Re: --lint tells me I need 0.34 dns
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theo Van Dinter writes: On Thu, May 19, 2005 at 11:35:01PM -0400, Eric Wood wrote: Your correct. It's the only spamassassin-3x rpm I could find on the net at: http://dag.wieers.com/home-made/apt/ I'd just build it yourself. Docs are on the wiki/download page (iirc). doesn't really check for specific perl modules. Maybe the spamassassin package maintainers might need to be informed. Yeah, this comes up periodically. Since Net::DNS isn't required for SA operation, it's not listed as required in the spec file. There doesn't seem to be a way to say if perl(Net::DNS) is installed, require version 0.34 or higher. actually, I was thinking about that. It might make sense to turn some of those optional-but-recommended dependencies into requirements, in packages for platforms where apt-get-style systems are available; if the user doesn't have to do additional work to get them, then we should get them by default. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCjYzUMJF5cimLx9ARAgp/AKC7lpRVo9Jd5UZ7NUeNQKO/AkwLHACeMmY9 1tqTnrQejKBGUHLhiVue2jY= =nAHS -END PGP SIGNATURE-
spamassassin fetchmail qmail (RELAYCLIENT=)
Hi, so first the general infos, which i should be sure to note: Well... i run a qmail mailserver with qmailqueue-patch, vpopmail and qmail-scanner which scans for viruses and even yet for spam with spamassassin invoking through spamd. The thing is, for each mailaddress i fetch the emails from a remote mailserver (excatly two ones, one for .de and one for the .com accounts) via fetchmail and fetchmail delivers the mails localy... howewer i think there is no need for more details here -- the system - as it - works well (email deliverey works! *jippi*). The version of spamassassin is ``spamassassin: 3.0.3 and i run a FreeBSD 4.10-STABLE box. Now the problem: When fetchmail delivers the emails localy (127.0.0.1) to qmail (via tcpserver) it sets a variable RELAYCLIENT so that qmail acts for 127.0.0.1 as an open relay. So... spamassassin doesn't run because this variable is set and I want 127.0.0.1 for open relay but here are a log-line: Fri, 20 May 2005 09:10:37 CEST:53653: spamassassin: don't scan as RELAYCLIENT implies this was sent by a local user I've read the manpages but i haven't find anything that disables the check... so... HELP! :) -- Mirko Steiner Gesotec Soft- und Hardware GmbH Hilpertstr. 35 D-64295 Darmstadt Tel: +49 (6151) 66 777 50 Fax: +49 (6151) 66 777 59 http://www.gesotec.de
what is reported and to where?
Hi, I use the line below to educate my spamassassin.: (run by each user by cron) **sa-learn --spam /home/$USER/.Maildir/.ReportSpam/* --showdots What I would like to now i if this reports to any internetserver. Why I ask if due to the -L (-local) switch). I do not wish to report to a server because I know that some users puts HAM in their ReportSpam folder Best Regards - Jon
Re: What is a caching name server?
On Thu, May 19, 2005 at 10:15:41PM -0700, [EMAIL PROTECTED] wrote: Hello list, in several posts I have noticed people refer to a caching nameserver. What exactly is that? It's a nameserver without local zone information except for root-hints and, perhaps, localhost. Would BIND 9.3.1 qualify? Yes. Most Linux distributions (if you're happen to use one) have a default configuration for bind to run as caching nameserver. Minimal bind config on a Debian system: -- options { directory /var/cache/bind; version none of your business; }; // prime the server with knowledge of the root servers zone . { type hint; file /etc/bind/db.root; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone localhost { type master; file /etc/bind/db.local; }; zone 127.in-addr.arpa { type master; file /etc/bind/db.127; }; zone 0.in-addr.arpa { type master; file /etc/bind/db.0; }; zone 255.in-addr.arpa { type master; file /etc/bind/db.255; }; -- HTH, Chris -- Christian Recktenwald : : citecs GmbH: [EMAIL PROTECTED] Unternehmensberatung fuer : voice +49 711 601 2090 : Boeblinger Strasse 189 EDV und Telekommunikation : fax +49 711 601 2092 : D-70199 Stuttgart
Re: What is a caching name server?
Hi yes Bind will become a caching only name server if you don;t have any local zone files to lookup. Basically think of it as a proxy with memory. It will remember previous look ups so it won't ask it's resolvers again (unless the timeout value on the record has been reached). -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 [EMAIL PROTECTED] wrote: Hello list, in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. Regards, Devin ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: SA Sometimes Being Bypassed?
Jake have a look at the output of spamassassin -D --lint mailmessage. You might be trusting the secondary MX or it might be bypassing you SA system altogether. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Jake Colman wrote: If my sendmail server is down, a backup MX in a different domain catches all my email. When my sendmail server comes back up, the backup MX dumps all the mail it's been holding for me. It seems that all the email sent to me in this manner bypasses my SA filtering. Why should this be? I beleive that what I am saying is accurate because if I examine the email headers for emails sent by the backup MX, they do not have my X-Spam headers. Thanks for any help. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: OT: Perl IMAP client
Kenneth here's what I use do just that - code originally from someone else. mangled slightly by me.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Kenneth Porter wrote: I'd like to knock together a utility for invoking SA against messages in an IMAP store, and it seems logical to build it as a Perl program using an IMAP package and Mail::SpamAssassin. Can anyone recommend a good Perl IMAP package? Server will be Dovecot on Fedora. My utility will take all messages in a folder of uncaught spam that aren't wrapped in a SA report, run them through the equivalent of sa-learn, wrap them in a SA report, and clear their seen/read state. Here's all the hits I get on CPAN for stuff about IMAP: http://search.cpan.org/search?m=allq=imaps=1n=100 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ** #!/usr/bin/perl -w use strict; use Mail::IMAPClient; use Shell; use Env qw(HOME); use Getopt::Long; use File::Temp qw/ tempfile tempdir /; my $imapserver = myimapserver; # set to 1 to enable imapclient debugging my $debug = 0; # set to 1 if running under cron (disables output) my $cron = 1; my $filename; my $fh; my %options = ( uid = undef, pwd = undef ); my $cmdsts = GetOptions (uid=s = \$options{uid}, pwd=s = \$options{pwd}); if (!$options {uid}) { die [SPAMASSASSIN] uid not set (-uid=username)\n; } if (!$options {pwd}) { die [SPAMASSASSIN] pwd not set (-pwd=password)\n; } my $uid = $options{uid}; my $pwd = $options{pwd}; # login to imap server my $imap = Mail::IMAPClient-new (Server=$imapserver, User=$uid, Password=$pwd, Debug=$debug) or die Can't connect to [EMAIL PROTECTED]: $@ $\n; if ($imap) { my $count; # Deal with spam first learn_mail ($HOME./spam/, .spam, INBOX.spam, 0, --spam --showdots --prefs-file=/opt/MailScanner/etc/spam.assassin.prefs.conf); # Now deal with ham learn_mail ($HOME./ham/, .ham, INBOX.ham, 0, --ham --showdots --prefs-file=/opt/MailScanner/etc/spam.assassin.prefs.conf); } else { die [SPAMASSASSIN] Unable to logon to IMAP mail account! $options{uid}\n; } exit; # # read and learn mail from imap server # # arguments # $dir directory to place retrieved messages in # $ext file extension to use on retrieved messages # $folder imap folder name on server # $shared 0 if imap folder is in users mailbox # 1 if imap folder is in shared name space or # $sa_args additional arguments to specify to sa-learn # (e.g. --spam or --ham) # sub learn_mail { my $dir = shift (@_); my $ext = shift (@_); my $folder = shift (@_); my $shared = shift (@_); my $sa_args = shift (@_); my $count = 0; # tidy up directory before run clear_directory ($dir, $ext); # read mail from server $count = read_mail ($dir, $ext, $folder, $shared); if ($count 0) { # learn about mail sa_learn ($dir, $ext, $sa_args); # tidy up files after sa-learn is called clear_directory ($dir, $ext); } } # # reads mail from an imap folder and saves in a local directory # # arguments # $dir directory to place retrieved messages in # $ext file extension to use on retrieved messages # $folder imap folder name on server # $shared 0 if imap folder is in users mailbox # 1 if imap folder is in shared name space or sub read_mail { my $dir = shift (@_); my $ext = shift (@_); my $folder = shift (@_); my $shared = shift (@_); my $count = 0; my $target = ; if ($shared) { # use a shared public folder instead my ($prefix, $sep) = @{$imap-namespace-[2][0]} or die Can't get shared folder namespace or seperator: [EMAIL PROTECTED]; $target = $prefix. ($prefix =~ /\Q$sep\E$/ || $folder =~ /^\Q$sep/ ? : $sep). $folder; } else { $target = $folder; } $imap-select ($target) or die Cannot select $target: [EMAIL PROTECTED]; # If a shared public folder is required uncomment the following # lines and comment out the previous $imap-select line # read through all messages my @msgs = $imap-search(ALL); foreach my $msg (@msgs) { ($fh, $filename) = tempfile (SUFFIX = $ext, DIR = $dir); $imap-message_to_file ($fh, $msg); close $fh; $count++; } $imap-delete_message (@msgs); if ($cron == 0) { print Retrieved $count messages from $target\n; } return $count; } # # Removes files in directory $dir with extension $ext # sub clear_directory{ my $dir = shift (@_); my $ext = shift (@_); opendir (DIR,
Re: What is a caching name server?
On 2005-05-19 22:15:41 -0700, [EMAIL PROTECTED] wrote: in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be http://www.google.com/search?q=caching+nameserver HTH. HAND. -- http://www.tm.oneiros.de
RE: Simple question TRUE or FALSE (More data to answer this question)
My Dl360 with dual 1.266ghz CPU's, 2GB of RAM, and dual 18GB mirrored scsi drives can only scan a message in 4-5 seconds. At least that was my scan time with a completely default setup, running spamd/spamass-milter, SA 3.0.1, RedHat FC2, and sendmail 8.13.1. I haven't checked in a while (since I updated SA, the milter, and sendmail), but I have a good feeling most of my processing time was spent waiting for DNS responses. Any input into my situation would be appreciated. I'd love to be able to get down to 2-3 seconds, basically cutting my processing time in half! I only checked the timings of the last 10 or so mails to show that it was much faster than the mentioned 20-30 seconds, but especially for you ;-) I now calculated the mean SA checktime of the last 7 days, on the 1Ghz/512MB server. And it is: 3.854 seconds. This server has Suse Linux, postfix 2.2.3, Amavisd-new 2.3.1, SA 3.03, Clamav, Razor, DCC. Network tests are enabled, no local DNS-server, only the standard SA CF files except for a small local.cf. Menno van Bennekom
Re: What is a caching name server?
in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. yes Bind will become a caching only name server if you don;t have any local zone files to lookup. Basically think of it as a proxy with memory. It will remember previous look ups so it won't ask it's resolvers again (unless the timeout value on the record has been reached). Really? 1) why would Bind NOT cache domain lookups for domains that are not listed in your local zone files? that seems rediculous. is there any way to host your company's domains in a Bind instance that also caches lookups? 2) is there a way to test a Bind server to make sure it is in fact caching its lookups? __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Re: What is a caching name server?
email builder wrote: in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. yes Bind will become a caching only name server if you don;t have any local zone files to lookup. Basically think of it as a proxy with memory. It will remember previous look ups so it won't ask it's resolvers again (unless the timeout value on the record has been reached). Really? 1) why would Bind NOT cache domain lookups for domains that are not listed in your local zone files? that seems rediculous. is there any way to host your company's domains in a Bind instance that also caches lookups? It will be a caching-only server if you don't have any local zone files. It will be both a caching server and a dns server once you add zones. 2) is there a way to test a Bind server to make sure it is in fact caching its lookups? __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ -- Roman Volf Keystreams Internet Solutions [EMAIL PROTECTED]
bayes learning
am i right in thinking that messages which are spam but have attracted low baysian scores should be sa-learn't appropriately. and messages which arent spam but have attracted (this is where i start to get a little confused) high baysian scores or just high SA scores (ie more than the spam threshold) I have a setup at the minute in the university where i have 2 spamd servers with 2 imap folders on one of them. this is used by a select group(the email technical group) to train bayes by copying *not forwarding* appropriate mails to it. questions pertinent to this setup follow... how should the bayes be taught?? should it be fed all spam mails i can get...? what about normal personal mails should it be fed those also... or is it only in the cases when they have been learned incorrectly previously is it ok to learn a message that has already been scanned by spamassassin... ie with the full SA headers etc also what about learning spam gotten through a mailing list.. ie recently i got a lot of the german spam through a couple of lists i sub to... should i learn them as ham or just leave them be...??? all these questions, are they frequently asked?? thanks ronan -- Regards Ronan McGlue Info. Services QUB
SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
I've been running quite a lot of sare rules on a site-wide SA installation for a month or two now. I've been keeping a fairly close eye on it, and there have been few false positives generally. But today I noticed that several e-mails are hitting both SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from (one specific address in) Ukraine to a Ukrainian in England, written in English. The scoring is such that the e-mail gets a score of 3.333 PLUS 4.0 - so only bayes saves it from being rejected (we reject at 5.5). I can re-score these rules (or remove sare_header0, which will lower the scores anyway), but I have 2 questions: - Is this a slightly unfair double-scoring? - Are there any other similar rules I should worry about, given that some Russian mail to this server is ham? -- Chris
Re: What is a caching name server?
in several posts I have noticed people refer to a caching nameserver. What exactly is that? It's a nameserver without local zone information except for root-hints and, perhaps, localhost. Would BIND 9.3.1 qualify? Yes. Both of our mail servers are also DNS boxes with real zones. Is there any way for BIND to act both as a normal DNS server for domains and also a caching nameserver? Regards, Devin
Re: What is a caching name server?
On 5/20/2005 11:52 AM +0200, [EMAIL PROTECTED] wrote: Both of our mail servers are also DNS boxes with real zones. Is there any way for BIND to act both as a normal DNS server for domains and also a caching nameserver? Yes, read the BIND documentation. Niek
Re: What is a caching name server?
http://cr.yp.to/djbdns.html simple, small, fast. -- Mirko Steiner Gesotec Soft- und Hardware GmbH Hilpertstr. 35 D-64295 Darmstadt Tel: +49 (6151) 66 777 50 Fax: +49 (6151) 66 777 59 http://www.gesotec.de
Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
Chris Lear wrote: But today I noticed that several e-mails are hitting both SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from (one specific address in) Ukraine to a Ukrainian in England, written in English. The scoring is such that the e-mail gets a score of 3.333 PLUS 4.0 - so only bayes saves it from being rejected (we reject at 5.5). I can re-score these rules (or remove sare_header0, which will lower the scores anyway), but I have 2 questions: - Is this a slightly unfair double-scoring? - Are there any other similar rules I should worry about, given that some Russian mail to this server is ham? These are actually in the header1 file, not header0, but surely they ought to be moved to the 70_sare_header_eng.cf as they hit non-English ham. Bob? And yes, the double scoring effect does seem rather over the top to me, even for sites that don't expect any Cyrillic ham. John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages- www.tradoc.fr
Re: spamassassin fetchmail qmail (RELAYCLIENT=)
* Mirko Steiner [EMAIL PROTECTED] [2005-05-20 09:31]: Fri, 20 May 2005 09:10:37 CEST:53653: spamassassin: don't scan as RELAYCLIENT implies this was sent by a local user Mirko, yepp. Your question might find better answers in the qmail-scanner mailing list. In the FAQ [1] I find (Q18): If you explicitly want to scan some/all local SMTP clients email too, then set QS_SPAMASSASSIN=on within the tcpserver rules file. [1] http://qmail-scanner.sourceforge.net/FAQ.php So you might either set QS_SPAMASSASSIN=on for all mail from 127.0.0.1 to enable SA for every local mail (this will work but might not be what you want) or you find a way to set this within your fetchmail-to-qmail invocation. HTH, alex -- Alex Pleinerzeitform Internet Dienste mailto:[EMAIL PROTECTED] Fraunhoferstraße 5 PGP S/MIME: http://key.zeitform.de/ap 64283 Darmstadt, Germany Tel./Fax: +49 (0) 6151 155-635 / -634 http://www.zeitform.de Jabber: [EMAIL PROTECTED]
Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
* John Wilcock wrote (05/20/05 10:51): Chris Lear wrote: But today I noticed that several e-mails are hitting both SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251. These are ham, sent from (one specific address in) Ukraine to a Ukrainian in England, written in English. The scoring is such that the e-mail gets a score of 3.333 PLUS 4.0 - so only bayes saves it from being rejected (we reject at 5.5). I can re-score these rules (or remove sare_header0, which will lower the scores anyway), but I have 2 questions: - Is this a slightly unfair double-scoring? - Are there any other similar rules I should worry about, given that some Russian mail to this server is ham? These are actually in the header1 file, not header0, but surely they ought to be moved to the 70_sare_header_eng.cf as they hit non-English ham. Bob? They're in my header0.cf from sare/rules du jour. And in header.cf with a lower score as well. Have I got the wrong files? RulesDuJour $ grep SARE_FROM_CHAR_W1251 * 70_sare_header.cf:headerSARE_FROM_CHAR_W1251 From:raw =~ /\=\?Windows-1251\?/i 70_sare_header.cf:describe SARE_FROM_CHAR_W1251 Displays in unexpected charset 70_sare_header.cf:score SARE_FROM_CHAR_W1251 1.666 70_sare_header.cf:#ham SARE_FROM_CHAR_W1251 Found in some Russian ham 70_sare_header.cf:#hist SARE_FROM_CHAR_W1251 Created by Bob Menschel May 17 2004 70_sare_header.cf:#counts SARE_FROM_CHAR_W1251 245s/4h of 238550 corpus (112525s/126025h RM) 02/28/05 70_sare_header.cf:#counts SARE_FROM_CHAR_W1251 640s/0h of 54176 corpus (16997s/37179h JH-3.01) 02/01/05 70_sare_header.cf:#counts SARE_FROM_CHAR_W1251 0s/0h of 17050 corpus (14617s/2433h MY) 08/08/04 70_sare_header0.cf:headerSARE_FROM_CHAR_W1251 From:raw =~ /\=\?Windows-1251\?/i 70_sare_header0.cf:describe SARE_FROM_CHAR_W1251 Displays in unexpected charset 70_sare_header0.cf:score SARE_FROM_CHAR_W1251 4.000 70_sare_header0.cf:#stypeSARE_FROM_CHAR_W1251 spamgg 70_sare_header0.cf:#hist SARE_FROM_CHAR_W1251 Created by Bob Menschel May 17 2004 70_sare_header0.cf:#counts SARE_FROM_CHAR_W1251 180s/0h of 66979 corpus (41757s/25222h RM) 09/04/04 70_sare_header0.cf:#counts SARE_FROM_CHAR_W1251 209s/0h of 38398 corpus (14914s/23484h JH) 08/14/04 TM2 SA3.0-pre2 70_sare_header0.cf:#counts SARE_FROM_CHAR_W1251 0s/0h of 17050 corpus (14617s/2433h MY) 08/08/04 -- Chris
Re: German Spam local.conf
[EMAIL PROTECTED] wrote: I would like to be removed from this distrubtion list, anyone have an idea how to do that? Yes in the headers: [EMAIL PROTECTED] -- Thanks, James
Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
Chris Lear wrote: They're in my header0.cf from sare/rules du jour. And in header.cf with a lower score as well. Have I got the wrong files? Methinks you have an old header0.cf that is no longer being updated - these rules aren't in the current header0 on rulesemporium.com. And in any case you shouldn't be using header and header0 together... John. -- -- Over 2500 webcams from ski resorts around the world - www.snoweye.com -- Translate your technical documents and web pages- www.tradoc.fr
Re: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
* John Wilcock wrote (05/20/05 12:15): Chris Lear wrote: They're in my header0.cf from sare/rules du jour. And in header.cf with a lower score as well. Have I got the wrong files? Methinks you have an old header0.cf that is no longer being updated - these rules aren't in the current header0 on rulesemporium.com. OK, thanks. I'll try to find out what's wrong with my Rules du Jour. And in any case you shouldn't be using header and header0 together... I didn't know that. I'll fix that as well. Thanks for your help. -- Chris
Re: spamassassin fetchmail qmail (RELAYCLIENT=)
Alex Pleiner wrote: yepp. Your question might find better answers in the qmail-scanner mailing list. wooops, sorry, i thought this is a configuration issue by SA... so i havn't take a look arround by the other software websites... thanks a lot! -- Mirko Steiner Gesotec Soft- und Hardware GmbH Hilpertstr. 35 64295 Darmstadt Tel: +49 (6151) 66 777 50 Fax: +49 (6151) 66 777 59 www.gesotec.com
setup spamassassin on Fedora 2
Hi, I'm setting up SpamAssassin by following the instructions on this website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ Has anyone used the instructions on this website and setup SpamAssassin successfully? My server (loaded with Fedora 2) doesn't seem to have xfilter. where can I get it? And, if anyone has other pointers to how to setup SpamAssassin with Postfix on Fedora 2, please let me know. Thanks, Jennifer
Re: What is a caching name server?
On Friday 20 May 2005 01:15, [EMAIL PROTECTED] wrote: Hello list, in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. Regards, Devin On my systems, there is an 'nscd'. Is this not a Name Service Caching Daemon? Docs seem to be sparse for it here though. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) 99.34% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
Re: setup spamassassin on Fedora 2
--On Friday, May 20, 2005 9:07 AM -0400 Jennifer Lai [EMAIL PROTECTED] wrote: I'm setting up SpamAssassin by following the instructions on this website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ You're using FC2, which is RPM-based, so use the SpamAssassin RPM to install. It comes with FC2. Use yum to install it: yum install spamassassin. Same with postfix or sendmail. For bleeding-edge SA, check the SA website and the list archives for how to rebuild SA using the source RPM. (We might even have a wiki page on this.)
Re: What is a caching name server?
nscd is a Solaris daemon (perhaps other OSs as well) that caches gethostbynam()/gethostbyaddr() lookups (and others of that ilk), but not all of the DNS lookups that SpamAssassin uses (I think SpamAssassin may specifically bypass some of those by use Net::DNS directly instead of the built-in OS resolver routines). nscd is controlled by parameters in /etc/nscd.conf. You may see big performance gains for IP and name lookup if you tune the negative caching paremters up on busy mail servers, in any case. David. - On Fri, 20 May 2005, Gene Heskett wrote: On Friday 20 May 2005 01:15, [EMAIL PROTECTED] wrote: Hello list, in several posts I have noticed people refer to a caching nameserver. What exactly is that? Would BIND 9.3.1 qualify? Any advice would be greatly appreciated. Regards, Devin On my systems, there is an 'nscd'. Is this not a Name Service Caching Daemon? Docs seem to be sparse for it here though. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) 99.34% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
RE: What is a caching name server?
2) is there a way to test a Bind server to make sure it is in fact caching its lookups? dig(1) - Linux man page ... dig (domain information groper) is a flexible tool for interrogating DNS name servers. http://www.die.net/doc/linux/man/man1/dig.1.html
Re[2]: SARE_CHARSET_W1251 and SARE_FROM_CHAR_W1251
Hello Chris, John, Friday, May 20, 2005, 3:47:55 AM, you wrote: I can re-score these rules (or remove sare_header0, which will lower the scores anyway), but I have 2 questions: - Is this a slightly unfair double-scoring? - Are there any other similar rules I should worry about, given that some Russian mail to this server is ham? These are actually in the header1 file, not header0, but surely they ought to be moved to the 70_sare_header_eng.cf as they hit non-English ham. Bob? CL They're in my header0.cf from sare/rules du jour. And in header.cf with CL a lower score as well. Have I got the wrong files? Yes, your header0 is old. Both rules are in header1 in the current versions. You need to fix your RDJ for header0, or just delete it, since header0 through header3 are included in header.cf Yes, you can and maybe should provide a lower score, at least temporarily. Yes, they should be moved to header_eng, and will be this weekend. Meanwhile, is it possible for you to send me some samples of the ham? If I add that to my corpus, it'll be taken into account in the next rescoring. Bob Menschel
RE: sa-learn and big messages
Along those same lines, is the message limit of 250K with or without attachments? Steven -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Thursday, May 19, 2005 3:56 PM To: Jim Maul Cc: Ingo Reinhart; users@spamassassin.apache.org Subject: Re: sa-learn and big messages Jim Maul wrote: Ingo Reinhart wrote: Hello! If I commit a big mail (32 MB) to sa-learn it need long time. I must wait 50 sec. and the sa-learn process need 332 MB RAM. What can I do for faster proceed? Ingo um..since messages over 250k (default) wont be scanned by SA, why bother sa-learning anything over this limit? Sa isnt going to scan it anyway. -Jim Minor Note of Clarification: that 250k default limit applies to those who use spamd, which admittedly Ingo does use. But it is not inherent in spamassassin in general (i.e. those using the API or spamassassin command-line don't have this feature unless implemented elsewhere)
Custom rule
I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar . How would I do this?
Re: SA Sometimes Being Bypassed?
MK == Matt Kettler [EMAIL PROTECTED] writes: MK Jake Colman wrote: If my sendmail server is down, a backup MX in a different domain catches all my email. When my sendmail server comes back up, the backup MX dumps all the mail it's been holding for me. It seems that all the email sent to me in this manner bypasses my SA filtering. Why should this be? I beleive that what I am saying is accurate because if I examine the email headers for emails sent by the backup MX, they do not have my X-Spam headers. MK How do you call spamassassin for your normal mail? MK Without knowing how normal mail gets to SA, it's hard to guess why MK mail from the secondary isn't getting to SA. I use a /etc/procmailrc with the following contents: DROPPRIVS=yes ##LOGFILE=/var/log/procmail PATH=/usr/bin:/usr/local/bin MAILDIR=$HOME/mail :0: * ^Subject:.*SPAM caughtspam :0fw * 256000 | spamc :0: * ^X-Spam-Status: Yes caughtspam This should file all emails flagged with SPAM in the subject (my emails get pre-filtered by a relay box) in a 'caughtspam' folder. All other mails are piped through spamc and then, if X-Spam-Status is 'Yes', they also get filed in 'caughtspam'. -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Re: Custom rule
- Original Message - From: Joe Zitnik I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar . How would I do this? How about delivering it before spamassassin sees it in procmail?: :0 * ^Content-Transfer-Encoding:.*base64 * ^Content-(Type|Disposition):.*$?.*name.*=.*\.(bar|xxx|yyy|zzz) $DEFAULT
Re: rulesdujour and old copies of rule files
Hi Peter, Peter Kiem wrote: Hi, I've noticed there is a buildup of old rules in my /etc/mail/spamassassin/RulesDuJour directory like this 109543 May 10 19:07 bogus-virus-warnings.cf 92609 Aug 10 2004 bogus-virus-warnings.cf.20040819-0402 93896 Aug 19 2004 bogus-virus-warnings.cf.20040823-0423 94241 Aug 23 2004 bogus-virus-warnings.cf.20040909-0403 94292 Sep 9 2004 bogus-virus-warnings.cf.20041101-0453 100387 Oct 30 2004 bogus-virus-warnings.cf.20041103-0434 100389 Nov 2 2004 bogus-virus-warnings.cf.20041109-0406 100721 Nov 8 2004 bogus-virus-warnings.cf.20041217-0418 103643 Dec 16 08:23 bogus-virus-warnings.cf.20041218-0453 103635 Dec 17 10:44 bogus-virus-warnings.cf.20050103-0436 104973 Jan 2 05:22 bogus-virus-warnings.cf.20050114-0501 105986 Jan 13 18:43 bogus-virus-warnings.cf.20050520-0903 Since it seems to be just a history of the script changes can I delete all these except for the first file? Yes, you may delete everything in that directory (even the first file, if you feel like it). Also, does spam assassin ONLY look in the /etc/mail/spamassassin folder and no deeper or does it recurse into all subdirectories in there as well? Correct, SA only reads /etc/mail/spamassassin/*.cf and does not recurse. Chris Thielen signature.asc Description: OpenPGP digital signature
Re: Custom Rule
I try never to admit this, but we have spamassassin running on a windows box with a third party app. Users send e-mails with .bar attachments. Some are getting hit as spam because of content. I'd like a rule that says if you have a .bar extension on an attachment, let me in.
Re: sa-learn and big messages
Steven Manross wrote: Along those same lines, is the message limit of 250K with or without attachments? That's raw message size, including attachments, encoding, and everything else. Spamc isn't even aware of attachments, so it just looks at the whole message size.
Re: setup spamassassin on Fedora 2
Kenneth Porter wrote: website, http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ http://www.firstpr.com.au/web-mail/Postfix-SA-Anomy-Maildrop/ I'm setting up SpamAssassin by following the instructions on this You're using FC2, which is RPM-based, so use the SpamAssassin RPM to install. It comes with FC2. Use yum to install it: yum install spamassassin. Same with postfix or sendmail. For bleeding-edge SA, check the SA website and the list archives for how to rebuild SA using the source RPM. (We might even have a wiki page on this.) Latest and greatest pre-built at atrpms.net: http://www.atrpms.net/ Along with handy yum, apt-get and up2date config help. Mick
Re: Custom rule
Joe Zitnik wrote: I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar . How would I do this? You'd need to use a full rule, as body and rawbody won't be able to see the mime section headers. You'll want to have the rule target headers like this: Content-Disposition: attachment; filename=EVI-Attachment-Warning.txt Sometimes, these headers wrap like this one: Content-Disposition: attachment; filename=00_non_deliverable.cf A full rule won't cover the linewrap, so you need to include an optional \s or . after the attachment part. So something like this should work: full L_FOO_BAR /Content-Disposition: attachment;.{0,30} filename=.{0,50}\.foo\.bar/i Some files can have an inline disposition, but I doubt your in-house extension does. That's usually used for text, html and/or graphics that a mail client can render.
Re: --lint tells me I need 0.34 dns
On Fri, May 20, 2005 at 12:08:05AM -0700, Justin Mason wrote: It might make sense to turn some of those optional-but-recommended dependencies into requirements, in packages for platforms where apt-get-style systems are available; if the user doesn't have to do additional work to get them, then we should get them by default. As I was saying, that's up to the distro people to figure out. If they make available appropriate revisions of different modules, they can update the spec file appropriately. We can't really guess what resources people have available. apt-get/up2date/yum/etc may not be used. In this case, I can build RPM for most any platform, it's a package management system, not a package distribution system. ;) The argument is basically: make it easier for users. Which is a good goal, but think about this scenario: We suggest people build their own RPMs from our source, they try and find that Net::DNS 0.34 is required, but their (choosing details randomly) Fedora Core 1 distro only includes 0.31. Now what? We've just made their lives more difficult. I'd rather have SA install and function, and then if people want to enable extra functionality they jump through hoops then having them do the hoops to use SA at all. -- Randomly Generated Tagline: Bender: Aw, I think I got whiplash. Leela: You can't have whiplash, you don't have a neck. Bender: I meant ass whiplash. pgpLuaffG6PN6.pgp Description: PGP signature
Re: SA Sometimes Being Bypassed?
Jake Colman wrote: MK == Matt Kettler [EMAIL PROTECTED] writes: MK Jake Colman wrote: If my sendmail server is down, a backup MX in a different domain catches all my email. When my sendmail server comes back up, the backup MX dumps all the mail it's been holding for me. It seems that all the email sent to me in this manner bypasses my SA filtering. Why should this be? I beleive that what I am saying is accurate because if I examine the email headers for emails sent by the backup MX, they do not have my X-Spam headers. MK How do you call spamassassin for your normal mail? MK Without knowing how normal mail gets to SA, it's hard to guess why MK mail from the secondary isn't getting to SA. I use a /etc/procmailrc with the following contents: Hmmm, does the unscanned mail get delivered to a mailbox on the server running procmail, or does it go around it? Check your Received: headers.
Re: SA Sometimes Being Bypassed?
Martin Hepworth wrote: Jake have a look at the output of spamassassin -D --lint mailmessage. You might be trusting the secondary MX or it might be bypassing you SA system altogether. SpamAssassin's concept of trust has nothing to do with it. There's no X-Spam-* headers, so SA is being bypassed completely. SA ALWAYS adds at least X-Spam-Checker-Version header, regardless of trust. (unless you use spamc and the size is over the limit for -s). Based on the procmail config that Jake posted, one of the following must be true: 1) the messages are too large to be scanned (250k) and thus being bypassed by spamc (250k-255k) or his procmail rule (256k). 2) the messages from the secondary are never reaching the box that runs SA via procmail, and are being delivered to a mailbox elsewhere. 3) The messages from the secondary are reaching the box running SA via procmail, but are relayed without local delivery. (procmail only gets called as the message is delivered on the local box) I suspect 2). Particularly if there's some kind of fetchmail, multi-server-pop-client, or internal groupware server involved in the picture. 3) Is really a theoretical problem, it's possible but highly unlikely. You'd have a pretty weird server that relays mail for a user only if it came in from a secondary MX. Looking at the Received: path and size of some of the messages should clear up what's going on.
whitelists
Should local whitelists go into /etc/mail/spamassassin/local.cf or /etc/MailScanner/rules/spam.whitelist.rules ? Is one more effective than the other? thanks E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized county official. If you have received this communication in error , please do not distribute it. Please notify the sender by E-mail at the address shown and delete the original message. Thank you
Re: SA Sometimes Being Bypassed?
Let me explain this system, since it might be relevant to the discussion. This is a simple home-based network server that is processing mail for its own domain. This domain (jnc.com) is known to the world and all email sent to [EMAIL PROTECTED] is delivered to the sendmail running on my box. All users have their mailboxes on this system and they use imap to view their email. Since this machine has a dynamic IP address I use dyndns to host the DNS and MX entries for jnc.com. I also use them a a mail relay to forward all my email to my sendmail server and as a backup MX if my server is down. When my server is up, all email is processed by my SA. If my server is down, my email is held for me at the backup MX. When my server comes back, the backup MX sends me all my email. It appears to me that when my email is delivered in that scenario that it bypassed my SA. Is this at all possible? Or if it works for one scenario it must work for both? The size of the email should not be an issue since it is all the standrd spam crap we all get. ...Jake MK == Matt Kettler [EMAIL PROTECTED] writes: MK Martin Hepworth wrote: Jake have a look at the output of spamassassin -D --lint mailmessage. You might be trusting the secondary MX or it might be bypassing you SA system altogether. MK SpamAssassin's concept of trust has nothing to do with it. MK There's no X-Spam-* headers, so SA is being bypassed completely. MK SA ALWAYS adds at least X-Spam-Checker-Version header, regardless of trust. MK (unless you use spamc and the size is over the limit for -s). MK Based on the procmail config that Jake posted, one of the following must be true: MK 1) the messages are too large to be scanned (250k) and thus being bypassed by MK spamc (250k-255k) or his procmail rule (256k). MK 2) the messages from the secondary are never reaching the box that runs SA via MK procmail, and are being delivered to a mailbox elsewhere. MK 3) The messages from the secondary are reaching the box running SA via procmail, MK but are relayed without local delivery. (procmail only gets called as the MK message is delivered on the local box) MK I suspect 2). Particularly if there's some kind of fetchmail, MK multi-server-pop-client, or internal groupware server involved in the picture. MK 3) Is really a theoretical problem, it's possible but highly unlikely. You'd MK have a pretty weird server that relays mail for a user only if it came in from a MK secondary MX. MK Looking at the Received: path and size of some of the messages should clear up MK what's going on. -- Jake Colman Sr. Applications Developer Principia Partners LLC Harborside Financial Center 1001 Plaza Two Jersey City, NJ 07311 (201) 209-2467 www.principiapartners.com
Re: Custom rule
A couple of further questions. I was looking through your howto on the spamassassin site, and didn't see any info on full type rules. So where I would normally put header, body, etc, I'd put full, correct? Is there some way I could eliminate the /Content-Disposition: attachment;.{0,30} portion of the rule and just search for the filename=.{0,50}\.foo\.bar/i portion of the rule, since because the extension is specific to our organization, a match on that filename would be enough? Matt Kettler [EMAIL PROTECTED] 5/20/2005 11:16:58 AM Joe Zitnik wrote: I'd like to write a custom rule that would allow e-mail in from users that have an attachment with a weird in house extension like foo.bar . How would I do this?You'd need to use a full rule, as body and rawbody won't be able to see the mimesection headers.You'll want to have the rule target headers like this:Content-Disposition: attachment; filename="EVI-Attachment-Warning.txt"Sometimes, these headers wrap like this one:Content-Disposition: attachment; filename="00_non_deliverable.cf"A full rule won't cover the linewrap, so you need to include an optional \s or .after the attachment part.So something like this should work:full L_FOO_BAR /Content-Disposition: attachment;.{0,30}filename=.{0,50}\.foo\.bar/iSome files can have an inline disposition, but I doubt your in-house extensiondoes. That's usually used for text, html and/or graphics that a mail client canrender.
Re: Custom rule
Joe Zitnik wrote: A couple of further questions. I was looking through your howto on the spamassassin site, and didn't see any info on full type rules. So where I would normally put header, body, etc, I'd put full, correct? Yes. full is a rule type that examines the full message text. I didn't cover them in the howto because they're not commonly used. Their primary use is in examining mime boundaries, or in examining base64 or QP encodings that both body and rawbody rules can't see. You can find a description of the full keyword in the Mail::SpamAssassin::Conf manpage. Is there some way I could eliminate the /Content-Disposition: attachment;.{0,30} portion of the rule and just search for the filename=.{0,50}\.foo\.bar/i portion of the rule, since because the extension is specific to our organization, a match on that filename would be enough? Yes, that would in general be fine. I made it a bit more specific that needed, with the expectation you could trim it down as desired. Also, I thought you wanted to match filename.foo.bar instead of filename.bar, so you can ditch the \.foo part.
Re: whitelists
Thomas Deaton wrote: Should local whitelists go into /etc/mail/spamassassin/local.cf or /etc/MailScanner/rules/spam.whitelist.rules ? Is one more effective than the other? They operate differently, and in general the MailScanner level whitelist (spam.whitelist.rules) is better than using SA's whitelists in local.cf. However, beware that this file is a MailScanner file, and does not accept SpamAssassin whitelist_from type syntax. MailScanner's whitelist can also act on the relay IP. SA's whitelists, while useful, are in general a little bit of a hack intended to help those who can't do whitelisting at a higher layer. Tools above SA have clear access to the message envelope, and tend to suffer less from the ambiguities that SA suffers from when guessing at the envelope based on hints in the message headers.
Re: --lint tells me I need 0.34 dns
- Original Message - From: [EMAIL PROTECTED] Yes. 0.34 is necessary for SpamAssassin 3.0. two questions: 1. What breaks in SA when using Net::NDS version 0.31 ? Nothing should break. The INSTALL file states that spamassassin will silently skip certain tests if/when a particular perl module is not installed or not up to a required version. 2. What is the easiest way to update Net::DNS to 0.34 ? This was very easy: perl -MCPAN -e shell[as root] o conf prerequisites_policy ask install Net::DNS quit which is cool for just updating a particular perl module. I did it for the first time yesterday on two FC1 systems. Then use a spamassassin 3.x.x. rpm to install the main program and restart the daemon. It's documented in the middle of the INSTALL file. -eric wood