Re: maintaining the 2.6 branch (was: [2.64] FORGED_MUA_OUTLOOK buggy)
Whoops, forgot to cc the list. Sorry for the dupe, Per. On Thu, 06 Jan 2005 09:54:32 +0100, Per Jessen [EMAIL PROTECTED] said: Ron Johnson wrote: Per Jessen wrote: Show of hands, who's still on 2.64 with no exact plans to upgrade? Alright, so far I've seen 4-5, maybe 6 people saying they intend to stick to 2.64 for the foreseeable future. Is that really all? I'm quite willing myself to put an effort in in maintaining 2.64, and I'll probably be doing it on a personal level anyway, but to work to produce actual releases for others, I think a bit more of an interest is needed. Me too. I'm a Debian user, so I'm sticking with 2.64 as long as it's working well. Unless 3.X goes into Sarge, which I suspect is unlikely. -- snowjack(a)fastmail.fm
Too much spam getting through... Sharing rules or db's?
Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA
Win32, Autodeleting messages with high scores?
Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? Thank you
annoying changes in 3.0
Hi All, Just setting up SA 3.0.2 on a test server (to work towards upgrading our main server that runs 2.64) and have discovered a change that might seem innocent to the designers, but which is a PITA for us. According to UPGRADE: - The rewrite_subject and subject_tag configuration options were deprecated and are now removed. Instead, using rewrite_header Subject [your desired setting]. e.g. rewrite_subject 1 subject_tag SPAM(_SCORE_) becomes rewrite_header Subject SPAM(_SCORE_) What was the logic behind this unnecessary change ? In our case we have a global subject_tag setting in /etc/mail/spamassassin/local.cf but the per user .prefs files contain rewrite_subject 1 (or 0) depending on what the user selects through a web gui. (As one of a limited set of options they are allowed to configure) Now with 3.0, as far as I can see there is no longer a way to configure the actual subject string globally in the local.cf, but allow it to be turned on and off from a per user .prefs file ? Or have I missed something ? :( Looks like I'll have no choice but to remove the option from the web gui altogether, as having the actual subject string in every single .prefs file doesn't make changing it in future very practical... Regards, Simon
Re: WrongMX plugin
Rainer Sokoll wrote: On Tue, Dec 28, 2004 at 11:58:23AM -0500, Matt Kettler wrote: Disclaimer: I've never used the plugin, but I can casually read the code... Lucky you ;-) wrongmx needs to run on your primary, and will detect that mail first went through one of your secondaries before hitting the primary... If there's only one received: header it bails out immediately, as it can't have been relayed this way yet. Both my primary and secondaries forward any accepted mail to an internal mailserver (which cannot run SA), so this particular plugin will never do any useful things to mails in my case. I understand. If you're running SA on your secondaries, you could just save yourself the effort and add +1.0 to every email. Hm, nice idea ;-) I wrote the WrongMX plugin for a regional ISP that a friend owns. As Matt said, it was designed to run only on a primary MX, or at least on an MX that may receive mail from a lower preference MX. The mail system it was designed for has four primary MXes (all preference 0) multihomed with connections from three different networks. A secondary MX was added mainly to attract spam. The secondary MX doesn't scan mail, it just queues it and passes it along to the primaries. It shouldn't receive too much legitimate mail since it is on the same networks as the primary MXes so cost based routing shouldn't be causing legit mail to be delivered to it (yes, there are still some very large companies doing cost based mail routing -- Thomson Worldwide and all their divisions, Technicolor, RCA, etc, do this along with others). That brings up the issue of scoring. Many people will get legit mail on their secondary MX(es), even if their primary MX(es) are up, so I wouldn't score the rule any higher than 2, maybe 3. Also note that the plugin code is blocking. The DNS lookups are sent out and waited for, instead of doing them in the background. This is a result of the plugin being written quickly when I dropped in to my friend's ISP one afternoon and being lazy knowing that he's got a a couple of large and fast DNS caches in front of the spam filtering machines. This shouldn't be a huge issue though since there are only a couple of lookups done. It will increasing processing times by a small amount though -- not system load though. That said, I posted the plugin expecting it to be used mainly be people with a primary MX of their own and a secondary MX that they don't control which most likely doesn't scan their mail, or that they at least scan their mail again themselves. It's been my experience that any MX used for spam filtering would have the same preference as the rest of the filtering MXes, at least for medium sized installations or smaller. Larger sized/volume installations generally have a group of primary MXes that only do virus scanning (since it's faster than spam filtering) which drastically cuts down on the amount of messages passed to the spam filtering machines. So... like Matt said, and I've recommended to numerous people who have emailed me, you could simply add a rule on your secondary MX that adds a point or two to each email that passes through it. However, keep in mind that legitimate mail can be expected to pass through it, even if your primary MX never goes down or stops accepting mail due to a high load average. Daryl
Re: annoying changes in 3.0
Simon Byrnand wrote: Hi All, Just setting up SA 3.0.2 on a test server (to work towards upgrading our main server that runs 2.64) and have discovered a change that might seem innocent to the designers, but which is a PITA for us. According to UPGRADE: - The rewrite_subject and subject_tag configuration options were deprecated and are now removed. Instead, using rewrite_header Subject [your desired setting]. e.g. rewrite_subject 1 subject_tag SPAM(_SCORE_) becomes rewrite_header Subject SPAM(_SCORE_) What was the logic behind this unnecessary change ? In our case we have a global subject_tag setting in /etc/mail/spamassassin/local.cf but the per user .prefs files contain rewrite_subject 1 (or 0) depending on what the user selects through a web gui. (As one of a limited set of options they are allowed to configure) Now with 3.0, as far as I can see there is no longer a way to configure the actual subject string globally in the local.cf, but allow it to be turned on and off from a per user .prefs file ? Or have I missed something ? :( Hi, rewrite_header Subject Will turn off the rewrite (ie setting it to nothing.) Regards, Rick
Re: annoying changes in 3.0
At 07:27 PM 1/6/2005, Simon Byrnand wrote: - The rewrite_subject and subject_tag configuration options were deprecated and are now removed. Instead, using rewrite_header Subject [your desired setting]. e.g. rewrite_subject 1 subject_tag SPAM(_SCORE_) becomes rewrite_header Subject SPAM(_SCORE_) What was the logic behind this unnecessary change ? Flexibility. rewrite_header isn't just capable of rewiting the subject line. It can rewrite other headers too. In our case we have a global subject_tag setting in /etc/mail/spamassassin/local.cf but the per user .prefs files contain rewrite_subject 1 (or 0) depending on what the user selects through a web gui. (As one of a limited set of options they are allowed to configure) Looks like I'll have no choice but to remove the option from the web gui altogether, as having the actual subject string in every single .prefs file doesn't make changing it in future very practical... Hmm, what about modifying the web GUI so the user can specify whatever subject tag they want? This way it's not up to you to enact (for whatever reason) some global change of the subject tag, instead each user can pick their own to suit their mailclient...
Re: Win32, Autodeleting messages with high scores?
On Thu, 6 Jan 2005 10:23:50 -0800
Jerry [EMAIL PROTECTED] wrote:
Anyone have any examples of how to read the X-Spam-Level:
and delete messages if the score is over 15?
Thank you
It depends a great deal on what software you're using. I use
sendmail and procmail. In my .procmailrc:
SPAM50FOLDER = /dev/null
:0
* ^X-Spam-Level:
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\
*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
${SPAM50FOLDER}
--
Raquel
After all there is only one race - Humanity.
--Thomas Moore
pgpnHMW6hPHZ9.pgp
Description: PGP signature
Re: Win32, Autodeleting messages with high scores?
On Thu, 6 Jan 2005 16:48:33 -0800
Raquel Rice [EMAIL PROTECTED] wrote:
On Thu, 6 Jan 2005 10:23:50 -0800
Jerry [EMAIL PROTECTED] wrote:
Anyone have any examples of how to read the X-Spam-Level:
and delete messages if the score is over
15?
Thank you
It depends a great deal on what software you're using. I use
sendmail and procmail. In my .procmailrc:
SPAM50FOLDER = /dev/null
:0
* ^X-Spam-Level:
\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\
*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
${SPAM50FOLDER}
--
Raquel
Sorry. I didn't fully read your subject line ... Win32.
--
Raquel
After all there is only one race - Humanity.
--Thomas Moore
pgp6UGCmXCTFF.pgp
Description: PGP signature
Re: WrongMX plugin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daryl C. W. O'Shea writes: The mail system it was designed for has four primary MXes (all preference 0) multihomed with connections from three different networks. A secondary MX was added mainly to attract spam. [...] BTW, related: a good way to setup a secondary as a spamtrap is to setup the secondary as an aliased interface on the primary MX host. That way, if the primary goes down, the spamtrap secondary does too. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFB3d+QMJF5cimLx9ARAmJdAKCBPIchg8TTyAEX2CPU702gxAXvTQCdEnMp u/vQzcnoMAO5gapbae3T+uE= =Gbvx -END PGP SIGNATURE-
Re: Somewhat OT postfix question
Thanks Aaron, I changed the /dev/console to /var/log/messages, but it didn't help. I was wrong, it was amavisd-new that was writing the messages. I made sure that amavis was set to write to the syslog, but that didn't help either. I am pretty puzzled. I usually ssh into the box, but I can go to the console and choose another screen. Shane - Original Message - From: Aaron Nichols [EMAIL PROTECTED] To: shane mullins [EMAIL PROTECTED] Sent: Thursday, January 06, 2005 7:10 PM Subject: Re: Somewhat OT postfix question On Wed, 5 Jan 2005 13:22:27 -0500, shane mullins [EMAIL PROTECTED] wrote: I tried searching the archives on the postfix.users groups and google, but came up empty. Here is our issue: We have two spam servers. A primary and secondary postfix/sa box. Our primary box writes every smtp transaction to the screen. Since it is a busy mail server, it is virtually impossible to do anything on the box. Our secondary box, which is lightly used, does not do this. I know this is a postfix issue, but any help would be appreciated. Shane It's actually more likely a syslog issue - most likely that mail log events are being logged to the console. My default syslog.conf states: *.err;kern.debug;auth.notice;mail.crit /dev/console So any mail.crit and mail.err messages would go to the console. On most unix boxes you can either type ALT-F2 and get another console (which will not get these) or you can turn off the logging. Aaron
Re: Somewhat OT postfix question
I made sure that amavis was set to write to the syslog, but that didn't help either. I am pretty puzzled. I usually ssh into the box, but I can go to the console and choose another screen. Did you restart amvis after making the logging change? Loren
Re: Too much spam getting through... Sharing rules or db's?
Basically SURBL's are shared DB's of spam identifying information. I put them on my 2.6x install with the SpamCop plugin and I don't have to worry about spam anymore. I can't say it's 100% but I would guess about 98% effective from the people I have talked to. This is on a mailserver with about 1000 users and spam filtering on all accounts. David Groce Network Administrator North Kitsap School District Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA David Groce North Kitsap School District Network Server Analyst/Coordinator [EMAIL PROTECTED] (360) 394-2621
Re: maintaining the 2.6 branch (was: [2.64] FORGED_MUA_OUTLOOK buggy)
[EMAIL PROTECTED] wrote: Per Jessen wrote: who's still on 2.64 with no exact plans to upgrade? Me too. I'm a Debian user, so I'm sticking with 2.64 as long as it's working well. Unless 3.X goes into Sarge, which I suspect is unlikely. I am also a Debian user, running Debian woody stable, running the www.backports.org spamassassin-3.0.2 version and am very happy with it. Running Debian stable is not a good reason to avoid upgrading spamassassin to the best available version. Running stable systems with unchanging versions of software is fine when you are behind firewalls and isolated from the changing internet. It is okay to run appliances there. But I would go so far as to claim that if you are interacting with the quite hostile Internet then you must keep the software that is doing the interacting up to date. Many times people are simply thinking security updates only. But when talking email it also includes virus checking filters and spam checking filters too. Your system may be stable but the Internet is not. Off-Topic Drift: For those not familiar with the Debian debates the problem is that releases for things like virus checkers and spam filters get stale quickly. Therefore there is a move to avoid putting them in a release at all! In a release they will get stuck so avoid that and don't put them into a release. The movement is toward a volatile pseudo-release that contains the latest software for things like this that need regular updates. I see this as more like the BSD model where they have a stable core system and then add ports to it. However this is more unstable than ports since the software in volatile might change quite often. Sorry for the thread drift but it seemed topical. Bob
Fw: Somewhat OT postfix question
Yes, I even reboote the machine. It is a very odd issue, it writes to the console and the screen. Shane - Original Message - From: Loren Wilton [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Thursday, January 06, 2005 9:40 PM Subject: Re: Somewhat OT postfix question I made sure that amavis was set to write to the syslog, but that didn't help either. I am pretty puzzled. I usually ssh into the box, but I can go to the console and choose another screen. Did you restart amvis after making the logging change? Loren
Re: annoying changes in 3.0
On Thu, 6 Jan 2005, Matt Kettler wrote: At 07:27 PM 1/6/2005, Simon Byrnand wrote: - The rewrite_subject and subject_tag configuration options were deprecated and are now removed. Instead, using rewrite_header Subject [your desired setting]. e.g. rewrite_subject 1 subject_tag SPAM(_SCORE_) becomes rewrite_header Subject SPAM(_SCORE_) What was the logic behind this unnecessary change ? Flexibility. rewrite_header isn't just capable of rewiting the subject line. It can rewrite other headers too. I think he meant, why _remove_ the old syntax instead of supporting it _in addition to_ the new syntax? I can't see any good reason not to support old syntax as backwards compatibility. It would ease migrating to 3.0.x a great deal for many sites to support backwards compatibility. Instead, stuff breaks. This is why people are so hesitant to move to php5, perl6 etc. spamassassin should not follow these examples. -Dan
Re: Too much spam getting through... Sharing rules or db's?
Yes, and SURBLs are supported by default in SpamAssassin 3.X if you have network tests enabled and a recent Net::DNS. http://www.surbl.org/faq.html#nettest Jerry, What version of SpamAssassin are you running? Jeff C. __ On Thursday, January 6, 2005, 6:53:02 PM, David Groce wrote: Basically SURBL's are shared DB's of spam identifying information. I put them on my 2.6x install with the SpamCop plugin and I don't have to worry about spam anymore. I can't say it's 100% but I would guess about 98% effective from the people I have talked to. This is on a mailserver with about 1000 users and spam filtering on all accounts. David Groce Network Administrator North Kitsap School District Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA David Groce North Kitsap School District Network Server Analyst/Coordinator [EMAIL PROTECTED] (360) 394-2621 Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Thank you developers
Hi, it's my birthday, so please forgive me to be somewhat off topic ;-) I want to say THANK YOU to all developers and contributors of this wonderful piece of software. By starting using SA 2.44 around 2 years ago, my users mailboxes look (nearly) as clean as in the middle of the 90ies. SA is definitely the most valuable software I introduced within the last 2 years. Again: thank you and please keep up developing, maintaining and contributing to SA! Rainer
Re: quick poll on SURBL hit %
Is JP now separate from WS? I currently score it as 1.5 or something
because anything hitting JP would hit WS too. On the surbl webpage it
says it's not separate yet, but the score below makes me think maybe it is.
And to stay on topic, of the 52,180 spams tagged or deleted by my mail
server in the last 2 weeks, 41,505 hit one or more SURBL for a nice
round 80% spam hit rate. Compare that to the following hit rates and it
seems SURBL are doing their jobs quite nicely. Thanks and
congratulations to everyone involved. Note that I score Bayes_99 at 8
points whereas the network tests below get 3-5 points so Bayes gets a
bit of an advantage from that. However, SURBL are unmatched at pushing
scores towards my delete threshold of 25. Since the inception of SURBL
I delete a much higher percentage of spam. Less spam delivered makes me
and my users happy.
48,528 Bayes_99 93%
38,102 Razor 73%
29,434 DCC 56%
28,157 Spamcop RBL 54%
23,666 XBL RBL 45%
Daniel
Jeff Chan wrote:
Please add a rule for the JP SURBL list. It catches as much spam
as WS or OB:
http://www.surbl.org/quickstart.html
jp - jwSpamSpy + Prolocation data source
Joe Wein's jwSpamSpy program is used both by Joe's own systems and also Raymond
Dijkxhoorn and his colleagues at Prolocation to process more than 300,000
likely spams per day. The resulting list has a very good spam detection rate
around 80% and a very low false positive rate below 0.02%. This data is only
available in the combined list multi.surbl.org.
An SA 3.0.1 and later rule and score using URIBL's urirhssub looks like this:
urirhssub URIBL_JP_SURBL multi.surbl.org.A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflagsURIBL_JP_SURBL net
score URIBL_JP_SURBL4.0
An SA 2.63 and 2.64 rule and score using SpamCopURI 0.22 or later looks like
this:
uri JP_URI_RBL
eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0+64')
describe JP_URI_RBL Has URI in JP at http://www.surbl.org/lists.html
tflagsJP_URI_RBL net
score JP_URI_RBL 4.0
Jeff C.
DCC and Razor2 have completely stopped hitting
I hope that I am sending this to the correct address -- I am running SA 3.0 on RH9 using Sendmail 8.12.8 and Procmail 3.22. Procmail invokes SA by | /usr/bin/spamc I control the RH9 machine via SSH using PuTTy -- When I set everything up a few months ago it worked great. Meaning I would get hits on most of the add-ons like DCC and Razor2. Now I do not ever get hits from either of these two. Is there some way that I can check to see if something has become fowled-up? If I try to run spamassassin with the -D --lint options, it creates an output so long that I cannot scroll to the top to see if there are any problems. cdcc info results in approx. five different dcc servers. Thank you in advance for your help. Robert -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.8 - Release Date: 1/3/2005
Re: DCC and Razor2 have completely stopped hitting
On Fri, Jan 07, 2005 at 01:59:47AM -0800, Robert Markin wrote: Now I do not ever get hits from either of these two. Is there some way that I can check to see if something has become fowled-up? If I try to run spamassassin with the -D --lint options, it creates an output so long that I cannot scroll to the top to see if there are any problems. Redirect STDOUT and STDERR into a file, e.g. append /tmp/log 21 (without the quotes) to your command line. Afterwards you can view /tmp/log with your favourite editor. HTH, Rainer
SA 3 - I'm Totally Stuck!
Hi, I'm trying to install Spamassassin 3 on a Linux box w/Ensim control panel installed, but I'm experiencing a variety of errors. I've modified each users' .procmailrc file, but the logs are showing that spamc cannot be found (regardless of how I address it, and I know it's there - I can run it from the command line). Copying spamc to each users' home directory allows it to be run, but it then has difficulty chmodding to the correct user, and the logs report that the user cannot be found. If I try copying the spamassassin file to the users' directory, this also runs, but gives a perl error. My procmail log file shows messages like the following: //*** From [EMAIL PROTECTED] Thu Jan 6 13:28:05 2005 Subject: New Year, New You--save up to 50% and discover great ways to change y Folder: /var/spool/mail/mil 47993 /usr/bin/spamc: /usr/bin/spamc: cannot execute binary file procmail: Error while writing to /usr/bin/spamc procmail: Rescue of unfiltered data succeeded //*** My .procmailrc file is as follows: //*** DROPPRIVS=yes LOGFILE=$HOME/procmail.log :0fw: spamassassin.lock | /usr/bin/spamc -u [EMAIL PROTECTED] #:0fw #| $HOME/.spamassassin/spamc -u [EMAIL PROTECTED] #| spamd -u [EMAIL PROTECTED] :0: * ^X-Spam-Status: Yes /dev/null # enf of file //*** Just to confirm I can run Spamassassin from the command line passing it a text file, and it works fine. Previously, I had version 2.6 working quite happily, so this is confusing the hell out of me! Any help most gratefully received! Cheers, mil.
RE: SA 3 - I'm Totally Stuck!
|-Original Message- |From: bubba [mailto:[EMAIL PROTECTED] |Sent: 07 January 2005 10:28 |To: users@spamassassin.apache.org |Subject: SA 3 - I'm Totally Stuck! | |Hi, | |I'm trying to install Spamassassin 3 on a Linux box w/Ensim |control panel installed, but I'm experiencing a variety of |errors. I've modified each users' .procmailrc file, but the |logs are showing that spamc cannot be found (regardless of how |I address it, and I know it's there - I can run it from the |command line). Copying spamc to each users' home directory |allows it to be run, but it then has difficulty chmodding to |the correct user, and the logs report that the user cannot be |found. If I try copying the spamassassin file to the users' |directory, this also runs, but gives a perl error. | |My procmail log file shows messages like the following: | |//*** |From [EMAIL PROTECTED] Thu |Jan 6 |13:28:05 2005 | Subject: New Year, New You--save up to 50% and discover great |ways to change y | Folder: /var/spool/mail/mil |47993 |/usr/bin/spamc: /usr/bin/spamc: cannot execute binary file |procmail: Error while writing to /usr/bin/spamc |procmail: Rescue of unfiltered data succeeded |//*** | |My .procmailrc file is as follows: | |//*** |DROPPRIVS=yes |LOGFILE=$HOME/procmail.log | |:0fw: spamassassin.lock || /usr/bin/spamc -u [EMAIL PROTECTED] Drop the -u [EMAIL PROTECTED], its not needed since its being run as the user and is semi-obsolete anyway. Plus you don't put @domain for a username. Martin
Re: DCC and Razor2 have completely stopped hitting
Rainer Sokoll wrote: On Fri, Jan 07, 2005 at 01:59:47AM -0800, Robert Markin wrote: Now I do not ever get hits from either of these two. Is there some way that I can check to see if something has become fowled-up? If I try to run spamassassin with the -D --lint options, it creates an output so long that I cannot scroll to the top to see if there are any problems. Redirect STDOUT and STDERR into a file, e.g. append /tmp/log 21 (without the quotes) to your command line. Afterwards you can view /tmp/log with your favourite editor. HTH, Rainer Thank you for the advice, I ran spamassassin -D --lint and the following are the pertinent lines involving DCC and Razor2. debug: razor2 is available debug: entering helper-app mode debug: DCC is available: /usr/local/bin/dccproc debug: DCC: got response: X-DCC-neonova-Metrics: Webserver 1127; Body=4805 Fuz1=175906 Fuz2=175904 --- Yet out of approx. 100 spam emails I do not get any DCC or Razor2 rule hits. I used to get them on almost all spam emails. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.8 - Release Date: 1/3/2005
RE: DCC and Razor2 have completely stopped hitting
|-Original Message- |From: Robert Markin [mailto:[EMAIL PROTECTED] |Sent: 07 January 2005 10:00 |To: users@spamassassin.apache.org |Subject: DCC and Razor2 have completely stopped hitting | |I hope that I am sending this to the correct address | |-- |I am running SA 3.0 |on RH9 |using Sendmail 8.12.8 and Procmail 3.22. | |Procmail invokes SA by | /usr/bin/spamc I control the RH9 |machine via SSH using PuTTy |-- | |When I set everything up a few months ago it worked great. |Meaning I would get hits on most of the add-ons like DCC and Razor2. | |Now I do not ever get hits from either of these two. Is there |some way that I can check to see if something has become |fowled-up? If I try to run spamassassin with the -D --lint |options, it creates an output so long that I cannot scroll to |the top to see if there are any problems. | To give yourself more scrollback, you need to increase the number of lines in your putty configuration, under the window tab. Martin
RE: SA 3 - I'm Totally Stuck!
Drop the -u [EMAIL PROTECTED], its not needed since its being run as the user and is semi- obsolete anyway. Plus you don't put @domain for a username. Martin The @ symbol does actually exist in the username - the -u [EMAIL PROTECTED] parameter worked OK in SA 2.6. I've tried removing -u [EMAIL PROTECTED] as suggested, which has changed the error in my procmail log to: /usr/bin/spamc: /usr/bin/spamc: cannot execute binary file procmail: Program failure (126) of /usr/bin/spamc procmail: Rescue of unfiltered data succeeded From [EMAIL PROTECTED] Fri Jan 7 10:47:44 2005 Subject: spam test Folder: /var/spool/mail/mil Is this a problem with permissions? If I SSH into the box I can run /usr/bin/spamc from the command line and it works just fine. mil.
Re: quick poll on SURBL hit %
On Friday, January 7, 2005, 1:33:49 AM, Daniel Kleinsinger wrote: Is JP now separate from WS? I currently score it as 1.5 or something because anything hitting JP would hit WS too. On the surbl webpage it says it's not separate yet, but the score below makes me think maybe it is. JP is still added into WS, but they will be separated when SpamAssassin 3.1 comes out. And to stay on topic, of the 52,180 spams tagged or deleted by my mail server in the last 2 weeks, 41,505 hit one or more SURBL for a nice round 80% spam hit rate. Compare that to the following hit rates and it seems SURBL are doing their jobs quite nicely. Thanks and congratulations to everyone involved. Note that I score Bayes_99 at 8 points whereas the network tests below get 3-5 points so Bayes gets a bit of an advantage from that. However, SURBL are unmatched at pushing scores towards my delete threshold of 25. Since the inception of SURBL I delete a much higher percentage of spam. Less spam delivered makes me and my users happy. 48,528 Bayes_99 93% 38,102 Razor 73% 29,434 DCC 56% 28,157 Spamcop RBL 54% 23,666 XBL RBL 45% On behalf of everyone helping out with the SURBL project, thanks for sharing your kind words and good results! Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: SA 3 - I'm Totally Stuck!
|-Original Message-
|From: bubba [mailto:[EMAIL PROTECTED]
|Sent: 07 January 2005 11:04
|To: users@spamassassin.apache.org
|Subject: RE: SA 3 - I'm Totally Stuck!
|
| Drop the -u [EMAIL PROTECTED], its not needed since its being run
| as the user and is semi- obsolete anyway. Plus you don't
|put @domain
| for a username.
|
| Martin
|
|The @ symbol does actually exist in the username - the -u
|[EMAIL PROTECTED]
|parameter worked OK in SA 2.6.
|
|I've tried removing -u [EMAIL PROTECTED] as suggested,
|which has changed the error in my procmail log to:
|
|/usr/bin/spamc: /usr/bin/spamc: cannot execute binary file
|procmail: Program failure (126) of /usr/bin/spamc
|procmail: Rescue of unfiltered data succeeded
|From [EMAIL PROTECTED] Fri Jan 7 10:47:44 2005
| Subject: spam test
| Folder: /var/spool/mail/mil
|
|Is this a problem with permissions? If I SSH into the box I
|can run /usr/bin/spamc from the command line and it works just fine.
|
|mil.
|
I notice my .procmailrc has a lot more enviroment settings, don't know
enough about procmail to know if they are all needed but here's my
.procmailrc as an expample that works fine for various users:-
SHELL=/bin/sh
PATH=/bin:/usr/bin
PMDIR=$HOME/.procmail
LOGABSTRACT=all
LOGFILE=$PMDIR/proclog #recommended
VERBOSE=off
#Spamassassin start
:0fw: spamc.lock
* 256000
| /usr/bin/spamc
#| spamassassin
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null
:0:
* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
/home/ntl/mail/spam10
:0:
* ^X-Spam-Status: Yes
/home/ntl/mail/spam5
# Work around procmail bug: any output on stderr will cause the F in
From
# to be dropped. This will re-add it.
:0
* ^^rom[ ]
{
LOG=*** Dropped F off From_ header! Fixing up.
:0 fhw
| sed -e '1s/^/F/'
}
#Spamassassin end
I can't see it being permisions since you say they work ok from a comand
line, so would think it's a procmail problem.
Martin
Re: SA 3 - I'm Totally Stuck!
On Fri, Jan 07, 2005 at 11:04:27AM -, bubba wrote: /usr/bin/spamc: /usr/bin/spamc: cannot execute binary file [...] Is this a problem with permissions? If I SSH into the box I can run /usr/bin/spamc from the command line and it works just fine. Are you sure that the user calling procmail is the same user you are if you run spamc from the command line? Also (assumed you are running linux), you my have a look at file /usr/bin/spamc ldd /usr/bin/spamc and as a last resort: strace /usr/bin/spamc Rainer
RE: SA 3 - I'm Totally Stuck!
notice my .procmailrc has a lot more enviroment settings, don't know enough about procmail to know if they are all needed but here's my .procmailrc as an expample that works fine for various users:- [snip] I tried that, but not luck unfortunately :(
RE: SA 3 - I'm Totally Stuck!
Are you sure that the user calling procmail is the same user you are if you run spamc from the command line? When I run spamc from the command line, I've done so as root. I take it I need to change the permission of spamc? Oh, and happy birthday! mil
Re: annoying changes in 3.0
--On Thursday, January 06, 2005 9:06 PM -0800 Dan Hollis [EMAIL PROTECTED] wrote: It would ease migrating to 3.0.x a great deal for many sites to support backwards compatibility. Instead, stuff breaks. This is why people are so hesitant to move to php5, perl6 etc. spamassassin should not follow these examples. So why wait until now, long after 3.0 is set in stone, to complain about this? The whole point of a major version change is to allow breaking compatibility. (The time spent supporting legacy stuff is time lost for creating new features.) You know because of that number change that things are going to break, so you start doing your homework early, before you're backed into fixing your own stuff to comply. At this point the horse is out of the barn, so the admins who weren't paying attention are naturally going to have to play catch-up. It's important to inform your PHB's that tracking the development of the products you support is a big part of your job. Mind you, I'm not arguing against the specific feature. I'm just saying that if a feature is important to you, don't assume that it's important to anyone else, or that someone else is watching your back for you.
Re: Bayes FP/FN Training Procedures
Hi Jeff, Jeff Koch wrote: Has anyone come up with a script or method that would allow users to forward their false positive and false negative emails back to an address on the mailserver where they can be used to train the Bayes database. I understand that Bayes needs the email in its original format so the script has to strip off the forwarding enclosure. On our imap server, each user may create/use two specific mailfolders, named Bayes and SpamErrors (name are _not_ important). The first one is for false negatives, the other for false positive. A script runs daily on the server and feeds those folders' contents to sa-learn. All the user has to do is move/copy his false (positives|negatives) to the proper folder. Hth, -- Pierre-Yves Bonnetain BA Consultants - Sécurité informatique - www.ba-cst.com Tel. : +33 (0) 563 277 241 - Fax : +33 (0) 563 277 245
RE: SA 3 - I'm Totally Stuck!
Here, spamc has 555 (-r-xr-xr-x), owned by root. I am pretty sure that these are the default permissions set by make install. My permissions are exactly the same (with group mail). Anyway: to test whatever software, it is wise to switch to the user who will run this software. I thought that was why the -u flag was used with spamassassin? But, having seen your .procmailrc file, it appears that this is unneccessary. Any other suggestions? I'm at my wits end with this, and I'm suffering from a deluge of spam! mil
RE: Win32, Autodeleting messages with high scores?
Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? That would tend to be a function of your MTA. Ours can't use * since that's the wildcard character for rules, so we use +. Then we configure a rule like if header is X-Spam-Level: +++*, Discard. Even Outlook's rules can look at headers for a specified string and delete the message... So, some idea of what you're running would be helpful in constructing a helpful suggestion of how to do it. Bret . .
RE: Win32, Autodeleting messages with high scores?
-Original Message- From: Jerry [mailto:[EMAIL PROTECTED] Sent: Thursday, January 06, 2005 1:24 PM To: spam Subject: Win32, Autodeleting messages with high scores? Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? Thank you IS there a gateway before the Windoze box? Our SA gateway redirects high scoring spam to an internal spam address, for me to quickly look thru before deleting. So I guess I'm asking the same, what is your setup like? How is SA being called? --Chris
RE: SARE rules timing out?
-Original Message- From: jdow [mailto:[EMAIL PROTECTED] Sent: Thursday, January 06, 2005 4:17 PM To: users@spamassassin.apache.org Subject: Re: SARE rules timing out? From: Chris Santerre [EMAIL PROTECTED] Are you saying that using spamd/c gives you problems for users who have their own local rules? Just curious as to what problem? --Chris I have not migrated Loren over to the new machine because there is a problem HERE with spamd. I set it down to only allow one client to make the problem more obvious. I have local.cf allowing user rules as well as user scores. I have my own set of local rules and Loren has his, which he uses while testing rules before they become SARE rules. So we each need our own cache of personal rules. The first time I use spamc to scan a message all is just fine. My rules and scores trigger properly. The SECOND time I use spamc (actually the second trip through the same spamd when multiple spamd's are running) still sees the message triggering on my rules. But every one of my rule's scores were arbitrarily set to one rather than the score in my .spamassassin/user_prefs file. This drove me nuts finding it. No, it drove me over the edge. I was using language that would make a sailor blush. He**, it would even have made a hockey player blush and get sent to the showers with an order to wash his mouth out with soap. I am running through postfix and procmail without the postfix being in its little jail. (If in its jail how would the procmail be able to fire off with MY rules? Maybe that's not a worry. But that is another problem. I tested this with spamc directly spamc test_message and saw the effect that way. So it's not in the postfix or procmail part of the chain.) OK, that is very interesting. I'm assuming your custom scores are stored in the same file as your custom rules? Only spamc is doing this, correct? spamassassin scores correct? Is it every run after the first, or only the second? --Chris (Silly questions I know, but getting my head around it.)
Re: Win32, Autodeleting messages with high scores?
On Fri, Jan 07, 2005 at 06:20:23AM -0800, Bret Miller wrote: Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? That would tend to be a function of your MTA. nitpick s/T/U/ /nitpick Rainer
Redirecting SPAM directly to a folder in qmail
Can someone tell me how I would redirect spam to an imap mailbox in qmail? I use .qmail files that run ifspamh (the modified version that allows you to set a destination address to redirect email to) So a sample .qmail file looks like this: | /usr/bin/ifspamh derekbspam 1 ./Maildir/ Can I do this without procmail? (I use qmail under Plesk and I've set up Spamassassin separately. ) I have an IMAP folder set up as 'SPAM' and the qmail directory structure is: ./derekb/Maildir/(new|cur|tmp) ./derekb/Maildir/.SPAM/(new|cur|tmp) Thanks Derek
RE: Win32, Autodeleting messages with high scores?
-Original Message- From: Rainer Sokoll [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 9:43 AM To: 'SpamAssassin list' Subject: Re: Win32, Autodeleting messages with high scores? On Fri, Jan 07, 2005 at 06:20:23AM -0800, Bret Miller wrote: Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? That would tend to be a function of your MTA. nitpick s/T/U/ /nitpick also could be: s/T/D/ :P You nitpicker! --Chris
RE: SA 3 - I'm Totally Stuck!
Hi, I've made some progress, but it's still not working :( Procmail is now running spamc, but the maillog shows the error: Jan 7 15:51:36 srv01 spamd[1314]: connection from localhost.localdomain [127.0.0.1] at port 34674 Jan 7 15:51:36 srv01 spamd[1314]: info: setuid to root succeeded Jan 7 15:51:36 srv01 spamd[1314]: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. Jan 7 15:51:36 srv01 spamd[1314]: fatal: setuid to nobody failed Jan 7 15:51:36 srv01 spamd[1314]: error: Died at /etc/rc3.d/S79spamd line 1054, GEN55 line 4._ , continuing If I specify the user with the -u flag, I get the error: Jan 7 15:59:29 srv01 spamd[1313]: connection from localhost.localdomain [127.0.0.1] at port 34680 Jan 7 15:59:29 srv01 spamd[1313]: handle_user: unable to find user 'mil'! Jan 7 15:59:29 srv01 spamd[1313]: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. Jan 7 15:59:29 srv01 spamd[1313]: fatal: setuid to nobody failed Jan 7 15:59:29 srv01 spamd[1313]: error: Died at /etc/rc3.d/S79spamd line 1054, GEN51 line 4._ , continuing It's complaining that it can't find the user, but the username is definitely correct. Am I missing a parameter? Is there anything else I may have overlooked? TIA, mil -Original Message- From: bubba [mailto:[EMAIL PROTECTED] Sent: 07 January 2005 13:45 To: users@spamassassin.apache.org Subject: RE: SA 3 - I'm Totally Stuck! Here, spamc has 555 (-r-xr-xr-x), owned by root. I am pretty sure that these are the default permissions set by make install. My permissions are exactly the same (with group mail). Anyway: to test whatever software, it is wise to switch to the user who will run this software. I thought that was why the -u flag was used with spamassassin? But, having seen your .procmailrc file, it appears that this is unneccessary. Any other suggestions? I'm at my wits end with this, and I'm suffering from a deluge of spam! mil
Re: SA 3 - I'm Totally Stuck!
On Fri, 7 Jan 2005 10:27:38 -, bubba [EMAIL PROTECTED] wrote: I'm trying to install Spamassassin 3 on a Linux box w/Ensim control panel installed Meaning you're trying to install it through the control panel rather than using a real login shell? Or only meaning that you're using Ensim to set up the .procmailrc files? but I'm experiencing a variety of errors. I've modified each users' .procmailrc file, but the logs are showing that spamc cannot be found No, they're showing that spamc cannot be *executed*, which is an entirely different thing. This implies to me that procmail is executing on a different machine, with a different binary architecture, from that where spamc was compiled. (regardless of how I address it, and I know it's there - I can run it from the command line). And you're sure there's only one machine involved, and no NFS mounts or the like? Copying spamc to each users' home directory allows it to be run That pretty strongly implies that the mail delivery machine is not the same one where the users have their home directories. Previously, I had version 2.6 working quite happily, so this is confusing the hell out of me! Any help most gratefully received! And did you install 2.6x yourself?
RE: SA 3 - I'm Totally Stuck!
Meaning you're trying to install it through the control panel rather than using a real login shell? Or only meaning that you're using Ensim to set up the .procmailrc files? I'm doing everything via the shell. And did you install 2.6x yourself? Yep. The last email I sent has a bit more detail... I'm now running spamc OK, but it's unable to run as the correct user
Re: SA 3 - I'm Totally Stuck!
On Fri, Jan 07, 2005 at 04:15:41PM -, bubba wrote: Procmail is now running spamc, What caused the problem? If I specify the user with the -u flag, I get the error: Jan 7 15:59:29 srv01 spamd[1313]: handle_user: unable to find user 'mil'! Does getent passwd find the user mil? Is spamd running in a chroot environment? Jan 7 15:59:29 srv01 spamd[1313]: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. Jan 7 15:59:29 srv01 spamd[1313]: fatal: setuid to nobody failed Hum, did you modify /etc/pam.d/su? Rainer
[OT] Re: Thank you developers
Rainer Sokoll [EMAIL PROTECTED] wrote on 01/07/2005 02:10:26 AM: Hi, it's my birthday, so please forgive me to be somewhat off topic ;-) I want to say THANK YOU to all developers and contributors of this wonderful piece of software. HAPPY BIRTHDAY! Enjoy an extra Kolsch for me ;-) Andy
Re: Too much spam getting through... Sharing rules or db's?
What version of SpamAssassin are you running? Running 3 Jeff C.
Re: Too much spam getting through... Sharing rules or db's?
I currently use the spamcop RBL.. This morning I had 96 spam messages. 77 were detected by SA. - Original Message - From: David Groce [EMAIL PROTECTED] To: Jerry [EMAIL PROTECTED] Cc: spam users@spamassassin.apache.org Sent: Thursday, January 06, 2005 6:53 PM Subject: Re: Too much spam getting through... Sharing rules or db's? Basically SURBL's are shared DB's of spam identifying information. I put them on my 2.6x install with the SpamCop plugin and I don't have to worry about spam anymore. I can't say it's 100% but I would guess about 98% effective from the people I have talked to. This is on a mailserver with about 1000 users and spam filtering on all accounts. David Groce Network Administrator North Kitsap School District Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA David Groce North Kitsap School District Network Server Analyst/Coordinator [EMAIL PROTECTED] (360) 394-2621
Re: Too much spam getting through... Sharing rules or db's?
On Friday, January 7, 2005, 8:43:30 AM, Jerry Jerry wrote: I currently use the spamcop RBL.. to you mean bl.spamcop.net or sc.surbl.org. The two are not the same. This morning I had 96 spam messages. 77 were detected by SA. Do you mean an 80% detection rate? That's not too bad, though it can be improved. Jeff C. __ - Original Message - From: David Groce [EMAIL PROTECTED] To: Jerry [EMAIL PROTECTED] Cc: spam users@spamassassin.apache.org Sent: Thursday, January 06, 2005 6:53 PM Subject: Re: Too much spam getting through... Sharing rules or db's? Basically SURBL's are shared DB's of spam identifying information. I put them on my 2.6x install with the SpamCop plugin and I don't have to worry about spam anymore. I can't say it's 100% but I would guess about 98% effective from the people I have talked to. This is on a mailserver with about 1000 users and spam filtering on all accounts. David Groce Network Administrator North Kitsap School District Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA David Groce North Kitsap School District Network Server Analyst/Coordinator [EMAIL PROTECTED] (360) 394-2621 Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Too much spam getting through... Sharing rules or db's?
On Friday, January 7, 2005, 8:46:41 AM, Jeff Chan wrote: On Friday, January 7, 2005, 8:43:30 AM, Jerry Jerry wrote: I currently use the spamcop RBL.. to you mean bl.spamcop.net or sc.surbl.org. The two are not the same. That should read: Do you mean bl.spamcop.net or sc.surbl.org? Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Too much spam getting through... Sharing rules or db's?
On Friday, January 7, 2005, 9:08:32 AM, Jerry Jerry wrote: I have my mail server rejecting he messages if they are in the following RBL's before they even reach SA3. sbl-xbl.spamhaus.org bl.spamcop.net multi.surbl.org blacklist.spambag.org These messages are being blocked as they are received by our server. The 96 messages that came through are ones that did not get rejected directly from our mail server. I am using Net::DNS (upgraded as of this email). Thank you Please don't use multi.surb.org as an RBL. It's not an RBL, and it will detect almost zero spam that way, and it causes unnecessary load on our name servers to do so. multi.surbl.org needs to be used with a program that can parse URIs in message bodies and extract hosts from them, such as SpamAssassin: http://www.surbl.org/usage.html How are you calling SpamAssassin? In addition to Net::DNS you need to have network tests enabled: http://www.surbl.org/faq.html#nettest Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Redirecting SPAM directly to a folder in qmail
On Fri, Jan 07, 2005 at 10:42:01AM -0400, Derek Billingsley [EMAIL PROTECTED] wrote: Can someone tell me how I would redirect spam to an imap mailbox in qmail? I use .qmail files that run ifspamh (the modified version that allows you to set a destination address to redirect email to) So a sample .qmail file looks like this: | /usr/bin/ifspamh derekbspam 1 ./Maildir/ Can I do this without procmail? (I use qmail under Plesk and I've set up Spamassassin separately. ) I haven't messed with ifspamh in a while, but if memory serves, it resends the message to the supplied address if the message is spam, without delivering the message. If the message is not spam, it is delivered normally. So, if your username is derekb, you should change your .qmail file to be: | /usr/bin/ifspamh derekb-spam 1 ./Maildir/ and add a .qmail-spam file: ./Maildir/.SPAM and set the permissions on the latter file if necessary: chmod go-rwx .qmail-spam That will arrange for qmail to deliver the message into your .SPAM maildir when ifspamh resends the message. -- Matthew Hunter ([EMAIL PROTECTED]) Public Key: http://matthew.infodancer.org/public_key.txt Homepage: http://matthew.infodancer.org/index.jsp Politics: http://www.triggerfinger.org/weblog/index.jsp
Re: Too much spam getting through... Sharing rules or db's?
Jeff, I have my mail server rejecting he messages if they are in the following RBL's before they even reach SA3. sbl-xbl.spamhaus.org bl.spamcop.net multi.surbl.org blacklist.spambag.org These messages are being blocked as they are received by our server. The 96 messages that came through are ones that did not get rejected directly from our mail server. I am using Net::DNS (upgraded as of this email). Thank you - Original Message - From: Jeff Chan [EMAIL PROTECTED] To: SpamAssassin Users users@spamassassin.apache.org Sent: Friday, January 07, 2005 8:46 AM Subject: Re: Too much spam getting through... Sharing rules or db's? On Friday, January 7, 2005, 8:43:30 AM, Jerry Jerry wrote: I currently use the spamcop RBL.. to you mean bl.spamcop.net or sc.surbl.org. The two are not the same. This morning I had 96 spam messages. 77 were detected by SA. Do you mean an 80% detection rate? That's not too bad, though it can be improved. Jeff C. __ - Original Message - From: David Groce [EMAIL PROTECTED] To: Jerry [EMAIL PROTECTED] Cc: spam users@spamassassin.apache.org Sent: Thursday, January 06, 2005 6:53 PM Subject: Re: Too much spam getting through... Sharing rules or db's? Basically SURBL's are shared DB's of spam identifying information. I put them on my 2.6x install with the SpamCop plugin and I don't have to worry about spam anymore. I can't say it's 100% but I would guess about 98% effective from the people I have talked to. This is on a mailserver with about 1000 users and spam filtering on all accounts. David Groce Network Administrator North Kitsap School District Hi, We are getting a lot of spam messages coming through with low scores. Anyone have any special rule sets that would be interested in sharing? I use the rules de jour to update my rules but it doesn't seem to capture all the spam. Also, Is there like a public shared Bayesian database that can help improve the detection of spam messages? TIA David Groce North Kitsap School District Network Server Analyst/Coordinator [EMAIL PROTECTED] (360) 394-2621 Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: SA 3 - I'm Totally Stuck!
From: Rainer Sokoll [EMAIL PROTECTED]
On Fri, Jan 07, 2005 at 11:59:50AM -, bubba wrote:
Are you sure that the user calling procmail is the same user you are
if
you
run spamc from the command line?
When I run spamc from the command line, I've done so as root. I take it
I
need to change the permission of spamc?
If the user wants to run spamc, obviously spamc must be excecutable for
the user.
Here, spamc has 555 (-r-xr-xr-x), owned by root.
I am pretty sure that these are the default permissions set by make
install.
So, if your permissions differ, there must be a reason why.
Anyway: to test whatever software, it is wise to switch to the user
who will run this software.
I'm idly speculating here that he is running with something like postfix
in its chroot jail. If so how would the /usr/bin/spamc be found?
Wouldn't he have to put a copy in the chroot jail's directory?
{^_^}
Re: SARE rules timing out?
From: Chris Santerre [EMAIL PROTECTED]
-Original Message-
From: jdow [mailto:[EMAIL PROTECTED]
From: Chris Santerre [EMAIL PROTECTED]
Are you saying that using spamd/c gives you problems for
users who have
their own local rules? Just curious as to what problem?
--Chris
I have not migrated Loren over to the new machine because there is a
problem HERE with spamd. I set it down to only allow one client to
make the problem more obvious.
I have local.cf allowing user rules as well as user scores. I have
my own set of local rules and Loren has his, which he uses while
testing rules before they become SARE rules. So we each need our
own cache of personal rules.
The first time I use spamc to scan a message all is just fine. My
rules and scores trigger properly.
The SECOND time I use spamc (actually the second trip through
the same spamd when multiple spamd's are running) still sees
the message triggering on my rules. But every one of my rule's
scores were arbitrarily set to one rather than the score in my
.spamassassin/user_prefs file. This drove me nuts finding it.
No, it drove me over the edge. I was using language that would
make a sailor blush. He**, it would even have made a hockey
player blush and get sent to the showers with an order to wash
his mouth out with soap.
I am running through postfix and procmail without the postfix
being in its little jail. (If in its jail how would the procmail
be able to fire off with MY rules? Maybe that's not a worry. But
that is another problem. I tested this with spamc directly
spamc test_message and saw the effect that way. So it's not
in the postfix or procmail part of the chain.)
OK, that is very interesting. I'm assuming your custom scores are stored
in
the same file as your custom rules?
Only spamc is doing this, correct? spamassassin scores correct?
Is it every run after the first, or only the second?
--Chris (Silly questions I know, but getting my head around it.)
That is entirely true. There is only one file, ~/.spamassassin/user_prefs,
that contains both the custom rules and custom scores typically as a
threesome of rule, description, and score in that order. I've fiddled
with test messages to trigger on multiple rules in that file and they
all show a score of 1 rather than the designated score on the second
and subsequent runs of spamc when spamd is configured -m1. (It appears
sporadically with -m5 until all five spamd's have serviced at least
one message. Then it's 100% skipping my scores.)
If you can duplicate this we can toss a BK bug report into the system.
I suspect it may have a relationship to the apparent memory leaks that
are only sort of fixed with 3.0.2.
{^_^}
bayes + net scores on 3.02 vs 2.64
all Tinkering with a new box for my SA and just noticed that the bayes + net score in 3.02 is a lower than in 2.64 and lower for bayes only. why? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: bayes + net scores on 3.02 vs 2.64
At 12:46 PM 1/7/2005, Martin Hepworth wrote: all Tinkering with a new box for my SA and just noticed that the bayes + net score in 3.02 is a lower than in 2.64 and lower for bayes only. why? As best I can tell it's score dilution by the URIBLs from SURBL. See this post from the archives, which covers a similar note: http://article.gmane.org/gmane.mail.spam.spamassassin.general/61489
Re: SA 3 - I'm Totally Stuck!
jdow wrote:
From: Rainer Sokoll [EMAIL PROTECTED]
On Fri, Jan 07, 2005 at 11:59:50AM -, bubba wrote:
Are you sure that the user calling procmail is the same user you are
if
you
run spamc from the command line?
When I run spamc from the command line, I've done so as root. I take it
I
need to change the permission of spamc?
If the user wants to run spamc, obviously spamc must be excecutable for
the user.
Here, spamc has 555 (-r-xr-xr-x), owned by root.
I am pretty sure that these are the default permissions set by make
install.
So, if your permissions differ, there must be a reason why.
Anyway: to test whatever software, it is wise to switch to the user
who will run this software.
I'm idly speculating here that he is running with something like postfix
in its chroot jail. If so how would the /usr/bin/spamc be found?
Wouldn't he have to put a copy in the chroot jail's directory?
{^_^}
If postfix hands the mail to procmail but procmail can't hand to spamc,
it has nothing to do with postfix...chroot or not.
--
Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website: http://www.paradigm-omega.com/
RSS: http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://paradigm-omega.net/cgi-bin/custmail.cgi
=
Signature terminated by sigfault.
signature.asc
Description: OpenPGP digital signature
Rule using external command ? Unknown domain filtring ?
Hello, Is there a way to create a rule that use a external command ? I'd like to do a rule to filter unknown domain. Best regard, PE
Re: Rule using external command ? Unknown domain filtring ?
At 01:56 PM 1/7/2005, [EMAIL PROTECTED] wrote: Is there a way to create a rule that use a external command ? I'd like to do a rule to filter unknown domain. Assuming 3.0.x this is possible. For Older versions, it's not without hacking the SA code. You'll need to write a perl plugin to do that. You'll need to add a loadplugin statement and a a rule which calls an eval on the plugin. From there, once you're into the plugin's eval function, it can do whatever it wishes that's possible in perl, including executing external programs. See the plugin reference docs: http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin.html
SOLVED: Swap Problem
This was a interesting one, for sudden i noticed mass of crc errors on my switch (apporx 5%), this cause the swap problem, after changing the NIC the problem was solved go -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Dienstag, 16. November 2004 14:15 To: users@spamassassin.apache.org Subject: Swap Problem Hi, its maybe not the right group but maybe you guys have a idea anyway. Given is a Debian Box (Woody Kernel 2426) running Sendmail (9.12.10.4) amavis-new (20030616p3-1) and spamassassin (2.63-1). Within the last time i notice that the swap file space is not getting released anymore, the space gets continously eaten till i restart the hole box. In addition there are more and more mails which gots stuck on queue with the status sending, after a box restart those gets sended and the hole box becomes after a while incredible slow. Anybody a idea what that could be ? thx Mat.
RE: Win32, Autodeleting messages with high scores?
Anyone have any examples of how to read the X-Spam-Level: and delete messages if the score is over 15? I am running SA 3 with Modus Mail (www.vircom.com). Whenever any mail comes in the system will fire off a batch file that will call SA. Currently not running any gateways for SA. Any good suggestions for win32? I'm not at all familiar with how Modus Mail operates, though I did look at it briefly in my mail server selection. Anyway, are there any rules that execute after it runs the batch file. If so, you should be able to create a rule that looks at the X-Spam-Level header and deletes the message. If you're really lucky, maybe someone on the list has Modus Mail and can help you with it. I'm using CommuniGate Pro and will soon probably move to Merak, so my expertise isn't going to be all that helpful for your specific MTA issues. Bret
Re: Fw: Somewhat OT postfix question
On Thu, 6 Jan 2005 23:41:06 -0500, Shane Mullins [EMAIL PROTECTED] wrote: Yes, I even reboote the machine. It is a very odd issue, it writes to the console and the screen. When you say console and the screen do you mean that you see the amavisd-new output even when you ssh into the box or is this only seen when viewing the console? Aaron
Re: maintaining the 2.6 branch (was: [2.64] FORGED_MUA_OUTLOOK buggy)
On Thu, 6 Jan 2005 21:33:34 -0700, Bob Proulx [EMAIL PROTECTED] said: [EMAIL PROTECTED] wrote: Per Jessen wrote: who's still on 2.64 with no exact plans to upgrade? Me too. I'm a Debian user, so I'm sticking with 2.64 as long as it's working well. Unless 3.X goes into Sarge, which I suspect is unlikely. I am also a Debian user, running Debian woody stable, running the www.backports.org spamassassin-3.0.2 version and am very happy with it. Running Debian stable is not a good reason to avoid upgrading spamassassin to the best available version. Thus my conditional, as long as it's working well. 2.64 is working for me, and VERY well: ~99% spam hits. I see no reason to upgrade unless the spammers start getting around it somehow. What makes you say 3.0.2 is the best version? Will I suddenly get an accuracy boost to 99.999%? Running stable systems with unchanging versions of software is fine when you are behind firewalls and isolated from the changing internet. It is okay to run appliances there. But I would go so far as to claim that if you are interacting with the quite hostile Internet then you must keep the software that is doing the interacting up to date. You must keep on top of security vulnerabilities, yes. Asserting that new software == more secure software is a fallacy. Remember that security problems can be caused both by problems with the code, and problems with your configuration. If you keep up with the security patches, then changing your configuration all the time as the upstream source changes can only increase your chances of introducing a configuration error. Many times people are simply thinking security updates only. But when talking email it also includes virus checking filters and spam checking filters too. Your system may be stable but the Internet is not. Which is why good spam filtration and virus checking software gets dynamic information from pattern update servers, RBLs, SURBL, Razor, DCC, etc. etc. etc. In a nutshell: if it ain't broke, don't fix it. -- snowjack(a)fastmail.fm
pyzor
Hello all, I have SpamAssassin version 2.63 with pyzor installed. When I type spamassassin -D /home/spam/mail/saved-messages at the command line I get debug: executable for pyzor was found at /usr/bin/pyzor debug: Pyzor is available: /usr/bin/pyzor debug: entering helper-app run mode debug: Pyzor: got response: 217.160.253.84:24441(200, 'OK') 0 0 debug: leaving helper-app run mode which to me I believe that pyzor is working. However ever since I added pyzor I don't get any additional spam blocked, is there a way to check on received e-mails to see that it is working? I look at the header on my e-mail but I don't see pyzor anywhere. I added the below line to my local.cf file that is located on, /etc/mail/spamassassin/local.cf pyzor_options --homedir /etc/mail/spamassassin my pyzor file like, servers lib bin share are all located on /etc/mail/spamassassin any ideas what else I need to do? Thanks, Jimmy Hayes
Implicit trust of surbl and sbl
I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that.
Re: Implicit trust of surbl and sbl
Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. Couldn't you just increase the scores to 100? -- Email scanned by Blacknight for viruses and dangerous content. Visit http://www.blacknight.ie for more information
Re: annoying changes in 3.0
At 12:06 AM 1/7/2005, Dan Hollis wrote: I think he meant, why _remove_ the old syntax instead of supporting it _in addition to_ the new syntax? I can't see any good reason not to support old syntax as backwards compatibility. Hmm, as a user that makes sense. As a programmer, it does not. There's nothing like adding backward compatibility kludges to add bugs to your code. Bugs mean extra work for the developers, work that could be better spent fighting spam. You'll find that most OSS packages will sacrifice backward compatibility in favor of maintainable code and fewer bugs to work around later. I know it's a bit of a pain, but the general OSS mindset of breaking backward compatibility is what allows most projects to progress forward. One or two of these hacks isn't so bad, but once you start down that road you eventually get bound up by having to maintain hundreds of hacks, kludges and other garbage in your code that users who still have config files from 20 years ago need to run their systems. The always maintain compatibility mindset of the windows world is convenient for users, but really slows down development progress in the long run, and in some cases completely prevents product improvements. It's a very bad mindset to be in. Even the windows world is starting to move away from it by obsoleting older versions of products. As for breakage, SA has a long history of doing this. This is by far not the first time.. ie: report_safe. The Linux kernel does it all the time to their low-level interfaces. Bind has done it to their zonefile formats.
RE: Implicit trust of surbl and sbl
Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. Couldn't you just increase the scores to 100? Exactly. Then implicitly reject anything with a spam score 100. .jon __ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.
Re: Implicit trust of surbl and sbl
On 01/07/05 09:51 PM, Michele Neylon::Blacknight Solutions sat at the `puter and typed: Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. Couldn't you just increase the scores to 100? That would be tha answer. I believe how might also have been part of that question. Search for the URIBL_* keys in your /mumblemumble/share/spamassassin/50_scores.cf. For instance: score URIBL_WS_SURBL 0 0.539 0 1.462 So you might want to add the following to your user_prefs: score URIBL_WS_SURBL 0 100 0 100 Just make sure you read the descriptions for each in the 25_uribl.cf file before changing anything. HTH Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ If God is perfect, why did He create discontinuous functions?
Re: Implicit trust of surbl and sbl
Good evening, Scott, On Fri, 7 Jan 2005, Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. As Michele correctly pointed out, you're certainly welcome to drive up the scores quite a bit so that emails with an surbl-listed domain are much more likely to cross 5.0. However, even though Jeff Chan will likely shoot me for saying it ;-), surbl's can and occasionally do have false positives. Let's use Gevalia coffee as an example. I'll blacklist their domain because they regularly send me UBE. However, Gevalia has legitimate customers; for those individuals, email from that domain is _not_ UBE, it's solicited mail. (Just for reference, we removed gevalia.com because there were legitimate uses for it...) I personally have trust in the surbl's, so I have no problem recommending that people increase the score if they want. Might I humbly recommend increasing the surbl score to something between 2 and 5, so that if surbl screws up for your particular mail flow the other rules have a chance of reining it in? Cheers, - Bill --- Patience is a minor form of despair, disguised as virtue. -- Ambrose Bierce, on qualifiers -- William Stearns ([EMAIL PROTECTED]). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --
Re: Implicit trust of surbl and sbl
On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote: Couldn't you just increase the scores to 100? That would be tha answer. I believe how might also have been part of that question. I thought it was...sorry if I wasn't clear, but how is exactly what I'm after. Search for the URIBL_* keys in your /mumblemumble/share/spamassassin/50_scores.cf. For instance: score URIBL_WS_SURBL 0 0.539 0 1.462 So you might want to add the following to your user_prefs: score URIBL_WS_SURBL 0 100 0 100 Just make sure you read the descriptions for each in the 25_uribl.cf file before changing anything. HTH That's a big help, thanks. But is there a way to do that on a per-user basis?
Re: Implicit trust of surbl and sbl
On 01/07/05 05:05 PM, Scott Wertz sat at the `puter and typed: On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote: Couldn't you just increase the scores to 100? That would be tha answer. I believe how might also have been part of that question. I thought it was...sorry if I wasn't clear, but how is exactly what I'm after. Search for the URIBL_* keys in your /mumblemumble/share/spamassassin/50_scores.cf. For instance: score URIBL_WS_SURBL 0 0.539 0 1.462 So you might want to add the following to your user_prefs: score URIBL_WS_SURBL 0 100 0 100 Just make sure you read the descriptions for each in the 25_uribl.cf file before changing anything. HTH That's a big help, thanks. But is there a way to do that on a per-user basis? That *is* the per-user basis. Each user has a ~/.spamassassin/user_prefs file. Just put your score mods there. Modifying the local.cf file is usually not the best way to tweak SA. Modifying the users' user_prefs file usually is. HTH Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Flon's Law: There is not now, and never will be, a language in which it is the least bit difficult to write bad programs.
Re: Implicit trust of surbl and sbl
On 01/07/05 05:03 PM, William Stearns sat at the `puter and typed: Good evening, Scott, On Fri, 7 Jan 2005, Scott Wertz wrote: I think this is an easy question, but I haven't been able to find an answer. If I'm using spamassassin 3, invoking it via procmail as just 'spamassassin' and testing for the result, and I trust that any message carrying a URL that's listed on surbl.org or spamhaus.org is 100% spam, what file(s) would I edit and how? In other words, I've never seen a false positive on either of those BLs, but I'm seeing spam that meets those tests and is still weighted less than 5. I want to change that. As Michele correctly pointed out, you're certainly welcome to drive up the scores quite a bit so that emails with an surbl-listed domain are much more likely to cross 5.0. However, even though Jeff Chan will likely shoot me for saying it ;-), surbl's can and occasionally do have false positives. Let's use Gevalia coffee as an example. I'll blacklist their domain because they regularly send me UBE. However, Gevalia has legitimate customers; for those individuals, email from that domain is _not_ UBE, it's solicited mail. (Just for reference, we removed gevalia.com because there were legitimate uses for it...) I personally have trust in the surbl's, so I have no problem recommending that people increase the score if they want. Might I humbly recommend increasing the surbl score to something between 2 and 5, so that if surbl screws up for your particular mail flow the other rules have a chance of reining it in? Excellent suggestion. Shoulda made it myself in my other posts. It's been mentioned a number of times that scoring a test at 100 is almost always a bad idea. Boosting the scores to allow them to swing a bigger bat - although one that can potentially be overridden by very low bayes scores - is usually ok. Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Information Processing: What you call data processing when people are so disgusted with it they won't let it be discussed in their presence.
Re: Implicit trust of surbl and sbl
Louis LeBlanc wrote: On 01/07/05 05:05 PM, Scott Wertz sat at the `puter and typed: On Fri, 2005-01-07 at 16:58, Louis LeBlanc wrote: Couldn't you just increase the scores to 100? That would be tha answer. I believe how might also have been part of that question. I thought it was...sorry if I wasn't clear, but how is exactly what I'm after. Search for the URIBL_* keys in your /mumblemumble/share/spamassassin/50_scores.cf. For instance: score URIBL_WS_SURBL 0 0.539 0 1.462 So you might want to add the following to your user_prefs: score URIBL_WS_SURBL 0 100 0 100 Just make sure you read the descriptions for each in the 25_uribl.cf file before changing anything. HTH That's a big help, thanks. But is there a way to do that on a per-user basis? That *is* the per-user basis. Each user has a ~/.spamassassin/user_prefs file. Just put your score mods there. Modifying the local.cf file is usually not the best way to tweak SA. Modifying the users' user_prefs file usually is. Unless you dont allow user_prefs and everything is site-wide like mine ;) -Jim
Re: Implicit trust of surbl and sbl
On Fri, 2005-01-07 at 17:10, Louis LeBlanc wrote: So you might want to add the following to your user_prefs: score URIBL_WS_SURBL 0 100 0 100 That *is* the per-user basis. Each user has a ~/.spamassassin/user_prefs file. Just put your score mods there. forehead slap So it is. I'm really regretting my new year's resolution to switch to decaf. Thanks again!
Bayes journal options and SQL
Do the Bayes journal options (bayes_journal_max_size, bayes_learn_to_journal) have any effect when you use MySQL as the Bayes database?
Re: Bayes journal options and SQL
On Fri, Jan 07, 2005 at 05:39:44PM -0500, Rosenbaum, Larry M. wrote: Do the Bayes journal options (bayes_journal_max_size, bayes_learn_to_journal) have any effect when you use MySQL as the Bayes database? No. Michael pgp9V5vhmX9d8.pgp Description: PGP signature
Re: annoying changes in 3.0
On Fri, 7 Jan 2005, Matt Kettler wrote: Hmm, as a user that makes sense. As a programmer, it does not. There's nothing like adding backward compatibility kludges to add bugs to your code. Bugs mean extra work for the developers, work that could be better spent fighting spam. I guess it's just a difference in philosophy and attitude. On software projects I code, I leave backwards compatibility in if possible. Most of the time its very simple and never a kludge. Of course I design my code cleanly so backwards compat is rarely a kludge. I havent looked at SA code but I would hope it's written well enough that backwards compat for such a simple option isn't hard. If its too hard, then it would indicate a problem with the design. Again, this philosophy of not supporting backwards compat where it is easy to do will just hurt in the long run, like it is hurting php, apache, perl, and other projects. Often, not supporting backwards compat for old stuff means you will not get the critical mass and support required for users to embrace your new stuff. I hope SA doesnt embrace this philosophy. You want more users to be using the new versions, not less. -Dan
Re: Implicit trust of surbl and sbl
On 01/07/05 05:17 PM, Scott Wertz sat at the `puter and typed: I'm really regretting my new year's resolution to switch to decaf. Blasphemer!!! :) -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ From the moment I picked your book up until I put it down I was convulsed with laughter. Some day I intend reading it. -- Groucho Marx, from The Book of Insults
