RE: [SAtalk] Spam forward

2003-11-12 Thread Zlatko Hristov 
I use Postfix and amavisd-new, many options including send spam to
mailbox.

Zlatko. 


-Original Message-
From: Dan [mailto:[EMAIL PROTECTED] 
Sent: Thursday, November 13, 2003 8:34 AM
To: SATalk list

Hey guys!

Does anyone know if spam can be forwarded onto another mailbox? Right
now I have being trapped in /var/virusmails.

I would like to have it all sent to [EMAIL PROTECTED]

Thoughts?

Dan



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest developments in
Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more!
http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Spamassassin blocking by words

2003-11-12 Thread Zlatko Hristov 
Title: SignatureENCH Stationery



Can SA block 
messages that contain certain words in the /header/body/subject 
?
 
Thank 
you.
 
Zlatko.

Re: [SAtalk] Attachments

2003-11-12 Thread David B Funk 
On Wed, 12 Nov 2003, Matt Kettler wrote:

> At 01:38 PM 11/12/2003, Scott Antonivich wrote:
> >but can attachments be tagged as spam per user? If
> >so, what do I need to place in this users config file?
>
> You'd have to create a custom rule to look for mime boundaries..
>
> However, to do it per-user, you'll need to have per-user configs, and
> per-user rules, something that most site-wide SA configurations have no
> capability to do.

You'll have to be discrimiating in what kind of mime boundaries
you look for.

For example, many modern mail clients (such as Eudora, Outlook, Mozilla)
have the ability to send combo text/html or text/rtf mail as Mime
multi-part-alternative messages. Most modern clients will show such a
message as just a single-part message and give no clue as to the
internal structure.
Some systems us Mime parts for such things as PGP signatures or ".vcard"
signatures.

Even such things as sendmail error bounce messages often come as
multi-part mime messages.

Now what about a message that has only one part, but that part is
a Base-64 encoded jpg of a spam-ad? It would not necessarily have
any mime boundary other than the content tag in the header.
Or for that matter, a single Base-64 encoded virus, (I've seen that
too. ;(

So there's no simple definition of what constitutes an "Attachment".

-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] help

2003-11-12 Thread Mueller, Chris 
Title: Message



Please 
remove me from the mailing list...
Thanks 
in advance.

  
  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] Sent: 
  Wednesday, November 12, 2003 3:46 PMTo: 
  [EMAIL PROTECTED]Subject: Spamassassin-talk 
  digest, Vol 1 #1721 - 34 msgsSend Spamassassin-talk 
  mailing list submissions to [EMAIL PROTECTED] To 
  subscribe or unsubscribe via the World Wide Web, visit 
  https://lists.sourceforge.net/lists/listinfo/spamassassin-talk or, via email, 
  send a message with subject or body 'help' to 
  [EMAIL PROTECTED] You can reach the person 
  managing the list at [EMAIL PROTECTED] When 
  replying, please edit your Subject line so it is more specific than "Re: 
  Contents of Spamassassin-talk digest..."

Re: [SAtalk] OT: Administrivia: List mom, please disable the bouncing thewizard.net subscriber.

2003-11-12 Thread Edward Shornock 
Matt Kettler wrote:

At 02:14 PM 11/12/2003, Pedro Sam wrote:

I had SA learn it as spam, and it never bothered me again :)  Perhaps 
this is
not the proper way of using SA, but it works.


Or you can add "comingsoon.pool.com" to your /etc/mail/access file with 
a 550 rejection :)

Received: from mx10.comingsoon.pool.com (mx10.comingsoon.pool.com 
[199.85.4.240])
by xanadu.evi-inc.com (8.11.6/8.11.6) with SMTP id h9SJ2xj17181
for <[EMAIL PROTECTED]>; Tue, 28 Oct 2003 14:03:00 -0500
Received: from mailnull by mx10.comingsoon.pool.com with local (Exim 4.20)
id 1AEZ6p-000E2W-8I
for [EMAIL PROTECTED]; Tue, 28 Oct 2003 19:02:27 +
From: [EMAIL PROTECTED]


Are these mails coming in still?  I haven't gotten one for quite some 
time.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re[2]: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Robert Menschel 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello Frank,

Wednesday, November 12, 2003, 6:51:01 AM, you wrote:

>> > Is anyone else experiencing more junk mail getting through
>> > since installing
>> > 2.60?

FP> I've been seeing a lot more spam *period*.  Perhaps it's not that
FP> more is getting through.  I'd be interested to see his ham/spam ratio
FP> and to know if it's changed any in the last few months.

Agreed. I've seen what appears to be a 2-fold increase in total spam.

My percentage of spam getting through has definitely gone down with 2.60.

I use network checks, Bayes, and a whole bunch of additional rules found
through the SA Rules Emporium and Wiki.

Bob Menschel

-BEGIN PGP SIGNATURE-
Version: PGP 8.0

iQA/AwUBP7L6kpebK8E4qh1HEQKd3gCgjKkZRqEN7dFOAm5W1wxaPvM53+UAniOX
x4Q7KA5Z6aE88Ne/wSvoxWqc
=OkIm
-END PGP SIGNATURE-




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] global whitelist in MySQL

2003-11-12 Thread Edward Shornock 
Willi Burmeister wrote:
Hi,

we have a list of email addresses stored in MySQL. We now would like 
to use this MySQL list as a global whitelist in spamassassin. For 
every incoming email this MySQL list should be checked before the 
user white/blacklist is used.

Is this possible with spamassassin? If yes, how?

Thanks

Willi

Do you have have SA set up to interface with MySQL?  If not, read this 
first: http://www.spamassassin.org/full/2.6x/dist/sql/README

The global entries would be added (or altered) so that the username is 
"@GLOBAL".
   insert into userpref(username,preference,value)
   values ('@GLOBAL','whitelist_from','[EMAIL PROTECTED]');

Once you have this set up, if you want a PHP-based front-end, try the 
following:  http://webuserprefs.pipegrep.net/

HTH
--
Edward Shornock





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam forward

2003-11-12 Thread ian douglas 
> Now you've got me interested.  how did you get those stats?

I can't take credit for it.

I turned on logging in SpamAssassin and MailScanner, and Mike Andrews on the
list here submitted a script a few weeks ago that I tweaked a tiny bit
although his worked fine on its own. My maillogs rotate on a nightly basis
(default Redhat install sets the rotation on a weekly basis) and gzip's the
old logs for disk space. Mike's script looks through the logs for known
strings to count incoming messages, which ones are spam or contain virii,
and calculates the stats. His script will work one log file at a time, so
your stats will vary based on how often you rotate your maillog file.

-id




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] CPU Usage while sa-learning?

2003-11-12 Thread Chip Paswater 
Also, check vmstat or top instead of relying on your system load average.
The load average is not necessarily indicitave of your actual system load.

If you find it taking too many resources, try bumping it's nice level way
down when you run it.

On Tue, Nov 11, 2003 at 11:30:21PM +0100, Christopher Kunz wrote:
> Hi,
> 
> I have been initializing our Bayes databases after a system rebuild and
> 2.60 upgrade, and have noticed that feeding it very large mbox files
> causes some undesired behavior - namely an extremely high load of
> between 9 and 12.
> 
> This load is rising even further during the course of sa-learn's
> examination of the mbox (which contains maybe 2500 mails and is a
> straight copy from my mozilla), rendering the system nearly unresponsive.
> 
> Am I doing something wrong or is this behavior expected?
> 
> --ck
> 
> -- 
> php development | hosting |  housing | professional game server hosting
> http://www.de-punkt.de   [ [EMAIL PROTECTED] ]http://www.stormix.de
> +49 511 1237504 | +49 511 1237505 | laportestr. 2a, 30449 hannover.de
> GPG Fingerprint: C882 8ED1 7DD1 9011 C088  EA50 5CFA 2EEB 397A CAC1
> 
> 
> 
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam forward

2003-11-12 Thread mwestern 
Now you've got me interested.  how did you get those stats?

-Original Message-
From: ian douglas [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 8:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Spam forward


> err, i'm not sure how you setup your spamassasin but i have
> mailscanner going well cos it supports a virus scanner as well.

I second that opinion. MailScanner/ClamAV/SA 2.60, and working great on a
small-volume server:

Spam/Mail Statistics;
 Total   spamassassin   rejected  scanner   total mails
 Email   says 'spam'by rulesetsays virusundelivered
 Nov  12  1283   278 (21.67%)6 ( 0.47%)   11 ( 0.86%)   295 (22.99%)
 Nov  11  2615   642 (24.55%)   14 ( 0.54%)   18 ( 0.69%)   674 (25.77%)
 Nov  10  3098   650 (20.98%)   17 ( 0.55%)   15 ( 0.48%)   682 (22.01%)
 Nov   9  1401   561 (40.04%)   23 ( 1.64%)   10 ( 0.71%)   594 (42.40%)
 Nov   8   710   483 (68.03%)8 ( 1.13%)6 ( 0.85%)   497 (70.00%)
 Nov   7  1746   550 (31.50%)   10 ( 0.57%)   22 ( 1.26%)   582 (33.33%)
 Nov   6  2413   635 (26.32%)   17 ( 0.70%)   25 ( 1.04%)   677 (28.06%)

I have all "spamassassin says spam" messages forward to another mailbox
because I also have MailScanner archive every incoming message. I have
custom Perl code written to remove any high-scoring spam from the
MailScanner archive and then I split the rest into ham/spam mailboxes for
sa-learn. Works great, takes a few minutes a day.

-id




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamassassin is deleting ALL incoming mails!

2003-11-12 Thread Chris Thielen 
Oops, I accidentally replied directly to Paulo in the original message...
Replying to the list:


Paulo,
I don't use Sendmail and therefore don't have any experience with its
config files, however I don't see anything out of the ordinary here.  How
are you calling spamassassin?  via Procmail? (I see it's referenced at the
bottom)  Maybe your procmail recipe(s) are dropping the mail somehow?  Can
you provide this information?

Chris

Paulo Lenz said:
> Thanks for the reply Cris!
>
> I am using a red hat 8 with sendmail as my MTA.
>
> here is the sendmail configuration:
>
> divert(-1)dnl
> dnl #
> dnl # This is the sendmail macro config file for m4. If you make changes
> to
> dnl # /etc/mail/sendmail.mc, you will need to regenerate the
> dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf
> package
> is
> dnl # installed and then performing a
> dnl #
> dnl # make -C /etc/mail
> dnl #
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for Red Hat Linux')dnl
> OSTYPE(`linux')dnl
> dnl #
> dnl # Uncomment and edit the following line if your outgoing mail needs to
> dnl # be sent out through an external mail server:
> dnl #
> dnl define(`SMART_HOST',`smtp.your.provider')
> dnl #
> define(`confDEF_USER_ID',``8:12'')dnl
> define(`confTRUSTED_USER', `smmsp')dnl
> dnl define(`confAUTO_REBUILD')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `200')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> dnl #
> dnl # The following allows relaying if the user authenticates, and
> disallows
> dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
> dnl #
> dnl define(`confAUTH_OPTIONS', `A p')dnl
> dnl #
> dnl # PLAIN is the preferred plaintext authentication method and used by
> dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
> dnl # use LOGIN. Other mechanisms should be used if the connection is not
> dnl # guaranteed secure.
> dnl #
> dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
> LOGIN
> PLAIN')dnl
> dnl #
> dnl # Rudimentary information on creating certificates for sendmail TLS:
> dnl # make -C /usr/share/ssl/certs usage
> dnl #
> dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
> dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
> dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
> dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
> dnl #
> dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
> dnl # slapd, which requires the file to be readble by group ldap
> dnl #
> dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
> dnl #
> dnl define(`confTO_QUEUEWARN', `4h')dnl
> dnl define(`confTO_QUEUERETURN', `5d')dnl
> dnl define(`confQUEUE_LA', `12')dnl
> dnl define(`confREFUSE_LA', `18')dnl
> define(`confTO_IDENT', `0')dnl
> dnl FEATURE(delay_checks)dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> dnl #
> dnl # The -t option will retry delivery if e.g. the user runs over his
> quota.
> dnl #
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`root')dnl
> dnl #
> dnl # The following causes sendmail to only listen on the IPv4 loopback
> address
> dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
> dnl # address restriction to accept email from the internet or intranet.
> dnl #
> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen to port 587 for
> dnl # mail from MUAs that authenticate. Roaming users who can't reach
> their
> dnl # preferred sendmail daemon due to port 25 being blocked or redirected
> find
> dnl # this useful.
> dnl #
> dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen to port 465,
> but
> dnl # starting immediately in TLS mode upon connecting. Port 25 or 587
> followed
> dnl # by STARTTLS is preferred, but roaming clients using Outlook Express
> can't
> dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use
> STARTTLS
> dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses
> smtps
> dnl # when SSL is

Re: [SAtalk] Bayes versioning?

2003-11-12 Thread Ted Cabeen 
Theo Van Dinter <[EMAIL PROTECTED]> writes:

> On Tue, Nov 11, 2003 at 01:15:43PM -0800, Ted Cabeen wrote:
>> Okay.  I'll give that a try.  What's the best way to quiesce the bayes
>> system without making spamassassin unavailable during the import?
>> Will setting auto_learn to 0 in the running user's user_prefs be
>> enough to make the import go smoothly, or should I set use_bayes to 0
>> as well?
>
> auto_learn 0  will disable automatic writes (which will fail anyway),
> but use_bayes 0  will fully disable any access of the db.  I'd do that.

I just tried to run the import and the process ran out of memory.
I've got 1GB of physical RAM in that machine with 2GB of swap
available and it still errored out with the following output:
# sa-learn --dbpath /cyrus/amavis/.spamassassin/bayes --import
upgrading to DB_File, please be patient: /cyrus/amavis/.spamassassin/old_bayes_seen
DB_File: copied 702806 entries.
upgrading to DB_File, please be patient: /cyrus/amavis/.spamassassin/old_bayes_toks
DB_File: DB_File module not installed, nothing copied.
GDBM_File: GDBM_File module not installed, nothing copied.
Out of memory during request for 1012 bytes, total sbrk() is 1073326080 bytes!

I ran the import as root with all of the ulimits set to unlimited.  Is
there any way to get the memory usage down so that I can complete the
import?

Can I somehow purge the less important data from the database?

-- 
Ted Cabeen   http://www.pobox.com/~secabeen[EMAIL PROTECTED] 
Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED]
"I have taken all knowledge to be my province." -F. Bacon  [EMAIL PROTECTED]
"Human kind cannot bear very much reality."-T.S.Eliot[EMAIL PROTECTED]


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Spam forward

2003-11-12 Thread Matt Kettler 
At 04:34 PM 11/12/2003, Dan wrote:
Does anyone know if spam can be forwarded onto another mailbox? Right now I
have being trapped in /var/virusmails.
That totally depends on what tool you're using to call SA.

SA itself can't even trap them in /var/virusmails, much less forward messages.

It's the tools that call SA that do things like this.. so if you can reply 
to the list asking how to do it with a particular tool (ie: procmail, 
amavisd, mailscanner, whatever you are using) then someone might be able to 
point out how.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Martin Radford 
At Wed Nov 12 14:51:01 2003, Frank Pineau wrote:
> 
> I've been seeing a lot more spam *period*.  Perhaps it's not that more
> is getting through.  I'd be interested to see his ham/spam ratio and to
> know if it's changed any in the last few months.

I'm getting four to five times as much spam as I did even a few months
ago.  I don't know whether this is spammers' retribution for my
contributions to this list, or just a general increase in the level of
spam.

Martin
-- 
Martin Radford  |   "Only wimps use tape backup: _real_ 
[EMAIL PROTECTED] | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |   mirror it ;)"  - Linus Torvalds _\_V


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam forward

2003-11-12 Thread ian douglas 
> err, i'm not sure how you setup your spamassasin but i have
> mailscanner going well cos it supports a virus scanner as well.

I second that opinion. MailScanner/ClamAV/SA 2.60, and working great on a
small-volume server:

Spam/Mail Statistics;
 Total   spamassassin   rejected  scanner   total mails
 Email   says 'spam'by rulesetsays virusundelivered
 Nov  12  1283   278 (21.67%)6 ( 0.47%)   11 ( 0.86%)   295 (22.99%)
 Nov  11  2615   642 (24.55%)   14 ( 0.54%)   18 ( 0.69%)   674 (25.77%)
 Nov  10  3098   650 (20.98%)   17 ( 0.55%)   15 ( 0.48%)   682 (22.01%)
 Nov   9  1401   561 (40.04%)   23 ( 1.64%)   10 ( 0.71%)   594 (42.40%)
 Nov   8   710   483 (68.03%)8 ( 1.13%)6 ( 0.85%)   497 (70.00%)
 Nov   7  1746   550 (31.50%)   10 ( 0.57%)   22 ( 1.26%)   582 (33.33%)
 Nov   6  2413   635 (26.32%)   17 ( 0.70%)   25 ( 1.04%)   677 (28.06%)

I have all "spamassassin says spam" messages forward to another mailbox
because I also have MailScanner archive every incoming message. I have
custom Perl code written to remove any high-scoring spam from the
MailScanner archive and then I split the rest into ham/spam mailboxes for
sa-learn. Works great, takes a few minutes a day.

-id




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] CPU Usage while sa-learning?

2003-11-12 Thread Martin Radford 
At Tue Nov 11 22:30:21 2003, Christopher Kunz wrote:
> 
> I have been initializing our Bayes databases after a system rebuild and
> 2.60 upgrade, and have noticed that feeding it very large mbox files
> causes some undesired behavior - namely an extremely high load of
> between 9 and 12.
> 
> This load is rising even further during the course of sa-learn's
> examination of the mbox (which contains maybe 2500 mails and is a
> straight copy from my mozilla), rendering the system nearly unresponsive.
> 
> Am I doing something wrong or is this behavior expected?

This is speculation, but:

If your mail system is running while you're doing the import, is it
possible that your mail delivery processes are building up waiting for
a lock which is being held by the sa-learn process?  I believe that
spamassassin/spamd which time out after a few seconds if they can't
get the lock, but if your server is busy enough, you may well get
several processes waiting.

Martin
-- 
Martin Radford  |   "Only wimps use tape backup: _real_ 
[EMAIL PROTECTED] | men just upload their important stuff  -o)
Registered Linux user #9257 |  on ftp and let the rest of the world  /\\
- see http://counter.li.org |   mirror it ;)"  - Linus Torvalds _\_V


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SA Says: 05.40] [SAtalk] spamassassin is deleting ALL incoming mails!

2003-11-12 Thread Scott Blomquist 
Have you checked your spamtrap folder? Here is the score I got on your 
message:

Paulo Lenz wrote:

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.
Content preview:  Im having a problem with spamassassin, After I
  installed it, I am not receiving any more mails... I think its deleting
  all the mails when thay arrive, because they are not returning to the
  sender... [...] 

Content analysis details:   (5.40 points, 5 required)
BAYES_30   (-1.6 points) BODY: Bayesian classifier says spam probability is 30 
to 40%
   [score: 0.3965]
HTML_50_60 (0.1 points)  BODY: Message is 50% to 60% HTML
RM_rb_DIV  (0.0 points)  BODY: Testing for HTML Div in emails
RM_rb_HTML (0.0 points)  BODY: Testing for HTML tag in emails
KNOWN_MAILING_LIST (-0.6 points) Email came from some known mailing list software
RCVD_IN_NJABL  (1.2 points)  RBL: Received via a relay in dnsbl.njabl.org
   [RBL check: found 2.102.174.200.dnsbl.njabl.org.,]
   [type: 127.0.0.9]
RCVD_IN_DSBL   (4.3 points)  RBL: Received via a relay in list.dsbl.org
   [RBL check: found 2.102.174.200.list.dsbl.org.]
RCVD_IN_BRAZIL (2.0 points)  RBL: Received from Brazil
   [RBL check: found 4.15.155.200.brazil.blackholes.us.]
The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.




Subject:
[SAtalk] spamassassin is deleting ALL incoming mails!
From:
"Paulo Lenz" <[EMAIL PROTECTED]>
Date:
Wed, 12 Nov 2003 00:22:41 -0200
To:
<[EMAIL PROTECTED]>
Im having a problem with spamassassin,
 
After I installed it, I am not receiving any more mails... I think its 
deleting all the mails when thay arrive, because they are not returning 
to the sender...
 
Could anyone help me ?
 
Thanks,
Paulo
--
Scott V. Blomquist,A-SA-CN-NRKTINLC(tm)  #2598
  ITI/Bear&CoRochester, VT
802-767-3174(v)   802-767-3726(f)
"Any technology sufficiently advanced is indistinguishable from Magic."
 A. C. Clarke


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Razor Timeout Case SpamAssassin to stop?

2003-11-12 Thread mwestern 
Hi All,
I had a strange thing last night.  my spam assassin stop processing
messages.  sendmail was still receiving.  i stopped and restarted
MailScanner (which is what i use) once and it complained about address in
use.  i then stopped it and saw that sendmail was still running and did a
killall on it.  that stopped it.  then restarted MailScanner and away we
went again.   strange.any ideas?

Matthew


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam forward

2003-11-12 Thread mwestern 
err, i'm not sure how you setup your spamassasin but i have mailscanner
going well cos it supports a virus scanner as well.  

in my mailscanner.conf file i have the option of:

#
# What to do with spam
# 
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#deliver - deliver the message as normal
#delete  - delete the message
#store   - store the message in the quarantine
#bounce  - send a rejection message back to the sender
#forward [EMAIL PROTECTED] - forward a copy of the message to
[EMAIL PROTECTED]
#striphtml   - convert all in-line HTML content to plain
text.
#  You need to specify "deliver" as well for the
#  message to reach the original recipient.
#attachment  - Convert the original message into an
attachment
#  of the message. This means the user has to
take
#  an extra step to open the spam, and stops
"web
#  bugs" very effectively.
#
# Note that the bounce message is created in such a way as to stop it
# bouncing back to your site.
#
# This can also be the filename of a ruleset.
#Spam Actions = store forward [EMAIL PROTECTED] bounce

you can do multiple actions on spam.  it has another one the same for high
scoring spam.  i deliver low scoring spam and delete spam over 20.  

REgards
Matthew


-Original Message-
From: Dan [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 8:04 AM
To: SATalk list
Subject: [SAtalk] Spam forward


Hey guys!

Does anyone know if spam can be forwarded onto another mailbox? Right now I
have being trapped in /var/virusmails.

I would like to have it all sent to [EMAIL PROTECTED]

Thoughts?

Dan



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Help on SpamAssasin

2003-11-12 Thread Chris Thielen 
Sounds like you have this:

Internet email goes to a routable IP address on a Linux PC.
Linux PC (w/routable IP) runs NAT, port 25 is forwarded to Windows PC
Windows PC (w/non-routable IP; 10.0.0.x or 192.168.0.x are common) runs a
MTA on port 25 and receives the forwarded connections.

But you want:

Internet email goes to a routable IP address on a Linux PC.
Linux PC (w/routable IP) runs a MTA on port 25.
This MTA feeds the email through SpamAssassin which tags it.
The MTA then sends the email to the MTA on your Windows PC (w/non-routable
IP).


If I read your message right, your Linux box doesn't have a MTA on it yet.
 You will need to choose an MTA, install it, and configure it to filter
through SA and forward to your Windows MTA.  This is quite possible,
perhaps even a typical configuration... but it's probably not trivial to
configure without some level of understanding of the OS and/or MTAs.

If this is a task you want to dive into, I'm sure somebody who has a setup
such as this could recommend some configuration primers.  Or perhaps look
for posts regarding a unix box w/SpamAssassin feeding Exchange, which is a
relatively common configuration.

Some common MTAs: Sendmail, Postfix, Exim, ?

--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases:
http://www.sandgnat.com/cmos/


a3 said:
> Hello,
>
> I have a Debian Linux Firewall, configured by someone I know that is no
> longer available.
> For my work I program on Windows platforms, so I don't know much about
> Linux, just some basic things.
> The problem I am facing has to do with mail spam.
> Behind the firewall is a mailserver (windowsbased ) that checks on port 25
> The Linux PC does a redir of port 25 from the WAN ip adress to the mail
> server IP adress.
>
> Can I use SpamAssasin to replace this and block spam. ?
> If so, where can I find doc's on how to install and configure it in such
> a way ?
>
> Would really appreciate the help.
>
> Adrie Bouwmeester
> Schijndel
> The Netherlands
>
>




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamassassin is deleting ALL incoming mails!

2003-11-12 Thread Chris Thielen 
Paulo:

This is almost certainly a misconfiguration of your MTA.  Please provide
details of your server configuration. (SA does *not* delete email)

--
Chris Thielen

Easily generate SpamAssassin rules to catch obfuscated spam phrases:
http://www.sandgnat.com/cmos/


Paulo Lenz said:
> Im having a problem with spamassassin,
>
> After I installed it, I am not receiving any more mails... I think its
> deleting all the mails when thay arrive, because they are not returning to
> the sender...
>
> Could anyone help me ?
>
> Thanks,
> Paulo



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] spamassassin is deleting ALL incoming mails!

2003-11-12 Thread Scott Antonivich 
Check the maillog file. Does it have any error messages?

Scott


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Paulo
Lenz
Sent: Tuesday, November 11, 2003 9:23 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] spamassassin is deleting ALL incoming mails!


Im having a problem with spamassassin,

After I installed it, I am not receiving any more mails... I think its
deleting all the mails when thay arrive, because they are not returning to
the sender...

Could anyone help me ?

Thanks,
Paulo



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Spam forward

2003-11-12 Thread Colin A. Bartlett 
Dan Sent: Wednesday, November 12, 2003 4:34 PM

> Does anyone know if spam can be forwarded onto another mailbox?

I too am interested in this. I could never get my corpus exported from
outlook so I would like to copy spammy messages to another mailbox. Or even
to a folder within my mailbox. That way I could test rules on it. Ideally I
would want to copy hammy messages to another mailbox too. But first things
first. I've been playing with procmail for a while specifically the c flag
but never got it to work.

I tried a ton of different procmail recipes but I think something like this
was my latest:

DROPPRIVS=yes
:0fw
| spamc -u [EMAIL PROTECTED] -d sa.ip.add.ress
:0 c
* ^X-Spam-Flag: YES
spamcorpus

Any thoughts? I was thinking maybe it was a permissions issue since I would
bet procmail runs as my user and that it wouldn't have rights to write to
the spamcorpus.

much obliged,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Attachments

2003-11-12 Thread Colin A. Bartlett 
Matt Kettler Sent: Wednesday, November 12, 2003 2:40 PM

> At 01:38 PM 11/12/2003, Scott Antonivich wrote:
> >but can attachments be tagged as spam per user? If
> >so, what do I need to place in this users config file?
>
> You'd have to create a custom rule to look for mime boundaries..
>
> However, to do it per-user, you'll need to have per-user configs, and
> per-user rules, something that most site-wide SA configurations have no
> capability to do.

I would think you could write a mime boundries rule like Matt suggests but
score it 0 on the site wide config. Then just score it something higher on
the individual users config file. Crew, am I wrong here?

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] OT: Administrivia: List mom, please disable the bouncing thewizard.net subscriber.

2003-11-12 Thread Matt Kettler 
At 02:14 PM 11/12/2003, Pedro Sam wrote:
I had SA learn it as spam, and it never bothered me again :)  Perhaps this is
not the proper way of using SA, but it works.
Or you can add "comingsoon.pool.com" to your /etc/mail/access file with a 
550 rejection :)

Received: from mx10.comingsoon.pool.com (mx10.comingsoon.pool.com 
[199.85.4.240])
by xanadu.evi-inc.com (8.11.6/8.11.6) with SMTP id h9SJ2xj17181
for <[EMAIL PROTECTED]>; Tue, 28 Oct 2003 14:03:00 -0500
Received: from mailnull by mx10.comingsoon.pool.com with local (Exim 4.20)
id 1AEZ6p-000E2W-8I
for [EMAIL PROTECTED]; Tue, 28 Oct 2003 19:02:27 +
From: [EMAIL PROTECTED]



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] scoring system and values... (Bayes scoring)

2003-11-12 Thread Smart,Dan 
I don't use Razor or Pyzor partly for this reason, and partly due to delay
issues.

By the way...

When discussing why certain rules have certain scores, the set of scores
that make no sense to me is the scoring given to Bayes:

--50_scores.cf --
score BAYES_00 0 0 -4.901 -4.900
score BAYES_01 0 0 -0.600 -1.524
score BAYES_10 0 0 -0.734 -0.908
score BAYES_20 0 0 -0.127 -1.428
score BAYES_30 0 0 -0.349 -0.904
score BAYES_40 0 0 -0.001 -0.001
score BAYES_44 0 0 -0.001 -0.001
score BAYES_50 0 0 0.001 0.001
score BAYES_56 0 0 0.001 0.001
score BAYES_60 0 0 1.789 1.592
score BAYES_70 0 0 2.142 2.255
score BAYES_80 0 0 2.442 1.657
score BAYES_90 0 0 2.454 2.101
score BAYES_99 0 0 5.400 5.400
--

Why is BAYES_00 not = -1*BAYES_99 ?
Why would BAYES_70 score higher than BAYES_80 or BAYES_90?
Same with BAYES_20 and BAYES_10.

I can only assume those who trained the Bayes filter before running the GA
trained with a bad corpus.

Also, I felt granularity should be finer as you approach 100% since it takes
a whole normal standard deviation to get from 98% to 99%, and values should
be the same on each side of 50%.

I've updated/rescored the following rules as defined below:

 local.cf --
body BAYES_01   eval:check_bayes('0.01', '0.02')
body BAYES_02   eval:check_bayes('0.02', '0.10')
body BAYES_98   eval:check_bayes('0.98', '0.99')
body BAYES_90   eval:check_bayes('0.90', '0.98')
score BAYES_00  -5.4
score BAYES_01  -4.0
score BAYES_02  -3.0
score BAYES_10  -2.5
score BAYES_80   2.5
score BAYES_90   3.0
score BAYES_98   4.0
score BAYES_99   5.4
-

<>


 

| -Original Message-
| From: Covington, Chris [mailto:[EMAIL PROTECTED] 
| Sent: Wednesday, November 12, 2003 11:10 AM
| To: Larry Gilson; [EMAIL PROTECTED]
| Subject: RE: [SAtalk] scoring system and values...
| 
| Definitely FPs.  I think SA has a very difficult time with 
| solicited commercial email, even with Bayes feeding.  I had 
| to up my site-wide installation to 10.0 to get only the worst 
| of the worst and to stop people's solicited Princeline / 
| Day's Inn, etc. hotel confirmations and travel/real estate 
| deals lists from getting tagged.
| 
| And it doesn't help that Razor, DCC and Pyzor have a lot of 
| users that report legitimate solicited commercial email as 
| spam (the people that forget to uncheck "send me great 
| offers" when they order a product from a vendor, and then 
| report those vendors' "great offers" as spam).
| 
| Maybe it's better to not use Bayes at all on a site-wide 
| basis.  I've noticed Columbia University doesn't use Bayes...
| 
| Chris 
| 
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] On 
| Behalf Of Larry Gilson
| Sent: Tuesday, November 11, 2003 2:18 PM
| To: [EMAIL PROTECTED]
| Subject: RE: [SAtalk] scoring system and values...
| 
| I don't know if this really fits in this subject or not.  
| However, I keep thinking while reading this thread if anyone 
| considers real opt-in advertisements/messages that get tagged 
| by SA (like from OshKosh, Travelocity, Lands' End, etc.) to 
| be a FP or not.  Do site-wide Bayes installs have a hard time 
| differentiating without feeding?
| 
| Thanks,
| Larry
| 
| 
| ---
| This SF.Net email sponsored by: ApacheCon 2003,
| 16-19 November in Las Vegas. Learn firsthand the latest 
| developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, 
| and more! http://www.apachecon.com/ 
| ___
| Spamassassin-talk mailing list
| [EMAIL PROTECTED]
| https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
| 


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] spamassassin is deleting ALL incoming mails!

2003-11-12 Thread Paulo Lenz 



Im having a problem with spamassassin,
 
After I installed it, I am not receiving any more mails... I think its 
deleting all the mails when thay arrive, because they are not returning to the 
sender...
 
Could anyone help me ?
 
Thanks,
Paulo

RE: [SAtalk] [RD] simple rule for consumption

2003-11-12 Thread Regis Wilson 
>I had several false positives today based on the BAD_X_HEADERS rule. I'm
>using the rules from Chris' site (Nov02).  The legitimate emails had an
>"X-URL" header.  All of the FPs where from a single mailing list.  For what
>ever reason, they are providing a valid link to some content within this
>header.
>
It is possible there may be false positives; I would suggest removing the
X-URL portion from the rule if that causes problems at your site.  Chris, if
you don't mind removing that clause, thanks!

X-URL does sound like it could be used legitimately; it is not "as bogus"
as the X-Campaign header, for example.  Another thing to think about is
writing a rule specifically for X-URL that scans for either a) malformations
or b) "bad" or spam friendly URLs.  I will try to work on an example, but
others are welcome to contribute.  (Upon further examination, X-URL is
fairly rare in my corpus so I will simply remove it without much effect on
the spam scores, hopefully).

As another example, I had originally scored the X-UID: header until I
discovered it was "legitimate" as well; in fact, one of my own sendmail
MTAs was adding it to outbound mail!  :)


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Attachments

2003-11-12 Thread Dan Kohn 
This would also catch HTML mail (which uses the same MIME formatting as
attachments).  The user probably doesn't want this.  You could
alternatively use a procmail rule to discard mail above a certain size,
like 2 (20 KB).  However, removing attachments in general is pretty
unlikely to be a good idea.   

  - dan
--
Dan Kohn 
  
-Original Message-
From: Colin A. Bartlett [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 12, 2003 12:52
To: Scott Antonivich; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: [SAtalk] Attachments

Matt Kettler Sent: Wednesday, November 12, 2003 2:40 PM

> At 01:38 PM 11/12/2003, Scott Antonivich wrote:
> >but can attachments be tagged as spam per user? If
> >so, what do I need to place in this users config file?
>
> You'd have to create a custom rule to look for mime boundaries..
>
> However, to do it per-user, you'll need to have per-user configs, and
> per-user rules, something that most site-wide SA configurations have
no
> capability to do.

I would think you could write a mime boundries rule like Matt suggests
but
score it 0 on the site wide config. Then just score it something higher
on
the individual users config file. Crew, am I wrong here?

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] WhiteList problem

2003-11-12 Thread Kiryl Hakhovich 
Hello guys,

I guess i'm doing something totaly WRONG herebut can't figure out
what. I have spamassassin 2.60.
I have placed a file whitelist.cf in my /etc/mail/spamassassin/
the file has following:

def_whitelist_from_rcvd [EMAIL PROTECTED]   goodwillny.org
def_whitelist_from_rcvd [EMAIL PROTECTED]   goodwillny.org

now the messages that coming from root (daily reports) 9 times out of 10
gets marked as spam, and only once it says skipped because
whitelisted

am I missing something here?

here is a headers for email that should be going through:

---

Received:  from
mail-gateway.exchange.goodwillny.org ([10.0.1.27]) by 
winxchnge2-2kab.exchange.goodwillny.org with Microsoft SMTPSVC(5.0.2195.6713); Mon, 10 
Nov 2003 09:22:42 -0500
Received:  from dns.ns1.goodwillny.org (localhost.localdomain [127.0.0.1]) by 
dns.ns1.goodwillny.org (8.12.10/8.12.10) with ESMTP id hAA929at008725;
Mon, 10 Nov 2003 04:02:09 -0500
Received:  (from [EMAIL PROTECTED]) by dns.ns1.goodwillny.org (8.12.10/8.12.10/Submit) 
id hAA926Ym008723; Mon, 10 Nov 2003 04:02:06 -0500
Date: Mon, 10 Nov 2003 04:02:06 -0500
From: root <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: [SPAM] LogWatch for dns.ns1.goodwillny.org
X-Virus-Scanned: clamdscan / ClamAV
version 20030829
X-Spam-Flag:  YES
X-Spam-Status:  Yes,
hits=28.2 required=5.0
tests=. autolearn=no version=2.60
X-Spam-Level:

X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
dns.ns1.goodwillny.org
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 10 Nov 2003 14:22:42.0112 (UTC)
FILETIME=[1A167C00:01C3A796]
Content-Type: text/plain;
boundary="--=_3FAF5415.5A6CBD82"
X-Evolution-Source: imap://[EMAIL PROTECTED]
Mime-Version:  1.0

-

Thank you guys!!!

Sincerely,

Kiryl.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Gilson, Larry 


> -Original Message-
> From: David B Funk
> Sent: Wednesday, November 12, 2003 2:45 AM
> To: Larry Gilson
> Cc: 'Robban'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] SMTP gateway/filter
> 
> 
> On Tue, 11 Nov 2003, Larry Gilson wrote:
> 
> > The preferred method is any way you prefer. ;)  That is really an 
> > honest answer.  Everyone has their own preferred method and 
> > a lot of times it depends on your specific situation.  Some people 
> > will pipe to a filter shell script, Procmail, maildrop, or spamc 
> > directly.  I prefer Procmail as it allows me to do more post SMTP 
> > processing with the message than the shell script or a direct pipe 
> > to spamc.  maildrop works well for some people but I honestly am
> > not familiar 
> 
> > with it.  I would like to hear from someone who has chosen 
> > maildrop rather than Procmail just to have a comparison though.
> >
> > --Larry
> >
> > > -Original Message-
> > > From: Robban
> > > Sent: Tuesday, November 11, 2003 2:58 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [SAtalk] SMTP gateway/filter
> > >
> > >
> > > I'm pretty new to spamassassin and I've only done a few 
> > > spamassassin/postfix installations. My next task is to sett 
> > > up some sort of STMP gateway that filters e-mail for spam and if 
> > > approved, forwards the mail to "the real" mail server. The real  
> > > mail server will probably be an exchange server but we might 
> > > also end up with godd ol' sendmail. What would be the preferred 
> > > practice in setting up such a thing. Any ideas?
> > >
> > > //robban
> 
> Larry,
> I agree with the first part of your advice to Robban but 
> completely disagree with the Procmail part.
> 
> Robban is asking specifically for a filtering front-end to 
> some kind of back-end mail server (such as Exchange). 
> Procmail would require him to fake a delivery to each account 
> on the SA processing machine, which would mean that they 
> would have to create user accounts for every Exchange user on 
> the SA box.
> 
> I think that Robban is looking for some kind of filtering 
> "appliance" that mail flows thru as a SMTP stream and the 
> back end server handles the delivery/user part.
> 
> Something like sendmail+milter, sendmail+mailscanner, 
> postfix+spamc or postfix+MIMEDefang would be better suited to 
> this application. It can process & tag mail with out needing 
> any specific user account information.
> 
> Dave

Hi Dave,

I am running Postfix/Procmail/SA in a site-wide (relay) configuration in
front of an Exchange mail system.  Procmail can be used as a general mail
filter using the -m option and the content_filter configuration.  The
master.cf file would include the following:

# =
# service type  private  unpriv  chroot  wakeup  maxproc  command + args
# (yes)  (yes)   (yes)   (never) (100)
# =
smtpinet  n-   y   -   -smtpd
-o content_filter=spam:


spam  unix  - n  n   -   5pipe
  flags=Rq user=spam argv=/usr/bin/procmail -m /home/merlin/etc/spam.rc
${sender} ${recipient}

Hopefully the flags line will not wrap as it needs to be on one line.


So, the message is piped to the Procmail using the non-priveleged user
account spam (or whatever name you want).  All processing is performed under
the user spam which will also have a user_prefs and will own Bayes, AWL, etc
files.  I don't have to worry about 'spamc -u' as spamc is called from
Procmail under the spam account.

By utilizing this method, I capture both the envelope sender and recipient
addresses to be utilized by SA.  I can have
header/body/attachment/whitelist/blacklist checks external to SA.  The most
beneficial checks is the whitelist to reduce messages that need to be sent
to SA.  Almost all of the checks I used to use before SA are now turned off.
I do use Procmail to customize solutions for specific needs.  I am starting
to use it for initial Bayes training of some messeages (like requested legit
company notifications - Sears, JC Penney, Lands' End, etc.)

--Larry



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Combining spamc options

2003-11-12 Thread Regis Wilson 
I would like to combine the two options "-c" and "-y" for spamc.  I would like
to retain the functionality of printing the hits/required score and setting
the exit code while also printing out the rules hit.  I want to log the hits
to the rules for accounting purposes, but spamc does not appear to be able
to combine -c with any other option (and the documentation does not imply that
it can be done).  Currently the only option appears to be scanning twice,
once `spamc -y` and then `spamc -c`.

Just a thought/suggestion/nice-thing-to-have.


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Attachments

2003-11-12 Thread Matt Kettler 
At 03:51 PM 11/12/2003, Colin A. Bartlett wrote:
I would think you could write a mime boundries rule like Matt suggests but
score it 0 on the site wide config. Then just score it something higher on
the individual users config file. Crew, am I wrong here?
Good point.. that way you wouldn't need to allow user rules. 



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] newb-level Bayes question (sa-learn)

2003-11-12 Thread Scott Antonivich 
Sam I am? SorrysorryI simply couldnt resist.

Scott

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of ian
douglas
Sent: Wednesday, November 12, 2003 3:00 PM
To: [EMAIL PROTECTED]
Subject: [SAtalk] newb-level Bayes question (sa-learn)


Sorry for the confusion on this...

I have some custom code that splits MailScanner's archive of all incoming
mail into known spam and ham, then I manually move what's left in the
archive into the spam/ham mbox files and then run sa-learn on the spam/ham
mailboxes and then append them to archives of known spam and known ham.

Yesterday though, I accidentally copied a message to the 'spam' mailbox and
ran sa-learn on it, and that message was really 'ham'.

If I accidentally run sa-learn on a message as spam that really was *ham*,
can I simply run "sa-learn --ham" on the message to cancel it out without
using the "--forget" flag first?

Or do I need to rebuild my entire Bayes database?

Sorry for the newb questions, just confused about this.





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Help on SpamAssasin

2003-11-12 Thread a3 




Hello,


I have a Debian Linux Firewall, configured by someone I know that is no
longer available.

For my work I program on Windows platforms, so I don't know much about
Linux, just some basic things.

The problem I am facing has to do with mail spam.

Behind the firewall is a mailserver (windowsbased  ) that
checks on port 25

The Linux PC does a redir of port 25 from the WAN ip adress to the mail
server IP adress.


Can I use SpamAssasin to replace this and block spam. ?

If so, where can I find doc's on how to install and configure it in
such a way ?


Would really appreciate the help.


Adrie Bouwmeester

Schijndel

The Netherlands




<>

[SAtalk] Spam forward

2003-11-12 Thread Dan 
Hey guys!

Does anyone know if spam can be forwarded onto another mailbox? Right now I
have being trapped in /var/virusmails.

I would like to have it all sent to [EMAIL PROTECTED]

Thoughts?

Dan



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Detailed Scores in Header

2003-11-12 Thread Colin A. Bartlett 
Greg Miller Sent: Wednesday, November 12, 2003 11:48 AM

> Having being using SA, and have searched the archive, so be kind.
>
> I would like to have the score assigned for the various rules appear in
> the header of the message instead of just the aggregate score and the
> names of the rules that hit.

You'll want to put an add_header lines into your local.cf file.

See the docs at: http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html

The section called "MESSAGE TAGGING OPTIONS" is what you want. Take a look
at very top of the docs where it says "TAGS" too.

As the docs say:
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTS_
autolearn=_AUTOLEARN_ version=_VERSION_
is the default.

So adding this to your local.cf:
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_
tests=_TESTSSCORES_ autolearn=_AUTOLEARN_ version=_VERSION_
would add the scores, according to the documentation.

I'm just guessing here, BTW. Just took a quick glance at the docs to this is
what I deduced. Give it a shot. See, I was nice. I didn't even tell you to
RTFM. :)

cheers,
Colin

Colin A. Bartlett
Kinetic Web Solutions
www.kineticweb.biz



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] newb-level Bayes question (sa-learn)

2003-11-12 Thread Theo Van Dinter 
On Wed, Nov 12, 2003 at 12:00:03PM -0800, ian douglas wrote:
> If I accidentally run sa-learn on a message as spam that really was *ham*,
> can I simply run "sa-learn --ham" on the message to cancel it out without
> using the "--forget" flag first?

yes.

-- 
Randomly Generated Tagline:
"We love the /dev/null device in IT, it's really fast when you back
 things up to it" - Jeff Tyler


pgp0.pgp
Description: PGP signature

Re: [SAtalk] WhiteList problem

2003-11-12 Thread Kiryl Hakhovich 
On Wed, 2003-11-12 at 13:39, Matt Kettler wrote:
> At 12:13 PM 11/12/2003, Kiryl Hakhovich , [EMAIL PROTECTED] wrote:
> >am I missing something here?
> >
> >here is a headers for email that should be going through:
> >
> >---
> >
> >Received:  from
> >mail-gateway.exchange.goodwillny.org ([10.0.1.27]) by 
> >winxchnge2-2kab.exchange.goodwillny.org with Microsoft 
> >SMTPSVC(5.0.2195.6713); Mon, 10 Nov 2003 09:22:42 -0500
> 
> Yeah.. that won't match any whitelist_from_rcvd commands... ever. 
> SpamAssassin will ONLY honor a host name that appears next to a dotted IP 
> in the headers, as the helo portion can be easily forged.
> 
> That header appears to be a machine that helo'ed as 
> mail-gateway.exchage.goodwillny.org, but does not have a reverse DNS entry 
> for it's IP address. Do you have a PTR record for 10.0.1.27 on your local 
> dns resolver?
> 
thanks guys.

Yeah i have a PTR record ptr 10.0.1.27, it's resolves to
mail3.goodwillny.org on my local resolver.

Kiryl.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Attachments

2003-11-12 Thread Scott Antonivich 
Hmmm... ok, I thought I saw a MICROSOFT executables rule in the archive, so
I figuredif you could flag executablesyou could also flag other
attachments...

Oh wellthanks for the info...

Scott Antonivich


-Original Message-
From: Matt Kettler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 12, 2003 2:40 PM
To: Scott Antonivich; [EMAIL PROTECTED]
Subject: Re: [SAtalk] Attachments


At 01:38 PM 11/12/2003, Scott Antonivich wrote:
>but can attachments be tagged as spam per user? If
>so, what do I need to place in this users config file?

You'd have to create a custom rule to look for mime boundaries..

However, to do it per-user, you'll need to have per-user configs, and
per-user rules, something that most site-wide SA configurations have no
capability to do.




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] timed out

2003-11-12 Thread Chris Trudeau 
All,

I'm not sure what the problem is with my MailScanner/SpamAssassin
installation.  I'm using exactly the same configuration as in another
location.

RedHat 7.3
DCC
Razor2
SpamAssassin 2.60
MailScanner 4.22-5 (testing with same system thats in production)

I have validated that DCC is working through the firewall and Razor is as
well since I have processed messages that have DCC_Checks and Razor_Checks
in the headers after processing...SpamAssassin catches lmost all fo the
SPAM, but a few keep getting through with the MaiLScaner Header indicating:

SpamAssassin (timed out)


When running my MailScanner with SA in debug mode (both) the debug level
output doesn't seem to hang and the DEBUG even produces a score for the SAME
MESSAGE passed to it with the spamassassin -d < messagefile command.  So I
am unable to replicate the issue.

I have done the following things to try and rid the system of this
confounded timeout:

1.  installed caching nameserver locally to try and ensure that network and
DNS server latency wasn't causing the problem for all name lookups AND RBLS.
2.  Increased timeout value in MailScanner.
3.  Turned off RAZOR...this was the latest...this afternoon...

I'm running an exact replica of this install with an older version 2.55 of
Spam Assassin without any issue.  SA times out once every 300-400
messages...

Any ideas how to troubleshoot this and isolate the problem would be helpful.

THX
CT



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] OT: Administrivia: List mom, please disable the bouncing thewizard.net subscriber.

2003-11-12 Thread Justin Mason 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Bob Apthorpe writes:
> Hi,
> 
> Can one of the mailing list Powers That Be disable whichever subscriber is
> routing mail to thewizard.net? I'm tired of pool.com's useless autoack
> ads, especially due to a suspicious piece of their URL (below.)

I'd love to -- but I haven't been able to figure out *who* on the
thousands of list subscribers is doing this.  The bounce message
is effectively useless for this... :(

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Exmh CVS

iD8DBQE/spL3QTcbUG5Y7woRAgHTAJ0d1bK9I3a+piltIVzOixEINGRXZgCfR5WU
AINOb9IZiktajM8tQxTsxcE=
=XTfE
-END PGP SIGNATURE-



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] FROM_AND_TO_SAME Rule does not seem to work

2003-11-12 Thread Gerhardt, Scott 
Title: FROM_AND_TO_SAME Rule does not seem to work





Derek Jennings [EMAIL PROTECTED] wrote:


> Most of the few spams that make it to my inbox are from
> "some_name"  [...]


I've been having pretty good luck with a meta-rule that compares addresses in "From:" with the IP address in "Received:" and tags only if they don't match up.  Thus:

  ## Forged CAMI Header
  header   __CLAIMS_FROM_CAMI    From  =~   /[EMAIL PROTECTED]/i
  header   __NOT_CAMI_IP Received  !~   /\[206\.252\.197\.\d+\]/
  meta FORGED_CAMI_RCVD  (__CLAIMS_FROM_CAMI && __NOT_CAMI_IP)
  describe FORGED_CAMI_RCVD  Forged CAMI Header
  score    FORGED_CAMI_RCVD  10.000


Note that __NOT_CAMI_IP contains a negative operator and contains a regex matching all of my "legit" IP networks (pared down here for readability).

It ain't 100% there -- for some reason I get a few false-positives when received from localhost -- but it seems to be zapping all of the impersonators.

Comments?


--
Scott Gerhardt

Re: [SAtalk] Attachments

2003-11-12 Thread Matt Kettler 
At 01:38 PM 11/12/2003, Scott Antonivich wrote:
but can attachments be tagged as spam per user? If
so, what do I need to place in this users config file?
You'd have to create a custom rule to look for mime boundaries..

However, to do it per-user, you'll need to have per-user configs, and 
per-user rules, something that most site-wide SA configurations have no 
capability to do.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] newb-level Bayes question (sa-learn)

2003-11-12 Thread ian douglas 
Sorry for the confusion on this...

I have some custom code that splits MailScanner's archive of all incoming
mail into known spam and ham, then I manually move what's left in the
archive into the spam/ham mbox files and then run sa-learn on the spam/ham
mailboxes and then append them to archives of known spam and known ham.

Yesterday though, I accidentally copied a message to the 'spam' mailbox and
ran sa-learn on it, and that message was really 'ham'.

If I accidentally run sa-learn on a message as spam that really was *ham*,
can I simply run "sa-learn --ham" on the message to cancel it out without
using the "--forget" flag first?

Or do I need to rebuild my entire Bayes database?

Sorry for the newb questions, just confused about this.





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] OT: Administrivia: List mom, please disable the bouncing thewizard.net subscriber.

2003-11-12 Thread Pedro Sam 
I had SA learn it as spam, and it never bothered me again :)  Perhaps this is 
not the proper way of using SA, but it works.

Pedro

On November 12, 2003 01:44 pm, Bob Apthorpe wrote:
> Hi,
> 
> Can one of the mailing list Powers That Be disable whichever subscriber is
> routing mail to thewizard.net? I'm tired of pool.com's useless autoack
> ads, especially due to a suspicious piece of their URL (below.)
> 
> Thanks,
> 
> -- Bob
> 
> On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:
> 
>
> > We were unable to deliver your email.
> >
> > The domain you are sending to may have been recently registered or
> > re-registered using Pool.com's backorder services.
> >
> > For more information on how you can backorder a domain with no risk, and
> > no
 up-front fees at Pool.com, please click on the following link.
> >
> > http://www.pool.com/index.aspx?aff=R-AAAHH&ea=PoolEMARINTXT
>
> ^^
> Eddy Marin? http://www.mugshots.com/Favorites/Eddy_Marin.htm
> 
>
> >
> > Regards,
> >
> > Customer Service
> > [EMAIL PROTECTED]
> >
> >
>
> 
> 
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

-- 
When in doubt, do what the President does -- guess.


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] WhiteList problem

2003-11-12 Thread Matt Kettler 
At 12:13 PM 11/12/2003, Kiryl Hakhovich , [EMAIL PROTECTED] wrote:
am I missing something here?

here is a headers for email that should be going through:

---

Received:  from
mail-gateway.exchange.goodwillny.org ([10.0.1.27]) by 
winxchnge2-2kab.exchange.goodwillny.org with Microsoft 
SMTPSVC(5.0.2195.6713); Mon, 10 Nov 2003 09:22:42 -0500
Yeah.. that won't match any whitelist_from_rcvd commands... ever. 
SpamAssassin will ONLY honor a host name that appears next to a dotted IP 
in the headers, as the helo portion can be easily forged.

That header appears to be a machine that helo'ed as 
mail-gateway.exchage.goodwillny.org, but does not have a reverse DNS entry 
for it's IP address. Do you have a PTR record for 10.0.1.27 on your local 
dns resolver?





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] OT: Administrivia: List mom, please disable the bouncing thewizard.net subscriber.

2003-11-12 Thread Bob Apthorpe 
Hi,

Can one of the mailing list Powers That Be disable whichever subscriber is
routing mail to thewizard.net? I'm tired of pool.com's useless autoack
ads, especially due to a suspicious piece of their URL (below.)

Thanks,

-- Bob

On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:

> We were unable to deliver your email.
>
> The domain you are sending to may have been recently registered or
> re-registered using Pool.com's backorder services.
>
> For more information on how you can backorder a domain with no risk, and no
> up-front fees at Pool.com, please click on the following link.
>
> http://www.pool.com/index.aspx?aff=R-AAAHH&ea=PoolEMARINTXT
^^
Eddy Marin? http://www.mugshots.com/Favorites/Eddy_Marin.htm

>
> Regards,
>
> Customer Service
> [EMAIL PROTECTED]
>
>


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Attachments

2003-11-12 Thread Scott Antonivich 
I have spamassassin working great with postfix on RedHat9. I have a user
that would like to tag all attachments as spam. I realize SpamAssassin is
not virus protectionbut can attachments be tagged as spam per user? If
so, what do I need to place in this users config file?

I assume it has something to do with   score

I searched the archives and this didn't seem to be mentioned.

Thanks for the help...

Scott



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Attachments

2003-11-12 Thread Scott Antonivich 
Hello,

I searched the archives and did not find an answer so I am asking the list.

I have a user that wishes to have all attachments tagged as SPAM. How can
this be done? I realize that it is not virus protection but they want to
have all attachments tagged.

Scott Antonivich



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Rule is blocking everything

2003-11-12 Thread Matt Kettler 
At 12:15 PM 11/12/2003, Dan wrote:
Yesterday we were talking about blocking certain words. The suggestion came
up to put the following in:
body LOCAL_SWEARWORD /\b(?:word1|word2|word3|word4)\b/i
I put this in the bottom of my /etc/mail/spamassassin/local.cf

It seems to block all mail? Any ideas?
Unless you post your exact rule, there's not anything I can suggest..

Perhaps you're word list contains punctuation characters that aren't 
escaped?  (and should wind up with a .* in there you'll easily match almost 
anything..)

Perhaps you included a word that's always in every message and you naively 
assumed it wouldn't be..









---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] WhiteList problem

2003-11-12 Thread Kiryl Hakhovich 
Hello guys,

I guess i'm doing something totaly WRONG herebut can't figure out
what. I have spamassassin 2.60.
I have placed a file whitelist.cf in my /etc/mail/spamassassin/
the file has following:

def_whitelist_from_rcvd [EMAIL PROTECTED]   goodwillny.org
def_whitelist_from_rcvd [EMAIL PROTECTED]   goodwillny.org

now the messages that coming from root (daily reports) 9 times out of 10
gets marked as spam, and only once it says skipped because
whitelisted

am I missing something here?

here is a headers for email that should be going through:

---

Received:  from
mail-gateway.exchange.goodwillny.org ([10.0.1.27]) by 
winxchnge2-2kab.exchange.goodwillny.org with Microsoft SMTPSVC(5.0.2195.6713); Mon, 10 
Nov 2003 09:22:42 -0500
Received:  from dns.ns1.goodwillny.org (localhost.localdomain [127.0.0.1]) by 
dns.ns1.goodwillny.org (8.12.10/8.12.10) with ESMTP id hAA929at008725;
Mon, 10 Nov 2003 04:02:09 -0500
Received:  (from [EMAIL PROTECTED]) by dns.ns1.goodwillny.org (8.12.10/8.12.10/Submit) 
id hAA926Ym008723; Mon, 10 Nov 2003 04:02:06 -0500
Date: Mon, 10 Nov 2003 04:02:06 -0500
From: root <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: [SPAM] LogWatch for dns.ns1.goodwillny.org
X-Virus-Scanned: clamdscan / ClamAV
version 20030829
X-Spam-Flag:  YES
X-Spam-Status:  Yes,
hits=28.2 required=5.0
tests=. autolearn=no version=2.60
X-Spam-Level:

X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
dns.ns1.goodwillny.org
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 10 Nov 2003 14:22:42.0112 (UTC)
FILETIME=[1A167C00:01C3A796]
Content-Type: text/plain;
boundary="--=_3FAF5415.5A6CBD82"
X-Evolution-Source: imap://[EMAIL PROTECTED]
Mime-Version:  1.0

-

Thank you guys!!!

Sincerely,

Kiryl.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Rule is blocking everything

2003-11-12 Thread Bob Apthorpe 
Hi,

On Wed, 12 Nov 2003, Dan wrote:

> Hey guys!
>
> Yesterday we were talking about blocking certain words. The suggestion came
> up to put the following in:
> body LOCAL_SWEARWORD /\b(?:word1|word2|word3|word4)\b/i
>
> I put this in the bottom of my /etc/mail/spamassassin/local.cf
>
> It seems to block all mail? Any ideas?

Is that really the rule you used? Also, what's the score associated with
that rule? There should be a corresponding 'score LOCAL_SWEARWORD 0.1'
line with a low score value for testing purposes.

-- Bob


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] scoring system and values...

2003-11-12 Thread Covington, Chris 
Definitely FPs.  I think SA has a very difficult time with solicited
commercial email, even with Bayes feeding.  I had to up my site-wide
installation to 10.0 to get only the worst of the worst and to stop
people's solicited Princeline / Day's Inn, etc. hotel confirmations and
travel/real estate deals lists from getting tagged.

And it doesn't help that Razor, DCC and Pyzor have a lot of users that
report legitimate solicited commercial email as spam (the people that
forget to uncheck "send me great offers" when they order a product from
a vendor, and then report those vendors' "great offers" as spam).

Maybe it's better to not use Bayes at all on a site-wide basis.  I've
noticed Columbia University doesn't use Bayes...

Chris 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Larry Gilson
Sent: Tuesday, November 11, 2003 2:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] scoring system and values...

I don't know if this really fits in this subject or not.  However, I
keep
thinking while reading this thread if anyone considers real opt-in
advertisements/messages that get tagged by SA (like from OshKosh,
Travelocity, Lands' End, etc.) to be a FP or not.  Do site-wide Bayes
installs have a hard time differentiating without feeding?

Thanks,
Larry


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] New Spam Source? Rules for this yet??

2003-11-12 Thread Christopher X. Candreva 
On Tue, 11 Nov 2003, Robert Leonard III wrote:

> I have been getting several new spams that seem to get past my SA setup..
>
> So far they have come from:
> @name-james.com
> @name-clark.com
> @smegheads.com

These guys are on both spamhaus and njabl .  We're blocking via these lists
at the sendmail level, so SA isn't even seeing them.

Are you using razor and/or DCC ? I would think that between those DNSBL
lists, razor/dcc, and bayes this would be caught even if it didn't trigger
anything else.



==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Covington, Chris 
My way is easier:

http://www.plusone.com/gaptuning/postfix

Chris 


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Detailed Scores in Header

2003-11-12 Thread Greg Miller 
Having being using SA, and have searched the archive, so be kind.

I would like to have the score assigned for the various rules appear in 
the header of the message instead of just the aggregate score and the 
names of the rules that hit.

I want to verify that my changes to the score are actually working.

Thanks for any pointers.

--
Greg Miller, RHCE, CCNA, MCSE
Senior Network Specialist
University of Richmond
[EMAIL PROTECTED]
(804) 289-8546


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Todd Schuldt 
Same here - according to my logs and other records after changing to 2.6 our
FP rate dropped and our FN rate dropped which made co-workers happy but
overall the number of spams per day has risen roughly 45% over the last 3
months.  Also we have smtpi blacklists in place and server connection
rejections at that level have increased 75% in the same period of time.

Todd

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
Pineau
Sent: Wednesday, November 12, 2003 8:51 AM
To: spam
Subject: RE: [SAtalk] more spam since installing 2.60

On Wed, 2003-11-12 at 09:26, Chris Santerre wrote:
> > 
> > Is anyone else experiencing more junk mail getting through 
> > since installing
> > 2.60?

> This seems to be a common theme for any new version of SA.

I've been seeing a lot more spam *period*.  Perhaps it's not that more
is getting through.  I'd be interested to see his ham/spam ratio and to
know if it's changed any in the last few months.


-- 
Frank Pineau
Hey, you know those Roman hackers?  Man, were they I III III VII!



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Bounce all but whitelist

2003-11-12 Thread Terry Milnes 
Beats me, I don't use postfix/postfixfilter I use qmail/vpopmail/procmail.

SA does NOT delete mail, that can be accomplished with the filter file. 
 So adjust your filter file to auto delete mail scoring >99  (Assuming 
of course that a postfixfilter file can do this).

Of course if postfix doesn't have this ability you could tell him to set 
up a filter at his email client to drop mails into the trash.

tm

Tim Merkel wrote:
This is a great start, but how do I tell SA to delete the blacklisted mail
just for this user?
Blacklisting [EMAIL PROTECTED] in MySQL will tag everything as SPAM but not delete it.
Since my users are postfix virtual, they do not have a ~/.procmailrc file,
or a home directory for that matter.  I would only like to delete
blacklisted e-mail for this user, so a global option is out of the picture.
Thanks again for your help!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Terry
Milnes
Sent: Wednesday, November 12, 2003 4:57 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Bounce all but whitelist
Haha I just had to try this  Blacklist [EMAIL PROTECTED] in the db for that
particular user, then add his acceptable senders as whitelisted entries.
Don't know about any negative ramifications, but it does work and will
fit in with the way you want it to.
tm

Tim Merkel wrote:

I have a client who wishes to only allow mail into his inbox that is
explicitly allowed via his white list.  Yahoo currently allows you to do
this (which is where they got the idea).
I currently host multiple domains using postfix virtual mailboxes with
spamc/spamd (config files below).  spamd is reading user preferences from
mysql.  I would like to implement this so that this particular client
could use this functionality without affecting the way SA handles other
users spam.
Is there a user preference I can use to accomplish this?  I have
considered writing my own logic into my 'postfixfilter' to check the
userpref table in MySQL before calling spamc. Has anybody has success with
this.  Can anyone think of a better solution for this?
Thanks in advance for your help!

Tim Merkel

#/etc/postfix/main.cf (abbreviated)
#
=#
service
type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
#
=smt
p
inet  n   -   n   -   -   smtpd
 -o content_filter=spamfilter:
spamfilter unix -   n   n   -   -   pipe
 flags=Rq user=spamfilter argv=/usr/bin/postfixfilter -f ${sender} --
${recipient}
#/usr/bin/postfixfilter
/usr/bin/spamc -u $4 | /usr/sbin/sendmail -i "$@"
exit $?
#ps aux | grep spam
1011  8027  0.0  3.1 20168 16216 ?   SNov05   0:03
/usr/bin/spamd -d -c -a -x -q -u spamfilter


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk






---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [WL] [SAtalk] Bounce all but whitelist

2003-11-12 Thread Charles Gregory 
On Tue, 11 Nov 2003, Tim Merkel wrote:
> I have a client who wishes to only allow mail into his inbox that is
> explicitly allowed via his white list.

If you are using procmail, make a whitelist recipe in his .procmailrc
file. Technically, his mail will still go through spamassassin, but the
whitelist will make the final delivery choice.

Alternately, you can setup a 'hook' in your global procmailrc that will
INCLUDE=$HOME/.whitelist.rc *before* the spamc call, then it will take
precdence. In this case, he can then set a low score for spamassassin
that will still allow most new correspondents through while catching most 
or all of the spam.

Side note: I actually have a more complicated system that allows the user
to specify their whitelist as a plain text file, one entry per line, and
then when the modification date of whitelist.text is newer than
.whitelist.rc I have a script re-generate the whitelist.rc file, taking
care to escape all special characters, remove blank lines, etc.

- Charles



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Bounce all but whitelist

2003-11-12 Thread Tim Merkel 
This is a great start, but how do I tell SA to delete the blacklisted mail
just for this user?

Blacklisting [EMAIL PROTECTED] in MySQL will tag everything as SPAM but not delete it.
Since my users are postfix virtual, they do not have a ~/.procmailrc file,
or a home directory for that matter.  I would only like to delete
blacklisted e-mail for this user, so a global option is out of the picture.
Thanks again for your help!

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Terry
Milnes
Sent: Wednesday, November 12, 2003 4:57 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Bounce all but whitelist


Haha I just had to try this  Blacklist [EMAIL PROTECTED] in the db for that
particular user, then add his acceptable senders as whitelisted entries.

Don't know about any negative ramifications, but it does work and will
fit in with the way you want it to.

tm

Tim Merkel wrote:
> I have a client who wishes to only allow mail into his inbox that is
> explicitly allowed via his white list.  Yahoo currently allows you to do
> this (which is where they got the idea).
>
> I currently host multiple domains using postfix virtual mailboxes with
> spamc/spamd (config files below).  spamd is reading user preferences from
> mysql.  I would like to implement this so that this particular client
> could use this functionality without affecting the way SA handles other
> users spam.
>
> Is there a user preference I can use to accomplish this?  I have
> considered writing my own logic into my 'postfixfilter' to check the
> userpref table in MySQL before calling spamc. Has anybody has success with
> this.  Can anyone think of a better solution for this?
>
> Thanks in advance for your help!
>
> Tim Merkel
>
> #/etc/postfix/main.cf (abbreviated)
> #
> =#
> service
> type  private unpriv  chroot  wakeup  maxproc command + args
> #   (yes)   (yes)   (yes)   (never) (100)
> #
>
=smt
p
> inet  n   -   n   -   -   smtpd
>   -o content_filter=spamfilter:
> spamfilter unix -   n   n   -   -   pipe
>   flags=Rq user=spamfilter argv=/usr/bin/postfixfilter -f ${sender} --
> ${recipient}
>
>
> #/usr/bin/postfixfilter
> /usr/bin/spamc -u $4 | /usr/sbin/sendmail -i "$@"
> exit $?
>
> #ps aux | grep spam
> 1011  8027  0.0  3.1 20168 16216 ?   SNov05   0:03
> /usr/bin/spamd -d -c -a -x -q -u spamfilter
>
>
>
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>
>
>



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Off topic: Threads

2003-11-12 Thread Terry Milnes 
This list seems to be worse than most though, go figure .

Matt Kettler wrote:
At 07:18 AM 11/12/03 -0500, Terry Milnes wrote:

Are the threads on this list screwed up by the list program, or is it 
just users replying to existing mail to create new?

Just wondering, because it seems to be terribly messed up


That is a very common thing for people to do who don't use threading 
mail readers... It's a lot easier to hit reply than it is to copy the 
list address to a new message. Since many mail clients don't support 
threading, many people have never even seen it, and thus don't realize 
it has any impact at all.





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Rule is blocking everything

2003-11-12 Thread Dan 
Hey guys!

Yesterday we were talking about blocking certain words. The suggestion came
up to put the following in:
body LOCAL_SWEARWORD /\b(?:word1|word2|word3|word4)\b/i

I put this in the bottom of my /etc/mail/spamassassin/local.cf

It seems to block all mail? Any ideas?

Thanks
Dan

- Original Message -
From: "Charles Gregory" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 11, 2003 11:59 AM
Subject: [SAtalk] new to spamassassin


> On Tue, 11 Nov 2003, Yackley, Matt wrote:
> > Scott,
> > This would probably be a little better & cleaner looking:
> > body LOCAL_SWEARWORD /\b(?:word1|word2|word3|word4)\b/i
>
> And in case anyone else unfamiliar with regex is wondering about that
> question mark followed by a colon - it is a special code that tells the
> regex not to save the 'back-reference' variable it would normally create
> containing whatever matched that portion of the regex in parentheses. It
> saves a few processing cycles each time you do this. In a large collection
> of tests, it can be significant.
>
> - Charles
>
>
>
>
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Ralf Hildebrandt 
* Mark Hepler <[EMAIL PROTECTED]>:
> Another how-to you might want to look at if you are considering using 
> postfix - SA as your gateway to the Exchange server is:
> 
> Postfix - Exchange Server Mail relay
> A Postfix mail relay that protects an Exchange Server
> http://postfix.state-of-mind.de/patrick.koetter/mailrelay/
> 
> although this how-to does not cover implementing SpamAssassin, it
> will allow you to extract the user list from the Exchange server.
> This way the postfix gateway can discard invalid recipients prior to
> forwarding the messages to the groupware server.  keep the load out
> on the gateway instead of on the groupware server sheltering the
> Exchange server from Dictionary spam attacks.  then plug in
> SpamAssassin some sort of MIME defang, an AV solution or whatever
> other tools suit you, and you will be good to go.

Adding SA via amavisd-new is -- after that -- just a small step.
Using this we're blocking 13-14% ONLY by rejecting mail to
non-existant users.

-- 
Ralf Hildebrandt (Im Auftrag des Referat V a)   [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel.  +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax.  +49 (0)30-450 570-916
Referat V a - Kommunikationsnetze - AIM.  ralfpostfix


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] RBL dumb question

2003-11-12 Thread Matt Kettler 
At 10:23 AM 11/12/03 -0500, Chris Trudeau wrote:
How would I go about determining WHICH RBLS are being used currently (I know
they are "on").
Look through 20_dnsbl_tests.cf, then check to make sure the RBL in question 
has a non-zero score in 50_scores.cf.. grep is your friend.



And how would I go about adding/extracting an RBL from the SpamAssassin
checks?


Disabling a RBL is easy.. set the score of the rule to 0 in your local.cf 
and it will never be evaluated.
so for example you can disable SORBS with:

score  RCVD_IN_SORBS 0

Adding one is a bit tougher, you need to create a check_rbl or 
check_rbl_txt... to do this you'll need to understand a little bit about 
how the specific RBL works.. at least what kind of query it takes (ie: is 
it IP based or name based)

Normal IP based ones can just be implemented with a simple check_rbl rule.. 
Assuming an example "new blacklist" which is standard reverse-ip lookup 
type at x.x.x.x.newbl.newblacklist.org, you'd do something like this:

header RVCD_IN_NEWBLeval:check_rbl ('new', 'newbl.newblacklist.org')
score RCVD_IN_NEWBL 1.0
describe RCVD_IN_NEWBL  Received via relay
Note that the first parameter can be more-or-less anything but needs to be 
unique between different blacklists.. It's used to create storage of the 
results so you can do sub-queries of different bits in the result (look at 
the NJABL rules as an example). If the first parameter ends in -notfirsthop 
SA will attempt to skip the first IP in the headers (used for dialup BLs).

This rule will cause SA to DNS query "2.1.168.192.newbl.newblacklist.org" 
for the IP address 192.168.1.2.

Be sure to add your custom rules to 
/etc/mail/spamassassin/.cf... do not create new rules in 
/usr/share/spamassassin as the whole directory gets obliterated when you 
upgrade.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] RBL dumb question

2003-11-12 Thread Chris Trudeau 
How would I go about determining WHICH RBLS are being used currently (I know
they are "on").

And how would I go about adding/extracting an RBL from the SpamAssassin
checks?

CT



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: Updated Corn

2003-11-12 Thread Lukreme 
On 11 Nov 2003, at 20:52, Jennifer Wheeler wrote:
point bein'...i named them for me to remember, and knowing nobody else
would be naming rules similar to mine, so adding rules would not be a
problem.  When i saw they were fairly lethal, and spammers started 
being
even more blatant with what they did or said in emails (thinking they
could taunt us and get through no matter what), i decided to share the
wealth.  and because i was so fond of the work they did to so many
spamsi grew attached to the names.  i think and remember things in 
odd
ways, so why change when peeps can rename.
That makes sense.  OK, no one use  "snarkle", "filgret", and "ashcroft" 
for rule sets, they're mine (assuming I ever write SA rules which, at 
this point, seems doubtful).

I doubt anyone (or at least hardly anyone) is renaming your rulesets 
though.


--
So now you know the words to our song, pretty soon you'll all be 
singing along, when you're sad, when you're lonely and it all turns out 
wrong...


smime.p7s
Description: S/MIME cryptographic signature

Re: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Frank Pineau 
On Wed, 2003-11-12 at 11:09, chupacabra wrote:
> I watched all weekend and there was a trifle of spam.  At 7:00 am mon 
> morning it increased greatly till about 1:00 pm when we got mailbombed 
> and almost took the server down,  Steady boatloads of spam since then. 
>  Is there a webalizer  for spamassassin?  I would like to look at the 
> graphs.

You can try spamstats, but it doesn't seem to work right with 2.60. 
Someone posted a patch here a few weeks ago, but it's still buggy.  It's
hit-or-miss for me whether it works or not.

http://freshmeat.net/redir/spamstats/36361/url_homepage/#spamstats

-- 
Frank Pineau
Hey, you know those Roman hackers?  Man, were they I III III VII!


signature.asc
Description: This is a digitally signed message part

Re: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Mark Hepler 
Another how-to you might want to look at if you are considering using 
postfix - SA as your gateway to the Exchange server is:

Postfix - Exchange Server Mail relay
A Postfix mail relay that protects an Exchange Server
http://postfix.state-of-mind.de/patrick.koetter/mailrelay/
although this how-to does not cover implementing SpamAssassin, it will 
allow you to extract the user list from the Exchange server. This way 
the postfix gateway can discard invalid recipients prior to forwarding 
the messages to the groupware server.  keep the load out on the gateway 
instead of on the groupware server sheltering the Exchange server from 
Dictionary spam attacks.  then plug in SpamAssassin some sort of MIME 
defang, an AV solution or whatever other tools suit you,  and you will 
be good to go.

Mark Hepler

Paul Hutchings wrote:

Robban,

I've never used sendmail (too daunting for a newbie!), however, I use
postfix + spamassassin on a RH9 box to do filtering on mail that is relayed
to our exchange boxes.
postfix is really easy to setup for this purpose, and if you take a look at
http://postfix.cnc.bc.ca/twiki/bin/view/Main/SpamAssassinAndPostFix there is
a simple script that will hook it into spamassassin.
regards,
Paul
--
Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378
mailto:[EMAIL PROTECTED] 


-Original Message-
From: Robban [mailto:[EMAIL PROTECTED]
Sent: 11 November 2003 19:58
To: [EMAIL PROTECTED]
Subject: [SAtalk] SMTP gateway/filter
I'm pretty new to spamassassin and I've only done a few 
spamassassin/postfix
installations. My next task is to sett up some sort of STMP 
gateway that
filters e-mail for spam and if approved, forwards the mail to 
"the real"
mail server. The real mail server will probably be an 
exchange server but we
might also end up with godd ol' sendmail.
What would be the preferred practice in setting up such a 
thing. Any ideas?

//robban



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
--



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Off topic: Threads

2003-11-12 Thread Matt Kettler 
At 07:18 AM 11/12/03 -0500, Terry Milnes wrote:
Are the threads on this list screwed up by the list program, or is it just 
users replying to existing mail to create new?

Just wondering, because it seems to be terribly messed up
That is a very common thing for people to do who don't use threading mail 
readers... It's a lot easier to hit reply than it is to copy the list 
address to a new message. Since many mail clients don't support threading, 
many people have never even seen it, and thus don't realize it has any 
impact at all.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] more spam since installing 2.60

2003-11-12 Thread chupacabra 
I watched all weekend and there was a trifle of spam.  At 7:00 am mon 
morning it increased greatly till about 1:00 pm when we got mailbombed 
and almost took the server down,  Steady boatloads of spam since then. 
Is there a webalizer  for spamassassin?  I would like to look at the 
graphs.

Have fun.

Frank Pineau wrote:

I've been seeing a lot more spam *period*.  Perhaps it's not that more
is getting through.  I'd be interested to see his ham/spam ratio and to
know if it's changed any in the last few months.
 





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Replicating Bayes DB to other SA Boxes

2003-11-12 Thread Puchalski, Mark 
Title: Message



We have (3) SA Boxes 
(2.6) running Mimedefang, fronting Exchange in all 3 of our offices.  One 
box is at our main office and receives all mail.  The other two offices 
send outbound mail through their own SA box, and receive mail if the main office 
is down.
 
Every night, we're 
running a perl script (attached) that copies the MySQL database and the 
bayes db files to the remote office servers.  The MySQL replication appears 
to be working properly as I can see whitelist/blacklist items being used on the 
remotes, but when mail comes into one of the remote office SA boxes, it doesn't 
appear that any of the bayes scores are being used.  I do see the scores 
being utilized quite often on spam coming in to my main SA 
box.
 
The config was set 
up by an integrator, as my Linux knowledge is somewhat limited.  Is there 
something missing here in getting the bayes to work on the remote 
boxes?
 
Thanks.
 
--
Mark A. Puchalski
Network Engineer
Honigman Miller Schwartz and Cohn 
LLP
 
Tel  313.465.7167
Fax 313.465.8267
 *
Confidential:  This electronic message and all contents
contain information from the law firm of Honigman Miller
Schwartz and Cohn LLP which may be privileged,
confidential or otherwise protected from disclosure.
The information is intended to be for the addressee
only.  If you are not the addressee, any disclosure, copy,
distribution or use of the contents of this message is
prohibited.  If you have received this electronic message
in error, please notify us immediately (313.465.7000)
and destroy the original message and all copies.
*


#!/usr/bin/perl

# Add all remote mail sites to the following array to include
# them in the sync process.  (And of course, configure ssh root
# equivalence from here to there.)
@REMOTE_SITES=("xxx.x.xxx.xxx", "xxx.x.xxx.xxx");

foreach $site (@REMOTE_SITES) {
print "Syncing remote mail host $site", "\n";
$login = 'root@' . "$site";
$cmd = "cd /var; tar -cO sa-bayes --exclude=sa-bayes/.lock* | ssh $login 'tar 
--directory=/var -xp'";
system($cmd);

$cmd = "ssh $login 'rm -f /var/sa-bayes/.lock*'";
system($cmd);
 
# Transfer latest configuration changes
$cmd = "scp /etc/mail/spamassassin/sa-mimedefang.cf $login:/etc/mail/spamassassin";
system($cmd);

# Transfer MySQL Preference data
open SQL, ">/home/sa-spam/current-mysql-preferences.sql";
print SQL "use spam;\n";
print SQL "drop table userpref;\n";
close(SQL);
$cmd = "mysqldump spam >> /home/sa-spam/current-mysql-preferences.sql";
system($cmd);
$cmd = "scp /home/sa-spam/current-mysql-preferences.sql 
$login:/tmp/current-mysql-preferences.sql";
system($cmd);
$cmd = "ssh $login '/opt/mysql/bin/mysql -f < /tmp/current-mysql-preferences.sql'";
system($cmd);

# Final command, restart MIME-Defang with new options
$cmd = "ssh $login 'nohup kickmime'";
system($cmd);
}

RE: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Frank Pineau 
On Wed, 2003-11-12 at 09:26, Chris Santerre wrote:
> > 
> > Is anyone else experiencing more junk mail getting through 
> > since installing
> > 2.60?

> This seems to be a common theme for any new version of SA.

I've been seeing a lot more spam *period*.  Perhaps it's not that more
is getting through.  I'd be interested to see his ham/spam ratio and to
know if it's changed any in the last few months.


-- 
Frank Pineau
Hey, you know those Roman hackers?  Man, were they I III III VII!


signature.asc
Description: This is a digitally signed message part

Re: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Matt Kettler 
At 07:16 AM 11/12/03 +0200, Thomas Kinghorn wrote:
Is anyone else experiencing more junk mail getting through since installing
2.60?
No.. I've experienced a lot less getting through, but I use the bayes 
engine and keep mine well trained.

Also, why are some scores in the tests 0.0?
Because the scores in the report are rounded to the nearest tenth.. so 
anything that the GA gave a very small score to.. like 0.03, will show as 0.0.

In general you have to keep in mind that all of the scores that SA puts 
anywhere in the email itself are rounded to keep the amount of clutter down.

*  0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
score LINES_OF_YELLING 0 0.011 0 0

So, assuming you're using SA with network checks and no bayes, the score of 
that rule is 0.011, which rounds to 0.0.



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Chris Santerre 

> 
> Is anyone else experiencing more junk mail getting through 
> since installing
> 2.60?

*snip*

> 
> Regards, 
> Tom Kinghorn

This seems to be a common theme for any new version of SA. Seems the
spammers are playing around with CSV versions in prep for new releases. But
2.60 has been out for a while now. Have you taken a look at the SARE (S.A.
Rule Emporium)? Lots of great rules from great people. SARE will get MUCH
better soon. You should be able to find a rule to help you out. Give me spam
that keeps gettnig thru, and I can point you to some rules to try.

Chris Santerre 
System Admin and SA Custom Rules Emporium keeper 
http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 
"A little nonsense now and then, is relished by the wisest men." - Willy
Wonka 


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

FW: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Larry Gilson 
Sorry if you are getting this twice Dave, I sent it using the wrong account
so I am resending.

--Larry


-Original Message-
From: Gilson, Larry 
Sent: Wednesday, November 12, 2003 9:28 AM
To: 'David B Funk'
Cc: 'Robban'; [EMAIL PROTECTED]
Subject: RE: [SAtalk] SMTP gateway/filter




> -Original Message-
> From: David B Funk
> Sent: Wednesday, November 12, 2003 2:45 AM
> To: Larry Gilson
> Cc: 'Robban'; [EMAIL PROTECTED]
> Subject: RE: [SAtalk] SMTP gateway/filter
> 
> 
> On Tue, 11 Nov 2003, Larry Gilson wrote:
> 
> > The preferred method is any way you prefer. ;)  That is really an 
> > honest answer.  Everyone has their own preferred method and 
> > a lot of times it depends on your specific situation.  Some people 
> > will pipe to a filter shell script, Procmail, maildrop, or spamc 
> > directly.  I prefer Procmail as it allows me to do more post SMTP 
> > processing with the message than the shell script or a direct pipe 
> > to spamc.  maildrop works well for some people but I honestly am
> > not familiar 
> 
> > with it.  I would like to hear from someone who has chosen 
> > maildrop rather than Procmail just to have a comparison though.
> >
> > --Larry
> >
> > > -Original Message-
> > > From: Robban
> > > Sent: Tuesday, November 11, 2003 2:58 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [SAtalk] SMTP gateway/filter
> > >
> > >
> > > I'm pretty new to spamassassin and I've only done a few 
> > > spamassassin/postfix installations. My next task is to sett 
> > > up some sort of STMP gateway that filters e-mail for spam and if 
> > > approved, forwards the mail to "the real" mail server. The real  
> > > mail server will probably be an exchange server but we might 
> > > also end up with godd ol' sendmail. What would be the preferred 
> > > practice in setting up such a thing. Any ideas?
> > >
> > > //robban
> 
> Larry,
> I agree with the first part of your advice to Robban but 
> completely disagree with the Procmail part.
> 
> Robban is asking specifically for a filtering front-end to 
> some kind of back-end mail server (such as Exchange). 
> Procmail would require him to fake a delivery to each account 
> on the SA processing machine, which would mean that they 
> would have to create user accounts for every Exchange user on 
> the SA box.
> 
> I think that Robban is looking for some kind of filtering 
> "appliance" that mail flows thru as a SMTP stream and the 
> back end server handles the delivery/user part.
> 
> Something like sendmail+milter, sendmail+mailscanner, 
> postfix+spamc or postfix+MIMEDefang would be better suited to 
> this application. It can process & tag mail with out needing 
> any specific user account information.
> 
> Dave

Hi Dave,

I am running Postfix/Procmail/SA in a site-wide (relay) configuration in
front of an Exchange mail system.  Procmail can be used as a general mail
filter using the -m option and the content_filter configuration.  The
master.cf file would include the following:

# =
# service type  private  unpriv  chroot  wakeup  maxproc  command + args
# (yes)  (yes)   (yes)   (never) (100)
# =
smtpinet  n-   y   -   -smtpd
-o content_filter=spam:


spam  unix  - n  n   -   5pipe
  flags=Rq user=spam argv=/usr/bin/procmail -m /home/merlin/etc/spam.rc
${sender} ${recipient}

Hopefully the flags line will not wrap as it needs to be on one line.


So, the message is piped to the Procmail using the non-priveleged user
account spam (or whatever name you want).  All processing is performed under
the user spam which will also have a user_prefs and will own Bayes, AWL, etc
files.  I don't have to worry about 'spamc -u' as spamc is called from
Procmail under the spam account.

By utilizing this method, I capture both the envelope sender and recipient
addresses to be utilized by SA.  I can have
header/body/attachment/whitelist/blacklist checks external to SA.  The most
beneficial checks is the whitelist to reduce messages that need to be sent
to SA.  Almost all of the checks I used to use before SA are now turned off.
I do use Procmail to customize solutions for specific needs.  I am starting
to use it for initial Bayes training of some messeages (like requested legit
company notifications - Sears, JC Penney, Lands' End, etc.)

--Larry



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Re: Off topic: Threads

2003-11-12 Thread Rick [Kitty5] 
Terry Milnes wrote:
> Are the threads on this list screwed up by the list program, or is it
> just users replying to existing mail to create new?
>
> Just wondering, because it seems to be terribly messed up

Why not pick the group up on www.gmane.org (via the news feed)

-- 
Rick

Kitty5 NewMedia http://Kitty5.com
POV-Ray News & Resources http://Povray.co.uk
TEL : +44 (01270) 501101 - ICQ : 15776037

PGP Public Key
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x231E1CEA





---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] more spam since installing 2.60

2003-11-12 Thread Rajdeep Larha 
I am having similar problem, Still not figured out what to do...
--Rajdeep
- Original Message -
From: "Thomas Kinghorn" <[EMAIL PROTECTED]>
To: "Spamassassin-Talk (E-mail)" <[EMAIL PROTECTED]>
Sent: Wednesday, November 12, 2003 12:16 AM
Subject: [SAtalk] more spam since installing 2.60


> Hi List.
>
> Is anyone else experiencing more junk mail getting through since
installing
> 2.60?
>
> I am getting identical mails which score differently.
> Also, why are some scores in the tests 0.0?
>
> The mail below WAS tagged as spam but take a gander at the scores
assisgned.
>
> The reason I am asking is that I am getting a heck of a lot of mails
> selling medications as HTML images only.
>
> 
> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
> jp-mx-1.mtnns.net
> X-Spam-Level: *
> X-Spam-Status: Yes, hits=5.4 required=4.4 tests=CLICK_BELOW,
> DATE_IN_PAST_03_06,FROM_ENDS_IN_NUMS,HTML_40_50,HTML_FONTCOLOR_RED,
> HTML_FONT_BIG,HTML_LINK_CLICK_HERE,HTML_MESSAGE,LINES_OF_YELLING,
> LINES_OF_YELLING_2,MIME_HTML_NO_CHARSET,MLM autolearn=no
> version=2.60
> X-Spam-Report:
> *  0.9 FROM_ENDS_IN_NUMS From: ends in numbers
> *  2.2 MLM BODY: Multi Level Marketing mentioned
> *  0.5 HTML_40_50 BODY: Message is 40% to 50% HTML
> *  0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here"
> *  0.0 HTML_MESSAGE BODY: HTML included in message
> *  0.1 HTML_FONT_BIG BODY: HTML has a big font
> *  0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED
> *  0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red
> *  0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED
> *  0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without
> charset
> *  0.7 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Receive
> 
>
> Regards,
> Tom Kinghorn
>
>
>
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
>



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] global whitelist in MySQL

2003-11-12 Thread Willi Burmeister 
Hi,

we have a list of email addresses stored in MySQL. We now would like 
to use this MySQL list as a global whitelist in spamassassin. For 
every incoming email this MySQL list should be checked before the 
user white/blacklist is used.

Is this possible with spamassassin? If yes, how?

Thanks

Willi



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] Bounce all but whitelist

2003-11-12 Thread Terry Milnes 
Haha I just had to try this  Blacklist [EMAIL PROTECTED] in the db for that 
particular user, then add his acceptable senders as whitelisted entries.

Don't know about any negative ramifications, but it does work and will 
fit in with the way you want it to.

tm

Tim Merkel wrote:
I have a client who wishes to only allow mail into his inbox that is
explicitly allowed via his white list.  Yahoo currently allows you to do
this (which is where they got the idea).
I currently host multiple domains using postfix virtual mailboxes with
spamc/spamd (config files below).  spamd is reading user preferences from
mysql.  I would like to implement this so that this particular client
could use this functionality without affecting the way SA handles other
users spam.
Is there a user preference I can use to accomplish this?  I have
considered writing my own logic into my 'postfixfilter' to check the
userpref table in MySQL before calling spamc. Has anybody has success with
this.  Can anyone think of a better solution for this?
Thanks in advance for your help!

Tim Merkel

#/etc/postfix/main.cf (abbreviated)
#
=#
service
type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
#
=smtp
inet  n   -   n   -   -   smtpd
  -o content_filter=spamfilter:
spamfilter unix -   n   n   -   -   pipe
  flags=Rq user=spamfilter argv=/usr/bin/postfixfilter -f ${sender} --
${recipient}
#/usr/bin/postfixfilter
/usr/bin/spamc -u $4 | /usr/sbin/sendmail -i "$@"
exit $?
#ps aux | grep spam
1011  8027  0.0  3.1 20168 16216 ?   SNov05   0:03
/usr/bin/spamd -d -c -a -x -q -u spamfilter


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Off topic: Threads

2003-11-12 Thread Terry Milnes 
Are the threads on this list screwed up by the list program, or is it 
just users replying to existing mail to create new?

Just wondering, because it seems to be terribly messed up

Terry...



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] management GUI

2003-11-12 Thread Terry Milnes 
Margit Meyer wrote:
On Tue, 11 Nov 2003 16:51:51 -0800
"Dan" <[EMAIL PROTECTED]> wrote:
All seems good. I am trapping all spam and viruses in /var/virusmail (they
are in .gz format)
Does anyone have any suggestions on how I can add some better management
around spam that we have blocked, that we need to forward onto the users?
Hi Dan,

we had similar problems and I solved this the following (for spam only):

I am trapping all the spam in  user specific "boxes". I do this with the
following entry in 
/etc/procmailrc:

:0:
* ^X-Spam-Status: Yes
/var/mail/${LOGNAME}_spam
LOGNAME is the mail user account.

Further I created accounts for all these "spamboxes". As a result every user
has two mailboxes: his "normal" mailbox, e. g. peter and a second, the
"spambox", e. g. peter_spam. 
Now a user may (if he misses a mail) or may not look at his spambox to
control whether Spamassassin is working correctly. 
So how does the end user look at his 'other' mailbox?  Have you offered 
a webmail based interface that uses this alternate inbox, or is it imap?

tm.

With this solution the administrator doesn't need to look after caught spam,
it's the user's part.
Mails in the spamboxes that are older than 3 weeks are deleted automatically
by a cron procedure.
Maybe it helps.
Margit


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

[SAtalk] Salutation in subject

2003-11-12 Thread Kenneth Porter 
Are there any rules to catch the salutation-in-subject pattern?

This looks like something requiring an eval rule. It would check if the
subject starts with "name,", where "name" is the first word in the To header.
For instance, I get a lot of false negatives with "Kenneth," at the beginning
of the subject line. Another common variation is "shiva,", taking my username
(part before the "@") as the salutation.


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] SpamAssassin dont block the default sample spam examples and others

2003-11-12 Thread Joao Pedro 
I'm using SA 2.60.

I used the sample-spam.txt, sample-GTUBE-spam.txt and others

the test spamassassin -tD < sample-spam.txt

return this errors to me:

debug: Razor2 is available
debug: entering helper-app run mode
razor2 check skipped:  Can't locate object method "do_conf" via package
"Razor2::Client::Agent" at
/usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 402.


And in the final process the SA say is SPAM
debug: is spam? score=6.836 required=5
tests=DATE_IN_PAST_12_24,DRASTIC_REDUCED,FROM_HAS_MIXED_NUMS,
FROM_HAS_MIXED_NUMS3,INVALID_MSGID,LINES_OF_YELLING,NO_REAL_NAME,REMOVE_SUBJ

in Amavisd process return
debug: is spam? score=0 required=5 tests=

Someone know what happens?

Tkz
Joao Pedro
IT Department - Unincor



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Okay, this one makes me mad.. anybody see or stop this one yet? How did this get through!!!!! ?????

2003-11-12 Thread Bill Polhemus 
I'll say. I have mine set at 4, which I have found (for my setup) is pretty
near perfect, even though it is lower than the default setting of 5.

William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve
Thomas
Sent: Tuesday, November 11, 2003 6:12 PM
To: Robert Leonard III
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Okay, this one makes me mad.. anybody see or stop this
one yet? How did this get through! ?

You have your required hits set too high.

> X-Spam-Level: ***
> X-Spam-Status: No, hits=7.1 required=9.5 tests=BAYES_50,FVGT_u_ODD_PORT,
 ^




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] Comments on CBL DNSBL (cbl.abuseat.org)

2003-11-12 Thread Bill Polhemus 
I added this to my Sendmail configuration a couple of weeks back, and I have
been amazed at how much SPAM has been rejected as a result.

I prefer to have Sendmail reject it at the get-go, rather than have it come
all the way through to SA.

William L. Polhemus, Jr. P.E.
Polhemus Engineering Company
Katy, Texas USA

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
Hutchings
Sent: Tuesday, November 11, 2003 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [SAtalk] Comments on CBL DNSBL (cbl.abuseat.org)

Seems well regarded.

I'm currently logging any hits to see if it's worth adding to my per user
DNSBLs that I use to reject mail to the people who get the most spam.




---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] spamd consumes huge amounts of memory

2003-11-12 Thread Margit Meyer 
On Mon, 10 Nov 2003 15:40:34 +0100
Margit Meyer <[EMAIL PROTECTED]> wrote:

Hi all,

I solved my problem:

I installed the perl module DB_File 1.806 and BerkeleyDB 2.7.7.
Formerly (SpamAssassin 2.55) I used NDBM_File format to save bayes
databases.
Now spamd is working fine :-))

Margit


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SMTP gateway/filter

2003-11-12 Thread Paul Hutchings 
Robban,

I've never used sendmail (too daunting for a newbie!), however, I use
postfix + spamassassin on a RH9 box to do filtering on mail that is relayed
to our exchange boxes.

postfix is really easy to setup for this purpose, and if you take a look at
http://postfix.cnc.bc.ca/twiki/bin/view/Main/SpamAssassinAndPostFix there is
a simple script that will hook it into spamassassin.

regards,
Paul
--
Paul Hutchings
Network Administrator, MIRA Ltd.
Tel: 44 (0)24 7635 5378, Fax: 44 (0)24 7635 8378
mailto:[EMAIL PROTECTED] 

> -Original Message-
> From: Robban [mailto:[EMAIL PROTECTED]
> Sent: 11 November 2003 19:58
> To: [EMAIL PROTECTED]
> Subject: [SAtalk] SMTP gateway/filter
> 
> 
> I'm pretty new to spamassassin and I've only done a few 
> spamassassin/postfix
> installations. My next task is to sett up some sort of STMP 
> gateway that
> filters e-mail for spam and if approved, forwards the mail to 
> "the real"
> mail server. The real mail server will probably be an 
> exchange server but we
> might also end up with godd ol' sendmail.
> What would be the preferred practice in setting up such a 
> thing. Any ideas?
> 
> //robban
> 
> 
> 
> ---
> This SF.Net email sponsored by: ApacheCon 2003,
> 16-19 November in Las Vegas. Learn firsthand the latest
> developments in Apache, PHP, Perl, XML, Java, MySQL,
> WebDAV, and more! http://www.apachecon.com/
> ___
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
> 


---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Re: [SAtalk] management GUI

2003-11-12 Thread Margit Meyer 
On Tue, 11 Nov 2003 16:51:51 -0800
"Dan" <[EMAIL PROTECTED]> wrote:


> All seems good. I am trapping all spam and viruses in /var/virusmail (they
> are in .gz format)
> 
> Does anyone have any suggestions on how I can add some better management
> around spam that we have blocked, that we need to forward onto the users?

Hi Dan,

we had similar problems and I solved this the following (for spam only):

I am trapping all the spam in  user specific "boxes". I do this with the
following entry in 
/etc/procmailrc:

:0:
* ^X-Spam-Status: Yes
/var/mail/${LOGNAME}_spam

LOGNAME is the mail user account.

Further I created accounts for all these "spamboxes". As a result every user
has two mailboxes: his "normal" mailbox, e. g. peter and a second, the
"spambox", e. g. peter_spam. 
Now a user may (if he misses a mail) or may not look at his spambox to
control whether Spamassassin is working correctly. 
With this solution the administrator doesn't need to look after caught spam,
it's the user's part.
Mails in the spamboxes that are older than 3 weeks are deleted automatically
by a cron procedure.

Maybe it helps.
Margit



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

RE: [SAtalk] SMTP gateway/filter

2003-11-12 Thread David B Funk 
On Tue, 11 Nov 2003, Larry Gilson wrote:

> The preferred method is any way you prefer. ;)  That is really an honest
> answer.  Everyone has their own preferred method and a lot of times it
> depends on your specific situation.  Some people will pipe to a filter shell
> script, Procmail, maildrop, or spamc directly.  I prefer Procmail as it
> allows me to do more post SMTP processing with the message than the shell
> script or a direct pipe to spamc.  maildrop works well for some people but I
> honestly am not familiar with it.  I would like to hear from someone who has
> chosen maildrop rather than Procmail just to have a comparison though.
>
> --Larry
>
> > -Original Message-
> > From: Robban
> > Sent: Tuesday, November 11, 2003 2:58 PM
> > To: [EMAIL PROTECTED]
> > Subject: [SAtalk] SMTP gateway/filter
> >
> >
> > I'm pretty new to spamassassin and I've only done a few
> > spamassassin/postfix installations. My next task is to sett
> > up some sort of STMP gateway that filters e-mail for spam and
> > if approved, forwards the mail to "the real" mail server. The
> > real mail server will probably be an exchange server but we
> > might also end up with godd ol' sendmail. What would be the
> > preferred practice in setting up such a thing. Any ideas?
> >
> > //robban

Larry,
I agree with the first part of your advice to Robban but completely
disagree with the Procmail part.

Robban is asking specifically for a filtering front-end to some
kind of back-end mail server (such as Exchange). Procmail would
require him to fake a delivery to each account on the SA processing
machine, which would mean that they would have to create user accounts
for every Exchange user on the SA box.

I think that Robban is looking for some kind of filtering "appliance"
that mail flows thru as a SMTP stream and the back end server handles
the delivery/user part.

Something like sendmail+milter, sendmail+mailscanner, postfix+spamc
or postfix+MIMEDefang would be better suited to this application.
It can process & tag mail with out needing any specific user account
information.

Dave

-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{



---
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
___
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk