Spamassassin Question -m 20
Date: Mon, 5 Nov 2007 18:53:07 -0500 From: [EMAIL PROTECTED] Subject: Re: Spamd HIGH LOAD To: [EMAIL PROTECTED] CC: users@spamassassin.apache.org Qnet .. wrote: I start : #!/bin/sh # spamassassin This script starts and stops the spamd daemon # PATH=$PATH:/usr/local/sbin:/usr/local/bin case $1 in start) cd / /usr/bin/spamd -v -u vpopmail -m 60 -x -q -s stderr -r /var/run/spamd/spamd.pid \ -i 172.16.10.14 -A 172.16.10.0/24 21 | \ /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t !spamdappend /var/log/qmail/spamd echo spamd started 60 is *WAY* too many spamd children unless you've got a *VERY* beefy system. Try modifying that -m 60 to something more sane, like the default, which would be -m 5. If you've got a lot of mail going through, 5 won't handle it, so for that I might start at 15. If your mail starts backing up, you can increase the number of spamd children, but be aware that too many will just grind your system to a halt. Try adding spamd children in increments of 5, and watch the top output. Your swap used should never be more than mem free if you can avoid it. You've got a gig of ram, and your spamds are 30mb a pop or so... you should be ok up to about 20-25 spamd children, depending on how much other stuff is eating your memory, but you'll quickly run into trouble if you go over 30. (30 spamds at 30mb each is 900mb of ram.. probably the absolute max you can fit even if the server isn't doing anything else but mail..) Thank you so much. My Qmail server have 1GB RAM now I set -m 20. My doubt is: what consequences it implies over queue ? i will have more spam ? What is normal high load for a server? Thank you and sorry for my bad english. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
SpamAssassin question
Hello, I am relatively new to SpamAssassin and I hope I am asking this question via the appropriate channel. If not, please let me know. I have been receiving spam email that is not getting caught by SpamAssassin and want to add a rule to catch it. These particular spam emails have the same URL which shows up in the body of the email many times - I have seen it repeated as many as 12 times. For example: http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp For this example, I know I can use a URI rule to check for thelevelgroup.net. But, what if the URL changes? I want to add a rule which will add points if any url shows up in the body of the email more than a certain number of times. I assume I need to set a variable then count the occurrences, but I do now know how to do this, or if it is even possible. I am currently using SpamAssassin v2.64. Thanks! John W Mickevich IBM eServer Certified Specialist i5 iSeries Technical Solution Designer V5R3 IBM eServer Certified Specialist iSeries Solution Sales V5R3 Computer Management Technologies An Employee Owned Company Phone: (989) 791-4860 ext 109 Email: [EMAIL PROTECTED]
Re: SpamAssassin question
You can't do what you want in 2.6x, at least without writing an eval rule in perl. I *think* they may have implemented counting rules fairly recently; but I'm not sure if that patch was ever released. In any case, you should be able to use network tests and SURBL in 2.64 and that will in all probability catch these just fine. Of course, upgrading to a more current version would be an even better idea - along with enabling network tests. Loren
RE: SpamAssassin question
Time for you to start using uribls. For SA 2.64 you'll need spamcopuri ( http://sourceforge.net/projects/spamcopuri/), and then check www.surbl.org for usage instructions. Better to upgrade to SA 3.1.5. http://www.rulesemporium.com/cgi-bin/uribl.cgireturns this for thelevelgroup.net: URIBL: multi.surbl.org: listed [Blocked, thelevelgroup.net on lists [jp], See: http://www.surbl.org/lists.html] URIBL: multi.uribl.com: listed [Blacklisted, see http://lookup.uribl.com/?domain=thelevelgroup.net] Cheers, Phil --Phil RandalNetwork EngineerHerefordshire CouncilHereford, UK From: John W Mickevich [mailto:[EMAIL PROTECTED] Sent: 03 October 2006 16:12To: users@spamassassin.apache.orgSubject: SpamAssassin question Hello, I am relatively new to SpamAssassin and I hope I am asking this question via the appropriate channel. If not, please let me know. I have been receiving spam email that is not getting caught by SpamAssassin and want to add a rule to catch it. These particular spam emails have the same URL which shows up in the body of the email many times - I have seen it repeated as many as 12 times. For example: http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp For this example, I know I can use a URI rule to check for thelevelgroup.net. But, what if the URL changes? I want to add a rule which will add points if any url shows up in the body of the email more than a certain number of times. I assume I need to set a variable then count the occurrences, but I do now know how to do this, or if it is even possible. I am currently using SpamAssassin v2.64. Thanks! John W Mickevich IBM eServer Certified Specialist i5 iSeries Technical Solution Designer V5R3 IBM eServer Certified Specialist iSeries Solution Sales V5R3 Computer Management Technologies An Employee Owned Company Phone: (989) 791-4860 ext 109 Email: [EMAIL PROTECTED]
RE: SpamAssassin question
John W Mickevich wrote: Hello, I am relatively new to SpamAssassin and I hope I am asking this question via the appropriate channel. If not, please let me know. I have been receiving spam email that is not getting caught by SpamAssassin and want to add a rule to catch it. These particular spam emails have the same URL which shows up in the body of the email many times - I have seen it repeated as many as 12 times. For example: http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp http://www.thelevelgroup.net/9Lc591820lkc972ov63Ij142YOjd16uwEU102KFMp For this example, I know I can use a URI rule to check for thelevelgroup.net. But, what if the URL changes? I want to add a rule which will add points if any url shows up in the body of the email more than a certain number of times. I assume I need to set a variable then count the occurrences, but I do now know how to do this, or if it is even possible. I am currently using SpamAssassin v2.64. Thanks! Step 1: Upgrade to a newer version of SA (3.1.5 is current) Step 2: Install Razor2 and URIBL This is the results of your email on my system: Content analysis details: (8.9 points, 5.0 required) pts rule name description -- -- 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% [cf: 100] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 3.0 URIBL_BLACKContains an URL listed in the URIBL blacklist [URIs: thelevelgroup.net] 3.4 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: thelevelgroup.net] -- Bowie
Re: SpamAssassin question
Loren Wilton writes: You can't do what you want in 2.6x, at least without writing an eval rule in perl. I *think* they may have implemented counting rules fairly recently; but I'm not sure if that patch was ever released. yep, tflags multiple support, in 3.2.0. --j.
Re: SpamAssassin Question
slyandjen wrote: If SpamAssasin is enable does it ignore the whitelist/blacklist settings in MailScanner? MailScanner will still use it's own white/black lists even when SpamAssassin is enabled. It should also be noted that white/black lists, as well as any spam lists you enable in MailScanner will take their actions without regard for how low or how high SA scores a message.
SpamAssassin Question
If SpamAssasin is enable does it ignore the whitelist/blacklist settings in MailScanner? if it does where is the whitelist/Blacklist settings -- View this message in context: http://www.nabble.com/SpamAssassin-Question-t1799848.html#a4905321 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: SpamAssassin Question
slyandjen wrote: If SpamAssasin is enable does it ignore the whitelist/blacklist settings in MailScanner? if it does where is the whitelist/Blacklist settings That's a MailScanner specific question, so you should really try posting about it on the MailScanner lists -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
SPamAssassin question
hi what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no then nobody was able to receive any emails I did a tail command I saw that the blacklist file has syntax error I edited the MailScanner.conf and put the original settings back and then everybody was able to receive the email again what is the proper step by step to have the blacklist file used and where is the emails that were not delivered to the user while the syntax error was present is there a way to get to them and resend them to the users -- View this message in context: http://www.nabble.com/SPamAssassin-question-t1774263.html#a4829266 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: SPamAssassin question
On Mon, 12 Jun 2006, slyandjen wrote: what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no then nobody was able to receive any emails I did a tail command I saw that the blacklist file has syntax error I edited the MailScanner.conf and put the original settings back and then everybody was able to receive the email again This definitely looks like more of a MailScanner question than a SpamAssassin question, which to me means you might want to try asking on the MailScanner mailing list. - Logan
Re: SPamAssassin question
Logan Shaw wrote: On Mon, 12 Jun 2006, slyandjen wrote: what is the correct procedure to enable to spam.blacklist file I edited a file /etc/ and changed a line Is Definitely Spam = %rules-dir%/spam.blacklist.rules High Scoring Spam Actions = store and then I created a spam.blacklist file and edited it FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no If that's exactly what you have put in your ruleset then your syntax is wrong. It should be [EMAIL PROTECTED] Have a look at the Mailscanner documentation: http://mailscanner.info/documentation.html And then ask on the Mailscanner list: http://mailscanner.info/support.html#mailing -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: SPamAssassin question
FromOrTo: name at isp.comyes FromOrTo: name2 at isp2.com yes FromOrTo: default no these are just demos they are usually filled with normal addresses I fixed the problem today but all I want to know is where is the email stored if they are not send to the user -- View this message in context: http://www.nabble.com/SPamAssassin-question-t1774263.html#a4835608 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: SPamAssassin question
From: slyandjen [EMAIL PROTECTED]
FromOrTo: name at isp.comyes
FromOrTo: name2 at isp2.com yes
FromOrTo: default no
these are just demos
they are usually filled with normal addresses
I fixed the problem today but all I want to know is where is the email
stored if they are not send to the user
--
View this message in context:
http://www.nabble.com/SPamAssassin-question-t1774263.html#a4835608
Sent from the SpamAssassin - Users forum at Nabble.com.
You are asking the wrong people. SpamAssassin does not ever store or
delete email. The tool that calls SpamAssassin has that responsibility.
{^_^}
Re: SPamAssassin question
Slyandjen wrote on Mon, 12 Jun 2006 13:21:20 -0700 (PDT): I fixed the problem today but all I want to know is where is the email stored if they are not send to the user In the quarantine. - wiki.mailscanner.info Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
KMail and spamassassin question
Hi, I run Gentoo linux and kde 3.5.2 with kmail Currently I have configured and installed SpamAssassin version 3.1.0 I configured SA to run as demone against KMail running as plug-in. So, anytime I receive mail through KMail, SA filters all mail. I have few questions reguarding how SA filters mail and how it integrates with KMail. I would appreciate some explanations if possible, as already asked at kmail mailing list but not able to provide me with answers. 1) after I installed SA, do I / is it advised to install rules already made, like spamassassin-ruledujour, and more like them? If so, how to implement them? Just install them and that is all? 2) I have some recurrent spam mail that even if I train SA they are not filtered. What to do? 3) Are there different ways of setting up SA and KMail? 4) How to create a whitelist with SA and KMail where I can see a list of all my white list members? 5) Any good book to purchase to learn SA properly? Thank you, Spiro
