[Mimedefang] resend_message - sanity check for me please

[Matthew Hall]

Once I call this message, the current message gets
resent to the listed address, and if that address is
local, MIMEDefang _never sees it again_, it gets
delivered locally, yes? Is that because it goes into
the local client submission queue? (Assuming one is
running a local client submission queue I suppose)

Thanks,

-- 
It's always September somewhere on the 'net. | http://angui.sh
Another proud member of Eep's killfile.  | Unix Sys. Admin.
All projects approach the ghetto, some   |
faster than others.  | [EMAIL PROTECTED]
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Kenneth Porter]

--On Tuesday, February 24, 2004 4:18 PM -0700 Lucas Albers 
<[EMAIL PROTECTED]> wrote:

They all generally use a better bayesian database then the default SA.
By better I mean slightly lower FP and FN.
Coincidentally:


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Message appending with Mimedefang

[Geoff Steer]

Our company is looking to provide a message stamp or disclaimer message
on all email passing through it's mail platform and I've been looking at
Mimedefang to do this.

Our platform provides AS and AV filtering but Mimedefang will only need
to provide the message stamp. The requirement is to be able to have
different stamps depending on the recipients domain name. Before
starting to develop this, I thought I'd ask if anyone if doing something
similar?

Regards
Geoff Steer


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Re: Greylisting without MySQL

[Andrew S. Johnson]

On Tuesday 24 February 2004 07:42 pm, David F. Skoll wrote:
> On Tue, 24 Feb 2004, Andrew S. Johnson wrote:
> 
> > I'm trying this, but it requires relaydb, for which I can't find a
> > Linux version, and I can't seem to get the BSD version 1.7 to
> > compile.  DOH!
> 
> The second implementation, at
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html,
> only uses Berkeley DB.
> 
> --
> David.

I didn't see the attachment the first time I looked at that link.  Sort of unusual
for a mailing list, which is why it wasn't on my radar.  Have you or anybody
else tried this script before I plop it in?  I looked at it, and I didn't see anything
that concerned me.  The hard coding of clamd works for me since that is
what I'm using now, so I get lucky on this one.

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: Greylisting without MySQL (was Re: [Mimedefang] Replacing SpamAssassin with DSPAM)

[David F. Skoll]

On Tue, 24 Feb 2004, Andrew S. Johnson wrote:

> I'm trying this, but it requires relaydb, for which I can't find a
> Linux version, and I can't seem to get the BSD version 1.7 to
> compile.  DOH!

The second implementation, at
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html,
only uses Berkeley DB.

--
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] How can I stop these annoying emails?

[Matthew Rossiter]

I can't seem to stop these emails.  The come from all over the place and
they always contain something like this.


http://www.jupitrrj.com";>http://www.along5tr.com/v9.gif"; border=0>



Each email contains different domain names, so it's really hard to totally
eliminate them.  Has anyone else seen these?  If I turn off HTML I still get
a bunch of annoying blank emails.

Matt

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Huge messages causing "try again later"

[Michael Sims]

[EMAIL PROTECTED] wrote:
> I have been getting messages like this in my syslog:
>> Feb 24 14:06:10 hostname sm-mta[1512]: [ID 801593 mail.info]
>>  i1OM3HKq001512: to=<[EMAIL PROTECTED]>, delay=00:02:53, pri=20758560,
>> stat=Please try again later
>
> It appears to only be on messages that are 10MB or larger. Is
> sendmail timing out waiting for a response from a mimdefang child
> perhaps? Is there a way I could prevent mimedefang from examining
> messages this large?

Have you customized your filter?  The example that comes with the
distribution only calls SpamAssassin if the message is 100KB or less.  I
would suggest that you verify that this hasn't been changed.  Also, if you
have any custom checks in your filter that open a file handle on INPUTMSG,
make sure they also check to see that INPUTMSG is less than or equal to
100KB, like this:

if (-s './INPUTMSG' <= 100*1024) {
  #Do custom check here
}

Once I had a custom check I was doing that scanned INPUTMSG and I forgot to
limit it in this way.  When a large message would come in the MD slave would
timeout and the message would tempfail.  Once I put these limit checks in
the problem disappeared.

HTH
___
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Huge messages causing "try again later"

[sysadmin]

I found this corresponding entry in syslog:

> Feb 24 14:06:09 hostname mimedefang[23627]: [ID 847421 mail.error] Error
>   from multiplexor: ERR Filter timed out - check filter rules or system load

So I guess the multiplexor timed out waiting for a child to respond then. This 
occurs at a time when only 1 or 2 children are busy out of a maximum of 12.

Lucas

On 24 Feb 2004 at 14:57, [EMAIL PROTECTED] wrote:

> I have been getting messages like this in my syslog:
> 
> >Feb 24 14:06:10 hostname sm-mta[1512]: [ID 801593 mail.info] i1OM3HKq001512:
> > to=<[EMAIL PROTECTED]>, delay=00:02:53, pri=20758560, stat=Please try again 
> > later
> 
> It appears to only be on messages that are 10MB or larger. Is sendmail timing 
> out waiting for a response from a mimdefang child perhaps? Is there a way I 
> could prevent mimedefang from examining messages this large?
> 
> Thanks,
> 
> Lucas
> 
> ___
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> 


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Huge messages causing "try again later"

[sysadmin]

I have been getting messages like this in my syslog:

>Feb 24 14:06:10 hostname sm-mta[1512]: [ID 801593 mail.info] i1OM3HKq001512:
>   to=<[EMAIL PROTECTED]>, delay=00:02:53, pri=20758560, stat=Please try again 
> later

It appears to only be on messages that are 10MB or larger. Is sendmail timing 
out waiting for a response from a mimdefang child perhaps? Is there a way I 
could prevent mimedefang from examining messages this large?

Thanks,

Lucas

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Lucas Albers]

Kenneth Porter said:

> Version 3.0.0 of SA (now in development) includes a plugin API for just
> this sort of thing.
>
> Until now, you'd have to add an "eval" test to the SA Perl modules, and
> risk having them overwritten in an upgrade. The new plugin API lets you
> create custom eval tests outside the SA code tree, inheriting from
> capability already in SA.

When the plugin api for spamassassin comes out, their will be a drastic
increase in bayesian scoring because of the inclusion of, the three
additional bayes scorers.
Dspam,
CRM14
Bogofilter.

They all generally use a better bayesian database then the default SA.
By better I mean slightly lower FP and FN.
Devin Nate coded up a bogofilter plugin for SA 2.55.
http://bugzilla.spamassassin.org/show_bug.cgi?id=2301

It is just a matter of time until additional bayesian addons are included
in SA as part of SA 2.70 or SA 3.0.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Old hardware (was: Replacing SpamAssassin with DSPAM)

[Andrew S. Johnson]

On Tuesday 24 February 2004 03:50 pm, Kenneth Porter wrote:
> --On Tuesday, February 24, 2004 1:52 PM -0600 "Andrew S. Johnson" 
> <[EMAIL PROTECTED]> wrote:
> 
> > I had to upgrade my server from the trusty 486 to the K6 last year just
> > to support MD and SA.  Ya, I know that's not exactly bleeding edge
> > hardware, but the price was right (free).  I'm trying to work with what I
> > have.
> 
> I hear you. That's about the class of machine I've been running my company 
> mail and file server on for the last 5 years (266, not 300, but 128 MB of 
> memory, a Dell PE4200). It's done remarkably well for being a gutless 
> wonder. I'm just about to retire it. Its replacement is a cast-off Compaq 
> Proliant rack server.
> 
> With the dot-com implosion, a lot of defunct companies left fairly useful 
> computers gathering dust. I have quite a few of those in my garage of about 
> this capability. Even going concerns will pay you to take away their older 
> machines instead of having to pay someone to recycle them. (After all, "the 
> latest version of Windows won't run on them!")
> 
> I'm also active in online computer gaming, and gamers are frequent 
> upgraders. Maybe you know one who's cast off an "old" Athlon motherboard 
> because it can't play the latest game. Recycle it into an old "doorstop" 
> case and you'll once again have a reasonable box for a low-end server.

Actually, once I replace my ages old Athlon 1200 w/512 megs with some
dual K8 I've been lusting after for years, resources shouldn't be a problem.
Until then, I have to think lean.  That's why DSPAM looks good, in that it
seems light weight.  I've gotten some good ideas from some other responses
to my posts, so if I do get something going, I'll definately post the results.
The front runner involves mangling mimedefang-filter by adding greylisting
and bumping $hits in a call separate from SA, but I'm hitting walls with both.

I have more questions now than when I started.

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Old hardware

[Ben Kamen]

I don't know if saying I'm running my domain (and a few others) off a Motorola 
Atlas 133MHz PPC604e (IBM AIX by Bull Group for Motorola PREP boards) with 128MB 
of RAM would be more funny or more sad - but it does a GREAT job.

(I LOVE IBM's Logical Volume Manager - often imitated, even ripped off, but 
never duplicated.)

Bahahaha...

 -Ben

p.s. I know quite a few who bleed on the cutting edge of technology often. I get 
great hardware from their castaways..

Kenneth Porter wrote:

--On Tuesday, February 24, 2004 1:52 PM -0600 "Andrew S. Johnson" 
<[EMAIL PROTECTED]> wrote:

I had to upgrade my server from the trusty 486 to the K6 last year just
to support MD and SA.  Ya, I know that's not exactly bleeding edge
hardware, but the price was right (free).  I'm trying to work with what I
have.


I hear you. That's about the class of machine I've been running my 
company mail and file server on for the last 5 years (266, not 300, but 
128 MB of memory, a Dell PE4200). It's done remarkably well for being a 
gutless wonder. I'm just about to retire it. Its replacement is a 
cast-off Compaq Proliant rack server.

With the dot-com implosion, a lot of defunct companies left fairly 
useful computers gathering dust. I have quite a few of those in my 
garage of about this capability. Even going concerns will pay you to 
take away their older machines instead of having to pay someone to 
recycle them. (After all, "the latest version of Windows won't run on 
them!")

I'm also active in online computer gaming, and gamers are frequent 
upgraders. Maybe you know one who's cast off an "old" Athlon motherboard 
because it can't play the latest game. Recycle it into an old "doorstop" 
case and you'll once again have a reasonable box for a low-end server.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
--
Ben Kamen - O.D.T, S.P.
--
Home: [EMAIL PROTECTED]   http://www.benjammin.net
Work: [EMAIL PROTECTED]
gPG Pub Key - http://www.benjammin.net/www/pages/library
*
* NOTE: Opinions and Views discussed via email are my own and not that  *
* of the State of Illinois, University of Illinois or the Illinois Dept *
* of Natural Resources. *
*
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: Grelisting without MySQL (was Re: [Mimedefang] Replacing SpamAssassin with DSPAM)

[Andrew S. Johnson]

On Tuesday 24 February 2004 02:01 pm, David F. Skoll wrote:
> On Tue, 24 Feb 2004, Andrew S. Johnson wrote:
> 
> > The greylisting milter I found needs MySQL, which I don't have the
> > resources for on my current server (K6-300 w/128MB RAM).  This is
> > just to keep the spam out of my family's inboxes.  Do you know of a
> > lighter weight version that uses the Berkeley DB or something
> > similar?
> 
> Search the list archives.  For example:
> 
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020117.html
> http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html
> 
> These are "native" MIMEDefang implementations of greylisting using
> Berkeley DB.
> 
> And I don't think MySQL is a resource hog, but for the kinds of queries
> done by greylisting, Berkeley DB is much, much faster.
> 
> Regards,
> 
> David.

I'm trying this, but it requires relaydb, for which I can't find a Linux version,
and I can't seem to get the BSD version 1.7 to compile.  DOH!  I suppose
if I'm going to survive I'll have to break down and learn Perl and C, but as
long as someone is paying me to know SQL and HTML I'll keep getting by.

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Old hardware (was: Replacing SpamAssassin with DSPAM)

[Kenneth Porter]

--On Tuesday, February 24, 2004 1:52 PM -0600 "Andrew S. Johnson" 
<[EMAIL PROTECTED]> wrote:

I had to upgrade my server from the trusty 486 to the K6 last year just
to support MD and SA.  Ya, I know that's not exactly bleeding edge
hardware, but the price was right (free).  I'm trying to work with what I
have.
I hear you. That's about the class of machine I've been running my company 
mail and file server on for the last 5 years (266, not 300, but 128 MB of 
memory, a Dell PE4200). It's done remarkably well for being a gutless 
wonder. I'm just about to retire it. Its replacement is a cast-off Compaq 
Proliant rack server.

With the dot-com implosion, a lot of defunct companies left fairly useful 
computers gathering dust. I have quite a few of those in my garage of about 
this capability. Even going concerns will pay you to take away their older 
machines instead of having to pay someone to recycle them. (After all, "the 
latest version of Windows won't run on them!")

I'm also active in online computer gaming, and gamers are frequent 
upgraders. Maybe you know one who's cast off an "old" Athlon motherboard 
because it can't play the latest game. Recycle it into an old "doorstop" 
case and you'll once again have a reasonable box for a low-end server.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Kenneth Porter]

--On Tuesday, February 24, 2004 2:03 PM -0600 "Andrew S. Johnson" 
<[EMAIL PROTECTED]> wrote:

Assuming you are right, how do I add a new check to SA using an external
program without a lot of programming effort or having to become an SA
guru?  RTFM works when TFM is organized and readable, so at least spare
me that.
Version 3.0.0 of SA (now in development) includes a plugin API for just 
this sort of thing.

Until now, you'd have to add an "eval" test to the SA Perl modules, and 
risk having them overwritten in an upgrade. The new plugin API lets you 
create custom eval tests outside the SA code tree, inheriting from 
capability already in SA.

I don't see end-users writing plugins, though. Instead, those avante garde 
users who experiment with new rules will create and distribute plugins. So 
just wait a bit or express an interest in a plugin on the SA-Talk or 
SA-devel lists and someone will take up the gauntlet.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Using ClamAV with default run-as-user settings

[Kenneth Porter]

--On Tuesday, February 24, 2004 9:36 AM -0500 "David F. Skoll" 
<[EMAIL PROTECTED]> wrote:

I've applied a modified version of your patch -- you should not
require group-write permission for Clam to work; I changed all your
0660 to 0640 and the 0770 to 0750.
Thanks. Yes, I realized that once I'd gotten hip-deep in it, so thanks for 
correcting and applying it. With that applied one just needs to add clamav 
to the defang group, and enable the Feature in mimedefang-filter. I'm 
running it now on my office server. I added a md_syslog to the success 
paths in the clam scan routines in mimedefang.pl to verify it was getting 
invoked.

Alas, I got a few suspicious 47k zip files today that I suspect are a new 
virus. (The subject lines made it obvious that they were junk.) But I see I 
got a clam update a couple hours ago so I'd guess that's to deal with 
whatever this is.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Kevin A. McGrail]

> Assuming you are right, how do I add a new check to SA using an external
> program without a lot of programming effort or having to become an SA
> guru?  RTFM works when TFM is organized and readable, so at least spare
> me that.

I think David has pointed out a simple and elegant way to do it largely with
MD and modify the $hits.  Hacking it into SA itself might not be in your
capabilities BUT the crossover of SA to MD is very large.  If you got
something working in MD and could justify the results, a post on bugzilla
would most likely be very well received with others doing the actual
implementation.

> I'm not sure I agree with this argument.  The world is full of products
and
> companies that beat established and respected predecessors.  I'd much
> rather still be using WordPerfect, but guess what B$ I have to use at
work?

It's not meant to be an in-depth argument that no one would do it.  Simply
that I would not see the benefit in doing so.

Regards,

KAM

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[David F. Skoll]

On Tue, 24 Feb 2004, Andrew S. Johnson wrote:

> Assuming you are right, how do I add a new check to SA using an external
> program without a lot of programming effort or having to become an SA
> guru?  RTFM works when TFM is organized and readable, so at least spare
> me that.

You can add it to SA

-- or --

you can add it into MIMEDefang.  Just do your test in the Perl filter and
add to the $hits returned by spam_assassin_check.  This is a quick-n-dirty
way to get it running; if it looks good, you can spend the effort to add
it into SA itself and contribute it back to the SA code base.

(I hope TFMs that come with MIMEDefang are acceptable...)

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Replacing SpamAssassin with DSPAM

[John Mason]

> -Original Message-
> From: Andrew S. Johnson [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, February 24, 2004 1:48 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Mimedefang] Replacing SpamAssassin with DSPAM
> 
>
> A mail server with a few users (four), but I'm using sendmail 
> on Slackware 8.1.  I've spent lots of time playing with SA 
> and various BL's, but I'm thinking it's at it's limits of 
> effectiveness.


I've got 20 users here and am using CanIt but the following has worked very
well for me.



Whitelisting - (Most important)

Greylisting 

Razor - (score adjusted to 5)
DCC  - (score adjusted to 5)

I hold based on a number of DNSBLs and reject on SBL


Increased a few scores like BIZ_TLD

And grabbed a bunch of new tests from the emporium.

Maybe one or two spams slip through in a week.


John
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Andrew S. Johnson]

On Tuesday 24 February 2004 01:21 pm, Kevin A. McGrail wrote:
> >  I've spent lots of time playing with SA and various BL's, but I'm
> thinking it's at it's limits of effectiveness.
> 
> NOTHING is or will be better than SpamAssassin because it is, at its core, a
> scoring system.  If someone invents a better method of checking spam, you
> simply install it as one more test for SA and weight the heck out of it.

Assuming you are right, how do I add a new check to SA using an external
program without a lot of programming effort or having to become an SA
guru?  RTFM works when TFM is organized and readable, so at least spare
me that.

> It's possible someone could develop a better scoring system based SPAM
> checker but with the lead time SA has had and the stability and following it
> has, it would be ludicrous to try and outseat a free, open-source piece of
> software such as SA.
> 
> Regards,
> KAM

I'm not sure I agree with this argument.  The world is full of products and
companies that beat established and respected predecessors.  I'd much
rather still be using WordPerfect, but guess what B$ I have to use at work?

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Grelisting without MySQL (was Re: [Mimedefang] Replacing SpamAssassin with DSPAM)

[David F. Skoll]

On Tue, 24 Feb 2004, Andrew S. Johnson wrote:

> The greylisting milter I found needs MySQL, which I don't have the
> resources for on my current server (K6-300 w/128MB RAM).  This is
> just to keep the spam out of my family's inboxes.  Do you know of a
> lighter weight version that uses the Berkeley DB or something
> similar?

Search the list archives.  For example:

http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020117.html
http://lists.roaringpenguin.com/pipermail/mimedefang/2004-February/020126.html

These are "native" MIMEDefang implementations of greylisting using
Berkeley DB.

And I don't think MySQL is a resource hog, but for the kinds of queries
done by greylisting, Berkeley DB is much, much faster.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Andrew S. Johnson]

On Tuesday 24 February 2004 01:36 pm, Paul Heinlein wrote:
> On Tue, 24 Feb 2004, Andrew S. Johnson wrote:
> 
> > The greylisting milter I found needs MySQL, which I don't have the
> > resources for on my current server (K6-300 w/128MB RAM).
> 
> MySQL is not a resource hog. If you don't want to go through the
> hassle of installing it, that's cool -- but once MySQL is installed,
> it won't be a significant drain on your system resources.
> 
> --Paul Heinlein <[EMAIL PROTECTED]>

I already have an Oracle DBA hat at work (amongst lots of others),
so part of my resistance to learning MySQL is that my brain is full.
The next part is that while MySQL may be relatively light on resources,
MimeDefang and SA have already chewed up what I have.  I had
to upgrade my server from the trusty 486 to the K6 last year just to
support MD and SA.  Ya, I know that's not exactly bleeding edge
hardware, but the price was right (free).  I'm trying to work with what
I have.

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Paul Heinlein]

On Tue, 24 Feb 2004, Andrew S. Johnson wrote:

> The greylisting milter I found needs MySQL, which I don't have the
> resources for on my current server (K6-300 w/128MB RAM).

MySQL is not a resource hog. If you don't want to go through the
hassle of installing it, that's cool -- but once MySQL is installed,
it won't be a significant drain on your system resources.

--Paul Heinlein <[EMAIL PROTECTED]>
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Andrew S. Johnson]

On Tuesday 24 February 2004 12:54 pm, Cormack, Ken wrote:
> -Original Message-
> ::snip::
> 
> > Basically, I'm trying to avoid drastic changes to my mail system, since
> > it generally works OK.  So, the farther the changes get from sendmail,
> > theoretically changes should inflict less damage.
> 
> Andy, have you considered (or do you currently use) greylisting, via
> MIMEDefang?  That, more than any other single sendmail ruleset, access.db
> block, or MIMEDefang rule that we use, has taken the biggest chunk out of
> the spams we used to deal with.  Just a thought.

> KEN CORMACK, RHCE

The greylisting milter I found needs MySQL, which I don't have the resources
for on my current server (K6-300 w/128MB RAM).  This is just to keep the spam
out of my family's inboxes.  Do you know of a lighter weight version that uses
the Berkeley DB or something similar?  Also, I'd have to get my friend who is
acting as my backup MX to do the same thing, and I don't know how motivated
he would be to try that.  It would have to be fairly simple to install and configure.
My server running Slackware 8.1, but unless he has upgraded and didn't tell
me, I think his server is still running RedHat 6.2.  Thus the reason for thinking
that I need to filter out the spam at my MTA.

Andy Johnson



___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Kevin A. McGrail]

>  I've spent lots of time playing with SA and various BL's, but I'm
thinking it's at it's limits of effectiveness.

NOTHING is or will be better than SpamAssassin because it is, at its core, a
scoring system.  If someone invents a better method of checking spam, you
simply install it as one more test for SA and weight the heck out of it.

It's possible someone could develop a better scoring system based SPAM
checker but with the lead time SA has had and the stability and following it
has, it would be ludicrous to try and outseat a free, open-source piece of
software such as SA.

Regards,
KAM


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Replacing SpamAssassin with DSPAM

[Cormack, Ken]

-Original Message-
::snip::

> Basically, I'm trying to avoid drastic changes to my mail system, since
> it generally works OK.  So, the farther the changes get from sendmail,
> theoretically changes should inflict less damage.

Andy, have you considered (or do you currently use) greylisting, via
MIMEDefang?  That, more than any other single sendmail ruleset, access.db
block, or MIMEDefang rule that we use, has taken the biggest chunk out of
the spams we used to deal with.  Just a thought.


KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
557 E. Tallmadge Ave., Akron, OH  44310

"If that that is 'is' is that that is not 'not is', is that that is 'not is'
that that is not 'is'?  It is!" - Ken Cormack

"Sendmail administration is not black magic.  There are legitimate technical
reasons why it requires the sacrificing of a live chicken." - Unknown
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Andrew S. Johnson]

On Tuesday 24 February 2004 12:32 pm, Lucas Albers wrote:
> 1.) No spam filtering solution will catch all spam.
> Play with your SA rules or enable some blacklists.
> 2.) You should configure DSPAM as a plugin into SA.
> 3.) SA is better tested then DSPAM, imo.
> Run dspam as procmail script and see how well it works, running after
> mimedefang/sa then slowly move it into production usage after a few weeks
> at minimum.
> You can also run sa as a procmail script after mimedefang, that allows it
> to generate individual bayes dbase/awl per user.
> I use this method on one of my systems.
> Are we talking about just your inbox, or a mail server with lots of users?

A mail server with a few users (four), but I'm using sendmail on
Slackware 8.1.  I've spent lots of time playing with SA and various
BL's, but I'm thinking it's at it's limits of effectiveness.

I didn't think about having SA call DSPAM, so I'll have to look into
that.

Better tested doesn't necessarily mean better.  Windows is better
tested than Linux if you go by the number of users, but it sure ain't better.

Basically, I'm trying to avoid drastic changes to my mail system, since
it generally works OK.  So, the farther the changes get from sendmail,
theoretically changes should inflict less damage.

Thanks,

Andy Johnson

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Replacing SpamAssassin with DSPAM

[Lucas Albers]

1.) No spam filtering solution will catch all spam.
Play with your SA rules or enable some blacklists.
2.) You should configure DSPAM as a plugin into SA.
3.) SA is better tested then DSPAM, imo.
Run dspam as procmail script and see how well it works, running after
mimedefang/sa then slowly move it into production usage after a few weeks
at minimum.
You can also run sa as a procmail script after mimedefang, that allows it
to generate individual bayes dbase/awl per user.
I use this method on one of my systems.
Are we talking about just your inbox, or a mail server with lots of users?


Andrew S. Johnson said:
> No matter how much I keep training the SpamAssassin Bayesian
> filter, it still leaks spam into my inbox.  As reported on /. DSPAM
> is supposed to be a better algorithm.  I could just do a rip and
> replace, but I'd like to keep the MimeDefang AV scanning that I
> have with ClamAV.  Has anyone set this up before I get started
> on my own, or should I just reconfigure sendmail to use ClamAV
> and DSPAM just through milters?  My theory is that if I keep the
> existing MimeDefang setup I could easily switch between SA and
> DSPAM until I get comfortable with DSPAM.
-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Replacing SpamAssassin with DSPAM

[Andrew S. Johnson]

No matter how much I keep training the SpamAssassin Bayesian
filter, it still leaks spam into my inbox.  As reported on /. DSPAM
is supposed to be a better algorithm.  I could just do a rip and
replace, but I'd like to keep the MimeDefang AV scanning that I
have with ClamAV.  Has anyone set this up before I get started
on my own, or should I just reconfigure sendmail to use ClamAV
and DSPAM just through milters?  My theory is that if I keep the
existing MimeDefang setup I could easily switch between SA and
DSPAM until I get comfortable with DSPAM.

TIA for ideas and suggestions,

Andy Johnson


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Using ClamAV with default run-as-user settings

[David F. Skoll]

Hi,

> I patched MD 2.40-BETA-2 to get what I wanted. Patches attached.

I've applied a modified version of your patch -- you should not
require group-write permission for Clam to work; I changed all your
0660 to 0640 and the 0770 to 0750.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] A Bit of Confusion - Solved but differentproblemwithCLAMD

[Peter A. Cole]

- Original Message - 
From: "Rob" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 24, 2004 3:26 AM
Subject: RE: [Mimedefang] A Bit of Confusion - Solved but
differentproblemwithCLAMD


> Odd, I made my change to mimedefang-filter and it worked:
>
> $ClamdSock  = "/var/run/clamav/clamd";
>
I had a closer look today, and the require entry for mimedefang-filter is
BEFORE the line $ClamdSock = "/var/spool/MIMEDefang/clamd.sock" in
mimedefang.pl, so obviously it is overwritten by this setting.

Maybe it's just a Debian package thing?
>
> This has been discussed in the past and examples are in the archive,
> however...  I use the following to strip out all existing recipients, add
> them in a header (in the event that it becomes relevant in future) and set
> the recipient to postmaster:
>
> # Record who it was for
> action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
>
> # Remove oroginal recipients
> foreach $recip (@Recipients) {
> delete_recipient($recip);
> }
>
> # Send to the postmaster
> add_recipient('[EMAIL PROTECTED]');
>
Below is what I added to my sub filter_end section:

if ($hits >= $req) {
md_graphdefang_log('spam', $hits, $RelayAddr);

# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
# Add a header with original recipients, just for info
action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
# Remove original recipients
foreach $recip (@recipients) {
delete_recipient($recip);
}
# Send to spam address
add_recipient('[EMAIL PROTECTED]');
} else {
# Delete any existing X-Spam-Score header?
action_delete_header("X-Spam-Score");

Don't worry about the lack of brackets as I've only copied the pertinent
bits.

By the way, I did look through the archives, and they looked close enough to
this to be identical, so maybe my problem lies elsewhere?
>
> PLEASE - keep list traffic on the list.  Email sent directly to me may be
> ignored utterly.
>
> -- 
> Rob | What part of "no" was it you didn't understand?



___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang