Re: SURBL problems

[Jeff Chan]

On Monday, September 6, 2004, 4:37:35 PM, Jeff Chan wrote:
> If you do:

>   dig test.surbl.org.multi.surbl.org a

> many times, do you get any delays?

Hang on, that's not a meaningful test since it would be in your
local resolver cache.

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: [SURBL-Discuss] Re: SURBL problems

[Jeff Chan]

On Monday, September 6, 2004, 4:41:51 PM, David Coulson wrote:
> Jeff Chan wrote:
>> What you describe sounds perhaps like a DNS timeout (which
>> SA3 may support through your operating system's resolver).
>> There are currently three SURBL nameservers with problems,
>> but they're all commented out of the authority for the
>> subdomains, so they should not be a problem.

> My name server that was dead is now functional again.

> David

Yep we had it delegated again for a while now.  :-)

A SURBL name server status page page is at:

  http://www.surbl.org/nameservers-output.html

The ones with red (d1, i2, k1) are already commented out of
authority.  The names were obfuscated by request  :-)
but can easily be resolved manually.

Jeff C.

Alain GUITTOT/France/Equant

[alain . guittot]

I will be out of the office starting  06/09/2004 and will not return until
10/09/2004.

I will be back to my office on September the 13th.
For any question regarding the antispam service pls contact
[EMAIL PROTECTED]

Re: SURBL problems

[Jeff Chan]

On Monday, September 6, 2004, 4:20:56 PM, Kai Schaetzl wrote:
> I haven't debugged this yet any further since I'm on the brink to leaving 
> for a vacation. Is it possible that one or more of the SURBL RBLs habe 
> problems today? I was getting a lot of SA time-outs today and the first 
> reason which comes to my mind is SURBL lookups. It's the only RBL lookup 
> we use in SA which is run via MailScanner. If SA times out it gives it a 
> score of 0.00, tells me the reason (SA timeout) and handles the spam as 
> clean. For the last hours this happened with about every second incoming 
> mail (spam and ham likewise, so it's unlikely to be some sort of "bad" 
> spam). This setup has been running for some weeks now, MailScanner 4.32.x 
> plus SA3-RC2, without any problems. SA timeout for MailScanner is set to 
> 120 seconds. There doesn't seem to be a timeout value for SURBL checks - 
> is this possible? No changes to setup or software during the last days, 
> machine has low load.

What you describe sounds perhaps like a DNS timeout (which
SA3 may support through your operating system's resolver).
There are currently three SURBL nameservers with problems,
but they're all commented out of the authority for the
subdomains, so they should not be a problem.

If you do:

  dig test.surbl.org.multi.surbl.org a

many times, do you get any delays?

Is anyone else seeing problems?

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: SURBL problems

[Kai Schaetzl]

Kai Schaetzl wrote on Tue, 07 Sep 2004 01:20:56 +0200:

> Subject: SURBL problems
>

This is missing a question mark, of course.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!

[Kai Schaetzl]

sorry, missed to comment on this release earlier. Installed over RC2 on 
one of our backup mail servers. No problems, just works (together with 
MailScanner). Great :-)


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

SURBL problems

[Kai Schaetzl]

I haven't debugged this yet any further since I'm on the brink to leaving 
for a vacation. Is it possible that one or more of the SURBL RBLs habe 
problems today? I was getting a lot of SA time-outs today and the first 
reason which comes to my mind is SURBL lookups. It's the only RBL lookup 
we use in SA which is run via MailScanner. If SA times out it gives it a 
score of 0.00, tells me the reason (SA timeout) and handles the spam as 
clean. For the last hours this happened with about every second incoming 
mail (spam and ham likewise, so it's unlikely to be some sort of "bad" 
spam). This setup has been running for some weeks now, MailScanner 4.32.x 
plus SA3-RC2, without any problems. SA timeout for MailScanner is set to 
120 seconds. There doesn't seem to be a timeout value for SURBL checks - 
is this possible? No changes to setup or software during the last days, 
machine has low load.


Kai

-- 

Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

Re: Bayes Perms

[Ulysses Cruz]

On Mon, Sep 06, 2004 at 12:24:28AM -0400, JP whispered:
> /etc/mail/spamassassin> ls -l
> total 1252
> -rw---1 vscanvscan   27827 2004-09-06 00:11 bayes_journal
> -rw-rw-r--1 vscanusers   86016 2004-09-06 00:10 bayes_seen
> -rw-rw-r--1 vscanusers 1314816 2004-09-06 00:10 bayes_toks
> -rw-rw-r--1 vscanusers 383 2004-09-05 00:03 local.cf

Did you make sure that all your users have write permissions on the directory
itself? Also it doesn't look like the 777 permissions were actually set on your
bayes files.

Ulysses
-- 
Ulysses S. Cruz [EMAIL PROTECTED]
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I

Re: using a global bayesian database?

[Ulysses Cruz]

On Mon, Sep 06, 2004 at 09:54:43AM -0600, Lucas Albers whispered:
> This depends on how SA is integrated with your mail server.
> if all incoming mail is run under the same account, then you have a a
> global database, if it runs under each user, with procmail for example
> then you do not.

Actually, it it entirely possible to use a global bayes database if you use
procmail. Just add these lines to your /etc/mail/spamassassin/local.cf file:

use_bayes   1
bayes_path  /etc/mail/spamassassin/bayes
bayes_file_mode 777

Also make sure that everyone uses the '-C /etc/mail/spamassassin' option on
sa-learn, so that they update the correct database.

One big advantage of this configuration is that while the common database is
the default option for all users, any user can override this and use their own
private database if they want.

Ulysses
-- 
Ulysses S. Cruz [EMAIL PROTECTED]
"If it wasn't for the voices in my head, I'd go insane from loneliness"
-Me, Myself and I

Re: 1-Megabyte Spam

[Loren Wilton]

> > If you -know- that the non-binary part is small/moderate, throw it at
> > SA anyway. SA is programmed to skip over binary parts and not even try
to
> > scan their contents, so no loss of speed.
>
> Rawbody rules still apply to them, don't they? That was my point.

No, I don't believe so.  At least in 2.63 the binary parts, including their
mime headers, get removed from both 'full' and 'rawbody'.

Loren

Re: 1-Megabyte Spam

[Nix]

On Fri, 3 Sep 2004, David B. Funk stated:
> If you -know- that the non-binary part is small/moderate, throw it at
> SA anyway. SA is programmed to skip over binary parts and not even try to
> scan their contents, so no loss of speed.

Rawbody rules still apply to them, don't they? That was my point.

-- 
`The copyright file is for everyone.  That we make it available in
 plain-text, uncompressed form rather than in spinning, throbbing
 OpenGL-rendered 3D text over a thumping dance music soundtrack is a
 feature, not a bug.' --- Branden Robinson

Re: Ping for primary MX

[Daniel Quinlan]

>> Perhaps something like:
>>
>>  - a higher priority MX is up
>>  - the mail was delivered from a secondary MX with little or no delay

Kenneth Porter <[EMAIL PROTECTED]> writes:

> My concern was primarily for the secondary, where you don't know the delay 
> until you forward. Are you saying that the first rule runs on the 
> secondaries, and the second rule runs on all but the lowest-priorty MX?

No, it's a logical "and" rule.  Both need to match for it to be
spamsign.  If the filter is actually run *on* the secondary, it still
works since the delay will be just about zero.  However, a lot of places
just run the spam filter on the primary and have secondaries forward it
to, or on an internal host to which all MXes deliver their mail.  You
can't assume every MX is running SpamAssassin independently.
 
> I've got a secondary which receives very little traffic for itself, and 
> virtually all of the remaining traffic is spam destined for a primary 
> elsewhere. It's running SA from MIMEDefang, configured to reject anything 
> scoring 10 or more. Giving it a rule like the one proposed here would allow 
> it to reject more instead of queuing it to the primary.

The rule should work regardless of where it's run.  It also should
ideally work for forwarded email (assuming trusted_networks is set up, I
don't expect it to check every relay hop, just the untrusted->trusted
one.

Daniel

-- 
Daniel Quinlan
http://www.pathname.com/~quinlan/

Re: using a global bayesian database?

[Lucas Albers]

Roy Sigurd Karlsbakk said:
> Can I have spamassassin update a common database for all users on the
> whole system somehow?

This depends on how SA is integrated with your mail server.
if all incoming mail is run under the same account, then you have a a
global database, if it runs under each user, with procmail for example
then you do not.
their are many sa+mta solutions that allow this, I for example use
SA+mimedefang, which allows a global database.
Just check look up the different integration methods for SA that work with
your existing mail server.


-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana

Re: Using the -l (log) option

[Bob McClure Jr]

On Sun, Sep 05, 2004 at 09:00:58PM -0500, Chris wrote:
> I'm sure this question will have an easy answer, but after reading man 
> spamassassin, the conf man, spamd man, I can't find the answer.  I'm 
> calling spamassassin with spamd,

Umm, you mean calling spamd with spamc.  spamassassin is the
run-once-per-email foreground application.  spamd is the daemon
version which is called by spamc once for each email for the same
effect but faster performance.

> I'm curious as to what would be written to 
> a log file using the -l option in spamassassin, however, I haven't the 
> faintest idea where to place this.  I thought putting it in my 
> /etc/rc.d/init.d/spamassassin script file would do it, but no, that just 
> gave me an error when I went to restart spamassassin.  Any hints would be 
> much appreciated.
> 
> Thanks
> Chris

You don't mention SA version or what platform, but on Red Hat/Fedora
Core Linux with SA v2.6x, the stock /etc/rc.d/init.d/spam* has

  SPAMDOPTIONS="-d -c -a -m5 -H"

In my installations, spamc is called from each user's ~/.procmailrc.
spamd normally logs to /var/log/maillog the user, score, and whether
it was judged spam or ham.

Cheers,
-- 
Bob McClure, Jr. Bobcat Open Systems, Inc.
[EMAIL PROTECTED]  http://www.bobcatos.com
Grace happens.

using a global bayesian database?

[Roy Sigurd Karlsbakk]

hi
I've  started to train SA with some old mail (running slowly), and, 
running this as root, SA generates the database under 
/root/.spamassassin/

Can I have spamassassin update a common database for all users on the 
whole system somehow?

thanks
roy

Bayes Perms

[JP]

Early last week with the help of Matt Kettler I thought I had put my Bayes
DB permission issues to rest well apparently not.

I am running SA 2.64 with AMAVISD-NEW, and postfix.

here is my local.cf


##

use_bayes 1
auto_learn 1

bayes_file_mode 0777
bayes_path /etc/mail/spamassassin/bayes

# rewrite the Subject: line with SPAM .* if set to 1 (default=1)
rewrite_subject 0
# report briefly, recommended for report_header==1 (default=0)
use_terse_report 1

##

#amavisd-new runs as user.group vscan.vscan
#I have two human users both of which belong to the group users


#contents of /etc/mail/spamassassin/

/etc/mail/spamassassin> ls -l
total 1252
-rw---1 vscanvscan   27827 2004-09-06 00:11 bayes_journal
-rw-rw-r--1 vscanusers   86016 2004-09-06 00:10 bayes_seen
-rw-rw-r--1 vscanusers 1314816 2004-09-06 00:10 bayes_toks
-rw-rw-r--1 vscanusers 383 2004-09-05 00:03 local.cf
[EMAIL PROTECTED]:/etc/mail/spamassassin>

#This is the crontab entry for sa-learn

0 0 * * * sa-learn --spam -C /etc/mail/spamassassin --showdots --mbox
/home/usr01/mail/Suspected-Spam

#The output:

bayes: bad permissions on journal, can't read:
/etc/mail/spamassassin/bayes_journal

Why isn't the journal file being created with 666 perms?

Thanks,
JP

Using the -l (log) option

[Chris]

I'm sure this question will have an easy answer, but after reading man 
spamassassin, the conf man, spamd man, I can't find the answer.  I'm 
calling spamassassin with spamd, I'm curious as to what would be written to 
a log file using the -l option in spamassassin, however, I haven't the 
faintest idea where to place this.  I thought putting it in my 
/etc/rc.d/init.d/spamassassin script file would do it, but no, that just 
gave me an error when I went to restart spamassassin.  Any hints would be 
much appreciated.

Thanks
Chris

-- 
Chris
Registered Linux User 283774 http://counter.li.org
8:56pm up 4 days, 13 min, 2 users, load average: 0.82, 0.84, 0.85

Most people have a furious itch to talk about themselves and are restrained
only by the disinclination of others to listen.  Reserve is an artificial
quality that is developed in most of us as the result of innumerable 
rebuffs.
-- W.S. Maugham

Live - From Virgin Radio UK Bryan Ferry and Roxy Music - Love Is The Drug