Re: score changes in local.cf not recognized.

[snowjack]

[EMAIL PROTECTED] wrote:
Quoting snowjack <[EMAIL PROTECTED]>:
...Did you restart amavisd-new after making the change?
Yes. :-)
Is there any evidence that local.cf is getting read at all?

Re: score changes in local.cf not recognized.

[sahil]

Quoting snowjack <[EMAIL PROTECTED]>:

> ...Did you restart amavisd-new after making the change?

Yes. :-)

--
Sahil Tandon

Re: score changes in local.cf not recognized.

[Andy Jezierski]

[EMAIL PROTECTED] wrote on 10/07/2004 03:35:07 PM:

> I am running Postfix 2.1 with a content_filter (latest amavisd-new) which
sends
> all mail through SA 2.64.  I understand *some* variables that are defined
> explicitly in amavisd-new are "special", and thus have no effect when
defined
> (differently) in local.cf.  AFAIK, scores are not included in this
restriction.
>  I will ask on the amavis list, but in case I'm experiencing another
pitfall or
> screwing up the syntax, here goes:
>
> I set "score RCVD_IN_BL_SPAMCOP_NET 5.000" in local.cf and noticed
incoming spam
> still tags such emails with a score of 2.2.  Is there anything else I
should
> check before assuming this is an external, non-SA issue?
>
> --
> Sahil Tandon
>

Did you restart amavisd-new after making the score change?

Andy

Re: score changes in local.cf not recognized.

[snowjack]

[EMAIL PROTECTED] wrote:
I am running Postfix 2.1 with a content_filter (latest amavisd-new) which sends
all mail through SA 2.64.  I understand *some* variables that are defined
explicitly in amavisd-new are "special", and thus have no effect when defined
(differently) in local.cf.  AFAIK, scores are not included in this restriction.
 I will ask on the amavis list, but in case I'm experiencing another pitfall or
screwing up the syntax, here goes:
I set "score RCVD_IN_BL_SPAMCOP_NET 5.000" in local.cf and noticed incoming spam
still tags such emails with a score of 2.2.  Is there anything else I should
check before assuming this is an external, non-SA issue?
...Did you restart amavisd-new after making the change?

score changes in local.cf not recognized.

[sahil]

I am running Postfix 2.1 with a content_filter (latest amavisd-new) which sends
all mail through SA 2.64.  I understand *some* variables that are defined
explicitly in amavisd-new are "special", and thus have no effect when defined
(differently) in local.cf.  AFAIK, scores are not included in this restriction.
 I will ask on the amavis list, but in case I'm experiencing another pitfall or
screwing up the syntax, here goes:

I set "score RCVD_IN_BL_SPAMCOP_NET 5.000" in local.cf and noticed incoming spam
still tags such emails with a score of 2.2.  Is there anything else I should
check before assuming this is an external, non-SA issue?

--
Sahil Tandon

RE: [SA-LIST] Subject not changed

[Slava Madrit]

It works great.  Thank you very, very much
 
Slava MadritGlobal Network ManagerS A L A N S[EMAIL PROTECTED]+1.212.632.8311>>> 
"Dallas L. Engelken" <[EMAIL PROTECTED]> 10/7/2004 10:07:18 AM 
 -Original Message-> From: Carnegie, Martin 
[mailto:[EMAIL PROTECTED] 
> Sent: Thursday, October 07, 2004 9:04 AM> To: 
users@spamassassin.apache.org> Subject: RE: [SA-LIST] Subject not 
changed> > >> >Bwahahahahah, I can't believe I missed 
that!!! Doh!!! Nice catch Rick> :-)> >> 
>--Chris> > So this would be expected that the subject would 
not get > changed? I must be missing something.> Please 
see http://bugzilla.spamassassin.org/show_bug.cgi?id=3605I 
provided a 4 line patch there for those of you that do not like theway SA3 
handles missing subjects :)Thanks,-- Dallas 
EngelkenNMGI

_

The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material.  Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited.  If you received this transmission in error, please
contact the sender by reply e-mail or by telephone (+1(212)632-5500)
and delete and destroy all copies of the material, including all
copies stored in the recipient's computer, printed or saved to disk.

Obvious spam gets a score of 0.0???

[Chris Marrin]

Here is an odd spam header:
X-Spam-Status: No, hits=0.0 required=5.0 tests=BAYES_99,CLICK_BELOW,
DATE_IN_PAST_96_XX,DATE_SPAMWARE_Y2K,DCC_CHECK,FORGED_MUA_THEBAT_BOUN,
FORGED_THEBAT_HTML,HTML_FONT_BIG,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
MAILTO_SUBJ_REMOVE,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,
MISSING_MIMEOLE,MISSING_OUTLOOK_NAME,NO_REAL_NAME,OFFERS_ETC,
OPT_IN_CAPS,PYZOR_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,
RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_RFCI,RCVD_IN_SORBS,
RCVD_IN_SORBS_SOCKS,REMOVE_REMOVAL_1WORD autolearn=spam version=2.63
This is obvious spam, even autolearn marked it as spam. But it has 0.0 
hits! My server catchs plenty of spam. This happens very occasionally 
and it seems to have no correspondence to any type of message. Any ideas 
on what could cause this?

--
Chris Marrin  | Senior Software Architect | Sony Corporation
phone: (408) 955-3049 | [EMAIL PROTECTED] |
| What is this talk of software 'releases'? Klingons do not 'release' |
| software; our software ESCAPES, leaving a bloody trail of designers |
| and quality assurance people in its wake! (unknown author)  |

Re: Memory footprint of spamd 3.0

[Jon Trulson]

On Thu, 7 Oct 2004, Michael Parker wrote:
On Thu, Oct 07, 2004 at 10:53:30AM -0600, Jon Trulson wrote:
FWIW, in our case a child would go to 320MB and just stay there
until the child was terminated (even after finishing a message).  We do
use AWL and bayes.
Is it possible to try and find the msgs that was being scanned at that
point in time?  If so, can you reproduce by re-processing that
message?
Also, if you can, do an sa-learn --dump magic shortly after the jump
happens and see what it says for the "last expiry atime" value.  Does
it happen to match when you saw the memory jump?
	I'll give that a shot this weekend when I'll have time to try to 
watch for it to happen.

--
Jon Trulsonmailto:[EMAIL PROTECTED]
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at http://radscan.com/~jon/PGPKeys.txt
#include 
"I am Nomad." -Nomad

RE: bug? 'bayes_path ~user/something' doesn't work?

[Keith Hackworth]

It works if the user's profile is loaded.  Usually sa is run from some
startup daemon.  Daemons are usually started with a very minimal
environment - maybe a little bit of path, and some OS type settings and
they rarely execute some .login/.cshrc script to load the environment. 
With no true user profile loaded, what does ~user/bayes mean?  I'm
guessing "/bayes".

Keith

> Matthew.van.Eerde wrote:
>> I don't think it's a bug...
>>
>> what does ~spamd/ mean?  I'm not familiar with that kind of syntax.
>> ~ usually means "home directory of the calling user"... and that's
>> expanded for you...
>> There's an idiom in the web world of calling personal user folders
>> /~user (as in http://www.example.com/~janet/) but that's just to
>> evoke the ~ idea, not a strict syntax
>
> Never mind, apparently ~user is a real syntax (I learn something new every
> day!)
>

Razor service down?

[Jerry Glomph Black]

I'm getting connection refused on port 2703 for all the cloudmark.com servers.
Oct 07 10:28:47.241994 check[8774]: [ 3] Unable to connect to 
thrill.cloudmark.com:2703; Reason: Connection refused.
Oct 07 10:28:47.264952 check[8774]: [ 3] Unable to connect to 
wonder.cloudmark.com:2703; Reason: Connection refused.
Oct 07 10:28:47.287666 check[8774]: [ 3] Unable to connect to 
pride.cloudmark.com:2703; Reason: Connection refused.
Oct 07 10:28:47.444759 check[8774]: [ 3] Unable to connect to 
thrill.cloudmark.com:2703; Reason: Connection refused.

All_Spam_to question

[Daniel A. de Araujo]

Thanks to all who helped me.

Matt : You are right, the problem isnt with the S.A. ; but with the
implemention we have chosen. I will follow your advices and when find a
solution I?ll put it here.

See ya,
Daniel.

-Mensagem original-
De: Matt Kettler [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 7 de outubro de 2004 13:26
Para: Daniel A. de Araujo; users@spamassassin.apache.org
Assunto: Re: RES: All_Spam_to question


At 12:01 PM 10/7/2004, Daniel A. de Araujo wrote:
>Matt :
>
>I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
>you wrote its impossible to block it (based in my solution), is it ?

Pretty much. Unless amavisd has some clever tricks up it's sleeve to split
the message into multiple pieces. (it might, check with somone who uses
amavis).


>Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?

No. You can't call that a SA flaw. You can call it a limitation of the
method you choose to use to call SA. If you called SA in a different
manner, this would be more easily handled.

If you fax a single copy of a letter to a company, and put a note for the
receptionist to duplicate it to 3 people, do you expect the FAX MACHINE to
be able to mark each copy differently? No, that's impossible because
there's only one fax. Is this the Fax's fault? No. The receptionist could
do that, but the fax machine can't.

If you implement SA at the MTA layer where messages aren't yet split up on
a per-recipient basis, do you expect SA to be able to magically split the
message up? No, that's impossible. Is this SA's fault? No. The MDA can do
that, but a mail filter called by a milter at the MTA layer can't chance
anything about message delivery, only message content.


As informações existentes nessa mensagem e nos arquivos anexados são para uso 
restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba 
que leitura, divulgação ou cópia são proibidas.Favor apagar as informações e 
notificar o remetente. O uso impróprio será tratado conforme as normas da 
empresa e a legislação em vigor.


The information contained in this message and in the attached files are 
restricted and its confidentiality protected by law. In case you are not the 
addressed, be aware that the reading, spreading and copy of this message is 
unauthorized. Please, delete this message and notify the sender. The improper 
use of this information will be treated according to the company's internal 
rules and legal laws.

Re: RES: All_Spam_to question

[Keith Hackworth]

It won't matter in your situation if you let your mail delivery agent
figure it out.  There's an option in postfix called
"maildrop_destination_recipient_limit".  If you set this to 1, it scans
the message once, adds scores and modifies headers, then passes the
message 1 time for each recipient - this way it lets the mail delivery
agent handle the message.

Here's what I did to test this:

I run a postfix <-> amavis-new -> spamassassin configuration.  I run a
per-user white/black lists with per-user sa options in a mysql database. 
Postfix delivers the mail to my maildrop program and it reads the same
user prefs in mysql to determine what to do with the message.  Basically
SA only scores my message and adds headers when needed.

I configured my account ([EMAIL PROTECTED]) to allow messages with scores
of up to 15.0 and I whitelisted my "[EMAIL PROTECTED]" account.  I
configured another user ([EMAIL PROTECTED]) to block anything above a
3.0.  Here's my test message as it went through amavis:

Oct  7 13:06:36 IGMVmg004 amavisd[9073]: (09073-06) Passed,
<[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,
quarantine spam-336d47e3871db271a632649336b9ba9a-20041007-130636-09073-06,
Message-ID: <[EMAIL PROTECTED]>, Hits: 7.559 (Re: IT'S
FREE!) Content analysis details:   (7.6 points, 6.5 required), ,  3.2
DOMAIN_RATIO   BODY: Message body mentions many internet domains, 
0.0 BAYES_50   BODY: Bayesian spam probability is 40 to 60%,  
  [score: 0.4718],  1.0 URIBL_SBL 
Contains an URL listed in the SBL blocklist,
[URIs: jzbsadzd.info],  0.4 URIBL_AB_SURBL Contains an URL listed
in the AB SURBL blocklist, [URIs:
jzbsadzd.info],  1.5 URIBL_WS_SURBL Contains an URL listed in the
WS SURBL blocklist, [URIs: jzbsadzd.info], 
3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist, [URIs: jzbsadzd.info],  4.3
URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist,  
  [URIs: jzbsadzd.info], -6.0 AWL 
  AWL: From: address is in the auto white-list, ,
--

[EMAIL PROTECTED] got the message - spamhater didn't (it got quarantined
for him).  In my configuration, maildrop decided what to do - not SA.

Keith


> Matt :
>
> I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
> you wrote its impossible to block it (based in my solution), is it ?
>
> Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?
>
>
> -Mensagem original-
> De: Matt Kettler [mailto:[EMAIL PROTECTED]
> Enviada em: quinta-feira, 7 de outubro de 2004 12:56
> Para: Daniel A. de Araujo; users@spamassassin.apache.org
> Assunto: Re: All_Spam_to question
>
>
> At 11:36 AM 10/7/2004, Daniel A. de Araujo wrote:
>>We are having a problem using the all_spam_to option.
>>When a message is sent to a list of users and at CCO field has a user
>>included at all_spam_to option, ALL users listed in the message, not only
>>the white-listed user will receive it.
>>Its very bad, because a Spammer who knows that a xxx@ user is
>> white-listed
>>can bypass the Anti-Spam system.
>>
>>Any ideias how to solve this ?
>
> Implement your whitelisting in whatever tool calls spamassassin, not in
> spamassassin itself. If you use procmail, this is pretty easy, it's just a
> procmail rule that avoids calling SA for that user, instead of calling it
> for all messages. If you use a milter, this is pretty tricky, or
> impossible, depending on the milter you use and how your MTA works.
>
> Since spamassassin views each message without any context of the message
> envelope, SA cannot (reliably) know who a message is going to be delivered
> to. Thus, it acts based on all the recipient addresses it sees in the
> message.
>
> Worse still, if you call SA at the MTA layer (ie: with a milter) there's
> only one message for SA to process, not one per recipient. At that point,
> it would be physically impossible for SA to handle things differently on a
> per-recipient basis, because there's only one message.
>
>
> As informações existentes nessa mensagem e nos arquivos anexados são para
> uso restrito, sendo seu sigilo protegido por lei. Caso não seja
> destinatário, saiba que leitura, divulgação ou cópia são proibidas.Favor
> apagar as informações e notificar

Re: Odd syslog errors.

[Ryan Moore]

Keith Hackworth wrote:
Even though you run this in mysql now, it still DOES matter who you run it
as.  I found out the hard way that it records the user that is logged in
as the user the bayes applies as in the database.  I had to actually set
the bayes_sql_override_username in my local.cf.  I trained a bunch of
messages as root and my spamassassin (through amavis-new) runs as amavis. 
It didn't see any of the bayes training I did!

Keith
Yea, I use that same parameter so it doesn't matter for my installation. 
 With the SQL option and that parameter, it doesn't matter now, but 
previously even with using the bayes_path parameter in the older 2.6x SA 
it did matter as permissions got munged sometimes.

Ryan Moore
--
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net

Re: Memory footprint of spamd 3.0

[Michael Parker]

On Thu, Oct 07, 2004 at 10:53:30AM -0600, Jon Trulson wrote:
> 
>   FWIW, in our case a child would go to 320MB and just stay there 
> until the child was terminated (even after finishing a message).  We do 
> use AWL and bayes.
> 

Is it possible to try and find the msgs that was being scanned at that
point in time?  If so, can you reproduce by re-processing that
message?

Also, if you can, do an sa-learn --dump magic shortly after the jump
happens and see what it says for the "last expiry atime" value.  Does
it happen to match when you saw the memory jump?

Thanks
Michael

Re: Memory footprint of spamd 3.0

[Jon Trulson]

On Wed, 6 Oct 2004, Michael Parker wrote:
On Wed, Oct 06, 2004 at 10:19:17AM -0300, Luis Hernán Otegui wrote:
In my specific case, the ponit isn't only woth the big memory usage
jumps, but with SA keeping the memory, and never releasing it.
Highwater marks, common in most perl applicatios, don't concern me as
much as these HUGE jumps in memory that folks are seeing.  Jumps that
just keep chewing memory without stopping.

spamd opts: -c -d -m 20 --max-conn-per-child=1
There are places in the code where we could use memory a little more
efficiently, I found one yesterday in fact, and we will work on these
over time.  In 2.x, the fork-on-demand model allowed us to be much
more liberal with our data structures.  We just need to wrangle that
in a little with the 3.0 pre-fork code.
	FWIW, in our case a child would go to 320MB and just stay there 
until the child was terminated (even after finishing a message).  We do 
use AWL and bayes.

Michael
--
Jon Trulsonmailto:[EMAIL PROTECTED]
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at http://radscan.com/~jon/PGPKeys.txt
#include 
"I am Nomad." -Nomad

Re: Memory footprint of spamd 3.0

[Jon Trulson]

On Tue, 5 Oct 2004, Michael Parker wrote:
On Tue, Oct 05, 2004 at 10:22:42AM -0700, Morris Jones wrote:
I watched a spamd child grow to 250MB yesterday on a single message.  I
have a suspicion that the memory usage growth is happening on a whitelist
or bayes database maintenance event of some sort.
For folks that are seeing huge jumps in memory, instead of gradual
growth, how are you calling SA?
	spamd (on a fast machine) via spamass-milter on the MX host.  I 
use no external rules (only sa 3.0 supplied ones).  I do not use Razor, 
DCC, or the others.  I do use the DNSBL's.  It happens a couple of times a 
day, and always the jump is to 320MB.  The messages themselves (according 
to the logs) are only around 2-3k.  I think it is a bug somewhere. 
Limiting the children to 1 message before termination seems to be doing 
well to keep it under control.  No more untagged spam has slipped through 
since I enabled it Sunday.

	OTOH, SA 3.0 seems to be doing a *much* better job at catching 
spam.  Big improvement over 2.6x, so I'll keep it :)

Thanks,
Michael
--
Jon Trulsonmailto:[EMAIL PROTECTED]
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at http://radscan.com/~jon/PGPKeys.txt
#include 
"I am Nomad." -Nomad

Re: SA 3.0 is eating up all my memory!!!

[Jon Trulson]

On Wed, 6 Oct 2004, Luis Hernán Otegui wrote:
In my setup this is not an option, because I run SA as a milter, via
spamass-milter. If every process has to die after the scan, it cannot
pass the results of the scan to Sendmail (at least, this is what
happened after I tried this option, so I kept on receiving messages
like this:
Oct  4 09:27:55 nahuel spamass-milter[14646]: Could not extract score from <>
So, after all, I had to discard my precious Bayes databases, and got
back to good old 2.64...
	How odd... I too use a spamass-milter, and this works fine for me. 
The spamd runs on a somewhat more beefy host.

On Tue, 5 Oct 2004 15:09:50 -0500, Doug Block <[EMAIL PROTECTED]> wrote:
I had this problem till I set the max per child option to = 1
This caused spamd to kill the process used to scan every msg once it's
done.
Not the best answer I know but it keeps it in check



--
Jon Trulsonmailto:[EMAIL PROTECTED]
ID: 1A9A2B09, FP: C23F328A721264E7 B6188192EC733962
PGP keys at http://radscan.com/~jon/PGPKeys.txt
#include 
"I am Nomad." -Nomad

RE: All_Spam_to question

[Matt Kettler]

At 12:08 PM 10/7/2004, [EMAIL PROTECTED] wrote:
SMTP conversation goes like this - server responses in parentheses
(ESMTP spam-server.example.org - welcome!)
EHLO spam-server.example.com (OK)
MAIL FROM: [EMAIL PROTECTED] (OK)
RCPT TO: [EMAIL PROTECTED] (OK)
RCPT TO: [EMAIL PROTECTED] (OK)
DATA
Subject: lots of spammy things
Big hairy spam
.
(uh-oh... OK? no, spam-hater gets it...  REJECT? no, spam-lover misses it)
Your SMTP server is in a fix.  It can't reject the email for spam-hater 
and simultaneously accept it for spam-lover.
Good try at an analogy, but actually, this much a SMTP server can do.
However, SA isn't an SMTP server, nor an MDA, it's a filter called by one 
of the above to process the message body only. It has much less power over 
messages than the server itself has because it's just a filter, not a 
message handler. As a consequence of being a filter, SA can't directly 
alter message delivery. MTA's and MDA's can do this much with great ease.

But, being a simple filter is what makes SA flexible and callable from so 
many different MTA/MDA and even MUA products.

Re: RES: All_Spam_to question

[Matt Kettler]

At 12:01 PM 10/7/2004, Daniel A. de Araujo wrote:
Matt :
I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
you wrote its impossible to block it (based in my solution), is it ?
Pretty much. Unless amavisd has some clever tricks up it's sleeve to split 
the message into multiple pieces. (it might, check with somone who uses 
amavis).


Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?
No. You can't call that a SA flaw. You can call it a limitation of the 
method you choose to use to call SA. If you called SA in a different 
manner, this would be more easily handled.

If you fax a single copy of a letter to a company, and put a note for the 
receptionist to duplicate it to 3 people, do you expect the FAX MACHINE to 
be able to mark each copy differently? No, that's impossible because 
there's only one fax. Is this the Fax's fault? No. The receptionist could 
do that, but the fax machine can't.

If you implement SA at the MTA layer where messages aren't yet split up on 
a per-recipient basis, do you expect SA to be able to magically split the 
message up? No, that's impossible. Is this SA's fault? No. The MDA can do 
that, but a mail filter called by a milter at the MTA layer can't chance 
anything about message delivery, only message content.

RE: All_Spam_to question

[Matthew.van.Eerde]

Daniel A. de Araujo wrote:
> Matt :
> 
> I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood
> what 
> you wrote its impossible to block it (based in my solution), is it ?
> 
> Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?

SMTP conversation goes like this - server responses in parentheses
(ESMTP spam-server.example.org - welcome!)
EHLO spam-server.example.com (OK)
MAIL FROM: [EMAIL PROTECTED] (OK)
RCPT TO: [EMAIL PROTECTED] (OK)
RCPT TO: [EMAIL PROTECTED] (OK)
DATA
Subject: lots of spammy things

Big hairy spam
.
(uh-oh... OK? no, spam-hater gets it...  REJECT? no, spam-lover misses it)

Your SMTP server is in a fix.  It can't reject the email for spam-hater and 
simultaneously accept it for spam-lover.

RES: All_Spam_to question

[Daniel A. de Araujo]

Matt :

I use the postfix(MTA)+ amavisd+ S.Assassin solution. If I understood what
you wrote its impossible to block it (based in my solution), is it ?

Ps. If your answer is yes; could we consider it a S.Assassin?s flaw ?


-Mensagem original-
De: Matt Kettler [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 7 de outubro de 2004 12:56
Para: Daniel A. de Araujo; users@spamassassin.apache.org
Assunto: Re: All_Spam_to question


At 11:36 AM 10/7/2004, Daniel A. de Araujo wrote:
>We are having a problem using the all_spam_to option.
>When a message is sent to a list of users and at CCO field has a user
>included at all_spam_to option, ALL users listed in the message, not only
>the white-listed user will receive it.
>Its very bad, because a Spammer who knows that a xxx@ user is white-listed
>can bypass the Anti-Spam system.
>
>Any ideias how to solve this ?

Implement your whitelisting in whatever tool calls spamassassin, not in
spamassassin itself. If you use procmail, this is pretty easy, it's just a
procmail rule that avoids calling SA for that user, instead of calling it
for all messages. If you use a milter, this is pretty tricky, or
impossible, depending on the milter you use and how your MTA works.

Since spamassassin views each message without any context of the message
envelope, SA cannot (reliably) know who a message is going to be delivered
to. Thus, it acts based on all the recipient addresses it sees in the
message.

Worse still, if you call SA at the MTA layer (ie: with a milter) there's
only one message for SA to process, not one per recipient. At that point,
it would be physically impossible for SA to handle things differently on a
per-recipient basis, because there's only one message.


As informações existentes nessa mensagem e nos arquivos anexados são para uso 
restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba 
que leitura, divulgação ou cópia são proibidas.Favor apagar as informações e 
notificar o remetente. O uso impróprio será tratado conforme as normas da 
empresa e a legislação em vigor.


The information contained in this message and in the attached files are 
restricted and its confidentiality protected by law. In case you are not the 
addressed, be aware that the reading, spreading and copy of this message is 
unauthorized. Please, delete this message and notify the sender. The improper 
use of this information will be treated according to the company's internal 
rules and legal laws.

Re: more spam since upgrade

[Lucas Albers]

Vivek Khera said:
> I'm not using Bayes since the filtering is site-wide at the smtp server
> level.
I use bayes sitewide for 600 users, and have processed a few million
messages.
Bayes sitewide works well, as the spam email is obviously unlike the
normal mail anyone receives.

I would enable bayes sitewide, and put it at a low scoring if you are
worried about it's accuracy.


-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana

Re: All_Spam_to question

[Matt Kettler]

At 11:36 AM 10/7/2004, Daniel A. de Araujo wrote:
We are having a problem using the all_spam_to option.
When a message is sent to a list of users and at CCO field has a user
included at all_spam_to option, ALL users listed in the message, not only
the white-listed user will receive it.
Its very bad, because a Spammer who knows that a xxx@ user is white-listed
can bypass the Anti-Spam system.
Any ideias how to solve this ?
Implement your whitelisting in whatever tool calls spamassassin, not in 
spamassassin itself. If you use procmail, this is pretty easy, it's just a 
procmail rule that avoids calling SA for that user, instead of calling it 
for all messages. If you use a milter, this is pretty tricky, or 
impossible, depending on the milter you use and how your MTA works.

Since spamassassin views each message without any context of the message 
envelope, SA cannot (reliably) know who a message is going to be delivered 
to. Thus, it acts based on all the recipient addresses it sees in the message.

Worse still, if you call SA at the MTA layer (ie: with a milter) there's 
only one message for SA to process, not one per recipient. At that point, 
it would be physically impossible for SA to handle things differently on a 
per-recipient basis, because there's only one message. 

Re: How to rewrite spamc in Perl

[Lucas Albers]

>> On Wed, Oct 06, 2004 at 02:11:19PM -0700, [EMAIL PROTECTED]
>> wrote:
>> >
>> > Is there any documentation for the spamd client interface?
>> > MIMEDefang can talk to clamd.sock directly, using the commands in man
>> > clamd, rather than spawning `clamdscan` processes.  I checked man
>> > spamd and man spamc but couldn't find anything.  I tried browsing the
>> > spamc source code but it's pretty hard going.
I can't really see the benefit of redoing mimedefang to run withe a spamd
client.
1.) Mimedefang already runs a persistent sa process.
2.) Spam just adds another deamon that can break.
3.) It might run slower as it the message has to be moved around more.
It's going to be more fragile and potentially slower.

-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana

Re: dnsbl lookups slow due to "sleep 1" in code, plus patch

[Daniel Quinlan]

Jan-Pieter Cornet <[EMAIL PROTECTED]> writes:

> OK, done, bug #3881.

Thanks.

>> My secondary concern is that you'll never almost get responses from
>> other blacklists and this might result in a lower hit rate (since a
>> negative response is still a response).  That should probably be
>> addressed via early exit on high score, though.

> Sorry, I completely lost you. Could you rephrase?

The timeout scales dynamically based on how many blacklists have already
replied (see the rbl_timeout documentation).  If you have enough of them
locally mirrored, then you'll almost never see results from external
blacklists unless the non-network tests required more time.

> The only disadvantage I see is this scenario: code is still waiting
> for a few DNSBL results. $timeout is drawing near. One of the results
> come in, and because of the select(), the code immediately processes
> it, and re-enters the loop, but now the $timeout is even less due to
> the dynamic timeout, so the dnsbl harvest loop is terminated.

That's what I meant.  :-)

> I find this scenario a bit unlikely, but it is a possibility. But if
> this really does concern anyway, then why is the dynamic timeout there
> in the first place? :)

Because not having a dynamic timeout is way too slow.  The current code
always waits one more second which is enough time for the slow, but not
*really* slow blacklists to respond.  Maybe the performance tradeoff
just isn't worth it.

>> Can you look at average CPU user+system time?

> I'll have to instrument the code to do that. The times I showed
> earlier aren't "spamassassin" runs, it's calls to the library, from
> MIMEdefang... but I'll add some calls to getrusage before and after.

You can use Devel::DProf or Devel::Profiler to do that too.

Thanks.

Daniel

-- 
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/  http://www.apachecon.com/  sessions & more)

RE: bug? "bayes_path ~user/something" doesn't work?

[Matthew.van.Eerde]

Matthew.van.Eerde wrote:
> I don't think it's a bug...
> 
> what does ~spamd/ mean?  I'm not familiar with that kind of syntax.
> ~ usually means "home directory of the calling user"... and that's
> expanded for you... 
> There's an idiom in the web world of calling personal user folders
> /~user (as in http://www.example.com/~janet/) but that's just to
> evoke the ~ idea, not a strict syntax  

Never mind, apparently ~user is a real syntax (I learn something new every day!)

RE: bug? "bayes_path ~user/something" doesn't work?

[Matthew.van.Eerde]

Jakob Hirsch wrote:
> Hi,
> 
> I had "bayes_path ~spamd/bayes" in my local.cf until I noticed, that
> the part between ~ and / is ignored, resulting in a bayes_path of
> ~/bayes. It's not a big deal to give the full path, but that should
> be in the docs. 

I don't think it's a bug...

what does ~spamd/ mean?  I'm not familiar with that kind of syntax.
~ usually means "home directory of the calling user"... and that's expanded for 
you...
There's an idiom in the web world of calling personal user folders /~user (as 
in http://www.example.com/~janet/) but that's just to evoke the ~ idea, not a 
strict syntax

If your root and spamd home directories are subdirectories of the same 
directory, you might be able to get away with ~/../spamd/bayes - that would 
work for root and spamd.  (no-one else would have permissions to spamd's ~ 
anyway)

[EMAIL PROTECTED]  805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

All_Spam_to question

[Daniel A. de Araujo]

Hi,

We are having a problem using the all_spam_to option.
When a message is sent to a list of users and at CCO field has a user
included at all_spam_to option, ALL users listed in the message, not only
the white-listed user will receive it.
Its very bad, because a Spammer who knows that a xxx@ user is white-listed
can bypass the Anti-Spam system.

Any ideias how to solve this ?


   Best Regards,
   Daniel Ayres de Araujo


As informações existentes nessa mensagem e nos arquivos anexados são para uso 
restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba 
que leitura, divulgação ou cópia são proibidas.Favor apagar as informações e 
notificar o remetente. O uso impróprio será tratado conforme as normas da 
empresa e a legislação em vigor.


The information contained in this message and in the attached files are 
restricted and its confidentiality protected by law. In case you are not the 
addressed, be aware that the reading, spreading and copy of this message is 
unauthorized. Please, delete this message and notify the sender. The improper 
use of this information will be treated according to the company's internal 
rules and legal laws.

Re: How to find out installed modules?

[Brett Romero]

The SPF information in the debug output says that the SPF *plugin*
was loaded.  The SPF plugin requires the Mail::SPF::Query module be
installed.  The module is checked for and used if it is installed,
only when the plugin wants to do a query.  In the above debug output,
since the message is not sent through any untrusted relays, there's no
point in doing a query so it doesn't try.
SPF never shows up in my reports.  I do have these entries when I try to
analyze a file:
debug: Failed to parse line in SpamAssassin configuration, skipping:
50_scores.cf:score
SF_PASS -0.001
they're invalid if they look like that on a seperate line and all.  I 
wouldn't
bother trying to get SPF working until you get the --lint errors fixed.

--
Randomly Generated Tagline:
"Have we had the chance to play with a blow torch Nikki?" - Mr. Wizard

How do I fix the --lint lines?
Thanks,
Brett

Re: Odd syslog errors.

[Keith Hackworth]

Even though you run this in mysql now, it still DOES matter who you run it
as.  I found out the hard way that it records the user that is logged in
as the user the bayes applies as in the database.  I had to actually set
the bayes_sql_override_username in my local.cf.  I trained a bunch of
messages as root and my spamassassin (through amavis-new) runs as amavis. 
It didn't see any of the bayes training I did!

Keith


> Ernie Dunbar wrote:
Oct  5 13:26:39 pop spamd[19660]: Cannot open bayes databases
/home/spamc/.spamassassin/bayes_* R/O: tie failed: Permission denied
 Oct
>>>
>>>The typical cause of this is that the file ownership changed on the
>>>bayes files when you converted them to 3.0.  At least this was the
>>> problem
>>>I encountered.
>>>
>>>When I did all my conversions following the UPGRADE procedure as root, I
>>>had to go back in and convert the files back to their correct
>>> ownerships.
>>>Check for that.
>>
>>
>> That's kind of the odd thing. I set the ownership back to spamc, but it
>> was changed to root for bayes_journal and bayes_toks shortly therafter.
>>
>> What I did instead of UPGRADEing, was nuke the whole database and
>> rebuild
>> it from scratch using some new spam.
>>
>
> This can happen if you have any scripts or process that you use to train
> the bayes database. Awhile ago I ran into this issue a few times when I
> was logged in as root and manually trained a message (cat msg | sa-learn
> --spam), which would occasionally change the ownership of the
> journal/etc to root. Fixed that by not doing it as root, though now I
> have bayes in SQL so it doesn't matter.
>
> Ryan Moore
> --
> Perigee.net Corporation
> 704-849-8355 (sales)
> 704-849-8017 (tech)
> www.perigee.net
>
>
>

Re: How to find out installed modules?

[Theo Van Dinter]

On Thu, Oct 07, 2004 at 11:03:33AM -0400, Brett Romero wrote:
> >>However, when I analyze a file with
> >>spamassassin -tD < filename.html
> >>
> >>I get these lines:
> >>debug: config: read file C:\Perl\site/share/spamassassin/25_spf.cf
> >>
> >>debug: SPF: message was delivered entirely via trusted relays,
> >>not required
> >>debug: registering glue method for check_for_spf_pass
> >>(Mail::SpamAssassin::Plugin::SPF=HAS
> >>H(0x2645f30))
> >>
> >>The latter debug shows SPF is installed. However, it isn't
> >>listed when I run
> >>the "spamassassin -D --lint" command.  Why is that?
> >>
> >
> >I'm assuming because it is part of SA, and not an outside module. 
> >Therefore,
> >it is installed with SA.

The SPF information in the debug output says that the SPF *plugin*
was loaded.  The SPF plugin requires the Mail::SPF::Query module be
installed.  The module is checked for and used if it is installed,
only when the plugin wants to do a query.  In the above debug output,
since the message is not sent through any untrusted relays, there's no
point in doing a query so it doesn't try.

> SPF never shows up in my reports.  I do have these entries when I try to 
> analyze a file:
> debug: Failed to parse line in SpamAssassin configuration, skipping: 
> 50_scores.cf:score
> SF_PASS -0.001

they're invalid if they look like that on a seperate line and all.  I wouldn't
bother trying to get SPF working until you get the --lint errors fixed.

-- 
Randomly Generated Tagline:
"Have we had the chance to play with a blow torch Nikki?" - Mr. Wizard


pgpGG10b3z5LP.pgp
Description: PGP signature

Re: How to find out installed modules?

[Andy Jezierski]

"Brett Romero" <[EMAIL PROTECTED]> wrote on 10/07/2004 09:27:10 AM:

>
> - Original Message -
> From: "Chris Santerre" <[EMAIL PROTECTED]>
> To: "'Brett Romero'" <[EMAIL PROTECTED]>;
> 
> Sent: Thursday, October 07, 2004 10:03 AM
> Subject: RE: How to find out installed modules?
>
>
> >
> >
> >>-Original Message-
> >>From: Brett Romero [mailto:[EMAIL PROTECTED]
> >>Sent: Thursday, October 07, 2004 9:37 AM
> >>To: users@spamassassin.apache.org
> >>Subject: How to find out installed modules?
> >>
> >>
> >>How do I find out which modules are installed for SA on my server?
> >>
> >>Where do I find a list of all available modules I can install
> >>with links to
> >>those modules?
> >>
> >>Thanks,
> >>Brett
> >
> > Hi Brett,
> >
> > I'm not sure what you mean by modules, but try reading the INSTALL
> > file. I assume you are talking about SA 3.0? BAYES, AWL, and SURBL are
> > installed by default now. But Razor, DCC, ect well that info is in
the
> > INSTALL file. Additional _unofficial_ rules can be found at
> > www.rulesemporium.com
> >
> > You can also run: spamassassin -D --lint
> >
> > This will show you the setup of SA.
> >
> > HTH,
> >
> > Chris Santerre
> > System Admin and SARE Ninja
> > http://www.rulesemporium.com
> > http://www.surbl.org
> > 'It is not the strongest of the species that survives,
> > not the most intelligent, but the one most responsive to change.'
> > Charles Darwin
>
> That's what I was looking for.  The output is:
>
> Here are some details on the modules we have installed:
>
> debug: SpamAssassin version 3.0.0-pre4
>
> debug: diag: module not installed: DBI ('require' failed)
> debug: diag: module installed: DB_File, version 1.810
> debug: diag: module installed: Digest::SHA1, version 2.10
> debug: diag: module installed: IO::Socket::UNIX, version 1.21
> debug: diag: module installed: MIME::Base64, version 3.01
> debug: diag: module installed: Net::DNS, version 0.46
> debug: diag: module not installed: Net::LDAP ('require' failed)
> debug: diag: module not installed: Razor2::Client::Agent ('require'
failed)
> debug: diag: module installed: Storable, version 2.12
> debug: diag: module installed: URI, version 1.30
>
> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x26768f8)
>
> However, when I analyze a file with
> spamassassin -tD < filename.html
>
> I get these lines:
> debug: config: read file C:\Perl\site/share/spamassassin/25_spf.cf
>
> debug: registering glue method for check_for_spf_helo_pass
> (Mail::SpamAssassin::Plugin::SP
> F=HASH(0x2645f30))
> debug: SPF: message was delivered entirely via trusted relays, not
required
> debug: registering glue method for check_hashcash_value
> (Mail::SpamAssassin::Plugin::Hashc
> ash=HASH(0x2644dd0))
> debug: all '*To' addrs:
> debug: registering glue method for check_for_spf_softfail
> (Mail::SpamAssassin::Plugin::SPF
> =HASH(0x2645f30))
> debug: SPF: message was delivered entirely via trusted relays, not
required
> debug: registering glue method for check_for_spf_pass
> (Mail::SpamAssassin::Plugin::SPF=HAS
> H(0x2645f30))
> debug: registering glue method for check_for_spf_helo_softfail
> (Mail::SpamAssassin::Plugin
> ::SPF=HASH(0x2645f30))
> debug: registering glue method for check_for_spf_helo_fail
> (Mail::SpamAssassin::Plugin::SP
> F=HASH(0x2645f30))
>
> The latter debug shows SPF is installed. However, it isn't listed when I
run
> the "spamassassin -D --lint" command.  Why is that?
>
> Thanks,
> Brett
>

Sure it is, from your debug above:

> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
> debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x26768f8)

Andy

Re: How to find out installed modules?

[Brett Romero]

- Original Message - 
From: "Chris Santerre" <[EMAIL PROTECTED]>
To: "'Brett Romero'" <[EMAIL PROTECTED]>; "Chris Santerre" 
<[EMAIL PROTECTED]>; 
Sent: Thursday, October 07, 2004 10:59 AM
Subject: RE: How to find out installed modules?



-Original Message-
From: Brett Romero [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 10:27 AM
To: Chris Santerre; users@spamassassin.apache.org
Subject: Re: How to find out installed modules?

- Original Message - 
From: "Chris Santerre" <[EMAIL PROTECTED]>
To: "'Brett Romero'" <[EMAIL PROTECTED]>;

Sent: Thursday, October 07, 2004 10:03 AM
Subject: RE: How to find out installed modules?



-Original Message-
From: Brett Romero [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 9:37 AM
To: users@spamassassin.apache.org
Subject: How to find out installed modules?
How do I find out which modules are installed for SA on my server?
Where do I find a list of all available modules I can install
with links to
those modules?
Thanks,
Brett
Hi Brett,
I'm not sure what you mean by modules, but try reading the INSTALL
file. I assume you are talking about SA 3.0? BAYES, AWL, and
SURBL are
installed by default now. But Razor, DCC, ect well that
info is in the
INSTALL file. Additional _unofficial_ rules can be found at
www.rulesemporium.com
You can also run: spamassassin -D --lint
This will show you the setup of SA.
HTH,
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin
That's what I was looking for.  The output is:
Here are some details on the modules we have installed:
debug: SpamAssassin version 3.0.0-pre4
debug: diag: module not installed: DBI ('require' failed)
debug: diag: module installed: DB_File, version 1.810
debug: diag: module installed: Digest::SHA1, version 2.10
debug: diag: module installed: IO::Socket::UNIX, version 1.21
debug: diag: module installed: MIME::Base64, version 3.01
debug: diag: module installed: Net::DNS, version 0.46
debug: diag: module not installed: Net::LDAP ('require' failed)
debug: diag: module not installed: Razor2::Client::Agent
('require' failed)
debug: diag: module installed: Storable, version 2.12
debug: diag: module installed: URI, version 1.30
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::SPF=HASH(0x26768f8)
However, when I analyze a file with
spamassassin -tD < filename.html
I get these lines:
debug: config: read file C:\Perl\site/share/spamassassin/25_spf.cf
debug: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SP
F=HASH(0x2645f30))
debug: SPF: message was delivered entirely via trusted relays,
not required
debug: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashc
ash=HASH(0x2644dd0))
debug: all '*To' addrs:
debug: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF
=HASH(0x2645f30))
debug: SPF: message was delivered entirely via trusted relays,
not required
debug: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HAS
H(0x2645f30))
debug: registering glue method for check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin
::SPF=HASH(0x2645f30))
debug: registering glue method for check_for_spf_helo_fail
(Mail::SpamAssassin::Plugin::SP
F=HASH(0x2645f30))
The latter debug shows SPF is installed. However, it isn't
listed when I run
the "spamassassin -D --lint" command.  Why is that?
I'm assuming because it is part of SA, and not an outside module. 
Therefore,
it is installed with SA.

--Chris
I think it is seperate: 
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_SPF.html.

SPF never shows up in my reports.  I do have these entries when I try to 
analyze a file:
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_PASS -0.001
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_FAIL 0 0 0 0.875
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_SOFTFAIL 0.500 0.842 0.500 0.500
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_HELO_PASS -0.001
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_HELO_FAIL 0 0.405 0 0.001
debug: Failed to parse line in SpamAssassin configuration, skipping: 
50_scores.cf:score
SF_HELO_SOFTFAIL 0 1.002 0 3.140

Any idea how I can get SPF going?
Thanks,
Brett 

RE: How to find out installed modules?

[Chris Santerre]

>-Original Message-
>From: Brett Romero [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 10:27 AM
>To: Chris Santerre; users@spamassassin.apache.org
>Subject: Re: How to find out installed modules?
>
>
>
>- Original Message - 
>From: "Chris Santerre" <[EMAIL PROTECTED]>
>To: "'Brett Romero'" <[EMAIL PROTECTED]>; 
>
>Sent: Thursday, October 07, 2004 10:03 AM
>Subject: RE: How to find out installed modules?
>
>
>>
>>
>>>-Original Message-
>>>From: Brett Romero [mailto:[EMAIL PROTECTED]
>>>Sent: Thursday, October 07, 2004 9:37 AM
>>>To: users@spamassassin.apache.org
>>>Subject: How to find out installed modules?
>>>
>>>
>>>How do I find out which modules are installed for SA on my server?
>>>
>>>Where do I find a list of all available modules I can install
>>>with links to
>>>those modules?
>>>
>>>Thanks,
>>>Brett
>>
>> Hi Brett,
>>
>> I'm not sure what you mean by modules, but try reading the INSTALL
>> file. I assume you are talking about SA 3.0? BAYES, AWL, and 
>SURBL are
>> installed by default now. But Razor, DCC, ect well that 
>info is in the
>> INSTALL file. Additional _unofficial_ rules can be found at
>> www.rulesemporium.com
>>
>> You can also run: spamassassin -D --lint
>>
>> This will show you the setup of SA.
>>
>> HTH,
>>
>> Chris Santerre
>> System Admin and SARE Ninja
>> http://www.rulesemporium.com
>> http://www.surbl.org
>> 'It is not the strongest of the species that survives,
>> not the most intelligent, but the one most responsive to change.'
>> Charles Darwin
>
>That's what I was looking for.  The output is:
>
>Here are some details on the modules we have installed:
>
>debug: SpamAssassin version 3.0.0-pre4
>
>debug: diag: module not installed: DBI ('require' failed)
>debug: diag: module installed: DB_File, version 1.810
>debug: diag: module installed: Digest::SHA1, version 2.10
>debug: diag: module installed: IO::Socket::UNIX, version 1.21
>debug: diag: module installed: MIME::Base64, version 3.01
>debug: diag: module installed: Net::DNS, version 0.46
>debug: diag: module not installed: Net::LDAP ('require' failed)
>debug: diag: module not installed: Razor2::Client::Agent 
>('require' failed)
>debug: diag: module installed: Storable, version 2.12
>debug: diag: module installed: URI, version 1.30
>
>debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
>debug: plugin: registered 
>Mail::SpamAssassin::Plugin::SPF=HASH(0x26768f8)
>
>However, when I analyze a file with
>spamassassin -tD < filename.html
>
>I get these lines:
>debug: config: read file C:\Perl\site/share/spamassassin/25_spf.cf
>
>debug: registering glue method for check_for_spf_helo_pass 
>(Mail::SpamAssassin::Plugin::SP
>F=HASH(0x2645f30))
>debug: SPF: message was delivered entirely via trusted relays, 
>not required
>debug: registering glue method for check_hashcash_value 
>(Mail::SpamAssassin::Plugin::Hashc
>ash=HASH(0x2644dd0))
>debug: all '*To' addrs:
>debug: registering glue method for check_for_spf_softfail 
>(Mail::SpamAssassin::Plugin::SPF
>=HASH(0x2645f30))
>debug: SPF: message was delivered entirely via trusted relays, 
>not required
>debug: registering glue method for check_for_spf_pass 
>(Mail::SpamAssassin::Plugin::SPF=HAS
>H(0x2645f30))
>debug: registering glue method for check_for_spf_helo_softfail 
>(Mail::SpamAssassin::Plugin
>::SPF=HASH(0x2645f30))
>debug: registering glue method for check_for_spf_helo_fail 
>(Mail::SpamAssassin::Plugin::SP
>F=HASH(0x2645f30))
>
>The latter debug shows SPF is installed. However, it isn't 
>listed when I run 
>the "spamassassin -D --lint" command.  Why is that?
>

I'm assuming because it is part of SA, and not an outside module. Therefore,
it is installed with SA. 

--Chris

bug? "bayes_path ~user/something" doesn't work?

[Jakob Hirsch]

Hi,
I had "bayes_path ~spamd/bayes" in my local.cf until I noticed, that the 
part between ~ and / is ignored, resulting in a bayes_path of ~/bayes. 
It's not a big deal to give the full path, but that should be in the docs.

Regards,
Jakob

RE: Book has gone to press

[Chris Santerre]

>-Original Message-
>From: Shaun T. Erickson [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 10:39 AM
>To: Spamassassin-Talk (E-mail)
>Subject: Re: Book has gone to press
>
>
>Chris Santerre wrote:
>
>>http://www.packtpub.com/book/spamassassin
>>
>>  
>>
>How does this book compare to the O'Reilly book, by Schwartz?
>
>-ste

I was one of the tech editors on this one, but have yet to see the final. My
copy is on the way. I've also only read half the O'Reilly book so far. So I
can't draw a good conclusion yet. But the publisher I worked with was WELL
aware of the feedback O'Reilly's book was receiving. 

My opinion so far of the O'Reilly book is that it was more of an install
guide, and somewhat simplified. However I learned that was their goal for
the book. So they got it right :) 

I believe both books are for new admins of SA, or those looking to it for a
future project. The PackTPub book goes deeper then a basic install. I drove
them nuts because I kept asking for more to be added :) 

Rumor has it O'Reilly might publish a SPAM cookbook featuring SA. I hear it
may just kick butt, and be geared more for the tech heads. But that is just
a rumor, just like the authors may all carry katanas. *wink*

--Chris 

Re: Book has gone to press

[Martin Schröder]

On 2004-10-07 10:48:53 -0400, Shaun T. Erickson wrote:
> Hmm. When I go to that link, it says the release date is October 2004. 
> What are you looking at?

An older version. :-)

Best regards
Martin
-- 
   Martin Schröder, [EMAIL PROTECTED]
 ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany
  Voice +49 421 20419-44 / Fax +49 421 20419-10
http://www.artcom-gmbh.de

Re: Book has gone to press

[Shaun T. Erickson]

Martin Schröder wrote:
On 2004-10-07 10:37:32 -0400, Chris Santerre wrote:
 

http://www.packtpub.com/book/spamassassin
   

"Release date November 1999"
Yes, it should be at the press by now. :-)
Best regards
   Martin
PS: If it applies to SA3, the description should mention that.
 

Hmm. When I go to that link, it says the release date is October 2004. 
What are you looking at?

   -ste

Re: Book has gone to press

[Martin Schröder]

On 2004-10-07 10:37:32 -0400, Chris Santerre wrote:
> http://www.packtpub.com/book/spamassassin

"Release date November 1999"

Yes, it should be at the press by now. :-)

Best regards
Martin

PS: If it applies to SA3, the description should mention that.
-- 
   Martin Schröder, [EMAIL PROTECTED]
 ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany
  Voice +49 421 20419-44 / Fax +49 421 20419-10
http://www.artcom-gmbh.de

RE: [SA-LIST] Subject not changed

[Dallas L. Engelken]

> >
> > The subject is not changed if there is no subject.  This is 
> a feature, 
> > not a bug.
> >
> > -Jim
> >
> Just out of curiosity, what benefit is provided by this feature?  
> 

You could flat out reject mail without a subject header.

-- 
Dallas Engelken
NMGI

RE: [SA-LIST] Subject not changed

[Chris Santerre]

>-Original Message-
>From: Tom Meunier [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 10:34 AM
>To: users@spamassassin.apache.org
>Subject: Re: [SA-LIST] Subject not changed
>
>
>Jim Maul wrote:
>
>>
>> The subject is not changed if there is no subject.  This is 
>a feature, 
>> not a bug.
>>
>> -Jim
>>
>Just out of curiosity, what benefit is provided by this feature?  
>
>-tom


I would think that would be obvious. a 2 inch longer mortgage that lasts
4 hours!

--Chris

Re: Book has gone to press

[Shaun T. Erickson]

Chris Santerre wrote:
http://www.packtpub.com/book/spamassassin
 

How does this book compare to the O'Reilly book, by Schwartz?
   -ste

Book has gone to press

[Chris Santerre]

http://www.packtpub.com/book/spamassassin

Chris Santerre 
System Admin and SARE Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin 

Re: [SA-LIST] Subject not changed

[Tom Meunier]

Jim Maul wrote:
The subject is not changed if there is no subject.  This is a feature, 
not a bug.

-Jim
Just out of curiosity, what benefit is provided by this feature?  

-tom

Re: How to find out installed modules?

[Brett Romero]

- Original Message - 
From: "Chris Santerre" <[EMAIL PROTECTED]>
To: "'Brett Romero'" <[EMAIL PROTECTED]>; 

Sent: Thursday, October 07, 2004 10:03 AM
Subject: RE: How to find out installed modules?



-Original Message-
From: Brett Romero [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 07, 2004 9:37 AM
To: users@spamassassin.apache.org
Subject: How to find out installed modules?
How do I find out which modules are installed for SA on my server?
Where do I find a list of all available modules I can install
with links to
those modules?
Thanks,
Brett
Hi Brett,
I'm not sure what you mean by modules, but try reading the INSTALL
file. I assume you are talking about SA 3.0? BAYES, AWL, and SURBL are
installed by default now. But Razor, DCC, ect well that info is in the
INSTALL file. Additional _unofficial_ rules can be found at
www.rulesemporium.com
You can also run: spamassassin -D --lint
This will show you the setup of SA.
HTH,
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin
That's what I was looking for.  The output is:
Here are some details on the modules we have installed:
debug: SpamAssassin version 3.0.0-pre4
debug: diag: module not installed: DBI ('require' failed)
debug: diag: module installed: DB_File, version 1.810
debug: diag: module installed: Digest::SHA1, version 2.10
debug: diag: module installed: IO::Socket::UNIX, version 1.21
debug: diag: module installed: MIME::Base64, version 3.01
debug: diag: module installed: Net::DNS, version 0.46
debug: diag: module not installed: Net::LDAP ('require' failed)
debug: diag: module not installed: Razor2::Client::Agent ('require' failed)
debug: diag: module installed: Storable, version 2.12
debug: diag: module installed: URI, version 1.30
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x26768f8)
However, when I analyze a file with
spamassassin -tD < filename.html
I get these lines:
debug: config: read file C:\Perl\site/share/spamassassin/25_spf.cf
debug: registering glue method for check_for_spf_helo_pass 
(Mail::SpamAssassin::Plugin::SP
F=HASH(0x2645f30))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for check_hashcash_value 
(Mail::SpamAssassin::Plugin::Hashc
ash=HASH(0x2644dd0))
debug: all '*To' addrs:
debug: registering glue method for check_for_spf_softfail 
(Mail::SpamAssassin::Plugin::SPF
=HASH(0x2645f30))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for check_for_spf_pass 
(Mail::SpamAssassin::Plugin::SPF=HAS
H(0x2645f30))
debug: registering glue method for check_for_spf_helo_softfail 
(Mail::SpamAssassin::Plugin
::SPF=HASH(0x2645f30))
debug: registering glue method for check_for_spf_helo_fail 
(Mail::SpamAssassin::Plugin::SP
F=HASH(0x2645f30))

The latter debug shows SPF is installed. However, it isn't listed when I run 
the "spamassassin -D --lint" command.  Why is that?

Thanks,
Brett 

Re: [SA-LIST] Subject not changed

[Jim Maul]

Carnegie, Martin wrote:
Bwahahahahah, I can't believe I missed that!!! Doh!!! Nice catch Rick
:-)
--Chris

So this would be expected that the subject would not get changed? I must
be missing something.
Martin Carnegie
The subject is not changed if there is no subject.  This is a feature, 
not a bug.

-Jim

RE: [SA-LIST] Subject not changed

[Dallas L. Engelken]

> -Original Message-
> From: Carnegie, Martin [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, October 07, 2004 9:04 AM
> To: users@spamassassin.apache.org
> Subject: RE: [SA-LIST] Subject not changed
> 
> >
> >Bwahahahahah, I can't believe I missed that!!! Doh!!! Nice catch Rick
> :-)
> >
> >--Chris
> 
> So this would be expected that the subject would not get 
> changed? I must be missing something.
> 

Please see http://bugzilla.spamassassin.org/show_bug.cgi?id=3605

I provided a 4 line patch there for those of you that do not like the
way SA3 handles missing subjects :)

Thanks,

-- 
Dallas Engelken
NMGI

RE: [SA-LIST] Subject not changed

[Candee Vaglica]

There was no subject on the original; so the header couldn't be
"rewritten."
Dallas posted a patch on Bugzilla: 3605. 

-Original Message-
From: Carnegie, Martin [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 07, 2004 9:42 AM
To: users@spamassassin.apache.org
Subject: [SA-LIST] Subject not changed

We just upgraded to SA 3 and so far it has been working great.  I had a
message this morning that I do not understand why the subject was not
changed.  Here is the header info.


Microsoft Mail Internet Headers Version 2.0
Received: from atcoinss.atco.ca ([192.210.10.20]) by is030.atco.com with
Microsoft SMTPSVC(5.0.2195.6713);
 Thu, 7 Oct 2004 02:10:55 -0600
Received: from atcoinss.atco.ca ([192.210.10.20])  by atcoinss.atco.ca
(SMSSMTP 4.0.0.59) with SMTP id
M2004100702101611376
 ; Thu, 07 Oct 2004 02:10:16 -0600
Received: from [211.190.151.148] (helo=192.210.10.20)
by atcoinss.atco.ca with smtp (Exim )
id 1CFTLD-0007ID-UG; Thu, 07 Oct 2004 02:09:36 -0600
Received: from 96.18.251.192 by 211.190.151.148; Thu, 07 Oct 2004
07:05:36 -0200
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
atcoinss.atco.ca
X-Spam-Level: 
X-Spam-Status: Yes, score=16.9 required=5.0 tests=MISSING_DATE,

MISSING_SUBJECT,RCVD_BY_IP,RCVD_DOUBLE_IP_SPAM,RCVD_HELO_IP_MISMATCH,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_IN_RFC_IPWHOIS,
RCVD_IN_SORBS_DUL,RCVD_NUMERIC_HELO,URIBL_OB_SURBL,URIBL_SBL,
URIBL_WS_SURBL autolearn=disabled version=3.0.0
X-Spam-Report: 
*  0.0 RCVD_BY_IP Received by mail server with no name
*  0.0 MISSING_DATE Missing Date: header
*  0.6 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match,
but should
*  0.8 RCVD_NUMERIC_HELO Received: contains an IP address used
for HELO
*  1.1 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in
ipwhois.rfc-ignorant.org
*  [211.190.151.148 has inaccurate or missing WHOIS]
[data at the RIR]
*  0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
IP address
*  [211.190.151.148 listed in dnsbl.sorbs.net]
*  3.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
*  [Blocked - see
]
*  1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local
SMTP
*  [211.190.151.148 listed in combined.njabl.org]
*  0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
*  [URIs: pcamgt.com]
*  0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
*  [URIs: pcamgt.com]
*  2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
*  [URIs: pcamgt.com]
*  4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP)
found
*  1.6 MISSING_SUBJECT Missing Subject: header
From: [EMAIL PROTECTED]
Bcc:
Return-Path: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 07 Oct 2004 08:10:55.0684 (UTC)
FILETIME=[2B90B040:01C4AC45]
Date: 7 Oct 2004 02:10:55 -0600


So it is definitely the threshold but it did not get marked. I have
attached the email for you to see it all,

Thanks

Martin Carnegie

RE: [SA-LIST] Subject not changed

[Carnegie, Martin]

>
>Bwahahahahah, I can't believe I missed that!!! Doh!!! Nice catch Rick
:-)
>
>--Chris

So this would be expected that the subject would not get changed? I must
be missing something.

Martin Carnegie

RE: [SA-LIST] Subject not changed

[Chris Santerre]

>-Original Message-
>From: Rick Macdougall [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 10:00 AM
>To: users@spamassassin.apache.org
>Subject: Re: [SA-LIST] Subject not changed
>
>
>
>
>Carnegie, Martin wrote:
>> We just upgraded to SA 3 and so far it has been working 
>great.  I had a
>> message this morning that I do not understand why the subject was not
>> changed.  Here is the header info.
>> 
>> X-Spam-Status: Yes, score=16.9 required=5.0 tests=MISSING_DATE,
>>  
>> MISSING_SUBJECT,RCVD_BY_IP,RCVD_DOUBLE_IP_SPAM,RCVD_HELO_IP_MISMATCH,
>
>Hi,
>
>Perhaps because there was no subject to change.  One of the 
>rules it hit 
>was MISSING_SUBJECT
>
>Regards,
>
>Rick

Bwahahahahah, I can't believe I missed that!!! Doh!!! Nice catch Rick :-)

--Chris

RE: How to find out installed modules?

[Chris Santerre]

>-Original Message-
>From: Brett Romero [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 9:37 AM
>To: users@spamassassin.apache.org
>Subject: How to find out installed modules?
>
>
>How do I find out which modules are installed for SA on my server?
>
>Where do I find a list of all available modules I can install 
>with links to 
>those modules?
>
>Thanks,
>Brett 

Hi Brett,

I'm not sure what you mean by modules, but try reading the INSTALL
file. I assume you are talking about SA 3.0? BAYES, AWL, and SURBL are
installed by default now. But Razor, DCC, ect well that info is in the
INSTALL file. Additional _unofficial_ rules can be found at
www.rulesemporium.com 

You can also run: spamassassin -D --lint

This will show you the setup of SA. 

HTH,

Chris Santerre 
System Admin and SARE Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin 

Re: [SA-LIST] Subject not changed

[Rick Macdougall]

Carnegie, Martin wrote:
We just upgraded to SA 3 and so far it has been working great.  I had a
message this morning that I do not understand why the subject was not
changed.  Here is the header info.
X-Spam-Status: Yes, score=16.9 required=5.0 tests=MISSING_DATE,

MISSING_SUBJECT,RCVD_BY_IP,RCVD_DOUBLE_IP_SPAM,RCVD_HELO_IP_MISMATCH,
Hi,
Perhaps because there was no subject to change.  One of the rules it hit 
was MISSING_SUBJECT

Regards,
Rick

RE: [SA-LIST] Subject not changed

[Chris Santerre]

>-Original Message-
>From: Carnegie, Martin [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 07, 2004 9:42 AM
>To: users@spamassassin.apache.org
>Subject: [SA-LIST] Subject not changed
>
>
>We just upgraded to SA 3 and so far it has been working great.  I had a
>message this morning that I do not understand why the subject was not
>changed.  Here is the header info.
>

Do you have anything in your /etc/mail/spamassassin/local.cf ?

rewrite_header Subject *SPAM*

Chris Santerre 
System Admin and SARE Ninja
http://www.rulesemporium.com
http://www.surbl.org
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin 

[SA-LIST] Subject not changed

[Carnegie, Martin]

We just upgraded to SA 3 and so far it has been working great.  I had a
message this morning that I do not understand why the subject was not
changed.  Here is the header info.


Microsoft Mail Internet Headers Version 2.0
Received: from atcoinss.atco.ca ([192.210.10.20]) by is030.atco.com with
Microsoft SMTPSVC(5.0.2195.6713);
 Thu, 7 Oct 2004 02:10:55 -0600
Received: from atcoinss.atco.ca ([192.210.10.20])
 by atcoinss.atco.ca (SMSSMTP 4.0.0.59) with SMTP id
M2004100702101611376
 ; Thu, 07 Oct 2004 02:10:16 -0600
Received: from [211.190.151.148] (helo=192.210.10.20)
by atcoinss.atco.ca with smtp (Exim )
id 1CFTLD-0007ID-UG; Thu, 07 Oct 2004 02:09:36 -0600
Received: from 96.18.251.192 by 211.190.151.148; Thu, 07 Oct 2004
07:05:36 -0200
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on
atcoinss.atco.ca
X-Spam-Level: 
X-Spam-Status: Yes, score=16.9 required=5.0 tests=MISSING_DATE,

MISSING_SUBJECT,RCVD_BY_IP,RCVD_DOUBLE_IP_SPAM,RCVD_HELO_IP_MISMATCH,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_DUL,RCVD_IN_RFC_IPWHOIS,
RCVD_IN_SORBS_DUL,RCVD_NUMERIC_HELO,URIBL_OB_SURBL,URIBL_SBL,
URIBL_WS_SURBL autolearn=disabled version=3.0.0
X-Spam-Report: 
*  0.0 RCVD_BY_IP Received by mail server with no name
*  0.0 MISSING_DATE Missing Date: header
*  0.6 RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match,
but should
*  0.8 RCVD_NUMERIC_HELO Received: contains an IP address used
for HELO
*  1.1 RCVD_IN_RFC_IPWHOIS RBL: Sent via a relay in
ipwhois.rfc-ignorant.org
*  [211.190.151.148 has inaccurate or missing WHOIS]
[data at the RIR]
*  0.1 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic
IP address
*  [211.190.151.148 listed in dnsbl.sorbs.net]
*  3.8 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
*  [Blocked - see
]
*  1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local
SMTP
*  [211.190.151.148 listed in combined.njabl.org]
*  0.6 URIBL_SBL Contains an URL listed in the SBL blocklist
*  [URIs: pcamgt.com]
*  0.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL
blocklist
*  [URIs: pcamgt.com]
*  2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist
*  [URIs: pcamgt.com]
*  4.1 RCVD_DOUBLE_IP_SPAM Bulk email fingerprint (double IP)
found
*  1.6 MISSING_SUBJECT Missing Subject: header
From: [EMAIL PROTECTED]
Bcc:
Return-Path: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 07 Oct 2004 08:10:55.0684 (UTC)
FILETIME=[2B90B040:01C4AC45]
Date: 7 Oct 2004 02:10:55 -0600


So it is definitely the threshold but it did not get marked. I have
attached the email for you to see it all,

Thanks

Martin Carnegie
--- Begin Message ---
<[EMAIL PROTECTED]>
From: "Rosanne " <[EMAIL PROTECTED]>
Reply-To: "Rosanne " <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: International Market Insight Ref: 2004/N/2070446322  
Date: Thu, 07 Oct 2004 12:05:36 +0300
X-Mailer: Uvbyplutbpe 6.9
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--13324481830273883117"
X-Priority: 3
X-MSMail-Priority: Normal

13324481830273883117
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit

Investors',Right now, some of the best stock market 
researchers and analysts in thebusiness are working their global contacts, 
pouring over financial data, andcrunching the numbers to select the next 
buy/sell recommendation for...The Prime Capital Monitor..and 
investors fortunate enough to receive this newsletter are set to make 
asignificant gains..and one of these investors could be 
you http://pcamgt.com/landing/signup.htm";>More Information  
http://pcamgt.com/landing/landing.htm";>Signup NowThree Months 
--- that's Six issues --- absolutely complimentary
Quarterly "Recommendation Issue" includedPowerful insight 
into regional and global equities...surprisingly candid, not afraid to 
make a call...- Mark Hrbek, author of Dollars Sense...turns a 
mountain of data into four pages of common sense...-Alan Roth, Phoenix 
Growth Fund

13324481830273883117--

--- End Message ---

How to find out installed modules?

[Brett Romero]

How do I find out which modules are installed for SA on my server?
Where do I find a list of all available modules I can install with links to 
those modules?

Thanks,
Brett 

Re: Level _STARS(*)_

[Oscar Retana]

Hi Jean.
The default setup for Qmail-Scanner is to send the email to SA and ask 
back *only* for the status: is spam? yes or no? score?. End.

This is much more efficient than ask back for the full email rewriten by SA.
But of course, any change to the email you have configured in SA will 
just be ignored.

I think there is an option in Qmail-Scanner to enable 
"verbose_spamassassin" to get all headers back from SA. Not very 
efficient however... but for testing is fine.

But also: there is an specific option in Qmail-Scanner to re-write the 
subject header if the email is spam. I don't remember the option name, 
but it is there in the docs, in the options list.

- Oscar.

Jean Caron wrote:
I read everything I could find... still doesn't work. I don't get it.
I want to enable the header Level _STARS(*)_. The content of my "bare 
bone" /etc/mail/spamassassin/local.cf is below;
rewrite_header Subject *SPAM*
report_safe 1
lock_method flock
add_header all Level _STARS(*)_
Everything else works fine. I'm using SA 3.0 with qmail-queue.
Jean

Re: Level _STARS(*)_

[Jean Caron]

I resolved my issue. The problem was related to qmail-scanner and not 
spamassassin (--scanner=verbose VS. fast spamassassin). Sorry about that. 

Jean 

Jean Caron writes: 

I read everything I could find... still doesn't work. I don't get it.  

I want to enable the header Level _STARS(*)_. The content of my "bare 
bone" /etc/mail/spamassassin/local.cf is below;  

rewrite_header Subject *SPAM*
report_safe 1
lock_method flock
add_header all Level _STARS(*)_  

Everything else works fine. I'm using SA 3.0 with qmail-queue.
Jean 

Antwort: Re: How to rewrite spamc in Perl

[Nico . Prenzel]

-Michael Parker <[EMAIL PROTECTED]> schrieb: -MichaelPS ignore the learn method for now, that's from something else I'mworking on. Hello Michael,how far is your engagement in enhance the learn method to spamc/spamd?As i stated here http://bugzilla.spamassassin.org/show_bug.cgi?id=1201 i would like to help to push this part of the development tree.Greetings.NiccP.  

Client.pm
Description: Binary data

Re: Rule for words with multiple punctuation characters?

[John Wilcock]

On Wed, 6 Oct 2004 09:42:48 -0700, Loren Wilton wrote:
> Haven't seen these myself, but if they are drug spams, make sure you have
> the obfu drug rules installed and maybe up the score on some of them.
> Should have gotten about 4 hits in that first sentence.

Yes, the drug rules are catching them, but only just (scores as low as
6.2 with a threshold at 5.0). I'm just trying to be pre-emptive in case
they come up with a new variant that gets round the drug rules. 

Anyway, I've noticed that the FPs from my rule were mostly coming from
words with two underscores (e.g. discussions of SA rule names!).
Removing the underscore from the punctuation I was looking for seems to
have done the trick. 

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages- www.tradoc.fr

Re: dnsbl lookups slow due to "sleep 1" in code, plus patch

[Loren Wilton]

>If it's necessary then it should be added, but someone already 
>posted here that it works fine on Win2k (so I expect Win2k3 works too,
>and it probably even works on older WinNT). It might still have issues
>on Win98 (and derivatives like WinME) and possibly on WinXP.

If it works on W2K it will in all probability work on anything since, which 
would be XP and W2K3, since that is the procession of release names for the 
same OS code base.  It would probably work on NT 4, which was an earlier 
version of much of the same base, before a lot of Win98 flash and trash was 
grafted on to the UI level and device installer level.

Win95/98/ME was a different pseudo-OS that didn't quite understand the concept 
of multitasking (think early Mac 'cooperative multitasking'), and things that 
require waits could work, um, oddly, there.  However, I'd expect a simple 
Select to work on anything past Win95, and probably even on that.

In any case select() is implemented by a library glue layer on top of the 
actual stuff that deals with files, and that glue layer is essentially common 
on all of the MS platforms at this point.  While I can't say it isn't buggy, 
the bugs are likely the same on any platform.

  Loren

Re: [Fwd: Better check your sig now you are a spammer :-)]

[Ron McKeating]

On Wed, 2004-10-06 at 16:54, Matt Kettler wrote:
> At 09:01 AM 10/6/2004, Ron McKeating wrote:
> 
> >Nigel M kindly sent me this. we will have to think of new job titles
> >unless SA can detect the difference between specialist and cialis. Ooops
> >now nobody will see this email.
> 
> SA can, does and will detect the difference. However, poorly written add-on 
> rules can do whatever they like.
> 
> CIALIS2 is no part of any release of SA from 2.0 through 3.0.0. (Yes I did 
> check them all with grep -r).
> 
> All of the drug rules in 20_drugs.cf from SA 3.0 have proper \b's at the 
> head and foot of the regex, which force a word-boundary.
> 
>  From the looks of it, the administrator of rioja.localnet decided to add 
> his/her own rules, and failed to properly insert \b's where he/she should 
> have.
> 
> Any cialis rule should look something like:
>   body CIALIS/\bCialis\b/i
> 
> not:
>   body CIALIS2   /Cialis/i
> 
> Sorry, but SA can't do anything to fix bad regex writing on the part of the 
> end user. 

Then I stand corrected and apologise for casting any aspersions on the
reputation of SA. Still made I larf tho.

-- 
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329

Re: dnsbl lookups slow due to "sleep 1" in code, plus patch

[tBB]

>(FreeBSD 4.10 and Debian linux "unstable"), but this might have issues
>on inferior OSes from the Evil Empire. I haven't checked this. If it
>does, however, I suggest adding a test for $Config{'osname'} eq 'MSWin32',
>and just calling "sleep" in that case.

The changes work equally well on the superior OS from the Evil Empire, Win2k ;) 
Can't speak for XP as I don't use such...err...thing.

Well done!


+---+
- Mailto: [EMAIL PROTECTED]
- No HTML mails please
+---+

Re: 3.0.0 can't install on FreeBSD

[Ed Greshko]

Wayne M Barnes wrote:
Dear SpamAssassinators,
   My spamassassin began to fail suddenly.
   I have been trying to update/fix it without success.  I keep
getting messages with --version in them, such below.
   Please help!

version.h.pl: version.h.pl: Can't locate Digest/SHA1.pm in @INC (@INC 
You need to install the Digest::SHA1 perl module

3.0.0 can't install on FreeBSD

[Wayne M Barnes]

Dear SpamAssassinators,

   My spamassassin began to fail suddenly.

   I have been trying to update/fix it without success.  I keep
getting messages with --version in them, such below.

   Please help!

---
. . .

/usr/bin/perl build/preprocessor  -Mvars  -DVERSION="3.00"  
-DPREFIX="/usr/local"  -DDEF_RULES_DIR="/usr/local/share/spamassassin"  
-DLOCAL_RULES_DIR="/etc/mail/spamassassin"  
-DINSTALLSITELIB="/usr/local/lib/perl5/site_perl/5.8.5"  
-DCONTACT_ADDRESS="the administrator of that system" -Msharpbang  
-DPERL_BIN="/usr/bin/perl"  -DPERL_WARN=""  -DPERL_TAINT="" -m755 
-ispamd/spamd.raw -ospamd/spamd
/usr/bin/perl spamc/configure.pl --prefix="/usr/local" 
--sysconfdir="/etc/mail/spamassassin" 
--datadir="/usr/local/share/spamassassin" --enable-ssl="no"
cd spamc
/usr/local/bin/perl version.h.pl
version.h.pl: creating version.h
spamc/configure.pl: version.h.pl: Failed to get the version from 
Mail::SpamAssassin.
Please use the --with-version= switch to specify it manually.

The error was:
version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: 
version.h.pl: version.h.pl: Can't locate Digest/SHA1.pm in @INC (@INC 
contains: ../lib /usr/local/lib/perl5/site_perl/5.8.5/mach 
/usr/local/lib/perl5/site_perl/5.8.5 /usr/local/lib/perl5/site_perl 
/usr/local/lib/perl5/5.8.5/BSDPAN /usr/local/lib/perl5/5.8.5/mach 
/usr/local/lib/perl5/5.8.5 .) at ../lib/Mail/SpamAssassin/EvalTests.pm 
line 33.
BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/EvalTests.pm 
line 33.
Compilation failed in require at ../lib/Mail/SpamAssassin/PerMsgStatus.pm 
line 56.
BEGIN failed--compilation aborted at 
../lib/Mail/SpamAssassin/PerMsgStatus.pm line 56.
Compilation failed in require at ../lib/Mail/SpamAssassin.pm line 74.
BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin.pm line 74.
Compilation failed in require at version.h.pl line 27.
*** Error code 2

Stop in /usr/ports/distfiles/Mail-SpamAssassin-3.0.0.
 
- 
-- Wayne M Barnes [EMAIL PROTECTED]fax: (314) 754-9556

Re: custom rule

[Matt Kettler]

At 07:26 AM 10/7/2004 +0700, Gian wrote:
hill all, i'm using spamassassin 2.64, i want to reject body message like 
this : -- 
ÅóÓÑ£¡ÄãÓÐûÓÐÔÚÍøÉÏÏë¿´µçÓ°ÓÖÕÓ²»µ½ÕæÕýÃâ·ÑµÄÍøÕ¾µÄ¾­Àú£¿ºÃÈÝÓ×ÕÓµ½Ó»¸öºÅ³ÆÃâ·ÑµÄ¿Éµ½Í·À´ 
²»ÊÇÈÃÄãÌîÊÖ»úºÅÂë¾ÍÊÇÈÃÄãÓʾּÄÇ®»òÍøÉÏÖ§¸¶£¬ÏÖÔÚºÃÀ²£¡ÓÐÁËÎÓÌṩµÄÈí¼þ£¬ 
-- is there custom rule for doing that? thx... -gian-
You could try this, however it might FP on messages with binary 
attachments. Test first:

bodyHIGH_ASCII_GARBAGE  /[\x80-\xff]{20}/
score   HIGH_ASCII_GARBAGE  0.1
However, I suspect you might be better off looking at the message headers, 
FWWIW.

Re: Is Spamassassin 3.00 SRC RPM available?

[Florin Andrei]

On Wed, 2004-10-06 at 07:23, Theo Van Dinter wrote:
> On Wed, Oct 06, 2004 at 02:28:01PM +0200, Overdijk, Harrie wrote:
> > Is the SRC RPM of the released SpamAssassin 3.00 available already?
> > I failed to find it on the SpamAssassin website, although I did find the
> > previous versions including release candidate and prerelease...
> 
> No, I decided there was no point in giving out a source RPM since all you need
> to do is get the tarball (Mail-SpamAssassin-3.0.0.tar.gz), and run either
> "rpmbuild -tb Mail-..." to get binary RPMs or "rpmbuild -ts Mail-..." to get a
> source RPM.

I agree with you, but then this should be mentioned on the Download
page, or in the install instructions, or in the release notes (or a
combination of these, or all).

-- 
Florin Andrei

http://florin.myip.org/

Re: How to rewrite spamc in Perl

[Daniel Quinlan]

John Rudd <[EMAIL PROTECTED]> writes:

> 1) make room for passing a reference to a message instead of the message
> itself, to reduce network latency when it is not necessary (for example,
> if the spamd chosen just happens to be on localhost (because it's part
> of a list of servers that are being balanced), then you'll waste a lot
> of time transfering the message through the socket, instead of just
> transfering the path to the file that contains the message).

+1 sounds good

(well, assuming the message is actually in a file)

> 2) make room for using other tools in addition to spam assassin (for
> example, running an external virus scanner), making spamc/spamd a
> possible nice general purpose means of distributing the load for email
> scanning (not just for spam marking type scanning) and even email
> delivery.

+0 might be good

Daniel

-- 
Daniel Quinlan ApacheCon! 13-17 November (3 SpamAssassin
http://www.pathname.com/~quinlan/  http://www.apachecon.com/  sessions & more)

Re: custom rule

[Roger E. Rustad, Jr.]

Ever since signing up with AllofMP3.com (a Russian MP3
site), I've been getting tons of e-mail like that.

--- Gian <[EMAIL PROTECTED]> wrote:

> hill all,
> 
> i'm using spamassassin 2.64, i want to reject body
> message like this :
> 
> --
>
ÅóÓÑ£¡ÄãÓÐûÓÐÔÚÍøÉÏÏë¿´µçÓ°ÓÖÕÒ²»µ½ÕæÕýÃâ·ÑµÄÍøÕ¾µÄ¾­Àú£¿ºÃÈÝÒ×ÕÒµ½Ò»¸öºÅ³ÆÃâ·ÑµÄ¿Éµ½Í·À´
>
²»ÊÇÈÃÄãÌîÊÖ»úºÅÂë¾ÍÊÇÈÃÄãÓʾּÄÇ®»òÍøÉÏÖ§¸¶£¬ÏÖÔÚºÃÀ²£¡ÓÐÁËÎÒÌṩµÄÈí¼þ£¬
> --
> 
> is there custom rule for doing that?
> 
> thx...
> 
> -gian-
> 

custom rule

[Gian]

hill all,

i'm using spamassassin 2.64, i want to reject body message like this :

--
ÅóÓÑ£¡ÄãÓÐûÓÐÔÚÍøÉÏÏë¿´µçÓ°ÓÖÕÒ²»µ½ÕæÕýÃâ·ÑµÄÍøÕ¾µÄ¾­Àú£¿ºÃÈÝÒ×ÕÒµ½Ò»¸öºÅ³ÆÃâ·ÑµÄ¿Éµ½Í·À´
²»ÊÇÈÃÄãÌîÊÖ»úºÅÂë¾ÍÊÇÈÃÄãÓʾּÄÇ®»òÍøÉÏÖ§¸¶£¬ÏÖÔÚºÃÀ²£¡ÓÐÁËÎÒÌṩµÄÈí¼þ£¬
--

is there custom rule for doing that?

thx...

-gian-