Re: bogus sa-learn --dump magic report
On Wed, Sep 29, 2004 at 03:51:28PM -0700, Bill Landry wrote: Hmmm, where else could this configuration issue be, Theo, since none of my CF files contain a - in the test definitions? Grep results: Run spamassassin with -D, it'll tell you what files its reading. Could be /usr/share/spamassassin/*.cf, user_prefs, etc. And like I said, spamassassin --lint comes back with nothing - should it not detect this apparent configuration issue, as well? I can send you the spamassassin --lint -D output, if you would like. It should (not knowing what is causing the issue I can't answer for certain,) but there's nothing in the code that I know of which would be converting underscore to dash, so it has to be a config file somewhere. -- Randomly Generated Tagline: The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in. We're computer professionals. We cause accidents. - Nathaniel Borenstein, inventor of MIME. pgphQ0L5ni2Xo.pgp Description: PGP signature
Re: bogus sa-learn --dump magic report
- Original Message -
From: Theo Van Dinter [EMAIL PROTECTED]
Run spamassassin with -D, it'll tell you what files its reading. Could
be
/usr/share/spamassassin/*.cf, user_prefs, etc.
Okay, I created a test.cf file and added the following entries (with hyphens
-):
header RCVD_IN_CSMA-SBL eval:check_rbl('CSMASBL',
'sbl.csma.biz.')
describe RCVD_IN_CSMA-SBL Sender listed in CSMA-SBL
tflags RCVD_IN_CSMA-SBL net
score RCVD_IN_CSMA-SBL 2.0
header RCVD_IN_DNSBL-T1 eval:check_rbl('DNSBLT1',
't1.dnsbl.net.au.')
describe RCVD_IN_DNSBL-T1 Sender listed in DNSBL-T1
tflags RCVD_IN_DNSBL-T1 net
score RCVD_IN_DNSBL-T1 1.0
Then ran spamassassin --lint -D and it came back with lots of detailed
information, including the directory where the CF files are being read from,
and the debug output included only the following warning/error messages,
which I had expected:
==
error: rule 'RCVD_IN_CSMA-SBL' has invalid characters (not Alphanumeric +
Underscore)
error: rule 'RCVD_IN_DNSBL-T1' has invalid characters (not Alphanumeric +
Underscore)
warning: description exists for non-existent rule RCVD_IN_DNSBL-T1
warning: description exists for non-existent rule RCVD_IN_CSMA-SBL
warning: score set for non-existent rule RCVD_IN_DNSBL-T1
warning: score set for non-existent rule RCVD_IN_CSMA-SBL
==
And the last line included of the debug output was:
==
lint: 6 issues detected. please rerun with debug enabled for more
information.
==
Additional thoughts/ideas?
Bill
Re: --lint error
Ken Goods wrote: I finally got SA 3.0 installed (by building from the tarball) along with MailScanner 4.33.3 and ClamAV 0.80, but I am getting the following --lint error keeping the URI checks from being performed. (Redhat 9.0) debug: running uri tests; score so far=-3.174 Failed to compile URI SpamAssassin tests, skipping: (syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule WS_URI_RBL, line 1, near eval: syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule SPAMCOP_URI_RBL, line 1, near eval: syntax error at /etc/mail/spamassassin/surbl_uri.cf, rule SPAMCOP_URI_RBL, line 11, near } } ) SURBL support is included in SA3.0, delete surbl_uri.cf. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
RE: --lint error
Ryan Moore scribbled on Wednesday, September 29, 2004 4:31 PM: snip SURBL support is included in SA3.0, delete surbl_uri.cf. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net You mean to tell me with all I went through today, it's as easy as that? Argh I knew it was built-in but didn't see anything about it not needing the .cf file any longer. Thanks much Ryan! I'll give that a shot. I'm feeling pretty used and abused right now. But on the bright side... I did pick up a few more tricks and tips about SA along the way. Ken
Re: --lint error
Can I respectfully ask why SA even looks at that file if it doesn't need it anymore? Ken It'll read any *.cf file under /etc/mail/spamassassin, doesn't matter what the filename itself is. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
RE: --lint error
Ryan Moore scribbled on Wednesday, September 29, 2004 4:48 PM: Can I respectfully ask why SA even looks at that file if it doesn't need it anymore? Ken It'll read any *.cf file under /etc/mail/spamassassin, doesn't matter what the filename itself is. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net Ah the light blub starts to glow makes perfect sense. Thanks again. Ken
Upgrading SpamAsssassin from 2.64 to 3.0.0
Hello All, I have a, possibly, easy question. I have SpamAssassin 2.64 with a ton of the rules that you have at rules emporium, and man they work great, but I am wanting to upgrade my Spamassassin from 2.64 to 3.0.0, the latest via CPAN. I was wondering if during upgrade via CPAN if there was anything that I might need to be aware of, I do not want to loose SpamAssassin, since it does the job I need it to do 100% of the time. I just want to upgrade via CPAN and have the upgrade be flawless, is that possible or do I need to do anything special. Thanks SATALK Admin
Re: SURBL in 3.0
On Sep 28, 2004, at 3:18 AM, John Andersen wrote: On Monday 27 September 2004 09:22 pm, Christopher Jett wrote: Just upgraded to 3.0 from 2.6.3. I don't see where SURBL is ever registering a score, where previously it was scoring tons of mail. How can I verify that it is actually working? I installed it using MCPAN and --lint shows everything A-OK. -- Chris Jett [EMAIL PROTECTED] Did you enable it in your local.cf as per the surbl pages? I'm not absolutely sure You still have to do that, because I get reports from _AB_ and _OS_ even though I have no specific content in my local.cf for those. Check your init.pre to see if these lines appear and are uncommented: # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL You should see things like this: 0.4 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: ca-t.com] 2.0 URIBL_WS_SURBL Contains a URL listed in sa-blacklist [URIs: ca-t.com] 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: ca-t.com] 4.0 URIBL_SC_SURBL Contains a URL listed in SpamCop data [URIs: ca-t.com] -- _ John Andersen Still not seeing any hits from SURBL. I do see hits from other RBL's. Here's a sample: * 0.4 HTML_SHORT_LENGTH BODY: HTML is extremely short * 3.2 DOMAIN_RATIO BODY: Message body mentions many internet domains * 0.0 HTML_MESSAGE BODY: HTML included in message * 2.1 BAYES_95 BODY: Bayesian spam probability is 95 to 99% * [score: 0.9859] * 0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 HTML_90_100 BODY: Message is 90% to 100% HTML * 3.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words * 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address * [81.44.185.240 listed in dnsbl.sorbs.net] * 0.1 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP * [81.44.185.240 listed in combined.njabl.org] * 0.0 HTML_SHORT_CENTER HTML is very short with CENTER tag * 4.1 RATWARE_ZERO_TZ Bulk email fingerprint (+) found * 0.6 FORGED_OUTLOOK_HTML Outlook can't send HTML message only * 0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format Tons of spam like this, but no SURBL hits at all. I just verified that my Net::DNS is up to date as well. I am at a loss to figure out why this is not working. Everything seems in order, but it is stubbornly not giving me any SURBL scores. -- Chris Jett [EMAIL PROTECTED]
Re: Why such a low score?
On Wednesday, September 29, 2004, 11:50:02 AM, Raymond Dijkxhoorn wrote: Yes very true. We also would like to include JP in the next mass checks, so we can see how scoring would look like in the current situation. Yes, I believe Theo already added JP for scoring in 3.1. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Why such a low score?
On Wednesday, September 29, 2004, 11:44:28 AM, Chris Santerre wrote: Our testing for FPs has gotten extremely better over the past few weeks. New tools and such. Better for the new records, but we seem to keep finding FPs in the old ones. We keep trying to track them down, but need better tools or smarter use of them. Could we start by checking all domains older than 1 year? I think that would have a big payoff. Jeff ... just keeps mumbling No eff pees, no eff pees. If he starts wearing nothing but a loin cloth and eating raw fishI'm calling a doctor. Better call him stat: I like sushi... in Hawaii... Mmmm... Ahi ;-) Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rule problem (.exe attachments)
[EMAIL PROTECTED] wrote:
Jay Hall wrote:
I am experiencing a problem with one of my rules that I
cannot seem to find.
I have the following rules defined.
rawbody __RAW_EXE_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_VBS_ATTACHMENT/filename=\.*\.exe\/i
rawbody __RAW_COM_ATTACHMENT/filename=\.*\.com\/i
rawbody __RAW_PIF_ATTACHMENT/filename=\.*\.pif\/i
rawbody __RAW_CMD_ATTACHMENT/filename=\.*\.cmd\/i
rawbody __RAW_BAT_ATTACHMENT/filename=\.*\.bat\/i
meta ATTACHMENT_RULES (__RAW_EXE_ATTACHMENT || __RAW_VBS_ATTACHMENT ||
__RAW_COM_ATTACHMENT || __RAW_PIF_ATTACHMENT ||
__RAW_CMD_ATTACHMENT ||
__RAW_BAT_ATTACHMENT)
score ATTACHMENT_RULES 25.00
Any attachments listed above will be properly identified as and the
tests run with the exception of an EXE attachment. A filename with an
.exe extension is not flagged.
I have added an additional rule that checks for an .exe
attachment, that
is not part of the meta rule, and I receive the same results. This
leads me to believe there is something wrong with my test for .exe
attachments.
I am running SA 2.64, spamd, and it is invoked from q-mail.
Any suggestions would be greatly appreciated.
Thanks in advance for your assistance.
Jay Hall
How about trying:
rawbody ATTACHMENT_RULES
/filename=\?.*\.(?:exe|vbs|com|pif|cmd|bat|cpl|scr)\?\s*$/i
score ATTACHMENT_RULES 25.00
Note: added .cpl and .scr
added end-of-line test $ to avoid false positives on things like
example.com contract.doc
made quotes optional
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
I went back through the e-mail logs this evening, and e-mails with an
exe attachment were being scored correctly until last night about 7:00
pm. Is it possible there is something wrong with one of the bayes files?
Thanks for your help.
Jay
Re: SA 3.0.0 SURBL usage
On Wednesday, September 29, 2004, 3:31:22 PM, Nick Stephens wrote: NS Raymond Dijkxhoorn ([EMAIL PROTECTED]) RD wrote today: Do you have Net::DNS installed ? It looks to me you are not using RBL checks at all? I checked my perllocal.pod and saw no reference to NET::DNS on this box, so I installed it. After waiting a little while for some more spam to come in, it is now working PERFECTLY!@ I am a lean, clean, spam eating machine. Thank you so much for pointing out my oversight! :) Thanks for the feedback. I'm adding that to the SURBL FAQ: http://www.surbl.org/faq.html#nettest Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SURBL in 3.0
On Wednesday, September 29, 2004, 4:58:21 PM, Christopher Jett wrote: Still not seeing any hits from SURBL. I do see hits from other RBL's. [...] Tons of spam like this, but no SURBL hits at all. I just verified that my Net::DNS is up to date as well. I am at a loss to figure out why this is not working. Everything seems in order, but it is stubbornly not giving me any SURBL scores. Can you resolve the SURBL domains from the server you're running SpamAssassin on: dig test.surbl.org.multi.surbl.org What happens when you send yourself a test message with one of the SURBL test points in it: http://www.surbl.org/faq.html#test-uris SURBL test URLs are: http://surbl-org-permanent-test-point-MUNGED.com/ or: http://127.0.0.2-MUNGED/ without the -MUNGEDs. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: Cygwin SA3.0 Problems
What method are you connecting to your CygWin SpamD? Perhaps the problem is not with SpamD, but with SpamC. I noticed that the new SA3.0 doesn't always fill the incoming TCP for your SpamC calling application buffer... I use 1024 byte buffers. This may be throwing whichever SpamC you are using into confusion as it takes a non-full buffer to mean that this is the last packet for the email results. I use the new Content-length header as a check for message completeness... I wrote my own custom SpamC in .NET as a plug-in for XMail and stopped having those issues you are having. I seem to remember having some issues with WinSpamC (on sourceforge.net) not getting the entire emails either but had pretty good luck with the SpamC compiled in CygWin. Feel free to email me directly. I'm happy to help where I can. Jason J Ellingson Technical Consultant 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED]
Re: Upgrading SpamAsssassin from 2.64 to 3.0.0
At 07:37 PM 9/29/2004 -0500, SAtalk Mail User wrote: I have a, possibly, easy question. I have SpamAssassin 2.64 with a ton of the rules that you have at rules emporium, and man they work great, but I am wanting to upgrade my Spamassassin from 2.64 to 3.0.0, the latest via CPAN. 1) delete antidrug.cf if you use it, SA 3.0 includes it. 2) delete the .cf files referencing any spamcopURI rules, SA 3.0 has this built in, but handles it differently. 3) Read the UPGRADE file, and change or comment out any outdated config options which might be in your local.cf or user_prefs: http://spamassassin.apache.org/full/3.0.x/dist/UPGRADE I'd also suggest moving *everything* out of /etc/mail/spamassassin on a temporary basis, then move the files back later. This will ensure a nice clean upgrade which passes make test. After the update: 1) run sa-learn --sync to upgrade your bayes DB format 2) run spamassassin --lint 3) move the files you moved out of /etc/mail/spamassassin back a few at a time and run --lint between batches to make sure it's happy.
Re: SURBL in 3.0
I forgot to mention that the only thing unusual about my local.cf file is that it rewrites the Subject header differently than the standard installed local.cf file. This same problem is also repeatable with either spamassassin, or spamc/spamd when using the --siteconfigpath directive. -- Chris Jett [EMAIL PROTECTED] On Sep 29, 2004, at 10:57 PM, Christopher Jett wrote: OK - I think I have narrowed down what is happening with this, though I don't know why. I have placed my local.cf file in a non-standard directory and I am using the --siteconfigpath=path to point to that directory (where my local.cf file and my own custom rules files are located). For some reason this breaks the SURBL checks. If I run spamassassin without that directive (and use local.cf in its standard installation location), the SURBL checks work fine. Can someone else confirm this? This is with 3.0.0. -- Chris Jett [EMAIL PROTECTED]
Re: sa-learn help!
Yeah, double-checked that first thing. It's definitely installed and at the latest rev. On Wed, 29 Sep 2004, Matt Kettler wrote: At 03:55 PM 9/29/2004 -0700, Andy Biddle wrote: Okay, so I'm at a loss. I'm reasonably new to SpamAssassin and dealing with spam filters in general, but I've tried to do my homework and I'm still having some trouble. If I look at all my headers, I never see the autolearning work. Often it gets autolearn=unavailable. I figure that I need to teach it a bit through sa-learn, but when I try to utilize sa-learn, I get the following errors: Use of inherited AUTOLOAD for non-method Digest::SHA1::sha1_hex() is Do you have the perl module Digest::SHA1 installed? If not, use cpan or distribution packages to add it. SA 3.0 uses SHA1 hashes as a part of it's bayes token format.
reporting to spamcop fails
hello, i have just upgraded to spamassassin-3.0.0 and run it on a linux platform. i have the following problem when reporting spam using spamassassin -D -r, towards the end of the output there is a delay (a few seconds) the i get: debug: Razor2 is not available SpamCop - report to vmx2.spamcop.net failed: Net::SMTP error SpamCop - report to vmx1.spamcop.net failed: Net::SMTP error debug: SpamAssassin: could not report spam to SpamCop. SpamAssassin: no Internet hashing methods available, so couldn't report. the delay is a bit annoying when i report a few messages from inside my mail program. i think i have narrowed down the source of the problem to this bit of code: if ($smtp = Net::SMTP-new($exchange, Hello = $hello, Port = 587, Timeout = 10)) now i am not sure what that does... is it perhaps trying to connect to an external mail server (which will probably not work on our lan because we have a proxy/firewall)? in which case, can i configure it to use a local sendmail instance? failing this, is it possible to turn of reporting to spamcop? thanks, andrew.
Stupid lottery spam?
A.A.S Lottery Headquarters: Customer Service 580 N. Tenth Street Sacramento, CA 85914 Euro - Afro Asian Sweepstake Lottery an Affiliate of Foundmoney International Arena Complex Km 18 Route de Rufisque I.P.P Award Dept. johannesburg, south africa. Ref: EAASL/941OYI/03 Batch: 03/06/MA34 -- Ok, SpamAssassin caught the lottery scam, but.. are these people really this stupid? (Probably a rhetorical question, I know..) 600 N. 10th Street, Sacramento, CA 95814 is a valid address - it's the California Lottery offices. If I recall correctly, 580 N. 10th street is a parking lot or something. heh. And they got the ZIP code wrong. It's 95814. Morons. Next time I'm in that area on the way to the firing range, maybe I oughta drop by 580 N 10th st. hm -Crazy Jon
Re: SURBL in 3.0
OK - I think I have narrowed down what is happening with this, though I don't know why. I have placed my local.cf file in a non-standard directory and I am using the --siteconfigpath=path to point to that directory (where my local.cf file and my own custom rules files are located). For some reason this breaks the SURBL checks. If I run spamassassin without that directive (and use local.cf in its standard installation location), the SURBL checks work fine. Can someone else confirm this? This is with 3.0.0. So that's the reason why I don't see any SURBL checks in the headers (_TESTSSCORES_) I do see uri tests; score so far=-2.599 in my debug logfile but never any line like: 2.0 URIBL_WS_SURBL Contains a URL listed in sa-blacklist [URIs: ca-t.com] I didn't change anything to Makefile.PL, so it's a simple install with a --siteconfigpath=path for starting spamd A test message with http://surbl-org-permanent-test-point-MUNGED.com/ without -MUNGED Give the following result in the debug logfile uri found: http://surbl-org-permanent-test-point-MUNGED.com/ And in the headers X-Spam-Status: No, hits=-2.1 required=7.0 tests=ALL_TRUSTED=-3.3,AWL=3.193, BAYES_20=-1.951 autolearn=ham version=3.0.0 With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT
RE: Problem with Bayes learner.
How does one handle this in a shared server environment where there are many domains on a single server with ONE mail instance? Does one have to run steps 2-3 for each domain before you can restart spamd? John -Original Message- From: Erik Wickstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 4:32 PM To: users@spamassassin.apache.org Subject: Re: Problem with Bayes learner. Hi John, I had a similar problem, and with the help of the list, I was able to resolve it. Here is what you have to do. FIRST kill spamd - if the process is running, it will mess everything up! Second: run sa-learn --sync -D this may take a little while, but it will upgrade your database to version 3. Third: run sa-learn --showdots --mbox --spam your_spam_box Do the same for ham. Fourth: spamd -d You should be back in business! Good luck! Erik On Wed, 29 Sep 2004 15:56:27 -0400, John Stegenga [EMAIL PROTECTED] wrote: Hi everyone. I've read the wiki and googled for this, and no such luck. I'm not using Spam Assassin 3.x yet. Server info: Redhat 9 kernel 2.4.26-ow3 Perl 5.8.1 This is a shared hosting server using Cpanel 9.4.1 The mailer is EXIM exim (exim-4.42-60_cpanel_stmpcontrol_antivirus_rewrite_mailman2_maskedmailtrap_e xiscan) Until about 5 days ago, my Spam learner script was working. I could never turn SA Autolearn on, but I could manually make a SPAM mailbox and a HAM mailbox and put stuff into them. I currently have a library of about 6000 spams that have been sent to my domain. Recently, however, SA stopped using bayes. No more bayes scores none... Here is my error: bayes: bayes db version 0 is not able to be used, aborting! at /usr/lib/perl5/site_perl/5.8.1/Mail/SpamAssassin/BayesStore/DBM.pm line 160. Now, that's odd to me because it appears to learn email... Learned from 42 message(s) (5231 message(s) examined) The wiki says this error has to do with SA 3.0.. but I'm not using 3.0: X-Spam-Status: No, hits=0.0 required=4.5 tests=none autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) HELP? John Stegenga
Re: [sa-list] Re: Preferred DNSBL
On Thu, 30 Sep 2004, John Fleming wrote: I would say a simple daemon to tail -F the logfile (-F to cover rotations, etc), and parse strings for the specific blocklist messages. -Dan - Original Message - From: Ed Kasky [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, September 27, 2004 2:49 PM Subject: Re: Preferred DNSBL Rejects Since Sunday 4:00 am via rbls: spamcop: 65 maps rbl+: 154 dsbl.org: 9 njabl.org: 18 spamhaus: 18 What/how are you guys gathering the data above? Thanks - John -- Is Gushi a person or an entity? Yes -Bad Karma, August 25th 2001, Ezzi Computers, Quoting himself earler, referring to Gushi Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
sa-learn with SQL everything?
I'm trying to start using Bayes and sa-learn for the first time, now that Bayes supports SQL. I run a smallish system (about 80 users spread over three domains). The basic setup is Exim - SpamAssassin 3 - Exim - amavis - Exim - delivery. (That is -- SA and amavis are Exim router-transport pipes; neither knows of the other's existence.) Apart from me, none of my users have home directories; Exim uses SQL for all account information. Mail is stored in Maildir format in /mail/DOMAIN/USER. The majority of my users use Squirrelmail. I would like to enable some sort of false-negative/false-positive reporting for them, as I would imagine that the Bayes system is not very useful if it's getting uncorrected FN/FP data. However, every piece of documentation I've seen for sa-learn assumes (1) a unix account to correspond to the mailbox owner, and (2) that SQL is not being used for anything. Can someone point me in the right direction? I'd really like to take advantage of Bayes, but the documentation is so haphazard right now that I just don't know what to do. -- Daniel Drucker / [EMAIL PROTECTED]
X-Failed-Recipients / Mail delivery failed [Kinda OT]
Folks, I'm running into a weird problem and I don't know what the cause is. I'm running Qmail / Qmail-Scanner 1.22 / SA 2.63 / Clam AV 75.1 I have messages that all have the subject Mail delivery failed, which the message scores a negative number by SA and is delivered. The problem is, each one of them contains a virus... I'm confused on why SA gives it a negative number (which doesn't show in the headers... just shows the score) and why CLAM AV isn't finding it as a virus either. Here at the headers from one of the emails: Microsoft Mail Internet Headers Version 2.0 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Received: from blah.com ([removed]) by blah.com with Microsoft SMTPSVC(); Thu, 30 Sep 2004 09:27:20 -0400 Received: from removed.com ([removed]) by removed.com with Microsoft SMTPSVC(); Thu, 30 Sep 2004 09:27:18 -0400 Received: (qmail 6149 invoked by uid 511); 30 Sep 2004 09:27:13 -0400 Received: from by removed.com by uid 502 with qmail-scanner-1.22st (clamdscan: 0.75.1. spamassassin: 2.63. perlscan: 1.22st. Clear:RC:0(207.69.200.46):SA:0(-1.9/5.2):. Processed in 20.275484 secs); 30 Sep 2004 13:27:13 - X-Spam-Status: No, hits=-1.9 required=5.2 Received: from unknown (HELO removed) (removed) by removed.com with SMTP; 30 Sep 2004 09:26:53 -0400 Received: from exim by removed with local (Exim 3.36 #4) id 1CD0xU-tT-00 for removed; Thu, 30 Sep 2004 09:26:56 -0400 X-Failed-Recipients: removed From: Mail Delivery System Mailer-Daemon@ removed To: removed Subject: Mail delivery failed: returning message to sender Message-ID: E1CD0xU-tT-00@ removed Date: Thu, 30 Sep 2004 09:26:56 -0400 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) removed X-Spam-Level: Return-Path: X-OriginalArrivalTime: 30 Sep 2004 13:27:18.0585 (UTC) FILETIME=[355D4290:01C4A6F1] Has anyone else run into this also?
SpamAssassin 3.0 and sa-learn problem.
I recently sent out a request for help regarding always getting autolearn=unavailable messages. When I try to train it with sa-learn, I get: Use of inherited AUTOLOAD for non-method Digest::SHA1::sha1_hex() is deprecated at /usr/local/lib/perl5/site_perl/5.8.2/Mail/SpamAssassin/Bayes.pm line 983. Learned from 0 message(s) (1 message(s) examined). Can't locate auto/Digest/SHA1/sha1_hex.al in @INC (@INC contains: lib /usr/local/lib/perl5/site_perl/5.8.2 /usr/local/lib/perl5/site_perl/5.8.2/mach /usr/local/lib/perl5/site_perl/5.8.0/i386-freebsd /usr/local/lib/perl5/site_perl/5.8.0 /usr/local/lib/perl5/site_perl/5.6.1 /usr/local/lib/perl5/site_perl/5.005 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.2/BSDPAN /usr/local/lib/perl5/5.8.2/mach /usr/local/lib/perl5/5.8.2) at /usr/local/lib/perl5/site_perl/5.8.2/Mail/SpamAssassin/Bayes.pm line 983 SHA1 is installed and up to date. SpamAssassin was installed via CPAN. My system is FreeBSD... Assuming no one jumps up and points out specifically how to fix this, I'm considering just wiping out my installation and rebuilding. Am I correct in thinking that if this is probably just something wrong with my installation? Is there a good way to blow away SpamAssassin and everything it requires? If I use CPAN to re-install SpamAssassin, shouldn't it re-install anything it then requires? Sorry, can't figure out why I'm having dependancy issues and I really want to get this fixed. Ugh.
no report template found
When I run SA 3.0 from a command line, I get a message at the end of the SA output file, (no report template found), you can see it below. I'm using the following options to launch SA. spamassassin -D -t mime.822 test.txt Has something changed with SA 3.0 or is there something wrong with my setup? I have used this command line for all the previous versions and it worked fine. -Slava test.txt: Received: from businesscross.net (moxmail10 [127.0.0.1])by moxmail10.businessgive.com (Postfix) with ESMTP id C52F638BD3E02for [EMAIL PROTECTED]; Wed, 29 Sep 2004 06:37:29 -0700 (PDT)MIME-Version: 1.0From: "Camera Testing Center" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Product TestersWantedMessage-Id: [EMAIL PROTECTED]Content-Type: text/plainContent-Disposition: inlineContent-Transfer-Encoding: 7bitDate: Wed, 29 Sep 2004 06:37:29 -0700 (PDT)X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on guinevereX-Spam-Status: No, score=5.1 required=5.5 tests=BAYES_95,RCVD_IN_XBL autolearn=no version=3.0.0X-Spam-Level: * we would like you to join our Product Research Panel. - join Now and Receive for no charge: Panasonic DVD Camcorder High quality digital video 18x Optical zoom 500x Digital zoom $899 retail price, yours to keep free! - PRODUCT TESTERS WANTED! - please click here for more info: http://businesscross.net/r/2295/5302664/2r7q653p7p58ProductResearchPanel, the new member incentive promotional offer, and the product testing program is an independent program for consumers and is not affiliated with the merchant/brands listed above. ProductResearchPanel is solely responsible for all incentive fulfillment Click here: http://businesscross.net/r/2295/5302664/2r7q653p7p58 MO:tLWcG1YpimN1CAtfAueGWX0YTxkq1wh/sUV/hhC2csblfZUSmz0wVnLsSRRsOe20vBNRXA==:MO This advertisement was sent by BonusBonez, 268 Bush Street #3437, San Francisco, CA 94104.Visit the BonusBonez Mailings Manager:http://businesscross.net/u/2295/5302664/2r7q653p7p58 MO:BDD+CLlyyHjJjwWT8WWqmz88aiCKR30l0HTj7dW6YyoD9JLVMRe+if7g185tvt3m9Tee9Q==:MO (no report template found) _ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this transmission in error, please contact the sender by reply e-mail or by telephone (+1(212)632-5500) and delete and destroy all copies of the material, including all copies stored in the recipient's computer, printed or saved to disk.
SA+Postfix+SASL+Mysql+Maildrop Installation howto
Hi, people, my first mail to the list, and I'm already asking for something quite hard to me... Here it goes: I want to set up a WBEL with SA 3.0, but with user preferences driven by a Mysql database. Also, I want the MTA (PostFix) to run with SASL authentication. I've found a good bunch of info on how to set up Postfix+SASL+Maildrop+Mysql, but I don't know how to set up SA to work with that, all I've seen about it is the howto on SA's site, but it doesn't mention how to set it up against a vmail environment. Also, this will be my fisrt attempt at Postfix (I've always ran SA through Spamass-Milter over Sendmail), so any help or tips will be appreciated. Thanks a lot, Luis. -- - GNU-GPL: May The Source Be With You... -
RE: Upgrading SpamAsssassin from 2.64 to 3.0.0
Matt Kettler scribbled on Wednesday, September 29, 2004 7:31 PM: At 07:37 PM 9/29/2004 -0500, SAtalk Mail User wrote: I have a, possibly, easy question. I have SpamAssassin 2.64 with a ton of the rules that you have at rules emporium, and man they work great, but I am wanting to upgrade my Spamassassin from 2.64 to 3.0.0, the latest via CPAN. 1) delete antidrug.cf if you use it, SA 3.0 includes it. 2) delete the .cf files referencing any spamcopURI rules, SA 3.0 has this built in, but handles it differently. 3) Read the UPGRADE file, and change or comment out any outdated config options which might be in your local.cf or user_prefs: http://spamassassin.apache.org/full/3.0.x/dist/UPGRADE I'd also suggest moving *everything* out of /etc/mail/spamassassin on a temporary basis, then move the files back later. This will ensure a nice clean upgrade which passes make test. After the update: 1) run sa-learn --sync to upgrade your bayes DB format 2) run spamassassin --lint 3) move the files you moved out of /etc/mail/spamassassin back a few at a time and run --lint between batches to make sure it's happy. Matt, That is the best advice I've seen on upgrading SA to 3.0 from 2.6x. Simple to understand and straight to the point. If you had posted this yesterday morning it would have saved me a day of beating my head against the wall. I don't like to post questions to the list until I've exhausted every other resource I can think of. Learn a little more that way. But now that I've been through it, (thanks to Ryan Moore for getting me over the last hurdle) this advice is the ticket to a smooth upgrade and I think it should be added to the update doc! Thanks, Ken Ken Goods Network Administrator MIS Dept. AIA Insurance, Inc. 111 Main Street PO Box 538 Lewiston, ID 83501 Phone: 208-799-9023 Websites: http://www.cropusainsurance.com http://www.cropusainsurance.com/ Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: Bayes scores in SA 3.0
On Thu, 30 Sep 2004 08:34:28 -0700 Chip Paswater [EMAIL PROTECTED] wrote: Hey guys, I was looking at the Bayes scores in 3.0 and had a couple of questions: [...] zombie voice ... the FAQ ... read the FAQ ... /zombie voice -- Bob
Re: SpamAssassin 3.0 and sa-learn problem.
On Thu, Sep 30, 2004 at 07:47:35AM -0700, Andy Biddle wrote: Use of inherited AUTOLOAD for non-method Digest::SHA1::sha1_hex() is deprecated at /usr/local/lib/perl5/site_perl/5.8.2/Mail/SpamAssassin/Bayes.pm line 983. Learned from 0 message(s) (1 message(s) examined). Can't locate auto/Digest/SHA1/sha1_hex.al in @INC (@INC contains: lib This indicates that your Digest::SHA1 installation is botched. SHA1 is installed and up to date. I'd blow away what you have and reinstall the module. -- Randomly Generated Tagline: DOS: n., A small annoying boot virus that causes random spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX. See also MS-DOS, IBM-DOS, DR-DOS. (from David Vicker's .plan) pgp8ys0FEAAfo.pgp Description: PGP signature
Re: SURBL in 3.0
On Thu, Sep 30, 2004 at 01:42:51PM +0200, Maurice Lucas wrote: OK - I think I have narrowed down what is happening with this, though I don't know why. I have placed my local.cf file in a non-standard directory and I am using the --siteconfigpath=path to point to that directory (where my local.cf file and my own custom rules files are located). For some reason this breaks the SURBL checks. If I run spamassassin without that directive (and use local.cf in its standard installation location), the SURBL checks work fine. Can someone else confirm this? This is with 3.0.0. The problem, I'm guessing, is that the init.pre file (loads the plugins) installs into the standard siteconfigpath directory. So if you aim somewhere else, the plugins are never enabled, so no SURBL. -- Randomly Generated Tagline: As for SUVs being used as family cars: If a family is too large to fit into a fuel efficient automobile it doesn't need an SUV, it needs birth control. - Unknown pgpr1dSDOpWo1.pgp Description: PGP signature
Re: Bayes scores in SA 3.0
Hey guys, I was looking at the Bayes scores in 3.0 and had a couple of questions: [...] zombie voice ... the FAQ ... read the FAQ ... /zombie voice Great Bob, the FAQ says how the scores are generated, I surmised that. But these questions aren't in the FAQ: Does a human review the scores generated by the statistics engine? Doesn't it make sense to have more of a bell curve on the 2nd set of bayes scores? If not, why not? The teeth seem seem to be taken out of BAYES_99 with it's low 1.9 score, and most of my spam is triggering .99 to 1. That to me seems like an obvious oversight, and I'm just wondering what the thinking was to leave it at 1.9 for the 3.0 release.
sql/bayes
While I can see the advantage of keeping awl and prefs in a sql database, I can't see an advantage to keeping bayes data in a sql db. Can someone point out an advantage? Would there be any disadvantage in keeping everything except bayese in sql? -- Robin Lynn Frank Director of Operations Paradigm-Omega, LLC http://www.paradigm-omega.com == Sed quis custodiet ipsos custodes? pgpMxGVbE78c3.pgp Description: PGP signature
Re: SA+Postfix+SASL+Mysql+Maildrop Installation howto
We use SA+Postfix+SASL+Mysql+procmail for our system. The SASL authentication doesn't have anything to do with SA. It simply allows your smtpd to accept AUTH commands; so you can deal with those problems separately. Also bear in mind that if you rig postfix to use mysql tables for it's config; that is separate from SA using mysql for the user's filtering options. postfix and SA may or may not use the same mysql server; probably not the same database; and definitely not the same authentication. We use procmail after the MTA is done with the message to run the message thru SA and then sort it into inbox/spambox. Luis Hernán Otegui wrote: Hi, people, my first mail to the list, and I'm already asking for something quite hard to me... Here it goes: I want to set up a WBEL with SA 3.0, but with user preferences driven by a Mysql database. Also, I want the MTA (PostFix) to run with SASL authentication. I've found a good bunch of info on how to set up Postfix+SASL+Maildrop+Mysql, but I don't know how to set up SA to work with that, all I've seen about it is the howto on SA's site, but it doesn't mention how to set it up against a vmail environment. Also, this will be my fisrt attempt at Postfix (I've always ran SA through Spamass-Milter over Sendmail), so any help or tips will be appreciated. Thanks a lot, Luis.
FIXED - no report template found
The problem has been resolved. In case anyone else has this issue in the future, the problem was a blank clear_report_template definition in my local.cf. removing it allowed SA to retrieve the info from 10_misc.cf correctly. -Slava "Slava Madrit" [EMAIL PROTECTED] 9/30/2004 10:53:09 AM When I run SA 3.0 from a command line, I get a message at the end of the SA output file, (no report template found), you can see it below. I'm using the following options to launch SA. spamassassin -D -t mime.822 test.txt Has something changed with SA 3.0 or is there something wrong with my setup? I have used this command line for all the previous versions and it worked fine. -Slava test.txt: Received: from businesscross.net (moxmail10 [127.0.0.1])by moxmail10.businessgive.com (Postfix) with ESMTP id C52F638BD3E02for [EMAIL PROTECTED]; Wed, 29 Sep 2004 06:37:29 -0700 (PDT)MIME-Version: 1.0From: "Camera Testing Center" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Product TestersWantedMessage-Id: [EMAIL PROTECTED]Content-Type: text/plainContent-Disposition: inlineContent-Transfer-Encoding: 7bitDate: Wed, 29 Sep 2004 06:37:29 -0700 (PDT)X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on guinevereX-Spam-Status: No, score=5.1 required=5.5 tests=BAYES_95,RCVD_IN_XBL autolearn=no version=3.0.0X-Spam-Level: * we would like you to join our Product Research Panel. - join Now and Receive for no charge: Panasonic DVD Camcorder High quality digital video 18x Optical zoom 500x Digital zoom $899 retail price, yours to keep free! - PRODUCT TESTERS WANTED! - please click here for more info: http://businesscross.net/r/2295/5302664/2r7q653p7p58ProductResearchPanel, the new member incentive promotional offer, and the product testing program is an independent program for consumers and is not affiliated with the merchant/brands listed above. ProductResearchPanel is solely responsible for all incentive fulfillment Click here: http://businesscross.net/r/2295/5302664/2r7q653p7p58 MO:tLWcG1YpimN1CAtfAueGWX0YTxkq1wh/sUV/hhC2csblfZUSmz0wVnLsSRRsOe20vBNRXA==:MO This advertisement was sent by BonusBonez, 268 Bush Street #3437, San Francisco, CA 94104.Visit the BonusBonez Mailings Manager:http://businesscross.net/u/2295/5302664/2r7q653p7p58 MO:BDD+CLlyyHjJjwWT8WWqmz88aiCKR30l0HTj7dW6YyoD9JLVMRe+if7g185tvt3m9Tee9Q==:MO (no report template found)_The information transmitted is intended only for the person orentity to which it is addressed and may contain confidential and/orprivileged material. Any review, retransmission, disseminationor other use of, or taking of any action in reliance upon, thisinformation by persons or entities other than the intended recipientis prohibited. If you received this transmission in error, pleasecontact the sender by reply e-mail or by telephone (+1(212)632-5500)and delete and destroy all copies of the material, including allcopies stored in the recipient's computer, printed or saved to disk. _ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this transmission in error, please contact the sender by reply e-mail or by telephone (+1(212)632-5500) and delete and destroy all copies of the material, including all copies stored in the recipient's computer, printed or saved to disk.
Re: sql/bayes
On Thursday 30 September 2004 18:05, Robin Lynn Frank wrote: While I can see the advantage of keeping awl and prefs in a sql database, I can't see an advantage to keeping bayes data in a sql db. Can someone point out an advantage? Would there be any disadvantage in keeping everything except bayese in sql? You could have two front end servers using the same Bayes backend with SQL. This makes autolearning work easily across multiple servers. -- Regards Sune Kloppenborg Jeppesen -- This email was scanned by MailPlus anti-virus at http://www.dir.dk -- pgpImWE8mVVPI.pgp Description: PGP signature
Re: sa-learn with SQL everything?
On Thursday 30 September 2004 15:37, Daniel M. Drucker wrote: I'm trying to start using Bayes and sa-learn for the first time, now that Bayes supports SQL. I run a smallish system (about 80 users spread over three domains). The basic setup is Exim - SpamAssassin 3 - Exim - amavis - Exim - delivery. (That is -- SA and amavis are Exim router-transport pipes; neither knows of the other's existence.) Apart from me, none of my users have home directories; Exim uses SQL for all account information. Mail is stored in Maildir format in /mail/DOMAIN/USER. The majority of my users use Squirrelmail. I would like to enable some sort of false-negative/false-positive reporting for them, as I would imagine that the Bayes system is not very useful if it's getting uncorrected FN/FP data. However, every piece of documentation I've seen for sa-learn assumes (1) a unix account to correspond to the mailbox owner, and (2) that SQL is not being used for anything. Can someone point me in the right direction? I'd really like to take advantage of Bayes, but the documentation is so haphazard right now that I just don't know what to do. You could setup a dedicated SA user and have a site wide Bayes database. -- Regards Sune Kloppenborg Jeppesen -- This email was scanned by MailPlus anti-virus at http://www.dir.dk -- pgpqjKnkeDHo9.pgp Description: PGP signature
Re: SURBL in 3.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: On Thu, Sep 30, 2004 at 01:42:51PM +0200, Maurice Lucas wrote: OK - I think I have narrowed down what is happening with this, though I don't know why. I have placed my local.cf file in a non-standard directory and I am using the --siteconfigpath=path to point to that directory (where my local.cf file and my own custom rules files are located). For some reason this breaks the SURBL checks. If I run spamassassin without that directive (and use local.cf in its standard installation location), the SURBL checks work fine. Can someone else confirm this? This is with 3.0.0. The problem, I'm guessing, is that the init.pre file (loads the plugins) installs into the standard siteconfigpath directory. So if you aim somewhere else, the plugins are never enabled, so no SURBL. if the init.pre is never read from what you specify as --siteconfigpath, that's a bug -- could you report it to the bugzilla?(however I'm pretty certain we have a test for that so that sounds odd.) - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBXDfkQTcbUG5Y7woRAidhAJ9FsxYewBlknH06VRqnS0/FENVKUACgpHov ctOOz/UtBffw/7WnXMgZDCo= =WRw5 -END PGP SIGNATURE-
Re: SpamAssassin 3.0 and sa-learn problem.
I've done a CPAN force install Digest::SHA1 and get the same issue... On Thu, 30 Sep 2004, Theo Van Dinter wrote: On Thu, Sep 30, 2004 at 07:47:35AM -0700, Andy Biddle wrote: Use of inherited AUTOLOAD for non-method Digest::SHA1::sha1_hex() is deprecated at /usr/local/lib/perl5/site_perl/5.8.2/Mail/SpamAssassin/Bayes.pm line 983. Learned from 0 message(s) (1 message(s) examined). Can't locate auto/Digest/SHA1/sha1_hex.al in @INC (@INC contains: lib This indicates that your Digest::SHA1 installation is botched. SHA1 is installed and up to date. I'd blow away what you have and reinstall the module. -- Randomly Generated Tagline: DOS: n., A small annoying boot virus that causes random spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX. See also MS-DOS, IBM-DOS, DR-DOS. (from David Vicker's .plan)
Re: SURBL in 3.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: On Thu, Sep 30, 2004 at 09:44:20AM -0700, Justin Mason wrote: if the init.pre is never read from what you specify as --siteconfigpath, that's a bug -- could you report it to the bugzilla?(however I'm pretty certain we have a test for that so that sounds odd.) I think the issue is that init.pre isn't in the directory he's pointing to, not that it wouldn't be read if it existed there. ie: spamassassin --siteconfigpath /tmp/foo if I don't put init.pre in /tmp/foo, spamassassin isn't going to go looking for the file in other places. ah, ok, that's not a bug ;) - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBXDzVQTcbUG5Y7woRArLTAJ4v3vXHve1/bVrcayF7QRs+jrpe6wCfQZMB 6PgJ5qP5VgTvHupcjuH0sBg= =SCmw -END PGP SIGNATURE-
Re: SA 3.0.0 SURBL usage
On Wed, 2004-09-29 at 14:47, Raymond Dijkxhoorn wrote: In fact, I cannot see anything in the headers that leads me to believe that SURBL is being used/enforced. Do you have Net::DNS installed ? It looks to me you are not using RBL checks at all? And make sure you're running a recent version of Net::DNS. That bit me when I upgraded. Had it installed, but too old to use. -- [EMAIL PROTECTED] One should admire Windows users. It takes a great deal of courage to trust Windows with your data. - Unknown
Net::DNS version is 0.23, but need 0.34
Hello, I have trouble with SURBL and think that it is related to above error But if I test the module with CPAN or with the following script it says that i'm at 0.48. (carefull i'm a complete perl newbie and a SA newbie) #!/usr/bin/perl -T -w use strict; use Net::DNS; print Net::DNS-version, \n; I use debian woody so Net::DNS version 0.19 I did install SA again from source but the results are the same Does anybody have any glue Or is this an error for the perl mailinglist? With kind regards, Met vriendelijke groet, Maurice Lucas TAOS-IT
Re: SA+Postfix+SASL+Mysql+Maildrop Installation howto
ok, ok, my ponit wasn't exactly that, but I've managed to notice some things, partly via Google. My problem (or, to tell it better, the thing I didn't realize) was how will SA get the username it is analizing mail for, since the vitual users setting doesn't (at least to my knowledge) provide this info. But looking closer to the maildrop configuration howto I have, I've come to see that Maildrop REALLy knows whose user the mail is, or it wouldn't be able to deliver it at all... Sorry everybody, my mistake. Thanks for the answer. Luis On Thu, 30 Sep 2004 12:13:41 -0400, Eric W. Bates [EMAIL PROTECTED] wrote: We use SA+Postfix+SASL+Mysql+procmail for our system. The SASL authentication doesn't have anything to do with SA. It simply allows your smtpd to accept AUTH commands; so you can deal with those problems separately. Also bear in mind that if you rig postfix to use mysql tables for it's config; that is separate from SA using mysql for the user's filtering options. postfix and SA may or may not use the same mysql server; probably not the same database; and definitely not the same authentication. We use procmail after the MTA is done with the message to run the message thru SA and then sort it into inbox/spambox. Luis Hernán Otegui wrote: Hi, people, my first mail to the list, and I'm already asking for something quite hard to me... Here it goes: I want to set up a WBEL with SA 3.0, but with user preferences driven by a Mysql database. Also, I want the MTA (PostFix) to run with SASL authentication. I've found a good bunch of info on how to set up Postfix+SASL+Maildrop+Mysql, but I don't know how to set up SA to work with that, all I've seen about it is the howto on SA's site, but it doesn't mention how to set it up against a vmail environment. Also, this will be my fisrt attempt at Postfix (I've always ran SA through Spamass-Milter over Sendmail), so any help or tips will be appreciated. Thanks a lot, Luis. -- - GNU-GPL: May The Source Be With You... -
Re: sa-learn with SQL everything?
I couldn't find anyone who has done this already, so I did it myself -
anyone who needs this is welcome to use my solution/code. My solution
requires an IMAP server and bayes to be in mysql. It also requires
SquirrelMail. It also requires a /tmp directory. Since squirrelmail
requires a unix-like system (I belive) and IMAP, you should be all set.
I'm not using Exim - I run Postfix, but that shouldn't make a difference.
I use amavis-new/sa with squirrelmail on top. I downloaded the
squirrelmail amavisnewsql 0.7.2-1.4 plugin and modified it from there.
The plugin includes a whitelist user and other sa controls for the
specific user, but totally misses the bayes aspect of spamassassin. The
plugin takes some time to configure, but is simple if you just follow the
directions.
Once you get that working, replace the setup.php and create a new
bayes.php in the plugins/amavisdnewsql directory. I've attached the
bayes.php and setup.php files as .txt files, so remove the .txt extension.
Once you do that, on the top of every message, there will be a This is
spam and This is NOT spam link. It will issue a
/usr/local/bin/sa-learn -D --[sp|h]am, so make sure sa-learn is in this
directory.
***IMPORTANT: One last thing - make sure you turn on the
bayes_sql_override_username user that runs spamassassin or spamd in
local.cf or your bayes database will only work for the user that the
webserver runs as. It took me a while to figure this one out...
If you have any questions or problems with this, please email me.
Keith Hackworth
[EMAIL PROTECTED]
I'm trying to start using Bayes and sa-learn for the first time, now
that Bayes supports SQL.
I run a smallish system (about 80 users spread over three domains).
The basic setup is Exim - SpamAssassin 3 - Exim - amavis - Exim -
delivery. (That is -- SA and amavis are Exim router-transport pipes;
neither knows of the other's existence.)
Apart from me, none of my users have home directories; Exim uses SQL
for all account information. Mail is stored in Maildir format in
/mail/DOMAIN/USER.
The majority of my users use Squirrelmail.
I would like to enable some sort of false-negative/false-positive
reporting for them, as I would imagine that the Bayes system is not
very useful if it's getting uncorrected FN/FP data. However, every
piece of documentation I've seen for sa-learn assumes (1) a unix
account to correspond to the mailbox owner, and (2) that SQL is not
being used for anything.
Can someone point me in the right direction? I'd really like to take
advantage of Bayes, but the documentation is so haphazard right now
that I just don't know what to do.
--
Daniel Drucker / [EMAIL PROTECTED]
?php
/*
* AmavisNewSQL - AmavisNew+SQL+SpamAssassin+Quarantine+This is [not] spam
plugin for SquirrelMail
* By Jared Watkins and slightly modified by Keith Hackworth (sorry Jared)
*/
function amavisnewsql_version()
{
return '0.7.2';
}
include(SM_PATH.'plugins/amavisnewsql/config.php');
function squirrelmail_plugin_init_amavisnewsql () {
include(SM_PATH.'plugins/amavisnewsql/config.php');
global $squirrelmail_plugin_hooks;
$squirrelmail_plugin_hooks['optpage_register_block']['amavisnewsql'] =
'amavisnewsql_optpage_register_block';
$squirrelmail_plugin_hooks['read_body_header_right']['amavisnewsql'] =
'amavisnewsql_address_add';
if($CONFIG[use_quarantine]) {
$squirrelmail_plugin_hooks['menuline']['amavisnewsql'] =
'amavisnewsql_spam_quarantine';
#$squirrelmail_plugin_hooks['left_main_after']['amavisnewsql'] =
'amavisnewsql_spam_quarantine';
}
}
function amavisnewsql_address_add() { // Borrowed from address_add plugin
global $message;
global $passed_id;
global $mailbox;
if (!$message || !isset($message)) return;
$header = $message-rfc822_header;
$decodedfrom = $header-getAddr_s('from');
$IP_RegExp_Match = '\\[?[0-9]{1,3}(\\.[0-9]{1,3}){3}\\]?';
$Host_RegExp_Match = '(' . $IP_RegExp_Match .
'|[0-9a-z]([-.]?[0-9a-z])*\\.[a-z][a-z]+)';
$Email_RegExp_Match = '[0-9a-z]([-_.+|]?[_0-9a-z|])*(%' .
$Host_RegExp_Match . ')?@' . $Host_RegExp_Match;
$regs = array();
while (eregi($Email_RegExp_Match, $decodedfrom, $regs)) {
$decodedfrom = substr(strstr($decodedfrom, $regs[0]), strlen($regs[0]));
$fromaddress = urlencode($regs[0]);
}
echo | ;
bindtextdomain ('amavisnewsql', SM_PATH . 'plugins/amavisnewsql/locale');
textdomain ('amavisnewsql');
displayInternalLink
(plugins/amavisnewsql/amavisnewsql.php?action=add_edit_wb_addressWorB=Wpriority=7address=$fromaddress,
_(Whitelist Sender), 'right');
echo | ;
bindtextdomain ('amavisnewsql', SM_PATH . 'plugins/amavisnewsql/locale');
textdomain ('amavisnewsql');
displayInternalLink
(plugins/amavisnewsql/bayes.php?action=bayes_learntype=spassed_id=$passed_idmailbox=$mailbox,
_(This is Spam), 'right');
echo | ;
bindtextdomain ('amavisnewsql', SM_PATH .
Re: sa-learn with SQL everything?
I couldn't find anyone who has done this already, so I did it myself - Nice work! How does this interact with the use/nonuse of report_safe? It seems to me that (with report_safe 1) you end up training bayes on the encapsulation, or (with report_safe 0) you end up training it on the reciprocal of the spamassassin-added headers. -- Daniel Drucker / [EMAIL PROTECTED]
Re: 3.0 scanning delays
So, I take it that no one is seeing these weird spamd delays but me? Rats. Shane Hickey [EMAIL PROTECTED] [2004-09-29 14:11]: Howdy all. I'm running version 3.0.0 on Gentoo Linux (using the 3.0.0-r1 ebuild). The machine is a dual P3/450 and it is also running sendmail 8.12.11 and it handles mail for 20 or so domains with less than 20 users total. So, the mail volume is pretty low. I'm running spamd in the following manner: /usr/sbin/spamd -d -r /var/run/spamd/spamd.pid -u mail -x -m 10 -L I'm running spamc out of my /etc/procmailrc (with no options). What I've noticed is that after spamd has been running for a little while, it starts to take longer and longer to check each message. Here is a snippet of my times from 2.64: clean message (-104.9/5.0) for user1:8 in 0.8 seconds, 1129 bytes. clean message (-104.9/5.0) for user2:8 in 0.9 seconds, 1231 bytes. clean message (-104.9/5.0) for user1:8 in 0.8 seconds, 1231 bytes. clean message (-4.9/5.0) for user1:8 in 1.1 seconds, 1046 bytes. When I first start spamd, I see times that are very close to this. But, within 10-20 minutes, they start to climb. Here is how they look right now (I started spamd 40 minutes ago). clean message (-102.8/5.0) for user1:8 in 5.8 seconds, 1282 bytes. clean message (-5.0/5.0) for user2:8 in 41.8 seconds, 2867 bytes. clean message (-100.0/5.0) for user3:8 in 37.8 seconds, 2250 bytes. If I let spamd run for several hours, I'll see times near 200 seconds per message and it seems to keep increasing. I have always had skip_rbl_checks 1 in my local.cf. But, I've been trying to isolate what's caused this new slowness, so I've also tried to first disable razor2, dcc and pyzor and that didn't seem to make much difference. Then I set use_bayes to 0 and that seems to help a little bit, but I still see long delays. The delayed times that I show above are for this configuration: # Enable the Bayes system use_bayes 0 # Enable or disable network checks skip_rbl_checks 1 use_razor2 1 use_dcc 1 use_pyzor 1 I also tried lock_method flock and I didn't see much success their either. Anyway, I was hoping someone else had seen this behavior and or maybe someone could shed some light on what might be the cause of this? Thanks, Shane -- Shane Hickey [EMAIL PROTECTED]: Network/System Consultant GPG KeyID: 777CBF3F Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F Listening to: The Courtship of Birdy Numnum - The Parapalegic-Homoerotic Episode -- Shane Hickey [EMAIL PROTECTED]: Network/System Consultant GPG KeyID: 777CBF3F Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F Listening to: The Styrenes - Cold Meat
Re: sa-learn with SQL everything?
Daniel M. Drucker wrote: I couldn't find anyone who has done this already, so I did it myself - Nice work! How does this interact with the use/nonuse of report_safe? It seems to me that (with report_safe 1) you end up training bayes on the encapsulation, or (with report_safe 0) you end up training it on the reciprocal of the spamassassin-added headers. To my knowledge, salearn removes/ignores any SpamAssassin headers, so it shouldn't skew your data. Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net
Sorry Florida.
I've noticed about at 10% decrease in spam since Florida started having all those problems with tropical weather. Anyone else notice this? I'm not trying to bash Florida, just something I noticed in the logs. It's amazing how much better you feel once you've given up hope.
RE: 'Spam Forensics: Reverse-Engineering Spammer Tactics'
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 6:37 PM To: users@spamassassin.apache.org Subject: 'Spam Forensics: Reverse-Engineering Spammer Tactics' My slides from the presentation I gave at Toorcon 2004, 'Spam Forensics: Reverse-Engineering Spammer Tactics', are now up, if anyone's interested in having a read ;) http://spamassassin.apache.org/presentations/2004-09-Toorcon/html Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out? Damn! SARE has run into the problem that there isn't much NEW in spam to tag on. SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of their tricks now end up being tagged. I'm real curious as to what they try nextcause I'm kind of stumped as to how to get around this. Think like a spammer to catch one. --Chris
Re: Sorry Florida.
On Thu, 30 Sep 2004 15:10:07 -0400 AltGrendel [EMAIL PROTECTED] wrote: I've noticed about at 10% decrease in spam since Florida started having all those problems with tropical weather. Anyone else notice this? I'm not trying to bash Florida, just something I noticed in the logs. I've been getting more in the last few days than during any period in the past! -- Raquel All animals are equal but some animals are more equal than others. --George Orwell, Animal Farm
RE: spoofed Received header
I actually block all incoming mail that claims to be from my domain. The only
problem is that I don't get copies of messages that I send to some lists, such
as this one.
But... as far as I'm concerned, if a mail server isn't listed as an MX for
somedomain.com, it should use somedomain.com in the mail from or envelope
from feilds. It's a wide open hole for spam and social engineering attacks.
I was actually surprised to see that even anti-spam lists such as this one
spoof the envelope from field. :/
Oh, well... I still get everyone else's posts.
Nate
-Original Message-
From: Loren Wilton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 3:22 PM
To: users@spamassassin.apache.org
Subject: Re: spoofed Received header
Received: from 64.239.129.105 ([:::219.144.149.91])
From: Trina Parr [EMAIL PROTECTED]
where in Received: 1st ip is my mx, but 2nd is spammers host
and in From: name is some arbitrary name with my email address
is it possible to make regex in local.cf that would check that both ips in
Received are the same?
Yes, but it can get tricky, because there are so many received formats.
A very simple test could be something like
/64\.239\.129\.105 \(\[(?!64\.239\.129\.105).{1,20}\]\)/
Assuming I typed that right it will check for a double-dotquad format where
the second doesn't match and the first one matches. Of course you could
have a hostname between the ([ characters, so you really should handle that
somehow. Perhaps insert a [\w\.]{0,50} ir the like there.
I've got a cold and am not thinking too clearly at the moment, so I don't
know how many legit things that might declare to be bogus. You could try it
with a real low score and see what sort of things it hits on. Maybe it
would work for you.
Loren
Re: Rule problem (.exe attachments)
On 29 Sep 2004, at 16:10, Jay Hall wrote: I changed the rules as you suggested, but e-mails with exe attachments are still not being marked as SPAM. However, others are. Following are the headers from an e-mail sent with an exe attachment. div class=JediThese are not the headers you are looking for/div You need the MIME headers from the body of the message to ensure that the name is, in fact, supposed to match. To: [EMAIL PROTECTED] Subject: EXE Test 1 - exe Content-Type: multipart/mixed; boundary=050409040702070007040104 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mnea-hq.mnea.org X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.64 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 29 Sep 2004 22:12:44.0170 (UTC) FILETIME=[71AA06A0:01C4A671] If I am reading the headers correctly, it appears the attachment tests were not done in this case. The file attached to the message was vncviewer.exe. Is the total size over 256K? (or whatever your threshold is set to)? -- I'm sitting here with 4 Megs of RAM trying to figure out how to use it all... :-) (Me, in 1990) smime.p7s Description: S/MIME cryptographic signature
User rule found but sometimes not counted
Hi, about a week ago I upgraded to SA 3.0.0 from 2.64. I run spamd (with options -d -c), and call spamc from my .procmailrc. SA is installed systemwide (e.g., local.cf is in /etc/mail/spamassassin), but I also have my own user_prefs file that I tweak. I happen to get a fair amount of spam that references a mail address in Aruba. Since I don't have much interest in Aruba, I use the following rule. (I could tweak it to also look for Oranjestad to be more specific.) body ARUBA /A\s?rub\s?a/ scoreARUBA 5.0 describe ARUBA Oranjestad, Aruba This rule seems to work well, but I've noticed that sometimes SA will detect the rule but not count the score. This seems to only occur with spamc. At the very least, when I run spamassassin -t on the same message, ARUBA's score will be counted. For instance, here's a snippet from a recently miscounted email: X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on xxx X-Spam-Status: No, score=2.1 required=3.8 tests=ARUBA,BAYES_50,HTML_40_50, HTML_MESSAGE,MIME_HTML_MOSTLY,MPART_ALT_DIFF autolearn=no version=3.0.0 X-Spam-Level: ** The score should have been at least 7.1, but instead it's only 2.1. Clearly ARUBA was found but not scored. This is slightly annoying, but it might be more troubling if this is happening to other rules in one's user_prefs files, or maybe other rules in general. If this sort of problem hasn't been noticed before, I'll be happy to help, presumably by turning on -D for spamd. Thanks, Arun
Re: User rule found but sometimes not counted
At 04:23 PM 9/30/2004, Arun Bhalla wrote: Hi, about a week ago I upgraded to SA 3.0.0 from 2.64. I run spamd (with options -d -c), and call spamc from my .procmailrc. SA is installed systemwide (e.g., local.cf is in /etc/mail/spamassassin), but I also have my own user_prefs file that I tweak. Is allow_user_rules set in local.cf? If not, spamd is required to ignore your rules in user_prefs, and it's a bug that they are being parsed at all.
Re: 2.6 - 3.0 migration questions
On Wed, Sep 29, 2004 at 06:40:18PM -0600, Lucas Albers wrote: Some options kick you in the face. Such as -a for spamd which will prevent it from starting. Ouch. Is the list of deprecated options and directives in the UPGRADE document definitive? Here at Panix -- where we have a bunch of spamds, a bunch of spamcs, a whole lot of automatically- and hand-generated customer configurations, and no way to upgrade everything all at once -- we are pretty unhappy about the skimpy upgrade documentation, and the number of apparently-gratuitous changes (hits becomes score?). -- Ben Rosengart(212) 741-4400 x215 Unix gives 0.35 t/ha extra yield. Can you afford to ignore the Unix difference?
Re: Preferred DNSBL
At 05:01 AM Thursday, 9/30/2004, John Fleming wrote -= - Original Message - From: Ed Kasky [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Monday, September 27, 2004 2:49 PM Subject: Re: Preferred DNSBL Rejects Since Sunday 4:00 am via rbls: spamcop: 65 maps rbl+: 154 dsbl.org: 9 njabl.org: 18 spamhaus: 18 What/how are you guys gathering the data above? Thanks - John A simple shell script that I found somewhere and tweaked for my needs: #!/bin/bash # # spam-stats -- print counts of clean and spammy messages #from spamassassin. #echo -e = echo -e SpamAssassin Results for: date echo -e spam: `grep identified spam /var/log/maillog | wc -l` echo -e clean: `grep clean message /var/log/maillog | grep spamd |wc -l` echo -e skipped: `grep skipped large /var/log/maillog | wc -l` echo -e total: `grep spamd[[0-9]*]: connection from /var/log/maillog | wc -l` echo -e processed: `grep processing message /var/log/maillog | wc -l` echo -e = echo -e maps rbl+: `grep refused by blackhole site rbl-plus.mail-abuse.org /var/log/maillog | wc -l` Produces the following: SpamAssassin Results for: Thu Sep 30 13:44:03 PDT 2004 spam: 261 clean: 1715 skipped: 0 total: 1967 processed: 1976 = maps rbl+: 625 I have more greps but you get the idea... Ed . . . . . . . . Unthinking respect for authority is the greatest enemy of truth. -Albert Einstein, physicist, Nobel laureate (1879-1955)
Whitelist to improve performance?
My configuration is Postfix 2.1.5 and SpamAssassin 3.0.0. We're using spamc as acontent_filter in /etc/postfix/master.cf to call spamd. My understanding is that the manual whitelist function in SA simply starts the message scoring at -100. Is there a way to have spamc/spamd abort scoring a messageifthe sender is whitelisted? I'd thinkthat this would improve performance on these messages since rbls, dcc, razor, and pyzor would be skipped. If not (andthis is more of a postfix question), is there away to use whitelists in postfix to bypass SA (oracontent_filter in general)? William W. TanChief Technology OfficerEze Castle Integration, Inc.50 Federal St., Suite 400Boston, MA 02110(617) 217-3006[EMAIL PROTECTED]
Re: 2.6 - 3.0 migration questions
At 04:43 PM 9/30/2004, Ben Rosengart wrote: we are pretty unhappy about the skimpy upgrade documentation Hmm, true, but are you volunteering to help write better documentation? (General principle in FOSS: If you don't like it, volunteer to help if you're able.) At least this time there is an UPGRADE document. That never happened before in any other release, which is a small step forward. Prior releases got a few terse notes about the major issues added to README, but nothing nearly as in-depth as the still-sparse UPGRADE document from 3.0. and the number of apparently-gratuitous changes (hits becomes score?). You'd not believe the number of people who don't understand what SA means by hits when they first encounter it. Particularly since SA used to use score hits and points interchangeably and without much consistency. A lot of naming convention changes come about after realizing that the original naming isn't as clear as originally thought, or inconsistent with other parts of the software. It's painful to go through, but makes life a bit easier on the project in the long run by improving clarity. This lack of consistency has been in the buglist for a long time. http://bugzilla.spamassassin.org/show_bug.cgi?id=1332
scan times up!
Well... ver avg scan time 2.4x2.7 seconds 3.0 30.4 seconds OH MY! Network test :) Any longer and I might just be doing greylisting by accident. ;) Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
Re: 2.6 - 3.0 migration questions
On Thu, Sep 30, 2004 at 05:04:35PM -0400, Matt Kettler wrote: At 04:43 PM 9/30/2004, Ben Rosengart wrote: we are pretty unhappy about the skimpy upgrade documentation Hmm, true, but are you volunteering to help write better documentation? (General principle in FOSS: If you don't like it, volunteer to help if Side note - who came up with this horrible acronym (I can't bring myself to repeat it), and can people stop using it already!
RE: 2.6 - 3.0 migration questions
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 5:05 PM To: users@spamassassin.apache.org Subject: Re: 2.6 - 3.0 migration questions At 04:43 PM 9/30/2004, Ben Rosengart wrote: we are pretty unhappy about the skimpy upgrade documentation Hmm, true, but are you volunteering to help write better documentation? (General principle in FOSS: If you don't like it, volunteer to help if you're able.) Reminds me of something DQ says a lot, something like, If you submit the code for that, we will be happy to review it. :-) At least this time there is an UPGRADE document. That never happened before in any other release, which is a small step forward. Prior releases got a few terse notes about the major issues added to README, but nothing nearly as in-depth as the still-sparse UPGRADE document from 3.0. Yes, I was wuite happy to see an UPGRADE. That is a step forward. It also says to see the wiki. They can't know everyones setups, but they give you the basics. and the number of apparently-gratuitous changes (hits becomes score?). You'd not believe the number of people who don't understand what SA means by hits when they first encounter it. Particularly since SA used to use score hits and points interchangeably and without much consistency. A lot of naming convention changes come about after realizing that the original naming isn't as clear as originally thought, or inconsistent with other parts of the software. It's painful to go through, but makes life a bit easier on the project in the long run by improving clarity. I'm also happy to see this change. --Chris
Re: Whitelist to improve performance?
At 04:54 PM 9/30/2004, Tan, William wrote: My understanding is that the manual whitelist function in SA simply starts the message scoring at -100. Is there a way to have spamc/spamd abort scoring a message if the sender is whitelisted? I'd think that this would improve performance on these messages since rbls, dcc, razor, and pyzor would be skipped. Disclaimer: I'm not a dev, but this is based on my understanding of the SA code. Justin/Theo/Dan/whoever, please feel free to correct and subtle details I'm wrong on. No, such things are generally implemented in the tool calling SA. By the time SA figures out who a message is from/to, it's already parsed most of the message headers anyway and the RBL queries are already in-progress. Aborting the scan at this point saves some CPU time, but not as much as you'd like. It would also likely result in an ugly kludge deep in the heart of the rules engine, or a slowdown by forcing this check to run before the DNSBL checks can start (instead of in parallel like they are now) . Really this is SO much better implemented by preempting the call at a higher layer. Besides, depending on what headers your MTA drops in, SA might not even accurately know who a message is being delivered to in the first place. SA's whitelist features are really a bit of a kludge themselves, but they exist for those who don't have any other option. If not (and this is more of a postfix question), is there a way to use whitelists in postfix to bypass SA (or a content_filter in general)? This I can't answer, but I suspect there is a way.
RE: spoofed Received header
-Original Message- From: Will Yardley [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 12:58 PM To: users@spamassassin.apache.org Subject: Re: spoofed Received header On Thu, Sep 30, 2004 at 12:50:04PM -0700, Nate Schindler wrote: I actually block all incoming mail that claims to be from my domain. The only problem is that I don't get copies of messages that I send to some lists, such as this one. But... as far as I'm concerned, if a mail server isn't listed as an MX for somedomain.com, it should use somedomain.com in the mail from or envelope from feilds. It's a wide open hole for spam and social engineering attacks. Should or should not? And what does being listed as an MX have to do with sending mail? It's completely reasonable for a server not listed as an MX for a domain to send mail from that domain. Or am I misunderstanding what you're saying? Sorry, i meant should NOT. :) According to the RFCs (from what I've seen) MX records are *not* required for sending servers. This is a problem. Unfortunately, it's difficult to validate a source machine when an MX record doesn't exist. Even when we had a send-only server, we had a low-priority MX record for it. Many anti-spam packages do RMX lookups, if not to validate 'mail from', to at least see if records exist for it at all to make it seem more like a legitimate mail host. I was actually surprised to see that even anti-spam lists such as this one spoof the envelope from field. :/ What are you talking about? Any reasonable MLM (including the one used for this list, which I believe is EZMLM) rewrites the envelope address to its own. Because the MLM used by this list uses VERP, your address is embedded in the envelope-address - maybe your filters just aren't configured properly? There are two From lines in an incoming message, mail from, and the envelope from which is in the data portion. We scan only the envelope from field for our domain name, because it's what users see. For example, in your reply, my mail client says the message is from [EMAIL PROTECTED]. When I click Reply, I have to change the To field so that it gets back to the list, instead of directly to you. I know this is how list servers work, but I don't agree with it. I did mis-state what I said above. Technically, it's not spoofed. Having the original sender in the envelope from field, even though the message isn't being delivered by the original mail server, is allowed according to the RFCs... but when it comes to getting a virus that uses my address in the envelope from field, should I say that wasn't spoofed either? There's also the point that with these list archives, since address obfuscation is either very simple, or nonexistant, scouring bots can acquire our addresses. I try to treat my e-mail address as if it were my personal phone number. I don't sign up with many mailing lists for this reason... but I love SpamAssassin, so I've made an exception. ;) Well, that, and I wanted to track issues with v3. Anyway, IMO, when my mail server hands a message off to another external system, it's no longer a trusted message. It shouldn't come back in claiming to be from us anymore in either from field, and I'll happily bounce it right back. It's a flaw in the standard which is exploited by spammers and virus programmers. There are ietf drafts for using rmx validation for sending hosts, but who knows if those'll ever become anything solid. Nate From [EMAIL PROTECTED]
Re: 2.6 - 3.0 migration questions
At 05:11 PM 9/30/2004, Will Yardley wrote: Side note - who came up with this horrible acronym (I can't bring myself to repeat it), and can people stop using it already! Given that it's been around for at least 6 years (I spotted it in a May 1998 post on usenet) I don't think FOSS is going anywhere. I liked OSS better, but then several companies decided offering high-dollar licenses to their code made them open source software and diluted any meaning that expression had. Perhaps we need a new one.. NBSOSS.. No BS Open Source Software... :)
RE: scan times up!
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 5:23 PM To: Chris Santerre; Spamassassin-Talk (E-mail) Subject: Re: scan times up! At 05:10 PM 9/30/2004, Chris Santerre wrote: Well... ver avg scan time 2.4x2.7 seconds 3.0 30.4 seconds OH MY! Network test :) Ouch, that's slow. Some points of interest that may be a part of the difference: Do you have bayes enabled (a major consumer not present in 2.4, particularly when autolearning and autoexpiring)? No Bayes. IMHO not worth the work. Did you disable the AWL (defaults to ON in SA 3.0, unlike 2.4)? No, but I will be doing that! I hate AWL!! --Chris
Re: 2.6 - 3.0 migration questions
Matt Kettler wrote: Given that it's been around for at least 6 years (I spotted it in a May 1998 post on usenet) I don't think FOSS is going anywhere. I liked OSS better, but then several companies decided offering high-dollar licenses to their code made them open source software and diluted any meaning that expression had. Perhaps we need a new one.. NBSOSS.. No BS Open Source Software... :) How about ROSS: Real Open Source Software? -- Kelson Vibber SpeedGate Communications www.speed.net
Re: spoofed Received header
Nate Schindler wrote: There are two From lines in an incoming message, mail from, and the envelope from which is in the data portion. Er, I think you're getting your terminology mixed up. Those are usually considered to be the same thing (ie, the SMTP MAIL FROM: == envelope sender). I think you mean the From: field in the message headers instead of envelope from. We scan only the envelope from field for our domain name, because it's what users see. For example, in your reply, my mail client says the message is from [EMAIL PROTECTED]. The From: header, not the envelope sender. Any message sent to the list should show up in your inbox with the sender's address as the From: address (displayed by your mail client), and the listadmin address ([EMAIL PROTECTED] for this list IIRC) as the SMTP envelope sender. When I click Reply, I have to change the To field so that it gets back to the list, instead of directly to you. This is how SOME lists are configured; this is not how all mailing lists work. Reply-To munging is a Holy War; IIRC it was debated here a while ago. I specifically set my Reply-To to point to the list here, because it's rare that anything I post has any reason to get a private reply. I know this is how list servers work, but I don't agree with it. All decently-written mailing list software I know of will send mail as a specific envelope sender (rewriting it from the original sender's address) so that bounces don't spam the original sender. There have been a few misbehaved vacation programs used by people on this list, and a few rather strange postmaster notices I've seen in reply to messages I sent to the list (which should have gone, quite properly, to the list manager address rather than to me personally). The only case where I should see a bounce for a mailing list message is if the list server itself rejects my message for some reason. I try to treat my e-mail address as if it were my personal phone number. I don't sign up with many mailing lists for this reason... but I love SpamAssassin, so I've made an exception. ;) Well, that, and I wanted to track issues with v3. Lists like this are pretty tame; most list-archive software I've seen in the past 4-5 years or so will happily blank out or otherwise obfuscate most email addresses (some ignore the body; some don't). Scraping mailing list archives is a pretty time-consuming way to get email addresses- if any. Websites and Usenet are far easier. Anyway, IMO, when my mail server hands a message off to another external system, it's no longer a trusted message. It shouldn't come back in claiming to be from us anymore in either from field, Er... You don't want mail that you send to the list to appear as if you wrote it? That's what you're asking for here... -kgd -- Get your mouse off of there! You don't know where that email has been!
Re: 2.6 - 3.0 migration questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler wrote: | I liked OSS better, but then several companies decided offering | high-dollar licenses to their code made them open source software and | diluted any meaning that expression had. Actually, I believe the Free in FOSS was motivated by Stallman and the Free Software Foundation, which has a somewhat different definition of free software. The FSF is referring more to freedom in terms of restrictions on redistribution and use than strictly monetary definitions. The free software and open source camps have been at each other's throats for years now, squabbling over ideological distinctions, and I think FOSS emerged as a generic term to describe both. - -- Robert LeBlanc [EMAIL PROTECTED] Renaissoft, Inc. Maia Mailguard http://www.maiamailguard.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBXIicGmqOER2NHewRAlDqAJsGJOn/4MzKXPNJUxnao+yTulSy7ACgnRY1 lxiBlWyMDDv9Z5HUHxNnn1o= =sQB3 -END PGP SIGNATURE-
Re: scan times up!
Chris Santerre wrote: Well... ver avg scan time 2.4x2.7 seconds 3.0 30.4 seconds OH MY! Network test :) Any longer and I might just be doing greylisting by accident. ;) My time is up a little since upgrading, but not that much. I also upgraded the hardware on the machine though too, dual 2.0ghz xeon upgraded to dual 2.4ghz, and upgraded to linux software raid5 from 3xJBOD. Doing bayes in SQL, no AWL, most of the rules from rulesemporium, SURBL of course, under amavisd-new v2.1.2. Attached is a graph that is generate, the little blip in week 38 is when the upgrade happenned (server wasn't down that long, I just had to fix the graph). Ryan Moore -- Perigee.net Corporation 704-849-8355 (sales) 704-849-8017 (tech) www.perigee.net inline: graph_image.php.png
RE: spoofed Received header
Kris Deugau wrote:
Nate Schindler wrote:
I try to treat my e-mail address as if it were my personal phone
number. I don't sign up with many mailing lists for this reason...
but I love SpamAssassin, so I've made an exception. ;) Well, that,
and I wanted to track issues with v3.
...
Anyway, IMO, when my mail server hands a message off to another
external system, it's no longer a trusted message. It shouldn't come
back in claiming to be from us anymore in either from field,
Er... You don't want mail that you send to the list to
appear as if you
wrote it? That's what you're asking for here...
-kgd
Perhaps you might consider a disposable-email-address factory. Generate a
disposable email address that forwards to your real email address. Then sign
the disposable email address up for the list.
If you start getting spam at that email address, discontinue the email address.
If you want to remain subscribed to the mailing list, generate another
disposable email address.
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
