrieved messages
#  $folder  imap folder name on server
#  $shared  0 if imap folder is in users mailbox
#   1 if imap folder is in shared name space or
sub read_mail {
  my $dir = shift (@_);
  my $ext = shift (@_);
  my $folder = shift (@_);
  my $shared = shift (@_);
  my $count = 0;
  my $target = "";

  if ($shared)
  {
# use a shared public folder instead
my ($prefix, $sep) = @{$imap->namespace->[2][0]}
   or die "Can't get shared folder namespace or seperator: [EMAIL 
PROTECTED]";

$target = $prefix.
   ($prefix =~ /\Q$sep\E$/ || $folder =~ /^\Q$sep/ ? "" : $sep).
   $folder;
  }
  else { $target = $folder; }

  $imap->select ($target) or die "Cannot select $target: [EMAIL PROTECTED]";

  # If a shared public folder is required uncomment the following
  # lines and comment out the previous $imap->select line

  # read through all messages
  my @msgs = $imap->search("ALL");
  foreach my $msg (@msgs)
  {
($fh, $filename) = tempfile (SUFFIX => $ext, DIR => $dir);
$imap->message_to_file ($fh, $msg);
close $fh;
$count++;
  }
  $imap->delete_message (@msgs);

  if ($cron == 0) { print "Retrieved $count messages from $target\n"; }

  return $count;
}

#
# Removes files in directory $dir with extension $ext
#
sub clear_directory{
  my $dir = shift (@_);
  my $ext = shift (@_);

  opendir (DIR, $dir) or die "Couldn't open dir: $dir\n";
  my @files = readdir (DIR);
  close (DIR);

  for (my $i = 0; $i <= $#files; $i++ )
  {
if ($files[$i] =~ /.*?$ext$/) { unlink ($dir.$files[$i]); }
  }
}


#
# execute sa-learn command
#
sub sa_learn {
  my $dir = shift (@_);
  my $ext = shift (@_);
  my $type = shift (@_);
  my $learncmd = "/usr/local/bin/sa-learn ".$type." --dir ".$dir;

  if ($cron == 0) { $learncmd .= " --showdots"; }
  else { $learncmd .= " > /dev/null 2>&1"; }

  #
  # Run sa-learn script on spam directory
  #
  my $sh = Shell->new;
  my @args = ($learncmd);

  system (@args) == 0 or die "system @args failed: $?";
}

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of Henry Kwan
> Sent: 19 June 2008 03:10
> To: users@spamassassin.apache.org
> Subject: Moving ham/spam from Exchange folders to sa-learn?
>
>
> Hi,
>
> Currently r

Re: Invalid byte sequence for encoding

2008-06-19 Thread Michael Monnerie

On Donnerstag, 19. Juni 2008 Peter Sørensen wrote:
> [16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence
> for encoding "UTF8": 0xd3ce [16119] dbg: bayes: HINT: This error can
> also happen if the byte sequence does not match the encoding expected
> by the server, which is controlled by "client_encoding".

I guess you had encoding SQL_ASCII on mysql and use UTF8 on postgresql? 
Then you may have to let iconv parse the /tmp/bayes.backup into utf8, 
and import that.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc-  http://it-management.at
// Tel: 0660 / 415 65 31  .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: www.keyserver.net   Key-ID: 1C1209B4


signature.asc
Description: This is a digitally signed message part.

Invalid byte sequence for encoding

2008-06-19 Thread Peter Sørensen

Hi,

I am in the process of converting bayes from mysql to postgres.
On my running system I make a backup with

# sa-learn --backup > /tmp/bayes.backup

I use this file as input on my redhat ( 2... ) testsystem using spamassassin 
3.4.4
and postgres 8.3.1 like:

# sa-learn --restore bayes.backup



I get the following error:

 bayes: seen ([EMAIL PROTECTED]) put 
[16119] dbg: bayes: seen ([EMAIL PROTECTED]) put 
[16119] dbg: bayes: seen ([EMAIL PROTECTED]) put
[16119] dbg: bayes: seen ([EMAIL PROTECTED]) put
[16119] dbg: bayes: seen ([EMAIL PROTECTED]) put
[16119] dbg: bayes: seen_put: SQL error: ERROR: invalid byte sequence for 
encoding "UTF8": 0xd3ce
[16119] dbg: bayes: HINT: This error can also happen if the byte sequence does 
not match the encoding expected by the server, which is controlled by 
"client_encoding".
[16119] dbg: bayes: error inserting msgid in seen table for line: s s [EMAIL 
PROTECTED]
bayes: encountered too many errors (20) while parsing seen lines, reverting to 
empty database and exiting
ERROR: Bayes restore returned an error, please re-run with -D for more 
information

I could of course try and find the offending lines in the file and delete but 
I'm not sure if this an error that will persist. Any hints?


Regards


Peter Sorensen/University of Southern Denmark/email: [EMAIL PROTECTED]

Moving ham/spam from Exchange folders to sa-learn?

2008-06-19 Thread Henry Kwan


Hi,

Currently running SA 3.25 via MailScanner frontend (CentOS5 box in the DMZ) to
Exchange2K7.  Have setup two public folders for users to dump spam/ham in. 
What's the usual way of moving these messages back to SA for learning?  The
volume isn't that high so if there was a way to convert .MSG to a format that
sa-learn understands, I could then just sftp it back onto the CentOS box.

Any links or tips would be appreciated.

Thanks.

open of auto-whitelist file failed

2008-06-19 Thread Obantec Support


Hi

SA 3.2.4 on FC3

spamd is started by script and is running as root.

maillog shows various users with
spamd[5648]: auto-whitelist: open of auto-whitelist file failed: 
auto-whitelist: cannot open auto_whitelist_path 
/home/domain/domain71/.spamassassin/auto-whitelist

No such file or directory

auto-whitelist exists as a flie and is chmod 0600 owned by username.domain71 
in this example but all other users are having the same "auto-whitelist: 
open of auto-whitelist file failed"


other than the above all seems to work well.

any ideas?

googled out :(

Mark

50 matches

Mail list logo