Re: RulesDuJour
Anshul Chauhan wrote: we have to copy KAM.cf to /usr/share/spamassassin only for its integration with spamassassin or something else is to done I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7 Any add-on rules should be placed in the same directory as your local.cf (ie: /etc/mail/spamassassin/ in most cases). SA reads *.cf from this directory, not just local.cf. Adding files to /usr/share/spamassassin, or making changes to files present there, is not a good idea. When SpamAssassin gets upgraded, this whole directory will be nuked by the installer.
Re: RulesDuJour
Anshul Chauhan wrote: we have to copy KAM.cf to /usr/share/spamassassin only for its integration with spamassassin or something else is to done I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7 On 30.06.09 02:11, Matt Kettler wrote: Any add-on rules should be placed in the same directory as your local.cf (ie: /etc/mail/spamassassin/ in most cases). SA reads *.cf from this directory, not just local.cf. Adding files to /usr/share/spamassassin, or making changes to files present there, is not a good idea. When SpamAssassin gets upgraded, this whole directory will be nuked by the installer. ... and after first sa-update, it won't get used even. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One World. One Web. One Program. - Microsoft promotional advertisement Ein Volk, ein Reich, ein Fuhrer! - Adolf Hitler
Re: RulesDuJour
we have to copy KAM.cf to /usr/share/spamassassin only for its integration with spamassassin or something else is to done I'm using spamassassin-3.2.5-1.el4.rf on Centos4.7 Warm Regards, Anshul Chauhan Dream is not what you see while sleep, it's the thing that does not let you sleep. On Sat, Jun 27, 2009 at 2:39 AM, Gerry Maddock gmadd...@futuremetals.comwrote: R I'm new to the list, and haven't been working with Spamassasin for long (about 1 year). It worked fine filtering spam, but now more and more are getting through. I found something called RulesDuJour on the net, but it seems it's not being updated anymore. Is it usefull to stil use it, or does anyone have some advice about thirth party rules that can help? Hey Roland, checkout KAM ( http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf) also sought (http://wiki.apache.org/spamassassin/SoughtRules) JFK Antifishing (http://www.jules.fm/Logbook/files/anti-phishing-v2.html) Also use Razor,DCC, Pyzor I suggest looking into using MailScanner + spamassassin you can find MailScanner here: http://www.mailscanner.info/ CONFIDENTIALITY: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and / or privileged information. Any unauthorized review, use, disclosure or distribution of any kind is strictly prohibited. If you are not the intended recipient, please contact the sender via reply e-mail and destroy all copies of the original message. Thank you.
Re: RulesDuJour
On 26.06.09 23:05, Roland Klein Overmeer wrote: I'm new to the list, and haven't been working with Spamassasin for long (about 1 year). It worked fine filtering spam, but now more and more are getting through. I found something called RulesDuJour on the net, but it seems it's not being updated anymore. Is it usefull to stil use it, or does anyone have some advice about thirth party rules that can help? I am sure RulesDuJour are obsolete for more then a year. Since SpamAssassin-3.1, sa-update is the preferred say to upsate rules, including those of SARE. Who told you to use the RulesDuJour script? The SARE rules aren't being updated for longer time, see http://www.rulesemporium.com/ -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Boost your system's speed by 500% - DEL C:\WINDOWS\*.*
Re: RulesDuJour
R I'm new to the list, and haven't been working with Spamassasin for long (about 1 year). It worked fine filtering spam, but now more and more are getting through. I found something called RulesDuJour on the net, but it seems it's not being updated anymore. Is it usefull to stil use it, or does anyone have some advice about thirth party rules that can help? Hey Roland, checkout KAM ( http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf) also sought (http://wiki.apache.org/spamassassin/SoughtRules) JFK Antifishing (http://www.jules.fm/Logbook/files/anti-phishing-v2.html) Also use Razor,DCC, Pyzor I suggest looking into using MailScanner + spamassassin you can find MailScanner here: http://www.mailscanner.info/ CONFIDENTIALITY: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and / or privileged information. Any unauthorized review, use, disclosure or distribution of any kind is strictly prohibited. If you are not the intended recipient, please contact the sender via reply e-mail and destroy all copies of the original message. Thank you.
Re: RulesDuJour Tripwire Issue
On Wed, 2008-08-27 at 23:05 -0500, Curtis LaMasters wrote: @Andy - I was able to parse the script that you sent me to which had neither my problem nor my solution Actually it DID contain your problem AND the solution: # Version 1.31 NOTICE! Rules du jour is no longer being maintained. As the author of RDJ, I recommend switching to the official update method for spamassassin, sa-update. That should have told you all you needed to know.
Re: RulesDuJour Tripwire Issue
Curtis LaMasters wrote: Now on to my next issue. Thank you Dan for helping me with the last one. I have RulesDuJour updating (probably too often) but I'm getting the following error. I've been able to find the issue on Google but no resolution. Hoping you can help me figure this out. RDJ is almost completely dead and obsolete. sa-update would be the preferred way to update most rules, and with a little tweaking it can even update rules from SARE. Based on the results you're seeing check the URL for tripwire in your RDJ script. I'm betting it points to a URL that's no longer serving the tripwire file, and instead returns an error page which produces the errors below. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/spamassassin/tripwire.cf http://tripwire.cf /etc/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f /etc/spamassassin/RulesDuJour/tripwire.cf.20080827-1656 /etc/spamassassin/tripwire.cf http://tripwire.cf; Lint output: [14866] warn: config: failed to parse line, skipping, in /etc/spamassassin/tripwire.cf http://tripwire.cf: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [14866] warn: config: failed to parse line, skipping, in /etc/spamassassin/tripwire.cf http://tripwire.cf: META HTTP-EQUIV=Pragma CONTENT=no-cache [14866] warn: config: failed to parse line, skipping, in /etc/spamassassin/tripwire.cf http://tripwire.cf: META HTTP-EQUIV=Expires CONTENT=-1 [14866] warn: config: failed to parse line, skipping, in /etc/spamassassin/tripwire.cf http://tripwire.cf: /HEAD/HTML [14866] warn: lint: 4 issues detected, please rerun with debug enabled for more information Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: RulesDuJour Tripwire Issue
@Andy - I was able to parse the script that you sent me to which had neither my problem nor my solution within it but I did find 1 problem. On my config it was listed as 99_FVGT_Tripwire.cf as well as the script that you sent a link to. However, located at the download site it was 88_FVGT_Tripwire.cf. @Matt - Thank you, you were correct. The download link was incorrect. I believe my using rulesdujour stemmed from me using outdated setup documents. I'll put some effort into researching that. Thanks, Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: RulesDuJour
But it is. RulesDuJour delivery is broken, and it gives only HTTP-error page, which causes the error. sa-update can deliver the rules without errors. However, I already use sa-update other than RulesDuJour, which is scheduled as follow: 22 14 * * 1,2,3,4,5 sa-update rcamavisd restart What channels sa-update updates? And if I use the '--channelfile' what happens? Maybe sa-update updates only the channels included in the file specifided for the argument '--channelfile' or it adds the file listed to the default list of channels maintained by sa-update? Thanks, rocsca
RE: RulesDuJour
Rocco Scappatura wrote: But it is. RulesDuJour delivery is broken, and it gives only HTTP-error page, which causes the error. sa-update can deliver the rules without errors. However, I already use sa-update other than RulesDuJour, which is scheduled as follow: The webpage at http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt says: How to update SARE rulesets via Apache SpamAssassin's sa-update. This is what RDJ did and apparently RDJ doesn't work anymore. What channels sa-update updates? And if I use the '--channelfile' what happens? Maybe sa-update updates only the channels included in the file specifided for the argument '--channelfile' or it adds the file listed to the default list of channels maintained by sa-update? The page describes how to select what channels sa-update will update. You'll just have an extra sa-update in your crontab; one for the official SA rules and one for the SARE rules. Grts, Rob
Re: RulesDuJour
What channels sa-update updates? And if I use the '--channelfile' what happens? Maybe sa-update updates only the channels included in the file specifided for the argument '--channelfile' or it adds the file listed to the default list of channels maintained by sa-update? The page describes how to select what channels sa-update will update. You'll just have an extra sa-update in your crontab; one for the official SA rules and one for the SARE rules. I have only one sa-update in my crontab -- channels.txt -- update.spamassassin.org 72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net 70_sare_evilnum0.cf.sare.sa-update.dostech.net 70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_html_eng.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_header_eng.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 72_sare_bml_post25x.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 70_sare_spoof.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_oem.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 70_sare_genlsubj_eng.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net -- -- cronjob --- /usr/local/bin/sa-update --allowplugins --channelfile /etc/spamassassin/channels.txt --nogpg /usr/local/bin/sa-compile /etc/init.d/spamassassin reload --
RE: RulesDuJour
The page describes how to select what channels sa-update will update. You'll just have an extra sa-update in your crontab; one for the official SA rules and one for the SARE rules. I have only one sa-update in my crontab Yes, sorry, it can be done using 1 sa-update line; I actually don't remember why I have 2 lines for that but it works. Maybe I'll change that someday. However, I think we agree that the OP should switch from RDJ to sa-update to let it handle the SARE updates. Grts, Rob
RE: RulesDuJour
I was thinking of looking into RulesDuJour as an alternative to sa-update, as there hasn't been anything to update since July, unless one installs yet unreleased versions of SpamAssassin. (find var -ls to check.) However reading this thread has scared me further. (Shall I chuck Santa Claus (rms) and the Penguin (linus) and install WIN2000 and enjoy Norton Daily Updates?)
Re: RulesDuJour
[EMAIL PROTECTED] wrote: I was thinking of looking into RulesDuJour as an alternative to sa-update, as there hasn't been anything to update since July, unless one installs yet unreleased versions of SpamAssassin. (find var -ls to check.) Why are you so concerned about updates for the sake of updates? Generally we only feel compelled to write rules and release them when there's a need for them (remember, we're all volunteers). Personally, I've been receiving very, very little spam that isn't caught by SA. If you'd like to use RDJ go for it. The SARE rules (which are available via sa-update anyway, and from what I've heard only reliably via sa-update) haven't been updated much in the last 6 months either: [EMAIL PROTECTED] channels]$ find . -type f -mtime -180 -name *.gz -exec ls -l {} \; | cut -d' ' -f7- May 28 13:14 ./70_sare_obfu.cf/200705281000.tar.gz May 28 14:14 ./70_sare_obfu.cf/200705281100.tar.gz May 29 16:14 ./70_sare_obfu.cf/200705291300.tar.gz Jun 1 05:14 ./70_sare_obfu.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu.cf/200706041800.tar.gz Jun 5 11:14 ./70_sare_obfu.cf/200706050800.tar.gz May 21 10:14 ./70_sare_obfu1.cf/200705210700.tar.gz May 21 11:14 ./70_sare_obfu1.cf/200705210800.tar.gz May 28 13:14 ./70_sare_obfu1.cf/200705281000.tar.gz Jun 1 05:14 ./70_sare_obfu1.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu1.cf/200706041800.tar.gz May 21 10:14 ./72_sare_bml_post25x.cf/200705210700.tar.gz May 28 13:14 ./70_sare_obfu0.cf/200705281000.tar.gz Jun 1 05:14 ./70_sare_obfu0.cf/200706010200.tar.gz Jun 4 21:14 ./70_sare_obfu0.cf/200706041800.tar.gz May 21 10:14 ./70_sare_adult.cf/200705210700.tar.gz Mar 9 10:08 ./70_sc_top200.cf/200703090800.tar.gz Mar 9 11:08 ./70_sc_top200.cf/200703090900.tar.gz Mar 9 12:08 ./70_sc_top200.cf/200703091000.tar.gz Mar 9 17:08 ./70_sc_top200.cf/200703091500.tar.gz Mar 12 11:08 ./70_sc_top200.cf/200703120800.tar.gz Mar 14 16:08 ./70_sc_top200.cf/200703141300.tar.gz Mar 15 13:08 ./70_sc_top200.cf/200703151000.tar.gz Mar 22 13:24 ./70_sc_top200.cf/200703221000.tar.gz Mar 30 12:10 ./70_sc_top200.cf/200703300900.tar.gz Apr 5 12:10 ./70_sc_top200.cf/200704050900.tar.gz Apr 6 10:10 ./70_sc_top200.cf/200704060700.tar.gz Apr 6 17:10 ./70_sc_top200.cf/200704061400.tar.gz May 23 11:14 ./70_sc_top200.cf/200705230800.tar.gz May 24 12:14 ./70_sc_top200.cf/200705240900.tar.gz May 6 23:24 ./70_sare_stocks.cf/200705062000.tar.gz May 7 00:24 ./70_sare_stocks.cf/200705062100.tar.gz Aug 18 08:14 ./70_sare_stocks.cf/200708181200.tar.gz Apr 6 10:10 ./00_FVGT_File001.cf/200704060700.tar.gz [EMAIL PROTECTED] channels]$ If you like, since you seem to be preoccupied with the raw number of updates, you can compare that the number of updates released by the SA project in the last 6 months: [EMAIL PROTECTED] asf-sa-updates]$ find . -type f -mtime -180 -name *.gz -perm 444 -exec ls -l {} \; | cut -d' ' -f7- Sep 3 23:21 ./572502.tar.gz May 7 00:31 ./535131.tar.gz May 11 01:54 ./535132.tar.gz May 31 01:41 ./543064.tar.gz Jun 9 04:12 ./545708.tar.gz Jul 4 17:46 ./548226.tar.gz Jul 11 00:36 ./555165.tar.gz Jul 15 18:55 ./556472.tar.gz [EMAIL PROTECTED] asf-sa-updates]$ However reading this thread has scared me further. (Shall I chuck Santa Claus (rms) and the Penguin (linus) and install WIN2000 and enjoy Norton Daily Updates?) That might not be a bad idea. Daryl
Re: RulesDuJour
Rocco Scappatura schrieb: Hello, It is some weeks that I get errors while I try to updates the SA rulesets. For example recently I get an error after the update of TripWire and SARE rulesets: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /tmp/RulesDuJour/99_FVGT_Tripwire.cf.2; mv -f /tmp/RulesDuJour/tripwire.cf.20070831-1530 /etc/mail/spamassassin/tripwire.cf; mv -f /etc/mail/spamassassin/70_sare_stocks.cf /tmp/RulesDuJour/70_sare_stocks.cf.2; mv -f /tmp/RulesDuJour/70_sare_stocks.cf.20070831-1530 /etc/mail/spamassassin/70_sare_stocks.cf; Lint output: [826] warn: config: failed to parse line, skipping: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 [826] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Pragma CONTENT=no-cache [826] warn: config: failed to parse line, skipping: META HTTP-EQUIV=Expires CONTENT=-1 [826] warn: config: failed to parse line, skipping: /HEAD/HTML [826] warn: lint: 4 issues detected, please rerun with debug enabled for more information I can't try how to solve this problem.. Maybe is there any outdates ruleset? If yes, who is it? Using sa-update is the suggested method now: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt or read the lists archive you should find many posts on this ... Thanks, rocsca -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
RE: RulesDuJour
Using sa-update is the suggested method now: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt I don't think that this is related to the error discussed in this thread. rocsca
Re: RulesDuJour
Using sa-update is the suggested method now: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt I don't think that this is related to the error discussed in this thread. rocsca But it is. RulesDuJour delivery is broken, and it gives only HTTP-error page, which causes the error. sa-update can deliver the rules without errors.
Re: RulesDuJour/deneb.dwf.com: 404 errors
On Thu, 2007-08-02 at 12:25 -0600, Reg Clemens wrote: I am getting the following error message from my (daily) update of SpamAssassin Rules --- Subject: RulesDuJour/deneb.dwf.com: 404 errors and the contents of the message The following rules had errors: SARE 70_sare_bayes_poison_nxm.cf Ruleset had an unknown error: curl exit code: 52 curl: (52) Empty reply from server 000 --- Other than blowing everything away and starting again Im not sure how to clear this up. actually, that is the best policy. RulesDuJour has been supplanted by sa-update. Can one of you experts give me a clue. Not an expert, but I did create an RPM will all of the pieces so that I would not have to re-create this every time. I have a script that runs from cron once a day that calls sa-update. If successful, it runs sa-compile, then reloads amavisd (and flushes postfix, since amavisd is messy when it reloads... Probably need to code a graceful shutdown for amavisd at some point.) To pick up all of the channels, I created a channel file, like so: [EMAIL PROTECTED] ~]$ sudo cat /etc/sysconfig/sa-update-channels updates.spamassassin.org 70_sare_evilnum0.cf.sare.sa-update.dostech.net bogus-virus-warnings.cf.sare.sa-update.dostech.net 70_sare_adult.cf.sare.sa-update.dostech.net 70_sare_random.cf.sare.sa-update.dostech.net 70_sare_header0.cf.sare.sa-update.dostech.net 70_sare_genlsubj0.cf.sare.sa-update.dostech.net 99_sare_fraud_post25x.cf.sare.sa-update.dostech.net 70_sare_html0.cf.sare.sa-update.dostech.net 70_sare_html1.cf.sare.sa-update.dostech.net 70_sare_uri0.cf.sare.sa-update.dostech.net 70_sare_specific.cf.sare.sa-update.dostech.net 70_sare_obfu0.cf.sare.sa-update.dostech.net 70_sare_unsub.cf.sare.sa-update.dostech.net 70_sare_stocks.cf.sare.sa-update.dostech.net So that gpg works, I imported the public key from dostech.net and referenced it in an gpgkeyfile: [EMAIL PROTECTED] ~]$ sudo cat /etc/sysconfig/sa-update-keys 5244EC45 856AA88A the actual update command is sa-update --channelfile /etc/sysconfig/sa-update-channels --gpgkeyfile /etc/sysconfig/sa-update-keys once set up, this has much less impact than rulesdujour had. -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: RulesDuJour lint failed. Updates rolled back.
for RULESET_NAME in ${TRUSTED_RULESETS} ; do # Set up some array variables INDEX=${!RULESET_NAME}; Sleep 1# --- add this line at the end of the for loop done {^_^} - Original Message - From: Dallas Engelken [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, 2007, June 28 15:31 Subject: Re: RulesDuJour lint failed. Updates rolled back. This must be an issue that needs to be raised with Prolexic, as they are doing the DDoS protection for rulesemporium.com. Can anyone reproduce this redirect outside of RDJ, and give me a dump of the full transaction including http headers? I'd rather fix the actual problem and not patch around it. Thanks, Dallas Lindsay Haisley wrote: This problem is probably due to the way Rules Emporium is handling traffic. If requests come too fast from the same address, or if their server is busy, they send an HTML redirect page instructing the client to try again in 0.1 second. Curl and wget don't understand meta http-equiv=Refresh ... and simply store the refresh page as the output of the request. rules_du_jour is just a shell script so a proper fix should be pretty easy. The following is a quick and dirty patch which sort of solves the problem, at least for the next run of rules_du_jour. cut here --- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500 +++ /var/lib/spamassassin/rules_du_jour 2007-06-18 12:37:44.0 -0500 @@ -907,6 +907,8 @@ [ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c ${MAILCMD} -s \RulesDuJour Run Summary on ${HOSTNAME}\ ${MAIL_ADDRESS}; fi +grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f + cd ${OLDDIR}; exit; cut here rules_du_jour will still fail, but this will clean up the mess and next time (hopefully) it'll run properly. A proper fix would sense when this happens and retry the download after a suitable short wait. It may also be helpful to insert some sleep .5 instructions at appropriate points (or sleep 1 if your implementation of sleep(1) doesn't understand floating point numbers). On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote: On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Kind regards Nigel -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Kind regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Geez - blonde it is - it's sa-compile not sa-update! I wonder if McDonalds have any jobs going :-/ Kind regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
This problem is probably due to the way Rules Emporium is handling traffic. If requests come too fast from the same address, or if their server is busy, they send an HTML redirect page instructing the client to try again in 0.1 second. Curl and wget don't understand meta http-equiv=Refresh ... and simply store the refresh page as the output of the request. rules_du_jour is just a shell script so a proper fix should be pretty easy. The following is a quick and dirty patch which sort of solves the problem, at least for the next run of rules_du_jour. cut here --- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500 +++ /var/lib/spamassassin/rules_du_jour 2007-06-18 12:37:44.0 -0500 @@ -907,6 +907,8 @@ [ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c ${MAILCMD} -s \RulesDuJour Run Summary on ${HOSTNAME}\ ${MAIL_ADDRESS}; fi +grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f + cd ${OLDDIR}; exit; cut here rules_du_jour will still fail, but this will clean up the mess and next time (hopefully) it'll run properly. A proper fix would sense when this happens and retry the download after a suitable short wait. It may also be helpful to insert some sleep .5 instructions at appropriate points (or sleep 1 if your implementation of sleep(1) doesn't understand floating point numbers). On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote: On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Kind regards Nigel -- Lindsay Haisley [EMAIL PROTECTED] FMP Computer Services
Re: RulesDuJour lint failed. Updates rolled back.
This must be an issue that needs to be raised with Prolexic, as they are doing the DDoS protection for rulesemporium.com. Can anyone reproduce this redirect outside of RDJ, and give me a dump of the full transaction including http headers? I'd rather fix the actual problem and not patch around it. Thanks, Dallas Lindsay Haisley wrote: This problem is probably due to the way Rules Emporium is handling traffic. If requests come too fast from the same address, or if their server is busy, they send an HTML redirect page instructing the client to try again in 0.1 second. Curl and wget don't understand meta http-equiv=Refresh ... and simply store the refresh page as the output of the request. rules_du_jour is just a shell script so a proper fix should be pretty easy. The following is a quick and dirty patch which sort of solves the problem, at least for the next run of rules_du_jour. cut here --- /root/rules_du_jour.orig2007-06-17 21:01:24.0 -0500 +++ /var/lib/spamassassin/rules_du_jour 2007-06-18 12:37:44.0 -0500 @@ -907,6 +907,8 @@ [ ${SEND_THE_EMAIL} ] echo -e ${MESSAGES} | sh -c ${MAILCMD} -s \RulesDuJour Run Summary on ${HOSTNAME}\ ${MAIL_ADDRESS}; fi +grep -il 'META HTTP-EQUIV' ${TMPDIR}/*|xargs -n1 rm -f + cd ${OLDDIR}; exit; cut here rules_du_jour will still fail, but this will clean up the mess and next time (hopefully) it'll run properly. A proper fix would sense when this happens and retry the download after a suitable short wait. It may also be helpful to insert some sleep .5 instructions at appropriate points (or sleep 1 if your implementation of sleep(1) doesn't understand floating point numbers). On Thu, 2007-06-28 at 11:22 +0100, Nigel Frankcom wrote: On Wed, 27 Jun 2007 16:42:39 -0400, Daryl C. W. O'Shea [EMAIL PROTECTED] wrote: Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl is right, there is no fix due in 3.2.2 - I got the RDJ and the sa-update errors confused. I guess maybe I should dye my hair blonde. Apologies for any confusion I've caused. Kind regards Nigel -- Dallas Engelken [EMAIL PROTECTED] http://uribl.com
Re: RulesDuJour lint failed. Updates rolled back.
On Thu, 2007-06-28 at 17:31 -0500, Dallas Engelken wrote: This must be an issue that needs to be raised with Prolexic, as they are doing the DDoS protection for rulesemporium.com. Can anyone reproduce this redirect outside of RDJ, and give me a dump of the full transaction including http headers? Dallas, By running a curl hit repeatedly on the RE server I reproduced the problem. The cmd sent was: curl -w %{http_code} --compressed -D /tmp/curl_headers -O -R -s -S http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf The headers sent back were as follows: HTTP/1.0 200 OK Connection: Close Pragma: no-cache cache-control: no-cache Content-Type: text/html; charset=iso-8859-1 The page body returned was: HTMLHEADMETA HTTP-EQUIV=Refresh CONTENT=0.1 META HTTP-EQUIV=Pragma CONTENT=no-cache META HTTP-EQUIV=Expires CONTENT=-1 /HEAD/HTML A normal fetch of the actual .cf file returns these headers: HTTP/1.1 200 OK Age: 882 Date: Thu, 28 Jun 2007 22:41:08 GMT Connection: Keep-Alive Via: NS-CACHE-7.0: 1 ETag: 389f7-dbae-eb58c6c0 Server: Apache/2.0.54 (Gentoo/Linux) DAV/2 SVN/1.2.0 PHP/4.3.11 Last-Modified: Thu, 02 Jun 2005 00:00:03 GMT Accept-Ranges: bytes Content-Length: 56238 Keep-Alive: timeout=15, max=99 Content-Type: text/plain; charset=ISO-8859-1 I'd rather fix the actual problem and not patch around it. Absolutely!! -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: RulesDuJour lint failed. Updates rolled back.
On Thu, 2007-06-28 at 18:56 -0500, Lindsay Haisley wrote: By running a curl hit repeatedly on the RE server I reproduced the problem. By running this test a couple of times I'm apparently now blocked by RE :-P Oh well . Hope the info I sent was useful. -- Lindsay Haisley | In an open world,| PGP public key FMP Computer Services |who needs Windows | available at 512-259-1190 | or Gates| http://pubkeys.fmp.com http://www.fmp.com| |
Re: RulesDuJour lint failed. Updates rolled back.
David Boltz schrieb: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks [RDJ Problems ...] btw: Are there any additional things to know/caveats if i want to use sa-update channels for RDJ: (besides adding the default channel as described in: http://daryl.dostech.ca/sa-update/sare/sare-sa-update-howto.txt) Regards, Dave B. -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Nigel Frankcom schrieb: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That works, until the next run, then same error here ... That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel -- Grüsse/Greetings MH Dont send mail to: [EMAIL PROTECTED] --
Re: RulesDuJour lint failed. Updates rolled back.
On Wed, 27 Jun 2007 16:18:28 +0200, Matthias Haegele [EMAIL PROTECTED] wrote: Nigel Frankcom schrieb: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That works, until the next run, then same error here ... That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Regards Nigel I had that a couple of times initially, but repeating the process and since running RDJ manually I haven't had a recurrence. RDJ doesn't change that often and it is no big deal here to add a manual RDJ to my manual morning admin chores (spam checks, logs, updates etc.) KR Nigel
Re: RulesDuJour lint failed. Updates rolled back.
Nigel Frankcom wrote: On Wed, 27 Jun 2007 08:48:02 -0400, David Boltz [EMAIL PROTECTED] wrote: I?ve been getting the lint failures found below on my Rules Du Jour updates for a few weeks now. Yes this would be since the DDoS attacks on rulesemporium. It looks like the same problem people have been having with the tripwire but for me it?s the adult and since just recently the spoof rules. The solutions I've seen don't seem to work for me. I see that my cron job (run nightly) is pulling some HTML source instead of the rules. I?ve tried removing the faulty 70_sare_adult.* from etc/mail/spamassassin/RulesDuJour/ and manually replacing it with the ?actual? file using wget. I?ve even manually updated the used /etc/mail/spamassassin/70_sare_adult.cf to ensure that it was correct. When I us ?wget http://rulesemporium.com/rules/70_sare_adult.cf? to grab the file it works without problems. Does anyone have any ideas on how I might fix this problem? snip ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/70_sare_adult.cf The quick cure is to delete anything in the /etc/mail/spamassassin/RulesDuJour/ directory and rerun RDJ by hand. That worked for me on CentOS 4.5 The bug has been reported and a fix is due in 3.2.2 I believe. Huh? What's SA have to do with RDJ triggering Prolexic's DoS protection? Daryl
Re: Rulesdujour?
Matt Kettler writes: 2) Antidrug is a part of SA as of SA 3.0.0. If you're using antidrug with SA 3.0.0 or higher, you're possibly downgrading your antidrug rules. Unless you're using SA 2.64 or lower, you should remove antidrug.cf from your system completely. 3) If I ever make updates to the antidrug rules, I'd submit them to the main SA project to avoid conflicts. I will likely NOT update antidrug.cf. (anyone using 2.64 or older would get a much bigger boost in accuracy from updating SA than they will from updating my rules.) Maybe we need a way to indicate precedence -- ie. rule XXX replaces rule YYY, so ignore that rule if it's in the ruleset? --j.
Re: Rulesdujour?
On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote: I got this email from Rules_Du_Jour this morning, what is the fix? Don't take this the wrong way, but did you read the errors at all? Lint output: [16404] warn: config: failed to parse line, skipping: README: [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone else will eventually have control of this webspace, possibly a malicious spammer. [16404] warn: config: failed to parse line, skipping: STOP using RDJ on this file *NOW* [16404] warn: config: failed to parse line, skipping: Also, make note of the fact that this file is for users of SA 2.64 and below. It makes it pretty clear that you should stop using it and why. -- Randomly Selected Tagline: Ask them to list all 54 flavors, then order Vanilla. pgpzEzoDNpvgw.pgp Description: PGP signature
Re: Rulesdujour?
On Thu, 25 Jan 2007 12:20:09 -0500, Gene Heskett [EMAIL PROTECTED] wrote: On Thursday 25 January 2007 11:56, Theo Van Dinter wrote: On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote: I got this email from Rules_Du_Jour this morning, what is the fix? Don't take this the wrong way, but did you read the errors at all? Lint output: [16404] warn: config: failed to parse line, skipping: README: [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone else will eventually have control of this webspace, possibly a malicious spammer. [16404] warn: config: failed to parse line, skipping: STOP using RDJ on this file *NOW* [16404] warn: config: failed to parse line, skipping: Also, make note of the fact that this file is for users of SA 2.64 and below. It makes it pretty clear that you should stop using it and why. Yes I did read it, but I'm not sure what rule I should remove, or if I should stop using rulesdujour. Has it fallen out of favor or was it too good for somebody? FWIW, rulesdujour, if its complaining about a package, should not only say its an out of date package, but should name it so that one can find and remove it! This message didn't arrive until after this one this morning: Matt Kettler's AntiDrug has changed on coyote.coyote.den. Version line: # rev 0.65 10/01/2006 - updated URL, etc So I assume that's the file being bitched about, so I've removed several of them in the /etc/spamassassin/rulesdujour dir, and removed the antidrug thing from /etc/rulesdujour/config. Damn I get enough of that, some of them claim I could get it up if I was 100 years old. But I'm diabetic 72, so the chances are somewhere between damned slim and none. What else is in your RDJ config? It might be worth taking a walk through the rules site and just checking what you've got and what, if any have been obfuscated. Kind regards Nigel
Re: Rulesdujour?
On Thursday 25 January 2007 11:56, Theo Van Dinter wrote: On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote: I got this email from Rules_Du_Jour this morning, what is the fix? Don't take this the wrong way, but did you read the errors at all? Lint output: [16404] warn: config: failed to parse line, skipping: README: [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone else will eventually have control of this webspace, possibly a malicious spammer. [16404] warn: config: failed to parse line, skipping: STOP using RDJ on this file *NOW* [16404] warn: config: failed to parse line, skipping: Also, make note of the fact that this file is for users of SA 2.64 and below. It makes it pretty clear that you should stop using it and why. Yes I did read it, but I'm not sure what rule I should remove, or if I should stop using rulesdujour. Has it fallen out of favor or was it too good for somebody? FWIW, rulesdujour, if its complaining about a package, should not only say its an out of date package, but should name it so that one can find and remove it! This message didn't arrive until after this one this morning: Matt Kettler's AntiDrug has changed on coyote.coyote.den. Version line: # rev 0.65 10/01/2006 - updated URL, etc So I assume that's the file being bitched about, so I've removed several of them in the /etc/spamassassin/rulesdujour dir, and removed the antidrug thing from /etc/rulesdujour/config. Damn I get enough of that, some of them claim I could get it up if I was 100 years old. But I'm diabetic 72, so the chances are somewhere between damned slim and none. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2007 by Maurice Eugene Heskett, all rights reserved.
Re: Rulesdujour?
On Thursday 25 January 2007 12:33, Nigel Frankcom wrote: On Thu, 25 Jan 2007 12:20:09 -0500, Gene Heskett [EMAIL PROTECTED] wrote: On Thursday 25 January 2007 11:56, Theo Van Dinter wrote: On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote: I got this email from Rules_Du_Jour this morning, what is the fix? Don't take this the wrong way, but did you read the errors at all? Lint output: [16404] warn: config: failed to parse line, skipping: README: [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone else will eventually have control of this webspace, possibly a malicious spammer. [16404] warn: config: failed to parse line, skipping: STOP using RDJ on this file *NOW* [16404] warn: config: failed to parse line, skipping: Also, make note of the fact that this file is for users of SA 2.64 and below. It makes it pretty clear that you should stop using it and why. Yes I did read it, but I'm not sure what rule I should remove, or if I should stop using rulesdujour. Has it fallen out of favor or was it too good for somebody? FWIW, rulesdujour, if its complaining about a package, should not only say its an out of date package, but should name it so that one can find and remove it! This message didn't arrive until after this one this morning: Matt Kettler's AntiDrug has changed on coyote.coyote.den. Version line: # rev 0.65 10/01/2006 - updated URL, etc So I assume that's the file being bitched about, so I've removed several of them in the /etc/spamassassin/rulesdujour dir, and removed the antidrug thing from /etc/rulesdujour/config. Damn I get enough of that, some of them claim I could get it up if I was 100 years old. But I'm diabetic 72, so the chances are somewhere between damned slim and none. What else is in your RDJ config? It might be worth taking a walk through the rules site and just checking what you've got and what, if any have been obfuscated. Kind regards Nigel TRUSTED_RULESETS=EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 BOGUSVIRUS SARE_ADULT SARE_BAYES_POISON_NXM SARE_BML SARE_CODING SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_HEADER0 SARE_HEADER2 SARE_OBFU0 SARE_OBFU1 SARE_OEM SARE_RANDOM SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVD SARE_SPECIFIC SARE_STOCKS SARE_FRAUD SARE_SPOOF ZMI_GERMAN SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=killall -HUP spamd -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2007 by Maurice Eugene Heskett, all rights reserved.
Re: Rulesdujour?
Gene Heskett wrote: On Thursday 25 January 2007 11:56, Theo Van Dinter wrote: On Thu, Jan 25, 2007 at 11:50:13AM -0500, Gene Heskett wrote: I got this email from Rules_Du_Jour this morning, what is the fix? Don't take this the wrong way, but did you read the errors at all? Lint output: [16404] warn: config: failed to parse line, skipping: README: [16404] warn: config: failed to parse line, skipping: WARNING: YOU HAVE DOWNLOADED THIS RULESET from COMCAST. I am TERMINATING THIS ACCOUNT. [16404] warn: config: failed to parse line, skipping: Someone else will eventually have control of this webspace, possibly a malicious spammer. [16404] warn: config: failed to parse line, skipping: STOP using RDJ on this file *NOW* [16404] warn: config: failed to parse line, skipping: Also, make note of the fact that this file is for users of SA 2.64 and below. It makes it pretty clear that you should stop using it and why. Yes I did read it, but I'm not sure what rule I should remove, or if I should stop using rulesdujour. Has it fallen out of favor or was it too good for somebody? No, you shouldn't stop using RDJ. You should however stop using RDJ to update antidrug, for the following reasons: 1) Antidrug is no longer actively maintained. I haven't edited the rules themselves in a very long time, over a year. You've probably downloaded update since, but it's all notes in the comments. ie: don't use this with 3.0.0 or higher went in back in june or july 06. October 06 saw the ruleset updated with a comment telling you it moved (that few read). 2) Antidrug is a part of SA as of SA 3.0.0. If you're using antidrug with SA 3.0.0 or higher, you're possibly downgrading your antidrug rules. Unless you're using SA 2.64 or lower, you should remove antidrug.cf from your system completely. 3) If I ever make updates to the antidrug rules, I'd submit them to the main SA project to avoid conflicts. I will likely NOT update antidrug.cf. (anyone using 2.64 or older would get a much bigger boost in accuracy from updating SA than they will from updating my rules.) Therefore, checking Antidrug with RDJ is pointless. In fact, the current version of RDJ no longer supports antidrug at all for this very reason. So, I suggest that you take the following steps: 1) update your RDJ. Chris Thielen, the author of RDJ, has in the past pointed out that it's no longer available via exit0.us, but can be gotten here: http://sandgnat.com/rdj/rules_du_jour 2) remove antidrug.cf from your system unless your SA version is 2.64 or lower. If it is, I would SERIOUSLY consider upgrading.
Re: RulesDuJour
On 8-Dec-2006, at 01:46, Mike Kenny wrote: The configuration that I inherited had only got TRUSTED_RULESETS=TRIPWIRE SARE_EVILNUMBERS0 SARE_RANDOM; in /etc/rulesdujour/config. This obviously allows a lot of spam to filter through (or at elaast would allow the rules to become outdated). Looking at rulesdujour.sh I notice it references a lot mor rule sets than these. What problems might I encounter if I add all of these (except for those noted as pre 3.0) to my config file? Well, ALL of them would be a bit much. The drawback is that some will add some overheard, both in time and in resources, to processing messages. The more messages your mailserver gets, the more you care about that. I would look at the SARE ones and enable those that sound good to you, and see how that goes. -- You may be anti anti-spam-kook if: Despite having invented the FUSSP, you not only don't know the difference between the SMTP envelope and SMTP headers; you doubt there is such a thing as the SMTP envelope because email doesn't involve paper.
Re: RulesDuJour 1.29 - SARE Stocks Ruleset) not found (404)
Sorry about that! It's fixed now and 1.29b is available on the web site. Max Matslofva wrote: Hi RulesDuJour 1.29 tries to fetch 70_sare_stocks.cf from http://www.rulesemporium.com/rules/rules/70_sare_stocks.cf The correct URL for 70_sare_stocks.cf is http://www.rulesemporium.com/rules/70_sare_stocks.cf See patch below /Max --- rules_du_jour Wed Dec 6 08:45:55 2006 +++ rules_du_jour.org Wed Dec 6 08:45:36 2006 @@ -565,7 +565,7 @@ PARSE_NEW_VER_SCRIPTS[69]=${PERL} -ne 'print if /^\s*#.*(version|rev|revision)[:\.\s]*[0-9]/i ;' | ${HEAD}; SARE_STOCKS=70; - CF_URLS[70]=${RULESEMPORIUM}/70_sare_stocks.cf; + CF_URLS[70]=${RULESEMPORIUM}/rules/70_sare_stocks.cf; CF_FILES[70]=70_sare_stocks.cf; CF_NAMES[70]=SARE Stocks Ruleset); PARSE_NEW_VER_SCRIPTS[70]=${PERL} -ne 'print if /^\s*#.*(version|rev|revision)[:\.\s]*[0-9]/i ;' | ${HEAD};
Re: RulesduJour How often is too often?
At 07:38 AM 11/2/2006, you wrote: I have it set to go about about every six hours yet blacklist_uri always seems to have an update. Is there any reason I couldn't up it to like every four hours? Would that stress the rules servers a bit too much? How often does everyone else update? Well considering it's called rules du jour, and I seem to recall Jour is day, and the instructions say do NOT use more than once a day... I update once a day. :-D
RE: RulesduJour How often is too often?
Oops, I musta missed that part. Hmm.. Maybe I could make a copy of dujour that just looked for updates to blacklist_uri. -Original Message- From: Evan Platt [mailto:[EMAIL PROTECTED] Sent: Thursday, November 02, 2006 7:44 AM To: users@spamassassin.apache.org Subject: Re: RulesduJour How often is too often? At 07:38 AM 11/2/2006, you wrote: I have it set to go about about every six hours yet blacklist_uri always seems to have an update. Is there any reason I couldn't up it to like every four hours? Would that stress the rules servers a bit too much? How often does everyone else update? Well considering it's called rules du jour, and I seem to recall Jour is day, and the instructions say do NOT use more than once a day... I update once a day. :-D
RE: rulesdujour
#Ronan McGlue wrote: can someone give me a listing of the latest timestamps regarding their rulesdujour updates? I've just noticed that none of the files have been updated on my machine since mid augaust... surely this isn't normal... No, it's fairly normal. SARE_STOCKS is the only one that is changing on a regular basis at the moment. Jul 25 12:00 70_sare_spoof.cf Aug 27 06:34 70_sare_whitelist_spf.cf Sep 22 17:00 70_sare_stocks.cf All the rest of mine go back to June or earlier. -- Bowie
Re: rulesdujour
#Ronan McGlue wrote: can someone give me a listing of the latest timestamps regarding their rulesdujour updates? I've just noticed that none of the files have been updated on my machine since mid augaust... surely this isn't normal... thanks Ronan I just updated antidrug this past weekend. However, if you're using SA 3.0.0 or newer you should NOT be using antidrug anyway.
Re: rulesdujour question
On Tuesday August 15 2006 12:41 pm, BG Mahesh wrote: hi /etc/rulesdujour/config reads, [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1 SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=killall -HUP spamd Everytime we execute rules_du_jour cf files are downloaded into /etc/mail/spamassassin and /etc/mail/spamassassin/RulesDuJour Is this normal? Yes. The rules in /etc/mail/spamassassin are the ones read by SA. All cf files are duplicates in both these directories and they look so old. You really want to list the rules you want updated by RDJ in the /etc/rulesdujour/config file. Some rules are older. [EMAIL PROTECTED] spamassassin]# ls -l RulesDuJour/ total 428 -rw-r--r-- 1 root root 53868 Apr 20 14:30 70_sare_adult.cf -rw-r--r-- 1 root root 51886 Oct 2 2005 70_sare_obfu0.cf -rw-r--r-- 1 root root 106627 Oct 2 2005 70_sare_obfu1.cf -rw-r--r-- 1 root root 17879 Oct 5 2005 70_sare_uri0.cf -rw-r--r-- 1 root root 24248 Oct 11 2005 70_sare_uri1.cf -rw-r--r-- 1 root root 56238 Jun 2 2005 99_FVGT_Tripwire.cf -rw-r--r-- 1 root root 63479 Jan 30 2006 rules_du_jour Also what do I need to add to Trusted_rulesets to get image spam working? Look in recent archives. There have been active discussions about image spam. -- -- B.G. Mahesh HTH. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
RE: rulesdujour question
BG Mahesh wrote: hi /etc/rulesdujour/config reads, [EMAIL PROTECTED] RulesDuJour]# more /etc/rulesdujour/config TRUSTED_RULESETS=TRIPWIRE SARE_ADULT SARE_OBFU0 SARE_OBFU1 SARE_URI0 SARE_URI1 There are quite a few good rule sets from SARE. You may want to go to www.rulesemporium.com/rules.htm and read through the descriptions. SARE_STOCKS, in particular, is very useful right now. SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=killall -HUP spamd Everytime we execute rules_du_jour cf files are downloaded into /etc/mail/spamassassin and /etc/mail/spamassassin/RulesDuJour Is this normal? All cf files are duplicates in both these directories and they look so old. That is normal. SA will read its rules from /etc/mail/spamassassin. /etc/mail/spamassassin/RulesDuJour is used by RDJ in its update process. [EMAIL PROTECTED] spamassassin]# ls -l RulesDuJour/ total 428 -rw-r--r-- 1 root root 53868 Apr 20 14:30 70_sare_adult.cf -rw-r--r-- 1 root root 51886 Oct 2 2005 70_sare_obfu0.cf -rw-r--r-- 1 root root 106627 Oct 2 2005 70_sare_obfu1.cf -rw-r--r-- 1 root root 17879 Oct 5 2005 70_sare_uri0.cf -rw-r--r-- 1 root root 24248 Oct 11 2005 70_sare_uri1.cf -rw-r--r-- 1 root root 56238 Jun 2 2005 99_FVGT_Tripwire.cf -rw-r--r-- 1 root root 63479 Jan 30 2006 rules_du_jour Don't worry about this directory. RDJ will take care of it. Also what do I need to add to Trusted_rulesets to get image spam working? Razor2 can help with image spam. You may also want to take a look at the fuzzyocr plugin. There have been lots of discussions about it on the list recently. -- Bowie
Re: RulesDuJour random.current.cf?
I have found the problem: Never underestimate the power of your own systems to make you feel dumb!. It seems that our SonicWall firewall, sometime recently, had decided that this was a forbidden site, so the 403 error was due to my own firewall blocking access. Have since unblocked the site and everything is, once again, working fine. Thought I'd pass this along, in case someone else should run into a problem like this. On Monday 26 June 2006 09:43, Larry Starr wrote: About a week ago I started seeing: The following rules had errors: William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. I ignored it for awhile, because I've seen transient problems with some of the RDJ rules in the past, but not for this long. Has this ruleset gone away? Thank you, -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: RulesDuJour random.current.cf?
On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote: I have found the problem: Never underestimate the power of your own systems to make you feel dumb!. It seems that our SonicWall firewall, sometime recently, had decided that this was a forbidden site, so the 403 error was due to my own firewall blocking access. Have since unblocked the site and everything is, once again, working fine. Thought I'd pass this along, in case someone else should run into a problem like this. On Monday 26 June 2006 09:43, Larry Starr wrote: About a week ago I started seeing: The following rules had errors: William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. I ignored it for awhile, because I've seen transient problems with some of the RDJ rules in the past, but not for this long. Has this ruleset gone away? Thank you, Larry, What setting in your SonicWall did you find blocked this site? We use a PRO2040 in front of our mail servers and have licensed the Gateway security bundle, on which we rely. Thanks, Mark --
Re: RulesDuJour random.current.cf?
I don't administer the SonicWall personally, but it has a pro-active web filter, using rules that nobody here completely comprehends, to block categories of Web Content. The category that this URL was hitting was Free Software Downloads. We're a fairly small organization so it's easy for me to have the firewall administrator Unblock a site when this happens. But this is the first time I've had something start being blocked, after using it for a long time. Our Administrator mentioned that some work that he'd been doing may have caused this incident. On Wednesday 28 June 2006 13:35, L. Mark Stone wrote: On Wed, 2006-06-28 at 09:19 -0500, Larry Starr wrote: I have found the problem: Never underestimate the power of your own systems to make you feel dumb!. It seems that our SonicWall firewall, sometime recently, had decided that this was a forbidden site, so the 403 error was due to my own firewall blocking access. Have since unblocked the site and everything is, once again, working fine. Thought I'd pass this along, in case someone else should run into a problem like this. On Monday 26 June 2006 09:43, Larry Starr wrote: About a week ago I started seeing: The following rules had errors: William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. I ignored it for awhile, because I've seen transient problems with some of the RDJ rules in the past, but not for this long. Has this ruleset gone away? Thank you, Larry, What setting in your SonicWall did you find blocked this site? We use a PRO2040 in front of our mail servers and have licensed the Gateway security bundle, on which we rely. Thanks, Mark -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
RE: RulesDuJour Summary messages
Dimitri Yioulos wrote: On Monday June 26 2006 5:17 pm, you wrote: Well that's just itI don't know where it's getting these. I don't have SARE_URI2 in my rules_du_jour file to update. The listing for the ARE_BAYES_POISON_NXM is listed as SARE_BAYES_POISON_NXM. I can't seem to find a file that contains the URI2 that is not commented out and the POISON spelled wrong. What file could these be in for me to correct these issues? /etc/rulesdujour/config? Actually, it could be any of these: /etc/rulesdujour/config /etc/rulesdujour /etc/mail/rulesdujour /etc/sysconfig/RulesDuJour /etc/sysconfig/rulesdujour Or something completely different in a RDJ_CONFIGFILE environment variable. -- Bowie
RE: RulesDuJour Summary messages
Thanks! That's what I was looking for. I couldn't find it by greping. It was in the rulesdujour/config file. Tracey Gates Lead Developer [EMAIL PROTECTED] 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 Phone 918-663-0991 / Fax 918-663-0840 This communication is intended only for the recipient(s) named above; may be confidential and/or legally privileged; and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please reply to the sender and then delete the message from your computer system immediately. -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 9:21 AM To: users@spamassassin.apache.org Subject: RE: RulesDuJour Summary messages Dimitri Yioulos wrote: On Monday June 26 2006 5:17 pm, you wrote: Well that's just itI don't know where it's getting these. I don't have SARE_URI2 in my rules_du_jour file to update. The listing for the ARE_BAYES_POISON_NXM is listed as SARE_BAYES_POISON_NXM. I can't seem to find a file that contains the URI2 that is not commented out and the POISON spelled wrong. What file could these be in for me to correct these issues? /etc/rulesdujour/config? Actually, it could be any of these: /etc/rulesdujour/config /etc/rulesdujour /etc/mail/rulesdujour /etc/sysconfig/RulesDuJour /etc/sysconfig/rulesdujour Or something completely different in a RDJ_CONFIGFILE environment variable. -- Bowie
Re: RulesDuJour random.current.cf?
My cron job runs once a day, at 21:15. I just tried it, manually, and still get: Rules Du Jour Run Summary:RulesDuJour Run Summary on strongbad: The following rules had errors: William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. Additional Info: 403 Thanks, On Tuesday 27 June 2006 11:57, Chris Thielen wrote: Larry Starr wrote: About a week ago I started seeing: The following rules had errors: William Stearn's RANDOM WORD Ruleset was not retrieved because of: 403 from http://www.sa-blacklist.stearns.org/sa-blacklist/random.current.cf. I ignored it for awhile, because I've seen transient problems with some of the RDJ rules in the past, but not for this long. Has this ruleset gone away? Thank you, I was able to retrieve it via my web browser just now. Has your IP been blacklisted for excessive checking or something? How often does your cron job run? 403 is permission denied, fyi. -- Larry G. Starr - [EMAIL PROTECTED] or [EMAIL PROTECTED] Software Engineer: Full Compass Systems LTD. Phone: 608-831-7330 x 1347 FAX: 608-831-6330 === There are only three sports: bullfighting, mountaineering and motor racing, all the rest are merely games! - Ernest Hemmingway
Re: RulesDuJour Summary messages
Tracey Gates wrote: I'm getting the following messages from the RulesDuJour run: RulesDuJour Run Summary on yoursummit.com: No index found for ruleset named ARE_BAYES_POISON_NXM. Check that this ruleset is still valid. SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has changed on yoursummit.com. Version line: # Modified: 06/23/2006 2:58:27 PM EST No index found for ruleset named SARE_URI2. Check that this ruleset is still valid. How do I check that the ruleset is valid?? I went to rulesemporium and they say that these rules are still active with Auto-Update as yes. What do I need to do to rectify these issues? Thanks! Tracey Gates Lead Developer [EMAIL PROTECTED] You may wish to check again... a. ARE_BAYES_POISON_NXM? Are you sure it's not SARE_BAYES_POISON_NXM? b. From SARE rules page: '... add one or more of SARE_URI0, SARE_URI1, SARE_URI3, or SARE_URI_ENG to TRUSTED_RULESETS ...' Where did you get SARE_URI2 from? HTH David Filion -- David Filion System / Network Administrator Auto123.com / XPrima Corporation
RE: RulesDuJour Summary messages
Well that's just itI don't know where it's getting these. I don't have SARE_URI2 in my rules_du_jour file to update. The listing for the ARE_BAYES_POISON_NXM is listed as SARE_BAYES_POISON_NXM. I can't seem to find a file that contains the URI2 that is not commented out and the POISON spelled wrong. What file could these be in for me to correct these issues? Tracey Gates Lead Developer [EMAIL PROTECTED] 1350 South Boulder, Third Floor / Tulsa, OK 74119-3203 Phone 918-663-0991 / Fax 918-663-0840 This communication is intended only for the recipient(s) named above; may be confidential and/or legally privileged; and, must be treated as such in accordance with state and federal laws. If you are not the intended recipient, you are hereby notified that any use of this communication, or any of its contents, is prohibited. If you have received this communication in error, please reply to the sender and then delete the message from your computer system immediately. -Original Message- From: David Filion [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 3:55 PM To: users@spamassassin.apache.org Subject: Re: RulesDuJour Summary messages Tracey Gates wrote: I'm getting the following messages from the RulesDuJour run: RulesDuJour Run Summary on yoursummit.com: No index found for ruleset named ARE_BAYES_POISON_NXM. Check that this ruleset is still valid. SARE Top 200 spamcop ip addresses Ruleset (automatically generated) has changed on yoursummit.com. Version line: # Modified: 06/23/2006 2:58:27 PM EST No index found for ruleset named SARE_URI2. Check that this ruleset is still valid. How do I check that the ruleset is valid?? I went to rulesemporium and they say that these rules are still active with Auto-Update as yes. What do I need to do to rectify these issues? Thanks! Tracey Gates Lead Developer [EMAIL PROTECTED] You may wish to check again... a. ARE_BAYES_POISON_NXM? Are you sure it's not SARE_BAYES_POISON_NXM? b. From SARE rules page: '... add one or more of SARE_URI0, SARE_URI1, SARE_URI3, or SARE_URI_ENG to TRUSTED_RULESETS ...' Where did you get SARE_URI2 from? HTH David Filion -- David Filion System / Network Administrator Auto123.com / XPrima Corporation
RE: RulesDuJour Summary messages
On Monday June 26 2006 5:17 pm, you wrote: Tracey Gates wrote .. Well that's just itI don't know where it's getting these. I don't have SARE_URI2 in my rules_du_jour file to update. The listing for the ARE_BAYES_POISON_NXM is listed as SARE_BAYES_POISON_NXM. I can't seem to find a file that contains the URI2 that is not commented out and the POISON spelled wrong. What file could these be in for me to correct these issues? Tracey Gates Lead Developer [EMAIL PROTECTED] /etc/rulesdujour/config? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: rulesdujour, lint, and whitelist_spf
Michael Monnerie wrote: Anybody else got this problem? Lots of warnings suddenly. mfg zmi [31721] warn: config: failed to parse line, skipping: whitelist_from_spf[EMAIL PROTECTED] [31721] warn: config: failed to parse line, skipping: whitelist_from_spf Is the SPF plugin enabled? The syntax looks fine, but it can't be parsed if the plugin isn't loaded. Daryl
Re: rulesdujour, lint, and whitelist_spf
On Freitag, 24. März 2006 09:01 Daryl C. W. O'Shea wrote: Is the SPF plugin enabled? The syntax looks fine, but it can't be parsed if the plugin isn't loaded. ARghl. I should not work late night... Thanks. As I use SPF on MTA level, I wanted to disable SPF. So I have to disable the SPF list from RDJ also, thank you. But I guess I'll let SPF on even in SA, as it can set points on soft SPF errors which could help. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgp0c3PzRdHor.pgp Description: PGP signature
Re: rulesdujour, lint, and whitelist_spf
Michael Monnerie wrote: On Freitag, 24. März 2006 09:01 Daryl C. W. O'Shea wrote: Is the SPF plugin enabled? The syntax looks fine, but it can't be parsed if the plugin isn't loaded. ARghl. I should not work late night... Thanks. As I use SPF on MTA level, I wanted to disable SPF. So I have to disable the SPF list from RDJ also, thank you. But I guess I'll let SPF on even in SA, as it can set points on soft SPF errors which could help. As long as both your MTA's resolver and SpamAssassin's resolver are using the same DNS cache, you'll get SPF results in SpamAssassin for close to free. Daryl
Re: rulesdujour, lint, and whitelist_spf
On Fri, Mar 24, 2006 at 09:26:25AM +0100, Michael Monnerie wrote: As I use SPF on MTA level, I wanted to disable SPF. So I have to disable the SPF list from RDJ also, thank you. FWIW, rules that require plugins should be wrapped in ifplugin/endif containers. Especially if those rules are being distributed out to other people -- you never know who has what plugins enabled. -- Randomly Generated Tagline: Go, banana! --Ralph Wiggum Das Bus (Episode 5F11) pgphJxJ7uAnjN.pgp Description: PGP signature
Re: RulesDuJour and Curl Connect Problem
Yousef Raffah wrote: On Wed, 2006-02-08 at 15:41 +, Shane Kelly wrote: Hi Yousef, I have to connect through a proxy server to get to the internet but I'm not sure how to set the proxy for curl. I tried to change the line in /var/lib/spamassassin/rules_du_jour To this: [ ${CURL_OPTS} ] || CURL_OPTS=-w %{http_code} --compressed -O -R -s -S -z -x proxy.nour.net.sa:8080; as I understood from man curl that -x is the parameter to use for a proxy server! The only relevant thread I found so far is this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192 but I have the outbound port 80 open and it is confirmed as when I invoke the script manually (not through cron) it works perfectly (at least that is what I see :) ) I suspect you need to set your proxy settings in the crontab, as most recent crons run with a clean environment for security. (I got bitten by the same thing :-) ) Hummm, that's pretty interesting, will test and let you know, because I though I had it already. Just out of curiousity, should I specify the proxy (export the variables in crontab) or the environment variable should just be there? Currently I have the variable set for the root user in the bash profile I have these as lines above the cron entries in the system crontab (i.e. /etc/crontab) on a Suse 9.3 system, but below the shell, path and mailto vars. Both wget and curl pick them up from there. HTTP_PROXY='http://wwwcache.xxx.xx.uk:8080' http_proxy='http://wwwcache.xxx.xx.uk:8080' Regards, Shane.
Re: RulesDuJour and Curl Connect Problem
On Sat, 2006-02-11 at 11:42 +, Shane Kelly wrote: Yousef Raffah wrote: On Wed, 2006-02-08 at 15:41 +, Shane Kelly wrote: Hi Yousef, I have to connect through a proxy server to get to the internet but I'm not sure how to set the proxy for curl. I tried to change the line in /var/lib/spamassassin/rules_du_jour To this: [ ${CURL_OPTS} ] || CURL_OPTS=-w %{http_code} --compressed -O -R -s -S -z -x proxy.nour.net.sa:8080; as I understood from man curl that -x is the parameter to use for a proxy server! The only relevant thread I found so far is this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192 but I have the outbound port 80 open and it is confirmed as when I invoke the script manually (not through cron) it works perfectly (at least that is what I see :) ) I suspect you need to set your proxy settings in the crontab, as most recent crons run with a clean environment for security. (I got bitten by the same thing :-) ) Hummm, that's pretty interesting, will test and let you know, because I though I had it already. Just out of curiousity, should I specify the proxy (export the variables in crontab) or the environment variable should just be there? Currently I have the variable set for the root user in the bash profile I have these as lines above the cron entries in the system crontab (i.e. /etc/crontab) on a Suse 9.3 system, but below the shell, path and mailto vars. Both wget and curl pick them up from there. HTTP_PROXY='http://wwwcache.xxx.xx.uk:8080' http_proxy='http://wwwcache.xxx.xx.uk:8080' Cool, I just configured it. Will let you know if it worked tonight ;). Many thanks. Sincerely, Yousef Raffah Senior Systems Administrator SSIS - The Savola Group -- Aren't you using Firefox? Get it at getfirefox.com yousef.raffah.com signature.asc Description: This is a digitally signed message part
Re: RulesDuJour and Curl Connect Problem
On Sat, 2006-02-11 at 15:01 +0300, Yousef Raffah wrote: On Sat, 2006-02-11 at 11:42 +, Shane Kelly wrote: Yousef Raffah wrote: On Wed, 2006-02-08 at 15:41 +, Shane Kelly wrote: Hi Yousef, I have to connect through a proxy server to get to the internet but I'm not sure how to set the proxy for curl. I tried to change the line in /var/lib/spamassassin/rules_du_jour To this: [ ${CURL_OPTS} ] || CURL_OPTS=-w %{http_code} --compressed -O -R -s -S -z -x proxy.nour.net.sa:8080; as I understood from man curl that -x is the parameter to use for a proxy server! The only relevant thread I found so far is this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192 but I have the outbound port 80 open and it is confirmed as when I invoke the script manually (not through cron) it works perfectly (at least that is what I see :) ) I suspect you need to set your proxy settings in the crontab, as most recent crons run with a clean environment for security. (I got bitten by the same thing :-) ) Hummm, that's pretty interesting, will test and let you know, because I though I had it already. Just out of curiousity, should I specify the proxy (export the variables in crontab) or the environment variable should just be there? Currently I have the variable set for the root user in the bash profile I have these as lines above the cron entries in the system crontab (i.e. /etc/crontab) on a Suse 9.3 system, but below the shell, path and mailto vars. Both wget and curl pick them up from there. HTTP_PROXY='http://wwwcache.xxx.xx.uk:8080' http_proxy='http://wwwcache.xxx.xx.uk:8080' Cool, I just configured it. Will let you know if it worked tonight ;). Many thanks. Unfortunately it didn't work out :/ Could it be the double quotes? I always have problems whether it is a single or double quote! Sincerely, Yousef Raffah Senior Systems Administrator SSIS - The Savola Group -- Aren't you using Firefox? Get it at getfirefox.com yousef.raffah.com signature.asc Description: This is a digitally signed message part
Re: RulesDuJour and Curl Connect Problem
On Wed, 2006-02-08 at 15:41 +, Shane Kelly wrote: Hi Yousef, I have to connect through a proxy server to get to the internet but I'm not sure how to set the proxy for curl. I tried to change the line in /var/lib/spamassassin/rules_du_jour To this: [ ${CURL_OPTS} ] || CURL_OPTS=-w %{http_code} --compressed -O -R -s -S -z -x proxy.nour.net.sa:8080; as I understood from man curl that -x is the parameter to use for a proxy server! The only relevant thread I found so far is this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192 but I have the outbound port 80 open and it is confirmed as when I invoke the script manually (not through cron) it works perfectly (at least that is what I see :) ) I suspect you need to set your proxy settings in the crontab, as most recent crons run with a clean environment for security. (I got bitten by the same thing :-) ) Hummm, that's pretty interesting, will test and let you know, because I though I had it already. Just out of curiousity, should I specify the proxy (export the variables in crontab) or the environment variable should just be there? Currently I have the variable set for the root user in the bash profile! Sincerely, Yousef Raffah Senior Systems Administrator SSIS - The Savola Group -- Aren't you using Firefox? Get it at getfirefox.com signature.asc Description: This is a digitally signed message part
Re: RulesDuJour Recommendation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joey wrote: Hello everyone, As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will probably tell me that at least one of those is no longer advisable). I also have a bunch of homebrew rules which add weigh to the specific types of spam I see here. They're on the website below if your interested. If you are getting a lot of pump-and-dump stock/microcap image spam, I can heartily recommend SARE_STOCKS. It's a masterpiece. C. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD6fHuMDDagS2VwJ4RAtCtAKDwILYsdZOAu0urBJ7pN2ZlqOHE1wCdGUPd 6vGN6heBBMSEUtKA755v8rE= =tQw7 -END PGP SIGNATURE-
RE: RulesDuJour Recommendation
Joey wrote: As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. These are the ones that I use. I haven't had any problems with them. SARE_ADULT SARE_EVILNUMBERS0 SARE_FRAUD SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_RANDOM SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD -- Bowie
Re: RulesDuJour and Curl Connect Problem
Hi Yousef, I have to connect through a proxy server to get to the internet but I'm not sure how to set the proxy for curl. I tried to change the line in /var/lib/spamassassin/rules_du_jour To this: [ ${CURL_OPTS} ] || CURL_OPTS=-w %{http_code} --compressed -O -R -s -S -z -x proxy.nour.net.sa:8080; as I understood from man curl that -x is the parameter to use for a proxy server! The only relevant thread I found so far is this: http://thread.gmane.org/gmane.mail.spam.spamassassin.general/76192 but I have the outbound port 80 open and it is confirmed as when I invoke the script manually (not through cron) it works perfectly (at least that is what I see :) ) I suspect you need to set your proxy settings in the crontab, as most recent crons run with a clean environment for security. (I got bitten by the same thing :-) ) Hope this helps. Shane.
RE: RulesDuJour Recommendation
Title: RE: RulesDuJour Recommendation -Original Message- From: Bowie Bailey [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 08, 2006 10:09 AM To: SpamAssassin Subject: RE: RulesDuJour Recommendation Joey wrote: As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. These are the ones that I use. I haven't had any problems with them. SARE_ADULT SARE_EVILNUMBERS0 SARE_FRAUD SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_RANDOM SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD Boy those SARE people sure rock! ;) Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
RE: RulesDuJour Recommendation
Chris Santerre wrote: From: Bowie Bailey [mailto:[EMAIL PROTECTED] Joey wrote: As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. These are the ones that I use. I haven't had any problems with them. SARE_ADULT SARE_EVILNUMBERS0 SARE_FRAUD SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_RANDOM SARE_SPECIFIC SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_URI0 SARE_WHITELIST_SPF SARE_WHITELIST_RCVD Boy those SARE people sure rock! ;) They sure do! :) Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. Yea...those are really good. I didn't mention them as they are enabled by default in the latest SA versions. At least, they are if the network tests in general are enabled. I should also mention Razor2, Pyzor, and DCC as being very useful for stopping the image spams. (I don't use Pyzor myself, but that's just because I've been too lazy to do the installation) -- Bowie
Re: RulesDuJour Recommendation
I am, and have been for a while, using SARE_REDIRECT_POST300 SARE_HTML SARE_BAYES_POISON_NXM TRIPWIRE EVILNUMBERS SARE_RANDOM SARE_WHITELIST SARE_OBFU SARE_STOCKS SARE_SPOOF to good effect (though someone will probably tell me that at least one of those is no longer advisable). Nope, all still good rulesets. EvilNumbers isn't updated as often as it really should be these days (I think), but they are all still live rulesets. Loren
Re: RulesDuJour Recommendation
These are the ones that I use. I haven't had any problems with them. SARE_EVILNUMBERS0 SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_URI0 I would add that most people could probably run the 1 versions of the above 0 rule files *in addition to the 0 version* with absolutely no problems and probably catch even more spam. The 0 versions are the most conservative, but the 1 versions are still pretty conservative. Loren
RE: RulesDuJour Recommendation
Loren Wilton wrote: These are the ones that I use. I haven't had any problems with them. SARE_EVILNUMBERS0 SARE_GENLSUBJ0 SARE_HTML0 SARE_HEADER0 SARE_OBFU0 SARE_URI0 I would add that most people could probably run the 1 versions of the above 0 rule files *in addition to the 0 version* with absolutely no problems and probably catch even more spam. The 0 versions are the most conservative, but the 1 versions are still pretty conservative. Yea. I've thought about adding those, but I'll have to watch the mail flow more closely for a while afterwards and I don't want to add to my workload at the moment. :) -- Bowie
Re: RulesDuJour Recommendation
Joey wrote: Hello everyone, As I'm sure you are aware the spam these days seems to be getting worse. In an attempt to be more aggressive we started using RulesDuJour. What I would like to know is which rules are you using without too much headache so that we can implement them into our configuration. I didn't want to load them all because I felt that it may be too aggressive and cause many client complaints. Also if you have found any solutions for the recent barrage of image spam I would appreciate you sharing them with me. My only advice is do not use RDJ for antidrug if you're using SA 3.0.0 or higher. The antidrug.cf file is only for users of SA 2.6x and older, and the rules are built into 3.0.0 and newer.
Re: RulesDuJour Recommendation
On Wednesday 08 February 2006 07:47 am, Chris Santerre wrote: Don't forget to use URIBL and SURBL Joey. They will stop a ton of spam. Indeed they do, but.. If you are one of those poor souls who are still using dialup AND you have to restart your system while offline, spamassassin will not see an available network and will disable network tests. Took me a while to figure that one out and it still bites me on occasion, if I don't think about it. Connect to your ISP and restart spamd and all will be well again. -- Jerry Gaiser in North Plains, Oregon USA (Zone8a) - 45.6933N 123.0418W
RE: RulesDuJour Recommendation
Title: RE: RulesDuJour Recommendation Yea...those are really good. I didn't mention them as they are enabled by default in the latest SA versions. At least, they are if the network tests in general are enabled. URIBL isn't on by default. Just SURBL. I believe the next SA release it will be. --Chris
Re: RulesDuJour problem
On Sun, Dec 04, 2005 at 10:41:07PM -0500, Gene Heskett wrote: Greetings folks; I just installed RulesDuJour, and ran it once by hand. It wasn't labeling the subject line, so I edited my local.cf to turn that on, didn't change anything else, but now a 'service spamd restart' fails with this error message nomograph: Starting spamd: [20715] warn: Value ax-conn-per-child=50 invalid for option m (number expected) [20715] warn: Unknown option: a [20715] warn: Unknown option: c And spits out the rest of its --help message. However, 'spamassassin --lint' returns clean in about 4 seconds. Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that. Which is odd as removeing that startup SPAMDOPTION in the /etc/init.d/spamd file didn't get rid of the message. Odd indeed. Also, the startup says there should be 5 (-m5) copies of spamd running, but a ps -ea|grep spamd only finds 3. Another one of those things that make you go hu, I guess. Any comments on how to reduce the hu? -- Cheers, Gene The spamd options are located in two places - in /etc/sysconfig/spamassassin and in the main script, /etc/rc.d/init.d/spamd (or whatever you called it). Long option names are preceded by two dashes. Somewhere you have -max-conn-per-child=50 where you should have --max-conn-per-child=50 Look over man spamd and check your options against that. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com Peace at any price is inflationary.
Re: RulesDuJour problem
From: Gene Heskett [EMAIL PROTECTED] Greetings folks; I just installed RulesDuJour, and ran it once by hand. It wasn't labeling the subject line, so I edited my local.cf to turn that on, didn't change anything else, but now a 'service spamd restart' fails with this error message nomograph: Starting spamd: [20715] warn: Value ax-conn-per-child=50 invalid for option m (number expected) [20715] warn: Unknown option: a [20715] warn: Unknown option: c And spits out the rest of its --help message. However, 'spamassassin --lint' returns clean in about 4 seconds. Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that. Which is odd as removeing that startup SPAMDOPTION in the /etc/init.d/spamd file didn't get rid of the message. Odd indeed. Also, the startup says there should be 5 (-m5) copies of spamd running, but a ps -ea|grep spamd only finds 3. Another one of those things that make you go hu, I guess. Any comments on how to reduce the hu? I suffer from lack of informationitis here. What is the line that starts the spamd service? The above suggests you have a typo somewhere. Like maybe something like -m ax-conn-per-child=50 instead of -max-conn-per-child=50. {^_^}
Re: RulesDuJour problem
From: Bob McClure Jr [EMAIL PROTECTED] On Sun, Dec 04, 2005 at 10:41:07PM -0500, Gene Heskett wrote: Greetings folks; I just installed RulesDuJour, and ran it once by hand. It wasn't labeling the subject line, so I edited my local.cf to turn that on, didn't change anything else, but now a 'service spamd restart' fails with this error message nomograph: Starting spamd: [20715] warn: Value ax-conn-per-child=50 invalid for option m (number expected) [20715] warn: Unknown option: a [20715] warn: Unknown option: c And spits out the rest of its --help message. However, 'spamassassin --lint' returns clean in about 4 seconds. Humm, /etc/sysconfig/spamassassin had an .rpmnew appended, fixed that. Which is odd as removeing that startup SPAMDOPTION in the /etc/init.d/spamd file didn't get rid of the message. Odd indeed. Also, the startup says there should be 5 (-m5) copies of spamd running, but a ps -ea|grep spamd only finds 3. Another one of those things that make you go hu, I guess. Any comments on how to reduce the hu? -- Cheers, Gene The spamd options are located in two places - in /etc/sysconfig/spamassassin and in the main script, /etc/rc.d/init.d/spamd (or whatever you called it). Long option names are preceded by two dashes. Somewhere you have -max-conn-per-child=50 where you should have --max-conn-per-child=50 I like your answer better than mind. Fogs of hunger caught me. {^_-}
Re: RulesDuJour problem
On Sunday 04 December 2005 22:46, Bob McClure Jr wrote: --max-conn-per-child=50 ?? Thats also odd, 3.04 has been running just fine with that single dash option for at least 6 months. Wierd. Anyway I put it back in like above, and that works. Now to figure out why, with a -m5 setting, its only running 3 copies of spamd. Thanks Bob. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) 99.36% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
RE: RulesDuJour; lint failes
Hi Bob, Thanks for this explanation; It solved my problem. It turned out in /usr/share/spamassassin a translation-file was causing the problems. Cheers, Thijs -Oorspronkelijk bericht- Van: Robert Menschel [mailto:[EMAIL PROTECTED] Verzonden: zondag 25 september 2005 1:46 Aan: Thijs Koetsier | Exception CC: Fred; users@spamassassin.apache.org Onderwerp: Re[2]: RulesDuJour; lint failes Hello Thijs, Saturday, September 24, 2005, 12:00:14 AM, you wrote: TKE To lint spamassassin from the command line has no other effect than TKE through RulesDuJour. The same list of errors/warnings shows up as mentioned below. TKE Since I use a standard (clean) installation with only Tripwire in TKE my ruleset for testing, this amount of warnings is a bit big, isn't TKE it? TKE But fixing the errors is exactly what I want to do; I just don't TKE know how :( The errors you're getting are from old, prior version, SpamAssassin distribution rules files. Use spamassassin -D --lint to determine which directories SA is looking into, and then scan all those directories for *.cf files. You have some old, prior version *.cf files, in a directory that SA is scanning, and those no longer lint in the current SA. Delete them. Bob Menschel
Re: RulesDuJour; lint failes
To lint spamassassin from the command line has no other effect than through RulesDuJour. The same list of errors/warnings shows up as mentioned below. Since I use a standard (clean) installation with only Tripwire in my ruleset for testing, this amount of warnings is a bit big, isn't it? But fixing the errors is exactly what I want to do; I just don't know how :( Cheers, Thijs Quoting Fred [EMAIL PROTECTED]: Run spamassassin --lint on this server and fix the errors you have and then once all is running well, go back and try rulesDuJour. You'll get better results for sure :) Thijs Koetsier | Exception wrote: Hi, No, I did not. I just re-installed Rules Du Jour and am using Spamassassin 3 on this server since I installed it. Cheers, Thijs -Oorspronkelijk bericht- Van: Loren Wilton [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 23 september 2005 15:46 Aan: users@spamassassin.apache.org Onderwerp: Re: RulesDuJour; lint failes Did you just move from 2.64 or earlier? It looks like you have some pre-3.0-only rules files. SOme of these appear to be standard SA rules files. Loren - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 5:02 AM Subject: RulesDuJour; lint failes Hi all, I'm using spamassassin 3 with rules du jour. Since a few days, when my rules du jour is runned by cron, spamassassin won't lint the rules anymore. I've looked into this problem on various sites, but didn't find a working answer, so I re-installed rules du jour but still have the same problems. So perhaps someone here knows what to do? my /etc/rulesdujour/config: TRUSTED_RULESETS=TRIPWIRE SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=/etc/init.d/spamassassin restart (I'm just using one ruleset for testing purposes) my /etc/mail/spamassassin/local.cf: required_score 3 report_safe 1 rewrite_header subject {Spam} bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 When running the /usr/local/sbin/rules_du_jour script, the rules are attempted to lint, which failes. The following is logged: (zoltar is my machines name) Installing new ruleset from /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2 Installing new version... TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. Attempting to --lint the rules. No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar: TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for HTML_IMAGE_RATIO_06 is over 50 chars warning: description exists for non-existent rule LOSEWEIGHT ... And then a whole more lot of warnings telling that 'description exists for non-existent rule ...' and descriptions which are over 50 chars, which I can't paste here because my mail gets returned because it's marked as spam :) It sums up to: ... lint: 274 issues detected. please rerun with debug enabled for more information. Anybody know what this could be? Cheers, Thijs Exception webmail - www.exception.nl
Re: RulesDuJour; lint failes
CLICK_TO_REMOVE_1 is over 50 This is an error from running 3.0x SpamAssassin with certain 2.64 targeted rule sets. Recheck all your rule sets for appropriateness with 3.04. {^_^} - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To lint spamassassin from the command line has no other effect than through RulesDuJour. The same list of errors/warnings shows up as mentioned below. Since I use a standard (clean) installation with only Tripwire in my ruleset for testing, this amount of warnings is a bit big, isn't it? But fixing the errors is exactly what I want to do; I just don't know how :( Cheers, Thijs Quoting Fred [EMAIL PROTECTED]: Run spamassassin --lint on this server and fix the errors you have and then once all is running well, go back and try rulesDuJour. You'll get better results for sure :) Thijs Koetsier | Exception wrote: Hi, No, I did not. I just re-installed Rules Du Jour and am using Spamassassin 3 on this server since I installed it. Cheers, Thijs -Oorspronkelijk bericht- Van: Loren Wilton [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 23 september 2005 15:46 Aan: users@spamassassin.apache.org Onderwerp: Re: RulesDuJour; lint failes Did you just move from 2.64 or earlier? It looks like you have some pre-3.0-only rules files. SOme of these appear to be standard SA rules files. Loren - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 5:02 AM Subject: RulesDuJour; lint failes Hi all, I'm using spamassassin 3 with rules du jour. Since a few days, when my rules du jour is runned by cron, spamassassin won't lint the rules anymore. I've looked into this problem on various sites, but didn't find a working answer, so I re-installed rules du jour but still have the same problems. So perhaps someone here knows what to do? my /etc/rulesdujour/config: TRUSTED_RULESETS=TRIPWIRE SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=/etc/init.d/spamassassin restart (I'm just using one ruleset for testing purposes) my /etc/mail/spamassassin/local.cf: required_score 3 report_safe 1 rewrite_header subject {Spam} bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 When running the /usr/local/sbin/rules_du_jour script, the rules are attempted to lint, which failes. The following is logged: (zoltar is my machines name) Installing new ruleset from /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2 Installing new version... TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. Attempting to --lint the rules. No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar: TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for HTML_IMAGE_RATIO_06 is over 50 chars warning: description exists for non-existent rule LOSEWEIGHT ... And then a whole more lot of warnings telling that 'description exists for non-existent rule ...' and descriptions which are over 50 chars, which I can't paste here because my mail gets returned because it's marked as spam :) It sums up to: ... lint: 274 issues detected. please rerun with debug enabled for more information. Anybody know what this could be? Cheers, Thijs Exception webmail - www.exception.nl
Re: RulesDuJour; lint failes
Did you just move from 2.64 or earlier? It looks like you have some pre-3.0-only rules files. SOme of these appear to be standard SA rules files. Loren - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 5:02 AM Subject: RulesDuJour; lint failes Hi all, I'm using spamassassin 3 with rules du jour. Since a few days, when my rules du jour is runned by cron, spamassassin won't lint the rules anymore. I've looked into this problem on various sites, but didn't find a working answer, so I re-installed rules du jour but still have the same problems. So perhaps someone here knows what to do? my /etc/rulesdujour/config: TRUSTED_RULESETS=TRIPWIRE SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=/etc/init.d/spamassassin restart (I'm just using one ruleset for testing purposes) my /etc/mail/spamassassin/local.cf: required_score 3 report_safe 1 rewrite_header subject {Spam} bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 When running the /usr/local/sbin/rules_du_jour script, the rules are attempted to lint, which failes. The following is logged: (zoltar is my machines name) Installing new ruleset from /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2 Installing new version... TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. Attempting to --lint the rules. No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar: TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for HTML_IMAGE_RATIO_06 is over 50 chars warning: description exists for non-existent rule LOSEWEIGHT ... And then a whole more lot of warnings telling that 'description exists for non-existent rule ...' and descriptions which are over 50 chars, which I can't paste here because my mail gets returned because it's marked as spam :) It sums up to: ... lint: 274 issues detected. please rerun with debug enabled for more information. Anybody know what this could be? Cheers, Thijs
RE: RulesDuJour; lint failes
Hi, No, I did not. I just re-installed Rules Du Jour and am using Spamassassin 3 on this server since I installed it. Cheers, Thijs -Oorspronkelijk bericht- Van: Loren Wilton [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 23 september 2005 15:46 Aan: users@spamassassin.apache.org Onderwerp: Re: RulesDuJour; lint failes Did you just move from 2.64 or earlier? It looks like you have some pre-3.0-only rules files. SOme of these appear to be standard SA rules files. Loren - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 5:02 AM Subject: RulesDuJour; lint failes Hi all, I'm using spamassassin 3 with rules du jour. Since a few days, when my rules du jour is runned by cron, spamassassin won't lint the rules anymore. I've looked into this problem on various sites, but didn't find a working answer, so I re-installed rules du jour but still have the same problems. So perhaps someone here knows what to do? my /etc/rulesdujour/config: TRUSTED_RULESETS=TRIPWIRE SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=/etc/init.d/spamassassin restart (I'm just using one ruleset for testing purposes) my /etc/mail/spamassassin/local.cf: required_score 3 report_safe 1 rewrite_header subject {Spam} bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 When running the /usr/local/sbin/rules_du_jour script, the rules are attempted to lint, which failes. The following is logged: (zoltar is my machines name) Installing new ruleset from /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2 Installing new version... TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. Attempting to --lint the rules. No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar: TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for HTML_IMAGE_RATIO_06 is over 50 chars warning: description exists for non-existent rule LOSEWEIGHT ... And then a whole more lot of warnings telling that 'description exists for non-existent rule ...' and descriptions which are over 50 chars, which I can't paste here because my mail gets returned because it's marked as spam :) It sums up to: ... lint: 274 issues detected. please rerun with debug enabled for more information. Anybody know what this could be? Cheers, Thijs
Re: RulesDuJour; lint failes
Run spamassassin --lint on this server and fix the errors you have and then once all is running well, go back and try rulesDuJour. You'll get better results for sure :) Thijs Koetsier | Exception wrote: Hi, No, I did not. I just re-installed Rules Du Jour and am using Spamassassin 3 on this server since I installed it. Cheers, Thijs -Oorspronkelijk bericht- Van: Loren Wilton [mailto:[EMAIL PROTECTED] Verzonden: vrijdag 23 september 2005 15:46 Aan: users@spamassassin.apache.org Onderwerp: Re: RulesDuJour; lint failes Did you just move from 2.64 or earlier? It looks like you have some pre-3.0-only rules files. SOme of these appear to be standard SA rules files. Loren - Original Message - From: Thijs Koetsier | Exception [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Friday, September 23, 2005 5:02 AM Subject: RulesDuJour; lint failes Hi all, I'm using spamassassin 3 with rules du jour. Since a few days, when my rules du jour is runned by cron, spamassassin won't lint the rules anymore. I've looked into this problem on various sites, but didn't find a working answer, so I re-installed rules du jour but still have the same problems. So perhaps someone here knows what to do? my /etc/rulesdujour/config: TRUSTED_RULESETS=TRIPWIRE SA_DIR=/etc/mail/spamassassin MAIL_ADDRESS=[EMAIL PROTECTED] SA_RESTART=/etc/init.d/spamassassin restart (I'm just using one ruleset for testing purposes) my /etc/mail/spamassassin/local.cf: required_score 3 report_safe 1 rewrite_header subject {Spam} bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 When running the /usr/local/sbin/rules_du_jour script, the rules are attempted to lint, which failes. The following is logged: (zoltar is my machines name) Installing new ruleset from /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2 Installing new version... TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. Attempting to --lint the rules. No files updated; No restart required. Rules Du Jour Run Summary:RulesDuJour Run Summary on zoltar: TripWire has changed on zoltar. Version line: # Version 1.18 More Typo's fixed. ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /etc/mail/spamassassin/tripwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamassassin/tripwire.cf; Lint output: warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for HTML_IMAGE_RATIO_06 is over 50 chars warning: description exists for non-existent rule LOSEWEIGHT ... And then a whole more lot of warnings telling that 'description exists for non-existent rule ...' and descriptions which are over 50 chars, which I can't paste here because my mail gets returned because it's marked as spam :) It sums up to: ... lint: 274 issues detected. please rerun with debug enabled for more information. Anybody know what this could be? Cheers, Thijs
Re: RulesDuJour - position of rulesets in config file
Hiya Thijs, Thijs Koetsier | Exception IT wrote: Hi all, I'm using spamassassin 3.0.4-2 on Debian 3.1 with Exim4, together with RulesDuJour. I have a question about the last, which I just installed for the first time. I believe it's a fairly beginners-one, which I hope someone can help me with. In the config-file of rulesdujour (/etc/rulesdujour/config) which I've created, I've put the text which I found at http://koivi.com/exim4-config/: TRUSTED_RULESETS=put your rules here; SA_DIR=/etc/spamassassin; MAIL_ADDRESS=root; SA_RESTART=/etc/init.d/spamassassin restart; My question is, where exactly do I put those rules; exactly between those double quotes, the whole set of them, who are so properly ordered on http://www.exit0.us/index.php?pagename=RulesDuJourRuleSets? It seems like the thing to do, but somehow it also seems wrong. Close, but not quite. TRUSTED_RULESETS gets a list of ruleset identifiers separated by spaces. The list of built-in identifiers is found at the bottom of http://www.exit0.us/index.php?pagename=RulesDuJour . The wiki page you referenced is really for addon ruleset information that isn't't included with the standard RDJ script. So, for example, your TRUSTED_RULESETS may look like this: TRUSTED_RULESETS=TRIPWIRE BOGUSVIRUS SARE_ADULT SARE_RANDOM SARE_HTML (I just picked some random rulesets from the list). Chris Thielen signature.asc Description: OpenPGP digital signature
Re: RulesDuJour Best Practices
Jason Marshall wrote: When a new rules_du_jour is released, it downloads it, and i have to manually add the Personal Rule snippets to the script again. Is there a way to put those in the /etc/rulesdujour/config file so that they don't need to be re-added all the time? Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Also, is the /etc/rulesdujour directory similar to /etc/mail/spamassassin whereby it will read all the files in that directory rather than just a specifically-named one? Nope, it looks for specifically named files. Chris signature.asc Description: OpenPGP digital signature
Re: RulesDuJour Best Practices
Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Thanks, Chris, do they just get added to the bottom, or do they need to be contained in some kind of $variable= declaration? Nope, it looks for specifically named files. Cool, thanks. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: RulesDuJour Best Practices
Jason Marshall wrote: Yes! You should be able to add these directly to the config file in the same way you are (I believe) currently adding them to the built-in registry. Thanks, Chris, do they just get added to the bottom, or do they need to be contained in some kind of $variable= declaration? Just add them to the bottom (copy and paste should work) Nope, it looks for specifically named files. Cool, thanks. signature.asc Description: OpenPGP digital signature
Re: rulesdujour and old copies of rule files
Hi Peter, Peter Kiem wrote: Hi, I've noticed there is a buildup of old rules in my /etc/mail/spamassassin/RulesDuJour directory like this 109543 May 10 19:07 bogus-virus-warnings.cf 92609 Aug 10 2004 bogus-virus-warnings.cf.20040819-0402 93896 Aug 19 2004 bogus-virus-warnings.cf.20040823-0423 94241 Aug 23 2004 bogus-virus-warnings.cf.20040909-0403 94292 Sep 9 2004 bogus-virus-warnings.cf.20041101-0453 100387 Oct 30 2004 bogus-virus-warnings.cf.20041103-0434 100389 Nov 2 2004 bogus-virus-warnings.cf.20041109-0406 100721 Nov 8 2004 bogus-virus-warnings.cf.20041217-0418 103643 Dec 16 08:23 bogus-virus-warnings.cf.20041218-0453 103635 Dec 17 10:44 bogus-virus-warnings.cf.20050103-0436 104973 Jan 2 05:22 bogus-virus-warnings.cf.20050114-0501 105986 Jan 13 18:43 bogus-virus-warnings.cf.20050520-0903 Since it seems to be just a history of the script changes can I delete all these except for the first file? Yes, you may delete everything in that directory (even the first file, if you feel like it). Also, does spam assassin ONLY look in the /etc/mail/spamassassin folder and no deeper or does it recurse into all subdirectories in there as well? Correct, SA only reads /etc/mail/spamassassin/*.cf and does not recurse. Chris Thielen signature.asc Description: OpenPGP digital signature
Re: RulesDuJour error updating bigevil.cf
On Monday, April 4, 2005, 8:25:38 AM, Matt Kettler wrote: Chris Santerre wrote: I shall remove Bigevil info from the site tomorrow. Actually, if you wouldn't mind, Take the info down and replace it with a notice that the ruleset is dead and point them to using SURBL instead. A good suggestion! :-) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: RulesDuJour error updating bigevil.cf
On Sunday, April 3, 2005, 10:34:12 AM, Pete Geenhuizen wrote: 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? Yes, please use ws.surbl.org instead: http://www.surbl.org/quickstart.html Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: RulesDuJour error updating bigevil.cf
At 02:13 PM 4/3/2005, Jim Knuth wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. Sorry, I don`t know. What say Matt Kettler? ;) Hmmm, someone mentioned my name and has summoned me to this thread... hmmm.. 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? I'm not involved in RDJ or bigevil, and I'm only very slightly involved in SARE, so I can't comment here. I know it's been a long time since Chris updated bigevil, and he's been telling people to not use it for months. I think he figured anyone still using bigevil wasn't paying attention to their servers at all. Apparently a few are :) 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? If you're using SA 3.x, you're probably already using it if your Net::DNS is new enough. If you're using 2.64, you can add the Mail::SpamAsssassin::SpamCopURI patch. http://sourceforge.net/projects/spamcopuri/ If you're using 2.63 or older, upgrade, you're vulnerable to a DoS attack in the mime parser.
RE: RulesDuJour error updating bigevil.cf
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Monday, April 04, 2005 9:40 AM To: Jim Knuth; Pete Geenhuizen Cc: users@spamassassin.apache.org Subject: Re: RulesDuJour error updating bigevil.cf At 02:13 PM 4/3/2005, Jim Knuth wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. Sorry, I don`t know. What say Matt Kettler? ;) Hmmm, someone mentioned my name and has summoned me to this thread... hmmm.. Krakatowa! :D 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? I'm not involved in RDJ or bigevil, and I'm only very slightly involved in SARE, so I can't comment here. Slightly? You seem to forget how good your KungFu is ;) I know it's been a long time since Chris updated bigevil, and he's been telling people to not use it for months. I think he figured anyone still using bigevil wasn't paying attention to their servers at all. Apparently a few are :) Ah...but not paying attention to my threats..er..demands...norequest! Yeah thats it...requests! :) I shall remove Bigevil info from the site tomorrow. --Chris (R'Islander trapped in Manhattan.)
Re: RulesDuJour error updating bigevil.cf
Chris Santerre wrote: I'm not involved in RDJ or bigevil, and I'm only very slightly involved in SARE, so I can't comment here. Slightly? You seem to forget how good your KungFu is ;) No, I remember how good my KungFu is.. I just know I rarely have time to use it for the benefit of SARE. Hence my only very slightly involved. Certainly I'm only partially aware of what SARE's latest activities are... Ah...but not paying attention to my threats..er..demands...norequest! Yeah thats it...requests! :) I shall remove Bigevil info from the site tomorrow. Actually, if you wouldn't mind, Take the info down and replace it with a notice that the ruleset is dead and point them to using SURBL instead. If you just remove the info, people will still ask where it went. This way, those who go to rulesemporium to find out what the problem is will be told what's up :)
Re: RulesDuJour error updating bigevil.cf
Hallo und guten Tag Pete, danke für die Email vom 03.04.2005 um 18:52 Pete Geenhuizen schrieb - wrote: I've been getting the following error for a couple of days. The following rules had errors: Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from http://www.rulesemporium.com/rules/bigevil.cf. bigevel is cancelled. Read the archives. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Unsere Träume können wir erst dann verwirklichen, wenn wir uns entschließen, einmal daraus zu erwachen. (Josephine Baker) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: RulesDuJour error updating bigevil.cf
Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? Pete -- Unencumbered by the thought process --1992-2000 Click and Clack presidential campaign slogan Jim Knuth said: Hallo und guten Tag Pete, danke für die Email vom 03.04.2005 um 18:52 Pete Geenhuizen schrieb - wrote: I've been getting the following error for a couple of days. The following rules had errors: Big Evil not found (404) at http://www.rulesemporium.com/rules/bigevil.cf Big Evil was not retrieved because of: 00:16:15 ERROR 404: Not Found. from http://www.rulesemporium.com/rules/bigevil.cf. bigevel is cancelled. Read the archives. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Unsere Träume können wir erst dann verwirklichen, wenn wir uns entschließen, einmal daraus zu erwachen. (Josephine Baker) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: RulesDuJour error updating bigevil.cf
Hallo und guten Abend Pete, danke für die Email vom 03.04.2005 um 19:34 Pete Geenhuizen schrieb - wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. Sorry, I don`t know. What say Matt Kettler? ;) -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 Skype: callto://jimknuth -- Zufalls-Zitat -- Parasiten machen etwa 0.01% unseres Körpergewichtes aus. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1044 Update 02.04.2005
Re: RulesDuJour error updating bigevil.cf
Pete Geenhuizen wrote: Hi Jim, Thanks for the reply, guess I missed that. I do have 2 questions though. 1. Any idea why the rulesemporium rules page isn't very clear and still has info on how to use it with RDJ? 2. Any idea how do I go about changing RDJ and bigevil.cf over to use ws.surbl.org? Pete Version of SpamAssassin? 3.0.x includes it, but I'm guessing you aren't using the 3.0.x series. -- Thanks, JamesDR smime.p7s Description: S/MIME Cryptographic Signature
RE: RulesDuJour problem - help please
-Original Message- Well, umh, uh, no. local.cf lives in /etc/mail/spamassassin. Rules live in /usr/share/spamassassin/RulesDuJour/. And the Bayes part I just today tried to make work. Do I (or rather, I do) have a misconfigured system? If so, (with humble apologies for my stupidity) how do I fix? Dimitri From: Richard Ozer [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:21 AM To: Dimitri Yioulos Subject: Re: RulesDuJour problem - help please I notice that all your sa paths are pointing to /root/.spamassassin Is this correct? Is it possible that you have a local.cf in an incorrect location? Notice that the Bayes DB isn't tying either. Similarly, it seems to be located in /root/.spamassassin. RO Dimitri Yioulos wrote: Happy New Year to all. I've searched the list archive, and found some references to my problem, but no solutions, so here goes again (sorry for the long post, but I want to provide as much info. as necessary): I recently upgraded to spamassassin 3.0.2 running on CentOS 3.3. I'm also running sendmail-8.12.11-4.RHEL3.1 and mailscanner-4.37.7-1. I've been using RulesDuJour since before the latest versions of the above software, and it worked fine. However, after upgrading to spamassassin 3.0.2, RulesDuJour now fails. Here's some of the more salient output from running the script: ***WARNING***: spamassassin --lint failed. Rolling configuration files back, not restarting SpamAssassin. Rollback command is: mv -f /usr/share/spamassassin/tripwire.cf /usr/share/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /usr/share/spamassassin/tripwire.cf; mv -f /usr/share/spamassassin/evilnumbers.cf /usr/share/spamassassin/RulesDuJour/evilnumbers.cf.2; rm -f /usr/share/spamassassin/evilnumbers.cf; mv -f /usr/share/spamassassin/70_sare_random.cf /usr/share/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /usr/share/spamassassin/70_sare_random.cf; mv -f /usr/share/spamassassin/antidrug.cf /usr/share/spamassassin/RulesDuJour/antidrug.cf.2; rm -f /usr/share/spamassassin/antidrug.cf; mv -f /usr/share/spamassassin/bigevil.cf /usr/share/spamassassin/RulesDuJour/bigevil.cf.2; rm -f /usr/share/spamassassin/bigevil.cf; mv -f /usr/share/spamassassin/blacklist.cf /usr/share/spamassassin/RulesDuJour/sa-blacklist.current.2; rm -f /usr/share/spamassassin/blacklist.cf; mv -f /usr/share/spamassassin/bogus-virus-warnings.cf /usr/share/spamassassin/RulesDuJour/bogus-virus-warnings.cf.2; rm -f /usr/share/spamassassin/bogus-virus-warnings.cf; mv -f /usr/share/spamassassin/70_sare_ratware.cf /usr/share/spamassassin/RulesDuJour/70_sare_ratware.cf.2; rm -f /usr/share/spamassassin/70_sare_ratware.cf; mv -f /usr/share/spamassassin/70_sare_spoof.cf /usr/share/spamassassin/RulesDuJour/70_sare_spoof.cf.2; rm -f /usr/share/spamassassin/70_sare_spoof.cf; mv -f /usr/share/spamassassin/70_sare_bayes_poison_nxm.cf /usr/share/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf.2; rm -f /usr/share/spamassassin/70_sare_bayes_poison_nxm.cf; mv -f /usr/share/spamassassin/70_sare_specific.cf /usr/share/spamassassin/RulesDuJour/70_sare_specific.cf.2; rm -f /usr/share/spamassassin/70_sare_specific.cf; mv -f /usr/share/spamassassin/70_sare_adult.cf /usr/share/spamassassin/RulesDuJour/70_sare_adult.cf.2; rm -f /usr/share/spamassassin/70_sare_adult.cf; Lint output: config: SpamAssassin failed to parse line, skipping: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN config: SpamAssassin failed to parse line, skipping: HTMLHEAD config: SpamAssassin failed to parse line, skipping: TITLE Rate limiting in effect/TITLE config: SpamAssassin failed to parse line, skipping: /HEADBODY config: SpamAssassin failed to parse line, skipping: H1Rate limiting in effect/H1 config: SpamAssassin failed to parse line, skipping: Your request could not be processed because you have exceeded the maximum request rate for the requested document. This is a temporary condition; you will be permitted to submit another request in a few hours. config: SpamAssassin failed to parse line, skipping: BRBRTo avoid triggering the rate limiter in future, please make less frequent requests for this document. You should not request the same document more than once every 24 hours. Please also note that continuing to re-request the document while rate limiting is in effect will further increase the amount of time before the file becomes available to you again. config: SpamAssassin failed to parse line, skipping: P config: SpamAssassin failed to parse line, skipping: HR config: SpamAssassin failed to parse line, skipping: /BODY/HTML config: SpamAssassin failed to parse line, skipping: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN config: SpamAssassin failed to parse line, skipping: HTMLHEAD config: SpamAssassin failed to parse line, skipping: TITLE Rate limiting
RE: RulesDuJour problem - help please
Loren, Cron is set to get the rules at 1:30 AM each day. Even those fetches fail. So, although I appreciate the tip, it's not the cause of my problem. Dimitri -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 10:28 AM To: Dimitri Yioulos Subject: Re: RulesDuJour problem - help please config: SpamAssassin failed to parse line, skipping: TITLE Rate limiting in effect/TITLE Notice the text between TITLE and /TITLE. You can only get the rules a maximum of I believe 3 times in a 24 hour period. Since they don't change very often, this is more than enough; in fact once a day should be more than enough. Check you cron script to make sure you aren't trying to get them once a second or so. Loren
Re: RulesDuJour problem - help please
Hi Dimitri, Dimitri Yioulos wrote: Happy New Year to all. Ive searched the list archive, and found some references to my problem, but no solutions, so here goes again (sorry for the long post, but I want to provide as much info. as necessary): I recently upgraded to spamassassin 3.0.2 running on CentOS 3.3. Im also running sendmail-8.12.11-4.RHEL3.1 and mailscanner-4.37.7-1. Ive been using RulesDuJour since before the latest versions of the above software, and it worked fine. However, after upgrading to spamassassin 3.0.2, RulesDuJour now fails. Heres some of the more salient output from running the script: ***WARNING***: spamassassin --lint failed. snip Lint output: config: SpamAssassin failed to parse line, skipping: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN config: SpamAssassin failed to parse line, skipping: HTMLHEAD config: SpamAssassin failed to parse line, skipping: TITLE Rate limiting in effect/TITLE config: SpamAssassin failed to parse line, skipping: /HEADBODY config: SpamAssassin failed to parse line, skipping: H1Rate limiting in effect/H1 config: SpamAssassin failed to parse line, skipping: Your request could not be processed because you have exceeded the maximum request rate for the requested document. This is a temporary condition; you will be permitted to submit another request in a few hours. config: SpamAssassin failed to parse line, skipping: BRBRTo avoid triggering the rate limiter in future, please make less frequent requests for this document. You should not request the same document more than once every 24 hours. Please also note that continuing to re-request the document while rate limiting is in effect will further increase the amount of time before the file becomes available to you again. snip Check which files have the string Rage limiting in them. [EMAIL PROTECTED] grep -l Rate limiting /usr/share/spamassassin/* [EMAIL PROTECTED] grep -l Rate limiting /usr/share/spamassassin/RulesDuJour/* Delete those files. In fact you can delete everything in /usr/share/spamassassin/RulesDuJour/ and it should rebuild itself. Finally, you should not have RDJ pointing to /usr/share/spamassassin. The proper place for local configuration (local.cf) and local rulesets (rules_du_jour managed rulesets) is /etc/spamassassin or /etc/mail/spamassassin (or similar... based on OS conventions) Id really like to get RuulesDuJour working again. Can anybody help? Thanks. Dimitri Hope this helps. Chris Thielen signature.asc Description: OpenPGP digital signature
RE: RulesDuJour problem - help please
-Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED] Sent: Monday, January 03, 2005 11:44 AM To: Dimitri Yioulos Cc: users@spamassassin.apache.org Subject: Re: RulesDuJour problem - help please Hi Dimitri, Dimitri Yioulos wrote: Happy New Year to all. I've searched the list archive, and found some references to my problem, but no solutions, so here goes again (sorry for the long post, but I want to provide as much info. as necessary): I recently upgraded to spamassassin 3.0.2 running on CentOS 3.3. I'm also running sendmail-8.12.11-4.RHEL3.1 and mailscanner-4.37.7-1. I've been using RulesDuJour since before the latest versions of the above software, and it worked fine. However, after upgrading to spamassassin 3.0.2, RulesDuJour now fails. Here's some of the more salient output from running the script: ***WARNING***: spamassassin --lint failed. snip Lint output: config: SpamAssassin failed to parse line, skipping: !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN config: SpamAssassin failed to parse line, skipping: HTMLHEAD config: SpamAssassin failed to parse line, skipping: TITLE Rate limiting in effect/TITLE config: SpamAssassin failed to parse line, skipping: /HEADBODY config: SpamAssassin failed to parse line, skipping: H1Rate limiting in effect/H1 config: SpamAssassin failed to parse line, skipping: Your request could not be processed because you have exceeded the maximum request rate for the requested document. This is a temporary condition; you will be permitted to submit another request in a few hours. config: SpamAssassin failed to parse line, skipping: BRBRTo avoid triggering the rate limiter in future, please make less frequent requests for this document. You should not request the same document more than once every 24 hours. Please also note that continuing to re-request the document while rate limiting is in effect will further increase the amount of time before the file becomes available to you again. snip Check which files have the string Rage limiting in them. [EMAIL PROTECTED] grep -l Rate limiting /usr/share/spamassassin/* [EMAIL PROTECTED] grep -l Rate limiting /usr/share/spamassassin/RulesDuJour/* Delete those files. In fact you can delete everything in /usr/share/spamassassin/RulesDuJour/ and it should rebuild itself. Finally, you should not have RDJ pointing to /usr/share/spamassassin. The proper place for local configuration (local.cf) and local rulesets (rules_du_jour managed rulesets) is /etc/spamassassin or /etc/mail/spamassassin (or similar... based on OS conventions) I'd really like to get RuulesDuJour working again. Can anybody help? Thanks. Dimitri Hope this helps. Chris Thielen Chris, Many thanks. I did as you suggested, and all now seems to work. Dimitri