RE: [SAtalk] spam report in headers
I guess you're right Ryan... Does SpamAssassin observe settings in its configuration file local.cf? This is related to the previous item. SA does observe all settings in its configuration file, but not all of them have effect, as amavisd-new does its own decisions based on spam score (hits) (so for example required_hits has no effect - use tag/tag2/kill amavisd-new settings instead), and does its own header editing, and body is never modified. Thanks again. Cheers, fritz www.mesedilla.com --- + Basta Ikaw Lord -Original Message- From: Ryan Moore [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 2:41 PM To: Fritz Mesedilla; Spamassassin-Talk Subject: Re: [SAtalk] spam report in headers To my knowledge amavisd-new is limited to using those headers, it ignores the verbose ones added by SpamAssassin. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net Fritz Mesedilla wrote: How does spamassassin include the spam report in the headers? X-Spam-Score: 0.9 (/) X-Spam-Report: Spam Filtering performed by sourceforge.net. See http://spamassassin.org/tag/ for more details. Report problems to https://sf.net/tracker/?func=addgroup_id=1atid=21 0.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_RELAYING_FRAMEBODY: Frame wanted to load outside URL 0.5 HTML_20_30 BODY: Message is 20% to 30% HTML 0.1 MIME_SUSPECT_NAME RAW: MIME filename does not match content I only get these headers: X-Virus-Scanned: by amavisd-new at overturemedia.com X-Spam-Status: No, hits=- tagged_above=-999.0 required=6.3 WHITELISTED X-Spam-Level: -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Fax: (632) 637-2206 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100 --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] nilsimsa test suite
Hi There, I am interested in testing nilsimsa codes. I need a test suite that has a list of messages known to be "essentially same" so that I can understand how accurate nilsimsa is. Any suggestions will be greatly appreciated. Best Regards, - Kula Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
[SAtalk] HTML rules...
Hi! A question about HTML spam.. Is there in SA a rule that checks for HTML tags that does not exist and if the number of nonexistent HTML tags is high assigns a high score? Even then if there is unknown tags in a mail one can say that we should not see more than 1-2 new unknown tags. /SqM --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Custom Rules
On Wed, 3 Dec 2003, Fred I-IS.COM wrote: Just a minor correction, try this: header__BLOCKTOFFICEOUTTo =~ /[EMAIL PROTECTED]/i header__BLOCKFOFFICEOUTFrom =~ /[EMAIL PROTECTED]/i metaBLOCK_MY_OFFICE(__BLOCKTOFFICEOUT !__BLOCKFOFFICEOUT) describeBLOCK_MY_OFFICENo E-mail to alias from outside scoreBLOCK_MY_OFFICE100.0 The syntax is slightly different in my rule and I used a meta rule to accomplish what you want. Frederic Tarasevicius Nayana Hettiarachchi wrote: hi i am trying to setup a rule so that we wont get mail to our local alias from an outside address, this is what i wrote but it doesnt seem to work as i thought it would, can u give any advice header BLOCKTTOFFICEOUT To = [EMAIL PROTECTED] header BLOCKTTOFFICEOUT From != [EMAIL PROTECTED] scoreBLOCKTTOFFICEOUT 100.0 describe BLOCKTTOFFICEOUT No Email To alias from outside thanks Nayana Of course, you should realize that the message header values can be forged to be -anything- that a spammer wants them to be, and they have no relation to where the mail actually gets routed. The thing that acually controls delivery is something called the envelope recipient and can be completely different from the 'To:' header. Depending upon how your mail system is configured Spamassassin probably has no way to see the value of the envelope recipient. This sort of thing is far better handled by your MTA, which has to deal completely with the envelope recipient address. Dave -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] disable RCVD_IN_SORBS_xxx feature
Hi, I have got some mails that are considered as spam because of follwoing scores and I would know how to disable this ? 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server [81.255.26.81 listed in dnsbl.sorbs.net] 1.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server [81.255.26.81 listed in dnsbl.sorbs.net] 2.0 RCVD_IN_OSIRUSOFT_COM RBL: Received via a relay in relays.osirusoft.com [81.255.26.81 listed in relays.osirusoft.com] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [81.255.26.81 listed in dnsbl.sorbs.net] Best Regards steph --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
Bill Sent: Thursday, December 04, 2003 7:55 AM What if we were to setup some kind of automatic update script that would wget the latest version of the file every evening? That way we would all be up to date all the time. To that end, we could even setup a little web-based app whereby a coalition of we vigilantes could add spammy domains to the list for automatic inclusion. Be sure to protect this well. I see an easy exploit where the spammer adds multiple good domains to the list to poison it. Certainly. It could just be a few people in the inner circle here. cheers, Colin Colin A. Bartlett Kinetic Web Solutions www.kineticweb.biz --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] [Subject] Not rewrited when identified as spam
Hello, I(m using Spamassassin 2.60, it's working fine, but, i don't know why, when a mail is identified as spam, the subject of this mail, isnt rewrited, as specified on the local.cf. See after my local.cf : --- required_hits 1.0 subject_tag SPAM DANS CE MAIL rewrite_subject 1 report_header 1 use_terse_report 1 defang_mime 1 dns_available yes dcc_add_header 1 use_razor2 1 use_dcc 1 See the confirmed message as spam on my syslog : - Dec 4 14:42:43 Linux spamd[16769]: identified spam (1.8/1.0) for [EMAIL PROTECTED]:102 in 16.6 seconds, 11411 bytes. Can someone tell me how to correct this problem please ? Thanks in advance, Tanen. --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] (no subject)
I just got this virus message that appears to have come from sourceforge. Did anyone else get this or did my antivirus FP on me? FP.. that exact message passed through my copy of clamscan just fine.. clamav is updated hourly here. We had it hit as a virus also... James --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spam Statistics
WEhat are you all seeing for spam vs. ham stats out there? I just ran my list statistics script and here's what I'm experiencing (much WORSE than the current accepted statistics of about 50/50): Stats since the 1st of the month (that's right, 4 days only!!!) Total messages: 50467 Clean Messages: 12800 Spam Messages:37667 That's 3 spams for every ham that comes in. And (according to our grumbling customers) there's a lot of spam that manages to squeak through still... I just installed the popcorn and BigEvil rules on this server- should be interesting to see how we do now. Fscking spammers. -- Rubin Bennett [EMAIL PROTECTED] RB Technologies signature.asc Description: This is a digitally signed message part
Re: [SAtalk] Long spam times
check your network tests and see if one of them is failing. Running spamd -D should tell you if an RBL timed out or not. The default RBL timeout is 15 seconds i believe so that could be a culprit. adam On Thu, 2003-12-04 at 09:25, [EMAIL PROTECTED] wrote: We just set up a new mail server running RedHat 9, SpamAssassin 2.60 and using site-wide configuration. Ther server is an IBM X335 (Xeon 2.6, RAID 1, 512 MB RAM). The server is running very well and catching a lot of spam. This server only processes 4-6000 messages a day. My problem is that when SA (using spamd) identifies sapm, it is taking an average of about 15 seconds. Below is a grep of caught spam and the times. What can I do to bring these times down. There server load is minimal ( 08:28:17 up 8 days, 16:26, 2 users, load average: 0.19, 0.19, 0.22)but I figure there is something I can configure to speed SA up on catching spam. Dec 4 04:20:20 mail spamd[25362]: identified spam (31.3/7.0) for root:99 in 14.1 seconds, 1390 bytes. Dec 4 04:23:36 mail spamd[25393]: identified spam (32.1/7.0) for root:99 in 15.6 seconds, 5271 bytes. Dec 4 04:23:44 mail spamd[25399]: identified spam (16.9/7.0) for root:99 in 13.3 seconds, 1493 bytes. Dec 4 04:26:04 mail spamd[25406]: identified spam (34.4/7.0) for root:99 in 14.9 seconds, 4679 bytes. Dec 4 04:34:30 mail spamd[25419]: identified spam (8.7/7.0) for root:99 in 13.9 seconds, 8872 bytes. Dec 4 04:34:41 mail spamd[25424]: identified spam (14.9/7.0) for root:99 in 14.5 seconds, 2969 bytes. Dec 4 04:46:02 mail spamd[25471]: identified spam (25.4/7.0) for root:99 in 14.2 seconds, 2027 bytes. Dec 4 04:46:13 mail spamd[25476]: identified spam (9.7/7.0) for root:99 in 13.7 seconds, 3677 bytes. Dec 4 04:46:16 mail spamd[25480]: identified spam (25.4/7.0) for root:99 in 14.5 seconds, 2027 bytes. Dec 4 04:48:28 mail spamd[25495]: identified spam (10.8/7.0) for root:99 in 13.6 seconds, 2073 bytes. Dec 4 04:48:45 mail spamd[25502]: identified spam (20.7/7.0) for root:99 in 15.3 seconds, 2514 bytes. Dec 4 04:51:21 mail spamd[25511]: identified spam (30.2/7.0) for root:99 in 15.3 seconds, 3380 bytes. Dec 4 05:05:51 mail spamd[25590]: identified spam (23.2/7.0) for root:99 in 17.0 seconds, 1031 bytes. TIA Richard Humphrey System Administrator MultiCam LP 972-929-4070 x2408 [EMAIL PROTECTED] --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
Not to get nitpicky, but could you add a one line comment of what was patched in the release, and retain old ones for history? I just downloaded 1.57a and it would be helpful to know what was fixed. Nothing detailed...like: ... Example # Dec 4, 03 9:35 AM EST ## 1.57a - Typo fixed in BigEvilList_4 ## 1.57 - Typo fixed in BigEvilList_1 ## 1.55 - Typo fixed in BigEvilList_6 ## 1.00 - New Release # New versions can be found at http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf Also Could you end an end of file comment to the bottom so I can make sure nothing got truncated? Example score BigEvilList_178 3.0 ## EOF Personal Preference Note: I normally use double ## for comments and single # when commenting out rules. I have my trusty VIM color # and ## lines different colors to make reading easier. TIA Dan | -Original Message- | From: Vivek Khera [mailto:[EMAIL PROTECTED] | Sent: Wednesday, December 03, 2003 2:29 PM | To: [EMAIL PROTECTED] | Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS | | Nice list. I have two recommendations/suggestions: | | 1) put the full URL of the canonical source into the file itself, so |people know from where to get updates | | 2) put a date into the file, so people will know how fresh the info |is. | | And add china-inflatable.com and cn-inflatables.com ;-) | | | -- | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | Vivek Khera, Ph.D.Khera Communications, Inc. | Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 | AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ | | | --- | This SF.net email is sponsored by OSDN's Audience Survey. | Help shape OSDN's sites and tell us what you think. Take this | five minute survey and you could win a $250 Gift Certificate. | http://www.wrgsurveys.com/2003/osdntech03.php?site=8 | ___ | Spamassassin-talk mailing list | [EMAIL PROTECTED] | https://lists.sourceforge.net/lists/listinfo/spamassassin-talk | --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Long spam times
Hi there Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we haven't been able to use bayes as the whole box just gets bogged down and some spamd processes just sit there with no spamc using them. Turn off bayes and all works fine :\ (Any ideas anyone?) Also make sure you are running spamd -L to skip network tests (better to use rblsmtpd IMHO, I think it is quicker). Pete -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Adam Denenberg Sent: 04 December 2003 14:58 To: Spamassassin-List Subject: Re: [SAtalk] Long spam times check your network tests and see if one of them is failing. Running spamd -D should tell you if an RBL timed out or not. The default RBL timeout is 15 seconds i believe so that could be a culprit. adam On Thu, 2003-12-04 at 09:25, [EMAIL PROTECTED] wrote: We just set up a new mail server running RedHat 9, SpamAssassin 2.60 and using site-wide configuration. Ther server is an IBM X335 (Xeon 2.6, RAID 1, 512 MB RAM). The server is running very well and catching a lot of spam. This server only processes 4-6000 messages a day. My problem is that when SA (using spamd) identifies sapm, it is taking an average of about 15 seconds. Below is a grep of caught spam and the times. What can I do to bring these times down. There server load is minimal ( 08:28:17 up 8 days, 16:26, 2 users, load average: 0.19, 0.19, 0.22)but I figure there is something I can configure to speed SA up on catching spam. Dec 4 04:20:20 mail spamd[25362]: identified spam (31.3/7.0) for root:99 in 14.1 seconds, 1390 bytes. Dec 4 04:23:36 mail spamd[25393]: identified spam (32.1/7.0) for root:99 in 15.6 seconds, 5271 bytes. Dec 4 04:23:44 mail spamd[25399]: identified spam (16.9/7.0) for root:99 in 13.3 seconds, 1493 bytes. Dec 4 04:26:04 mail spamd[25406]: identified spam (34.4/7.0) for root:99 in 14.9 seconds, 4679 bytes. Dec 4 04:34:30 mail spamd[25419]: identified spam (8.7/7.0) for root:99 in 13.9 seconds, 8872 bytes. Dec 4 04:34:41 mail spamd[25424]: identified spam (14.9/7.0) for root:99 in 14.5 seconds, 2969 bytes. Dec 4 04:46:02 mail spamd[25471]: identified spam (25.4/7.0) for root:99 in 14.2 seconds, 2027 bytes. Dec 4 04:46:13 mail spamd[25476]: identified spam (9.7/7.0) for root:99 in 13.7 seconds, 3677 bytes. Dec 4 04:46:16 mail spamd[25480]: identified spam (25.4/7.0) for root:99 in 14.5 seconds, 2027 bytes. Dec 4 04:48:28 mail spamd[25495]: identified spam (10.8/7.0) for root:99 in 13.6 seconds, 2073 bytes. Dec 4 04:48:45 mail spamd[25502]: identified spam (20.7/7.0) for root:99 in 15.3 seconds, 2514 bytes. Dec 4 04:51:21 mail spamd[25511]: identified spam (30.2/7.0) for root:99 in 15.3 seconds, 3380 bytes. Dec 4 05:05:51 mail spamd[25590]: identified spam (23.2/7.0) for root:99 in 17.0 seconds, 1031 bytes. TIA Richard Humphrey System Administrator MultiCam LP 972-929-4070 x2408 [EMAIL PROTECTED] --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] SA-Talk poisoning Bayes
In reading the sa-learn man file, it says running discussions of spam through sa-learn is bad. Does SA take this into account already, or should I create a procmail rule to bypass SA for messages from SATalk and (possibly) Postfix-List ? Dan --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] spamds that don't finish
On Thu, Dec 04, 2003 at 03:32:49PM -, Pete Henshall wrote: Are there spamc processes accessing them?? No. My spamc processes time out after 600 seconds, so they've finished up hours ago after they delivered their e-mails. - what is in that userpref file? There are only comments in this user's userpref file How have you started spamd? spamd is started on boot with this command: spamd -d -a -c -m 5 I just killed the main spamd process, but the two wild-children didn't die. So I kill -9 them to get rid of them. Did it do it under 2.5x? I never used the -m flag under 2.5x so if the spamds were getting out of control, I never knew about it because any multitude of spamds could start up. Now that I am running with the -m flag at V2.60, if I get too many spamd processes running, then I am notified via the log file that Dec 4 07:27:15 phobos spamd[2447]: hit max-children limit (5): waiting for some to exit Thanks again, Cheryl -- Cheryl Southard [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spam Statistics
-Original Message- From: [EMAIL PROTECTED] Sent: Thursday, December 04, 2003 7:45 AM To: Rubin Bennett Assuming my minor tweaks to the original script I saw posted here are correct, here are my latest spam stats.. *sheesh* Mail Statistics; Mails spamassassin rejected scanner total mails Total says 'spam'by rulesetsays virusundelivered Nov 30 35940 4667 (12.99%) 18606 (51.77%) 11 ( 0.03%) 23284 (64.79%) Nov 23 52163 6150 (11.79%) 32346 (62.01%) 13 ( 0.02%) 38509 (73.82%) Nov 16 63159 6703 (10.61%) 35874 (56.80%) 12 ( 0.02%) 42589 (67.43%) Nov 9 64511 7384 (11.45%) 33678 (52.21%) 11 ( 0.02%) 41073 (63.67%) Nov 2 52982 7196 (13.58%) 23345 (44.06%) 35 ( 0.07%) 30576 (57.71%) Tony, what does rejected by ruleset indicate above? It looks like the rulesets are throwing out 4x to 5x the volume of messages that SA detects. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Report E-mails
I want to be able for my customers to send an e-mail to [EMAIL PROTECTED]. and have it automatically reported as spam. I also want themt o be able to send them to [EMAIL PROTECTED] and have them automatically report as not spam. Does anyone konw how to do this? I am using sendmail/procmail and SA 2.60. Thanks for your help. Josh
Re: [SAtalk] SA-Talk poisoning Bayes
At 11:06 AM 12/4/2003, Smart,Dan wrote: In reading the sa-learn man file, it says running discussions of spam through sa-learn is bad. Does SA take this into account already, or should I create a procmail rule to bypass SA for messages from SATalk and (possibly) Postfix-List ? SA's bayesian system does not take into account where email comes from. So, you might want to consider creating a procmail bypass if you're concerned about poison. That said, I do run sa-talk through spamassassin here, and haven't had too much trouble, however my autolearn thresholds are set a bit wider apart than most. I do avoid sa-talk, razor-users, sa-dev, etc when setting up my training however. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] spamds that don't finish
Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 Can anyone suggest things I can try to figure out what is going on? Since we have a 5 process spamd limit on our computer, these processes are really causing a traffic jam on my mail server. Thanks, Cheryl -- Cheryl Southard [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamds that don't finish
I am running SA on OS X 10.2.8 and I have the same issue. I get the same one or two spamd processing just sitting there. I also eventually need to go in an manually kill these processes. I am currently running SA as my mta user. If I lint my config files I get the following: [firewall:~] admin% sudo -u mta spamassassin --lint -D debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin debug: ignore: using a test message to lint rules debug: using /usr/local/share/spamassassin for default rules dir debug: using /etc/mail/spamassassin for site rules dir debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or directory Failed to create default user preference file /Users/admin/.spamassassin/user_prefs debug: using /Users/admin/.spamassassin/user_prefs for user prefs file debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 No such file or directory debug: bayes: no dbs present, cannot scan: /Users/admin/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: Initialising learner debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB 200 debug: bayes: 12764 untie-ing debug: bayes: 12764 untie-ing db_toks Now I do not understand why SA is looking in /Users/admin for the user state directory? Can I tell SA to not use the user state dir?? Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cheryl L. Southard Sent: Thursday, December 04, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: [SAtalk] spamds that don't finish Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 Can anyone suggest things I can try to figure out what is going on? Since we have a 5 process spamd limit on our computer, these processes are really causing a traffic jam on my mail server. Thanks, Cheryl -- Cheryl Southard [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] disable RCVD_IN_SORBS_xxx feature
Set the score to 0 ala: score RCVD_IN_SORBS_HTTP 0 Osirusoft is dead. They return a positive for everything, so you should remove it. Not sure if all of these below are dead on, they were scavanged from the list. #2.60 final has them removed. #2.60 rc builds score RCVD_IN_OSIRU 0 score RCVD_IN_OSIRU_RELAY 0 score RCVD_IN_OSIRU_DIALUP 0 score RCVD_IN_OSIRU_SPAM_SRC 0 score RCVD_IN_OSIRU_SPAMWARE 0 score RCVD_IN_OSIRU_PROXY 0 #2.55 score RCVD_IN_OSIRUSOFT_COM 0 score X_OSIRU_DUL 0 score X_OSIRU_DUL_FH 0 score X_OSIRU_OPEN_RELAY 0 score X_OSIRU_SPAMWARE_SITE 0 score X_OSIRU_SPAM_SRC 0 Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of stephane ancelot Sent: Thursday, December 04, 2003 5:40 AM To: Spamassassin-Talk Subject: [SAtalk] disable RCVD_IN_SORBS_xxx feature Hi, I have got some mails that are considered as spam because of follwoing scores and I would know how to disable this ? 1.1 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server [81.255.26.81 listed in dnsbl.sorbs.net] 1.1 RCVD_IN_SORBS_MISC RBL: SORBS: sender is open proxy server [81.255.26.81 listed in dnsbl.sorbs.net] 2.0 RCVD_IN_OSIRUSOFT_COM RBL: Received via a relay in relays.osirusoft.com [81.255.26.81 listed in relays.osirusoft.com] 0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS [81.255.26.81 listed in dnsbl.sorbs.net] Best Regards steph --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Spam Statistics
I use spfilter to download the SPAM_SAFE and COUNTRY_SAFE spam blocking lists, which get compiled into an access DB.. for more info on spfilter, check out.. spfilter.sourceforge.net It's nice that it saves a lot of spamassassin checking.. the mail never gets much past connect/helo Tony Nelson Director of IT Operations Starpoint Solutions 115 Broadway, 2nd Fl. New York, NY 10006 Gary Funck [EMAIL PROTECTED] Sent by: To: Spamassassin List [EMAIL PROTECTED] [EMAIL PROTECTED] ceforge.net cc: Subject: RE: [SAtalk] Spam Statistics 12/04/2003 11:09 AM -Original Message- From: [EMAIL PROTECTED] Sent: Thursday, December 04, 2003 7:45 AM To: Rubin Bennett Assuming my minor tweaks to the original script I saw posted here are correct, here are my latest spam stats.. *sheesh* Mail Statistics; Mails spamassassin rejected scanner total mails Total says 'spam'by rulesetsays virusundelivered Nov 30 35940 4667 (12.99%) 18606 (51.77%) 11 ( 0.03%) 23284 (64.79%) Nov 23 52163 6150 (11.79%) 32346 (62.01%) 13 ( 0.02%) 38509 (73.82%) Nov 16 63159 6703 (10.61%) 35874 (56.80%) 12 ( 0.02%) 42589 (67.43%) Nov 9 64511 7384 (11.45%) 33678 (52.21%) 11 ( 0.02%) 41073 (63.67%) Nov 2 52982 7196 (13.58%) 23345 (44.06%) 35 ( 0.07%) 30576 (57.71%) Tony, what does rejected by ruleset indicate above? It looks like the rulesets are throwing out 4x to 5x the volume of messages that SA detects. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Spam received with a return path of mailfilter-dev-admin@lists.sourceforge.net
At 07:25 AM 12/4/2003, Clive Dove wrote: No big deal at the moment as it is only one message, but what happens when other spammers discover that this is a way to distribute their junk? It's been a problem for a LONG time and is nothing new at all.. This very issue forced sa-talk to become list that moderates non-subscriber posts after a barage of spam came in. (barage is a relative term, but so many subscribers were posting the same basic how did this happen post that it was driving list traffic up like mad), razor-users doesn't appear to have ever closed, so they still get spam posts, about 2-3 a month. Sourceforge has some spam filtering built in at the smtp layer (try to make a post with it V-word in it and your post will bounce), but it's hardly comprehensive. Do I now take the mailfilter lists off my list of ALLOW rules and my Spamassassin whitelist? That's probably a good idea. I don't whitelist any mailing lists, even this one, and the FP rate is pretty low. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamds that don't finish
Are there spamc processes accessing them?? - what is in that userpref file? How have you started spamd? Did it do it under 2.5x? If this is like what I am seeing then a killall -HUP spamd will at least get the server going again. :\ Pete -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cheryl L. Southard Sent: 04 December 2003 15:22 To: [EMAIL PROTECTED] Subject: [SAtalk] spamds that don't finish Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 Can anyone suggest things I can try to figure out what is going on? Since we have a 5 process spamd limit on our computer, these processes are really causing a traffic jam on my mail server. Thanks, Cheryl -- Cheryl Southard [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Long spam times
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 04 December 2003 07:07 am, Pete Henshall wrote: Hi there Try disabling bayes (bayes 0 in local.cf) - since upgrading to 2.60 we haven't been able to use bayes as the whole box just gets bogged down and some spamd processes just sit there with no spamc using them. Turn off bayes and all works fine :\ (Any ideas anyone?) Hm I'm not getting that here. Did you make sure to delete your old beys db and try from scratch. I did that then primed it with known ham and spam and I'm as good as ever. Also make sure you are running spamd -L to skip network tests (better to use rblsmtpd IMHO, I think it is quicker). Pete - -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/z2NynT1TkA6FgPgRAh5XAKCE8euEPWgqw5lcsvuTOpcuLsADrQCfVZbC 81zcGdo4JFZzJRlp0aDAlDc= =c1Zu -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
To throw oil into the flames: On Wed, Dec 03, 2003 at 08:10:17PM -0500, Carl R. Friend wrote: Why are we hiding from the police, daddy? Because we use vi, son, and they use emacs. Why not use 'vim' (multi window / multi file / macrolanguage / ... ) All luxuries included, and no need to switch from vi to emacs :-) And of course ':%s/old stuff/new stuff/g' does it Stucki (who tried a few times to switch to emacs, but strains his fingers while trying to Alt-Meta-Control-Something) --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Returns 0/0 instead of score...
Thanks for your reply... Before I was able to run spamc -c d:\test.txt and it would return a score (standalone). Then spamd wasn't running (far as I knew). So this would indicate that spamd is required to be running while spamc is used? Thanks, James -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:34 AM To: [EMAIL PROTECTED]; 'Spamassassin' Subject: Re: [SAtalk] Returns 0/0 instead of score... At 09:15 AM 12/4/2003, James wrote: Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild now when I run spamc -c d:\test.txt it return 0/0. Any thoughts? is spamd still running? This is typically what you'll get if you run spamc when spamd is down. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Messages full of white text
There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE The score on it is just really low. I've been pondering bumping it up. -Original Message- From: Rubin Bennett [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Messages full of white text Second, it's FULL of whited out html text on a default (usually white) background, which completely baffled my Bayes test. Is there a rule out there that will catch a message like this and tag it? Like test for #ff fonts without a different color background, or the like? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Messages full of white text
I should probably know this, but how can I tweak the score upwards a biton this rule? Thanks, Rubin On Thu, 2003-12-04 at 11:47, Mark Muller wrote: There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE The score on it is just really low. I've been pondering bumping it up. -Original Message- From: Rubin Bennett [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Messages full of white text Second, it's FULL of whited out html text on a default (usually white) background, which completely baffled my Bayes test. Is there a rule out there that will catch a message like this and tag it? Like test for #ff fonts without a different color background, or the like? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Rubin Bennett [EMAIL PROTECTED] RB Technologies signature.asc Description: This is a digitally signed message part
[SAtalk] Possible FP on big evil list
CC'd to list for opinions. OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and xmr3\.com . Googleing on these shows many people blocking this domain. Has this person signed up for this Sams Club newsletter? Is it UCE not spam? (That is a loaded/large debate quetion right there!) I'm hesitant to remove this one. This domain might be used by spammers and legit. Argh! Again, checking openrbl.org doesn't help much. I'm looking for spam hosts, not senders. Now I know why the dynablock guy went mad and retired ;) --Chris (Off to grep the copri.again!) Santerre -Original Message- From: Rich Puhek [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:02 PM To: [EMAIL PROTECTED] Subject: *SPAM* Possible FP on big evil list We've received a couple of complaints for the following email. I haven't confirmed if the email itself is legit. It hits BigEvilList_138 and _175. Looks like I was running version 1.52 at the time the email came through to them... although it's also possible I was running 1.5 (changed late this morning). Thanks! --Rich *snip* --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Simple SA-Learn question
I have my bayes built and running. I have 100 new spams to add to it. Can I just SA-Learn JUST those 100 and it will add to the tokens? Do I need to have a equal amount of ham to feed in this next 100 spam? I just dont want to ruin all the work I have spent setting this up. Thanks! Josh [EMAIL PROTECTED] 12/04/03 11:22AM Send Spamassassin-talk mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/spamassassin-talk or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Spamassassin-talk digest... --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Returns 0/0 instead of score...
Than as far as you knew was incorrect. spamc doesn't do anything unless run against spamd, either on your local host or some other host (with -d). Either spamd was running or you were using the spamassassin perl script. On Thu, 4 Dec 2003, James wrote: Thanks for your reply... Before I was able to run spamc -c d:\test.txt and it would return a score (standalone). Then spamd wasn't running (far as I knew). So this would indicate that spamd is required to be running while spamc is used? Thanks, James -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 11:34 AM To: [EMAIL PROTECTED]; 'Spamassassin' Subject: Re: [SAtalk] Returns 0/0 instead of score... At 09:15 AM 12/4/2003, James wrote: Ok, I have run in some more spam/ham messages, ran sa-learn --rebuild now when I run spamc -c d:\test.txt it return 0/0. Any thoughts? is spamd still running? This is typically what you'll get if you run spamc when spamd is down. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am = --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Messages full of white text
duh.. that was posted earlier this week and it apparently got core dumped. Thanks! On Thu, 2003-12-04 at 12:03, Alan Munday wrote: Rubin Add an entry in your local.cf score test_name your_score_value E.g. score MICROSOFT_EXECUTABLE 4.5 Alan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rubin Bennett Sent: 04 December 2003 16:56 To: [EMAIL PROTECTED] Subject: RE: [SAtalk] Messages full of white text I should probably know this, but how can I tweak the score upwards a biton this rule? Thanks, Rubin On Thu, 2003-12-04 at 11:47, Mark Muller wrote: There certainly is a rule, and it caught this mail: HTML_FONT_INVISIBLE The score on it is just really low. I've been pondering bumping it up. -Original Message- From: Rubin Bennett [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 10:40 AM To: [EMAIL PROTECTED] Subject: [SAtalk] Messages full of white text Second, it's FULL of whited out html text on a default (usually white) background, which completely baffled my Bayes test. Is there a rule out there that will catch a message like this and tag it? Like test for #ff fonts without a different color background, or the like? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Rubin Bennett [EMAIL PROTECTED] RB Technologies signature.asc Description: This is a digitally signed message part
[SAtalk] Re: MIME_MISSING_BOUNDARY
After further investigate it is aparently something in my html that is triggering this. Looking at the rule definition it is a function call rather than a simple regex. What in my html could trigger this? culley --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Spam Statistics
On Thu, Dec 04, 2003 at 09:10:01AM -0500, Rubin Bennett wrote: WEhat are you all seeing for spam vs. ham stats out there? I just ran my list statistics script and here's what I'm experiencing (much WORSE than the current accepted statistics of about 50/50): Stats since the 1st of the month (that's right, 4 days only!!!) Total messages: 50467 Clean Messages: 12800 Spam Messages:37667 That's 3 spams for every ham that comes in. And (according to our grumbling customers) there's a lot of spam that manages to squeak through still... I just installed the popcorn and BigEvil rules on this server- should be interesting to see how we do now. Fscking spammers. ObQuirk: Ability not in evidence, M'Lud. I think we're a little better off, but it still isn't pretty. Mails spamassassin rejected scanner total mails Total says 'spam'by rulesetsays virusundelivered Dec 3 7510 2807 (37.38%) 683 ( 9.09%) 16 ( 0.21%) 3506 (46.68%) Dec 2 7302 3118 (42.70%) 598 ( 8.19%)9 ( 0.12%) 3725 (51.01%) Dec 1 7095 2630 (37.07%) 536 ( 7.55%)0 ( 0.00%) 3166 (44.62%) * Nov 30 3178 1874 (58.97%) 283 ( 8.90%)0 ( 0.00%) 2157 (67.87%) * * Nov 29 3244 1987 (61.25%) 300 ( 9.25%)0 ( 0.00%) 2287 (70.50%) * H Nov 28 3942 2310 (58.60%) 413 (10.48%)0 ( 0.00%) 2723 (69.08%) H H Nov 27 3826 2259 (59.04%) 425 (11.11%)0 ( 0.00%) 2684 (70.15%) H Nov 26 6238 2608 (41.81%) 639 (10.24%)0 ( 0.00%) 3247 (52.05%) * indicates weekend, H indicates holiday. -- Mike Andrews [EMAIL PROTECTED] Tired old sysadmin --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Spam Statistics
On Thu, Dec 04, 2003 at 08:09:31AM -0800, Gary Funck wrote: From: [EMAIL PROTECTED] Assuming my minor tweaks to the original script I saw posted here are correct, here are my latest spam stats.. *sheesh* Mail Statistics; Mails spamassassin rejected scanner total mails Total says 'spam'by rulesetsays virusundelivered Nov 30 35940 4667 (12.99%) 18606 (51.77%) 11 ( 0.03%) 23284 (64.79%) Nov 23 52163 6150 (11.79%) 32346 (62.01%) 13 ( 0.02%) 38509 (73.82%) Nov 16 63159 6703 (10.61%) 35874 (56.80%) 12 ( 0.02%) 42589 (67.43%) Nov 9 64511 7384 (11.45%) 33678 (52.21%) 11 ( 0.02%) 41073 (63.67%) Nov 2 52982 7196 (13.58%) 23345 (44.06%) 35 ( 0.07%) 30576 (57.71%) Tony, what does rejected by ruleset indicate above? It looks like the rulesets are throwing out 4x to 5x the volume of messages that SA detects. It appears that Tony's running a (tweaked) version of my mailstats2.pl script. Unless he has changed that part, rejected by ruleset is SMTP sessions that were rejected because sendmail's access.DB had the domain or IP with REJECT. -- Mike Andrews [EMAIL PROTECTED] Tired old sysadmin --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Possible FP on big evil list
On Thu, 4 Dec 2003 11:59:13 -0500 Chris Santerre [EMAIL PROTECTED] wrote: CC'd to list for opinions. OK, this one actually bothers me. The URIs hitting are Pull\.xmr3\.com and xmr3\.com . Googleing on these shows many people blocking this domain. Has this person signed up for this Sams Club newsletter? Is it UCE not spam? (That is a loaded/large debate quetion right there!) I'm hesitant to remove this one. This domain might be used by spammers and legit. Argh! I'd let xmr3.com/messagereach.com rot in the blacklists based on their response as to why they keep trying to deliver to addresses that return 550 (permanent failure). Apologies for the long link: http://groups.google.com/groups?hl=enlr=ie=UTF-8safe=offthreadm=biqmjg%24fq7%40library2.airnews.netrnum=7prev=/groups%3Fq%3Dxmr3.com%2Bgroup:*abuse*%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26scoring%3Dd%26selm%3Dbiqmjg%2524fq7%2540library2.airnews.net%26rnum%3D7 Or search Google with 'xmr3.com group:news.admin.net-abuse.email' They're a repugnant mainsleaze operation like Topica and Postmaster Direct. Block 'em until their lists are confirmed opt-in (that's double opt-in in marketdroid-speak) or until they collapse under their wrong-headed, theft-based business model. Again, checking openrbl.org doesn't help much. I'm looking for spam hosts, not senders. Now I know why the dynablock guy went mad and retired ;) You haven't seen but the tip of the iceberg, matey... --Chris (Off to grep the copri.again!) Santerre niggle: plural of 'corpus' is 'corpora' :) -- Bob --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Spamd/Milter Problem
System: FreeBSD 4.9 Perl 5.00503 SpamAssassin 2.6 SpamassMilter SendMail 8.12.9p2 If I run the test GTUBE message through spamassassin using the following command: /usr/sbin/sendmail root /usr/local/share/doc/p5-Mail-SpamAssassin/sample-spam.txt I get the following in var/log/maillog: Dec 4 10:51:42 hades sendmail[223]: hB4GpgDl000223: from=mikec, size=799, class=-100, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Dec 4 10:51:42 hades sm-mta[224]: hB4Gpgw224: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] , size=969, class=-100, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=localhost.domain.com [127.0.0.1] Dec 4 10:55:42 hades sm-mta[224]: hB4Gpgw224: Milter (spamassassin): timeout before data read Dec 4 10:55:42 hades sm-mta[224]: hB4Gpgw224: Milter (spamassassin): to error state Dec 4 10:55:42 hades sendmail[223]: hB4GpgDl000223: to=root, ctladdr=mikec (1001/0), delay=00:04:00, xdelay=00:04:00, mailer=relay, pri=210294, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (hB4Gpgw224 Message accepted for delivery) Dec 4 10:55:42 hades sm-mta[229]: hB4Gpgw224: [EMAIL PROTECTED], [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] (1001/0), delay=00:04:00, xdelay=00:00:00, mailer=local, pri=211256, relay=local, dsn=2.0.0, stat=Sent Dec 4 11:10:54 hades sendmail[4736]: hB4HAs2R004736: from=mikec, size=799, class=-100, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] I also have this in /razor_agent.log Dec 04 10:28:25.664589 check[118]: [ 3] Unable to connect to 66.151.150.11:2703; Reason: Bad file descriptor. Dec 04 10:28:26.001671 check[118]: [ 3] Unable to connect to 66.151.150.11:2703; Reason: Bad file descriptor. Any ideas on why the Milter is timing out like that? --Mike Carlson [EMAIL PROTECTED] http://www.domitianx.com http://www.uselessthoughts.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] How to fix ?
Matt Kettler wrote: At 06:38 PM 12/3/2003, Gary Lopez wrote: Hello, I know this has been asked a lot of times, but is there a fix for the error below or am I just misconfigured ? I am runnin SA2.55 with sol 5.8 and sendmail with procmail. Any suggestions are welcome. Cannot open bayes_path /etc/mail/spamassassin/bayes R/O: Permission denied\n First, it's probably a bayes_file_mode thing, but you've really said nothing useful about your configuration so that's a wild guess. Have you over-ridden your bayes_path? No. the path is the same What does the bayes_path statement look like? bayes_file_mode 0770 bayes_path /etc/mail/spamassassin/bayes bayes_expiry_max_db_size15 bayes_journal_max_size 102400 Does the above file exist? yes drwxr-xr-x 2 root other512 Dec 3 17:29 bayes -rw-r--r-- 1 root other 206184 Nov 3 11:23 blacklists.cf -rw-r--r-- 1 root other 260406 Oct 14 14:56 evilrules.cf -rw-r--r-- 1 root other 212956 Dec 3 12:02 local.cf What are it's ownership and permissions? Are you passing a -u parameter to either spamd or spamc? no . /usr/local/bin/perl /usr/local/bin/spamd -d -a -c -m 10 If not, What user does spamc run as? root ... --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] SA-Talk poisoning Bayes
cant you just whitelist the sa-talk mailing lists since i believe Bayes does not learn from whitelists, correct? adam On Thu, 2003-12-04 at 11:21, Matt Kettler wrote: At 11:06 AM 12/4/2003, Smart,Dan wrote: In reading the sa-learn man file, it says running discussions of spam through sa-learn is bad. Does SA take this into account already, or should I create a procmail rule to bypass SA for messages from SATalk and (possibly) Postfix-List ? SA's bayesian system does not take into account where email comes from. So, you might want to consider creating a procmail bypass if you're concerned about poison. That said, I do run sa-talk through spamassassin here, and haven't had too much trouble, however my autolearn thresholds are set a bit wider apart than most. I do avoid sa-talk, razor-users, sa-dev, etc when setting up my training however. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Odd Behaviour
This is somewhat interesting. A fair number of mails are getting through with: X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD, CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE, HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, USER_IN_ALL_SPAM_TO autolearn=no version=2.60 Shouldn't X-Spam-Status be set to yes for this? Thanks, Owen --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
At 19:13 12/3/2003 -0600, mikea wrote: On Wed, Dec 03, 2003 at 07:17:28PM -0500, Rick Macdougall wrote: Peter P. Benac wrote: I have been using Emacs for almost 20 years. Is there any other editor :) :s/old stuff/newstuff/g only works if you only have one instance of old stuff per line!! H? What you talking about Willis? :s/old stuff/newstuff/g will replace ALL instances of old stuff with new stuff on the current line, not just one instance. :1,$ s/old stuff/newstuff/g will replace all instances of old stuff with newstuff in the entire file. Flame war ON! Ah! The editor wars begin anew! Wars, Smores... Heck, I use 'em all! I actually started with a vi-clone back on my Tandy Color Computer 2 (Called TS-EDIT), and still use it when I need to... ... but when I really need a secondary OS, I use Emacs. When I want to use something Emacs-like, but without all the heartburn, I go with Jove... it's the most Emacs-like small editor (128K executable, starts as fast as vi) I've found... used it for 10 years now. It's dead, AFAIK, but it works great. ObSA: Chris, thanks loads for the new bigevil! Memory consumption was my primary concern, and it's gone down quite a bit with the new rules! WRT payment... I have HockeyPhobia... got hit in the face by a puck when I was 8, hated it ever since. 2 years ago, a friend was convincing me to take up hockey, and as such zinged a puck at me (I was not on the ice, but just outside the boards) - puck hit the boards, and I hit the ceiling!!! [[ I was his boss at the time, too... he *damn* near lost his job!!! ]] For a while last year, I took a job working with a photographer who took action photos of Hockey tournaments (considering I live in the *Original* Hockeytown, USA (14000 people, 5 ice rinks!) There's lots of hockey tournaments here) and I did have to work taking pictures of the games... My phobia's much more under control now, but travelling 6 hours to pay too much to go watch the DeadWings play a game I don't care for... Hmmm... ;^ My 7-year-old *loves* hockey, tho... (already on a team!) I'm learning to skate a little, to help him, but he can already skate better than me!) Can I just let it skip a generation??? ;-P If things go as well as I can hope, he may be *in* the NHL someday... ;-) Laterz, Roger Merch Merchberger -- Roger Merch Merchberger | JC: Like those people in Celeronville! sysadmin, Iceberg Computers | Me: Don't you mean Silicon Valley??? [EMAIL PROTECTED] | JC: Yea, that's the place! | JC == Jeremy Christian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] How to fix ?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gary Lopez Sent: Thursday, December 04, 2003 9:45 AM To: Matt Kettler Cc: [EMAIL PROTECTED] Subject: Re: [SAtalk] How to fix ? Matt Kettler wrote: At 06:38 PM 12/3/2003, Gary Lopez wrote: Hello, I know this has been asked a lot of times, but is there a fix for the error below or am I just misconfigured ? I am runnin SA2.55 with sol 5.8 and sendmail with procmail. Any suggestions are welcome. Cannot open bayes_path /etc/mail/spamassassin/bayes R/O: Permission denied\n [...] What are it's ownership and permissions? Are you passing a -u parameter to either spamd or spamc? no . /usr/local/bin/perl /usr/local/bin/spamd -d -a -c -m 10 If not, What user does spamc run as? root ... I'm guessing this is not the case, but recall that root will often not be granted write access across an NFS mount. So if your /etc happened to be NFS mounted this might cause a problem. I had a similar occurrence of this error message while helping a friend tune his SA set up in his own user directory. spamassassin --lint gave the same diagnostic, but the perms looked fine. Eventually, I just rm'd the bayes files, retrained them on a small sample, and everything was fine after that. No clue as to what happened there. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Odd Behaviour
Owen Becker wrote: This is somewhat interesting. A fair number of mails are getting through with: X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD, CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE, HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, USER_IN_ALL_SPAM_TO autolearn=no version=2.60 Shouldn't X-Spam-Status be set to yes for this? Hi, -89.6 not 89.6, USER_IN_ALL_SPAM_TO is the one giving it -100 points. Regards, Rick --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] How to fix ?
At 12:44 PM 12/4/2003, Gary Lopez wrote: bayes_file_mode 0770 bayes_path /etc/mail/spamassassin/bayes bayes_expiry_max_db_size15 bayes_journal_max_size 102400 Does the above file exist? yes drwxr-xr-x 2 root other512 Dec 3 17:29 bayes Um.. that's a problem. try /etc/mail/spamassassin/bayes/bayes for your bayes_path. the last part of the bayes path isn't a path at all, it's part of a filename. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Odd Behaviour
NEGATIVE 89.6 means it was whitelisted. -Original Message- From: Owen Becker [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 1:10 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Odd Behaviour This is somewhat interesting. A fair number of mails are getting through with: X-Spam-Status: No, hits=-89.6 required=6.0 tests=BAYES_99,BIZ_TLD, CASHCASHCASH,DATE_IN_PAST_06_12,HTML_70_80,HTML_FONTCOLOR_BLUE, HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_MESSAGE,MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, USER_IN_ALL_SPAM_TO autolearn=no version=2.60 Shouldn't X-Spam-Status be set to yes for this? Thanks, Owen --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] SA-Talk poisoning Bayes
i thought bayes knew if a message was whitelisted or blacklisted and used that knowledge to prevent impartial bayes learning? Am i wrong in thinking this was ever the case? If bayes doesnt use whitelisting/blacklisting to determine auto_learn, then every whitelisted mail gets learned as ham and every blacklisted gets learned as spam, which is a very bad thing. Am i confused? adam On Thu, 2003-12-04 at 13:56, Matt Kettler wrote: At 12:53 PM 12/4/2003, Adam Denenberg wrote: cant you just whitelist the sa-talk mailing lists since i believe Bayes does not learn from whitelists, correct? No, bayes does not use the score contributions of whitelisting in determining wether or not to auto-learn, but it can still autolearn if the non-whitelisted score is over/under a threshold. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamds that don't finish
Cheryl, Dan and rest of list. So there are a few of us that have spamd's sitting there after spamc has timeout on something nasty, taking up loads of processing power Not just me which makes me feel a bit better. Do you two use bayes and do you have single processor or SMP systems? I have upgraded all the perl modules and it has still done it - this is my local.cf file rewrite_subject 1 spam_level_stars1 subject_tag *POSSIBLE_SPAM* use_terse_report1 skip_rbl_checks 1 ok_locales en ja ko th zh dcc_add_header 0 required_hits 5.5 use_bayes 1 #use_bayes 0 auto_learn 0 bayes_auto_learn0 #auto_learn 1 #bayes_auto_learn 1 #bayes_auto_learn_threshold_spam9 #bayes_auto_learn_threshold_ham 0.3 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] and about 50 more like this. a bit of a mish mash of stuff since 2.4 i guess but all works if I set bayes 0 :\ Dan, maybe it is looking in that dir cause the mta user has a home dir set to /Users/admin/ - my system side stuff is kept in /home/qscand/.spamassassin/ fwiw. Pete -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Tappin Sent: 04 December 2003 16:22 To: [EMAIL PROTECTED] Subject: RE: [SAtalk] spamds that don't finish I am running SA on OS X 10.2.8 and I have the same issue. I get the same one or two spamd processing just sitting there. I also eventually need to go in an manually kill these processes. I am currently running SA as my mta user. If I lint my config files I get the following: [firewall:~] admin% sudo -u mta spamassassin --lint -D debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin debug: ignore: using a test message to lint rules debug: using /usr/local/share/spamassassin for default rules dir debug: using /etc/mail/spamassassin for site rules dir debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or directory Failed to create default user preference file /Users/admin/.spamassassin/user_prefs debug: using /Users/admin/.spamassassin/user_prefs for user prefs file debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 No such file or directory debug: bayes: no dbs present, cannot scan: /Users/admin/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: Initialising learner debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB 200 debug: bayes: 12764 untie-ing debug: bayes: 12764 untie-ing db_toks Now I do not understand why SA is looking in /Users/admin for the user state directory? Can I tell SA to not use the user state dir?? Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cheryl L. Southard Sent: Thursday, December 04, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: [SAtalk] spamds that don't finish Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 Can anyone suggest things I can try to figure out what is going on? Since we have a 5 process spamd limit on our computer, these processes are really causing a traffic jam on my mail server. Thanks, Cheryl -- Cheryl Southard [EMAIL PROTECTED]
RE: [SAtalk] Long spam times
haven't been able to use bayes as the whole box just gets bogged down and some spamd processes just sit there with no spamc using them. Turn off bayes and all works fine :\ (Any ideas anyone?) Hm I'm not getting that here. Did you make sure to delete your old beys db and try from scratch. I did that then primed it with known ham and spam and I'm as good as ever. Thanks for the reply I deleted bayes* and let SA relearn from my spam archive and same problem, what are the (working) bayes* options in your local.cf? Thanks Pete --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Simplifying BigEvilList rules
Seems like it would be much better to simplify and shorten these rules with better regexp. Samples: rawbody BigEvilList_22 /\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i describe BigEvilList_22 Generated BigEvilList_22 score BigEvilList_223.0 rawbody BigEvilList_23 /\b(?:aliencan\.com|allaccessaccounts\.biz|alldealz\.com |alldolly\.net|all-herb\.biz|allmaverick\.com|allmediadtv\.com|ALLOYMARCH\.COM|A LLOYMODE\.COM|ALLOYPROJECT\.COM|allpolitics\.com|alpsyodel\.net|aluriasoftware\. com)\b/i describe BigEvilList_23 Generated BigEvilList_23 score BigEvilList_233.0 rawbody BigEvilList_24 /\b(?:ama\.com\.au|amazdrct\.com|amazedhere1\.com|amazin gdogtreats\.com|amazingmail\.com|amazingtvoffers\.com|amazingtvoffers\.net|amber 911\.com|amdctu\.com|AMERICAGARBANZO\.COM|AMERICAMARCH\.COM|american-giveaways\. com|americangrandcasino\.com)\b/i describe BigEvilList_24 Generated BigEvilList_24 score BigEvilList_243.0 Rewritten: rawbody BigEvilListComs_1 # (or maybe BigEvilListComs_A, BigEvilListComs_B and so on) /\b(?:(agnitum|ahamembership|aih01|ai\.hitbox|AIRMARCH|AIRSHADE|ajc| alertquotes|alfy|aliencan|alldealz|allmaverick|allmediadtv| ALLOYMARCH||ALLOYPROJECT|allpolitics|aluriasoftware|ama|amazdrct| amazedhere1|amber911|amdctu|AMERICAGARBANZO|AMERICAMARCH| american\-giveaways|americangrandcasino)\.com)\b/i rawbody BigEvilListNets_1 rawbody BigEvilListOrgs_1 rawbody BigEvilListBizs_1 rawbody BigEvilListCoAu_1 ...and so on...Less rules, less text, more clarity. BTW, it's safer to escape '-' as well. Greg -- Greg Webster - [EMAIL PROTECTED] In-Touch Software Corporation Ph: (604)278-0515 - Fax: (604)608-3112 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] SA-Talk poisoning Bayes
ok that clears it up, sorry for the confusion. I misinterpreted your explanation. I am clear on how this operates now. thanks adam On Thu, 2003-12-04 at 14:37, Matt Kettler wrote: At 02:18 PM 12/4/2003, Adam Denenberg wrote: i thought bayes knew if a message was whitelisted or blacklisted and used that knowledge to prevent impartial bayes learning? Am i wrong in thinking this was ever the case? If bayes doesnt use whitelisting/blacklisting to determine auto_learn, then every whitelisted mail gets learned as ham and every blacklisted gets learned as spam, which is a very bad thing. *COUGH* *clears throat* I'll repeat myself...Please read carefully this time. No, bayes does not use the score contributions of whitelisting in determining wether or not to auto-learn, but it can still autolearn if the non-whitelisted score is over/under a threshold. In other words, bayes autolearning behaves as if whitelisting and blacklisting does not exist. The score contributions of white/black listing are removed entirely calculating the score for the autolearner. Thus, whitelisted messages DO NOT get ANY special treatment. They will NOT all be learned as ham, because the -100 score bias is IGNORED by the bayes autolearner. ie: a whitelisted message with a score of -98.0 is judged by the autolearner as if it had a score of +2.0, because the -100 for the whitelist is removed from the calculations entirely. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
mikea [EMAIL PROTECTED] wrote: Ah! The editor wars begin anew! I'll just go start some popcorn. As for me, I don't open my eggs on the big _or_ the little end. I crack 'em around the equator. I'm too embarrassed to tell people I use pico... -- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Chris Barnes AOL IM: CNBarnes [EMAIL PROTECTED]Yahoo IM: chrisnbarnes Computer Systems Manager ph: 979-845-7801 Department of Physics fax: 979-845-2590 Texas AM University --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] spamds that don't finish
On Thu, 4 Dec 2003, Cheryl L. Southard wrote: Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file One idea, there's something in the mail that particular user is getting that is triggering some kind of bug in SA (buffer overflow, etc). Can you find the offending message and try feeding it to SA by hand? With one of the RC versions of 2.60, if a message had a weird long header it would cause the spamd to blow up. I've not seen it with the release version of 2.60, but it doesn't mean that it couldn't happen. I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 Can anyone suggest things I can try to figure out what is going on? Since we have a 5 process spamd limit on our computer, these processes are really causing a traffic jam on my mail server. Another idea, are you using Bayes, and if so do you not have bayes_learn_to_journal enabled? If you are not journaling, then each spamd wants to update the bayes database and there could be locking contention. On some types of machine (particularly SMP) Berkeley_DB uses a spinlock which can use high CPU, particularly if something gets stuck. Dave -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Long spam times
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 04 December 2003 11:39 am, Pete Henshall wrote: Thanks for the reply I deleted bayes* and let SA relearn from my spam archive and same problem, what are the (working) bayes* options in your local.cf? Thanks Pete I acutally put it int oa bayes.cf all by itself and leave the local.cf alone. You will want to tweak my scoreing as I use beys allot and give it a very high score. I have my spam threshold set to 14 or 15 cant remember. My spam with the rules I have besides bayes usually hits way up in the 40's and above. adn by setting the thresh hold that high I very rarely get false positive. but here is my bayes.cf bayes_path /var/spool/spamassassin/bayes bayes_file_mode 666 use_bayes 1 auto_learn 1 # Mail which scores outside this range will be fed back into SpamAssassin's # learning system automatically, to train the Bayesian scanner. auto_learn_threshold_nonspam 1.0 auto_learn_threshold_spam 20.0 # bayes_ignore_header # If you receive mail filtered by upstream mail systems, like a # spam-filtering ISP or mailing list, and that service adds new # headers (as most of them do), these headers may provide inappropriate # cues to the Bayesian classifier, allowing it to take a ``short cut''. # To avoid this, list the headers using this setting. Example: # # bayes_ignore_header X-Upstream-Spamfilter # bayes_ignore_header X-Upstream-SomethingElse bayes_ignore_header X-s.logic-spamassas-bar bayes_ignore_header X-s.logic-spamassas bayes_ignore_header X-SA-Exim bayes_ignore_header X-Spam-Flags bayes_ignore_header X-MailScanner-Information bayes_ignore_header X-MailScanner bayes_ignore_header X-MailScanner-SpamCheck bayes_ignore_header X-Spam-Score bayes_ignore_header X-Scanned-By bayes_ignore_header X-Sanitizer bayes_ignore_header ReSent-Date bayes_ignore_header ReSent-From bayes_ignore_header ReSent-Message-ID bayes_ignore_header ReSent-Subject bayes_ignore_header ReSent-To bayes_ignore_header Resent-Date bayes_ignore_header Resent-From bayes_ignore_header Resent-Message-ID bayes_ignore_header Resent-Subject bayes_ignore_header Resent-To bayes_ignore_header X-Virus-Status score BAYES_00 -20.0 score BAYES_01 -15.0 score BAYES_10 -10.0 score BAYES_20 -6.0 score BAYES_30 -3.0 score BAYES_40 -1.0 score BAYES_44 -0.5 score BAYES_50 0.5 score BAYES_56 5.5 score BAYES_60 8.5 score BAYES_70 10.5 score BAYES_80 13.0 score BAYES_90 15.0 score BAYES_99 20.0 - -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/z5U8nT1TkA6FgPgRAlgyAJwOj23pZJIFhRv7tZPSFeiSRWLW6gCdGewu 2xIG755l3dDsKLbEHcSGhvk= =oxjT -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
-Original Message- From: Chris Barnes [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 2:54 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Re: BIG HUGE EVIL RULE NEWS mikea [EMAIL PROTECTED] wrote: Ah! The editor wars begin anew! I'll just go start some popcorn. As for me, I don't open my eggs on the big _or_ the little end. I crack 'em around the equator. I'm too embarrassed to tell people I use pico... -- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Chris Barnes AOL IM: CNBarnes Hi2U my brotha!!! Pico ownz you all! :) vi != Very Intuitive --Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] a new Sendmail Filter
Hi There, There is a new Sendmail Filter developed by Mailshell that is utilizing a very powerful engine to catch spam, Mailshell SpamCatcher. Filter has many configuration options which you can customize according to your needs. It can be freely downloaded from: http://www.mailshell.com/mail/client/oem2.html/step/sendmail Please don't hesitate to send your feedback to: [EMAIL PROTECTED] Best Regards, Burcu Ozserim __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Simplifying BigEvilList rules
-Original Message- From: Greg Webster [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 2:44 PM To: [EMAIL PROTECTED] Subject: [SAtalk] Simplifying BigEvilList rules Seems like it would be much better to simplify and shorten these rules with better regexp. *SNIP* That was my orginal intent. However there are .net, .us, .nz, ... Way tooo many to script. So I let it stand as is. Remeber these are generated. If in future updates they somehow mange to all be .com I will adjust the rule to be like your example. But at 2600+, I wasn't looking to do anything by hand :) --Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Sa-learn process
Another, hopefully not dumb, sa-learn question. I am quarantining any email that has a score of 8.5 to 15. Should I just run sa-learn --spam on these messages ? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] a new Sendmail Filter
--On Thursday, December 04, 2003 12:13 PM -0800 kula Yu [EMAIL PROTECTED] wrote: There is a new Sendmail Filter developed by Mailshell that is utilizing a very powerful engine to catch spam, Mailshell SpamCatcher. New? I don't know if new is good. http://news.cnet.com/news/0-1278-210-6474898-1.html?tag=bt_pr _Blocking spam before it slams you_ quote To use the service, an e-mail user--let's call him Max--first creates a new Web name at Mailshell, such as max12.mailshell.com. Once this is done, Max can freely give out any number of different e-mail addresses. Immediate family members, for example, might send Max e-mail at [EMAIL PROTECTED] E-mails sent to such addresses are automatically forwarded to Max's unpublicized, real e-mail address. Alternatively, Mailshell can store the e-mail for later viewing, or Max can have messages deleted unread. /quote No thank you. Filter has many configuration options which you can customize according to your needs. It can be freely downloaded from: The TRIAL can be freely downloaded.. for 60 days use. I didn't see a price for the real product. Please don't hesitate to send your feedback to: [EMAIL PROTECTED] Please don't spam our group. Best Regards, Burcu Ozserim Are you Burcu Ozserim or Kula Yu? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] SA + Openldap problem
Hello all, Trying to find my problem out. Trying to get Openldap working with spamassassin. I think that I am running into a problem with user problems and there prefs in there home dir. If I setup a user on the system I am able to filter fine, but if use a user in openldap I am not. I have pam_ldap installed and nss_ldap installed correctly. The users in openldap do not have shell accounts, they are email only. Using the follow versions: openldap-2.1.23 pam_ldap-165 nss_ldap-211 What entries do I need to add into my pam.conf, if any? Here is my spamc entry in my procmailrc file: :0fw | /usr/local/bin/spamc :0: * ^X-Spam-Status: Yes Been trying to get this working for awhile now. Please help. I know I am missing something simple, but just can't figure it out. The last thing in my procmail log file is: procmail: Executing /usr/local/bin/spamc and nothing else until I stop spamd, and then the message gets delivered. But as long as spamd is running, the mail just hangs and does not get delivered. I am running spamd in debug mode and nothing strange shows up the logs. Using SA 2.60. TIA --Keith --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
Chris Santerre said: -Original Message- From: Chris Barnes [mailto:[EMAIL PROTECTED] mikea [EMAIL PROTECTED] wrote: Ah! The editor wars begin anew! I'll just go start some popcorn. As for me, I don't open my eggs on the big _or_ the little end. I crack 'em around the equator. I'm too embarrassed to tell people I use pico... Hi2U my brotha!!! Pico ownz you all! :) vi != Very Intuitive C'mon now... what could be more intuitive than j for move down, l for right, *yy for copy to clipboard, gg for move to top of file? Are you just kidding? ;) :wq -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases: http://www.sandgnat.com/cmos/ PS. I use vim almost exclusively :) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
--On Thursday, December 04, 2003 16:05:24 -0500 Chris Santerre [EMAIL PROTECTED] wrote: roger that captain. Entertainment domains removed. I actually had a note to check those out. Let me know what the others are. hint: View source, search for 'http://' check against list what you find. 2 minutes tops. :) Please change the timestamp in the file to military time or make sure you get the (A|P)M right :-) Thanks! LER 1.58 --Chris -Original Message- From: Mark Muller [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 3:51 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS Bigevil just took a poke at a legit ticketmaster confirmation email, hit on 3 rules: 70, 82 and 150. I'm tracking down the specific URLS, one is entertainment.com :( -Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS Chris Santerre said: -Original Message- From: Chris Barnes [mailto:[EMAIL PROTECTED] mikea [EMAIL PROTECTED] wrote: Ah! The editor wars begin anew! I'll just go start some popcorn. As for me, I don't open my eggs on the big _or_ the little end. I crack 'em around the equator. I'm too embarrassed to tell people I use pico... Hi2U my brotha!!! Pico ownz you all! :) vi != Very Intuitive C'mon now... what could be more intuitive than j for move down, l for right, *yy for copy to clipboard, gg for move to top of file? Are you just kidding? ;) :wq -- Chris Thielen Easily generate SpamAssassin rules to catch obfuscated spam phrases: http://www.sandgnat.com/cmos/ PS. I use vim almost exclusively :) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 pgp0.pgp Description: PGP signature
Re: [SAtalk] a new Sendmail Filter
At 03:13 PM 12/4/2003, kula Yu wrote: Hi There, There is a new Sendmail Filter developed by Mailshell that is utilizing a very powerful engine to catch spam, Mailshell SpamCatcher. Filter has many configuration options which you can customize according to your needs. It can be freely downloaded from: http://www.mailshell.com/mail/client/oem2.html/step/sendmail Please don't hesitate to send your feedback to: [EMAIL PROTECTED] And why would the users of SpamAssassin, a free open-source mailfilter, be interested in a commercial filter (with free 60-day trial, subject to click-wrap download agreement)? Looks like an unsolicited email advertising a commercial product to me. sarcasm Nice to see that mailshell has good anti-spam ethics and markets it's products by sending UCE to the mailing lists of open-source spamfilters... (this post was also on razor-users) They've even got a good, high ethic reputation on NANAE: http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8threadm=cu76ivst1cc3tppa6sj965l0qf7b8f900s%40news.rcn.comrnum=6prev=/groups%3Fq%3Dmailshell%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dcu76ivst1cc3tppa6sj965l0qf7b8f900s%2540news.rcn.com%26rnum%3D6 http://groups.google.com/groups?selm=fb7c7ecd.0109072151.fa0799c%40posting.google.com /sarcasm --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] How to do better than 85% detect?
At 03:33 PM 12/4/2003, Kurt Buff wrote: I've also got Bayes autolearning turned on, and it's definitely active. snip Is there anything I can do to help improve the detection rate? I'd advise not using bayes with autolearning alone.. Bayes more or less requires at least some hand-feeding in order to be effective. Most autolearn-only bayes databases wind up being mostly poisoned and wind up doing more harm than good. If you're seeing any spam with BAYES_ scores under 20, or ham with bayes scores over 80 you've got big bayes database problems. Spam under 50 or ham over 50 should also be extraordinarily rare. Most should wind up on the right side with either 00 or 10 for ham, and 99 or 90 for spam. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
OK I have issues: -Original Message- From: Mark Muller [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 3:59 PM To: Mark Muller; '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS Sorry for the double mail, I got excited and sent too early. ticketmaster.com confirmation mails have the following (decidedly evil) domains in them: promotion.entertainment.com (70) a1524.g.akmaitech.net (82) and service.bfast.com (150) These are definetley in SPAM and HAM. Same goes for the xmr3.com domain I was talking about earlier. So Now I have a problem. When I said I wanted zero FPs, I didn't forsee the fact the spammers were using some of the same hosts as legit email. This sucks. This is rather an important issue. Up until now, no one has really done anything with hosts. This is kind of the first instance where it will make a large impact. I'm sure no one has ever complained to these hosts. We have all been complaining about ISPs where the email comes from, not image/web hosting of spammers. So I have a VERY important question: Leave these domains in, email gets marked as spam. People begin to complain. Spammers will/may get kicked. Although that is doubtful as hosting spamsite/image isn't really againist Usage Poilcies. However legit customers may learn that there host is being marked as spam and go elsewhere. THAT hurts the hosts the most. or, Take them out of the list. Spammers will continue to use. Maybe more so as they find it is not in my list. But ticketmaster FPs and such won't get marked. Personally, I'll be whitelisting ticketmaster rather than removing akmaitech :P I hate those guys. But obviously Chris wanted *zero* false positives, and this is one. Yup, not sure what to do. ANY ideas welcome. I could break these out to a seperate rule for commenting out. This seems like the best. I went thru my spam corpa (I got an english lesson today!), and found these in definate spam. bfast.com was all over my spam corpa. I personally don't want to take them out. I guess we need to start forwarding spams not only to email host, but image and web as well. With the intent that if they continue to host spam, email containing their domain will be marked as spam, and not delivered. (yeah I know.) --Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
-Original Message- From: Larry Rosenman [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 4:30 PM To: Bart Schaefer; [EMAIL PROTECTED] Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS --On Thursday, December 04, 2003 13:26:27 -0800 Bart Schaefer [EMAIL PROTECTED] wrote: On Thu, 4 Dec 2003, Mark Muller wrote: promotion.entertainment.com (70) a1524.g.akmaitech.net (82) and service.bfast.com (150) Personally, I'll be whitelisting ticketmaster rather than removing akmaitech :P I hate those guys. I presume you mean akamaitech. What have you got against Akamai? All they do is distributed asset hosting for high-volume web access, as far as I know. Heck, even SpamCop uses some services from Akamai. and symantec, and others. (We have an Akamai cluster at the ISP I work for). That is the problem we are now facing. Would a spammer need high volume web access? My corpa says yes. I obviously can't tag this now. I removed the first 2, but I have left bfast.com and xmr3.com in for now. I may remove tomorrow. I need to think about some things tonight. I'm thinking these will go in a comment out rule. Mabye a rule 999 that is scored .01 so people can see it had one of these and report it to the host? 1.58a is up. Proper time (PM). Changes are just listed in this post. When I actually start updating this with new domains, strict testing is going to be done. I'm not liking these hosts playing both sides of the field. --Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
On Thu, Dec 04, 2003 at 03:38:29PM -0600, Mark Muller wrote: Because I've never opted into anything, yet I get spam with images hosted on akamaitech/akamai. Perhaps hate was a strong word, I dislike them very much? :) The fact that it found it's way into evil rules (in 3 separate places no less) says to me that it's not entirely benevolent. No, it says that spammers like to have their images load quickly so they go find one that is akamai hosted and link to it. Not all urls in spam messages are there with the permission of the owners of the domain. I have a three box cluster of Akamai boxes in my rack. Makes the frequent MS Software Updates for remote exploits come in a lot faster, even though I have an extra 100Mbps or so laying around unused. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamds that don't finish
On Thu, 4 Dec 2003, Pete Henshall wrote: Hi dan, list, I think it's simply a function of load. The first system gets the bulk of the mail thoughput. You can see that the erratic loads tail off over the weekend. It's wierd. I have tried disabling RBL, bayes and even removing all my third party rules. No dice. If it is still leaving spamds lying around with bayes disabled then I don't know I have just set bayes_learn_to_journal 0 (thanks David Funk) and my problem seems to have stopped maybe. I'm sorry if I gave you the wrong impression, if you are using Bayes with auto_learn (auto_learn 1), then you most likely -do- want bayes_learn_to_journal set to 1. (enabled). If you use auto_learn and disable journaling, then each spamd tries to update the Bayes database with each new message (thus increasing the probablilty of lock contention problems). If you enable journaling then each spamd just appends to the end of the journal file (no locking needed for a simple text append). Then the database will perocially get rebuilt and incorporated in the database. So only that occasional rebuild needs to lock the database. As far as I am concerned spamd should NEVER have rouge spamd's coming off it that don't have a matching spamc. (is that right??) I'm not so sure about this. If you have bayes_learn_to_journal enabled then a spamd child will need to be run when ever the journal file gets full (size bayes_journal_max_size) or it's been around for more than one day. Also, unless you've explicitly disabled it, a db expire is done daily (which would be another spamd child). So unless you disable all automatic Bayes maintanence operations (learn, expire, etc), then there will be the possibility of spamd children and potential lock contention. Dave -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] How to do better than 85% detect?
At 04:35 PM 12/4/2003, Matt Kettler wrote: Most autolearn-only bayes databases wind up being mostly poisoned and wind up doing more harm than good. If you're seeing any spam with BAYES_ scores under 20, or ham with bayes scores over 80 you've got big bayes database problems. Spam under 50 or ham over 50 should also be extraordinarily rare. Most should wind up on the right side with either 00 or 10 for ham, and 99 or 90 for spam. Replying to myself, My characterization of no spam under BAYES_20 is a bit extreme, but not entirely off base. For reference, here's my current BAYES_ distribution for all the tagged and false-negative spam I've got on hand. 1106 - BAYES_99 94 - BAYES_90 25 - BAYES_80 28 - BAYES_70 25 - BAYES_50 79 - BAYES_50 7 - BAYES_40 8 - BAYES_30 8 - BAYES_20 4 - BAYES_10 7 - BAYES_01 10 - BAYES_00 46 - no BAYES_ match at all. So of 1,447 spams, 21 (1.45%) of them had bayes scores in the 00, 01 and 10 range. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] spamds that don't finish
I am a bit lost. Here is my basic local.cf file: required_hits 5 skip_rbl_checks 0 use_bayes 1 bayes_file_mode 0700 bayes_path /var/spool/bayes/bayes Am I missing anything here. I want to try bayes and I am still feeding sa-learn spam and ham. My /var/spool/bayes/ directory is being updated each night when I run sa-learn and sa-learn --dump outputs lots of fun stuff which make me believe that it's working correctly. My spamassassin --lint -D output seems to be looking in /Users/admin/.spamassassin for pref files although I am not running SA as this user (I am running it as the mta user that my mail server uses). Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David B Funk Sent: Thursday, December 04, 2003 2:59 PM To: Pete Henshall Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [SAtalk] spamds that don't finish On Thu, 4 Dec 2003, Pete Henshall wrote: Hi dan, list, I think it's simply a function of load. The first system gets the bulk of the mail thoughput. You can see that the erratic loads tail off over the weekend. It's wierd. I have tried disabling RBL, bayes and even removing all my third party rules. No dice. If it is still leaving spamds lying around with bayes disabled then I don't know I have just set bayes_learn_to_journal 0 (thanks David Funk) and my problem seems to have stopped maybe. I'm sorry if I gave you the wrong impression, if you are using Bayes with auto_learn (auto_learn 1), then you most likely -do- want bayes_learn_to_journal set to 1. (enabled). If you use auto_learn and disable journaling, then each spamd tries to update the Bayes database with each new message (thus increasing the probablilty of lock contention problems). If you enable journaling then each spamd just appends to the end of the journal file (no locking needed for a simple text append). Then the database will perocially get rebuilt and incorporated in the database. So only that occasional rebuild needs to lock the database. As far as I am concerned spamd should NEVER have rouge spamd's coming off it that don't have a matching spamc. (is that right??) I'm not so sure about this. If you have bayes_learn_to_journal enabled then a spamd child will need to be run when ever the journal file gets full (size bayes_journal_max_size) or it's been around for more than one day. Also, unless you've explicitly disabled it, a db expire is done daily (which would be another spamd child). So unless you disable all automatic Bayes maintanence operations (learn, expire, etc), then there will be the possibility of spamd children and potential lock contention. Dave -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Interesting about BIG HUGE EVIL RULEs
Title: Interesting about BIG HUGE EVIL RULEs Because I don't have sourceforge whitelisted, 6 of the last 20 messages to the list were labeled as spam. Rules that hit were: 3.0 BigEvilList_70 BODY: Generated BigEvilList_70 3.0 BigEvilList_150 BODY: Generated BigEvilList_150 3.0 BigEvilList_175 BODY: Generated BigEvilList_175 70 and 150 hit in every one, 175 only in a few. This is # BigEvilList Beta version 1.57a
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
hehehe. thanks to bigevil rules, anybody that mentions any of those domains goes over the spam filter. half this thead has been binned. :) keep it up evilruleman. M -Original Message- From: Fritz Mesedilla [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 4:07 PM To: Chris Santerre; [EMAIL PROTECTED] Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS I was getting quite envious of you people seeing the bigevil list working. Now I got my first bigevil catch: Content analysis details: (9.5 points, 5.0 required) pts rule name description -- -- 1.1 HTML_WEB_BUGS BODY: Image tag intended to identify you 0.0 HTML_80_90 BODY: Message is 80% to 90% HTML 0.2 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.4 HTML_TITLE_EMPTY BODY: HTML title contains no text 2.8 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words 3.0 BigEvilList_128BODY: Generated BigEvilList_128 0.6 MISSING_MIMEOLEMessage has X-MSMail-Priority, but no X-MimeOLE 0.1 HTML_COMMENT_RATIO HTML comments are large percentage of message 0.7 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer Just a note by the way, I placed the bigevil.cf file under /var/amavis/.spamassassin/ because spamassassin runs with amavisd-new and clamav. Some people might just be curious why running under amavis doesn't work when placed under /etc/mail/spamassassin Thanks again Chris!!! Great work! Recently updated bigevil version 1.52 to 1.57. Cheers, fritz www.mesedilla.com --- + Basta Ikaw Lord -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 4:49 AM To: 'Vivek Khera'; [EMAIL PROTECTED] Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS Done and Done and Will do :) Yes I even put the time. No need to update if you have 1.57, as these were just info changes. I'm sure 1.58 could be lurking just around the corner. I'm just waiting for the next Matt email to come in, or possibly an RM email. He has been quiet.too quiet :) --Chris (I top post in your general direction) Santerre -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS Nice list. I have two recommendations/suggestions: 1) put the full URL of the canonical source into the file itself, so people know from where to get updates 2) put a date into the file, so people will know how fresh the info is. And add china-inflatable.com and cn-inflatables.com ;-) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Fax: (632) 637-2206 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100 --- This SF.net email is sponsored by OSDN's Audience
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
Ahh, that would explain my previous post then. Never mind I guess! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Western,RD Aust Sent: Thursday, December 04, 2003 2:25 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS hehehe. thanks to bigevil rules, anybody that mentions any of those domains goes over the spam filter. half this thead has been binned. :) keep it up evilruleman. M -Original Message- From: Fritz Mesedilla [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 4:07 PM To: Chris Santerre; [EMAIL PROTECTED] Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS I was getting quite envious of you people seeing the bigevil list working. Now I got my first bigevil catch: Content analysis details: (9.5 points, 5.0 required) pts rule name description -- -- 1.1 HTML_WEB_BUGS BODY: Image tag intended to identify you 0.0 HTML_80_90 BODY: Message is 80% to 90% HTML 0.2 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.4 HTML_TITLE_EMPTY BODY: HTML title contains no text 2.8 HTML_IMAGE_ONLY_02 BODY: HTML: images with 0-200 bytes of words 3.0 BigEvilList_128BODY: Generated BigEvilList_128 0.6 MISSING_MIMEOLEMessage has X-MSMail-Priority, but no X-MimeOLE 0.1 HTML_COMMENT_RATIO HTML comments are large percentage of message 0.7 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer Just a note by the way, I placed the bigevil.cf file under /var/amavis/.spamassassin/ because spamassassin runs with amavisd-new and clamav. Some people might just be curious why running under amavis doesn't work when placed under /etc/mail/spamassassin Thanks again Chris!!! Great work! Recently updated bigevil version 1.52 to 1.57. Cheers, fritz www.mesedilla.com --- + Basta Ikaw Lord -Original Message- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 4:49 AM To: 'Vivek Khera'; [EMAIL PROTECTED] Subject: RE: [SAtalk] BIG HUGE EVIL RULE NEWS Done and Done and Will do :) Yes I even put the time. No need to update if you have 1.57, as these were just info changes. I'm sure 1.58 could be lurking just around the corner. I'm just waiting for the next Matt email to come in, or possibly an RM email. He has been quiet.too quiet :) --Chris (I top post in your general direction) Santerre -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: Re: [SAtalk] BIG HUGE EVIL RULE NEWS Nice list. I have two recommendations/suggestions: 1) put the full URL of the canonical source into the file itself, so people know from where to get updates 2) put a date into the file, so people will know how fresh the info is. And add china-inflatable.com and cn-inflatables.com ;-) -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient
RE: [SAtalk] Interesting about BIG HUGE EVIL RULEs
Title: Interesting about BIG HUGE EVIL RULEs Never mind about this, from another thread learned that it is just working as advertised. Over anxious I guess. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott HarrisSent: Thursday, December 04, 2003 2:04 PMTo: [EMAIL PROTECTED]Subject: [SAtalk] Interesting about BIG HUGE EVIL RULEs Because I don't have sourceforge whitelisted, 6 of the last 20 messages to the list were labeled as spam. Rules that hit were: 3.0 BigEvilList_70 BODY: Generated BigEvilList_70 3.0 BigEvilList_150 BODY: Generated BigEvilList_150 3.0 BigEvilList_175 BODY: Generated BigEvilList_175 70 and 150 hit in every one, 175 only in a few. This is # BigEvilList Beta version 1.57a
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
Thus spake Chris Santerre ([EMAIL PROTECTED]) [04/12/03 16:48]: That is the problem we are now facing. Would a spammer need high volume web access? My corpa says yes. I obviously can't tag this now. I removed the first 2, but I have left bfast.com and xmr3.com in for now. I may remove tomorrow. I need to think about some things tonight. I'm thinking these will go in a comment out rule. Mabye a rule 999 that is scored .01 so people can see it had one of these and report it to the host? Yes, a spammer would need high availability. But so does Microsoft, Apple, CBC (Canadian Broadcasting Corporation), etc. Again, just because an image is hosted by Akamai doesn't even mean that Akamai is aware of this -- it just means that someone who may or may not be paying Akamia either found an image hosted by them, or put an image up, and is referencing it in their spam. It's akin to someone sending spam using your address in the From: field -- I'm not going to blacklist you because you were Joe-Jobbed, nor should I be blacklisting a company because their webiste was Joe Jobbed. I man the abuse desk here, and at least once a week, I get a spam complaint, due to a spamvertised website. Looking over the spam shows, usually, about a hundred or so websites included, that have nothing to do with each other -- they look like they were included to confuse places like SpamCop, or any domain whitelisting that may be done. When I actually start updating this with new domains, strict testing is going to be done. I'm not liking these hosts playing both sides of the field. It's tough, but your decision is simple: Zero False Positives means that these sites can't be listed. I'm not affiliated with Akamai, but I do work with them (we have a three-host rack here as well). I've seen them give me my Windows Updates when Microsoft was crawling, I've seen them mitigate DoS attacks, and I can get my Apple trailers a heck of a lot faster... ;) Trust me, Akamai is a Good Thing(tm). - Damian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
OK. I'm hoping this is it for a week. I'm away from email after tomorrow. People checking here for me have been informed to No touchy! my project :) 1.59 is up. The 3 below, plus xmr3.com have been moved to a seperate rule for watching. I will add more domains as they are found to be both SPAM+HAM hosts. This will allow you to see if the spam contains one. Also help with some scripts I use for hit frequencies. I'm going home now, putting kids to bed, and having a beer. Hoping I don't have to type 1.60 tomorrow. Chris (Bruins vs. Maple Leafs in 1.5 hours!) Santerre *snip* assign them to one or more separate rules, and actually run the GA to give them a score based on their likelyhood of appearing in spam, rather than including them in a ruleset that is given a blanket fixed score of 3.0. We tried the seperate rule method. Did you try my previous evilrules.cf files? You would know why that got abandond :) I went thru my spam corpa (I got an english lesson today!) It's corpora, actually ... spelling flames normally being a no-no, but you seem to be interested. I said I got a lesson. I didnt' say I paid attention ;) --Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Interesting about BIG HUGE EVIL RULEs
On Thu, 4 Dec 2003, Scott Harris wrote: Because I don't have sourceforge whitelisted, 6 of the last 20 messages to the list were labeled as spam. Rules that hit were: 3.0 BigEvilList_70 BODY: Generated BigEvilList_70 3.0 BigEvilList_150BODY: Generated BigEvilList_150 3.0 BigEvilList_175BODY: Generated BigEvilList_175 70 and 150 hit in every one, 175 only in a few. This is # BigEvilList Beta version 1.57a One way to deal with this is to modify the area that the rules search. Replace the rawbody with uri and they will only hit against references in URLs, not just floating random text. Most of the spammer use of those domains are inside URLs to direct victims to spamvertizement sites, so this -should- not reduce the effectivenss of the rules in the good fight. ;) Of course, the better way would be to set up an effective whitelist for this list (that's what I did some time ago). Dave -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: [SAdev] Spamassassin problems with Outlook 2003
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 BJ Quinn writes: Bugzilla Bug 2538, address problems with Outlook forgery rules (email coming from Outlook 2003 was getting tagged as spam because of its reliance on the SMTP server to create the message-ID headers, therefore shipping out emails without message-ID headers) was slated to be fixed for the 2.61 release. Does anybody know when the 2.61 release will come out, or whatever version will fix this? When it's ready ;) There's a couple more fixes that should go in, then we can release. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Exmh CVS iD8DBQE/z7q7QTcbUG5Y7woRAtWgAKCZCl2KTSmxpN1il3m/6+5sRb2NEQCfcroZ HlbahqWEmkac5kgNGRWTYxs= =D/ku -END PGP SIGNATURE- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
Chris Thielen wrote: Chris Santerre said: vi != Very Intuitive C'mon now... what could be more intuitive than j for move down, l for right, *yy for copy to clipboard, gg for move to top of file? Are you just kidding? ;) Actually it was very intuitive back in the old days when the arrow keys were ctl-H (left), ctl-J (down), ctl-K (up), and ctl-L (right) on old VT-52, and TEK terminals. Ooops, I'm dating myself. ;) Bob -- Bob Amen O'Reilly Associates, Inc. http://www.ora.com/ http://www.oreilly.com/ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] spamc question
Hello, I have this as my filter.sh file under postfix and it works just find. The log file /tmp/currentspamlist.txt holds each transaction that we have. What I would like to do is to also capture weather or not the email was a spam. I was thinking that I could make a second call to spamc with the -c command and capture the STOUT but that would mean processing each message twice? Is there a simple why to do what I am looking for? I tried putting the -c into the script and I ended up getting a few emails containing the results. I think its because it's piping the x/x code to STDOUT so sendmail is sending that instead. #!/bin/sh /usr/bin/spamc | /usr/sbin/sendmail -i $@ retval=$? echo `date` $@ $retval /tmp/currentspamlist.txt retval=0 exit $retval Gary Smith +wzf+,o0j[yy) !j^*.[+ ,.);j^m!,)'$!lgrinjYhr'whbrDjf,{ZIXX*Z,jX(~zwilqzlX))jf,{Z
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
I can see how using image references could be problematic... just because an image is referenced, it doesn't mean the spammer controls it. Personally, for my home grown additions to the evil list, I've been adding only the domains or IPs that the spammer wants me to click on... but even this can lead to FPs if you're not careful. For example, I get a few Stock Pick spams that reference legitimate quote sites... they don't necessarily want you to respond directly to them, they just want you to buy their stock. --jenni On Thu, 4 Dec 2003, Damian Gerow wrote: Thus spake Chris Santerre ([EMAIL PROTECTED]) [04/12/03 16:48]: That is the problem we are now facing. Would a spammer need high volume web access? My corpa says yes. I obviously can't tag this now. I removed the first 2, but I have left bfast.com and xmr3.com in for now. I may remove tomorrow. I need to think about some things tonight. I'm thinking these will go in a comment out rule. Mabye a rule 999 that is scored .01 so people can see it had one of these and report it to the host? Yes, a spammer would need high availability. But so does Microsoft, Apple, CBC (Canadian Broadcasting Corporation), etc. Again, just because an image is hosted by Akamai doesn't even mean that Akamai is aware of this -- it just means that someone who may or may not be paying Akamia either found an image hosted by them, or put an image up, and is referencing it in their spam. It's akin to someone sending spam using your address in the From: field -- I'm not going to blacklist you because you were Joe-Jobbed, nor should I be blacklisting a company because their webiste was Joe Jobbed. I man the abuse desk here, and at least once a week, I get a spam complaint, due to a spamvertised website. Looking over the spam shows, usually, about a hundred or so websites included, that have nothing to do with each other -- they look like they were included to confuse places like SpamCop, or any domain whitelisting that may be done. When I actually start updating this with new domains, strict testing is going to be done. I'm not liking these hosts playing both sides of the field. It's tough, but your decision is simple: Zero False Positives means that these sites can't be listed. I'm not affiliated with Akamai, but I do work with them (we have a three-host rack here as well). I've seen them give me my Windows Updates when Microsoft was crawling, I've seen them mitigate DoS attacks, and I can get my Apple trailers a heck of a lot faster... ;) Trust me, Akamai is a Good Thing(tm). - Damian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] failed lock file?
Hey all, One of the mailgate boxes fell offline for about 8 hours, and when it came back up, /var/log/mail has a lot of entries like the stuff below: spamd[9185]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W] lock failed: File exists_ - Last output repeated 2 times - spamd[9141]: [clean message (-4.7/5.0) for filter] 1000 in 299.7 seconds, 3867 bytes._ spamd[9149]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W] lock failed: File exists_ spamd[9143]: [clean message (-4.8/5.0) for filter] 1000 in 282.5 seconds, 3302 bytes._ spamd[9157]: [clean message (-4.8/5.0) for filter] 1000 in 251.4 seconds, 5808 bytes._ spamd[9185]: [clean message (-113.2/5.0) for filter] 1000 in 172.9 seconds, 5330 bytes._ spamd[9184]: [clean message (-109.9/5.0) for filter] 1000 in 174.7 seconds, 2122 bytes._ spamd[9186]: [clean message (-113.2/5.0) for filter] 1000 in 174.5 seconds, 5246 bytes._ spamd[9149]: [clean message (-109.8/5.0) for filter] 1000 in 275.2 seconds, 4859 bytes._ I know it's kind of slow - Athlon XP 1600, 256mb DDR RAM, 4gb IDE disk - but I'm concerned about the lock failed: File exists_ errors. WHat do they mean? Thanks! :) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: Simplifying BigEvilList rules
On Thu, 04 Dec 2003 11:43:30 -0800, Greg Webster [EMAIL PROTECTED] writes: Seems like it would be much better to simplify and shorten these rules with better regexp. Samples: rawbody BigEvilList_22 /\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i describe BigEvilList_22 Generated BigEvilList_22 If the rules look like this (abc|aef|agh), then you should get greater performance factoring the 'a' out of the expression. a(bc|ef|gh) Because this means it can bail out fast if the string doesn't start with an $a$. There might be an optimization in the re engine to autodetect this, but doing it manually won't hurt. Also doing additional factoring may be a win: hotbox|hoturls|hotgyrls|hotlemons|hotstocks|honestmerchangs|happymerchants -- h(ot(box|urls|gyrls|lemons|stocks)|onestemerchangs|appymerchants) Factor out the h so that it can do a prefix-reject quickly, and then factor out the 'ot' so that it won't check 'hox' against 'hotbox' .. 'hotstocks'. Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] bigevil.cf + rsync?
Hi, Any chance we can get rsync access to bigevil.cf so we can autoupdate whenever you change your rules? -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: failed lock file?
[EMAIL PROTECTED] wrote: Hey all, One of the mailgate boxes fell offline for about 8 hours, and when it came back up, /var/log/mail has a lot of entries like the stuff below: Stray lock files from crashing, probably due to low memory - guessing from what others have reported: http://lists.roaringpenguin.com/pipermail/mimedefang/2003-October/017593.html Bryan spamd[9185]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W] lock failed: File exists_ - Last output repeated 2 times - spamd[9141]: [clean message (-4.7/5.0) for filter] 1000 in 299.7 seconds, 3867 bytes._ spamd[9149]: [Cannot open bayes databases /var/spool/spamassassin/bayes_* R/W] lock failed: File exists_ spamd[9143]: [clean message (-4.8/5.0) for filter] 1000 in 282.5 seconds, 3302 bytes._ spamd[9157]: [clean message (-4.8/5.0) for filter] 1000 in 251.4 seconds, 5808 bytes._ spamd[9185]: [clean message (-113.2/5.0) for filter] 1000 in 172.9 seconds, 5330 bytes._ spamd[9184]: [clean message (-109.9/5.0) for filter] 1000 in 174.7 seconds, 2122 bytes._ spamd[9186]: [clean message (-113.2/5.0) for filter] 1000 in 174.5 seconds, 5246 bytes._ spamd[9149]: [clean message (-109.8/5.0) for filter] 1000 in 275.2 seconds, 4859 bytes._ I know it's kind of slow - Athlon XP 1600, 256mb DDR RAM, 4gb IDE disk - but I'm concerned about the "lock failed: File exists_ " errors. WHat do they mean? Thanks! :) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click -- Nothing in the world has more potential for beauty than woman. Nothing has more potential to destroy it, than the world. - (Anonymous) http://www.wecs.com/content.htm This signature file is generated by Pick-a-Tag ! Written by Jeroen van Vaarsel http://www.google.com/search?hl=enie=ISO-8859-1amp;q=pick-a-tag
[SAtalk] Re: Simplifying BigEvilList rules
Excellent. I am in agreement. I've sent a raw list of all the urls in the rules to Chris Santerre wish a promise that one I find some time I'll write up some perl code to clean up and form rules out of them. Anyone have any resources-optimization documentation for regexp in Perl? Greg On Thu, 2003-12-04 at 16:11, Scott A Crosby wrote: On Thu, 04 Dec 2003 11:43:30 -0800, Greg Webster [EMAIL PROTECTED] writes: Seems like it would be much better to simplify and shorten these rules with better regexp. Samples: rawbody BigEvilList_22 /\b(?:agnitum\.com|ahamembership\.com|aicpa-eca\.org|aic pa\.org|aih01\.com|ai\.hitbox\.com|AIRMARCH\.COM|AIRSHADE\.COM|ajc\.com|akss\.or g|albuminfo\.org|alertquotes\.com|alfy\.com)\b/i describe BigEvilList_22 Generated BigEvilList_22 If the rules look like this (abc|aef|agh), then you should get greater performance factoring the 'a' out of the expression. a(bc|ef|gh) Because this means it can bail out fast if the string doesn't start with an $a$. There might be an optimization in the re engine to autodetect this, but doing it manually won't hurt. Also doing additional factoring may be a win: hotbox|hoturls|hotgyrls|hotlemons|hotstocks|honestmerchangs|happymerchants -- h(ot(box|urls|gyrls|lemons|stocks)|onestemerchangs|appymerchants) Factor out the h so that it can do a prefix-reject quickly, and then factor out the 'ot' so that it won't check 'hox' against 'hotbox' .. 'hotstocks'. Scott -- Greg Webster - [EMAIL PROTECTED] In-Touch Software Corporation Ph: (604)278-0515 - Fax: (604)608-3112 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: Simplifying BigEvilList rules
On Thu, 04 Dec 2003 16:21:14 -0800, Greg Webster [EMAIL PROTECTED] writes: Excellent. I am in agreement. I've sent a raw list of all the urls in the rules to Chris Santerre wish a promise that one I find some time I'll write up some perl code to clean up and form rules out of them. Anyone have any resources-optimization documentation for regexp in Perl? Regexps are the wrong hammer. The correct thing to use is Aho-Corasick. It can match an arbitrary number of strings during a single linear pass over the input. Generally, perl behaves the best when it has a fixed prefix that it knows must occur in the strings. IE: h(foo|bar) is always better than hfoo|hbar because the re engine can see if the h matches and reject immediately if it doesn't. This is perhaps the most important optimization because it can avoid the regexp engine entirely for most offsets. Thus this factoring should *always* be done. Also in a disjunction (foo|bar|baz|bang), it must check each case individually --- all 4, But in foo|b(ar|az|ang) it only checks 4 cases if the input starts with a 'b', and two for any other letter. There are random small second-order effects of having the extra disjunction nesting. This is because perl won't use the optimized strcmp() loop and must reenter the regexp engine. It may be that this only pays off if there are, say, $N$ or more rules with a common prefix. Experimentation to determine the right threshold for $N$ would be needed. I guess somewhere between 5 and 50. Scott --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] Re: BIG HUGE EVIL RULE NEWS!!!!
Just to be different, I use joe -- an editor that uses the WordStar keys. My fingers were trained on WordStar in non-document mode long ago. We reach, brother. I use Jed in WordStar mode. I was imprinted on the WordStar command set with Semware's Qedit and later The Semware Editor (TSE). I could see myself paying a ridiculous amount of money for a Linux version. Chris --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] bigevil.cf + rsync?
I'm actually a windows guy who has been converting to linux for some time so my scripting is rusty and primitive (cause that's what I know) but it works. This came from my /etc/cron.hourly/bigevil.sh file. #!/bin/sh # This file updates the big evil policy file for spam assassin DATE=`date +%Y%m%d-%H%M` if [ -f bigevil.cf ] then rm -f bigevil.cf fi if [ -f /tmp/bigevil.cf ] then rm -f bigevil.cf fi wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf \ -O /tmp/bigevil.cf \ 21 | grep -q 'saved' if [ $? = 0 ] ; then cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21 if [ $? -ne 0 ] then mv /etc/mail/spamassassin/bigevil.cf /etc/mail/spamassassin/bigevil.cf.$DATE mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf echo BIG EVIL has changed on `hostname`. The new evil is `head -n 1 /etc/mail/spamassassin/bigevil.cf` \ | mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] \ -s The big evil policy has been updated -a /etc/mail/spamassassin/bigevil.cf /etc/init.d/spamd restart /dev/null 21 /dev/null #else #files are the same fi fi I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I needed to roll back or something. -Original Message- From: [EMAIL PROTECTED] on behalf of Peter Kiem Sent: Thu 12/4/2003 4:14 PM To: [EMAIL PROTECTED] Cc: Subject: [SAtalk] bigevil.cf + rsync? Hi, Any chance we can get rsync access to bigevil.cf so we can autoupdate whenever you change your rules? -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk NHYX'uS+l({^,T^lz|$YlJ('LZxj[yzbkay^[h+vh Xz0ibw]e~%)jYj)b bjf,{ZIb,y+m+-.+-b~)jY
RE: [SAtalk] bigevil.cf + rsync?
Hi Gary, I'm actually a windows guy who has been converting to linux for some time so my scripting is rusty and primitive (cause that's what I know) but it works. I have similar scripts but with rsync. Forgot all about wget :) D'oh! Hope you don't mind some scripting tips? if [ -f bigevil.cf ] then rm -f bigevil.cf fi Can be shortened to [ -f bigevil.cf ] rm -f bigevil.cf if [ -f /tmp/bigevil.cf ] then rm -f bigevil.cf fi Same. [ -f /tmp/bigevil.cf ] rm -f bigevil.cf cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21 cmp -s will not produce any output so you don't need the /dev/null redirect if fact you can do cmp -s /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf || { # do the mv's and emails here } -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] bigevil.cf + rsync?
Thanks, I learn something new every day. Gary -Original Message- From: Peter Kiem [mailto:[EMAIL PROTECTED] Sent: Thu 12/4/2003 5:02 PM To: Gary Smith Cc: [EMAIL PROTECTED] Subject: RE: [SAtalk] bigevil.cf + rsync? Hi Gary, I'm actually a windows guy who has been converting to linux for some time so my scripting is rusty and primitive (cause that's what I know) but it works. I have similar scripts but with rsync. Forgot all about wget :) D'oh! Hope you don't mind some scripting tips? if [ -f bigevil.cf ] then rm -f bigevil.cf fi Can be shortened to [ -f bigevil.cf ] rm -f bigevil.cf if [ -f /tmp/bigevil.cf ] then rm -f bigevil.cf fi Same. [ -f /tmp/bigevil.cf ] rm -f bigevil.cf cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21 cmp -s will not produce any output so you don't need the /dev/null redirect if fact you can do cmp -s /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf || { # do the mv's and emails here } -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] ^){([L.);^rjwr5E;ZH{~{Nhwz)~jle2fp'mi(ov'uZZ)rX*Z,jf)+-Jjd+-.alb,y+b?+-wZ,j
RE: [SAtalk] bigevil.cf + rsync?
Thanks, I learn something new every day. That's what mailing lists are about. And thank you for your script. Very helpful :) -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
RE: [SAtalk] bigevil.cf + rsync?
So how are you getting this cf to be included with local.cf without combining? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Smith Sent: Thursday, December 04, 2003 7:50 PM To: Peter Kiem; [EMAIL PROTECTED] Subject: RE: [SAtalk] bigevil.cf + rsync? I'm actually a windows guy who has been converting to linux for some time so my scripting is rusty and primitive (cause that's what I know) but it works. This came from my /etc/cron.hourly/bigevil.sh file. #!/bin/sh # This file updates the big evil policy file for spam assassin DATE=`date +%Y%m%d-%H%M` if [ -f bigevil.cf ] then rm -f bigevil.cf fi if [ -f /tmp/bigevil.cf ] then rm -f bigevil.cf fi wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf \ -O /tmp/bigevil.cf \ 21 | grep -q 'saved' if [ $? = 0 ] ; then cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21 if [ $? -ne 0 ] then mv /etc/mail/spamassassin/bigevil.cf /etc/mail/spamassassin/bigevil.cf.$DATE mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf echo BIG EVIL has changed on `hostname`. The new evil is `head -n 1 /etc/mail/spamassassin/bigevil.cf` \ | mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] \ -s The big evil policy has been updated -a /etc/mail/spamassassin/bigevil.cf /etc/init.d/spamd restart /dev/null 21 /dev/null #else #files are the same fi fi I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I needed to roll back or something. -Original Message- From: [EMAIL PROTECTED] on behalf of Peter Kiem Sent: Thu 12/4/2003 4:14 PM To: [EMAIL PROTECTED] Cc: Subject: [SAtalk] bigevil.cf + rsync? Hi, Any chance we can get rsync access to bigevil.cf so we can autoupdate whenever you change your rules? -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk NHYX'uS+l({^,T^lz|$YlJ('LZxj[ yzb kay^[h+vh Xz0ibt trjj~zqzj NHYX'uS+l({^,T^lz|$YlJ('LZxj[yzbkay^[h+vh Xz0ibw]e~%)jYj)b bjf,{ZIb,y+m+-.+-b~)jY
RE: [SAtalk] bigevil.cf + rsync?
You don't need to. Spamassassin reads all files in the /etc/mail/spamassassin directory ending with .cf. So when you restart the daemon it reads the newly added or changed file. That seems to be the beauty of it. Be warned though the last file in the directory will overwrite any existing rules that other files may have loaded. So, as someone else mentioned to me, you need your most critical rules to be in zzz.cf (or something like that). Gary -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rose, Bobby Sent: Thursday, December 04, 2003 5:35 PM To: [EMAIL PROTECTED] Subject: RE: [SAtalk] bigevil.cf + rsync? So how are you getting this cf to be included with local.cf without combining? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Smith Sent: Thursday, December 04, 2003 7:50 PM To: Peter Kiem; [EMAIL PROTECTED] Subject: RE: [SAtalk] bigevil.cf + rsync? I'm actually a windows guy who has been converting to linux for some time so my scripting is rusty and primitive (cause that's what I know) but it works. This came from my /etc/cron.hourly/bigevil.sh file. #!/bin/sh # This file updates the big evil policy file for spam assassin DATE=`date +%Y%m%d-%H%M` if [ -f bigevil.cf ] then rm -f bigevil.cf fi if [ -f /tmp/bigevil.cf ] then rm -f bigevil.cf fi wget -N http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf http://www.merchantsoverseas.com/wwwroot/gorilla/bigevil.cf \ -O /tmp/bigevil.cf \ 21 | grep -q 'saved' if [ $? = 0 ] ; then cmp /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf /dev/null 21 if [ $? -ne 0 ] then mv /etc/mail/spamassassin/bigevil.cf /etc/mail/spamassassin/bigevil.cf.$DATE mv /tmp/bigevil.cf /etc/mail/spamassassin/bigevil.cf echo BIG EVIL has changed on `hostname`. The new evil is `head -n 1 /etc/mail/spamassassin/bigevil.cf` \ | mutt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] \ -s The big evil policy has been updated -a /etc/mail/spamassassin/bigevil.cf /etc/init.d/spamd restart /dev/null 21 /dev/null #else #files are the same fi fi I added some logic so I could keep a copy of the origial bigevil.cf scipt in case I needed to roll back or something. -Original Message- From: [EMAIL PROTECTED] on behalf of Peter Kiem Sent: Thu 12/4/2003 4:14 PM To: [EMAIL PROTECTED] Cc: Subject: [SAtalk] bigevil.cf + rsync? Hi, Any chance we can get rsync access to bigevil.cf so we can autoupdate whenever you change your rules? -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk NHYX'uS+l({^,T^lz|$YlJ('LZxj[ yzb kay^[h+vh Xz0ibt trjj~zqzj NHYX'uS+l({^,T^lz|$YlJ('LZxj[ yzb kay^[h+vh Xz0ibt trjj~zqzj ^){([L.);^rjwr5E;ZH{~{Nhwz)~jle2fp'mi(ov'uZZ)rX*Z,jf)+-Jjd+-.alb,y+b?+-wZ,j
[SAtalk] Re: Simple SA-Learn question
Tobin wrote: I have my bayes built and running. I have 100 new spams to add to it. Can I just SA-Learn JUST those 100 and it will add to the tokens? Do I Yes. need to have a equal amount of ham to feed in this next 100 spam? No. Though equal amounts spam, ham are recommended for best results. I just dont want to ruin all the work I have spent setting this up. Thanks! You should be able to add whatever you like, in whatever order you like: sa-learn --spam -D --mbox spam-mail-file sa-learn --ham -D --mbox ham-mail-file Bryan Josh [EMAIL PROTECTED] 12/04/03 11:22AM Send Spamassassin-talk mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/spamassassin-talk or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Spamassassin-talk digest... --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click -- Nothing in the world has more potential for beauty than woman. Nothing has more potential to destroy it, than the world. - (Anonymous) http://www.wecs.com/content.htm This signature file is generated by Pick-a-Tag ! Written by Jeroen van Vaarsel http://www.google.com/search?hl=enie=ISO-8859-1q=pick-a-tag --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] BIG HUGE EVIL RULE NEWS!!!!
On Thu, 4 Dec 2003, jenni baier wrote: For example, I get a few Stock Pick spams that reference legitimate quote sites... they don't necessarily want you to respond directly to them, they just want you to buy their stock. The answer, in this case, is to isolate the portion of the URI that denotes the ticker-symbol that the spammer is trying to pump-and-dump. That said, the actual lifespan of that particular entity, in these cases, may only measure in weeks, so there're little point in commiting it to a long-term repository (I think). ++-+ | Carl Richard Friend (UNIX Sysadmin)| West Boylston | | Minicomputer Collector / Enthusiast| Massachusetts, USA | | mailto:[EMAIL PROTECTED]+-+ | http://users.rcn.com/crfriend/museum | ICBM: 42:22N 71:47W | ++-+ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Disable a User who does not want SA
--On Monday, December 01, 2003 3:55 PM -0600 Rich Puhek [EMAIL PROTECTED] wrote: Here's the nospam.pl script: Why not use grep? * ! ? /usr/local/bin/nospam.pl $LOGNAME (Untested code) * ! ? grep -q ^$LOGNAME$ /etc/spamassassin/exempt Or you could use the magic file approach: test -f /home/$LOGNAME/.nospamassassin --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] spamds that don't finish
Hi, Yes, we use bayes on our single processor Sun Ultra 5 workstation. Cheryl On Thu, Dec 04, 2003 at 07:28:10PM -, Pete Henshall wrote: Cheryl, Dan and rest of list. So there are a few of us that have spamd's sitting there after spamc has timeout on something nasty, taking up loads of processing power Not just me which makes me feel a bit better. Do you two use bayes and do you have single processor or SMP systems? I have upgraded all the perl modules and it has still done it - this is my local.cf file rewrite_subject 1 spam_level_stars1 subject_tag *POSSIBLE_SPAM* use_terse_report1 skip_rbl_checks 1 ok_locales en ja ko th zh dcc_add_header 0 required_hits 5.5 use_bayes 1 #use_bayes 0 auto_learn 0 bayes_auto_learn0 #auto_learn 1 #bayes_auto_learn 1 #bayes_auto_learn_threshold_spam9 #bayes_auto_learn_threshold_ham 0.3 whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] whitelist_from [EMAIL PROTECTED] and about 50 more like this. a bit of a mish mash of stuff since 2.4 i guess but all works if I set bayes 0 :\ Dan, maybe it is looking in that dir cause the mta user has a home dir set to /Users/admin/ - my system side stuff is kept in /home/qscand/.spamassassin/ fwiw. Pete -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Tappin Sent: 04 December 2003 16:22 To: [EMAIL PROTECTED] Subject: RE: [SAtalk] spamds that don't finish I am running SA on OS X 10.2.8 and I have the same issue. I get the same one or two spamd processing just sitting there. I also eventually need to go in an manually kill these processes. I am currently running SA as my mta user. If I lint my config files I get the following: [firewall:~] admin% sudo -u mta spamassassin --lint -D debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin debug: ignore: using a test message to lint rules debug: using /usr/local/share/spamassassin for default rules dir debug: using /etc/mail/spamassassin for site rules dir debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 Cannot write to /Users/admin/.spamassassin/user_prefs: No such file or directory Failed to create default user preference file /Users/admin/.spamassassin/user_prefs debug: using /Users/admin/.spamassassin/user_prefs for user prefs file debug: using /Users/admin/.spamassassin for user state dir debug: mkdir /Users/admin/.spamassassin failed: mkdir /Users/admin/.spamassassin: Permission denied at /Library/Perl/Mail/SpamAssassin.pm line 1272 No such file or directory debug: bayes: no dbs present, cannot scan: /Users/admin/.spamassassin/bayes_toks debug: Score set 1 chosen. debug: Initialising learner debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB 200 debug: bayes: 12764 untie-ing debug: bayes: 12764 untie-ing db_toks Now I do not understand why SA is looking in /Users/admin for the user state directory? Can I tell SA to not use the user state dir?? Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Cheryl L. Southard Sent: Thursday, December 04, 2003 8:22 AM To: [EMAIL PROTECTED] Subject: [SAtalk] spamds that don't finish Hi All, I've got two spamd processes that just wont go away. They've been running for well over 11 hours and are taking up 100% of my cpu. I've run truss spamd-pid but it doesn't report anything. The same user, coincidentally, is the recipient of both e-mails, but this user doesn't have any special rules in his user_prefs file. This user's home directory and mail file seem accessable and there don't seem to be any weird messages in the spamd log file I am running spamassassin 2.60 on a Solaris 9 computer with procmail. ps -ef | grep spamd cc 27379 2447 48 20:36:36 ? 277:37 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 cc 19967 2447 48 13:14:29 ? 603:31 /usr/local/bin/perl -T /usr/local/bin/spamd -d -a -c -m 5 root 2447 1 0 Oct 27 ? 30:17 /usr/local/bin/perl -T /usr/local/bin/spamd -d
[SAtalk] What is this? Bayes poison?
I'm getting a bunch of these. Are these just intended to poison Bayes DB's? What's the sender's objective? Forwarded Message Return-Path: [EMAIL PROTECTED] Received: from 212.199.108.10.forward.012.net.il (212.199.108.10.forward.012.net.il [212.199.108.10]) by smtp.kensingtonlabs.com (8.12.8/8.12.8) with SMTP id hB52hnEE032538 for [EMAIL PROTECTED]; Thu, 4 Dec 2003 18:43:54 -0800 Date: Tue, 18 Jun 2002 07:44:03 -0500 From: Betty Tumlinson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get a better homeloan Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 X-Accept-Language: en-us, en X-Security: MIME headers sanitized on uugw.kensingtonlabs.com See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.139 $Date: 2003-09-07 10:14:23-07 Content-Type: multipart/alternative; boundary=224_21A3C8F2.FD632120 X-Scanned-By: MIMEDefang 2.37 X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on uugw.kensingtonlabs.com X-Spam-Status: No, hits=1.5 required=5.0 tests=BAYES_50,DATE_IN_PAST_96_XX autolearn=no version=2.60 X-Spam-Level: * Doubt is the key to knowledge. Liars need good memories. Keep your nose to the grindstone. Thanks cost nothing. Doubt is a pain too lonely to know that faith is his brother. Know which side your bread is buttered on. The wise do as much as they should, not as much as they can. A mans house is his castle. Sometimes, less is more. Keep your nose to the grindstone. Betty Tumlinson -- End Forwarded Message -- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: More .procmailrc
On Tue, 2 Dec 2003 04:18:38 -0500, Rich H. [EMAIL PROTECTED] posted to spamassassin-talk: :0: * ^Subject: *SPAM* Spamfolder Apart from the line termination issue which several people already explained, this will never match anything. You need to protect the asterisks because they have a special meaning in regular expressions. Adding insult to injury, Procmail won't cope if the first character of a regular expression is a backslash, so we have to add a set of parens to protect +that+ as well. :0: * ^Subject: (\*\*\*\*\*SPAM\*\*\*\*\*) Spamfolder Hope this helps, /* era */ -- The email address era the contact information Just for kicks, imagine at iki dot fi is heavily link on my home page at what it's like to get spam filtered. If youhttp://www.iki.fi/era/ 500 pieces of spam for want to reach me, see instead. each wanted message. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: paris hilton
On Mon, 24 Nov 2003 22:23:11 -0600 (CST), Chris Thielen [EMAIL PROTECTED] posted to spamassassin-talk: ian douglas said: Anyone have any good obfuscation rules for p4r1s h1|+0n spam? I'm getting a ton of these every day... http://sandgnat.com/cmos/cmos.jsp gave me a good result, but will not match a plus sign to substitue for a 't' character. Good suggestion, Ian. That replacement will be in the next version of the script. It is also added as a replacement character in the paris_hilton.cf that I generated for you (see previous post). If I enter a single-character string in the easy mode text box, the rules will somehow manage to drop the character from the obfuscated rules. I.e. for the input d I get the regex /(?!\bd\b)\b/i (and not the nonsensical /(?!\bd\b)\bd\b/i or an error message in the case when the default obfu only option is selected). Why are character classes not used consistently? For the input lad and with -g but no -o it gives me the regex /(?:\b[l1I]|[\|\xA3]|(?:\xC5[\x80-\x82]|\xC4[\xB9-\xBF])) (?:[a4]|[EMAIL PROTECTED]|\/\\| \xC4[\x80-\x85]|\xC7[\x8D-\x8E]|\xC7[\xBA-\xBB]| \xCE\x86|\xCE\x91|\xCE\x94|\xCE\x9B|\xCE\xAC|\xCE\xB1| \xD0\x90|\xD0\xB0) (?:d\b|[\xD0]|\xC4[\x8E-\x91])/i (obviously as a single long string) rather than the more idiomatic /(?:\b[l1I|\xA3]|(?:\xC5[\x80-\x82]|\xC4[\xB9-\xBF])) (?:[EMAIL PROTECTED]|\/\\| \xC4[\x80-\x85]|\xC7[\x8D-\x8E\xBA-\xBB]| \xCE[\x86\x91\x94\x9B\xAC\xB1]| \xD0[\x90\xB0]) (?:d\b|[\xD0]|\xC4[\x8E-\x91])/i or actually even with the last line being (?:[d\xD0]|\xC4[\x8E-\x91])\b/i instead. I don't have any timings to back it up, but probably it will be slightly faster as well as more human-readable if you normalize the expressions to use classes wherever you can. Thanks for a useful tool, BTW! I wish I had thought of setting that up. /* era */ -- The email address era the contact information Just for kicks, imagine at iki dot fi is heavily link on my home page at what it's like to get spam filtered. If youhttp://www.iki.fi/era/ 500 pieces of spam for want to reach me, see instead. each wanted message. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk