Re: Low resource rules

2007-10-01 Thread Adam Wilbraham 
On Sat, 29 Sep 2007 13:43:55 -0500
"John Schmerold" <[EMAIL PROTECTED]> wrote:

> Problem is SA, I don't have enough computer to do serious content
> checking. Anyone care to recommend a few rules that will tend to catch
> a big chunk of the spam without sucking too much brainpower from this
> VPS box?

ClamAV with the SaneSecurity definitions.

www.sanesecurity.co.uk


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: update from 3.1.7

2007-09-18 Thread Adam Wilbraham 
On Tue, 18 Sep 2007 09:19:12 +0100
Adam Wilbraham <[EMAIL PROTECTED]> wrote:

> You might find that yoe need to also use dh-make-perl to fetch and
> build some module other perl module dependencies too before SA will
> build properly, all pretty straightforward though.

Apologies for the lack of cohesion in that paragraph - notes to self:
have more morning coffee to wake yourself up and make sure you proof
read before pressing send!

Wilb

Re: update from 3.1.7

2007-09-18 Thread Adam Wilbraham 
I use dh-make-perl to create a .deb from CPAN, alls been working fine
using that method for a couple of months now.

aptitude install dh-make-perl
dh-make-perl --build --cpan  Mail::SpamAssassin
dpkg -i 

You might find that yoe need to also use dh-make-perl to fetch and build
some module other perl module dependencies too before SA will build
properly, all pretty straightforward though.

Wilb




On Tue, 18 Sep 2007 11:51:38 +0530
"Rajkumar S" <[EMAIL PROTECTED]> wrote:

> On 9/18/07, infolistas listas <[EMAIL PROTECTED]> wrote:
> > HI users could anyone give me a help updating sa 3.1.7 - 3.2.3?
> > I'm not sure how I'll do that
> >
> > I'm using ubuntu feisty, mailscanner, postfix, ldap, courier-imap
> > are there .deb for sa 3.2.3?
> 
> A Sub question, How does people in the list using Debian upgrade SA? I
> am running Debian Stable, and looking for some best practices.
> 
> raj


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: A rule for empty body and pdf attachment??

2007-08-03 Thread Adam Wilbraham 
On Thu, 2 Aug 2007 12:24:37 -0700 (PDT)
User for SpamAssassin Mail List <[EMAIL PROTECTED]> wrote:

> 
> Hello,
> 
> We are running a Debian Sarge system here with spamassassin version
> Version: 3.0.3-2sarge1.

My word, get yourself 3.1.7 from Sarge backports and run sa-update
before you do anything!

Re: ETA for SA 3.2.2 for Debian

2007-07-31 Thread Adam Wilbraham 
On Tue, 31 Jul 2007 11:01:16 +0200
[EMAIL PROTECTED] wrote:

> Hi,
> 
> I was wondering when the 3.2.x branch will be available for Debian.  
> The latest version available is 3.1.7 and I guess there are some
> good improvements in the new version (for instance sa-compile from
> which I hope to speed up things a little)
> 
> Greets
> Chris
> 
> --
> Christoph Petersen

I've used dh-make-perl to build my own 3.2.2 packages from CPAN, seems
to work prety well.


Wilb

-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: RDJ 404's

2007-07-26 Thread Adam Wilbraham 
Sorry yes thats true, although I think in this instance its the SARE
rules they're having problems getting. 


On Thu, 26 Jul 2007 16:20:30 +0100
"Martin.Hepworth" <[EMAIL PROTECTED]> wrote:

> Maybe obsolete for sare rules (due to ddos issues etc), but its very
> handy for other peoples rulesets you want to keep up-to date..
> 
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Sent: 26 July 2007 16:15
> > To: users@spamassassin.apache.org
> > Subject: Re: RDJ 404's
> >
> > - Original Message -
> > From: Adam Wilbraham <[EMAIL PROTECTED]>
> > To: users@spamassassin.apache.org>
> > Subject: Re: RDJ 404's
> > Date: Thu, 26 Jul 2007 10:02:21 +0100
> >
> > >RulesDuJour is obsolete, you should use sa-update instead.
> >
> > Really? Why doesn't it say that on the TWiki or the rulesemporium
> > website or the SpamAssassin documentation?
> >
> > I am also having this same problem...
> >
> >
> > =
> > Kevin W. Gagel
> > Network Administrator
> > Information Technology Services
> > (250) 562-2131 local 448
> > My Blog:
> > http://mail.cnc.bc.ca/blogs/gagel
> >
> > ---
> > The College of New Caledonia, Visit us at http://www.cnc.bc.ca
> > Virus scanning is done on all incoming and outgoing email.
> > Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
> > ---
> 
> 
> 
> 
> **
> Confidentiality : This e-mail and any attachments are intended for
> the addressee only and may be confidential. If they come to you in
> error you must take no action based on them, nor must you copy or
> show them to anyone. Please advise the sender by replying to this
> e-mail immediately and then delete the original from your computer.
> Opinion : Any opinions expressed in this e-mail are entirely those of 
> the author and unless specifically stated to the contrary, are not 
> necessarily those of the author's employer.
> Security Warning : Internet e-mail is not necessarily a secure 
> communications medium and can be subject to data corruption. We
> advise that you consider this fact when e-mailing us. 
> Viruses : We have taken steps to ensure that this e-mail and any 
> attachments are free from known viruses but in keeping with good 
> computing practice, you should ensure that they are virus free.
> 
> Red Lion 49 Ltd T/A Solid State Logic
> Registered as a limited company in England and Wales 
> (Company No:5362730)
> Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, 
> United Kingdom
> **
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: RDJ 404's

2007-07-26 Thread Adam Wilbraham 
Thats been the general jist of whats been said on here for a while now.
We've switched all our servers to sa-update, I don't really see the need
to use RDJ any more when theres a proper update tool included with
SpamAssassin these days...

 

On Thu, 26 Jul 2007 08:14:40 -0700
"Kevin W. Gagel" <[EMAIL PROTECTED]> wrote:

> - Original Message -
> From: Adam Wilbraham <[EMAIL PROTECTED]>
> To: users@spamassassin.apache.org>
> Subject: Re: RDJ 404's
> Date: Thu, 26 Jul 2007 10:02:21 +0100
> 
> >RulesDuJour is obsolete, you should use sa-update instead.
> 
> Really? Why doesn't it say that on the TWiki or the rulesemporium
> website or the SpamAssassin documentation?
> 
> I am also having this same problem...
> 
> 
> =
> Kevin W. Gagel
> Network Administrator
> Information Technology Services
> (250) 562-2131 local 448
> My Blog:
> http://mail.cnc.bc.ca/blogs/gagel
> 
> ---
> The College of New Caledonia, Visit us at http://www.cnc.bc.ca
> Virus scanning is done on all incoming and outgoing email.
> Anti-spam information for CNC can be found at http://avas.cnc.bc.ca
> ---


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: RDJ 404's

2007-07-26 Thread Adam Wilbraham 
RulesDuJour is obsolete, you should use sa-update instead.


On Thu, 26 Jul 2007 16:59:12 +1000
"Leigh Sharpe" <[EMAIL PROTECTED]> wrote:

>  
> I'm downloading once a day from only one PC.
> 
> Regards,
>  Leigh
>  
> Leigh Sharpe
> Network Systems Engineer
> Pacific Wireless
> Ph +61 3 9584 8966
> Mob 0408 009 502
> Helpdesk 1300 300 616
> email [EMAIL PROTECTED]
> web www.pacificwireless.com.au
> 
> -Original Message-
> From: Jan Doberstein [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, 26 July 2007 4:09 PM
> To: Leigh Sharpe
> Cc: users
> Subject: Re: RDJ 404's
> 
> hi Leigh,
> 
> Leigh Sharpe schrieb:
> >  I'm getting 404 errors on my RulesDuJour, for whatever rule I have 
> > listed first in the config.
> > If I remove the offending rule from the config, I get a 404 on
> > whatever rule is next in the list. All other rules are OK. Can
> > anybody offer any explanation of why?
> 
> Just an Idea
> 
> Download Policy: You can download each and every ruleset once per 24 
> hour period per IP address. If you try to download the rulesets too 
> often, you will receive an error message. If you are downloading 
> rulesets from many locations behind a proxy, please set up your own 
> ruleset repository for your clients. Again: One single download of
> every file per 24 hours per IP address.
> 
> \jd
> 
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: Debian and sa-update

2007-07-11 Thread Adam Wilbraham 
"echo test | spamassassin -D"

It'll give a load of debug output, scan through that and look at the
paths of the files its using, there will be something like this to confirm it:


[9392] dbg: config: using
"/var/lib/spamassassin/3.001003/updates_spamassassin_org/50_scores.cf" for 
included file
[9392] dbg: config: read
file /var/lib/spamassassin/3.001003/updates_spamassassin_org/50_scores.cf
[9392] dbg: plugin: fixed relative
path: /var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf
[9392] dbg: config: using
"/var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf" for 
included file
[9392] dbg: config: read
file /var/lib/spamassassin/3.001003/updates_spamassassin_org/60_awl.cf



On Wed, 11 Jul 2007 11:20:42 +0200
Emmanuel Lesouef <[EMAIL PROTECTED]> wrote:

> Sounds great.
> 
> I'm currently using 3.1.7 version as I upgraded the server to Debian
> 4.0.
> 
> How can I be sure Spamassassin and Amavis are using the updated
> rulesets ?
> 
> Thanks for you help.
> 
> Le mercredi 11 juillet 2007 à 10:12 +0100, Adam Wilbraham a écrit :
> > You shouldn't need to add anything, it will pay attention to them
> > automatically once they've downloaded. However, make sure you're
> > using a new enough version of SpamAssassin that supports sa-update
> > - the version in the standard Sarge repository doesn't, you'll have
> > to get 3.1.7 from Backports.
> > 
> > 
> > On Wed, 11 Jul 2007 09:22:08 +0200
> > Emmanuel Lesouef <[EMAIL PROTECTED]> wrote:
> > 
> > > Hi,
> > > 
> > > I'm planning to use sa-update for my SA installation to be
> > > updated.
> > > 
> > > I ran sa-update and it downloaded the updated rulesets
> > > in /var/lib/spamassassin/3.001007 along with some other files.
> > > 
> > > In the previous directory, I found some configuration files :
> > > 
> > > updates_spamassassin_org.cf which point to the rule sets.
> > > 
> > > But, the problem is to add these rulesets
> > > to /etc/spamassassin/local.cf.
> > > 
> > > Do I nedd to just :
> > > 
> > > include /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
> > > 
> > > in local.cf ?
> > > 
> > > More infos : I use Amavis to check emails incoming.
> > > 
> > > Thanks for your help.
> > > 
> > 
> > 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: Debian and sa-update

2007-07-11 Thread Adam Wilbraham 
You shouldn't need to add anything, it will pay attention to them
automatically once they've downloaded. However, make sure you're using a
new enough version of SpamAssassin that supports sa-update - the
version in the standard Sarge repository doesn't, you'll have to get
3.1.7 from Backports.


On Wed, 11 Jul 2007 09:22:08 +0200
Emmanuel Lesouef <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> I'm planning to use sa-update for my SA installation to be updated.
> 
> I ran sa-update and it downloaded the updated rulesets
> in /var/lib/spamassassin/3.001007 along with some other files.
> 
> In the previous directory, I found some configuration files :
> 
> updates_spamassassin_org.cf which point to the rule sets.
> 
> But, the problem is to add these rulesets
> to /etc/spamassassin/local.cf.
> 
> Do I nedd to just :
> 
> include /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
> 
> in local.cf ?
> 
> More infos : I use Amavis to check emails incoming.
> 
> Thanks for your help.
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Building a new mail server with SA - should I use apt-get or cpan?

2007-06-06 Thread Adam Wilbraham 
Hi,

I'm soon to be building two new mailservers which will be running
Debian Etch, Qmail, Sophie and SpamAssassin, all plummed together
using Qmail-Scanner. 

In the past, we've just installed SpamAssassin via apt-get, however
when we need to upgrade it means looking for a backport. I'm thinking
of just installing from cpan instead on these new boxes, as the latest
version should always easily available, making upgrades slightly
easier. My only worry is that a cpan upgrade may go horribly wrong,
when in the past upgrading to a newer debian package has always been
faultless.

Has anyone got any experience with the pros and cons? Or am I
worrying too much about nothing?

Cheers, Wilb.
  

-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: sa-update doesn't exist on my system

2007-03-01 Thread Adam Wilbraham 

> You said in your other email that "since the --local option disables
> net tests, SA may pass a lot more spam". Does this mean it will think
> a lot of legit email is spam, whereas before it knew it was legit?

Nope, he means the opposite - that a lot more spam will get through as
clean, as the network tests which help identify spam won't be used.


Adam.

Re: sa-update doesn't exist on my system

2007-02-28 Thread Adam Wilbraham 
On Wed, 28 Feb 2007 11:26:52 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

>   IO::Socket::INET6
>   IO::Socket::SSL
>   DBI
>   Mail::SPF::Query
>   IP::Country::Fast
>   Razor2::Client::Agent
>   Net::Ident

After a quick apt-cache search I'd suggest these should be what you
need:

libsocket6-perl
libio-socket-ssl-perl
libima-dbi-perl
libmail-spf-query-perl
razor
libnet-ident-perl
libgeo-ipfree-perl
liblocale-subcountry-perl 


Adam.

Re: sa-update doesn't exist on my system

2007-02-28 Thread Adam Wilbraham 
On Wed, 28 Feb 2007 11:20:28 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

> As for memory softlimits - i have no idea. How can i check?

In your startup scripts for exim you may have some commands softlimit /
ulimit commands...

Re: sa-update doesn't exist on my system

2007-02-28 Thread Adam Wilbraham 
My only other thoughts are - maybe you may need to upgrade exim to a
more recent version to keep the ability to talk to spamassassin working
(probably not though...). Also have you got any memory softlimits set
for exim / spamassassin or anything else ? In the past I've had issues
with memory limits being hit which has meant only some messages have
been getting through... Again I apologise as I'm probably not the best
person to help solve your issue seeing as I've no experience in the
exim side of things.
 

On Wed, 28 Feb 2007 09:59:39 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> Thank you for the link, but it's not for spamassassin... it does look
> very similar to the config i have in exim for spamassassin though.
> 
> Does anyone know if i do need to adjust the config in exim when
> upgrading spamassassin from "3.0.3-2sarge1" to "3.1.7-1~bpo.1" as per
> the backports repository?
> 
> My current exim config is as follows:

Re: sa-update doesn't exist on my system

2007-02-28 Thread Adam Wilbraham 
Looks like an exim problem to me, how is exim calling spamc?
Unfortunately I have no exim experience whatsoever (I use qmail /
qmailscanner) but maybe you need to revisit your exim config after the
upgrade... This link may be of use but I'm not sure...

http://sys-admin.org/en/node/21

On Wed, 28 Feb 2007 09:30:19 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> OK, since sending my last email (after upgrading to , but before
> running "sa-update") we have been having problems:
> 
> 
> mail:/var/log/exim4# grep BSMTP /var/log/exim4/mainlog.1
> 2007-02-27 17:10:34 1HM5le-0008Sj-5j <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 17:23:09 1HM5xn-9Z-Cn <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 17:33:14 1HM67a-GO-BB <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 17:51:29 1HM6PC-UI-Kl <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:02:01 1HM6ZN-aK-JK <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:14:39 1HM6lf-hq-4x <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:31:31 1HM71z-rC-Qm <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:42:12 1HM7CJ-xC-Ss <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:42:14 1HM7CM-xN-HD <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 2007-02-27 18:42:19 1HM7CR-xX-4h <[EMAIL PROTECTED]>:
> sa_spamcheck transport output: An error was detected while processing
> a file of BSMTP input.
> 
> 
> It looks like 1 in 2 messages, at least to myself, was failing to get
> through, and we have had to completely disable spamassassin
> unfortunately :-(
> 
> According to our other IT guy who did the troubleshooting last night
> after i had gone home, this is what happened...
> 
> He tried to email several of us, but for those of us who are
> "subscribed" to spamassassin the message failed to get through,
> stating:
> 
> 
> 421 SMTP incoming data timeout - message abandoned
> 
> 
> "tail -100 /var/log/exim4/mainlog | grep user1" then gave:
> 
> 
> 2007-02-28 01:34:27 1HMDi7-0004Gt-Qt <= [EMAIL PROTECTED]
> H=mail19.messagelabs.com [193.109.254.3] P=smtp S=2421
> [EMAIL PROTECTED] T="RE: Firewall" from
> <[EMAIL PROTECTED]> for [EMAIL PROTECTED] [EMAIL PROTECTED]
> 2007-02-28 01:44:27 1HMDi7-0004Gt-Qt <[EMAIL PROTECTED]>: sa_spamcheck
> transport output: An error was detected while processing a file of
> BSMTP input.
> 2007-02-28 01:44:28 1HMDi7-0004Gt-Qt ** [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> F=<[EMAIL PROTECTED]> P=<[EMAIL PROTECTED]>
> R=sa_router T=sa_spamcheck: Child process of sa_spamcheck transport
> returned 2 from command: /usr/sbin/exim4
> 
> 
> Does anyone know what's going on here?
> 
> Thanks again,
> Richard.
> 
> 
> John Fleming wrote:
> > 
> > - Original Message -
> >> There shouldn't be, from what I recall its as simple as that. The
> >> only other thing you'll want to do is run sa-update and then
> >> restart spamd!
> > 
> > Consider:
> > 
> > 1)  Run sa-update -D so you can see what it does or tries to do and
> > what modules you might be missing and want.  I had some missing
> > modules that I installed from the regular sarge distro that I
> > assume helped my functionality.
> > 
> > 2)  Add a channel for the SARE rulesets you want.  This has been
> > discussed a lot the last couple of days.
> > 
> > _
> > This e-mail has been scanned for viruses by Verizon Busi

Re: sa-update doesn't exist on my system

2007-02-27 Thread Adam Wilbraham 
On Tue, 27 Feb 2007 16:36:32 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

There shouldn't be, from what I recall its as simple as that. The only
other thing you'll want to do is run sa-update and then restart spamd!

> Hello,
> 
> Thank you :-)
> 
> Once i've run the command below, is there anything i need to do, other
> that restart the spamassassin daemon?
> 
> Thanks again,
> Hobbs.
> 
> 
> Adam Wilbraham wrote:
> > Yupp - try giving apt-get the "-t sarge-backports" switch to force
> > it to download from that repository, eg: 
> > 
> >  apt-get install -t sarge-backports spamassassin spamc
> > 
> > Adam.
> > 
> > 
> > On Tue, 27 Feb 2007 09:32:39 +
> > Richard Hobbs <[EMAIL PROTECTED]> wrote:
> > 
> >> Hello,
> >>
> >> Thank you for this... i've added that line
> >> to /etc/apt/sources.list, and run an "apt-get update".
> >>
> >> However, when i then run "apt-get install spamassassin" it says:
> >>
> >>   spamassassin is already the newest version.
> >>
> >> As mentioned before, i'm actually running 3.0.3-2sarge1.
> >>
> >> Any ideas?
> >>
> >> The source does appear to have been added correctly, because during
> >> the "apt-get update" it downloaded several files.
> >>
> >> Thanks again,
> >> Richard.
> >>
> >>
> >> Adam Wilbraham wrote:
> >>> I've been using 3.1.7 from the sarge backports and its absolutely
> >>> fine, much better spam catching rates due to the ability to run
> >>> sa-update. Backports repo is:
> >>>
> >>> deb http://www.backports.org/debian sarge-backports main contrib
> >>> non-free
> >>>
> >>>
> >>> On Mon, 26 Feb 2007 14:55:40 +
> >>> Richard Hobbs <[EMAIL PROTECTED]> wrote:
> >>>
> >>>> Hello,
> >>>>
> >>>> Is it just as stable? i.e. ours hasn't hung or crashed so far for
> >>>> over 200 days... can you say whether this is true of 3.1 via
> >>>> backports?
> >>>>
> >>>> Also, is there an apt repo for 3.1 for sarge?
> >>>>
> >>>> Thanks again,
> >>>> Richard.
> >>>>
> >>>>
> >>>> John Fleming wrote:
> >>>>> - Original Message - From: "Richard Hobbs"
> >>>>> <[EMAIL PROTECTED]>
> >>>>> To: 
> >>>>> Sent: Monday, February 26, 2007 4:54 AM
> >>>>> Subject: sa-update doesn't exist on my system
> >>>>>
> >>>>>
> >>>>>> Hello,
> >>>>>>
> >>>>>> I run a mail server which is using the latest stable
> >>>>>> spamassassin available through the standard debian
> >>>>>> repositories - "spamassassin 3.0.3-2sarge1".
> >>>>> I upgraded Debian sarge from 3.0 to 3.1 via backports - works
> >>>>> great!
> >>>>> - John
> >>>>>
> >>>>> _
> >>>>> This e-mail has been scanned for viruses by Verizon Business
> >>>>> Internet Managed Scanning Services - powered by MessageLabs. For
> >>>>> further information visit http://www.mci.com
> >>>>>
> >>>>>
> >>>
> > 
> > 
>

Re: sa-update doesn't exist on my system

2007-02-27 Thread Adam Wilbraham 
Yupp - try giving apt-get the "-t sarge-backports" switch to force it
to download from that repository, eg: 

 apt-get install -t sarge-backports spamassassin spamc

Adam.


On Tue, 27 Feb 2007 09:32:39 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> Thank you for this... i've added that line to /etc/apt/sources.list,
> and run an "apt-get update".
> 
> However, when i then run "apt-get install spamassassin" it says:
> 
>   spamassassin is already the newest version.
> 
> As mentioned before, i'm actually running 3.0.3-2sarge1.
> 
> Any ideas?
> 
> The source does appear to have been added correctly, because during
> the "apt-get update" it downloaded several files.
> 
> Thanks again,
> Richard.
> 
> 
> Adam Wilbraham wrote:
> > I've been using 3.1.7 from the sarge backports and its absolutely
> > fine, much better spam catching rates due to the ability to run
> > sa-update. Backports repo is:
> > 
> > deb http://www.backports.org/debian sarge-backports main contrib
> > non-free
> > 
> > 
> > On Mon, 26 Feb 2007 14:55:40 +
> > Richard Hobbs <[EMAIL PROTECTED]> wrote:
> > 
> >> Hello,
> >>
> >> Is it just as stable? i.e. ours hasn't hung or crashed so far for
> >> over 200 days... can you say whether this is true of 3.1 via
> >> backports?
> >>
> >> Also, is there an apt repo for 3.1 for sarge?
> >>
> >> Thanks again,
> >> Richard.
> >>
> >>
> >> John Fleming wrote:
> >>> - Original Message - From: "Richard Hobbs"
> >>> <[EMAIL PROTECTED]>
> >>> To: 
> >>> Sent: Monday, February 26, 2007 4:54 AM
> >>> Subject: sa-update doesn't exist on my system
> >>>
> >>>
> >>>> Hello,
> >>>>
> >>>> I run a mail server which is using the latest stable spamassassin
> >>>> available through the standard debian repositories -
> >>>> "spamassassin 3.0.3-2sarge1".
> >>> I upgraded Debian sarge from 3.0 to 3.1 via backports - works
> >>> great!
> >>> - John
> >>>
> >>> _
> >>> This e-mail has been scanned for viruses by Verizon Business
> >>> Internet Managed Scanning Services - powered by MessageLabs. For
> >>> further information visit http://www.mci.com
> >>>
> >>>
> > 
> > 
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: sa-update doesn't exist on my system

2007-02-26 Thread Adam Wilbraham 
I've been using 3.1.7 from the sarge backports and its absolutely
fine, much better spam catching rates due to the ability to run
sa-update. Backports repo is:

deb http://www.backports.org/debian sarge-backports main contrib non-free


On Mon, 26 Feb 2007 14:55:40 +
Richard Hobbs <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> Is it just as stable? i.e. ours hasn't hung or crashed so far for over
> 200 days... can you say whether this is true of 3.1 via backports?
> 
> Also, is there an apt repo for 3.1 for sarge?
> 
> Thanks again,
> Richard.
> 
> 
> John Fleming wrote:
> > 
> > - Original Message - From: "Richard Hobbs"
> > <[EMAIL PROTECTED]>
> > To: 
> > Sent: Monday, February 26, 2007 4:54 AM
> > Subject: sa-update doesn't exist on my system
> > 
> > 
> >> Hello,
> >>
> >> I run a mail server which is using the latest stable spamassassin
> >> available through the standard debian repositories - "spamassassin
> >> 3.0.3-2sarge1".
> > 
> > I upgraded Debian sarge from 3.0 to 3.1 via backports - works great!
> > - John
> > 
> > _____
> > This e-mail has been scanned for viruses by Verizon Business
> > Internet Managed Scanning Services - powered by MessageLabs. For
> > further information visit http://www.mci.com
> > 
> > 
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: sa-update notification

2007-02-26 Thread Adam Wilbraham 
I just call the following script from my cronjob which sends me the
debug output, a little crude but it works...

#!/bin/sh
sa-update --channelfile /etc/spamassassin/sa-update-sare.txt --gpgkey 856AA88A 
-D 1> /tmp/sa.tmp 2>> /tmp/sa.tmp
sleep 60
/etc/init.d/spamassassin restart 2>&1>> /tmp/sa.tmp
cat /tmp/sa.tmp | mail -s "Weekly update of internal SpamAssassin rulesets" 
[EMAIL PROTECTED]
rm /tmp/sa.tmp



On Sun, 25 Feb 2007 21:04:15 -0500
"John Fleming" <[EMAIL PROTECTED]> wrote:

> If I run sa-update via a cron job, is there a way to know what it did
> other than emailing the output to myself?  RDJ used to send me a nice
> email telling me what rules had changed.  I don't find any
> notification options with sa-update.
> 
> - John
> 


-- 
Adam Wilbraham - Assistant Systems Administrator
TechnoPhobia Limited
The Workstation
15 Paternoster Row
SHEFFIELD
England
S1 2BX
t: +44 (0)114 2212123
f: +44 (0)114 2212124
e: [EMAIL PROTECTED]
w: http://www.technophobia.com/

Registered in England and Wales Company No. 3063669
VAT registration No. 598 7858 42
ISO 9001:2000 Accredited Company No. 21227
ISO 14001:2004 Accredited Company No. E997
ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
Investor in People Certified No. 101507

The contents of this email are confidential to the addressee
and are intended solely for the recipients use. If you are not
the addressee, you have received this email in error.
Any disclosure, copying, distribution or action taken in
reliance on it is prohibited and may be unlawful.

Any opinions expressed in this email are those of the author
personally and not TechnoPhobia Limited who do not accept
responsibility for the contents of the message.

All email communications, in and out of TechnoPhobia,
are recorded for monitoring purposes.

Re: Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?

2006-11-29 Thread Adam Wilbraham 
On Wed, 29 Nov 2006 08:22:13 -0600
Bookworm <[EMAIL PROTECTED]> wrote:
> It sounds like you have the spamd bayes database, and then you have
> the database for whatever user you're actually running the test
> from.   I ran into this problem as well - it's a known issue, and I
> wish the SA folks would come up with a way to run, as root, sa-learn
> for a NON-ROOT bayes database.   Vpopmail directories aren't readable
> by spamd.

I'm not running vpopmail on this server. spamd is running as qscand,
however I've got my /etc/spamassasin/local.cf set to use a site wide
bayes database. I also have auto_whitelist configured, and I'm
wondering if this is such a good idea:

bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode0770
auto_whitelist_path/etc/mail/spamassassin/auto-whitelist
auto_whitelist_file_mode   0770
use_bayes  1
bayes_auto_learn   1

I have a script that runs every night that sa-learn's data from each
users SpamTrain folder into this site wide database. Now I seriously
hope that spamd isn't reading its bayes data from qscands home, as this
data hasn't been touched for 2 years:

ls -alh ~/qscand/.spamassassin
drwxr-xr-x 2 qscand qscand 4.0K 2004-07-07 11:01 .
drwxr-xr-x 4 qscand root   4.0K 2006-07-26 11:28 ..
-rw-r--r-- 1 qscand qscand  20K 2004-01-06 16:43 auto-whitelist
-rw--- 1 qscand qscand 556K 2004-07-07 11:01 auto-whitelist.dir
-rw--- 1 qscand qscand 556K 2004-07-07 11:01 auto-whitelist.pag
-rw--- 1 qscand qscand  47K 2004-07-07 11:01 bayes_journal
-rw-r--r-- 1 qscand qscand  10M 2004-07-07 11:01 bayes_seen
-rw--- 1 qscand qscand 4.2M 2004-07-07 11:01 bayes_toks
-rw-r--r-- 1 qscand qscand 1.5K 2006-07-06 09:53 user_prefs

Maybe I should delete that and symlink in the files to the sitewide
bayes, just in case?

When I ran spamassassin on the item of spam I referred to earlier,  it
was using my own user account. I don't even have any data in
my .spamassassin folder, so I can only assume that it was using the
site wide bayes for its checks then. Or could my bayes data be
completely messed up, and spamassassin was doing a better job of
identifying spam under my user account with no bayes data at all? 

Once again many thanks for the suggestions and help...

Wilb

Re: Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?

2006-11-29 Thread Adam Wilbraham 
To follow up on this, the message in question is flagged as spam if i
run it through spamassassin, however if I run it through spamc its not.
spamc is what Qmail Scanner invokes. Is there a separate configuration
for spamc / spamd to spamassassin? I thought not...
 

On Wed, 29 Nov 2006 14:00:13 +
Adam Wilbraham <[EMAIL PROTECTED]> wrote:

> I've got a bit of an odd situation whereby some obvious spam seems to

Odd behaviour (?) of my Qmail / Qmail Scanner / SpamAssassin 3.1.3 Setup?

2006-11-29 Thread Adam Wilbraham 
Hi,

I've got a bit of an odd situation whereby some obvious spam seems to
be slipping through the net of our setup. A prime example would be a
"Re: hi" spam which has just come through, an obvious looking spam
containing the text Hi and a drugs gif. Looking at the headers after
qmail scanner has pushed it through spamc, it gives the following key things:

--
Received: (qmail 17122 invoked by uid 1387); 29 Nov 2006 13:16:32 -
Received: from 88.229.73.122 by servername (envelope-from
<[EMAIL PROTECTED]>, uid 33001) with qmail-scanner-2.01
(sweep: 2.39.2/4.11.0. spamassassin: 3.1.3.
Clear:RC:0(88.229.73.122):SA:0(2.6/5.0):. Processed in 11.629468 secs);
29 Nov 2006 13:16:32 - X-Spam-Checker-Version: SpamAssassin 3.1.3
(2006-06-01) on servername X-Spam-Level: **
X-Spam-Status: No, score=2.6 required=5.0 tests=BAYES_50,HTML_MESSAGE,
RCVD_IN_DSBL,SARE_GIF_ATTACH autolearn=no version=3.1.3
X-Envelope-From: [EMAIL PROTECTED]
Received: from unknown (HELO balboacompany.com) (88.229.73.122)
--

As you can see, its only been given a score of 2.6. If I then log into the 
mailserver and run spamassassin on the message in my inbox, spamassassin 
scores it higher than that and marks it up as spam:

---
Content preview:  Hi Hi [...] 

Content analysis details:   (6.5 points, 5.0 required)

 pts rule name  description
 -- --
 0.1 HTML_90_100BODY: Message is 90% to 100% HTML
 0.0 HTML_MESSAGE   BODY: HTML included in message
 3.0 BAYES_95   BODY: Bayesian spam probability is 95 to 99%
[score: 0.9830]
 0.8 SARE_GIF_ATTACHFULL: Email has a inline gif
 2.6 RCVD_IN_DSBL   RBL: Received via a relay in list.dsbl.org
[]
---

One of the key things for me is that this time the bayes probability is 
much higher, but this seems to happen with any spam that arrives in my 
inbox - it will come through with a lower score, but if I manually invoke SA 
on the message manually it will report back with a higher score thats picked 
up by more rules.

Has anyone got any suggestions as to what I might need to look into to 
rectify this behaviour? I was running 3.1.0 until yesterday when I upgraded 
to 3.1.3 to take advantage of sa-update, so my rulesets should not be the 
problem.

Many thanks in advance for any help provided.


Wilb.