Re: Redhat / Fedora RPMs?
On Thu, September 23, 2004 10:47, "jenni baier" <[EMAIL PROTECTED]> said: > Does anyone have 3.0 in RPM form? I can't find any links to RPM versions > on the site... > > Thanks in advance... > http://ftp.freshrpms.net/pub/fedora/linux/core/development/i386/Fedora/RPMS/spamassassin-3.0-10.i386.rpm or http://ftp.freshrpms.net/pub/fedora/linux/core/development/i386/SRPMS/spamassassin-3.0-10.src.rpm You may want to verify that this is the final version (not an rc), since I always install SA from the tarball. I'd recommend compiling from the src rpm, to maintain your sanity and your systems stability, unless your running a bone stock system. That or you could build the rpm from the tarball, as suggested earlier in another post. Regards, Jon
Re[2]: spamassassin --lint fails on OS X using SA 3.0.0
Thursday, September 23, 2004, 2:01:58 PM, Theo responded: TVD> On Thu, Sep 23, 2004 at 09:35:39AM -0400, Rob Kudyba wrote: >> /etc/mail/spamassassin root# /usr/bin/spamassassin --lint -D >> debug: config: read file //etc/mail/spamassassin/70_sare_html.cf >> debug: config: read file //etc/mail/spamassassin/70_sare_oem.cf >> debug: config: read file //etc/mail/spamassassin/70_sare_random.cf >> debug: config: read file //etc/mail/spamassassin/70_sare_ratware.cf >> debug: config: read file //etc/mail/spamassassin/70_sare_specific.cf >> debug: config: read file //etc/mail/spamassassin/70_sare_spoof.cf >> debug: config: read file //etc/mail/spamassassin/72_sare_bml_post25x.cf >> debug: config: read file //etc/mail/spamassassin/99_FVGT_Tripwire.cf >> debug: config: read file //etc/mail/spamassassin/99_sare_fraud_post25x.cf >> debug: config: read file //etc/mail/spamassassin/99_sare_fraud_pre25x.cf TVD> can't help you with these. However, 99_sare_fraud_post25x.cf and 99_sare_fraud_pre25x.cf are CONFLICTING files. pre25x is supposed to be used only for SA 2.4x and older, while post25x is supposed to be used for 2.5x, 2.6x, 3.xx.xx Get rid of the bad file. >> warning: description exists for non-existent rule SARE_SUB_CASINO_OB1 TVD> all third party rules -- go talk to the people who wrote them. There is no current SARE rule with this name. SARE_SUB_CASINO_OB (without any digit at the end) is in 70_sare_genlsubj1.cf, which you do NOT list in your list of custom files above. I scan all current SARe files and I do not find any rule or description with the name your system is complaining about. Find out where that is and get rid of it. (Simply refreshing your files from the current SARE rules might do the trick.) Bob Menschel
SA-3.0.0 for FBSD Ports
Does anyone know who is handling the update of the FBSD ports for the new SA-3 release? Or better yet, when it is scheduled? Thanks! Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED]
Re: SA 3.0 upgrade bug and fix (spamd reporting to log, but not tagging messages)
On Thu, Sep 23, 2004 at 09:12:18PM +, Brian L. Gentry wrote: > The fix is obvious and simple: Shut down spamd, start it from the command > line: /usr/bin/spamd -c -d . Test it. Once you've verified that it's > working > again, modify your spamd startup script to use the new location for spamd. I > also removed /usr/sbin/spamd for good measure, since it's not used any more. > > This took a while to track down and caused us some grief here. I hope this > helps save someone else the hassle. Any chance this could be put into the > upgrade notes file ? This is an excellent idea, and thanks for your note earlier today. That is indeed it seems the cause of the issue, which must be causing a good deal of scratching of heads, I would have thought. I removed all SpamAssassin files earlier this evening and re-installed using cpan. With hindsight, I believe I could have simply done what you have suggested above. I run a SuSE 8.2 system, and persuading manual configuration of startup script changes to co-exist with SuSE's YaST tool created configurations is far from trivial, so I shall be sticking with /usr/bin/spamassassin for the time being. Incidentally, a co-worker who runs a Debian system tells me that the Debian package maintainer has overcome the issue by creating the Debian SpamAssassin 3.0.0 package in such a way that spamd is installed in /usr/sbin/ rather than /usr/bin, as with previous versions. -- Anthony Edwards [EMAIL PROTECTED]
Deep Recursion warning then out of memory error
I do not think this is directly related to spamassassin, but googling has produced hits all over the map from perl, to Berkeley DB, and none seem to be recient. I noticed that spamassassin was not learning after I did an upgrade to perl 5.8.5. In running sa-learn with a -D I found that DB_File.pm was missing. So I down loaded DB_File.pm compiled and tested it with no issues. Now when I run sa-learn or I do a spamassassin -r. I get a warning about Deep recursion in the DB_File.pm module and my system gets IO bound until all memory and swap space is consumed and it dies with an out of memory error. I had down loaded a new version of DB_File.pm so I went back to the older version which did not help. So I change the link for perl back to perl 5.8.1 and the problem goes away. So that leaved me wondering if there is some other perl component that needs rebuilding against the new version of perl or something else. Configuration is: Solaris 9 on sparc platform Perl 5.8.5 Spamassassin 2.64 Razor 2.61 DB_File 1.810 Berkeley DB 4.1.25 -- Regards, David Highley Phone: (206) 669-0081 Highley Recommended, Inc. FAX: (253) 838-8509 2927 SW 339th Street Email: [EMAIL PROTECTED] Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com
Re: SA-3.0.0 for FBSD Ports
On Thu, Sep 23, 2004 at 08:33:50PM -0500, Jack L. Stone wrote: > Does anyone know who is handling the update of the FBSD ports for the new > SA-3 release? Or better yet, when it is scheduled? Last I heard (second-hand from a FBSD dev) was that ports was closed to new packages at the moment, and the version they had was 2.64. FYI. -- Randomly Generated Tagline: And remember not to act afraid. Animals can smell fear. And they don't like it. -- Homer Simpson The Call of the Simpsons pgpUF1Og3SPc6.pgp Description: PGP signature
Re: [sa-list] SA-3.0.0 for FBSD Ports
On Thu, 23 Sep 2004, Jack L. Stone wrote: Does anyone know who is handling the update of the FBSD ports for the new SA-3 release? Or better yet, when it is scheduled? The ports tree is currently frozen in preparation for Freebsd 5.3-Release, so it may be a while. (I recently asked when bind 9.3.0 would be in) -Dan Thanks! Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED] -- "Tonite on reboot! People misspelling as many words with sexual connotations as possible..." -Keyo-Chan, February 10th 1999, Undernet #reboot Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
On Thursday, September 23, 2004, 10:22:03 AM, Ulysses Cruz wrote: > Ironically, my system marked your post as spam specifically because of the > URIBLs. Usually it's recommended to not process anti-spam mailing list messages with anti-spam tools for this reason. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SlashDotting spammers
--On Thursday, September 23, 2004 12:34 PM -0700 Will Yardley <[EMAIL PROTECTED]> wrote: So what happens when said site is hosted by a legitimate web host which acts on complaints? You end up driving up said hosting company's bandwidth bills and (more importantly) very likely taking down other sites on the same webserver instance. Also, in case you hadn't heard, spammers often use bogus CC info, don't pay their bills, etc. How about only taking action if the URL remains active for a couple days or more, indicating a lax hosting company? And, for anything like this to work (and again, I still argue that this isn't the right approach), you need to have a lot of people hitting the site all at once, which conflicts with doing all of these checks in a reasonable and safe way. I recall seeing a site that set up a web page that used JavaScript to rapidly reload images from a well-known offender. The idea was to get lots of people visiting that page so that they'd start hammering the spammer's site from many IP's.
Re: SlashDotting spammers
How about getting more people to use SURBLs, so once the spam sites get listed, they get a lot less traffic? The silent treatment may be better. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: ***SPAM*** Problems with URIDNSBL Under Spamassassin 3.0?
On Thursday, September 23, 2004, 11:54:14 AM, Sandy S wrote: > I did find these lines in the debug output: > debug: URIDNSBL: domains to query: tvuu.wneiis-MUNGEDplanet.info > dkcw.wneiis-MUNGEDplanet.info > and > debug: URIDNSBL: queries completed: 0 started: 0 > debug: URIDNSBL: queries active: DNSBL=2 NS=2 at Thu Sep 23 13:36:08 2004 > debug: done waiting for URIDNSBL lookups to complete > Apparently the lookups timed out. I assume that's something to do with the > fact that it's checking for tvuu.wneiis-MUNGEDplanet.info instead of just > wneiis-MUNGEDplanet.info, but I don't know enough about how the URI RBLs > work to be sure. I'd need to read the source code, but for a .info, urirhssub is probably checking the second level domain, i.e. wneiis-planet.info . It may be checking at the third levels also: tvuu.wneiis-planet.info and dkcw.wneiis-planet.info . In either case it should not be timing out. If it is checking the third levels, an NXDOMAIN response meaning it's not on the multi.surbl.org list should be cached after the first try and therefore quick on subsequent queries. It should be pretty quickly resolved for whatever name servers you happen to hit for the first query. If you try: time dig tvuu.wneiis-planet.info.multi.surbl.org. on the same machine SA is running on what result do you get? How long does it take. How about: time dig wneiis-planet.info.multi.surbl.org. Try a bogus new query like: time dig some.bogus.query.multi.surbl.org. and see how long it takes to give an NXDOMAIN. If it's quick from the command line it probably should be quick from SA also. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SA 3.0 bugs ? no header rewriting
Hi Theo Van Dinter <[EMAIL PROTECTED]>, you wrote on Thursday, 2004-09-23 17:00:08 -0400: > NoMailAudit doesn't exist in 3.0. It looks like you're using old modules > and/or old scripts. > > Nuke anything spamassassin related, then install 3.0.0. I renamed ~/.spamassassin/user_prefs and /etc/mail/spamassassin/local.cf but is doen't work. wkr Thomas Richter -- dss1://49.431.801306 Wot're we going to do tonight, Brain ? gsm://49.179.5192431 The same thing we do every night, Pinky . icq://124849926 Try to TAKE OVER THE WORLD ! mailto:[EMAIL PROTECTED]http://www.thomas-richter.de
FreeBSD port
I am working on creating a drop-in replacement for the FreeBSD port, although it is likely the committers will create their own in due time. -Dan -- I want to see how you see. -SK, 6/2/99, 4:30 AM Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
FreeBSD port of SpamAssassin 3.0.0 (continued)
I've gotten a Makefile mostly tuned for sa3, based on the FreeBSD port
makefile for 2.64. I've added most of the dependencies, but FreeBSD
doesn't have ports for Net::SMTP or IP::Country::Fast, so those two
features can't be auto-installed unless the ports maintainer comes up with
them.
I'm also not *quite* sure of the syntax for requiring a specific *version*
of a perl module from within the ports tree.
I've added an optional WITH_SSL=yes define that will auto-ssl-ify things.
Finally, there's a few prompts that as-of-yet cannot be bypassed, I've
opened a bug on those.
So, suffice it to say it should be a while before we see this in the ports
tree. I'm going to send my changes along to [EMAIL PROTECTED] and see what
they think.
-Dan
--
"Goodbye my peoples. I'll miss each one of you. Sniff-Sniff I now know
the true meaning of love. Thank you Sniff-Sniff. You are all in my
heart."
-Chris D.
Dan Mahoney
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---
# New ports collection makefile for:p5-Mail-SpamAssassin
# Date created: Nov 26 2001
# Whom: Anthony Kim
#
# $FreeBSD: ports/mail/p5-Mail-SpamAssassin/Makefile,v 1.59 2004/08/05 13:33:18
mat Exp $
#
PORTNAME= Mail-SpamAssassin
PORTVERSION=3.0.0
CATEGORIES= mail perl5
MASTER_SITES= ${MASTER_SITE_PERL_CPAN}
MASTER_SITE_SUBDIR= Mail
PKGNAMEPREFIX= p5-
MAINTAINER= [EMAIL PROTECTED]
COMMENT=A highly efficient mail filter for identifying spam
BUILD_DEPENDS= ${SITE_PERL}/${PERL_ARCH}/Net/DNS.pm:${PORTSDIR}/dns/p5-Net-DNS
\
${SITE_PERL}/${PERL_ARCH}/HTML/Parser.pm:${PORTSDIR}/www/p5-HTML-Parser \
${SITE_PERL}/Mail/Internet.pm:${PORTSDIR}/mail/p5-Mail-Tools \
${SITE_PERL}/${PERL_ARCH}/Digest/SHA1.pm:${PORTSDIR}/security/p5-Digest-SHA1 \
${SITE_PERL}/${PERL_ARCH}/HTML/Parser.pm:${PORTSDIR}/www/p5-HTML-Parser \
${SITE_PERL}/${PERL_ARCH}/Storable.pm:${PORTSDIR}/devel/p5-Storable \
${SITE_PERL}/Mail/SPF/Query.pm:${PORTSDIR}/mail/p5-Mail-SPF-Query \
${SITE_PERL}/${PERL_ARCH}/Time/HiRes.pm:${PORTSDIR}/devel/p5-Time-HiRes
RUN_DEPENDS=${BUILD_DEPENDS} \
razor-client:${PORTSDIR}/mail/razor-agents \
cdcc:${PORTSDIR}/mail/dcc-dccd \
pyzor:${PORTSDIR}/mail/pyzor
PERL_CONFIGURE= yes
CONFIGURE_ARGS+=SYSCONFDIR="${PREFIX}/etc" \
RUN_NET_TESTS="no" \
CONTACT_ADDRESS="the administrator of that system"
.if defined(WITH_SSL)
CFLAGS+=-DSPAMC_SSL
CONFIGURE_ARGS+=ENABLE_SSL="yes"
BUILD_DEPENDS+=
${SITE_PERL}/IO/Socket/SSL.pm:${$PORTSDIR}/security/p5-IO-Socket-SSL
.endif
MAN3= Mail::SpamAssassin.3 Mail::SpamAssassin::PerMsgStatus.3 \
Mail::SpamAssassin::Conf.3 \
Mail::SpamAssassin::PersistentAddrList.3 \
Mail::SpamAssassin::PerMsgLearner.3 \
Mail::SpamAssassin::Bayes.3 \
Mail::SpamAssassin::AutoWhitelist.3 \
Mail::SpamAssassin::ConfSourceSQL.3
MAN1= spamd.1 spamassassin.1 spamc.1 sa-learn.1
DOCSDIR=${PREFIX}/share/doc/${PKGNAMEPREFIX}${PORTNAME}
DATADIR=${PREFIX}/share/spamassassin
USE_RC_SUBR=yes
SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \
-e 's|%%RC_SUBR%%|${RC_SUBR}|g'
post-build:
@${SED} ${SED_SCRIPT} ${FILESDIR}/spamd.sh > ${WRKDIR}/spamd.sh
post-install:
@${STRIP_CMD} ${PREFIX}/bin/spamc
${INSTALL_SCRIPT} ${WRKDIR}/spamd.sh ${PREFIX}/etc/rc.d/spamd.sh
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/sql/README ${DOCSDIR}/README.sql
cd ${WRKSRC} ; ${INSTALL_DATA} INSTALL USAGE \
BUGS COPYRIGHT Changes README TRADEMARK procmailrc.example sample* \
spamd/README* sql/spamassassin.sql ${DOCSDIR}
.endif
@${SED} -e 's#PREFIX#${PREFIX}#' ${PKGMESSAGE}
.include
.if ${PERL_LEVEL} < 500600
RUN_DEPENDS+= ${SITE_PERL}/File/Spec.pm:${PORTSDIR}/devel/p5-File-Spec
BUILD_DEPENDS+= ${SITE_PERL}/Pod/Usage.pm:${PORTSDIR}/textproc/p5-PodParser
.endif
.if ${PERL_LEVEL} < 500800
RUN_DEPENDS+=
${SITE_PERL}/${PERL_ARCH}/MIME/Base64.pm:${PORTSDIR}/converters/p5-MIME-Base64
.endif
.include
SA 3.0 TRAP
If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: If you haven't been reading this list carefully you will have missed the fact that spamd has been moved from /usr/sbin/ to /usr/bin . However, the old version remains in /usr/sbin which is often where your scripts expect to find it. (At least in SuSE > 8 it is so). Easiest fix it to rm the one in /usr/sbin and link the new one there, and then go to /etc/sysconfig/spamd and remove the -a argument in that file. Took 5 minutes to install 3.0 with CPAN (gotta love cpan) and then it took me 2 hours to track down Brian Gentry's post in the archives. http://thread.gmane.org/gmane.mail.spam.spamassassin.general/56501 WHY is this not in BOLD TYPE in the readme ??? -- _ John Andersen pgpWOXAfKemqF.pgp Description: signature
Re: SA 3.0 bugs ? no header rewriting (SOLUTION)
Hi Thomas Richter <[EMAIL PROTECTED]>, you wrote on Friday, 2004-09-24 08:49:31 +0200: > Hi Theo Van Dinter <[EMAIL PROTECTED]>, > you wrote on Thursday, 2004-09-23 17:00:08 -0400: > > NoMailAudit doesn't exist in 3.0. It looks like you're using old modules > > and/or old scripts. > > > > Nuke anything spamassassin related, then install 3.0.0. > > I renamed ~/.spamassassin/user_prefs and /etc/mail/spamassassin/local.cf > but is doen't work. See other posting and do: whereis spamd rm /usr/sbin/spamd ln -s /usr/bin/spamd /usr/sbin/spamd For SuSE: correct in /usr/sbin/rcspamd: SPAMD_BIN edit /etc/sysconfig/spamd: remove --auto-whitelist wkr Thomas Richter -- dss1://49.431.801306 Wot're we going to do tonight, Brain ? gsm://49.179.5192431 The same thing we do every night, Pinky . icq://124849926 Try to TAKE OVER THE WORLD ! mailto:[EMAIL PROTECTED]http://www.thomas-richter.de
Couple of questions with SA 3.0
Hi, I have installed spamassassin 3.0 on an email gateway, I noticed on a debug it threw out an error with the line check_mx_attempts 0 config: SpamAssassin failed to parse line, skipping: check_mx_attempts 0 Is this option disabled or removed in 3.0? Secondly, I have installed pyzor 0.4.0 but find it is slowing it down (since I am running it on a mail gateway) with mailscanner, the reason I guess is because the script is called each time. With DCC I am running dccifd with a socket which speeds it up, does anyone know if this is possible with pyzor. I have seen you can use something called readyexec and use a socket but don't know how to integrate it with spamassassin. Thanks Chris
RE: auto learn in 3.0
Since upgrading to 3.0, which is the greatest BTW, I have not had any spam auto-learned. The keywords are correct and running spamassassin with --lint reveals all is ok. Is anyone else seeing this? Alex
Re: SA 3.0 TRAP
On Fri, Sep 24, 2004 at 01:30:19AM -0800, John Andersen wrote: > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: > > If you haven't been reading this list carefully you will > have missed the fact that spamd has been moved > from /usr/sbin/ to /usr/bin . However, the old version remains > in /usr/sbin which is often where your scripts expect to find it. > (At least in SuSE > 8 it is so). > > Easiest fix it to rm the one in /usr/sbin and link the new one > there, and then go to /etc/sysconfig/spamd and remove the > -a argument in that file. Alternatively, perhaps the released version could be amended so that spamd is installed in /usr/sbin rather than /usr/bin, which is I understand what the Debian package maintainers have done (that wouldn't assist users who have already upgraded, of course). -- Anthony Edwards [EMAIL PROTECTED]
Re: SA 3.0 TRAP
On Fri, 24 Sep 2004 01:30:19 -0800 John Andersen <[EMAIL PROTECTED]> wrote: > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: > > If you haven't been reading this list carefully you will > have missed the fact that spamd has been moved > from /usr/sbin/ to /usr/bin . However, the old version remains > in /usr/sbin which is often where your scripts expect to find it. > (At least in SuSE > 8 it is so). > [...] > > WHY is this not in BOLD TYPE in the readme ??? Maybe the issue is OS- and version-dependent and wasn't apparent in testing? -- Bob
Re: Couple of questions with SA 3.0
At 07:41 AM 9/24/2004, Chris Connell wrote: Hi, I have installed spamassassin 3.0 on an email gateway, I noticed on a debug it threw out an error with the line check_mx_attempts 0 config: SpamAssassin failed to parse line, skipping: check_mx_attempts 0 Is this option disabled or removed in 3.0? Looking at the SA 3.0 code, the MX_FOR_FROM test uses different code, which seems to be based on the same "queued in background" code that the RBL checks use. This seems to be a much more efficient way to do it anyway. Secondly, I have installed pyzor 0.4.0 I can't help you with pyzor.. I don't use it.. (I find DCC, Razor 2.61, DNSBLs and surbl a sufficient group of net checks)
Re: FreeBSD port of SpamAssassin 3.0.0 (continued)
At 04:37 AM 9.24.2004 -0400, Dan Mahoney, System Admin wrote: >I've gotten a Makefile mostly tuned for sa3, based on the FreeBSD port >makefile for 2.64. I've added most of the dependencies, but FreeBSD >doesn't have ports for Net::SMTP or IP::Country::Fast, so those two >features can't be auto-installed unless the ports maintainer comes up with >them. > >I'm also not *quite* sure of the syntax for requiring a specific *version* >of a perl module from within the ports tree. > >I've added an optional WITH_SSL=yes define that will auto-ssl-ify things. > >Finally, there's a few prompts that as-of-yet cannot be bypassed, I've >opened a bug on those. > >So, suffice it to say it should be a while before we see this in the ports >tree. I'm going to send my changes along to [EMAIL PROTECTED] and see what >they think. > >-Dan > > >-- > >"Goodbye my peoples. I'll miss each one of you. Sniff-Sniff I now know >the true meaning of love. Thank you Sniff-Sniff. You are all in my >heart." > >-Chris D. > Dan: Yes, before asking my question, I did notice the ports were frozen & I also "played" with the 2.64 port without luck too. But, thought maybe someone else had some sort of time estimate for the new port. Guess we'll have to just wait patiently although that's not easy. Many thanks for the responses! Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED]
[OT] I love tech people! First SARE Donation!
Just got an email from our Host of SARE. They got their first donation and wait for it..yes.it ended in .37 cents!! Wooot! LOL!!! A.C. made the donataion. You rock bro! Shows you paid attention ;) Our hosts accounting dept will keep wondering, "Why .37 cents?" I love screwing with people's minds. :-) Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
spamc
Hello, Is the -f "Cause spamc to safe-failover if it can't connect to spamd" from SA2.64 became a standard in SA3.0? He is removed from the man-pages and I couldn't find anything about it in the Changes. After testing it seems to be enabled by default Should I remove the option from my spamc call? With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT
Re: [OT] I love tech people! First SARE Donation!
On Friday, September 24, 2004, 6:59:37 AM, Chris Santerre wrote: > Just got an email from our Host of SARE. They got their first donation and > wait for it..yes.it ended in .37 cents!! Wooot! LOL!!! > A.C. made the donataion. You rock bro! Shows you paid attention ;) > Our hosts accounting dept will keep wondering, "Why .37 cents?" I love > screwing with people's minds. :-) Is that like 42 cents before Paypal fees? Hehe 42 ;-) It may be worth mentioning that there's a SURBL donation button also, and it will be used for setting up more data servers if things work out. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SA 3.0 TRAP
On Fri, 24 Sep 2004 07:49:48 -0500, Bob Apthorpe wrote > On Fri, 24 Sep 2004 01:30:19 -0800 John Andersen > <[EMAIL PROTECTED]> wrote: > > > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: > > > > If you haven't been reading this list carefully you will > > have missed the fact that spamd has been moved > > from /usr/sbin/ to /usr/bin . However, the old version remains > > in /usr/sbin which is often where your scripts expect to find it. > > (At least in SuSE > 8 it is so). > > > [...] > > > > WHY is this not in BOLD TYPE in the readme ??? > > Maybe the issue is OS- and version-dependent and wasn't apparent in > testing? I was going to say, it didn't happen to me on either system I upgraded -- one from the tarball, and one from CPAN.
Re: [OT] I love tech people! First SARE Donation!
Gee, Chris, you're still sending to incubator. Spamassassin graduated!
Congratulations on the donation.
{^_-}
- Original Message -
From: "Chris Santerre" <[EMAIL PROTECTED]>
> Just got an email from our Host of SARE. They got their first donation and
> wait for it..yes.it ended in .37 cents!! Wooot! LOL!!!
>
> A.C. made the donataion. You rock bro! Shows you paid attention ;)
>
> Our hosts accounting dept will keep wondering, "Why .37 cents?" I love
> screwing with people's minds. :-)
Windows, pop3proxy, Spamassassin v. 3.0.0
Hi! I'm trying to use pop3proxy with SA3, but I cannot see the x-spam headers. Here is some more info. I did a clean install of Activestate Perl 5.8.4.810 and SA3, following instructions at http://www.openhandhome.com/howtosa300.html . Spamassassin works: if I fire up a command prompt and type CMD> spamassassin.bat < mymessage.txt > output.txt the message is correctly parsed and tagged. I then installed pop3proxy from http://mcd.perlmonk.org/pop3proxy/ and changed it according to http://wiki.apache.org/spamassassin/CantLocateNoMailAudit . In particular, I changed line 857 from my $message = Mail::SpamAssassin::NoMailAudit->new(data => [EMAIL PROTECTED], to my $message = $spamtest->parse( [EMAIL PROTECTED], leaving the rest unchanged. Pop3proxy works, i.e. I can retrieve the mail using my mail client (Mozilla 1.8a3). If I look at the pop3proxy.log , all messages are correctly identified as ham or spam. However, pop3proxy spits out the unprocessed message. My local.cf adds a custom header: this appears in the output file I get from spamassassin.bat. I added print $message->get_all_headers(); in my pop3proxy.pl, right after $status->rewrite_mail() unless $respect_byte_count; and, as a result, I can see all x-spam headers, including my custom header, in the log file. However, I cannot see the headers in my client. I used to run SA 2.63 on perl 5.6.1 with no problems at all. Any suggestions? Thanks and regards -Paolo
Spammers using my server
This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this? My firewall using a SMTP proxy and only allows my domain in. I run MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has the lastest patches from Red Hat. I have Sendmail setup to accept only my domain email. The non-deliverable reports are coming from my Linux apache user. Non-deliverables usually come from root. I am running apache on the server with forms. The forms software is the latest version and patches. Can anybody help on this? Thanks, Jay
Re: Auto Training Filtering Gateway
I feel like I need to add, for the sake of others, that its a bad idea to allow outside access to these two email addresses. Internal users, or perhaps even just a few trusted individuals should be able to send to these two addresses, but not the general internet population. I'm guessing the reasons for this should be self-evident. On Thu, 23 Sep 2004 15:15:05 -0400, Matt Kettler <[EMAIL PROTECTED]> wrote: > At 02:51 PM 9/23/2004, Gary Buckmaster wrote: > >To this end, I've > >considered setting up spam@ and notspam@ accounts on the gateway > >itself, and having local users send appropriate samples to these > >accounts, then running sa-learn against these. Does this approach > >make a great deal of sense? > > Only if you can get your local users to send them in a way that you can > reconstruct the original headers and body. (ie: regular forwarding won't > work here, but forward as attachment might). > > Check the wiki, there's a bit of information on this kind of stuff for > various kinds of mailclients up there. > >
Re: Spammers using my server
This question isn't really appropriate to a SpamAssassin forum. For what it's worth, it sounds like someone exploited an Apache vuln on your system and installed a mail generator. Given the severity of this (ie you are sending out thousands of email phishing frauds) you should probably take the server off the network until you fix it. Jay Ehrhart wrote: This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this? My firewall using a SMTP proxy and only allows my domain in. I run MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has the lastest patches from Red Hat. I have Sendmail setup to accept only my domain email. The non-deliverable reports are coming from my Linux apache user. Non-deliverables usually come from root. I am running apache on the server with forms. The forms software is the latest version and patches. Can anybody help on this? Thanks, Jay
Re: Spammers using my server
* Jay Ehrhart <[EMAIL PROTECTED]>: > This morning I had over 7000 emails in my Linux server's outbound queue > which I deleted. My firewall log shows over 20,000 emails went out with a > SunTrust bank announce saying to login and enter your username and password. > I do not see the emails coming in like I would in a relay. How can I stop > this or how are they doing this? Check your logs. They tell you how the mail entered your system -- Ralf Hildebrandt (i.A. des IT-Zentrum) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-916 IT-Zentrum Standort CBF AIM. ralfpostfix
Re: Spammers using my server
At 10:39 AM 9/24/2004, Jay Ehrhart wrote: This morning I had over 7000 emails in my Linux server's outbound queue which I deleted. My firewall log shows over 20,000 emails went out with a SunTrust bank announce saying to login and enter your username and password. I do not see the emails coming in like I would in a relay. How can I stop this or how are they doing this? Sounds like some kind of abuse of an onboard http proxy, script, installation of a backdoor, or some other such thing that's letting them queue mail directly from the local host. Clearly it's not a direct SMTP open relay (I checked, trying to send myself mail, didn't work which is good) I'd suggest running a good battery of tests: http://www.abuse.net/relay.html If that doesn't show anything obvious like HTTP proxies, look for a trojan or backdoor on your system. chkrootkit is a good tool to do a first-pass check.
reporting errors
I have a number of email addresses that get only spam, so I've set them up as spamtraps. They are simply sendmail aliases that send to "| /usr/bin/spamassassin -r". When I manually run the spamassassin -r command, however, I get the following... $cat sample-spam.txt | spamassassin -r Pyzor -> report failed: Exited with non-zero exit code 1 SpamCop -> message older than 3 days, not reporting 1 message(s) examined. This is causing the alias to generate errors. Any suggestions? Thanks! david
Re: reporting errors
On Fri, 24 Sep 2004, David Gibbs wrote: I have a number of email addresses that get only spam, so I've set them up as spamtraps. They are simply sendmail aliases that send to "| /usr/bin/spamassassin -r". When I manually run the spamassassin -r command, however, I get the following... $cat sample-spam.txt | spamassassin -r Pyzor -> report failed: Exited with non-zero exit code 1 SpamCop -> message older than 3 days, not reporting 1 message(s) examined. This is causing the alias to generate errors. Any suggestions? 1) file a bug report requesting a --silent option. 2) redirect the standard output/standard error from the pipe. A quick google reveals this http://www.unet.univie.ac.at/aix/aixuser/usrosdev/std_input_output.htm may be of some use. -Dan Thanks! david -- [23:49:00] LarpGM: Did my little TP comment scare you off? [23:49:22] ilzarion: no, the shrieking retarded child eating people did -Feb 06, 2001, times apparent. Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: Whitelist_from_rcvd and multiple DNS resolvers causing problems?
Joe Smith wrote: > I'm using SpamAssassin 3.0 when I use whitelist_from_rcvd with domain > names that reverse to only one possible domain it works just as it > should. When the domain name is one that has multiple possibilities > that it can reverse dns to then it doesn't work unless it happens to > pick the domain name listed in my whitelist_rcvd_to entry. This is a DNS resolver library/client (not sure which) issue more than anything else; although it's also due in part to some admin being slightly less clueful that usual in issuing multiple PTR records for a single IP in the first place. > For example, > if I create an entry for whitelist_from_rcvd [EMAIL PROTECTED] > domain1.com but the server hosting domain1.com also hosts > domain2.com, anotherdomain.com and anotherdomain.net, I have > problems. Say the server that hosted email for the domain I wanted to > whitelist had an ip of 123.123.123.1 and I did dig -x 123.123.123.1, > it would give me all the various domains that that address is > configured for. dig will, but many other resolvers won't- or at least, they'll just return one random entry in much the same way they would return one IP from a round-robin forward DNS lookup. > Do I need to specify the IP address of the > server using multiple dns entries to get whitelist_from_rcvd to work You can try, but I don't think this will work. > or should this not be an issue and I need to look at other reasons > why this particular domain is causing problems. :/ You need to contact the person/organization responsible for rDNS for that IP, and get them to remove the multiple entries- preferably putting in something like "hosted-rmx.hostingcompany.com" rather than the multiple PTR records you're seeing now. I don't recall if it's formalized in an RFC somewhere, but while any number of domains can point to the same IP, the rDNS for that IP *should* only point to ONE hostname - that hostname should be the FQDN of that physical machine. In the meantime, you'll have to work around this with custom local rules that manually implement whitelist_from_rcvd functionality based on the IP. Or, just add whitelist_from_rcvd entries for each of the rDNS names you see for this IP. -kgd -- Get your mouse off of there! You don't know where that email has been!
Speakeasy just implemented SPF records - badly
In case anyone else is going to run into this, sometime yesterday speakeasy.net implemented default SPF records for all of their DNS hosting customers. The problem is that they did it badly. No notification whatsoever was sent out that they were doing this and no chance to review (or even change after the fact) the SPF record they generated, so in my case it was impossible to list another mail server who is allowed to send mail for my domain and I started getting bounced email. When I pointed this out to them they told me I'd just have to start using webmail instead of what I was doing before. They don't host my domain anymore. If you have speakeasy.net hosting your DNS you should review your new SPF record ASAP. Steve
Re: Whitelist_from_rcvd and multiple DNS resolvers causing problems?
On Thu, 23 Sep 2004, Joe Smith wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* I'm using SpamAssassin 3.0 when I use whitelist_from_rcvd with domain names that reverse to only one possible domain it works just as it should. When the domain name is one that has multiple possibilities that it can reverse dns to then it doesn't work unless it happens to pick the domain name listed in my whitelist_rcvd_to entry. For example, if I create an entry for whitelist_from_rcvd [EMAIL PROTECTED] domain1.com but the server hosting domain1.com also hosts domain2.com, anotherdomain.com and anotherdomain.net, I have problems. Say the server that hosted email for the domain I wanted to whitelist had an ip of 123.123.123.1 and I did dig -x 123.123.123.1, it would give me all the various domains that that address is configured for. I think this is what's going on anyway. I looked at the output from spamassassin -D -t < problem then I notice that the rdns= is for one of the other domains hosted on the server and not the domain I would like to whitelist. When I examine the same output from a message that is working, the rdns= is the domain name that I specified in the whitelist_from_rcvd entry. Do I need to specify the IP address of the server using multiple dns entries to get whitelist_from_rcvd to work or should this not be an issue and I need to look at other reasons why this particular domain is causing problems. Let me try to understand what you are saying. You are saying that a server has multiple PTR records for a given ip, and that *that* is causing the problem -- So if 1.2.3.4 had PTR records for domainone.com. and domaintwo.com. and domainthree.com., and you had written a filter to whitelist domainone.com's email, but you found it didn't always work? The person running 1.2.3.4 has NO CLUE what they are doing. 1.2.3.4 should RDNS to whatever the "hostname" value of that machine is. This should be the same as the HELO the machine uses when talking out to the outside world. Assigning multiple addresses (A or PTR -- for the sake of this discussion there's no difference) to things makes them into a round-robin type thing. The possible answers will be handed out in cyclic order (at least, the first time they are queried), and then they are cached as long as the TTL value for the record -- which I've seen some caches override. -- "Happy, Sad, Happy, Sad, Happy, Sad, Happy, Intruiged! I've never been so in touch with my emotions!" -AndrAIa as Hexadecimal, Reboot Episode 3.2.3 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: Speakeasy just implemented SPF records - badly
--On Friday, September 24, 2004 11:33 AM -0400 Steve Prior <[EMAIL PROTECTED]> wrote: In case anyone else is going to run into this, sometime yesterday speakeasy.net implemented default SPF records for all of their DNS hosting customers. I don't see it for the two domains they host for me. I did a dig for txt records for the root of each domain and don't see any.
Re: Whitelist_from_rcvd and multiple DNS resolvers causing problems?
On Fri, 24 Sep 2004 11:36:27 -0400 (EDT) "Dan Mahoney, System Admin" <[EMAIL PROTECTED]> wrote: [snip] > The person running 1.2.3.4 has NO CLUE what they are doing. 1.2.3.4 > should RDNS to whatever the "hostname" value of that machine is. This > should be the same as the HELO the machine uses when talking out to the > outside world. No. HELO is only required to be a FQDN and to resolve to an A record. It does not have to match rDNS nor does it have to match the hostname of the actual server sending out the mail. HELO may be a dotted-quad per the RFCs but only incompetents set their mail systems to do that and that mail is often safely ignored. This is better addressed on SPAM-L. -- Bob Apthorpe
Re: Spammers using my server
Some system on your internal network is "owned" by a hacker network. It
is time to clean all your windows machines COMPLETELY of viruses.
{^_^}
- Original Message -
From: "Jay Ehrhart" <[EMAIL PROTECTED]>
> This morning I had over 7000 emails in my Linux server's outbound queue
> which I deleted. My firewall log shows over 20,000 emails went out with a
> SunTrust bank announce saying to login and enter your username and
password.
> I do not see the emails coming in like I would in a relay. How can I stop
> this or how are they doing this?
>
> My firewall using a SMTP proxy and only allows my domain in. I run
> MailScanner on my Red Hat 3.0 mail server with Sendmail. The box has the
> lastest patches from Red Hat. I have Sendmail setup to accept only my
> domain email.
>
> The non-deliverable reports are coming from my Linux apache user.
> Non-deliverables usually come from root. I am running apache on the
server
> with forms. The forms software is the latest version and patches.
>
> Can anybody help on this?
>
> Thanks,
> Jay
>
clear_headers does not remove X-Spam-Report
With SA 3.0, using clear_headers in local.cf does not prevent the "X-Spam-Report:" header from being inserted into spam messages. Is this a bug or a feature? Below is my local.cf. ### +++ required_score 8.0 clear_headers report_safe 0 use_dcc 0 use_pyzor 0 use_razor2 0 dns_available yes use_bayes 0 lock_method flock fold_headers 0 envelope_sender_header Return-Path use_auto_whitelist 0 ### --- Thanks, -Matt
Re: Spammers using my server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jay Ehrhart writes: > The non-deliverable reports are coming from my Linux apache user. > Non-deliverables usually come from root. I am running apache on the server > with forms. The forms software is the latest version and patches. > > Can anybody help on this? Do you have any mail-sending CGI scripts, like formmail.cgi? Older versions of those contain security holes and are are heavily abused by spammers. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBVFC0QTcbUG5Y7woRAka4AJwIy9l8AwclAHA6PtBNbALHFZWXoQCgw+eC th8ME05xjc1QlMf88rnmwUs= =btXD -END PGP SIGNATURE-
Re: SA 3.0 TRAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bob Apthorpe writes: > On Fri, 24 Sep 2004 01:30:19 -0800 John Andersen <[EMAIL PROTECTED]> wrote: > > > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: > > > > If you haven't been reading this list carefully you will > > have missed the fact that spamd has been moved > > from /usr/sbin/ to /usr/bin . However, the old version remains > > in /usr/sbin which is often where your scripts expect to find it. > > (At least in SuSE > 8 it is so). > > > [...] > > > > WHY is this not in BOLD TYPE in the readme ??? > > Maybe the issue is OS- and version-dependent and wasn't apparent in > testing? Yeah -- this is almost definitely something to do with SuSE's packaging of either perl (if it uses the defaults from ExtUtils::MakeMaker) or SpamAssassin itself (if its rpm spec moves the file around as Debian does). News to us, too, which is why it's not in BOLD TYPE. ;) - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBVFDbQTcbUG5Y7woRAiBbAKDPyTwlMxrk+RhjUP2Q7wpX2aocKwCgyDLR 0vGz9BBw5l5vIz0+Y5Zc97Y= =1Wg1 -END PGP SIGNATURE-
Re: clear_headers does not remove X-Spam-Report
At 12:44 PM 9/24/2004, Matt Garretson wrote: With SA 3.0, using clear_headers in local.cf does not prevent the "X-Spam-Report:" header from being inserted into spam messages. Is this a bug or a feature? Below is my local.cf. ### +++ required_score 8.0 clear_headers report_safe 0 It's parsing order. Note that you do the clear_headers first, then you do the report_safe 0, which declares the X-Spam-Report header. If you did clear headers *after* report_safe 0 you'd not get the Spam-Report.
Re: SA 3.0 upgrade bug and fix (spamd reporting to log, but not tagging messages)
On Fri, Sep 24, 2004 at 03:04:58AM +0100, Anthony Edwards wrote: > I removed all SpamAssassin files earlier this evening and re-installed > using cpan. With hindsight, I believe I could have simply done what > you have suggested above. I run a SuSE 8.2 system, and persuading > manual configuration of startup script changes to co-exist with SuSE's > YaST tool created configurations is far from trivial, so I shall be > sticking with /usr/bin/spamassassin for the time being. In fact, it's easy, or would be if the script at: http://kmail.kde.org/unsupported/spamd Actually worked properly on SuSE 8.2. Unfortunately, it doesn't seem to, quite. If it did, it would be a simple matter of downloading and copying it to the /etc/init.d directory, changing file permissions, then running YaST and configuring spamd to start in runlevels 3 & 5 using the Runlevel Editor. -- Anthony Edwards [EMAIL PROTECTED]
spamd dying?
Has anyone else seen a problem w/ spamd dying sometimes (after working for a while)? I have been seeing this in the 3.0 rcs. I'm about to upgrade to 3.0 release, but I'm wondering if anyone else has seen this. Much more detailed information in bug #3667 (bugzilla.spamassassin.org)
Re: spamd dying?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Will Yardley writes: > Has anyone else seen a problem w/ spamd dying sometimes (after working > for a while)? I have been seeing this in the 3.0 rcs. I'm about to > upgrade to 3.0 release, but I'm wondering if anyone else has seen this. > > Much more detailed information in bug #3667 (bugzilla.spamassassin.org) I'm almost certain it's a fixed bug. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBVFe5QTcbUG5Y7woRAuoMAJ49jvxqPAmmf0rEwCj617FUXVt1gwCguEWK jA6gxaBcQW4p6xfR+DVmT/0= =LiZf -END PGP SIGNATURE-
Looking for Advice - setting up a SA/MD gateway server
We run a bunch of Win32 mail servers on our network. These servers already have spam and virus filtering for local email delivery. However, when a mailbox has it's mail forwarded off-net, the mail is not filtered. As such, when a local users forwards their mailbox to AOL, they then read their email in the AOL client, click the SPAM button in the AOL client, and OUR IP address(es) get flagged by AOL. Getting rid of the Win boxes is not an option. So, I want to force all of my Win mail servers to gateway all of the OUTBOUND email to a SA box that will filter it before it leaves my network. I will need to have the filtering config ignore the IP addresses of all of my internal boxes, and begin scanning at the next hop IP in the mail header. I was originally thought about having some way to ONLY scan forwarded mail (as opposed to mail originating on my network), but I think that would not be worth the effort, and I might as well scan everything. >From reading as many FAQ's and sample configs as I could find, it seems like SA with MD would be my best bet. It appears to give me the flexibility I need, without being overly complicated. Initially, the server would not handle inbound mail, but may be expanded to included that as well. Due to the way that the Win boxes handle forwarding, when a forwarded message is detected as spam and sent back to the Win32 box from SA, I can't really bounce it. I will need to either forward it to a mailbox for my admins to review, or simple delete it. Does it sound like the Sendmail/SA/MD combo meets the requirements above? If so, is there an FAQ or some other document anyone knows about that gives an example of this config? Would Postfix/SA/amavis-new be a better solution? TIA, -- Scot
SA3.0 Bayes SQL db size
Just have a question regarding storing Bayes in SQL with Spamassassin 3.0. I already converted the old dbm files and such, everything is working good, question I have is performance and token count. Previously I had set the max db size to 25 tokens via the bayes_expiry_max_db_size config option in my local.cf. I had put a new server online last week and forgot to uncomment 'sa-learn --force-expire' in the crontab, so the db grew to 90 tokens. Things still seemed to run quite smooth however, and I'm guessing that SQL lets you have a much larger db without the performance loss, just curious what other people in the same setup are using as a max db size. This server doesn't process that much stuff, 100-150k messages a week perhaps. -- Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
Re: Whitelist_from_rcvd and multiple DNS resolvers causingproblems?
> On Fri, 24 Sep 2004 11:36:27 -0400 (EDT) "Dan Mahoney, System Admin" > > The person running 1.2.3.4 has NO CLUE what they are doing. > > 1.2.3.4 should RDNS to whatever the "hostname" value of that > > machine is. This should be the same as the HELO the machine uses > > when talking out to the outside world. Bob Apthorpe replied: > No. HELO is only required to be a FQDN and to resolve to an A record. > It does not have to match rDNS nor does it have to match the hostname > of the actual server sending out the mail. It might not be required or an RFC-ish "SHOULD", but any mail server that HELO's as a name other than its FQDN is doing something very odd anyway. Dan's "should"'s are perfectly correct, and most well-behaved mail systems with properly-configured DNS records do exactly that. (Exceptions include the hosting server I administer at work, which occupies most of a /26 except for a few IPs. For some unknown reason, it periodically gets mixed up about which IP is its "real" IP, and starts initiating TCP/IP connections of all sorts from the highest aliased IP instead. Blech. The machine is otherwise very well-behaved.) -kgd -- Get your mouse off of there! You don't know where that email has been!
RE: Looking for Advice - setting up a SA/MD gateway server
I just started using a postfix/mailscanner/SA setup to filter outbound and inbound mail. Currently scanning about 35k messages per day. I'm a long time windows user / short time linux user, but had no problem getting it setup and running. I'm happy with the results, that's for sure. > -Original Message- > From: Scot Desort [mailto:[EMAIL PROTECTED] > Sent: Friday, September 24, 2004 10:31 AM > To: users@spamassassin.apache.org > Subject: Looking for Advice - setting up a SA/MD gateway server > > > We run a bunch of Win32 mail servers on our network. These > servers already have spam and virus filtering for local email > delivery. However, when a mailbox has it's mail forwarded > off-net, the mail is not filtered. As such, when a local > users forwards their mailbox to AOL, they then read their > email in the AOL client, click the SPAM button in the AOL > client, and OUR IP address(es) get flagged by AOL. > > Getting rid of the Win boxes is not an option. So, I want to > force all of my Win mail servers to gateway all of the > OUTBOUND email to a SA box that will filter it before it > leaves my network. I will need to have the filtering config > ignore the IP addresses of all of my internal boxes, and > begin scanning at the next hop IP in the mail header. I was > originally thought about having some way to ONLY scan > forwarded mail (as opposed to mail originating on my > network), but I think that would not be worth the effort, and > I might as well scan everything. > > >From reading as many FAQ's and sample configs as I could find, it > seems like SA with MD would be my best bet. It appears to > give me the flexibility I need, without being overly complicated. > > Initially, the server would not handle inbound mail, but may > be expanded to included that as well. > > Due to the way that the Win boxes handle forwarding, when a > forwarded message is detected as spam and sent back to the > Win32 box from SA, I can't really bounce it. I will need to > either forward it to a mailbox for my admins to review, or > simple delete it. > > Does it sound like the Sendmail/SA/MD combo meets the > requirements above? If so, is there an FAQ or some other > document anyone knows about that gives an example of this config? > > Would Postfix/SA/amavis-new be a better solution? > > TIA, > > > -- > Scot > >
Re: SA 3.0 TRAP
Justin Mason wrote: > Yeah -- this is almost definitely something to do with SuSE's > packaging of either perl (if it uses the defaults from > ExtUtils::MakeMaker) or SpamAssassin itself (if its rpm spec moves > the file around as Debian does). Actually, for any "real" package manager (ie, rpm or dpkg), upgrading a package should remove all old files as a part of the upgrade. CPAN doesn't really keep track of exactly which files have been installed where in the same way that rpm or dpkg does. I'd be curious to know why spamd has apparently moved from /usr/sbin to /usr/bin in the first place; daemons like spamd don't usually belong in /usr/bin. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: SA 3.0 TRAP
On Friday 24 September 2004 08:52 am, Justin Mason wrote: > Bob Apthorpe writes: > > On Fri, 24 Sep 2004 01:30:19 -0800 John Andersen <[EMAIL PROTECTED]> wrote: > > > If you are thinking about installing Spamassasin 3.0 PAY ATTENTION: > > > > > > If you haven't been reading this list carefully you will > > > have missed the fact that spamd has been moved > > > from /usr/sbin/ to /usr/bin . However, the old version remains > > > in /usr/sbin which is often where your scripts expect to find it. > > > (At least in SuSE > 8 it is so). > > > > [...] > > > > > WHY is this not in BOLD TYPE in the readme ??? > > > > Maybe the issue is OS- and version-dependent and wasn't apparent in > > testing? > > Yeah -- this is almost definitely something to do with SuSE's packaging of > either perl (if it uses the defaults from ExtUtils::MakeMaker) or > SpamAssassin itself (if its rpm spec moves the file around as Debian > does). Except that SA on my machines have always only been installed with CPAN... -- _ John Andersen pgp5ObjFaDsiP.pgp Description: signature
Re: SA 3.0 TRAP
On Fri, Sep 24, 2004 at 02:37:31PM -0400, Kris Deugau wrote: > Justin Mason wrote: > > Yeah -- this is almost definitely something to do with SuSE's > > packaging of either perl (if it uses the defaults from > > ExtUtils::MakeMaker) or SpamAssassin itself (if its rpm spec moves > > the file around as Debian does). > > Actually, for any "real" package manager (ie, rpm or dpkg), upgrading a > package should remove all old files as a part of the upgrade. The issue related to SuSE is that previously, one has been able to install the SuSE default .rpm package, and then subsequently upgrade using cpan without removing the old package first since the old binaries and entire contents of /usr/share/spamassassin/ have been overwritten by that process. SuSE are unlike Debian (for instance) in that they don't release (with one or two exceptions) upgraded packages other than to address security vulnerabilites, so to upgrade to a more recent version of any particular application cannot generally be done with a SuSE .rpm. For those that primarily maintain and administer their system using YaST, manual configuration of startup scripts etc is also somewhat difficult so it can be of benefit to rely on SuSE's copy of /etc/init.d/spamd - for example, the one recommended in spamd's README.SuSE file doesn't actually work, on SuSE 8.2 at least. So, installing the default SuSE .rpm that came with one's version and then subsequently upgrading one's SpamAssassin using cpan has benefits there too. -- Anthony Edwards [EMAIL PROTECTED]
Problem with Bayes and AutoLearning
I am having a problem with 2.63 not using bayes. (NB: setup is using individual data and triggering using .4ward, procmail and postfix with no individual .sa and .procmail files) I have trained each of three accounts with over 1000 ham and some 48K spam messages. SA is working and tagging spam based on all tests other than bayes. I make changes to the global SA conf and those changes are acted upon so I know that spamd is seeing my global conf (below). Also below is a sample header w/ report. Needless to say, the auto learn feature is not working as well. That is how I knew something was going on. The machine is a standard Mandrake 10 setup with regards to SA. Thanks in advance, Tom My Conf: auto_whitelist_path/var/spool/spamassassin/auto-whitelist auto_whitelist_file_mode 0666 use_bayes 1 bayes_path ~/.spammer bayes_file_mode 0700 bayes_use_hapaxes 1 bayes_expiry_max_db_size 150 #bayes_learn_to_journal 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 1 bayes_auto_learn_threshold_spam 6 rewrite_subject 0 report_safe 0 skip_rbl_checks 1 # How many hits before a message is considered spam. required_hits 3.0 ## Optional Score Increases #score BAYES_99 4.300 #score BAYES_90 3.500 #score BAYES_80 3.000 Sample Header: Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from g66dc.g.pppool.de (g66dc.g.pppool.de [80.185.102.220]) by smtp.terranovum.com (Postfix) with SMTP id 708503E6F9B for <[EMAIL PROTECTED]>; Fri, 24 Sep 2004 13:54:40 -0400 (EDT) Original-Encoded-Information-Types: multipart/alternative Language: English Disclose-Recipients: No Reply-To: "Lillian Fitzpatrick" <[EMAIL PROTECTED]> From: "Lillian Fitzpatrick" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: no more red light tickets! Date: Fri, 24 Sep 2004 14:40:57 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--58012207185158267337" Message-Id: <[EMAIL PROTECTED]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on nova.terranovum.com X-Spam-Level: *** X-Spam-Status: Yes, hits=7.3 required=3.0 tests=CLICK_BELOW,FORGED_YAHOO_RCVD, HTML_50_60,HTML_FONTCOLOR_RED,HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_04, HTML_LINK_CLICK_HERE,HTML_MESSAGE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI, MSGID_FROM_MTA_SHORT autolearn=no version=2.63 X-Spam-Report: * 0.1 HTML_LINK_CLICK_HERE BODY: HTML link text says "click here" * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.4 HTML_FONT_INVISIBLE BODY: HTML font color is same as background * 0.2 HTML_50_60 BODY: Message is 50% to 60% HTML * 0.1 HTML_FONTCOLOR_RED BODY: HTML font color is red * 1.5 HTML_IMAGE_ONLY_04 BODY: HTML: images with 200-400 bytes of words * 3.3 MSGID_FROM_MTA_SHORT Message-Id was added by a relay * 0.5 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers * 0.0 CLICK_BELOW Asks you to click below * 1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
Re: Problem with Bayes and AutoLearning
At 03:40 PM 9/24/2004, Thomas Bolioli wrote: bayes_path ~/.spammer This statement is invalid if a directory named ".spammer" exists in the user's home.. Please read the docs on bayes_path VERY carefully. Despite being named "path" it's really "path, plus filename prefix". Thus bayes_path should be something like ~/.spammer/bayes However, why over-ride it at all? it defaults to ~/.spamassassin/bayes
Re: SA 3.0 TRAP
Anthony Edwards wrote: > > On Fri, Sep 24, 2004 at 02:37:31PM -0400, Kris Deugau wrote: > > Justin Mason wrote: > > > Yeah -- this is almost definitely something to do with SuSE's > > > packaging of either perl (if it uses the defaults from > > > ExtUtils::MakeMaker) or SpamAssassin itself (if its rpm spec moves > > > the file around as Debian does). > > > > Actually, for any "real" package manager (ie, rpm or dpkg), upgrading a > > package should remove all old files as a part of the upgrade. > > The issue related to SuSE is that previously, one has been able > to install the SuSE default .rpm package, and then subsequently > upgrade using cpan without removing the old package first since > the old binaries and entire contents of /usr/share/spamassassin/ > have been overwritten by that process. Ah, but that's not "upgrading the package", that's "installing from source". (More or less; CPAN does some checking that a plain install-from-tarball wouldn't.) In the context of a system with a package manager of some kind, an upgrade typically implies that you find a new version of the package built for that packaging system- a new .deb for Debian/dpkg-based distros, a new .rpm for rpm-based distros, or a new download from CPAN for a system where Perl has largely been installed via CPAN. I tend to build my own .rpm's for things like SpamAssassin, in large part because when I originally installed them I couldn't find a package.You might try snagging the .src.rpm that SuSE provides, and tweaking the spec file to allow you to update to a newer SA within the framework provided by rpm. I find it well worth the effort for a number of programs or modules- especially when it comes to installing across multiple servers where I VERY SPECIFICALLY do NOT have compiler tools installed. > SuSE are unlike Debian (for > instance) in that they don't release (with one or two exceptions) > upgraded packages other than to address security vulnerabilites, > so to upgrade to a more recent version of any particular application > cannot generally be done with a SuSE .rpm. You mean, "like Debian stable", or "like RedHat Enterprise Linux" (and its clones).Both provide security updates, but (almost) NO functionality changes. Debian unstable is "whatever's current" (more or less). Fedora Core fills the same role for RedHat. -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: Problem with Bayes and AutoLearning
I do not believe that is an issue. It only puts the bayes databases at ~/.spammer_toks and ~/.spammer_seen. sa-learn has not had a problem loading the databases. They have grown everytime I have used it. I can't see why spamd would have a problem with it. Tom Matt Kettler wrote: At 03:40 PM 9/24/2004, Thomas Bolioli wrote: bayes_path ~/.spammer This statement is invalid if a directory named ".spammer" exists in the user's home.. Please read the docs on bayes_path VERY carefully. Despite being named "path" it's really "path, plus filename prefix". Thus bayes_path should be something like ~/.spammer/bayes However, why over-ride it at all? it defaults to ~/.spamassassin/bayes
Re: auto learn in 3.0
On Friday 24 September 2004 03:52 am, Alex S Moore wrote: > Since upgrading to 3.0, which is the greatest BTW, I have not had any > spam auto-learned. The keywords are correct and running spamassassin > with --lint reveals all is ok. > > Is anyone else seeing this? > > Alex It seems to be working here Alex: -Spam-Status: Yes, score=51.1 required=3.9 tests=BAYES_99,DNS_FROM_RFC_POST, FORGED_HOTMAIL_RCVD2,FORGED_IMS_HTML,FORGED_IMS_TAGS,FORGED_MUA_IMS, HTML_30_40,HTML_FONT_BIG,HTML_FONT_INVISIBLE,HTML_LINK_PUSH_HERE, HTML_MESSAGE,LONGWORDS,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY, MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,MPART_ALT_DIFF,MSGID_SPAM_CAPS, PT_WORDLIST_10,PT_WORDLIST_13,PT_WORDLIST_30,RCVD_BY_IP, RCVD_DOUBLE_IP_SPAM,SAVE_THOUSANDS,URIBL_AB_SURBL,URIBL_SBL, URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam version=3.0.0 ... Are you sure it was started with autolearn support turned on? (I think it is the default)... -- _ John Andersen pgpRq1ncA9ahU.pgp Description: signature
Re: Problem with Bayes and AutoLearning
At 04:10 PM 9/24/2004, Thomas Bolioli wrote: I do not believe that is an issue. It only puts the bayes databases at ~/.spammer_toks and ~/.spammer_seen. sa-learn has not had a problem loading the databases. They have grown everytime I have used it. I can't see why spamd would have a problem with it. Fair enough. Like I said, it's a syntax error if a directory named ~/.spammer/ exists. However, if it doesn't exist, it's fine. Are you sure spamc is being invoked as the proper user, and not as root? spamd will fall back to "nobody" if it finds itself still running as root after setuiding to the client user. You could try copying a set of files into the path of nobody's home-dir and see if bayes starts running.
Re: Spammers using my server
As a another good step, just SA scan ALL incoming and outgoing mail. Run a vulnerability scan against your server, nessus or sara against your machine to find what is being exploited. -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana
Re: Problem with Bayes and AutoLearning
I changed the path just in case. It was that way as a mistake anyhow. Here is the output of lint. (it is exactly the same as with the other paths so I am sure that is not the issue.) Note that it works there. Although not when run through procmail. I think your idea about users is on to something. My .forward file is "|IFS=' ' && exec /usr/bin/procmail || exit 75 #webmaster" Quotes and all. Is that correct? Tom [EMAIL PROTECTED] webmaster]$ spamassassin -D --lint debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/sbin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', which doesn't exist, dropping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/local/sbin', keeping. debug: Final PATH set to: /sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin debug: ignore: using a test message to lint rules debug: using "/usr/share/spamassassin" for default rules dir debug: using "/etc/mail/spamassassin" for site rules dir debug: using "/home/webmaster/.spamassassin" for user state dir debug: using "/home/webmaster/.spamassassin/user_prefs" for user prefs file debug: bayes: 28490 tie-ing to DB file R/O /home/webmaster/.spamassassin/bayes_toks debug: bayes: 28490 tie-ing to DB file R/O /home/webmaster/.spamassassin/bayes_seen debug: bayes: found bayes db version 2 debug: Score set 3 chosen. debug: Initialising learner debug: running header regexp tests; score so far=0 debug: running body-text per-line regexp tests; score so far=2.077 debug: bayes corpus size: nspam = 47336, nham = 1028 debug: uri tests: Done uriRE debug: tokenize: header tokens for *F = "U*ignore D*compiling.spamassassin.taint.org D*spamassassin.taint.org D*taint.org D*org" debug: tokenize: header tokens for *m = " 1096056335 lint_rules " debug: bayes token 'TextCat' => 0.0489090909090909 debug: bayes token 'somewhat' => 0.095669124722507 debug: bayes token 'H*F:D*org' => 0.122005426957751 debug: bayes: score = 0.0118746978798883 debug: bayes: 28490 untie-ing debug: bayes: 28490 untie-ing db_toks debug: bayes: 28490 untie-ing db_seen debug: Razor2 is not available debug: running raw-body-text per-line regexp tests; score so far=2.077 debug: running uri tests; score so far=2.077 debug: uri tests: Done uriRE debug: running full-text regexp tests; score so far=2.077 debug: Razor2 is not available debug: Current PATH is: /sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: all '*From' addrs: [EMAIL PROTECTED] debug: all '*To' addrs: debug: is Net::DNS::Resolver available? no debug: is DNS available? 0 debug: running meta tests; score so far=2.077 debug: is spam? score=0.553 required=3 tests=BAYES_01,DATE_MISSING,NO_REAL_NAME Matt Kettler wrote: At 04:10 PM 9/24/2004, Thomas Bolioli wrote: I do not believe that is an issue. It only puts the bayes databases at ~/.spammer_toks and ~/.spammer_seen. sa-learn has not had a problem loading the databases. They have grown everytime I have used it. I can't see why spamd would have a problem with it. Fair enough. Like I said, it's a syntax error if a directory named ~/.spammer/ exists. However, if it doesn't exist, it's fine. Are you sure spamc is being invoked as the proper user, and not as root? spamd will fall back to "nobody" if it finds itself still running as root after setuiding to the client user. You could try copying a set of files into the path of nobody's home-dir and see if bayes starts running.
RE: clear_headers does not remove X-Spam-Report
>
> With SA 3.0, using clear_headers in local.cf does not prevent
> the "X-Spam-Report:" header from being inserted into spam
> messages. Is this
> a bug or a feature? Below is my local.cf.
>
I did not confirm X-Spam-Report, but you cant get rid of
X-Checker-Version: headers with clear_headers in local.cf either.
Unless you comment the lines in Conf.pm
# Make sure we add in X-Spam-Checker-Version
$self->{headers_spam}->{"Checker-Version"} =
"SpamAssassin _VERSION_ (_SUBVERSION_) on _HOSTNAME_";
$self->{headers_ham}->{"Checker-Version"} =
$self->{headers_spam}->{"Checker-Version"};
You can override Checker-Version with a different message in local.cf,
but trying to get rid of it completely by running a clear_headers or
commenting it out in 10_misc.cf where its defined does not help.
d
Re: auto learn in 3.0
On Fri, 2004-09-24 at 15:17, John Andersen wrote: > It seems to be working here Alex: > ... > Are you sure it was started with autolearn support turned on? > (I think it is the default)... Yes, it is turned on. Normally, learning from my spam box learns about 10% of the mail, i.e., until I installed 3.0. The rest are already learned. But now, they are all learned. I will dig some more. I use mimedefang and the last time that I looked, the autolearn status was not available, but it did work. Thanks, Alex
Auto learn as Ham when ALL_TRUSTED?
Title: Auto learn as Ham when ALL_TRUSTED? Looks like others are posting this question as well, but I couldn't see it in the archives... I recently upgraded to v3. Everything looks great so far, except one change that I can't seem to figure out. We have an internal Exchange server, and SpamAssassin running on a different machine, but on the same private network. I use clear_trusted_networks, and clear_internal_networks in my config, because I want messages from the inside learned the same as messages from the outside. I force outgoing mail to pass with a 'whitelist_from ' line so that the messages themselves are scored the same, but the threshold is just higher. So... after upgrading to v3, I see a new test in the log - ALL_TRUSTED. It seems that any message that matches this test (e.g. all outgoing mail) is auto-learned as ham, no matter what the score is. I'd like to make it stop doing this, if possible, and make it learn outgoing mail based on the same criteria as incoming mail like it did in 2.64. Otherwise, congratulations SA people on a job well done. SA is the best thing since chocolate pop-tarts! N8
pine folder internal data and sa-learn
Hi all, I recently installed spamcop 3.0.0 onto my unix account on an SGI IRIX 6.5 box. I'm using perl 5.8.5, and I generally read my email with pine, though sometimes I'll remotely view it using Evolution through the machine's IMAP server. The following is a portion of my .procmailrc file that is used for spamassassin filtering of my email: :0fw: spamassassin.lock * < 8 | spamassassin :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\* mail/spam-definitely :0: * ^X-Spam-Status: Yes mail/spam-probably I have noticed that the mail the gets into the spam-probably folder generally doesn't get autolearned by spamassassin. Also, I've noticed one message that snuck through the spam filter (it only got a score of 3, and I haven't gotten enough spams trained in the Bayesian filter to activate it.) I would like to train the Bayesian filter with these messages, so using pine, I put them in a mail folder called spam, and I run sa-learn on it as follows: sa-learn --spam --mbox --showdots mail/spam Generally, I notice that sa-learn processes exactly one more message than I thought was in the folder. When I take a look in the folder with a text edittor, I see that there's a fake message that reads as follows: - >From MAILER-DAEMON Tue Dec 9 23:05:26 2003 Date: Tue, 9 Dec 2003 23:05:26 -0600 From: Mail System Internal Data <[EMAIL PROTECTED]> Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA X-IMAP: 0945113015 000396 Status: RO This text is part of the internal format of your mail folder, and is not a real message. It is created automatically by the mail system software. If deleted, important folder data will be lost, and it will be re-created with the data reset to initial values. - I am worried that the Bayesian filter is learning this folder-internal-data message as spam and that this may skew the results of the filter in the future. Note that the folder-internal data message appears to change when the mailbox is changed, so each time I run sa-learn, the message will get learned again, and not simply passed over as an already-learned message. I've found some other people have asked a similar question in the past, but I didn't see any good answers to it. Should I submit a bugzilla report on this? Any scripts to automagically strip out this message from an MBOX file? Thanks very much, Greg Zornetzer gaz at nmrfam dot wisc dot edu
Re: SA 3.0 TRAP
Kris Deugau wrote: You mean, "like Debian stable", or "like RedHat Enterprise Linux" (and its clones).Both provide security updates, but (almost) NO functionality changes. Debian unstable is "whatever's current" (more or less). Fedora Core fills the same role for RedHat. Well, if you want to get technical, Fedora Core would be closer to Debian Testing (assuming I understand the stable/testing/unstable relationship correctly). The equivalent to Debian unstable would be Rawhide (aka the Fedora Core development tree). -- Kelson Vibber SpeedGate Communications
Re: pine folder internal data and sa-learn
From: "Gregory Zornetzer" <[EMAIL PROTECTED]>
> Hi all,
>
> I recently installed spamcop 3.0.0 onto my unix account on an SGI IRIX 6.5
> box. I'm using perl 5.8.5, and I generally read my email with pine,
> though sometimes I'll remotely view it using Evolution through the
> machine's IMAP server.
>
> The following is a portion of my .procmailrc file that is used for
> spamassassin filtering of my email:
>
> :0fw: spamassassin.lock
> * < 8
> | spamassassin
>
> :0:
> * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
> mail/spam-definitely
>
> :0:
> * ^X-Spam-Status: Yes
> mail/spam-probably
>
>
> I have noticed that the mail the gets into the spam-probably folder
> generally doesn't get autolearned by spamassassin. Also, I've noticed
> one message that snuck through the spam filter (it only got a score of 3,
> and I haven't gotten enough spams trained in the Bayesian filter to
> activate it.) I would like to train the Bayesian filter with these
> messages, so using pine, I put them in a mail folder called spam, and I
> run sa-learn on it as follows:
> sa-learn --spam --mbox --showdots mail/spam
>
> Generally, I notice that sa-learn processes exactly one more message than
> I thought was in the folder. When I take a look in the folder with a text
> edittor, I see that there's a fake message that reads as follows:
> -
> >From MAILER-DAEMON Tue Dec 9 23:05:26 2003
> Date: Tue, 9 Dec 2003 23:05:26 -0600
> From: Mail System Internal Data <[EMAIL PROTECTED]>
Gregory, I have a cure for that. It's ugly and involved a few dozen lines
of C code.
I use the C code to find the second "^From " in the file. I save
everything after that including the "From " to ./training/spam_train
for training. I save everything before that to its original file. I
arranged to do this with safe saves so data loss won't happen. Once
I have cleaned out the spam mailbox I run salearn on the spam_train
mailbox. Finally I append all the spam_train messages to "oldspam",
delete spam_tain, and touch spam_train so it's present for the next
round.
I use the same generic code for learning ham as well as spam. I just
change the input parameters around a little. It's all part of a
script "satrain" that I run as a cron job once a day.
For one or two people this is quite satisfactory. For large numbers
of users an alternative approach might be called for.
I can send you the source for the "imapstrip" utility I built for
doing this. (Imap and Ipop3 have the same header file tehse days.)
{^_^}
Documentation generator error
Title: Documentation generator error Hi list members, I've upgraded to SA 3.0, but I've been unsuccessful generating the documentation as directed in http://www.openhandhome.com/howtosa.html. The "POD.BAT" Script runs almost to the end, but then generates two errors, Pod2html.bat: \lib\mail\spamassassin\plugin.pm: unterminated list at =head in paragraph 187. Ignoring Pod2html.bat: \lib\mail\spamassassin\plugin.pm: unexpected =item directive in paragraph 198. Ignoring I'm running Win2K server and Perl 5.8.4.810 Any ideas about this? Regards, Marc Steuer
whitelist_from broken?
Title: whitelist_from broken? whitelist_from in v3 seems inconsistant. after a service restart, it fires correctly about 5 times. after that, it stops working entirely. anybody else having this issue? Thanks, Nate
