Re: SURBL problems
On Monday, September 6, 2004, 4:37:35 PM, Jeff Chan wrote: > If you do: > dig test.surbl.org.multi.surbl.org a > many times, do you get any delays? Hang on, that's not a meaningful test since it would be in your local resolver cache. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: [SURBL-Discuss] Re: SURBL problems
On Monday, September 6, 2004, 4:41:51 PM, David Coulson wrote: > Jeff Chan wrote: >> What you describe sounds perhaps like a DNS timeout (which >> SA3 may support through your operating system's resolver). >> There are currently three SURBL nameservers with problems, >> but they're all commented out of the authority for the >> subdomains, so they should not be a problem. > My name server that was dead is now functional again. > David Yep we had it delegated again for a while now. :-) A SURBL name server status page page is at: http://www.surbl.org/nameservers-output.html The ones with red (d1, i2, k1) are already commented out of authority. The names were obfuscated by request :-) but can easily be resolved manually. Jeff C.
Alain GUITTOT/France/Equant
I will be out of the office starting 06/09/2004 and will not return until 10/09/2004. I will be back to my office on September the 13th. For any question regarding the antispam service pls contact [EMAIL PROTECTED]
Re: SURBL problems
On Monday, September 6, 2004, 4:20:56 PM, Kai Schaetzl wrote: > I haven't debugged this yet any further since I'm on the brink to leaving > for a vacation. Is it possible that one or more of the SURBL RBLs habe > problems today? I was getting a lot of SA time-outs today and the first > reason which comes to my mind is SURBL lookups. It's the only RBL lookup > we use in SA which is run via MailScanner. If SA times out it gives it a > score of 0.00, tells me the reason (SA timeout) and handles the spam as > clean. For the last hours this happened with about every second incoming > mail (spam and ham likewise, so it's unlikely to be some sort of "bad" > spam). This setup has been running for some weeks now, MailScanner 4.32.x > plus SA3-RC2, without any problems. SA timeout for MailScanner is set to > 120 seconds. There doesn't seem to be a timeout value for SURBL checks - > is this possible? No changes to setup or software during the last days, > machine has low load. What you describe sounds perhaps like a DNS timeout (which SA3 may support through your operating system's resolver). There are currently three SURBL nameservers with problems, but they're all commented out of the authority for the subdomains, so they should not be a problem. If you do: dig test.surbl.org.multi.surbl.org a many times, do you get any delays? Is anyone else seeing problems? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SURBL problems
Kai Schaetzl wrote on Tue, 07 Sep 2004 01:20:56 +0200: > Subject: SURBL problems > This is missing a question mark, of course. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Re: SpamAssassin 3.0.0-rc3 RELEASE CANDIDATE available!
sorry, missed to comment on this release earlier. Installed over RC2 on one of our backup mail servers. No problems, just works (together with MailScanner). Great :-) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
SURBL problems
I haven't debugged this yet any further since I'm on the brink to leaving for a vacation. Is it possible that one or more of the SURBL RBLs habe problems today? I was getting a lot of SA time-outs today and the first reason which comes to my mind is SURBL lookups. It's the only RBL lookup we use in SA which is run via MailScanner. If SA times out it gives it a score of 0.00, tells me the reason (SA timeout) and handles the spam as clean. For the last hours this happened with about every second incoming mail (spam and ham likewise, so it's unlikely to be some sort of "bad" spam). This setup has been running for some weeks now, MailScanner 4.32.x plus SA3-RC2, without any problems. SA timeout for MailScanner is set to 120 seconds. There doesn't seem to be a timeout value for SURBL checks - is this possible? No changes to setup or software during the last days, machine has low load. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
Re: Bayes Perms
On Mon, Sep 06, 2004 at 12:24:28AM -0400, JP whispered: > /etc/mail/spamassassin> ls -l > total 1252 > -rw---1 vscanvscan 27827 2004-09-06 00:11 bayes_journal > -rw-rw-r--1 vscanusers 86016 2004-09-06 00:10 bayes_seen > -rw-rw-r--1 vscanusers 1314816 2004-09-06 00:10 bayes_toks > -rw-rw-r--1 vscanusers 383 2004-09-05 00:03 local.cf Did you make sure that all your users have write permissions on the directory itself? Also it doesn't look like the 777 permissions were actually set on your bayes files. Ulysses -- Ulysses S. Cruz [EMAIL PROTECTED] "If it wasn't for the voices in my head, I'd go insane from loneliness" -Me, Myself and I
Re: using a global bayesian database?
On Mon, Sep 06, 2004 at 09:54:43AM -0600, Lucas Albers whispered: > This depends on how SA is integrated with your mail server. > if all incoming mail is run under the same account, then you have a a > global database, if it runs under each user, with procmail for example > then you do not. Actually, it it entirely possible to use a global bayes database if you use procmail. Just add these lines to your /etc/mail/spamassassin/local.cf file: use_bayes 1 bayes_path /etc/mail/spamassassin/bayes bayes_file_mode 777 Also make sure that everyone uses the '-C /etc/mail/spamassassin' option on sa-learn, so that they update the correct database. One big advantage of this configuration is that while the common database is the default option for all users, any user can override this and use their own private database if they want. Ulysses -- Ulysses S. Cruz [EMAIL PROTECTED] "If it wasn't for the voices in my head, I'd go insane from loneliness" -Me, Myself and I
Re: 1-Megabyte Spam
> > If you -know- that the non-binary part is small/moderate, throw it at > > SA anyway. SA is programmed to skip over binary parts and not even try to > > scan their contents, so no loss of speed. > > Rawbody rules still apply to them, don't they? That was my point. No, I don't believe so. At least in 2.63 the binary parts, including their mime headers, get removed from both 'full' and 'rawbody'. Loren
Re: 1-Megabyte Spam
On Fri, 3 Sep 2004, David B. Funk stated: > If you -know- that the non-binary part is small/moderate, throw it at > SA anyway. SA is programmed to skip over binary parts and not even try to > scan their contents, so no loss of speed. Rawbody rules still apply to them, don't they? That was my point. -- `The copyright file is for everyone. That we make it available in plain-text, uncompressed form rather than in spinning, throbbing OpenGL-rendered 3D text over a thumping dance music soundtrack is a feature, not a bug.' --- Branden Robinson
Re: Ping for primary MX
>> Perhaps something like: >> >> - a higher priority MX is up >> - the mail was delivered from a secondary MX with little or no delay Kenneth Porter <[EMAIL PROTECTED]> writes: > My concern was primarily for the secondary, where you don't know the delay > until you forward. Are you saying that the first rule runs on the > secondaries, and the second rule runs on all but the lowest-priorty MX? No, it's a logical "and" rule. Both need to match for it to be spamsign. If the filter is actually run *on* the secondary, it still works since the delay will be just about zero. However, a lot of places just run the spam filter on the primary and have secondaries forward it to, or on an internal host to which all MXes deliver their mail. You can't assume every MX is running SpamAssassin independently. > I've got a secondary which receives very little traffic for itself, and > virtually all of the remaining traffic is spam destined for a primary > elsewhere. It's running SA from MIMEDefang, configured to reject anything > scoring 10 or more. Giving it a rule like the one proposed here would allow > it to reject more instead of queuing it to the primary. The rule should work regardless of where it's run. It also should ideally work for forwarded email (assuming trusted_networks is set up, I don't expect it to check every relay hop, just the untrusted->trusted one. Daniel -- Daniel Quinlan http://www.pathname.com/~quinlan/
Re: using a global bayesian database?
Roy Sigurd Karlsbakk said: > Can I have spamassassin update a common database for all users on the > whole system somehow? This depends on how SA is integrated with your mail server. if all incoming mail is run under the same account, then you have a a global database, if it runs under each user, with procmail for example then you do not. their are many sa+mta solutions that allow this, I for example use SA+mimedefang, which allows a global database. Just check look up the different integration methods for SA that work with your existing mail server. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana
Re: Using the -l (log) option
On Sun, Sep 05, 2004 at 09:00:58PM -0500, Chris wrote: > I'm sure this question will have an easy answer, but after reading man > spamassassin, the conf man, spamd man, I can't find the answer. I'm > calling spamassassin with spamd, Umm, you mean calling spamd with spamc. spamassassin is the run-once-per-email foreground application. spamd is the daemon version which is called by spamc once for each email for the same effect but faster performance. > I'm curious as to what would be written to > a log file using the -l option in spamassassin, however, I haven't the > faintest idea where to place this. I thought putting it in my > /etc/rc.d/init.d/spamassassin script file would do it, but no, that just > gave me an error when I went to restart spamassassin. Any hints would be > much appreciated. > > Thanks > Chris You don't mention SA version or what platform, but on Red Hat/Fedora Core Linux with SA v2.6x, the stock /etc/rc.d/init.d/spam* has SPAMDOPTIONS="-d -c -a -m5 -H" In my installations, spamc is called from each user's ~/.procmailrc. spamd normally logs to /var/log/maillog the user, score, and whether it was judged spam or ham. Cheers, -- Bob McClure, Jr. Bobcat Open Systems, Inc. [EMAIL PROTECTED] http://www.bobcatos.com Grace happens.
using a global bayesian database?
hi I've started to train SA with some old mail (running slowly), and, running this as root, SA generates the database under /root/.spamassassin/ Can I have spamassassin update a common database for all users on the whole system somehow? thanks roy
Bayes Perms
Early last week with the help of Matt Kettler I thought I had put my Bayes DB permission issues to rest well apparently not. I am running SA 2.64 with AMAVISD-NEW, and postfix. here is my local.cf ## use_bayes 1 auto_learn 1 bayes_file_mode 0777 bayes_path /etc/mail/spamassassin/bayes # rewrite the Subject: line with SPAM .* if set to 1 (default=1) rewrite_subject 0 # report briefly, recommended for report_header==1 (default=0) use_terse_report 1 ## #amavisd-new runs as user.group vscan.vscan #I have two human users both of which belong to the group users #contents of /etc/mail/spamassassin/ /etc/mail/spamassassin> ls -l total 1252 -rw---1 vscanvscan 27827 2004-09-06 00:11 bayes_journal -rw-rw-r--1 vscanusers 86016 2004-09-06 00:10 bayes_seen -rw-rw-r--1 vscanusers 1314816 2004-09-06 00:10 bayes_toks -rw-rw-r--1 vscanusers 383 2004-09-05 00:03 local.cf [EMAIL PROTECTED]:/etc/mail/spamassassin> #This is the crontab entry for sa-learn 0 0 * * * sa-learn --spam -C /etc/mail/spamassassin --showdots --mbox /home/usr01/mail/Suspected-Spam #The output: bayes: bad permissions on journal, can't read: /etc/mail/spamassassin/bayes_journal Why isn't the journal file being created with 666 perms? Thanks, JP
Using the -l (log) option
I'm sure this question will have an easy answer, but after reading man spamassassin, the conf man, spamd man, I can't find the answer. I'm calling spamassassin with spamd, I'm curious as to what would be written to a log file using the -l option in spamassassin, however, I haven't the faintest idea where to place this. I thought putting it in my /etc/rc.d/init.d/spamassassin script file would do it, but no, that just gave me an error when I went to restart spamassassin. Any hints would be much appreciated. Thanks Chris -- Chris Registered Linux User 283774 http://counter.li.org 8:56pm up 4 days, 13 min, 2 users, load average: 0.82, 0.84, 0.85 Most people have a furious itch to talk about themselves and are restrained only by the disinclination of others to listen. Reserve is an artificial quality that is developed in most of us as the result of innumerable rebuffs. -- W.S. Maugham Live - From Virgin Radio UK Bryan Ferry and Roxy Music - Love Is The Drug