RE: Recreate bayes_toks and bayes_seen

[D.J. Fan]

Tuc at Beach House  wrote:
>> I've tried touching bayes_seen and bayes_toks, but when I go to
>> learn I get this error: Cannot open bayes databases
> /etc/mail/spamassassin/bayes/bayes_* R/O:
>> tie failed: Inappropriate file type or format
>>
>> How can I create the files?
>>
>> I'm using 2.63.
>>
>I cheated this morning myself and just picked a ham message and used
> sa-learn to do it.
>
>Tuc
I just turned on auto-learn temporarily and that seemed to do the tick.
I run 'sa-learn --rebuild' to create new files.
_
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

RE: Recreate bayes_toks and bayes_seen

[Mike Loiterman]

Tuc at Beach House  wrote:
>> I've tried touching bayes_seen and bayes_toks, but when I go to
>> learn I get this error: Cannot open bayes databases
> /etc/mail/spamassassin/bayes/bayes_* R/O:
>> tie failed: Inappropriate file type or format
>> 
>> How can I create the files?
>> 
>> I'm using 2.63.
>> 
>   I cheated this morning myself and just picked a ham message and used
> sa-learn to do it. 
> 
>   Tuc

I just turned on auto-learn temporarily and that seemed to do the tick.

--
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-442-0992
Email: [EMAIL PROTECTED]
PGP Key: 0xD1B9D18E

Re: Recreate bayes_toks and bayes_seen

[Matt Kettler]

At 05:00 PM 11/17/2004, Mike Loiterman wrote:
I had to blow away my bayes dbs and now I want to start over.
I've tried touching bayes_seen and bayes_toks, but when I go to learn
I get this error:
Cannot open bayes databases /etc/mail/spamassassin/bayes/bayes_* R/O:
tie failed: Inappropriate file type or format
How can I create the files?
First, don't use touch. Just delete the files. Let SA recreate them.
Also make sure that:
1) the path exists
2) /etc/mail/spamassasin/bayes is a world RWX directory (yes, 
world)

Recreate bayes_toks and bayes_seen

[Mike Loiterman]

 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I had to blow away my bayes dbs and now I want to start over.

I've tried touching bayes_seen and bayes_toks, but when I go to learn
I get this error:
Cannot open bayes databases /etc/mail/spamassassin/bayes/bayes_* R/O:
tie failed: Inappropriate file type or format

How can I create the files?

I'm using 2.63. 

- - --
Mike Loiterman
grantADLER
Tel: 630-302-4944
Fax: 773-442-0992
Email: [EMAIL PROTECTED]
PGP Key: 0xD1B9D18E

- -BEGIN PGP SIGNATURE-
Version: PGP 8.1
Comment: Digitally signed by Mike Loiterman

iQA/AwUBQZvIg2jZbUnRudGOEQI/qACeObvdUaWQcpyK11oQhEqr7VmzMp4An0I1
oUywg46Yps2CHgAy5s5W11yY
=ewia
- -END PGP SIGNATURE-

-BEGIN PGP SIGNATURE-
Version: PGP 8.1
Comment: Digitally signed by Mike Loiterman

iQA/AwUBQZvKDGjZbUnRudGOEQKZqACfdrW0Rv+yCXTgWToOXLYfn2Q5WOUAoLV6
JbBrPRkPSb0JTsbivVkYkR6Y
=8qV/
-END PGP SIGNATURE-

trying to get spamassassin & maildrop to play together

[Richard Harding]

I am trying to look at getting spamassassin 3.0 from the backport for 
Debian to work with maildrop and I am getting a bit confused. First I 
can't seem to get maildrop to read it's config file in /etc/maildroprc. 
I added the logfile "/var/log/maildrop" directive and created the 
logfile with the same permissions as the rest of the mail logs, but it 
won't write in it. Maildrop is working and set to be the mailbox_command 
in the postfix mail.cf.

I guess I need to get the maildroprc file working before any directives 
to use spamassassin in an xfilter would be helpful. Anyone have an idea 
why I can't get this file to be used and how best to set up spamassassin 
to mark up messages and place them in the users Spam folder in their 
maildir?

I currently have copied this from searching the mail archives:
-
cat /etc/maildroprc
logfile "/var/log/maildrop"
VERBOSE="5"
log ""
xfilter "/usr/bin/spamc -f"
if (/^X-Spam-Flag: YES/   \ # Watch out for header 
line added by Spamassassin.)
{
  log "- Spam
general. "
to "Maildir/.Spam"
#DELTAG=1
}
-

Thanks for the help.
Rick

Re: [OT] Amavisd memory usage

[Michael W Cocke]

Thanks!

Mike-


On Wed, 17 Nov 2004 12:19:27 -0800, you wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>
>yep, it's normal; big/complex messages result in bigger allocations,
>and those allocs don't get returned to the OS until the process
>exits.
>
>- --j.
>
>Michael W Cocke writes:
>> This is off topic and I apologize, but I really couldn't think of a
>> better place to ask.  I'm using Postfix 2.1.5/Amavisd 2.1.2/SA 3.01,
>> and I just noticed something odd. Looking at top, the 5 copies of
>> amavisd (I pre-spawn 4) have different memory usage numbers, with the
>> oldest amavis using the most memory, and decreasing down to the newest
>> copy.
>> 
>> Is this normal?  I would have expected them to be using the same
>> amount of memory, unless there's a leak somewhere.
>> 
>> Mike-
>> 
>> --
>> If you can keep your head while those around you are losing theirs...
>> You may have a great career as a network administrator ahead!
>> --
>> Please note - Due to the intense volume of spam, we have installed 
>> site-wide spam filters at catherders.com.  If email from you bounces,
>> try non-HTML, non-encoded, non-attachments,
>-BEGIN PGP SIGNATURE-
>Version: GnuPG v1.2.4 (GNU/Linux)
>Comment: Exmh CVS
>
>iD8DBQFBm7JPMJF5cimLx9ARAsfwAJ9eHwszyhQ1lXDBoF9FDSyI8FnJEACeNLAd
>0v0GROMKqin/ITdDpiFx8jI=
>=2eh7
>-END PGP SIGNATURE-
>

--
If you can keep your head while those around you are losing theirs...
You may have a great career as a network administrator ahead!
--
Please note - Due to the intense volume of spam, we have installed 
site-wide spam filters at catherders.com.  If email from you bounces,
try non-HTML, non-encoded, non-attachments,

RE: Problem after upgrading Spam Assassin to 3.0.1

[Bowie Bailey]

From: Brian O'Neill [mailto:[EMAIL PROTECTED]
> 
> Bowie Bailey wrote:
> 
> >From: Brian O'Neill [mailto:[EMAIL PROTECTED]
> >  
> >
> >>I am new to mailing lists and Linux so please excuse some of the 
> >>mistakes I know I am going to make.
> >>
> >>I just started working at this company and their mail server was
> >>already setup. Recently my boss was complaining that he is
> >>receiving a lot of spam now. I saw that the last release came out
> >>around October 25, 2004 and that's the day I started work, so I
> >>figured Spam Assassin should probably be upgraded. I downloaded the
> >>tar file and extracted it. Then I untared the file and began the
> >>installation: perl Makefile.PL, make, and then make install. I
> >>think when I tried to run spamd I got an error message about
> >>Required module Storable not found!. I force installed the module
> >>after finding someone else's solution to the problem.  Then I got
> >>an error about bayes db version 0 is not able to be used,
> >>aborting!.
> >>
> >>
> >
> >You need to install all of the required Perl modules including
> >Storable.  You can install them direct from CPAN like this:
> >
> >perl -MCPAN -e shell
> >
> >If you have never run this before, it will take you through a
> >configuration routine before giving you the "cpan>" prompt.  Once you
> >have the "cpan>" prompt, you can install modules with the command
> >"install modulename".  I would suggest you install these modules:
> >
> >Storable
> >Digest::SHA1
> >HTML::Parser
> >MIME::Base64
> >DB_File
> >Net::DNS
> >Net::SMTP
> >Mail::SPF::Query
> >Time::HiRes
> >
> >Note that these module names are case-sensitive.
> >
> >You can also install and upgrade SpamAssassin from CPAN the same way.
> >Just install the module "Mail::SpamAssassin".
> >
> >Once you have these modules installed, try SpamAssassin again and see
> >what happens.
> >
> >You should also read the README, UPGRADE, and INSTALL files:
> >http://spamassassin.apache.org/doc.html
> >(These are also included in the tar file you downloaded)
> >
> >Bowie
> >
> >  
> >
> Ok I just installed all the modules you listed. When I run 'spamd
> restart' I get 'Could not create INET socket on 127.0.0.1:783:
> Address already in use (IO::Socket::INET: Address already in use)'.
> What does this message mean?

Please keep these messages on the list.  I use SpamAssassin, but I am
not an expert by any means.  Keeping the discussion on the list
allows others to contribute and also allows the discussion to be
archived for future reference.

The message means exactly what it says.  Spamd is trying to listen on
port 783, but it can't because another program is already listening
to that address.  My guess would be that your old version of spamd is
still active.

If you are running linux, you can see what is listening on the port
with this command:

netstat -lnp | grep :783

The last thing listed is the pid and program name of the process
currently listening on port 783.

You can then get the command line that started the process like this:

ps -wwfp pid
(where "pid" is the pid number found with the netstat command)

Bowie

Re: kinda OT procmailrc

[ChupaCabra]

I took the trailing slash off and it was just chunking my mail into the 
Maildir.  Not in tmp, new or current.  The users didn't like that and 
then I had to go put them in the right spot.   :-)

The \[SPAM\] escapes worked wonders though.
Bob Proulx wrote:
You need to understand that Maildir format mailboxes are really
directories with three subdirectories under them, new, tmp, and cur.
The combination of those things make a Maildir format mailbox.
 Maildir/{new,tmp,cur}  -- One maildir mailbox.
You refer to that one mailbox as a single thing with a trailing slash.
Example:
 :0
 Maildir/
 

--
Michael H. Collins  Admiral, Penguinista Navy
http://linuxlink.com
/"\ASCII Ribbon Campaign
\ / No HTML/RTF in email
x   No Word docs in email
/ \ Respect for open standards
The eye that looks ahead to the safe course is closed forever.
   -Paul Muad'Dib (Dune)

Re: [OT] Amavisd memory usage

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


yep, it's normal; big/complex messages result in bigger allocations,
and those allocs don't get returned to the OS until the process
exits.

- --j.

Michael W Cocke writes:
> This is off topic and I apologize, but I really couldn't think of a
> better place to ask.  I'm using Postfix 2.1.5/Amavisd 2.1.2/SA 3.01,
> and I just noticed something odd. Looking at top, the 5 copies of
> amavisd (I pre-spawn 4) have different memory usage numbers, with the
> oldest amavis using the most memory, and decreasing down to the newest
> copy.
> 
> Is this normal?  I would have expected them to be using the same
> amount of memory, unless there's a leak somewhere.
> 
> Mike-
> 
> --
> If you can keep your head while those around you are losing theirs...
> You may have a great career as a network administrator ahead!
> --
> Please note - Due to the intense volume of spam, we have installed 
> site-wide spam filters at catherders.com.  If email from you bounces,
> try non-HTML, non-encoded, non-attachments,
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBm7JPMJF5cimLx9ARAsfwAJ9eHwszyhQ1lXDBoF9FDSyI8FnJEACeNLAd
0v0GROMKqin/ITdDpiFx8jI=
=2eh7
-END PGP SIGNATURE-

RE: SURBL and DNS wildcards

[Chris Santerre]

>-Original Message-
>From: Dallas L. Engelken [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, November 17, 2004 2:23 PM
>To: users@spamassassin.apache.org
>Subject: RE: SURBL and DNS wildcards
*snip*
>
>Chris or Jeff can correct me if I'm wrong, but only the registered
>domain names go into SURBL lists, not host.domain.tld.
>

You? Wrong? Never! :)

That is correct, only the reg domains go in. I tried adding dirt, snails,
and puppydog tails, but it got rejected.

--Chris

Re: Configuring bayes lock file locations?

[Jim Maul]

brian wrote:
After upgrading to 3.0.1 I've been having problems with bayes.  This may 
be a question for the mimedefang guys, but I'll start here.

I have upgraded the databases, and its now reading correctly, as I get 
bayes scoring now.  However autoupdates are failing because of lock 
files...

In my config I have:
bayes_path  /var/spool/MIMEDefang
Maillog is reporting:
Nov 17 12:54:02 lithium mimedefang-multiplexor[35151]: Slave 0 stderr: 
bayes: lock: 35570 cannot create tmp lockfile 
/var/spool/MIMEDefang.lock.host.domain.com.35570 for 
/var/spool/MIMEDefang.lock: Permission denied

This seems to me a spamassassin error message.  It appears that I need 
to be able to configure where the lock file is written.  /var/spool is 
not an option since its not a very good idea to loosen permissions here 
for obvious security reasons (not to mention mimedefang will tell you to 
sod off until you fix it).

There's been some other weirdness with it looking for databases in 
/var/spool/MIMEDefang/ ... using MIMEDefang_seen and MIMEDefang_toks 
(instead of bayes_seen and bayes_toks)... but then going looking for 
/var/spool/MIMEDefang_journal.

The behavior your seeing is correct for the settings you are using. 
Remember, bayes_path is not really a path, but a path + beginning of the 
bayes files.  Therefore, /var/spool/MIMEDefang as a bayes path will 
leave you with files called /var/spool/MIMEDefang_toks, _journal, etc. 
If you meant to actually have all files stored in a 
/var/spool/MIMEDefang/ directory, then you will need to set bayes path 
to /var/spool/MIMEDefang/bayes so that it will prepend all files in the 
/var/spool/MIMEDefang directory with "bayes_"

Hope this helps.
-Jim
Im not sure if this is already an FAQ or not, but it definitely should 
be.  With the misnomer "Bayes path" and the number of people asking 
about this, it could save some time.

RE: SURBL and DNS wildcards

[Dallas L. Engelken]

>
> I've been having a few spams slip through recently that 
> aren't hitting some of the SURBLs. Upon checking them using 
> the tool at:
> 
> http://www.rulesemporium.com/cgi-bin/uribl.cgi
> 
> I've noticed that some of the root domains are listed, but 
> the full exanded domain may not be. For instance one spam has 
> this URL in it:
> 
>  http://i.net.helpfulinfobox.com/?ggobwyvaxpngp
> 
> 
> Now helpfulinfobox.com is listed on ws ob and multi, but
> 
> net.helpfulinfobox.com is not
> i.net.helpfulinfobox.com is also not
> 
> It appears the spammer is using DNS wildcards as anything you 
> throw before helpfulinfobox.com gets resolved.
> 
> dig z.foo.helpfulinfobox.com->   222.47.122.8
> dig yo.momma.helpfulinfobox.com ->   222.47.122.8
> 
> Question, is this an effective was to spoof SURBL checkers? 
> Or does the checking code check each domain element in order 
> looking for a hit:
> 
> i.net.helpfulinfobox.com
> net.helpfulinfobox.com
> helpfulinfobox.com
> 

The SA code will pull the true domain name using its ccTLD code to infer
the domain name.  That is what is checked against SURBL.   The checker
that you are using above uses the same Util/RegistrarBoundaries.pm file
as used in your SA bundle.

Prior to using this, I just looped through FQDN's until I hit the last 2
segments.  This is no longer needed and I should probably update the
code on it.

Chris or Jeff can correct me if I'm wrong, but only the registered
domain names go into SURBL lists, not host.domain.tld.

Dallas

Re: DB_File errors

[Michael Barnes]

On Wed, Nov 17, 2004 at 06:53:26PM +, James Marquez wrote:
> They seem to be exactly the same errors Keith Hackworth was getting
> on his posting "sa-learn --dump magic returns DB_File errors" Date;
> thu, 21 Oct 2004 He says this is a problem with DB_File needing to
> set LD_LIBRARY_PATH during runtime. I ran into the same problem when
> I compiled the module.  His fix was to run "crle -l /usr/lib -l
> /usr/local/lib" "crle" configures the runtime linking environment. My
> problem is he is using Solaris 8, and I am on Solaris 2.5.1. There is
> no "crle" for 2.5.1 I am wondering if there is another way of doing
> this or should I just uninstall DB_File, I think spamassassin can run
> with out it.

James,

Solaris 2.5.1 is something like 8 years old and your going to keep
having these kinds of issues until you upgrade.

Anyway, some solutions in the interim.

You could set the LD_LIBRARY_PATH environment variable before running
spamassassin or spamd.  However, this is not too good of a fix because
the LD_LIBRARY_PATH does not get passed in the environment when
suid()ing to another user.

The best thing that I always try to do on solaris is to link with the
'-R /some/library/path' swich.  I believe that works in 2.5.1.  What
this switch does is basically forces the library lookup path to be
embedded in the application.

However, I do not know if this will work with Perl modules because they
are not applications, but rather libraries.  You might have to relink
the perl binary itself with these flags.

Another thing to do would be to simply remove all of the .so files
in /usr/local/lib and use the static libraries instead (if they are
available, for every .so you remove there should be a file with the same
name ending in .a).  This will use more memory, but eliminates some
problems.

If you are using SA 3.X, another thing you could try is to use a SQL
database instead of the DB_File database.  In my experience, the SQL
database is superior to any of the flatfile formats.  But if your not
experienced managing databases, this might be more trouble than its
workth.

Hope this helps,

Mike

-- 
/-\
| Michael Barnes <[EMAIL PROTECTED]> |
| UNIX Systems Administrator  |
| College of William and Mary |
| Phone: (757) 879-3930   |
\-/

Configuring bayes lock file locations?

[brian]

After upgrading to 3.0.1 I've been having problems with bayes.  This may be 
a question for the mimedefang guys, but I'll start here.

I have upgraded the databases, and its now reading correctly, as I get 
bayes scoring now.  However autoupdates are failing because of lock files...

In my config I have:
bayes_path  /var/spool/MIMEDefang
Maillog is reporting:
Nov 17 12:54:02 lithium mimedefang-multiplexor[35151]: Slave 0 stderr: 
bayes: lock: 35570 cannot create tmp lockfile 
/var/spool/MIMEDefang.lock.host.domain.com.35570 for 
/var/spool/MIMEDefang.lock: Permission denied

This seems to me a spamassassin error message.  It appears that I need to 
be able to configure where the lock file is written.  /var/spool is not an 
option since its not a very good idea to loosen permissions here for 
obvious security reasons (not to mention mimedefang will tell you to sod 
off until you fix it).

There's been some other weirdness with it looking for databases in 
/var/spool/MIMEDefang/ ... using MIMEDefang_seen and MIMEDefang_toks 
(instead of bayes_seen and bayes_toks)... but then going looking for 
/var/spool/MIMEDefang_journal.

Anyway, if someone knows if its possible to configure where the lockfile is 
written in spamassassin, that would be much appreciated.

brian.

SURBL and DNS wildcards

[Jeremy Rumpf]

I've been having a few spams slip through recently that aren't hitting some of 
the SURBLs. Upon checking them using the tool at:

http://www.rulesemporium.com/cgi-bin/uribl.cgi

I've noticed that some of the root domains are listed, but the full exanded 
domain may not be. For instance one spam has this URL in it:

 http://i.net.helpfulinfobox.com/?ggobwyvaxpngp


Now helpfulinfobox.com is listed on ws ob and multi, but

net.helpfulinfobox.com is not
i.net.helpfulinfobox.com is also not

It appears the spammer is using DNS wildcards as anything you throw before 
helpfulinfobox.com gets resolved.

dig z.foo.helpfulinfobox.com->   222.47.122.8
dig yo.momma.helpfulinfobox.com ->   222.47.122.8

Question, is this an effective was to spoof SURBL checkers? Or does the 
checking code check each domain element in order looking for a hit:

i.net.helpfulinfobox.com
net.helpfulinfobox.com
helpfulinfobox.com

Thanks,
Jeremy

DB_File errors

[James Marquez]

I am getting the following erros with DB_File when I test spamassassin. 
{101} spamassassin < /export/new_stuff/Mail-SpamAssassin-3.0.1/
sample-spam.txt 
Use of uninitialized value in numeric gt (>) at /usr/local/lib/perl5/5.8.5/sun4-
solaris/DB_File.pm line 271.
Deep recursion on subroutine "DB_File::AUTOLOAD" 
at /usr/local/lib/perl5/5.8.5/sun4-solaris/DB_File.pm line 234.

They seem to be exactly the same errors Keith Hackworth was getting on his 
posting "sa-learn --dump magic returns DB_File errors" Date; thu, 21 Oct 2004
He says this is a problem with DB_File needing to set LD_LIBRARY_PATH during 
runtime. I ran into the same problem when I compiled the module. 
His fix was to run "crle -l /usr/lib -l /usr/local/lib" 
"crle" configures the runtime linking environment. My problem is he is using 
Solaris 8, and I am on Solaris 2.5.1. There is no "crle" for 2.5.1 I am 
wondering if there is another way of doing this or should I just uninstall 
DB_File, I think spamassassin can run with out it.

cheers

-James

Re: kinda OT procmailrc

[Bob Proulx]

ChupaCabra wrote:
> Bob Proulx wrote:
> > MAILDIR=$HOME/Mail
> > DEFAULT=$MAILDIR/Maildir/
> >
> >You have MAILDIR in $HOME so this is a change from that and moves it
> >into $HOME/Mail.  But as a user I would hate my ISP if they put
> >$MAILDIR in $HOME.  Use a subdirectory!
>
> the actual directory is like /home/mike/Maildir/new
> 
> Maildir also has tmp and cur

You need to understand that Maildir format mailboxes are really
directories with three subdirectories under them, new, tmp, and cur.
The combination of those things make a Maildir format mailbox.

  Maildir/{new,tmp,cur}  -- One maildir mailbox.

You refer to that one mailbox as a single thing with a trailing slash.
Example:

  :0
  Maildir/

> So does your solution remain the same.  It is working hours so I can't 
> fsck it up when I change it.

Yes.  All relative mailboxes, paths without a leading /, will be
relative to $MAILDIR.  So the above is the same as:

  :0
  $MAILDIR/Maildir/

That will put the new message in $MAILDIR/Maildir/tmp/message and then
move it to $MAILDIR/Maildir/new/message.  When you have read it the
message will be moved to $MAILDIR/Maildir/cur/message.

Bob

Re: Solaris compile ld: fatal: Symbol referencing errors

[James Marquez]

James Marquez  hotmail.com> writes:

> 
> Well I seem to have a problem getting Spamassassin 3.0.1 to compile. I am 
> running Solaris 2.5.1 with Perl 5.8.5 and gcc 3.3.2. I have been able to 
> install all the required perl modules. Now I want to finally install 
> Spamassassin and I get this error:
> " " " " " " " "
> checking for in_addr_t... no
> checking for INADDR_NONE... no
> checking for EX__MAX... yes
> configure: creating ./config.status
> config.status: creating Makefile
> config.status: creating config.h
> make -f spamc/Makefile spamc/spamc
> make[1]: Entering directory `/export/new_stuff/Mail-SpamAssassin-3.0.1'
> gcc  -g -O2 spamc/spamc.c spamc/libspamc.c spamc/utils.c \
> -o spamc/spamc   -ldl -lnsl -lsocket 
> Undefined   first referenced
>  symbol in file
> snprintf/var/tmp//ccBlGmez.o
> vsnprintf   /var/tmp//ccBlGmez.o
> ld: fatal: Symbol referencing errors. No output written to spamc/spamc
> collect2: ld returned 1 exit status
> make[1]: *** [spamc/spamc] Error 1
> make[1]: Leaving directory `/export/new_stuff/Mail-SpamAssassin-3.0.1'
> make: *** [spamc/spamc] Error 2
> 
> I am stuck here so if anybody knows what I might be missing I would 
appreciate 
> a hint. Maybe this is a solaris issue, I have seen postings on this list 
> suggesting downgrading gcc in order to compile. 
> Well any ideas would help.
> cheers
> 
> -James
> 
> 
> 
OK thanks to all who who tried to help me. Here is what I found and how I 
solved it. First of all also thanks to Steven M. Christensen from 
Sunfreeware.com. Yes indeed Solaris 2.5.1 does not come with snprintf, Steve 
has packaged them on his site. Go ahead and install these first [vsnprintf is 
part of the package]. Then "perl Makefile" --> "make" you will get the same 
error. Cd to spamc and edit "Makefile" [can not do this before because make has 
not set this up yet] and add the flag "-lsnprintf" to LIBS = 
then run "make" again. It should now compile correctly.
cheers

-James  

RE: Problem after upgrading Spam Assassin to 3.0.1

[Bowie Bailey]

From: Brian O'Neill [mailto:[EMAIL PROTECTED]
> 
> I am new to mailing lists and Linux so please excuse some of the 
> mistakes I know I am going to make.
> 
> I just started working at this company and their mail server was
> already setup. Recently my boss was complaining that he is
> receiving a lot of spam now. I saw that the last release came out
> around October 25, 2004 and that's the day I started work, so I
> figured Spam Assassin should probably be upgraded. I downloaded the
> tar file and extracted it. Then I untared the file and began the
> installation: perl Makefile.PL, make, and then make install. I
> think when I tried to run spamd I got an error message about
> Required module Storable not found!. I force installed the module
> after finding someone else's solution to the problem.  Then I got
> an error about bayes db version 0 is not able to be used,
> aborting!.

You need to install all of the required Perl modules including
Storable.  You can install them direct from CPAN like this:

perl -MCPAN -e shell

If you have never run this before, it will take you through a
configuration routine before giving you the "cpan>" prompt.  Once you
have the "cpan>" prompt, you can install modules with the command
"install modulename".  I would suggest you install these modules:

Storable
Digest::SHA1
HTML::Parser
MIME::Base64
DB_File
Net::DNS
Net::SMTP
Mail::SPF::Query
Time::HiRes

Note that these module names are case-sensitive.

You can also install and upgrade SpamAssassin from CPAN the same way.
Just install the module "Mail::SpamAssassin".

Once you have these modules installed, try SpamAssassin again and see
what happens.

You should also read the README, UPGRADE, and INSTALL files:
http://spamassassin.apache.org/doc.html
(These are also included in the tar file you downloaded)

Bowie

RE: any rules for RelayCountry?

[Martin]

|-Original Message-
|From: Eric A. Hall [mailto:[EMAIL PROTECTED] 
|Sent: 17 November 2004 17:42
|To: [EMAIL PROTECTED]
|Subject: any rules for RelayCountry?
|
|
|I'm looking to use the RelayCountry plugin data but there 
|doesn't seem to be any rules. Anybody know of any?
|
|Specifically looking to score mail that has passed through AR or LB.
|
|Thanks
|
|-- 
|Eric A. Hall
|http://www.ehsco.com/
|Internet Core Protocols  
|http://www.oreilly.com/catalog/coreprot/
|

Here's some rules I use, utilising the nerds.dk lists, not sure if its what
you are looking for.

You an also add the following to your 25_uribl.cf to check the body for
china/korea

uridnsblURIBL_CNKR  cn-kr.blackholes.us TXT
bodyURIBL_CNKR  eval:check_uridnsbl('URIBL_CNKR')
describeURIBL_CNKR  Contains a URL listed in China/Korea 
tflags  URIBL_CNKR  net
Score URIBL_CNKR 2.5

Martin


20_dnsblx_tests.cf
Description: Binary data

Problem after upgrading Spam Assassin to 3.0.1

[Brian O'Neill]

Hello,
I am new to mailing lists and Linux so please excuse some of the 
mistakes I know I am going to make.

I just started working at this company and their mail server was already 
setup. Recently my boss was complaining that he is receiving a lot of 
spam now. I saw that the last release came out around October 25, 2004 
and that's the day I started work, so I figured Spam Assassin should 
probably be upgraded. I downloaded the tar file and extracted it. Then I 
untared the file and began the installation: perl Makefile.PL, make, and 
then make install. I think when I tried to run spamd I got an error 
message about Required module Storable not found!. I force installed the 
module after finding someone else's solution to the problem. Then I got 
an error about bayes db version 0 is not able to be used, aborting!. So 
I ran all the commands I saw in 
http://wiki.apache.org/spamassassin/BayesUpgradeError, like sa-learn 
--sync, sa-learn --dump magic, and sa-learn --rebuild.
sa-learn --dump magic gave me the following output:
0.000  0  3  0  non-token data: bayes db version
0.000  0   7470  0  non-token data: nspam
0.000  0   1125  0  non-token data: nham
0.000  0 248547  0  non-token data: ntokens
0.000  0 1100647013  0  non-token data: oldest atime
0.000  0 1100711382  0  non-token data: newest atime
0.000  0 1100711442  0  non-token data: last journal 
sync atime
0.000  0 1100647013  0  non-token data: last expiry atime
0.000  0  0  0  non-token data: last expire 
atime delta
0.000  0  0  0  non-token data: last expire 
reduction count

Now the last time I tried to do, spamd restart, nothing would happen, no 
messages would appear or anything. So I decided to let it sit for awhile 
to see if it just needed more time and when I checked on it I got the 
message that the software closed the connection or something. So I 
logged in again and when I tried to run spamd restart again now I get 
this message: Could not create INET socket on 127.0.0.1:783: Address 
already in use (IO::Socket::INET: Address already in use). I'm not sure 
if this is a bad thing or even what it means. Can anyone tell me if I 
messed something up or what I have to do to get rid of that message. 
Here are some other things I tried after doing a google search:

mail:/usr/src/Mail-SpamAssassin-3.0.1# spamd restart
Could not create INET socket on 127.0.0.1:783: Address already in use 
(IO::Socket::INET: Address already in use)
mail:/usr/src/Mail-SpamAssassin-3.0.1#
mail:/usr/src/Mail-SpamAssassin-3.0.1# spamd stop
Could not create INET socket on 127.0.0.1:783: Address already in use 
(IO::Socket::INET: Address already in use)
mail:/usr/src/Mail-SpamAssassin-3.0.1#
mail:/usr/src/Mail-SpamAssassin-3.0.1# telnet 127.0.0.1 783
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
quit
SPAMD/1.0 76 Bad header line: quit
Connection closed by foreign host.
mail:/usr/src/Mail-SpamAssassin-3.0.1#
mail:/usr/src/Mail-SpamAssassin-3.0.1# which spamassassin
/usr/local/bin/spamassassin
mail:/usr/src/Mail-SpamAssassin-3.0.1# spamassassin --version
SpamAssassin version 3.0.1
running on Perl version 5.6.1
mail:/usr/src/Mail-SpamAssassin-3.0.1#

Any help would be greatly appreciated.
Thank you
Brian O'Neill

any rules for RelayCountry?

[Eric A. Hall]

I'm looking to use the RelayCountry plugin data but there doesn't seem to
be any rules. Anybody know of any?

Specifically looking to score mail that has passed through AR or LB.

Thanks

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

[OT] Amavisd memory usage

[Michael W Cocke]

This is off topic and I apologize, but I really couldn't think of a
better place to ask.  I'm using Postfix 2.1.5/Amavisd 2.1.2/SA 3.01,
and I just noticed something odd. Looking at top, the 5 copies of
amavisd (I pre-spawn 4) have different memory usage numbers, with the
oldest amavis using the most memory, and decreasing down to the newest
copy.

Is this normal?  I would have expected them to be using the same
amount of memory, unless there's a leak somewhere.

Mike-

--
If you can keep your head while those around you are losing theirs...
You may have a great career as a network administrator ahead!
--
Please note - Due to the intense volume of spam, we have installed 
site-wide spam filters at catherders.com.  If email from you bounces,
try non-HTML, non-encoded, non-attachments,

Re: Custom Russian ruleset?

[Eugene Morozov]

Pierre Thomson wrote:
Well... Bayes certainly works on Russian words.  Most Russian spam is correctly 
recognized by my Bayes-enabled SpamAssassin.  If you DON'T want any Russian 
email you can make a rule for the Cyrillic character set, but to write custom 
rules against Russian spam would be difficult.
Recent versions of SpamAssassin (starting with 3.0, I guess) strip all 
chars with codes > 128 before feeding message to bayes.
Eugene

RE: Custom Russian ruleset?

[Pierre Thomson]

Well... Bayes certainly works on Russian words.  Most Russian spam is correctly 
recognized by my Bayes-enabled SpamAssassin.  If you DON'T want any Russian 
email you can make a rule for the Cyrillic character set, but to write custom 
rules against Russian spam would be difficult.

Pierre Thomson
BIC


-Original Message-
From: Eugene Morozov [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 17, 2004 9:22 AM
To: Kjetil Kjernsmo
Cc: users@spamassassin.apache.org
Subject: Re: Custom Russian ruleset?


Kjetil Kjernsmo wrote:
> Hi!
> 
> I was wondering whether someone has a custom Russian ruleset? 
> 
> I have a user who reads Russian, and allthough I don't think he does 
> write with any Russians now, I don't want to block the language. There 
> is a significant amount of Russian spam getting through though, so a 
> Russian ruleset would be nice. 

Such ruleset would be hard to create as SpamAssassin doesn't support 
national encodings. You can only block or allow specific languages 
and/or charsets, but creating rules that will match words written in 
language other than English is impossible.
Eugene

Re: Custom Russian ruleset?

[Eugene Morozov]

Kjetil Kjernsmo wrote:
Hi!
I was wondering whether someone has a custom Russian ruleset? 

I have a user who reads Russian, and allthough I don't think he does 
write with any Russians now, I don't want to block the language. There 
is a significant amount of Russian spam getting through though, so a 
Russian ruleset would be nice. 
Such ruleset would be hard to create as SpamAssassin doesn't support 
national encodings. You can only block or allow specific languages 
and/or charsets, but creating rules that will match words written in 
language other than English is impossible.
Eugene

Re: kinda OT procmailrc

[NM Public]

On 17 Nov 2004 Alex Pleiner ([EMAIL PROTECTED]) wrote:
* ChupaCabra <[EMAIL PROTECTED]> [2004-11-16 17:11]:
#:0:
#* ^Subject:.*[SPAM]
#$HOME/probably-spam/
Consider quoting the brackets:
* ^Subject: \[SPAM\]

Hopefully that will solve the problem, but in addition I 
recommend that you change these two lines:

MAILDIR=$HOME/Maildir/
DEFAULT=$HOME/Maildir/
to this one line:
MAILDIR=$HOME/Maildir
i.e., remove the trailing slash in your MAILDIR setting and do 
not explicitly set DEFAULT (instead use the procmail compiled-in 
DEFAULT and if it is wrong, re-compile procmail).

I discuss these issues in my Procmail Quick Start in this 
section:

 
which among other things says this:
 # * Upon reading a line that contains MAILDIR=
 #Procmail does a chdir to $MAILDIR and
 #relative paths are relative to $MAILDIR
 # * Do not include a trailing slash in your MAILDIR setting
 # * The MAILDIR variable is an entirely different entity from the maildir 
mailbox format
And in this section:
 
which says this:
 If you are using maildir-formatted mailboxes, it is best to
 specify both $ORGMAIL and $DEFAULT in the procmail source code
 and recompile.
Hope this helps,
NM
--
Infinite Ink: 
Reverse Spam Filtering: 
Procmail Quick Start: 
IMAP Service Providers: 

RE: spamd logging with wrong timestamp?

[Mike Kercher]

Dimitry Peisakhov wrote:
> Hi guys,
> 
>I've recently discovered that my spamd is writing to the logs with
> the incorrect timestamp. It looks like its using GMT to timestamp
> instead of the actual time on the box (11hr difference). I fixed this
> previously by restarting the service, but its not doing the trick
> now.. Anyone have ideas about this? There doesnt seem to be any
> switches for spamd to control timestamps or timezone config. 
> 
> thanks,
> Regards,
> 
> Dimitry Peisakhov
> Systems Administrator
> 
> HENRY WALKER ELTIN
> 02 8875 4721
> [EMAIL PROTECTED]

I had a similar problem a couple of weeks ago with a machine that had an
older OS on it.  sendmail was logging the correct timestamp but MailScanner
was logging about 2 hours behind.  The way I resolved it was to add the '-r'
switch to my syslog initscript.

Mike

Custom Russian ruleset?

[Kjetil Kjernsmo]

Hi!

I was wondering whether someone has a custom Russian ruleset? 

I have a user who reads Russian, and allthough I don't think he does 
write with any Russians now, I don't want to block the language. There 
is a significant amount of Russian spam getting through though, so a 
Russian ruleset would be nice. 

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED]  [EMAIL PROTECTED]  [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC

Re: kinda OT procmailrc

[Alex Pleiner]

* ChupaCabra <[EMAIL PROTECTED]> [2004-11-16 17:11]:
> Is it not kosher to have both a /etc/procmailrc and a $USER/.procmailrc


> #:0:
> #* ^Subject:.*[SPAM]
> #$HOME/probably-spam/

Consider quoting the brackets:

* ^Subject: \[SPAM\]

Alex

-- 
Alex Pleinerzeitform Internet Dienste
mailto:[EMAIL PROTECTED]  Fraunhoferstraße 5
PGP S/MIME: http://key.zeitform.de/ap   64283 Darmstadt, Germany
Tel./Fax: +49 (0) 6151 155-635 / -634   http://www.zeitform.de
Jabber: [EMAIL PROTECTED]

Re: Tuning SpamAssassin

[Martin Hepworth]

Dimitry
any RBL's in the SA setup? If so are you using a local caching 
nameserver or zone-tranfering from the RBL - either may help.

using a MailScanner, sendmail, SA combo that machine should be able to 
shift close to 750,000 messages a day easy.

It's also been noted that zmailer had tons more performance than postfix 
or sendmail on the same box...

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Dimitry Peisakhov wrote:
I tried doing this on my Spamassassin 3.0.1, Postfix2, Redhat Enterprise box
on dual 1.5ghz xeon 1gb memory hardware, and i'm not sure if it made any
difference.
I;ve been quite disappointed with spamd performance on a box with that much
grunt (?). During peak times we get hit with about 1msg/sec and spamd cant
quite keep up with that, with the incoming mailqueue growing to 1000+ a
times. Spamd logs report spam identification taking from as little as
0.2secs to as long as 5.0secs, with the average being 1.8 seconds or so. Is
this the type of performance i should be expecting?
The above stats are for spamd running in default config, without playing
with max-children or max-connections.
I also have Anomy sanitizer (a filter that removes dangerous email
attachments) (no damonized version of this available) along with spamd which
get launched form the same script, so the max-children setting would also
apply to Anomy. It also chews some cpu, but not much because no textual
analysis is actually needed for it. Disabling it doesnt seem to have an
impact on the box's performance.
Anyone out there have any tips on how to tune Spamassassin for better
performance?
thanks in advance,
Regards, Dimitry
-Original Message-
From: Paul Crittenden [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 November 2004 7:29 AM
To: users@spamassassin.apache.org
Subject: Fwd: Re: Tuning SpamAssassin
Well, I'm not sure exactly what fixed my problem but it is working fine 
now. I'll just need to pay attention and see if there is any other tuning 
that needs to be done. I increased the number of children to 35, changed 
the max-conn-per-child to 1, removed the lock for spamassassin and added 
DROPPRIV to my procmail script. One of those 4 fixed my problem or perhaps 
all of them. Now emails go into and out of the queue pretty much like
before.
Thanks for all of your help.


At 08:37 AM 11/16/2004 -0600, Paul Crittenden wrote:
I'm running SpamAssassin 3.0.1 on a Compaq Alpha running Tru64-Unix, 
sendmail 8.12.10. are there any guidelines to figuring out how many 
children you need when running spamc/spamd. I know that having to many is 
as bad as having to few. I have tried 10, 25 and 30. Thing seem to be 
going better as I continue to increase the number of children but how do 
I know when I have gone to high and need to decrease the number?
Check your swapfile stats. (use top or tool of your choice) If you're 
digging into the swap to any significant degree, you've gone too far.

Note: many OS's will page out stuff that's not been used in a long time. 
Compare swap usage with your "available" ram that can be used if programs 
need it (free physical ram+buffer ram). There should be more available ram 
than swap used.

Basicaly you can keep running more spamd's as long as you're not running 
out of ram. Once you run out of ram, it starts swapping, and things 
quickly grind to a halt. Leave some extra megs free, at least 40mb if you 
include buffers, that way bumps in memory load won't slow you down.
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**

spamd logging with wrong timestamp?

[Dimitry Peisakhov]

Hi guys,

   I've recently discovered that my spamd is writing to the logs with the
incorrect timestamp. It looks like its using GMT to timestamp instead of the
actual time on the box (11hr difference). I fixed this previously by
restarting the service, but its not doing the trick now.. Anyone have ideas
about this? There doesnt seem to be any switches for spamd to control
timestamps or timezone config.

thanks,
Regards,

Dimitry Peisakhov
Systems Administrator

HENRY WALKER ELTIN
02 8875 4721
[EMAIL PROTECTED]

HUMOR: Aol Commercial?

[Evan Platt]

Not sure if this has been posted before.. 
http://www.espphotography.com/funnyshit/aol.avi - parody commercial of AOL. 
Hysterical.
but warning: Adult content. I have some more funny videos at 
http://www.espphotography.com/funnyshit/ . Most are from ebaumsworld.com - 
great site.

If any representative from AOL wants me to remove it, please e-mail me and 
I'll be happy to (copyright laws and all that).

Evan

Re: Some default rules (X_MESSAGE_INFO) weighted too heavily

[Matt Kettler]

At 03:06 PM 11/16/2004 -0600, Guyang Mao wrote:
One problem is when the piece of mail enters DCC (since
Microsoft lists have a HUGE distribution their mail is pretty much
guaranteed to be listed in DCC, as I understand it) and is scored an
additional 2.2.  As far as I can tell DCC does not distinguish between
potential spam and ham, so while it's useful in most circumstances it's
really easy to false-positive with this rule.
To be honest, I have by far more FPs from Razor than from DCC. 
Theoreticaly, on paper, DCC doesn't distinguish, but the system itself is 
more accurate and less prone to picking up legitamate mass-mailings.

Re: Some default rules (X_MESSAGE_INFO) weighted too heavily

[Robert Menschel]

Hello Guyang,

Tuesday, November 16, 2004, 1:06:30 PM, you wrote:

GM> I have a Hotmail account, through which I'm subscribed to various Microsoft
GM> mailing lists such as security updates, MSDN information, MCP lists, etc.
GM> Microsoft's bulk mailer adds a X-Message-Info header.  I fetch this mail
GM> through gotmail, which then stuffs it through
GM> sendmail/mimedefang/spamassassin.

GM> The matched rule X_MESSAGE_INFO is worth 4.2 points.  ...

I'm one of the people who identified the great value of X-Message-Info
headers.  I've never seen one in non-spam. Checking SA's STATISTICS
files, during the last scoring round this header hit 37% of all spam,
and 0.0004% of non-spam.  That's approximately 100 non-spam emails out
of over 260,000.

It's the best performing rule in the entire distribution mix.

If you can identify specific Microsoft lists that use this header,
open a Bugzilla bug on them, and the devs should be able to reduce the
distribution score on that rule based on that practice. (I've just now
subscribed to a few MS lists just to see what comes through.)

GM> - attached are two examples of false-positived Microsoft mail
GM> - I have also had Hewlett-Packard mail false-positived by
GM> X_MESSAGE_INFO, so it's by no means exclusive to Microsoft lists

Until just now I haven't belonged to MS lists, but I do receive a fair
number of emails from HP, and none of them have ever included the
X-Message-Info header. Can you be more specific?

Bob Menschel

RE: Re: Tuning SpamAssassin

[Dimitry Peisakhov]

I tried doing this on my Spamassassin 3.0.1, Postfix2, Redhat Enterprise box
on dual 1.5ghz xeon 1gb memory hardware, and i'm not sure if it made any
difference.

I;ve been quite disappointed with spamd performance on a box with that much
grunt (?). During peak times we get hit with about 1msg/sec and spamd cant
quite keep up with that, with the incoming mailqueue growing to 1000+ a
times. Spamd logs report spam identification taking from as little as
0.2secs to as long as 5.0secs, with the average being 1.8 seconds or so. Is
this the type of performance i should be expecting?

The above stats are for spamd running in default config, without playing
with max-children or max-connections.

I also have Anomy sanitizer (a filter that removes dangerous email
attachments) (no damonized version of this available) along with spamd which
get launched form the same script, so the max-children setting would also
apply to Anomy. It also chews some cpu, but not much because no textual
analysis is actually needed for it. Disabling it doesnt seem to have an
impact on the box's performance.

Anyone out there have any tips on how to tune Spamassassin for better
performance?

thanks in advance,
Regards, Dimitry

-Original Message-
From: Paul Crittenden [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 17 November 2004 7:29 AM
To: users@spamassassin.apache.org
Subject: Fwd: Re: Tuning SpamAssassin


Well, I'm not sure exactly what fixed my problem but it is working fine 
now. I'll just need to pay attention and see if there is any other tuning 
that needs to be done. I increased the number of children to 35, changed 
the max-conn-per-child to 1, removed the lock for spamassassin and added 
DROPPRIV to my procmail script. One of those 4 fixed my problem or perhaps 
all of them. Now emails go into and out of the queue pretty much like
before.
Thanks for all of your help.

>At 08:37 AM 11/16/2004 -0600, Paul Crittenden wrote:
>>I'm running SpamAssassin 3.0.1 on a Compaq Alpha running Tru64-Unix, 
>>sendmail 8.12.10. are there any guidelines to figuring out how many 
>>children you need when running spamc/spamd. I know that having to many is 
>>as bad as having to few. I have tried 10, 25 and 30. Thing seem to be 
>>going better as I continue to increase the number of children but how do 
>>I know when I have gone to high and need to decrease the number?
>
>Check your swapfile stats. (use top or tool of your choice) If you're 
>digging into the swap to any significant degree, you've gone too far.
>
>Note: many OS's will page out stuff that's not been used in a long time. 
>Compare swap usage with your "available" ram that can be used if programs 
>need it (free physical ram+buffer ram). There should be more available ram 
>than swap used.
>
>Basicaly you can keep running more spamd's as long as you're not running 
>out of ram. Once you run out of ram, it starts swapping, and things 
>quickly grind to a halt. Leave some extra megs free, at least 40mb if you 
>include buffers, that way bumps in memory load won't slow you down.