[Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
Hi all, Just wondering if anyone is encountering the same problem I am? I'm using the Debian Testing version of MIMEDefang (2.41) and Spamassassin (2.63) and even though I have set $SALocalTestsOnly = 0 in /etc/mail/mimedefang-filter, network tests are disabled. If I then edit /usr/bin/mimedefang.pl and set the same setting there, then network tests are fine. As far as I'm aware, I shouldn't have to edit mimedefang.pl at all. This is also affecting Clam antivirus in that even though I set the correct location for the clamd sock file /var/run/clamav/clamd.ctl in /etc/mail/mimedefang.pl.conf, the sock file specified in mimedefang.pl overrides this as well. I'm basically trying to find out if I should be filing a bug report with the Debian package maintainers, or if this is more of a MIMEDefang source thing? Any ideas? Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] clamav + spamassassin + virtual-domains for 500.000 mails a day
Hi! I'm the mail-admin of a little internet-provider in austria. We are using 4 mailservers (FreeeBSD 4.7 - 5.2 xeon 2x2GHz, 1GB RAM) and one spamserver with the same configuration. On every machine FreeBSD 4.7 - 5.2 is installed, depending of the age of the machine. On the mailservers sendmail with libmilter, spamass-milter and spamc is installed. On the spamserver there is a spamd running which gets the requests of the mailservers. I am planning to set up a clamav-server with the same configuration. The problem: I haven't found a milter-interface that can do something like a pattern-matching for the to-address to scan only specific domains, because I don't know how much load I get on the clamav-server. Beside of that, I want to test the whole thing with a test-domain. With MIME-defang it should be possible to use spamassassin and clamav over the same sendmail-milter-interface. Is it also possible to check for spam in every mail (excluding a few trusted networks), and to check for viruses only in a few domains (or to-addresses) ? Is it possible to implement a LDAP-interface ? How fast, performant and stable is mimedefang. I have problems with spamass-milter, it crashes every week. Thx, flo ___ Florian Meister Systembetreuer für 1036hallo Vorarlberger Medienhaus Gutenbergstrasse 1 6858 Schwarzach Tel. 05572 501 134 Fax 05572 501 97134 E-Mail: [EMAIL PROTECTED] Web: www.medienhaus.at ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav + spamassassin + virtual-domains for 500.000 mails a day
Hi, We are using 4 mailservers (FreeeBSD 4.7 - 5.2 xeon 2x2GHz, 1GB RAM) and one spamserver with the same configuration. On every machine FreeBSD 4.7 - 5.2 is installed, depending of the age of the machine. On the mailservers sendmail with libmilter, spamass-milter and spamc is installed. On the spamserver there is a spamd running which gets the requests of the mailservers. For clamav you should switch to FreeBSD 5.X. Clamav is more stable there (with kernel threads). We had it crashing often on FreeBSD 4.9 ... The problem: I haven't found a milter-interface that can do something like a pattern-matching for the to-address to scan only specific domains, because I don't know how much load I get on the clamav-server. Beside of that, I want to test the whole thing with a test-domain. With MIME-defang it should be possible to use spamassassin and clamav over the same sendmail-milter-interface. Is it also possible to check for spam in every mail Mimedefang does not call spamd, it has embedded support to include the spamassassin functions itself. (excluding a few trusted networks), and to check for viruses only in a few domains (or to-addresses) ? Is it possible to implement a LDAP-interface ? Yes. You can do everthing that perl supports. How fast, performant and stable is mimedefang. I have problems with spamass-milter, it crashes every week. We run Mimedefang with perl 5.8.4 (from ports) in the embedded modus and it is very stable. No crashes, no unexpected failuers. And reload of config is possible without stop and start. Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] SA init questions
Apologies if this is a stupid question or OT but: We curently do not compile_now SA but just call spam_assassin_check per mail: spam_assassin_init()-compile_now(1) if defined(spam_assassin_init()); What kind of performance benefit would we get from this? I'm using MIMEDefang in emdebbed perl mode so I assume I need to put it in filter_initialize? Thanks, Chris __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SA init questions
On Thu, 17 Jun 2004, Chris Masters wrote: spam_assassin_init()-compile_now(1) if defined(spam_assassin_init()); What kind of performance benefit would we get from this? Do it in your filter file, outside any function definition. If you're using embedded Perl, you'll get a lot more memory sharing. There won't be a direct performance benefit, but each slave will use much less memory than otherwise. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: Re: [Mimedefang] clamav + spamassassin + virtual-domains for 500.000mails a day
Hi, Now there is a definate reason to upgrade as I believe using embedded modus reduced memory use and speeds up matters. Is that correct? - memory usage without embedded perl with 20 slaves: 700MB - memory usage with embedded perl with 20 slaves: 110MB Perl5.8.4 is needed to be able to reload the mimedefang config without stop and start. Perl 5.6.1 has bugs which prevent this. Martin ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav + spamassassin + virtual-domains for 500.000 mails a day
At 06:44 AM 6/17/2004, you wrote: On Thu, 17 Jun 2004, Florian Meister wrote: With MIME-defang it should be possible to use spamassassin and clamav over the same sendmail-milter-interface. Is it also possible to check for spam in every mail (excluding a few trusted networks), and to check for viruses only in a few domains (or to-addresses) ? Yes. You just write the Perl code. Is it possible to implement a LDAP-interface ? Yes. You just write the Perl code (perhaps you see a pattern in my answers. :-)) How fast, performant and stable is mimedefang. I have problems with spamass-milter, it crashes every week. MIMEDefang is extremely stable. We have customers using our commercial CanIt software (based on MIMEDefang) with uptimes of over 200 days. My own commercial server has been running MD/SA/ClamAV and has an uptime of 530 days. Yes, uptime rolls over at 497 days. Damn! Stable? Most definitly!! MIMEDefang is a fairly decent performer. With SpamAssassin scanning and Clam virus-scanning, a dual Xeon at 2.4GHz with 2GB of memory should easily handle 500 000 to 600 000 messages/day. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang John Jaeger - Billings, Montana EMail To: mailto:[EMAIL PROTECTED] Home Page : http://www.jjgb.com PGP: RSA Key ID: 0xAAEC7751 http://www.jjgb.com/public_files/RSA_Key.zip Our liberty is protected by four boxes... The ballot box, the jury box, the soap box, and the cartridge box. - Anonymous Soap Box didn't work, now using the Cartridge Box 3/20/2003 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Add Hebrew Support
Hello all, I installed RH 9 (with Hebrew support) + Sendmail + MIMEdefang + Spamassassin as Spam-Filter Relay server and it's work fine. Every mail that have Hebrew subject the MIMEdefang tag it as SPAM email, the worst thing it's that the MIMEdefang change the hebrew characters in the subject to something like this: ?F2?F8?E5?F5 ?E4?E7?E9?E9?ED ?E4?E8?E5?E1?E9? *** SPAM *** the *** SPAM *** is done by adding the line action_change_header(Subject, $Subject *** SPAM ***); in the mimedefang-filter file. If I remove this line from mimedefang-filter I get the Hebrew characters good, but I'm still getting this line in /var/log/maillog: Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. And I'm really need to change the subject to add some SPAM text. Here is my /etc/sysconfig/i18n file: LANG=en_US SUPPORTED=en_US.UTF-8:en_US:en:he_IL.utf8:he_IL:he:he_IL.ISO-8859-8:hebrew: he_I L.UTF-8 SYSFONT=latarcyrheb-sun16 I tried to change LANG to LANG=he_IL but the same. Here is my /var/log/maillog: tail /var/log/maillog Jun 17 18:00:51 spamsrv sendmail[2078]: i5HF0pc5002078: from=[EMAIL PROTECTED] , size=3176, class=0, nrcpts=1, msgid=[EMAIL PROTECTED] .il, bodytype=8BITMIME, proto=SMTP, daemon=MTA, relay=[192.168.160.2] Jun 17 18:00:51 spamsrv mimedefang-multiplexor: Slave 0 stderr: Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Characte r in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Charac ter in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Char acter in c fo Jun 17 18:00:51 spamsrv mimedefang-multiplexor: Slave 0 stderr: rmat wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped a t /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapp ed at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wra pped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format w rapped at /usr/bin/mimedefang.pl line 158, IN line 16. Character in c format wrapped at /us Jun 17 18:00:51 spamsrv mimedefang-multiplexor: Slave 0 stderr: r/bin/mimedefang .pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimedefa ng.pl line 158, IN line 16. Character in c format wrapped at /usr/bin/mimede fang.pl line 158, IN line 16. Jun 17 18:00:53 spamsrv sendmail[2078]: i5HF0pc5002078: Milter change: header C ontent-Type: from multipart/alternative;\n\tboundary=--=_WallaWebMail_34271 _8709_Part_1000 to multipart/mixed; boundary=--=_1087484452-1929-3 Jun 17 18:00:53 spamsrv sendmail[2078]: i5HF0pc5002078: Milter change: header M IME-Version: from 1.0 to 1.0 Jun 17 18:00:53 spamsrv sendmail[2078]: i5HF0pc5002078: Milter message: body rep laced Jun 17 18:00:53 spamsrv sendmail[2078]: i5HF0pc5002078: Milter add: header: X-Sc anned-By: MIMEDefang 2.16 (www . roaringpenguin . com / mimedefang) Jun 17 18:01:11 spamsrv sendmail[2085]: i5HF0pc5002078: to=[EMAIL PROTECTED] s.com, delay=00:00:20, xdelay=00:00:18, mailer=esmtp, pri=30457, relay=[192.168 .160.33] [192.168.160.33], dsn=2.0.0, stat=Sent (OK) I be more than happy to get some help :)) Thanks, Miki Barzilay [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Add Hebrew Support
On Thu, 17 Jun 2004, rrr wrote: Every mail that have Hebrew subject the MIMEdefang tag it as SPAM email, the worst thing it's that the MIMEdefang change the hebrew characters in the subject to something like this: In your SpamAssassin config file, set: ok_locales: all so SpamAssassin doesn't get upset at Hebrew. If I remove this line from mimedefang-filter I get the Hebrew characters good, but I'm still getting this line in /var/log/maillog: Perl on Red Hat 9 does not handle UTF-8 text very well. I don't know a way to fix it without turning off UTF-8 support altogether, which is probably not an option for you. My guess is that most spam is not written in Hebrew, and anyway, SpamAssassin probably wouldn't catch any Hebrew spam. Perhaps you could modify your filter not to call SpamAssassin if the locale is Hebrew? (Actually, the phrase Hebrew spam is quite ironic, considering what SPAM-the-food is made from. :-)) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Add Hebrew Support
On Thu, 17 Jun 2004, Kevin A. McGrail wrote: I just had that discussion re: HAM / SPAM. I vote we change it to kosher and non-kosher email ;-) Tecnically, Kosher and Treif. But I think ham/spam are too deeply ingrained to be disloged. :-) They're also single-syllable words. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Add Hebrew Support
David F. Skoll wrote: On Thu, 17 Jun 2004, Kevin A. McGrail wrote: I just had that discussion re: HAM / SPAM. I vote we change it to kosher and non-kosher email ;-) Tecnically, Kosher and Treif. But I think ham/spam are too deeply ingrained to be disloged. :-) They're also single-syllable words. You would be correct... Additionally, Kosher comes from the work ka'sher (I think I have that in the right spot) which means permissable by jewish law and I'm not sure what Jewish law would have to say about SPAM... other than it's typically made from non-kosher meat products... but what if spam was made from kosher beef? Would it still be considered treif? Hmmm... one for the Talmud scholars... -Ben p.s. some additional definitions are: old.jccc.net - Hebrew for fit or proper. In Judaic culture, kosher refers to the proper methods of food preparation and the dietary laws governing its consumption. Kosher or non-kosher can refer to the very nature of certain foods, as well as the various combinations thereof. For example, pork is not kosher and shellfish is not kosher. Beef is kosher as long as the animal is slaughtered properly, and cow's milk is kosher. But the mixing of meat and dairy products is never kosher. Keeping kosher is important, not only because it would seem to address some apparent health issues, but because certain foods are associated with certain cultures (the goyim, or the foreign nations). Also, the mixing of certain foods is not unlike a metaphor for cultural, ethnic and religious assimilation. For the orthodox Jew, the experience of assimilation is like that of exile; it is nothing short of a loss of identity. = http://www.brainydictionary.com/ - (a.) Ceremonially clean, according to Jewish law; -- applied to food, esp. to meat of animals slaughtered according to the requirements of Jewish law. Opposed to tref. Hence, designating a shop, store, house, etc., where such food is sold or used. (n.) Kosher food; also, a kosher shop. (v. t.) To prepare in conformity with the requirements of the Jewish law, as meat. = http://www.webster-dictionary.org/definition/kosher - Webster's 1913 Dictionary Ko´sher keep kosher, v. i.. a. 1. Ceremonially clean, according to Jewish law; - applied to food, esp. to meat of animals slaughtered according to the requirements of Jewish law. Opposed to tref. For food to be officially kosher, it must be certified fit to eat by a Rabbi, according to Jewish ritual law; as, kosher food. 2. Proper; seemly; appropriate; legitimate; as, it's not kosher to do it that way. 3. Genuine. n. 1. Kosher food; also, a kosher shop. 2. the practise of adherence to the Jewish ritual law; used mostly in the phrase keep kosher To adhere to the rules for eating only kosher food and handling it properly. = http://www.wordiq.com/definition/Kashrut - Kashrut The circled U indicates that this can of tuna is kosher The laws of Kashrut (keeping kosher) are the Jewish dietary laws. Food in accord with Jewish law is termed kosher, from the Hebrew term kasher, meaning fit (in this context, fit for human consumption). Food not in accord with Jewish law is termed treifah or treif (torn, originally used only for unsuitable meat). The basic laws of kashrut are in the Torah, their details explicated in the oral law (the Mishnah and the Talmud) and codified by the later rabbinical authorities. From the context of the laws in the Biblical book of Leviticus, the purpose of kashrut is related to ritual purity and holiness. Ok, I think that works... ;) We are a funny bunch! ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Add Hebrew Support
On Thursday 17 June 2004 10:47 am, Kevin A. McGrail wrote: (Actually, the phrase Hebrew spam is quite ironic, considering what SPAM-the-food is made from. :-)) I just had that discussion re: HAM / SPAM. I vote we change it to kosher and non-kosher email ;-) Count me as a vote for the change. ;D Kayne ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] relay_is_blacklisted timeout
We're going to join the world and use relay_is_blacklisted soon. The function does a gethostbyname() and we don't understand what happens if it hangs. We were thinking the relay_is_blacklisted function would have a timeout in it but it does not. But no one seems to be reporting trouble. What happens? Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] relay_is_blacklisted timeout
On Thu, 17 Jun 2004, Joseph Brennan wrote: The function does a gethostbyname() and we don't understand what happens if it hangs. We were thinking the relay_is_blacklisted function would have a timeout in it but it does not. If it hangs for longer than the busy timeout (the -b option to the multiplexor), then the multiplexor unceremoniously kills the Perl slave and tempfails the mail. Really, this should be re-implemented using Net::DNS, and we need a way to run DNS queries in parallel and collect the results as they come in. This is on the TODO list. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Network Tests Disabled Even Though mimedefang-filter is right
On Thu, 17 Jun 2004, Peter A. Cole wrote: I'm using the Debian Testing version of MIMEDefang (2.41) and Spamassassin (2.63) and even though I have set $SALocalTestsOnly = 0 in /etc/mail/mimedefang-filter, network tests are disabled. I vaguely remember a bug like this; as far as I know, the latest MIMEDefang (2.43) works correctly. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] relay_is_blacklisted timeout
On Thu, Jun 17, 2004 at 03:42:43PM -0400, David F. Skoll wrote: Really, this should be re-implemented using Net::DNS, and we need a way to run DNS queries in parallel and collect the results as they come in. This is on the TODO list. That functionality (parallel blacklist queries) is already implemented in Net::RBLClient. You may want to use that. (We've got code ready and tested that uses it, but it's... entangled). -- #!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED] $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Using DCC in SpamAssassin which is called by MimeDefang
At 02:34 PM 6/16/2004, [EMAIL PROTECTED] wrote: I asked a similar question recently: who has had what experience with DCC/Razor/Pyzor, presumably via MIMEDefang and SpamAssassin? All three will work with MD/SA. Razor is probably the simplest, since SA is already running in Perl and can call the Razor Perl modules directly. It also has the advantage that SA has different rules to handle various Razor results - if Razor gives a message a 50-100% probability of being spam, SA will score it higher than if Razor gives it a 10-50% change. The main drawback to Razor is that it presently has the lowest hit rate of the three, although this should change soon since the next version of the client will add one of the more effective hashes being used by the SpamNet client (Razor's commercial sibling). One trick I've found: I usually have to run make install twice, or it doesn't set up all the links in /usr/(local/)bin. Pyzor hits more spam than Razor, but has two drawbacks: first, it runs in Python, and firing up a Python instance for each hit is slower than just calling a Perl module in an already runnng Perl. Second, the client doesn't do much in the way of error recovery when it encounters a message it doesn't recognize. This isn't much of a problem when called from SA - it just counts as if Pyzor didn't find it - but can be frustrating when you try to report a mailbox full of confirmed spam and it dies because the third message claims to use the plain content transfer encoding. Be sure to check the Readme's section on file permissions. I've actually seen the pyzor client get installed non-executable. DCC has the highest hit rate, but that's partly because its stated goal is not to identify spam, but to identify bulk mail. By definition that includes wanted newsletters, mailing lists, etc, although few people actually report mail according to that standard. Because of this, I've lowered the SA score for DCC_CHECK from 2.9 to 1. I remember having a bit more trouble getting it running than either Razor or Pyzor, but it's been long enough that I don't remember exactly what I had to do. Several people posted some comparisons a fe months ago. I think this was on the SA list. There is certainly overlap among the three databases (about 60% of spam we see that trips one of them trips at least two), but there's enough difference that it could be worth running two or even all three. In any case, I would recommend using the razor_timeount, pyzor_timeout, and dcc_timeout options in your SA config so that network slowdowns and server outages don't add too much time to your mail processing. Kelson Vibber SpeedGate Communications www.speed.net ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] [ot] spamassassin config error with bayes
hello Apologies that this is not technically a mimedefang issue. I have MD calling spamassassin 2.63 in pretty much the usual way. In /etc/mail/sa-mimdefang.cf I had left all the default values,hences use_bayes is set as is auto_learn. The default location for the bayes data is /var/spool/MIMEDefang/.spammassassin (the home directory of the defang user). Everything worked fairly well from day one (several months ago). I had the spam threshold set at around 7-8 and as the false positives decreased over time have gradually brought it down to where it is now, 5. Have not had a false positive for a long time. Two days ago I decided that as /var/spool/MIMEDefang is on a ramdisk, it would be advisable to move the bayes data elsewhere in the event of it being lost due to a reboot etc. So I stopped MD and copied the bayes data elsewhere and set bayes_path to point at it. File permissions and ownerships all checks out. Then I did some reading on some other options available to put in sa-mimedefang.cf. In particular I set (and I acknowledge this was a mistake) bayes_auto_learn_threshold_spam to 8 (default is 12). I misunderstood the effect of doing this. Now I am getting lots of false positives. I've removed the bayes_auto_learn_threshold_spam config. Its not made much difference. I then thought I've poisoned the bayes data, so I deleted it hoping that it would start again and go through the re-learning again. But it has not created any files at all in the path (bayes_path) that I set. Any advice or help would be appreciated. thanks rolf. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang