Re: sa-update NOT updating.
On 5/27/2014 3:47 PM, John Goubeaux wrote: Thanks guys, Yes, I was aware that an exit code of 1 IS normal when No New updates are available, But I assumed that the fact that this was going on for so long might indicate another problem was occurring. Good time for an update to the users list about the issue. The box that processed the updates at the ASF collo failed catastrophically during a power surge that took down some other boxes as ell. Unfortunately, while the project requested backups in 2009, they were not implemented. Since that crash, I've recovered a lot of the data and rebuilt several of the services from the data recovery, rsync backups and svn data. I also had the new box increased by 100GB in diskspace thanks to Jan Iverson with Infra because I was spending too much time manipulating data due to low space. Yesterday, I spent some time as well and Joes4 from Infra agreed to try to recovered the crontab/spools today though he is not hopeful. Otherwise, luckily I have cron logs and I think I've identified most of the scripts that run from cron. So at this point, I will soon have exhausted all of the attempts to recover without going to the next phase which is to try and reverse engineer the cron jobs. The hardest part is that there are multiple iterations of the various pieces of the masscheck system that have been put in place so I have to figure out in some cases, which one is the right piece. And at the same time, I've been properly documenting the changes to the underlying system so should I get hit by a bus, the system can be rebuilt without me. Apparently the sought.rules.yerp.org channel is also not being regularly updated either ? Sought is technically not a project ruleset but I think I now have access to all the boxes to get it running again. Alex Broens has offered to help so I hope to get him that info soon. It's a second priority after the rebuild of the zones box. Are there any other recommended rule channels to use ? I would recommend this rule set though I do not publish it as a channel though some (thanks Gushi) have attempted to help me do so: http://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf Regards, KAM
Re: I am getting lots of SPAM
reject_rbl_client all.spamrats.com http://all.spamrats.com/ On 29.05.14 13:17, Alex wrote: What's that? That doesn't really have a reputation here, and it's not going to be more effective than zen or barracuda. Set up your RBLs so they're weighted. Implement postscreen with postfix. 5 years ago I have posted question about this blacklist: http://marc.info/?l=spamassassin-usersm=123920398923786w=2 X-Spam-Status: No, score=3.147 tagged_above=-999 required=5.3 tests=[BAYES_99=4.5, BAYES_999=0.2, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=2.013, T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.7, USER_IN_WHITELIST_TO=-6] autolearn=no Why is this user whitelisted if you consider it to be spam? it's the recipient that is whitelisted. In such case it is really silly to blame SA for not marking _any_ mail as spam... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
Re: I am getting lots of SPAM
Thank you, I am running all.spamrats.com, also it may a huge different when I took the recipient off whitelist. Thanks for all your support. On Fri, May 30, 2014 at 11:13 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: reject_rbl_client all.spamrats.com http://all.spamrats.com/ On 29.05.14 13:17, Alex wrote: What's that? That doesn't really have a reputation here, and it's not going to be more effective than zen or barracuda. Set up your RBLs so they're weighted. Implement postscreen with postfix. 5 years ago I have posted question about this blacklist: http://marc.info/?l=spamassassin-usersm=123920398923786w=2 X-Spam-Status: No, score=3.147 tagged_above=-999 required=5.3 tests=[BAYES_99=4.5, BAYES_999=0.2, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RDNS_NONE=2.013, T_REMOTE_IMAGE=0.01, URIBL_BLACK=1.7, USER_IN_WHITELIST_TO=-6] autolearn=no Why is this user whitelisted if you consider it to be spam? it's the recipient that is whitelisted. In such case it is really silly to blame SA for not marking _any_ mail as spam... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
writing rules howto?
Hello, I have to get an overview on http links in a specific mail stream. My plan is to use spamassassin as it could parse message body much better then I do :-) There is a plugin URIDNSBL that could fire dns queries for every url found. That's fine for me, as the url is then in my dnsserver log. But I like to combine it with other properties of a message. Is ist possible to do something like this: if (subject =~ foo) { uridnsbl URIBL_FOO foo.myzone. A body URIBL_FOO eval:check_uridnsbl('URIBL_FOO') } if (subject =~ bar) uridnsbl URIBL_BAR bar.myzone. A body URIBL_BAR eval:check_uridnsbl('URIBL_BAR') } Thanks for hints Andreas
Re: writing rules howto?
On Fri, 2014-05-30 at 22:33 +0200, Andreas Schulze wrote: I have to get an overview on http links in a specific mail stream. My plan is to use spamassassin as it could parse message body much better then I do :-) There is a plugin URIDNSBL that could fire dns queries for every url found. That's fine for me, as the url is then in my dnsserver log. This does not necessarily get you all URIs. There are two limiting factors: (a) To lower the load on DNSBL operators and prevent unnecessary DNS queries, there is a list of URIs frequently found in mail, which will never be blacklisted anyway. These are skipped. The option clear_uridnsbl_skip_domain can be used to clear the default skip list. (b) To prevent excessive queries, the number of domains to look up is limited. You can set a higher value for uridnsbl_max_domains, if the default of 20 is not sufficient in your case. Both these options are documented here: http://spamassassin.apache.org/doc/Mail_SpamAssassin_Plugin_URIDNSBL.html Depending on what you actually want to extract from the messages, the resulting DNS queries of the URIDNSBL plugin might not be sufficient. URIDNSBL does NOT operate on actual, full URIs, but its domains only. No path information, and no hostname level. If you need more information and detail, you'll have to write a custom plugin, which has access to the complete, internal URI list. But I like to combine it with other properties of a message. Is ist possible to do something like this: if (subject =~ foo) { uridnsblURIBL_FOO foo.myzone. A bodyURIBL_FOO eval:check_uridnsbl('URIBL_FOO') } No, that is not possible. However, you can achieve such logic with a custom plugin. In addition to the internal URI list, a plugin can access which rules already matched. For that, the rules used as a conditional must have been completed already (lower priority, and not asynchronous). The bulk of the regex based rules are run at default priority 0, which also holds for custom header rules. By running your plugin at a higher priority level, its action can depend on conditions encoded as plain rules. Depending on your environment and needs, a plugin might be overkill and require too much effort. If the corpus is sufficiently small, and you don't plan on running the analysis frequently, you might get quick results out of a hack, harvesting -D debug output. uri__DUMP_URIS m~https?://.+~ tflags __DUMP_URIS multiple That is a sub-rule, matching any http or https URI. Due to tflags multiple, the debug output will list the matching part along with the rule's name to grep for. (Note though that this does include various internal versions, with path info stripped, etc. These duplicates need to be filtered out.) If you extract the URIs on a per-message basis, you can easily include more custom rules and have your data harvesting script use them as conditionals. -- char *t=\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: writing rules howto?
On Sat, 2014-05-31 at 00:44 +0200, Karsten Bräckelmann wrote: Depending on what you actually want to extract from the messages, the resulting DNS queries of the URIDNSBL plugin might not be sufficient. URIDNSBL does NOT operate on actual, full URIs, but its domains only. No path information, and no hostname level. Since SA 3.4, there are template tags which already might be all you need. The template tags _URIHOSTS_ and _URIDOMAINS_ list all extracted (and to be looked up) URIs, including full hostname and domain only respectively. No path information. add_header all UriHosts _URIHOSTS_ will add an X-Spam-UriHosts header. Since this actually is provided by the URIDNSBL plugin, skiplist and max number apply as outlined. -- char *t=\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: spamd Insecure dependency in connect while running setuid
Hi, I seem to have stumbled into an old problem that is new to me. I get the following error just about every time spamd is called: spamd[1390]: plugin: eval failed: Insecure dependency in connect while running setuid at /usr/lib64/perl5/IO/Socket.pm line 115, GEN322 line 1169. In case anyone is suffering from this bug and haven't gotten a response, please see: https://bugzilla.redhat.com/show_bug.cgi?id=1096405 I'm not sure if this will fix my issue. I had to update from the testing repo because the patch isn't available yet I guess. I'll post my results after a few days. --- Will Y. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.