Re: A few more 3.0.1 questions
On Sunday 07 November 2004 04:30 pm, Chris wrote: > I have a few more questions. In my previous mail I showed this: > > 2. Running --lint I get the following: > warning: score set for non-existent rule FREE_LEADS > warning: score set for non-existent rule US_DOLLARS_2 > warning: score set for non-existent rule RATWARE_EVAMAIL > lint: 637 issues detected. please rerun with debug enabled for more > information > > I've moved the 50_scores.cf rule out of the /etc/mail/spamassassin dir > and those 637 issues went away. I take it that this rule is no longer > needed? > > With 2.63 and DCC active I'd see a body #, fuz1 # and fuz2 #, I no longer > see that. I do have the dcc_body_max; _fuz1_max and _fuz2_max set to the > suggested 99 in my local.cf. I also used to see the number of times > a msg had been reported to pyzor, that too seems to be gone. I'll reply to my own message here. Regarding the 50_scores.cf, I neglected to COPY the new 50_scores.cf from /user/share/spamassassin to /etc/mail/spamassassin, doh! Working fine now, guess I was in too much of a hurry. -- Chris Registered Linux User 283774 http://counter.li.org 5:03pm up 3 days, 21:29, 1 user, load average: 0.28, 0.41, 0.31 No yak too dirty; no dumpster too hollow.
A few more 3.0.1 questions
I have a few more questions. In my previous mail I showed this: 2. Running --lint I get the following: warning: score set for non-existent rule FREE_LEADS warning: score set for non-existent rule US_DOLLARS_2 warning: score set for non-existent rule RATWARE_EVAMAIL lint: 637 issues detected. please rerun with debug enabled for more information I've moved the 50_scores.cf rule out of the /etc/mail/spamassassin dir and those 637 issues went away. I take it that this rule is no longer needed? With 2.63 and DCC active I'd see a body #, fuz1 # and fuz2 #, I no longer see that. I do have the dcc_body_max; _fuz1_max and _fuz2_max set to the suggested 99 in my local.cf. I also used to see the number of times a msg had been reported to pyzor, that too seems to be gone. -- Chris Registered Linux User 283774 http://counter.li.org 3:31pm up 3 days, 19:57, 2 users, load average: 0.12, 0.15, 0.17 Above all else -- sky.
performance observations: 3.0.1 versus 2.42
I just finished installing 3.0.1 over a two-years old 2.42 installation on a Sun (don't know which model, sorry) with 0.5 GB ram and 1.2 GB swap serving less than 1000 users with smtp and pop services, about 15000 local deliveries per working day. Undesired mail jumped from an average 1% of two years ago to around 60% now. Mail distribution in time was much les bursty then, but now bursts of mail are quite frequent, up to 300 mails in ten minutes. SpamAssassin 3.0 is much better at identifying mail than 2.42: about half the currently identified spam went unnoticed with 2.42. Pop usage is heavy on this box, and unfortunately 3.0 does not help. Every spamd child uses at least 27 MB of real memory (RSS), which grows up to 42 MB in busy periods. Comparing performance before and after upgrade, I suspect that having a fixed number of servers makes things worse. While having the servers ready to work makes them more responsive, from a global perspective performance degrades less gracefully with respect to the model where you spawn a child when needed. In fact, when you have a fixed number of servers, you cannot exceed the real memory size without risking constant memory thrashing (so on this box I can use a maximum of, say, 12 servers). If more servers are needed for short time periods, nothing can be easily done. With the old model, I could define a maximum of 30 servers, which were spawned only when needed, so performance degraded gracefully. Maybe I could use two or three servers with --max-children=6, listening on three different sockets, and let procmail choose the second only when the first gives an EX_UNAVAILABLE (69) error, and the third only when such error is got from the second one, but I did not try that one. Probably this arrangement could give the best of the two models, because children that are idle for some time should go to swap and leave real memory free for the pop servers in normal situation, while being ready for overload periods.
Re: DNSBL test failures
Saturday, November 6, 2004, 2:59:02 PM, I wrote: RM> I lost my Windows XP desktop this month while I was out of town. RM> I've now reconstructed it from scratch, using the vendor's recovery RM> disks, ie: wiping out everything (fortunately all data is on backups). RM> I installed current Cygwin, all needed modules (I believe), then using RM> CPAN installed all modules needed for SpamAssassin, and then attempted RM> to install SA also via CPAN. RM> t/dnsbl is failing, with messages like: >> t/dnsbl..Bareword found in conditional at t/dnsbl.t line 15. >> Not found: P_2 = >> > [127.0.0.4] >> # Failed test 1 in t/SATest.pm at line 530 RM> ... Another data point for those interested: I've made no system changes (no changes anywhere within the Cygwin environment), but instead of using CPAN to download 3.0.1, I did a direct download of 3.0.1 from the Apache mirror (zip format), unzipped the file into my Cygwin home directory, and did a standard install (perl Makefile.PL ; make ; make test ; make install). I used the same default userid in both runs, and expected the results to be the same. However, the only error during the entire "make test" suite was > t/dnsbl.Bareword found in conditional at t/dnsbl.t line 15. None of the other errors were reported, and the tests completed with > All tests successful, 5 tests skipped. > Files=67, Tests=1493, 498 wallclock secs (202.32 cusr + 92.63 csys = 294.94 > CPU) The code I downloaded from the mirror should be identical to what came to me via CPAN, but the results are different. Any ideas why? If I can figure out anything useful from this, I'm willing to document it on the Wiki, but so far all I've got are some head scratches. Bob Menschel
RE: Global Bayesian DB or all per user?
I use it globally, with this in my local.cf file use_bayes 1 use_bayes_rules 1 bayes_auto_learn1 bayes_path /var/spool/spamassassin/bayes bayes_file_mode 0660 Although if you don't set this it will make a separate one per user under $USER_HOME/.spamassassin/bayes I believe. -Original Message- From: Jason Lixfeld [mailto:[EMAIL PROTECTED] Sent: Sunday, November 07, 2004 4:02 PM To: users@spamassassin.apache.org Subject: Global Bayesian DB or all per user? Is there a global Bayesian DB or is each database a per user database?
RE: Rules List
I think I got SURBL working since I see a lot of mails triggered as spam with comments like URIBL_WS_SURBL What I did is do a cpan SA3 install and on /root/.cpan/SA3.0/rules, copy all the .cf files to my site rules dir, since it seems that SURBL is enabled and net tests is enabled too... I guess by copying the default rules to my site rules dir enabled the scores and everything else, here is a copy of the rules I have in place: 8 -rw-r--r--1 root root 6002 Nov 6 20:02 10_misc.cf 4 -rw-r--r--1 root root 1602 Nov 6 20:02 20_anti_ratware.cf 12 -rw-r--r--1 root root 8198 Nov 6 20:02 20_body_tests.cf 4 -rw-r--r--1 root root 1613 Nov 6 20:02 20_compensate.cf 12 -rw-r--r--1 root root12083 Nov 6 20:02 20_dnsbl_tests.cf 16 -rw-r--r--1 root root15700 Nov 6 20:02 20_drugs.cf 12 -rw-r--r--1 root root11268 Nov 6 20:02 20_fake_helo_tests.cf 28 -rw-r--r--1 root root27699 Nov 6 20:02 20_head_tests.cf 16 -rw-r--r--1 root root15487 Nov 6 20:02 20_html_tests.cf 12 -rw-r--r--1 root root10939 Nov 6 20:02 20_meta_tests.cf 24 -rw-r--r--1 root root22099 Nov 6 20:02 20_phrases.cf 8 -rw-r--r--1 root root 4966 Nov 6 20:02 20_porn.cf 16 -rw-r--r--1 root root14129 Nov 6 20:02 20_ratware.cf 8 -rw-r--r--1 root root 5014 Nov 6 20:02 20_uri_tests.cf 4 -rw-r--r--1 root root 2334 Nov 6 20:02 23_bayes.cf 12 -rw-r--r--1 root root 9114 Nov 6 20:02 25_body_tests_es.cf 4 -rw-r--r--1 root root 2735 Nov 6 20:02 25_hashcash.cf 4 -rw-r--r--1 root root 2301 Nov 6 20:02 25_spf.cf 8 -rw-r--r--1 root root 4700 Nov 6 20:02 25_uribl.cf 56 -rw-r--r--1 root root52290 Nov 6 20:02 30_text_de.cf 40 -rw-r--r--1 root root40682 Nov 6 20:02 30_text_fr.cf 64 -rw-r--r--1 root root57934 Nov 6 20:02 30_text_nl.cf 36 -rw-r--r--1 root root34800 Nov 6 20:02 30_text_pl.cf 32 -rw-r--r--1 root root29375 Nov 6 20:02 50_scores.cf 8 -rw-r--r--1 root root 6884 Nov 6 20:02 60_whitelist.cf 4 -rw-r--r--1 root root 342 Nov 6 20:02 local.cf 4 -rw-r--r--1 root root 2671 Nov 6 20:02 regression_tests.cf I only have the default rules in place, no other rules from rules_du_jour or anything... Looks ok to you guys? Should I also put some rules_du_jour in there? CPU load is very low and nice :) and seems to be catching a lot of spam... -Original Message- From: Jeff Chan [mailto:[EMAIL PROTECTED] Sent: Domingo, 07 de Noviembre de 2004 12:14 a.m. To: Anton Krall Cc: users@spamassassin.apache.org Subject: Re: Rules List On Saturday, November 6, 2004, 9:33:47 PM, Anton Krall wrote: > So SURBL will work even if no .cf files are on any of the site rules > or config dirs yet? How does SA know about URLs and where to check? > I see some files under cpan dirs and SA that show some rules about > SURBL so I thought they might need to be copied under > /usr/share/spamassassin, where my site rules are. SURBLs are included in the default rules for SA 3. If you've done a full, default install, then the rules and scores are probably already installed. Hopefully a CPAN install does that. If you see rules like URIBL_OB_SURBL being triggered then SURBLs are working. > Do you recommend still installing some rules like sare and such? > Also, do you know any rules that trap vicodin and some other drug spam? Some of the SARE rules are useful for these. To be honest, I don't have recommendations about which ones to use. But with SURBLs some are no longer needed. I'll let the SARE folks explain further, or you may want to search the list archives about this. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Global Bayesian DB or all per user?
Is there a global Bayesian DB or is each database a per user database?
Re: Is updating to 3.0.1 really necessary?
On Saturday 06 November 2004 11:53 pm, Matt Kettler wrote: > At 03:42 PM 11/6/2004 -0600, Chris wrote: > >I run a single user system. 2.63 is working so well, I'd say I have a > >99.99+ rate of catching spam with very, very few FP's or FN's. I > > haven't seen either in weeks. Running with network tests and SURBL's > > with a few rulesets thrown in. Would there be any advantage at all to > > upgrading other than that I'd be running the latest version? > > If 2.63 is working well for you, you probably don't need to upgrade to > 3.01 right away. > > However, I would at least upgrade to 2.64 ASAP... 2.63 is vulnerable to a > DoS attack from being fed a malformed message. Ok, just upgraded to 3.0.1. The upgrade seemed to be as easy as falling off a log using CPAN in webmin, however, as usual, I have a few questions. 1. When running the perl script I use to report spam to DCC, Pyzor and razor I see the following: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8de4adc) inhibited further callbacks What specifically is this telling me? 2. Running --lint I get the following: warning: score set for non-existent rule FREE_LEADS warning: score set for non-existent rule US_DOLLARS_2 warning: score set for non-existent rule RATWARE_EVAMAIL lint: 637 issues detected. please rerun with debug enabled for more information I'll have to assume that the above shows I have to remove some rules? 3. I assume I have to remove the mail::spamassassin::spamcopuri module? Other than that I'm pretty happy. I do notice that a bit more memory is used but I get around that by stopping and restarting spamd every hour. -- Chris Registered Linux User 283774 http://counter.li.org 2:33pm up 3 days, 18:58, 3 users, load average: 0.17, 0.32, 0.41 Whatever you may be sure of, be sure of this: that you are dreadfully like other people. -- James Russell Lowell, "My Study Windows"
RE: Performance.
I'm running on a Celeron 1.8G with only 256M of ram. 2,000 emails/day. Average elapsed time for SA scans: 2,988.43 ms. (Max: 94 seconds. Second highest: 21 seconds) I'd say you've got something wrong. I'm running the default ruleset from 3.0.1 distro with: score BAYES_00 -4.9 score BAYES_01 -2.0 score BAYES_10 -1.5 score BAYES_20 -1.0 score BAYES_30 -0.5 score BAYES_40 0.1 score BAYES_44 0.7 score BAYES_50 1.0 score BAYES_56 1.5 score BAYES_60 2.1 score BAYES_70 3.1 score BAYES_80 4.2 score BAYES_90 4.9 score BAYES_99 5.4 score DNS_FROM_AHBL_RHSBL 4 score RCVD_IN_BL_SPAMCOP_NET 4 score RCVD_IN_DSBL 4 score RCVD_IN_SBL 4 score RCVD_IN_SORBS_DUL 4 score RCVD_IN_SORBS_WEB 4 score SPF_FAIL 2 score SPF_HELO_FAIL 2 score URIBL_SBL 4 score URIBL_SBL 4 score URIBL_WS_SURBL 4 trusted_networks 172.0.0.0/8 in my local.cf Oh, I didn't read far enough to see the machine specs! Ouch! Mine (I thought it was a "toy" server, Celeron at that) is probably doing so well because I'm on a fairly idle T1 so all the DNS traffic is pretty fast. But my "toy" is a lot more than 166 Mhz. A 2Ghz Cheapo CPU/Motherboard/0.5G ram is probably $300 or less. Check TigerDirect or somewhere and UPGRADE THAT PUPPY! Dan -Original Message- From: Mike Burger [mailto:[EMAIL PROTECTED] Sent: Sunday, November 07, 2004 1:59 PM To: Henri van Riel Cc: users@spamassassin.apache.org Subject: Re: Performance. On Sun, 7 Nov 2004, Henri van Riel wrote: > Hello, > > Ok, I admit, mine is not the fastest mail server on the planet but is > this the best performance I'm going to get: > > spamd[3164]: identified spam (22.0/5.0) for p3scan:150 in 135.4 seconds, 3920 bytes. > > That's 2 minutes and 15+ seconds for an email little over 3k in > size... > > I run a small personal mailserver but 90% of my incoming mail is spam > and I'd like to do something about that. > > SA is invoked by P3Scan. > > -- > SA-3.0.1 > perl-5.8.5 > Linux-2.4.26 > Pentium I 166Mhz > 64MB RAM - 64MB swap P5 166 with only 64MB RAM and swap? Yeah...that's the performance you're going to get. My system is an Athlon 2GHz, with half a gig of RAM, and I'm seeing today's performance like this: Total number of emails processed by the spam filter : 81 Number of spams :12 ( 14.81%) Number of clean messages:69 ( 85.19%) Average message analysis time : 9.96 seconds Average spam analysis time : 7.94 seconds Average clean message analysis time : 10.31 seconds Average message score : -2.87 Average spam score : 14.57 Average clean message score : -5.90 Total spam volume :39 kbytes Total clean volume : 417 kbytes This is actually a little high, but one of the last messages my server sent out was fairly large, and went out to over 150 people from a listserv. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: [EMAIL PROTECTED] with a message of: subscribe
Re: Performance.
On Sun, 7 Nov 2004, Henri van Riel wrote: > Hello, > > Ok, I admit, mine is not the fastest mail server on the planet but is > this the best performance I'm going to get: > > spamd[3164]: identified spam (22.0/5.0) for p3scan:150 in 135.4 seconds, 3920 > bytes. > > That's 2 minutes and 15+ seconds for an email little over 3k in > size... > > I run a small personal mailserver but 90% of my incoming mail is spam > and I'd like to do something about that. > > SA is invoked by P3Scan. > > -- > SA-3.0.1 > perl-5.8.5 > Linux-2.4.26 > Pentium I 166Mhz > 64MB RAM - 64MB swap P5 166 with only 64MB RAM and swap? Yeah...that's the performance you're going to get. My system is an Athlon 2GHz, with half a gig of RAM, and I'm seeing today's performance like this: Total number of emails processed by the spam filter : 81 Number of spams :12 ( 14.81%) Number of clean messages:69 ( 85.19%) Average message analysis time : 9.96 seconds Average spam analysis time : 7.94 seconds Average clean message analysis time : 10.31 seconds Average message score : -2.87 Average spam score : 14.57 Average clean message score : -5.90 Total spam volume :39 kbytes Total clean volume : 417 kbytes This is actually a little high, but one of the last messages my server sent out was fairly large, and went out to over 150 people from a listserv. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: [EMAIL PROTECTED] with a message of: subscribe
Performance.
Hello, Ok, I admit, mine is not the fastest mail server on the planet but is this the best performance I'm going to get: spamd[3164]: identified spam (22.0/5.0) for p3scan:150 in 135.4 seconds, 3920 bytes. That's 2 minutes and 15+ seconds for an email little over 3k in size... I run a small personal mailserver but 90% of my incoming mail is spam and I'd like to do something about that. SA is invoked by P3Scan. -- SA-3.0.1 perl-5.8.5 Linux-2.4.26 Pentium I 166Mhz 64MB RAM - 64MB swap -- Best regards, Henri mailto:[EMAIL PROTECTED]
HELP on SIMPLE sa-mimedefang file ?
Hi, Here is my sa-mimedefang.cf file : required_hits 5 ok_locales all rewrite_subject 1 subject_tag [*SPAM*] report_safe 0 skip_rbl_checks 1 --- Is that enough to for spamassassin to work on a relay host ?.(the relay host workerd well before mimedefang and spamassassin installation). I'm looking for a fairly simple mimedefang config file. Seems impossible to find. Is that enough ?. I run fedora core 2 and SA 3.0 with mimedefang 2.42. /Hitete
RE: SpamAssassin Droping messages...
To complete the loop on this one, it was version of spamass-milter I was using. Upgraded this and all is good now. - Ryan -Original Message- From: Ryan Ferguson Sent: Friday, November 05, 2004 6:48 PM To: users@spamassassin.apache.org Subject: SpamAssassin Droping messages... I am running spamass-milt and SA3.01. Messages that are tagged as spam are being dropped on the floor and I can not figure out why. I have tried running spamass-milt -r 300 to try and stop this from happening but everything at 7 (my spam level) or higher is dumped. Does anyone have any thoughts on what this could point to? Thanks, - Ryan
Re: a simple rule for detecting Microsoft executables
On Sun, Nov 07, 2004 at 10:04:58AM +0100, Francesco Potorti` wrote: > >ewww! $name="foo.com"; > > > >congrats, you just FPed. :) > > No, I didn't :-) > > You missed the meta rule: > meta ms_executable (__h_exename_q && !__b_exename_q) Ok, that one didn't FP, fine. :P I just don't like full/rawbody rules attempting to look at MIME headers when it's trivial to just use a plugin to do it. 0 chance of FP that way. > Thanks for the tip. I looked at the plugin, however, and it does > include only a small subset of MS directly executable extensions. Most > notably, the .cpl and .vbe that recently mass-hit me are missing. I used > a comprehensive list, as far as I know, that could be easily imported in > the module you cite. It was a generic test to replace MICROSOFT_EXECUTABLE, which only looked for the base64 encoded string. I should probably make the list a bit fuller: ade|adp|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|hlp|hta| inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdt|mdw|mdz|msc|msi|msp|mst|nws| ops|pcd|pif|prf|reg|scf|scr\??|sct|shb|shs|shm|swf|url| vb|vbe|vbs|vbx|vxd|wsc|wsf|wsh This is what came out of several discussions I was reading back the last time some MS worm went about.Ok, that list is in the plugin now. :) > By the way, do I use the "loadplugin" command to load a module, right? Yeah, if you put it in /etc/mail/spamassassin, "loadplugin /etc/mail/spamassassin/MSExec.pm" ought to work. :) -- Randomly Generated Tagline: If you remove stricture from a large Perl program currently, you're just installing delayed bugs, whereas with this feature, you're installing an instant bug that's easily fixed. Whoopee. -- Larry Wall in <[EMAIL PROTECTED]> pgppx9AqNC6L2.pgp Description: PGP signature
Re: rules for ignorant spammers
Fransecso, header spammer_from From =~ /%FROM_USER@/ describe spammer_from Ignorant spammer: variables in From: scorespammer_from 5.0 header spammer_messageid Message-Id =~ /%MESSAGEID@|RND_LC_CHAR/ describe spammer_messageid Ignorant spammer: variables in Message-Id: scorespammer_messageid 5.0 There is SARE_RAND for that ... X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (score=8.901, required 5, BAYES_00 -2.60, SARE_RAND_2W 1.50, SARE_RAND_3 2.00, SARE_RAND_7 2.00, SARE_RAND_OTHER_AA 3.00, SARE_RAND_OTHER_U 3.00) Your messge triggered 5 ot them... ;) Bye, Raymond.
Re: Italian translation for unsafe_report
>If you would like that to be an official part of the future SA releases, you >should open a bugzilla ticket and attach a *.cf file with that rule in it. Thanks for the tip, I just did it (but I put the translation in the message body).
Re: a simple rule for detecting Microsoft executables
>> full __h_exename_q
>> /\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
>> rawbody __b_exename_q
>> /\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
>
>ewww! $name="foo.com";
>
>congrats, you just FPed. :)
No, I didn't :-)
You missed the meta rule:
meta ms_executable (__h_exename_q && !__b_exename_q)
>If you're using 3.0, and you really feel a need to have a MICROSOFT_EXECUTABLE
>rule, please see:
>
>http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MSExec.pm
>and
>http://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_msexec.cf
Thanks for the tip. I looked at the plugin, however, and it does
include only a small subset of MS directly executable extensions. Most
notably, the .cpl and .vbe that recently mass-hit me are missing. I used
a comprehensive list, as far as I know, that could be easily imported in
the module you cite.
By the way, do I use the "loadplugin" command to load a module, right?
Re: Webbi`s kleiner Datentoaster?
On 07.11.2004 at 07:00 Bernd Schmelter is rumoured to have written: >It seems so. The meaning of "Webbi`s kleiner Datentoaster" >is like "Webmasters little datadestroyer" Actually some fantasy is needed to see a relation between either 'Webbi' and Webmaster or 'Datentoaster' and Data destroyer. His (ugly) page which can be obviously found at http://webbi67.de.vu/ has hardly anything to do with destruction of data or cracking. The few cracks he offers are horribly outdated and surely not written by him. Instead it seems that his nick is Webster therefore probably 'Webbi'. Besides, 'Datentoaster' is a common generic abbreviation for computers in Germany. Nico +---+ - Mailto: [EMAIL PROTECTED] - No HTML mails please +---+
Re: Rules List
On Saturday, November 6, 2004, 9:33:47 PM, Anton Krall wrote: > So SURBL will work even if no .cf files are on any of the site rules or > config dirs yet? How does SA know about URLs and where to check? > I see some files under cpan dirs and SA that show some rules about SURBL so > I thought they might need to be copied under /usr/share/spamassassin, where > my site rules are. SURBLs are included in the default rules for SA 3. If you've done a full, default install, then the rules and scores are probably already installed. Hopefully a CPAN install does that. If you see rules like URIBL_OB_SURBL being triggered then SURBLs are working. > Do you recommend still installing some rules like sare and such? > Also, do you know any rules that trap vicodin and some other drug spam? Some of the SARE rules are useful for these. To be honest, I don't have recommendations about which ones to use. But with SURBLs some are no longer needed. I'll let the SARE folks explain further, or you may want to search the list archives about this. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Rules List
> So SURBL will work even if no .cf files are on any of the site rules or > config dirs yet? How does SA know about URLs and where to check? SA comes with a pile of config files as part of the normal install. You should certainly have the default SA config files installed. Whether these are the ones you are referring to on CPAN I can't say. But I think you should find a bunch of cf files probably in etc/mail/spamassassin. The surbl stuff will be in these rule files. > Do you recommend still installing some rules like sare and such? Some of the SARE rules have been subsumed into 3.0, but most haven't. The general rule is, if spam is leaking through, look to see if there is an addon ruleset that can fix the problem. If spam isn't leaking through, generally don't bother. Quite likely the sare general header, general subject, bml, and fraud rules will help, as probably will some of the others. However, surbl does quite a good job all by itself. > Also, do you know any rules that trap vicodin and some other drug spam? Matt's antidrug rules are part of 3.0, so most of this stuff should be caught by default. Loren
Re: Rules List
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules Then you need to delete the pre25x, pre30 type rules. > enabled but I was wondering, since I upgraded using CPAN, should I copy the > rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL > rules? Can't help you there, I have no idea what those rules files would be. > How do I go about setting this up nicely? For surbl you need to make sure you have enough stuff installed that you can successfully do net tests. Then I believe you have to enable the surbl plugin in plugins.cf or some such. (I may be wrong, it may be enabled already.) I think you may also have to track down the surbl rules and enable them, but again I'm not sure. They will be in one of the stock 3.0 config files somewhere. But first make sure you have net tests working, or surbl won't do anything for you. This requires some optional pieces that you may not have installed. I believe spamassassin -D --lint will show you what you do and don't have installed and enabled. Loren
Re: Webbi`s kleiner Datentoaster?
Jeff Chan wrote: > Does anyone know: > > Webbi`s kleiner Datentoaster > > or why they are trying to zone transfer surbl.org from the > following addresses? > > 83.129.251.245 > 83.129.247.209 > 83.129.221.175 > 83.129.211.136 > > There is some evidence they maybe crackers. Does anyone know > anything about them? It seems so. The meaning of "Webbi`s kleiner Datentoaster" is like "Webmasters little datadestroyer" > > These appear to be dynamic tiscali.de DSL addresses. Yes. Complaints about spam and other netabuse: [EMAIL PROTECTED] > > Jeff C. > Greeting's from Germany Benn -- #250319 - http://counter.li.org
Re: Is updating to 3.0.1 really necessary?
At 03:42 PM 11/6/2004 -0600, Chris wrote: I run a single user system. 2.63 is working so well, I'd say I have a 99.99+ rate of catching spam with very, very few FP's or FN's. I haven't seen either in weeks. Running with network tests and SURBL's with a few rulesets thrown in. Would there be any advantage at all to upgrading other than that I'd be running the latest version? If 2.63 is working well for you, you probably don't need to upgrade to 3.01 right away. However, I would at least upgrade to 2.64 ASAP... 2.63 is vulnerable to a DoS attack from being fed a malformed message. Nobody should be running 2.63... Nobody.
RE: Rules List
So SURBL will work even if no .cf files are on any of the site rules or
config dirs yet? How does SA know about URLs and where to check?
I see some files under cpan dirs and SA that show some rules about SURBL so
I thought they might need to be copied under /usr/share/spamassassin, where
my site rules are.
Do you recommend still installing some rules like sare and such?
Also, do you know any rules that trap vicodin and some other drug spam?
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Sábado, 06 de Noviembre de 2004 11:23 p.m.
To: users@spamassassin.apache.org
Subject: Re: Rules List
On Saturday, November 6, 2004, 8:41:00 PM, Anton Krall wrote:
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6
> rules and left only 3.0 .. Also, seems 3.0 has builtin support for
> SURBL and its enabled but I was wondering, since I upgraded using
> CPAN, should I copy the rules on /root/.cpan/SA3.0/rules/*.cf to the
> site rules dir to enalble SURBL rules?
> How do I go about setting this up nicely?
SURBLs are supported by default in 3.0. You don't need to copy
any rules or configs. All you need to do is have a current
Net::DNS and make sure network tests are enabled.
http://www.surbl.org/faq.html#nettest
You probably should add a rule for JP however:
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL4.0
See:
http://www.surbl.org/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Re: Rules List
On Saturday, November 6, 2004, 8:41:00 PM, Anton Krall wrote:
> I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules
> and left only 3.0 .. Also, seems 3.0 has builtin support for SURBL and its
> enabled but I was wondering, since I upgraded using CPAN, should I copy the
> rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL
> rules?
> How do I go about setting this up nicely?
SURBLs are supported by default in 3.0. You don't need to copy
any rules or configs. All you need to do is have a current
Net::DNS and make sure network tests are enabled.
http://www.surbl.org/faq.html#nettest
You probably should add a rule for JP however:
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL4.0
See:
http://www.surbl.org/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Re: Customizing the SA error message?
On Sun, Nov 07, 2004 at 02:05:48PM +1100, Gavin Cato wrote: > One other question, sometimes the "preview" function merely previews the > report template, i.e. > > Is there a way to always make it show the preview of the actual spam? The only way that can happen, imo, is if you're scanning the message twice. It always shows the body of the message in the preview, not the report. -- Randomly Generated Tagline: I know everything about everything... except that. pgpWMMHQh5JrH.pgp Description: PGP signature
3.0 upgrade - SQL quirk
I upgraded to 3.0.1 today, and now my sql custom rules table works perfectly when there is a rule listed for the user receiving email, and SA does not test messages at all if there is no database entry for that user. For example, if I send email to [EMAIL PROTECTED], it does the SQL lookup, finds 28 rows for that username (ramsejc) and applies them. If I send a message to [EMAIL PROTECTED], which is an alias to my ramsejc account, not only does SA not apply the rules for ramsejc, (I know why this is), it does not even parse the message, or at least it does not add the header lines for doing so.
Issues calling spamc via pipe?
I was browsing some stuff and I think I read something about it being bad practice to run SA like so: begin routers spam_check: transport = spam_kill ... ... ... ... begin transports spam_kill: driver = pipe command = /usr/local/sbin/exim -oMr spamassassin-scanned -bS transport_filter = /usr/local/bin/spamc -d 127.0.0.1 -u $local_part ... ... ... ... I can't find the link anymore and I'm not sure if what I read is accurate or not... I think the comment was something along the lines of "...piping stuff is a kludge for lack of a proper way to do it..." Is it bad to call spamc from a pipe or is this normal practice?
RE: Rules List
Loren. I just upgraded to 3.0 and using amavisd-new... I removed the old 2.6 rules and left only 3.0 .. Also, seems 3.0 has builtin support for SURBL and its enabled but I was wondering, since I upgraded using CPAN, should I copy the rules on /root/.cpan/SA3.0/rules/*.cf to the site rules dir to enalble SURBL rules? How do I go about setting this up nicely? -Original Message- From: Loren Wilton [mailto:[EMAIL PROTECTED] Sent: Sábado, 06 de Noviembre de 2004 09:14 p.m. To: users@spamassassin.apache.org Subject: Re: Rules List > Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot > of the vicodin and medicine spam mail :( > > 71_sare_bml_pre25x.cf > > 71_sare_redirect_pre3.0.0.cf > > 72_sare_redirect_post3.0.0.cf > 70_sare_html_x30.cf > > 99_sare_fraud_post25x.cf > > 70_sare_header_x264_x30.cf > > 99_sare_fraud_pre25x.cf > > 70_sare_header_x30.cf > > 70_sare_genlsubj_x30.cf Notice anything interesting about the file names I left in the list above? They all have SA version numbers, indicating which SA versions they apply to. I absolutely guarantee that no matter which SA version you are running, at least one of those files is inappropriate. Please go back to www.rulesemporium.com/rules and READ the descriptions of the rule files, and then select the ones that are and ARE NOT appropriate for your configuration. Delete those that ARE NOT appropriate, as a start. Loren
Re: a simple rule for detecting Microsoft executables
On Sun, Nov 07, 2004 at 01:45:51AM +0100, Francesco Potorti` wrote:
> full __h_exename_q
> /\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
> rawbody __b_exename_q
> /\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
ewww! $name="foo.com";
congrats, you just FPed. :)
If you're using 3.0, and you really feel a need to have a MICROSOFT_EXECUTABLE
rule, please see:
http://svn.apache.org/repos/asf/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/MSExec.pm
and
http://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_msexec.cf
--
Randomly Generated Tagline:
Randal can write one-liners again. Everyone is happy, and peace spreads
over the whole Earth.
-- Larry Wall in <[EMAIL PROTECTED]>
pgpOvLBGRL3Ry.pgp
Description: PGP signature
Webbi`s kleiner Datentoaster?
Does anyone know: Webbi`s kleiner Datentoaster or why they are trying to zone transfer surbl.org from the following addresses? 83.129.251.245 83.129.247.209 83.129.221.175 83.129.211.136 There is some evidence they maybe crackers. Does anyone know anything about them? These appear to be dynamic tiscali.de DSL addresses. Jeff C.
Re: Italian translation for unsafe_report
If you would like that to be an official part of the future SA releases, you should open a bugzilla ticket and attach a *.cf file with that rule in it. Loren > clear_unsafe_report_template > unsafe_report * ATTENZIONE: il messaggio originale non è testo puro, e > unsafe_report * potrebbe essere pericoloso da aprire con alcuni programmi di > unsafe_report * posta. Ad esempio, potrebbe contenere un virus, o confermare > unsafe_report * ad un mittente di spam che il messaggio è stato letto. Un > unsafe_report * modo sicuro per visualizzarne il testo (ma non le immagini o > unsafe_report * gli allegati) è salvarlo in un file e aprirlo con un editor. > unsafe_report *
Re: rules for ignorant spammers
I believe we have something like 70_sare_random.cf at rulesemporium that has a whole lot of these sort of things in it. Whether it has these exact cases I can't say without running a comparison, but I know we've accumulated a whole lot of the %-words in the last year. Loren - Original Message - From: "Francesco Potorti`" <[EMAIL PROTECTED]> To: Sent: Saturday, November 06, 2004 4:42 PM Subject: rules for ignorant spammers > header spammer_from From =~ /%FROM_USER@/ > describe spammer_from Ignorant spammer: variables in From: > scorespammer_from 5.0 > > header spammer_messageid Message-Id =~ /%MESSAGEID@|RND_LC_CHAR/ > describe spammer_messageid Ignorant spammer: variables in Message-Id: > scorespammer_messageid 5.0 > > header spammer_received Received =~ /%RECEIVED|%REC_WITH/ > describe spammer_received Ignorant spammer: variables in Received: > scorespammer_received 5.0 > > header spammer_reply_to Reply-to =~ /%FROM_USER@/ > describe spammer_reply_to Ignorant spammer: variables in Reply-to: > scorespammer_reply_to 5.0 > > header spammer_subjectSubject =~ /%CUSTOM_SUBJECT/ > describe spammer_subjectIgnorant spammer: variables in Subject: > scorespammer_subject3.5 > > full spammer_charset/charset=%CHARSET/ > describe spammer_charsetIgnorant spammer: variables in charset= > scorespammer_charset1.5 > > body spammer_text /%MAKE_TXT\[[0-9]/ > describe spammer_text Ignorant spammer: variables in text > scorespammer_text 1.5
Re: Customizing the SA error message?
How is it possible to use the report_hostname template setting to pick up on virtual domains? Or is it? Mine always uses the actual domain name of the machine itself; I'd rather use the virtual host name from the domain of the target user. > On 7/11/04 7:55 AM, "Theo Van Dinter" <[EMAIL PROTECTED]> wrote: > > > On Sun, Nov 07, 2004 at 07:39:00AM +1100, Gavin Cato wrote: > >> Is there a way to edit this apart from editing the source code? > > > > Yeah, it's configurable. Check out "perldoc Mail::SpamAssassin::Conf", > > look for "report" and "clear_report_template". :) > > > __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Re: Rules List
> Im using 3.0.. How do I get a hold of SURBLs ? Im still getting a lot of > the vicodin and medicine spam mail :( > > 71_sare_bml_pre25x.cf > > 71_sare_redirect_pre3.0.0.cf > > 72_sare_redirect_post3.0.0.cf > 70_sare_html_x30.cf > > 99_sare_fraud_post25x.cf > > 70_sare_header_x264_x30.cf > > 99_sare_fraud_pre25x.cf > > 70_sare_header_x30.cf > > 70_sare_genlsubj_x30.cf Notice anything interesting about the file names I left in the list above? They all have SA version numbers, indicating which SA versions they apply to. I absolutely guarantee that no matter which SA version you are running, at least one of those files is inappropriate. Please go back to www.rulesemporium.com/rules and READ the descriptions of the rule files, and then select the ones that are and ARE NOT appropriate for your configuration. Delete those that ARE NOT appropriate, as a start. Loren
Re: Original-Content-Type in header
On Sat, 6 Nov 2004 17:23:28 -0500, Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
>On Sat, Nov 06, 2004 at 05:18:29PM -0500, Tim Boyer wrote:
>> I'm using RH Enterprise, Sendmail Switch, MimeDefang 2.44 and
>> SpamAssassin 3.0.1. Somewhere in there a very few html messages are
>> having their content type changed to text/plain, and an
>> 'Original-Content-Type' line inserted, like so:
>>
>> Content-Type: text/plain
>> Original-Content-Type: text/html
>>
>> I've asked around on the MIMEDefang list, and have been told that that
>> string isn't being added by anything MIMEDefang is set to do. Does
>> anyone know if SpamAssassin could be changing this?
>
>Are you sure it's not just a bad spam program?
>
>If it is something changing the CT around, it's not SA. We either encapsulate
>the message, or add a handful of X-Spam headers.
Hmmm I think that just leaves Sendmail, then.
It's a newsletter. I know it's coming in as html, because I tossed a
little debugging log entry into MIMEDefang:
if ($type eq "text/html") {
md_graphdefang_log('html', $Subject, $RelayAddr);
}
so it's getting in as html.
OK, I'll turn off the attachment filter in Sendmail and see what
happens. Thanks much!
-- tim --
--
Tim Boyer
[EMAIL PROTECTED]
Re: Customizing the SA error message?
Thanks Theo, I found the necessary info in there, I should have looked there initially! One other question, sometimes the "preview" function merely previews the report template, i.e. -- Spam detection software, running on the system "assassin.nexon.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Spam detection software, running on the system "assassin.nexon.com.au", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. [...] -- Is there a way to always make it show the preview of the actual spam? Cheers Gav On 7/11/04 7:55 AM, "Theo Van Dinter" <[EMAIL PROTECTED]> wrote: > On Sun, Nov 07, 2004 at 07:39:00AM +1100, Gavin Cato wrote: >> Is there a way to edit this apart from editing the source code? > > Yeah, it's configurable. Check out "perldoc Mail::SpamAssassin::Conf", > look for "report" and "clear_report_template". :)
Re: Memory issues have forced me back to 2.64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott writes: > I did realize I had big evil running.. Which by removing that it cut my > memory usage to 42MB per child.. What is the recommended replacement for > big evil? Is it already part of 3.0.1? SURBL. Support for it is builtin to 3.0.x by default. All the people who are reporting massive memory usage on 3.0.x, please try *without* add-on rulesets. 42MB is still about twice the normal memory usage on an x86 platform, and that's all rules, if it's that size just after startup. - --j. > Thanks.. > > Loren Wilton wrote: > >>My personal experience is when I start spamd it gets up to about 90M per > >>child within the 1st minute of running. It never gets any higher than > >>that, at least that I have noticed. > > > > > > 90 megs is high for most people. Do you have bigevil or some such as a > > rules file? > > > > Loren -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBjYZ7MJF5cimLx9ARAgoRAKCxNlErm/R/Ak49KyxgjCSiuHEBwgCdG7xj DRVqLoz12BYDAhNpUywe/us= =Idhu -END PGP SIGNATURE-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Saturday 06 November 2004 01:00 pm, SA wrote: > I have a question here. Doesn't that require clamav to load the virus > signatures each time? If so, it would be pretty inefficient and > resource-hungry. Wouldn't the combination of > courier-maildrop/clamassassin and clamdscan be a lot faster since the > clamd daemon keeps the virus.db loaded? Well yes although this is true your accuracy goes out the door. The problem with clamd is that the built in mime parser is really bad and it also does not do a good job of unpacking attachments even if you have the flag set to scan mail. In my case I run a shell script that uses ripmime and then takes the parts and scans them. My detection rate is about 2-3 times higher using this method instead. I have tired different mime extracting proggies (about 4 or 5 all I could find at the time) and ripmime has by far the best mime support of any of them. Some of them were actually worse than the one built into clamav. So in th3e end the choice is your better detection or more speed. In my case as well as anybody who really cares about what gets through the server you really have to choose better security. Now if at some time in the future clamav starts using ripmime like they have talked about and if it does a better job of unpacking things then of course it would be better to use clamd. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
RE: threads
Can't we all just get along? =)
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 06, 2004 5:38 PM
To: users@spamassassin.apache.org
Subject: Re: threads
Are you a police officer? If so under what authority?
{^_^} (Let's see if I can get him to bi*ch about top posting too.)
- Original Message -
From: "Kai Schaetzl" <[EMAIL PROTECTED]>
> Jdow wrote on Fri, 5 Nov 2004 20:12:48 -0800:
>
> > And braying about it with loud complaints is pointless. It WILL
> > happen. Roll with the punches. If a broken email thread is the worst
> > thing that happens to you before you die even God would be astonished.
> >
>
> I don't see your point. If you don't say anything or tell someone about
> "things that will happen" things indeed will "keep to happen". It's
> obvious, that people don't know what they do by replying with a new
> message. Why shouldn't I tell them?
>
>
> Kai
Re: threads
> Are you a police officer? If so under what authority?
> {^_^} (Let's see if I can get him to bi*ch about top posting too.)
Are you a Troll? Looks that way.
And there is no need for police officers if the community polices itself!
I am very thankful to the folks (though sometimes they could have been
nicer about it) that took the time to point out my mistakes (thread
hijacking and top posting and lack of triming posts..) in effect
helping me to better myself and the community. If more people did this in
the real world (such as admonishing the @$$H0!3$ that litter, and those
that don't understand that cigarette butts are litter to...) we would all
be better off.
Again it is through the community helping out those that don't "Know
better" that eliminates the need for a "list moderator"
JP
a simple rule for detecting Microsoft executables
full __h_exename_q
/\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
rawbody __b_exename_q
/\bname=("?).+?\.(?:bas|bat|cmd|com|cpl|exe|js|jse|msi|mst|pcd|pif|reg|scr|sct|vb|vbe|vbs|wsc|wsf|wsh|xsl)\1[[:blank:]]*(?:;|$)/mi
meta ms_executable (__h_exename_q && !__b_exename_q)
describe ms_executable Suspect Microsoft executable
scorems_executable 107
Italian translation for unsafe_report
clear_unsafe_report_template unsafe_report * ATTENZIONE: il messaggio originale non è testo puro, e unsafe_report * potrebbe essere pericoloso da aprire con alcuni programmi di unsafe_report * posta. Ad esempio, potrebbe contenere un virus, o confermare unsafe_report * ad un mittente di spam che il messaggio è stato letto. Un unsafe_report * modo sicuro per visualizzarne il testo (ma non le immagini o unsafe_report * gli allegati) è salvarlo in un file e aprirlo con un editor. unsafe_report *
rules for ignorant spammers
header spammer_from From =~ /%FROM_USER@/ describe spammer_from Ignorant spammer: variables in From: scorespammer_from 5.0 header spammer_messageid Message-Id =~ /%MESSAGEID@|RND_LC_CHAR/ describe spammer_messageid Ignorant spammer: variables in Message-Id: scorespammer_messageid 5.0 header spammer_received Received =~ /%RECEIVED|%REC_WITH/ describe spammer_received Ignorant spammer: variables in Received: scorespammer_received 5.0 header spammer_reply_to Reply-to =~ /%FROM_USER@/ describe spammer_reply_to Ignorant spammer: variables in Reply-to: scorespammer_reply_to 5.0 header spammer_subjectSubject =~ /%CUSTOM_SUBJECT/ describe spammer_subjectIgnorant spammer: variables in Subject: scorespammer_subject3.5 full spammer_charset/charset=%CHARSET/ describe spammer_charsetIgnorant spammer: variables in charset= scorespammer_charset1.5 body spammer_text /%MAKE_TXT\[[0-9]/ describe spammer_text Ignorant spammer: variables in text scorespammer_text 1.5
a procmail rule with a dynamic timeout
Works on Sun. Timeout is lower with greater load average.
TIMEOUT=250 ## don't wait too long for children
SHELL=/usr/local/bin/bash ## it was set to the user's shell
EX_TEMPFAIL=75 # temporary failure: requeue
SPAMC=/usr/local/bin/spamc
SOCKETPATH=/var/spool/spamassassin/spamd-3.0.socket
SPAMCOPTS="-x -U $SOCKETPATH"
n="
" # newline, for LOG messages
## Compute a dynamic timeout depending on the one-minute load average
timeout=60
#timeout=`uptime|awk '{ x=$(NF-2); print x
15+int(200/(substr(x,1,length(x)-1)+0.1)) }'`
timeout=`set - $(uptime) && shift $(($#-3)) && x=10#${1//[.,]/} && echo
$((15+2/(x+10))) || echo 50`
maxsize=15# do not filter messages above this size
:0 fW
| $SPAMC $SPAMCOPTS -t $timeout -s $maxsize -u $LOGNAME
:0 e# failing because of timeout or system error
* !> $maxsize
{
## After an error or timeout we can either tell sendmail to requeue the
## message, by failing with EX_TEMPFAIL, or else give up and deliver an
## unfiltered message.
#
#timeout_behaviour=riaccoda # requeue the message
timeout_behaviour=consegna# deliver the unfiltered message
:0
* timeout_behaviour ?? riaccoda
# We want to requeue the message to sendmail for later processing
{
LOG="> errore o timeout ($timeout s) per $LOGNAME: rinuncio e
riaccodo$n"
EXITCODE=$EX_TEMPFAIL # Means: retry later; requeue
:0
#$INSPECTION.timeout# inspection copy
/dev/null # discard
}
:0 E
{
# We want to get rid of the message immediately, so we deliver it
unfiltered
LOG="> errore o timeout ($timeout s) per $LOGNAME: rinuncio e non
filtro$n"
}
}
