score's and custom rules
Hello, I am currently trying to configure spam assassin with some custom rules to block certain words which are being used in a large amount of spam that the email servers receive. When I put the following rules into the local.cf file body VIjAGRA /\bVIjAGRA\b/i score VIjAGRA 3.0 describe VIjAGRA VIAGRA_SPAM I can see from the mail logs that the email is now seeing that the term is used in the email but the score is not being increased as the email passes through the spamassassin process. Here is the log file Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message <[EMAIL PROTECTED]> for clamav:89 Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) for clamav:89 in 1.3 seconds, 1293 bytes. Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=<[EMAIL PROTECTED]>,bayes=1.66533453693773e-16,autolearn=no I am a little confused as to what is actually wrong with the rules to make it so that the score is not bieng incremented as the spam is being parsed by SA. Any advice would be greatly appreciated. Regards, Jimmy
Re: score's and custom rules
Hello, How do you clear the AWL and Bayes Lists is that just a case of deleting the files or is there some special command to do that ? Regards, Jimmy JamesDR wrote: Jimmy Stewpot wrote: Hello, I am currently trying to configure spam assassin with some custom rules to block certain words which are being used in a large amount of spam that the email servers receive. When I put the following rules into the local.cf file body VIjAGRA /\bVIjAGRA\b/i score VIjAGRA 3.0 describe VIjAGRA VIAGRA_SPAM I can see from the mail logs that the email is now seeing that the term is used in the email but the score is not being increased as the email passes through the spamassassin process. Here is the log file Jul 17 14:06:25 poopey spamd[19323]: spamd: processing message <[EMAIL PROTECTED]> for clamav:89 Jul 17 14:06:27 poopey spamd[19323]: spamd: clean message (0.5/5.0) for clamav:89 in 1.3 seconds, 1293 bytes. Jul 17 14:06:27 poopey spamd[19323]: spamd: result: . 0 - AWL,BAYES_00,MSGID_FROM_MTA_HEADER,VIjAGRA scantime=1.3,size=1293,user=clamav,uid=89,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=51601,mid=<[EMAIL PROTECTED]>,bayes=1.66533453693773e-16,autolearn=no I am a little confused as to what is actually wrong with the rules to make it so that the score is not bieng incremented as the spam is being parsed by SA. Any advice would be greatly appreciated. Regards, Jimmy I'm willing to bet that these two: AWL,BAYES_00 Are killing your score. Check why bayes thinks this is ham, I notice that it did not autolearn (autolearn=no), I'm also willing to bet that your bayes DB is pretty much hosed (it thinks this mail is def. ham -- the BAYES_00 hit) Clear AWL, Clear and start from scratch on Bayes also (my recommendation would be to turn off autolearn.)
spamassassin rules
Hello, I currently use the SARE rules database for my incoming spam detection and prevention. Over recent months I have begun to see a big increase in the number of spams. I am interested to know if there are any alternatives to SARE for an external list of rules? Regards, Jimmy
RDNS_NONE
Hi There, I have recently been getting a huge increase in the number of emails which are being marked as spam. In those emails I see that the headers say RDNS_NONE. It seems that in most cases the remote servers in the header do in fact reverse resolve. I have checked randomly in about 30 messages that have been marked in this way. Am I missing the point of RDNS_NONE as a rule? What is it meant to actually be doing? Regards, Jimmy
spamassassin with dcc not appearing to work
Hi There, I am currently trying to implement DCC on a small email server to test how effective it may be. Unfortunately I have been unable to get any results and it appears that its just simply not working. I have the following lines in my configuration for spamassassin use_dcc 1 dcc_path /usr/bin dcc_dccifd_path [127.0.0.1]:38681 dcc_home /var/lib/dcc With the plugin definitely being enabled when I do a --lint I get the following Jul 14 02:48:04.529 [23120] dbg: plugin: loading Mail::SpamAssassin::Plugin::DCC from @INC I know that with lint it does no network based tests (local only) but I still don't seem to have any success. I also added the following lines to the configuration and it made no difference. add_header all DCC _DCCB_: _DCCR_ I still don't see any header information reporting DCC.. Any advice would be really appreciated. Regards, Jimmy.
spamassassin not checking emails correctly.
Hello, I have recently installed spamassassin on my new ubuntu distribution from the apt package. I seem to be having issues where emails that are obviously spam are not being marked. X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.1.7-deb Is in the headers of the email but the content of the email has URLs which are in the blacklists, If I forward these emails to my ISP account which has its own spam solution they get marked. Here is the body of the email =SNIP=== Hello, share >> Don't have time for a full time relationship? Many young career minded people don't but still want a physical relationship, many of these need sexual encounters but without the frustrating attachment of a boyfriend or girlfriend. This means they have time to concentrate on their profession/career and not worry about what is going on at home, as essentially they are single. This is commonly becoming known as a [geocities URL HERE] skittle chesapeake boycott ripple grandchildren anglicanism flora yaounde lawson, offshore inhere. ampere terse hoofmark computation nero evildoer cause downcast, wolfish squirehood bucharest creamy marin, goa strand bulrush january. fable ultimatum rate, cerise bluebonnet steiner travesty. Your Tad. =SNIP=== I have removed the geocities URL so that it wont potentially be marked by users of this lists spam protection. By spamassassin configuration is fairly basic and it looks like this =SNIP=== cat /etc/spamassassin/local.cf lock_method flock required_score 5.0 trusted_networks 127.0.0.1 # clear_headers # add_header all Flag _YESNOCAPS_ # add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ rewrite_header Subject **SPAM** skip_rbl_checks 0 report_safe 1 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] users@spamassassin.apache.org [EMAIL PROTECTED] [EMAIL PROTECTED] bayes_min_ham_num 50 bayes_min_spam_num 50 bayes_use_hapaxes 1 use_bayes 1 use_auto_whitelist 0 bayes_auto_learn_threshold_spam 1.0 use_razor2 1 use_pyzor 1 ok_locales en =SNIP=== I had previously being using the rules from saupdates.openprotect.com but I have stopped using that service while I try and diagnose this problem. With or without the rules I have exactly the same issues. One line I am constantly seeing in the mail.log file is the following Mar 28 09:09:34 poopey spamd[21715]: config: copying current conf from backup does that have any reference on the problem? I also see the following Mar 28 09:10:23 poopey spamd[21716]: bayes: not available for scanning, only 5 spam(s) in bayes DB < 50 I find that a little strange as I have done an sa-learn for both ham and spam emails on folders which I have moved all the spam messages to. Any advice on resolving or how to diagnose these problems would be greatly appreciated. Regards, Jimmy.
Re: spamassassin not checking emails correctly.
--[ UxBoD ]-- wrote: First thing first. Could you run a spamassassin -D --lint as the user which is scanning the email, and post the results please. This will allow people to diagnose the problem more easily. Regards, UxBoD On Wed, 28 Mar 2007 09:12:20 +0100, Jimmy Stewpot <[EMAIL PROTECTED]> wrote: Hello, I have recently installed spamassassin on my new ubuntu distribution from the apt package. I seem to be having issues where emails that are obviously spam are not being marked. X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.1.7-deb Is in the headers of the email but the content of the email has URLs which are in the blacklists, If I forward these emails to my ISP account which has its own spam solution they get marked. Here is the body of the email =SNIP=== Hello, share >> Don't have time for a full time relationship? Many young career minded people don't but still want a physical relationship, many of these need sexual encounters but without the frustrating attachment of a boyfriend or girlfriend. This means they have time to concentrate on their profession/career and not worry about what is going on at home, as essentially they are single. This is commonly becoming known as a [geocities URL HERE] skittle chesapeake boycott ripple grandchildren anglicanism flora yaounde lawson, offshore inhere. ampere terse hoofmark computation nero evildoer cause downcast, wolfish squirehood bucharest creamy marin, goa strand bulrush january. fable ultimatum rate, cerise bluebonnet steiner travesty. Your Tad. =SNIP=== I have removed the geocities URL so that it wont potentially be marked by users of this lists spam protection. By spamassassin configuration is fairly basic and it looks like this =SNIP=== cat /etc/spamassassin/local.cf lock_method flock required_score 5.0 trusted_networks 127.0.0.1 # clear_headers # add_header all Flag _YESNOCAPS_ # add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ rewrite_header Subject **SPAM** skip_rbl_checks 0 report_safe 1 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] users@spamassassin.apache.org [EMAIL PROTECTED] [EMAIL PROTECTED] bayes_min_ham_num 50 bayes_min_spam_num 50 bayes_use_hapaxes 1 use_bayes 1 use_auto_whitelist 0 bayes_auto_learn_threshold_spam 1.0 use_razor2 1 use_pyzor 1 ok_locales en =SNIP=== I had previously being using the rules from saupdates.openprotect.com but I have stopped using that service while I try and diagnose this problem. With or without the rules I have exactly the same issues. One line I am constantly seeing in the mail.log file is the following Mar 28 09:09:34 poopey spamd[21715]: config: copying current conf from backup does that have any reference on the problem? I also see the following Mar 28 09:10:23 poopey spamd[21716]: bayes: not available for scanning, only 5 spam(s) in bayes DB < 50 I find that a little strange as I have done an sa-learn for both ham and spam emails on folders which I have moved all the spam messages to. Any advice on resolving or how to diagnose these problems would be greatly appreciated. Regards, Jimmy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. [EMAIL PROTECTED]:~$ spamassassin -D --lint [25453] dbg: logger: adding facilities: all [25453] dbg: logger: logging level is DBG [25453] dbg: generic: SpamAssassin version 3.1.7-deb [25453] dbg: config: score set 0 chosen. [25453] dbg: util: running in taint mode? yes [25453] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [25453] dbg: util: PATH included '/usr/local/sbin', keeping [25453] dbg: util: PATH included '/usr/local/bin', keeping [25453] dbg: util: PATH included '/usr/sbin', keeping [25453] dbg: util: PATH included '/usr/bin', keeping [25453] dbg: util: PATH included '/sbin', keeping [25453] dbg: util: PATH included '/bin', keeping [25453] dbg: util: PATH included '/usr/bin/X11', keeping [25453] dbg: util: PATH included '/usr/games', keeping [25453] dbg: util: final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games [25453] dbg: message: MIME PARSER START [25453] dbg: message: main message type: text/plain [25453] dbg: message: parsing normal part [25453] dbg: message: added part, type: text/plain [25453] dbg: message: MIME PARSER END [25453] dbg: dns: is Net::DNS::Resolver available? yes [25453] dbg: dns: Net::DNS version: 0.53 [25453] dbg: diag: perl platform: 5.008007 li
Re: spamassassin not checking emails correctly.
Loren Wilton wrote: Things are basically working, but you don't seem to have network test enabled, and you haven't trained enough ham/spam messages yet for Bayes to kick in. If you are starting SA using spamd, check for a -L parameter on the command line and remove it. That should enable network tests for you, and probably will help a lot. The exact startup configuration is /usr/sbin/spamd -D -m 20 -v -u vpopmail -d --round-robin -x -d --pidfile=/var/run/spamd.pid To get Bayes working, you need to train it with at least 200 each ham and spam messages. Once it has that many messages it will start to feel confident about adding to the score. Loren I have done an sa-learn --showdots --spam . in a folder full of spam. I would have expected it to add entries into the bayes database but it still says there are only 5 emails in the bayes. - Original Message ----- From: "Jimmy Stewpot" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Wednesday, March 28, 2007 1:37 AM Subject: Re: spamassassin not checking emails correctly. --[ UxBoD ]-- wrote: First thing first. Could you run a spamassassin -D --lint as the user which is scanning the email, and post the results please. This will allow people to diagnose the problem more easily. Regards, UxBoD On Wed, 28 Mar 2007 09:12:20 +0100, Jimmy Stewpot <[EMAIL PROTECTED]> wrote: Hello, I have recently installed spamassassin on my new ubuntu distribution from the apt package. I seem to be having issues where emails that are obviously spam are not being marked. X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=no version=3.1.7-deb Is in the headers of the email but the content of the email has URLs which are in the blacklists, If I forward these emails to my ISP account which has its own spam solution they get marked. Here is the body of the email =SNIP=== Hello, share >> Don't have time for a full time relationship? Many young career minded people don't but still want a physical relationship, many of these need sexual encounters but without the frustrating attachment of a boyfriend or girlfriend. This means they have time to concentrate on their profession/career and not worry about what is going on at home, as essentially they are single. This is commonly becoming known as a [geocities URL HERE] skittle chesapeake boycott ripple grandchildren anglicanism flora yaounde lawson, offshore inhere. ampere terse hoofmark computation nero evildoer cause downcast, wolfish squirehood bucharest creamy marin, goa strand bulrush january. fable ultimatum rate, cerise bluebonnet steiner travesty. Your Tad. =SNIP=== I have removed the geocities URL so that it wont potentially be marked by users of this lists spam protection. By spamassassin configuration is fairly basic and it looks like this =SNIP=== cat /etc/spamassassin/local.cf lock_method flock required_score 5.0 trusted_networks 127.0.0.1 # clear_headers # add_header all Flag _YESNOCAPS_ # add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ add_header all Level _STARS(*)_ add_header all Checker-Version SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_ rewrite_header Subject **SPAM** skip_rbl_checks 0 report_safe 1 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] users@spamassassin.apache.org [EMAIL PROTECTED] [EMAIL PROTECTED] bayes_min_ham_num 50 bayes_min_spam_num 50 bayes_use_hapaxes 1 use_bayes 1 use_auto_whitelist 0 bayes_auto_learn_threshold_spam 1.0 use_razor2 1 use_pyzor 1 ok_locales en =SNIP=== I had previously being using the rules from saupdates.openprotect.com but I have stopped using that service while I try and diagnose this problem. With or without the rules I have exactly the same issues. One line I am constantly seeing in the mail.log file is the following Mar 28 09:09:34 poopey spamd[21715]: config: copying current conf from backup does that have any reference on the problem? I also see the following Mar 28 09:10:23 poopey spamd[21716]: bayes: not available for scanning, only 5 spam(s) in bayes DB < 50 I find that a little strange as I have done an sa-learn for both ham and spam emails on folders which I have moved all the spam messages to. Any advice on resolving or how to diagnose these problems would be greatly appreciated. Regards, Jimmy. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. [EMAIL PROTECTED]:~$ spamassassin -D --lint [25453] dbg: logger: adding facilities: all [25453] dbg: logger: logging level is DBG [25453] dbg: generic: SpamAssassin version 3.1.7-deb [25453] dbg: config: score set 0 chosen. [25453] dbg: util: running in taint