Supported Userpref with MySQL on SA 3.02

[bruno . delladucata]

Hello All 

I'm not sure which settings are supported
when using userprefs with a mysql db

In the sql-readme file from SA i found
a restriction:
"Note that this will NOT look for
test rules, only local scores, 
whitelist_from(s), required_score, and
auto_report_threshold."

But in the page from Dallas Engelken
http://wiki.apache.org/spamassassin/UsingSQL
i saw many other settings, like:
[EMAIL PROTECTED]      
 use_razor2          1
[EMAIL PROTECTED]         use_bayes    
      1
[EMAIL PROTECTED]         use_pyzor    
        1
[EMAIL PROTECTED]         use_dcc    
     1
[EMAIL PROTECTED]         skip_rbl_checks  
     0
[EMAIL PROTECTED]        ok_languages  
      en        
[EMAIL PROTECTED]         ok_locales  
        en        

Is there a complete list of all supported
settings with sql?

Thanks for any help

Bruno

SA 3.04 and RHEL4, Net::DNS isn't working

[Steven Stern]

On a brand new RHEL4 installation, I've having problems with Net::DNS:

debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.51
debug: trying (3) apache.org...
debug: looking up NS for 'apache.org'
debug: NS lookup of apache.org failed horribly => Perhaps your 
resolv.conf isn't pointing at a valid server?
debug: All NS queries failed => DNS unavailable (set dns_available to 
override)

debug: is DNS available? 0



Dig is able to find apache.org.  I've seen some posts on downgrading 
Net::DNS, but I can't find explicit instructions on how to do it.


I installed it via CPAN inside perl.


--

   Steve

Re: Phishing: My rule and thoughts

[hamann . w]

Thank you for the report but is it fair to run masses for filtering
phishing emails ? Phishing emails are not sent using the same bulk mailing
software spammers use. Spammers most of the time dont even understand SMTP
451 retry but phishermen do. Also, phish doesn't go with spam and ham..its
seafood for godsake :)

> On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote:
>> >Here is my custom spamass rule file  to block Phishing emails. Please
>> note
>> >that this is aggressive and you may want to lower scores. But I refuse
>> to
>> >lower scores for my mail server :)
>

Hi Murty,

I just believe that you can have legitimate emails where ebay and an unrelated 
url
go together  as a very simple case a friend might write he got / is trying 
to get a product through
ebay that is described on some site.
There has been a discussion about writing a plugin that could discover visible 
links vastly
different from their urls.
However, at least ebay works together with some company that uses 
ebay.someserver.com
style addresses that tend to look like phish at first glance

Wolfgang Hamann

Re: Problems after update SA 2.64 => 3.0.4

[Loren Wilton]

Theo, I thought the warning on rule name length and description length had 
either been eliminated to drastically lengthened for non-English rules.  Or was 
this only in the 3.1 stream?  I know there was work done on this somewhere.

   Loren

Re: Problems after update SA 2.64 => 3.0.4

[Theo Van Dinter]

On Tue, Jun 21, 2005 at 06:05:10AM +0200, Jim Knuth wrote:
> sorry, but that`s not all. lint has 187 issues detected. Which is
> (see attachment warning.txt)

The warnings are all covered by my previous message.  The description over 50
chars warning is known and apparently unavoidable for German.  The
non-existent rules should definitely not be in there.

> ok. Yes I use the locale for Germany. Can I delete the
> language files? You know, I use SA with amavis and the notify
> comes from there (not really). ;-)

These warnings are, well, just warnings.  They do not cause you problems with
running SpamAssassin.  If you wish, you could change the locale for
SpamAssassin to something other than German, but I would just suggest not
worrying about this.

-- 
Randomly Generated Tagline:
   Robot priest: And so we commend Vladimir's remains to the earth: 
filings to filings, rust to rust.


pgpsXNeUPGTPG.pgp
Description: PGP signature

Re: Problems after update SA 2.64 => 3.0.4

[Jim Knuth]

Hallo und guten Morgen Theo,

Heute (am 21.06.2005 - 05:28 Uhr)
   schriebst Du: 


> lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste 
> (www.isipp.com)

sorry, but that`s not all. lint has 187 issues detected. Which is
(see attachment warning.txt)



-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867
 PGP Fingerprint: 
 54C9 1A46 D3B2 95B6 454D 
 74FA AC73 773E 1F78 066F
--
Zufalls-Zitat
--
Wenn du siehst, wen einige Mädchen heiraten, weißt du, wie 
sehr sie es hassen müssen, ihren Lebensunterhalt selbst zu 
verdienen. (Helen Rowland)
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--

Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005warning: description for HTML_SHOUTING4 is over 50 chars
warning: description for CLICK_TO_REMOVE_1 is over 50 chars
warning: description for RCVD_IN_SORBS_SMTP is over 50 chars
warning: description for OFFSHORE_SCAM is over 50 chars
warning: description for FROM_WEBMAIL_END_NUMS6 is over 50 chars
warning: description for DIGEST_MULTIPLE is over 50 chars
warning: description for MIME_BOUND_DIGITS_15 is over 50 chars
warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T
warning: description for MAILTO_SUBJ_REMOVE is over 50 chars
warning: description for DRUG_ED_SILD is over 50 chars
warning: description for HDR_ORDER_MTSRIX is over 50 chars
warning: description for NORMAL_HTTP_TO_IP is over 50 chars
warning: description for RCVD_IN_XBL is over 50 chars
warning: description for EXCUSE_4 is over 50 chars
warning: description for RCVD_IN_MAPS_DUL is over 50 chars
warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST
warning: description for HTML_SHOUTING5 is over 50 chars
warning: description for MAILTO_TO_SPAM_ADDR is over 50 chars
warning: description for RCVD_IN_RSL is over 50 chars
warning: description for MIME_QP_LONG_LINE is over 50 chars
warning: description for HASHCASH_HIGH is over 50 chars
warning: description for DATE_IN_FUTURE_96_XX is over 50 chars
warning: description for DCC_CHECK is over 50 chars
warning: description for X_MSMAIL_PRIORITY_HIGH is over 50 chars
warning: description for DATE_IN_FUTURE_48_96 is over 50 chars
warning: description for MSGID_OUTLOOK_INVALID is over 50 chars
warning: description for DRUGS_ERECTILE_OBFU is over 50 chars
warning: description for FORGED_RCVD_HELO is over 50 chars
warning: description for MSGID_SPAM_99X9XX99 is over 50 chars
warning: description for RATWARE_EGROUPS is over 50 chars
warning: description for UPPERCASE_75_100 is over 50 chars
warning: description for FORGED_QUALCOMM_TAGS is over 50 chars
warning: description for MICRO_CAP_WARNING is over 50 chars
warning: description for INVALID_TZ_EST is over 50 chars
warning: description for SUBJ_HAS_UNIQ_ID is over 50 chars
warning: description for UPPERCASE_25_50 is over 50 chars
warning: description for RCVD_HELO_IP_MISMATCH is over 50 chars
warning: description for DATE_IN_FUTURE_06_12 is over 50 chars
warning: description for HDR_ORDER_TRIMRS is over 50 chars
warning: description for RATWARE_OE_MALFORMED is over 50 chars
warning: description for EXCUSE_3 is over 50 chars
warning: description for RCVD_IN_MAPS_RBL is over 50 chars
warning: description for BILL_1618 is over 50 chars
warning: description for ALL_TRUSTED is over 50 chars
warning: description for HTML_NONELEMENT_30_40 is over 50 chars
warning: description for FORGED_THEBAT_HTML is over 50 chars
warning: description for RCVD_IN_SORBS_SOCKS is over 50 chars
warning: description for MSGID_SPAM_ALPHA_NUM is over 50 chars
warning: description for RCVD_IN_SBL is over 50 chars
warning: description for RATWARE_HASH_2_V2 is over 50 chars
warning: description for ROUND_THE_WORLD is over 50 chars
warning: description exists for non-existent rule T_RCVD_IN_CSMA_BL
warning: description for RATWARE_GECKO_BUILD is over 50 chars
warning: description for MSGID_YAHOO_CAPS is over 50 chars
warning: description for MIME_HEADER_CTYPE_ONLY is over 50 chars
warning: description for REMOVE_POSTAL is over 50 chars
warning: description for RATWARE_RCVD_LC_ESMTP is over 50 chars
warning: description for NO_RDNS_DOTCOM_HELO is over 50 chars
warning: description for DATE_IN_PAST_12_24 is over 50 chars
warning: description for MIME_BOUND_RKFINDY is over 50 chars
warning: description for HTTP_CTRL_CHARS_HOST is over 50 chars
warning: description for RCVD_IN_SORBS_DUL is over 50 chars
warning: description for DATE_IN_FUTURE_12_24 is over 50 chars
warning: description for MSGID_SPAM_ZEROES is over 50 chars
warning: description for HTML_SHOUTING3 is over 50 chars
warning: description for EXCUSE_6 is over 50 chars
warning: description for X_ORIG_IP_NOT_IPV4 is over 50 chars
warning: description for DRUGS_SLEEP_EREC is over 50 chars
warning: description for FORGED_JUNO_RCVD is over 50 chars
warning: description for PRIORITY_NO_NAME is over 50 chars
warning: description for FROM_HAS_MIXED_NUMS3 is over 50 chars
w

Re: Problems after update SA 2.64 => 3.0.4

[Jim Knuth]

Hallo und guten Morgen Theo,

Heute (am 21.06.2005 - 05:28 Uhr)
   schriebst Du: 

> Aha.  So there are three things here.  First, I misread the warning.
> Second, you are running with a locale for Germany, so you get the rule
> descriptions from 30_text_de.cf.  Third, the rule translations have a
> known issue where German, in particular, tend to have long descriptions,
> over the 50 character length that lint will alert on.  Also, the German
> description file seems to include:

> lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste 
> (www.isipp.com)

ok. Yes I use the locale for Germany. Can I delete the
language files? You know, I use SA with amavis and the notify
comes from there (not really). ;-)


> I opened up a ticket to clean this up
> for a future 3.0.5 release:

> http://bugzilla.spamassassin.org/show_bug.cgi?id=4413

Thank you.


-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867
 PGP Fingerprint: 
 54C9 1A46 D3B2 95B6 454D 
 74FA AC73 773E 1F78 066F
--
Zufalls-Zitat
--
Ein richtiger Optimist ist wie ein Dieb: Er nimmt die Dinge 
zu leicht. (Peter Frankenfeld)
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--

Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005

Re: Problems after update SA 2.64 => 3.0.4

[Theo Van Dinter]

On Tue, Jun 21, 2005 at 04:59:30AM +0200, Jim Knuth wrote:
> >> warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T
> 
> Mmh. wget from
> http://www.apache.de/dist/spamassassin/source/Mail-SpamAssassin-3.0.4.tar.gz
> I`ts no development.

Aha.  So there are three things here.  First, I misread the warning.
Second, you are running with a locale for Germany, so you get the rule
descriptions from 30_text_de.cf.  Third, the rule translations have a
known issue where German, in particular, tend to have long descriptions,
over the 50 character length that lint will alert on.  Also, the German
description file seems to include:

lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste 
(www.isipp.com)

Which it really shouldn't have at all.  I opened up a ticket to clean this up
for a future 3.0.5 release:

http://bugzilla.spamassassin.org/show_bug.cgi?id=4413


However, the length warnings are summed up here:

http://bugzilla.spamassassin.org/show_bug.cgi?id=2181


-- 
Randomly Generated Tagline:
Silly rabbit, tricks are for hookers!


pgpGKadpJ9EXS.pgp
Description: PGP signature

Re: Problems after update SA 2.64 => 3.0.4

[Jim Knuth]

Hallo und guten Morgen Theo,

Heute (am 21.06.2005 - 04:33 Uhr)
   schriebst Du: 

> On Tue, Jun 21, 2005 at 03:41:41AM +0200, Jim Knuth wrote:
>> I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new
>> 2.3.1. When I try spamassassin --lint -D comes:
>> 
>> warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T

> Hrm.  You seem to have some development rule files installed, old ones
> at that.  There hasn't been a T_RCVD_IN_IADB_LIST_* file in ages.

Mmh. wget from
http://www.apache.de/dist/spamassassin/source/Mail-SpamAssassin-3.0.4.tar.gz
I`ts no development.

> I'd find out what files are being read (spamassassin -D), and clean out
> the old ones...  You may wish to remove all traces of SA and reinstall
> 3.0.4 in case there are also perl modules and such which could cause
> you problems.


I`ve new installed, but is the same error.


-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867
 PGP Fingerprint: 
 54C9 1A46 D3B2 95B6 454D 
 74FA AC73 773E 1F78 066F
--
Zufalls-Zitat
--
In der Karibik gibt es Austern, die auf Bäume klettern 
können.
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--

Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005

Re: Problems after update SA 2.64 => 3.0.4

[Theo Van Dinter]

On Tue, Jun 21, 2005 at 03:41:41AM +0200, Jim Knuth wrote:
> I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new
> 2.3.1. When I try spamassassin --lint -D comes:
> 
> warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T

Hrm.  You seem to have some development rule files installed, old ones
at that.  There hasn't been a T_RCVD_IN_IADB_LIST_* file in ages.

I'd find out what files are being read (spamassassin -D), and clean out
the old ones...  You may wish to remove all traces of SA and reinstall
3.0.4 in case there are also perl modules and such which could cause
you problems.

-- 
Randomly Generated Tagline:
Leela: You buy one pound of underwear and you're on their list forever.


pgpAjgCcCxLep.pgp
Description: PGP signature

Re: spamassassin smtp domino exchange passthru

[Theo Van Dinter]

On Tue, Jun 21, 2005 at 11:31:01AM +1000, SSK1 wrote:
> Basically I would like to know if it's possible to have a
> linux/SpamAssassin server receive smtp traffic and then pass it on to
> the passthru/exchange server once checked.
> If it is possible, apart from Spamassassin, what other ingredients do I
> need ? ie qmail ?? etc..

Sure.  I'm a fan of postfix/MailScanner/SpamAssassin.  There's various options
available, I believe a bunch of them are on the wiki.

-- 
Randomly Generated Tagline:
Have an adequate day.


pgpCB8vyMQvni.pgp
Description: PGP signature

Problems after update SA 2.64 => 3.0.4

[Jim Knuth]

Hallo und guten Morgen List,

I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new
2.3.1. When I try spamassassin --lint -D comes:

--snip
warning: description for HTML_SHOUTING4 is over 50 chars
warning: description for CLICK_TO_REMOVE_1 is over 50 chars
warning: description for RCVD_IN_SORBS_SMTP is over 50 chars
warning: description for OFFSHORE_SCAM is over 50 chars
warning: description for FROM_WEBMAIL_END_NUMS6 is over 50 chars
warning: description for DIGEST_MULTIPLE is over 50 chars
warning: description for MIME_BOUND_DIGITS_15 is over 50 chars
warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T
--snap

and so on. I`m "googling" and find this:

--snip
On 2005-01-31 18:21:31 -0800, Robert Menschel wrote:
> warning: description exists for non-existent rule SPF_HELO_PASS
> Isn't this part of 3.0 standard? Is there a problem with your
> installation?

I don't think so; I just don't use the spf plugin.
>
> warning: description for DATE_IN_FUTURE_48_96 is over 50 chars
> Another distribrule, I think. I suspect you're pulling in some pre-3.0
> distrib rules into your 3.0 installation.

No; it's in 30_text_de.cf, 30_text_fr.cf, 30_text_nl.cf and
30_text_pl.cf.
--snap

I`m so confused now. :( How can I fix it? Thank you for help.



-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867
 PGP Fingerprint: 
 54C9 1A46 D3B2 95B6 454D 
 74FA AC73 773E 1F78 066F
--
Zufalls-Zitat
--
Ein Freund ist, wer Dich für gutes Schwimmen lobt, nachdem 
Du beim Segeln gekentert bist. (Werner Schneider)
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--

Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005

spamassassin smtp domino exchange passthru

[SSK1]

Our inbound/outbound SMTP mail is traversing via MessageLabs..
 
Cut a long story stort - I want to bypass messagelabs (costs) and
implement an (in-house) Antispam solution.
 
(domain1.com) I have 12 (W2K/Linux) Domino Servers including the (w2k)
Passthru Server.
(domain2.com) I have 1 2003 exchange server.
 
2 of the above servers receive smtp traffic and forward it to the
users/other servers.
 
Basically I would like to know if it's possible to have a
linux/SpamAssassin server receive smtp traffic and then pass it on to
the passthru/exchange server once checked.
If it is possible, apart from Spamassassin, what other ingredients do I
need ? ie qmail ?? etc..
Any other suggestions would be very much appreciated..
 
 
thanks
 
Shannon

Re: Phishing: My rule and thoughts

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 08:05:32PM -0400, Murty Rompalli wrote:
> Also, I believe PGP signed messages cause a negative score. Can someone
> confirm this one, I am lazy after a long day. I know TRUSTED_HOSTS has a
> negative score to compensate, just dont know if PGP signed carries
> negative score too.

They used to, in 2.5, along with other "nice" rules, which quickly got
forged by spammers, and out the rules came.

-- 
Randomly Generated Tagline:
Double your drive space!  Delete Windows!


pgpCTVYQzn1dc.pgp
Description: PGP signature

Re: Phishing: My rule and thoughts

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 08:01:15PM -0400, Murty Rompalli wrote:
> Thank you for the report but is it fair to run masses for filtering
> phishing emails ?

Sure, why not?  Phish mails are spam.

-- 
Randomly Generated Tagline:
"Special?  Our longest phone conversation is 'Get over here.'" - Ross on ER


pgp29wBuCW4Gf.pgp
Description: PGP signature

Re: Phishing: My rule and thoughts

[Murty Rompalli]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi

I did get this and other replies from list users! My rule does not assign
a score of 5.0 (threshold to call it spam for sure). So, an email can
still get a score of 4.0 from my phish block rule and still go through
unless ofcourse you changed the threshold.

Also, I believe PGP signed messages cause a negative score. Can someone
confirm this one, I am lazy after a long day. I know TRUSTED_HOSTS has a
negative score to compensate, just dont know if PGP signed carries
negative score too.

>
> so this apply to your your own message (and my reply)? I mean your
> message contains all those keywords (since you list them) and insecure
> urls (http://solar.murty.net/...).
>


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCt1nMTjCkEJGBE14RAsUdAKCECgjr/Hd9mwMOlTOfpJyBsJ3E+gCgtC4t
ASUo1GVE4linmE8LkQIN5B8=
=QcGV
-END PGP SIGNATURE-

Re: Phishing: My rule and thoughts

[jdow]

From: "Murty Rompalli" <[EMAIL PROTECTED]>

Quite fair - look at all the ham the rules hit. They are not very
good rules.

{^_^}

> Thank you for the report but is it fair to run masses for filtering
> phishing emails ? Phishing emails are not sent using the same bulk mailing
> software spammers use. Spammers most of the time dont even understand SMTP
> 451 retry but phishermen do. Also, phish doesn't go with spam and ham..its
> seafood for godsake :)
>
> > On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote:
> >> >Here is my custom spamass rule file  to block Phishing emails. Please
> >> note
> >> >that this is aggressive and you may want to lower scores. But I refuse
> >> to
> >> >lower scores for my mail server :)
> >
> > FYI:
> >
> > OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
> >   2721823226 39920.853   0.000.00  (all messages)
> > 100.000  85.3332  14.66680.853   0.000.00  (all messages as %)
> >   1.029   1.1367   0.40080.739   0.793.50  MURTY_PHISHING2
> >  20.450  17.9842  34.79460.341   0.413.00  MURTY_PHISHING1
> >   1.249   0.5339   5.41080.090   0.174.00  MURTY_PHISHING3
>

Re: Phishing: My rule and thoughts

[Murty Rompalli]

Thank you for the report but is it fair to run masses for filtering
phishing emails ? Phishing emails are not sent using the same bulk mailing
software spammers use. Spammers most of the time dont even understand SMTP
451 retry but phishermen do. Also, phish doesn't go with spam and ham..its
seafood for godsake :)

> On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote:
>> >Here is my custom spamass rule file  to block Phishing emails. Please
>> note
>> >that this is aggressive and you may want to lower scores. But I refuse
>> to
>> >lower scores for my mail server :)
>
> FYI:
>
> OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
>   2721823226 39920.853   0.000.00  (all messages)
> 100.000  85.3332  14.66680.853   0.000.00  (all messages as %)
>   1.029   1.1367   0.40080.739   0.793.50  MURTY_PHISHING2
>  20.450  17.9842  34.79460.341   0.413.00  MURTY_PHISHING1
>   1.249   0.5339   5.41080.090   0.174.00  MURTY_PHISHING3

Re: Spamassassin & milter-spamc ...interdependencies?

[Dr Robert Young]

I'll be using the SA 3.0.4 and not the "pre" version. Hopefully that will help.

I'll have to check to see which version of milter-spamc  they are using however. 

I was afraid the the products had to be "built" with version specific libraries, or something similar, that would make a simple "replacement" impossible. 

On Jun 20, 2005, at 2:05 PM, Andy Jezierski wrote:

If you're only upgrading SA, you shouldn't need to make any other changes. Although someone mentioned that milter-spamc didn't seem to work with SA 3.1pre1 but didn't provide any details.  In the past I've upgraded from 2.6x to 3.0x without any problems using milter-spamc 0.25. 

Although on the new machine I'm putting together it won't compile, so I'm switching over to spamass-milter. 

Andy




Dr. Robert Young
ALI Database Consultants 
1151 Williams Dr
Aiken SC 29803
USA

WWW: http://www.aliconsultants.com
Tele: 1-803-648-5931
Toll free in US: 1-866-257-8970 Fax:1-803-641-0345
Email: [EMAIL PROTECTED]
"Source of Rdb Controller, software for database analysis &  performance tuning"

How to get sa-learn the original message of application/ms-tnef email?

[Christian Purnomo]

Hello All.

We have a smarthost running spamassassin in the permiter, this host
relays email for our internal domains to an M$ Exchange server in our
private LAN.   Spamassassin is doing a great job in filtering most
spams.  

I get my MS Exchange users to drop any 'Undetected SPAM' to a folder
which I daily feed to sa-learn on the smarthost.  I can notice a big
difference this makes to the spamassassin filter.  After a time, I
notice an email pattern in this folder that doesn't seem to improve from
time to time.

I did some investigations and concluded that most emails with ms-tnef
have low rate spam detection.  My guess is that because the emails that
I feed to sa-learn is NO LONGER the original email due to ms-tnef.
Below is a sample email from my Undetected Spam folder, as you can see,
the mail body gets modified, hence sa-learn do not get to learn the
original message and this kind of spam pattern just keeps coming in.

I read a bit about ms-tnef on this website 
http://agamemnon.ucs.ed.ac.uk/faq/mstnef.html - I can't get my Exchange
server to receive text only message (instead of rich text/html) due to
internal politic issue, so I'm trying to find a way to get around this
outside the Exchange box.

Has anyone experience this problem before? 

Thanks in advance.





--

[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Encoding: base64, Size: 3.0K --]
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

[-- application/ms-tnef is unsupported (use 'v' to view this part) --]

--

Re[2]: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Robert Menschel]

Hello Ben,

Monday, June 20, 2005, 6:50:46 AM, you wrote:

BH> I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from
BH> 3.1pre.  Has the syntax for whitelist_from_rcvd changed?
BH> Ben

Which version of 70_sare_whitelist.cf? What are the errors?

Yes, the syntax for whitelist_from_rcvd changed (has tightened up
some), but the file that has been published since early June should be
in the new format.

Bob Menschel

Re: possible wish list item

[cjackson]

Justin Mason wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Matt Kettler writes:
 


Craig Jackson wrote:
   


Regarding the report that is made part of the header, instead of a
summary of the email (which makes downloading tiresomely long even on a
high speed connection), I would like to see only the text that tripped
each particular test. Users often want to know what exactly in the email
caused it to be tagged as spam. It would be nice if I could show them in
the header at the workstation, rather than run a test from my
workstation and print it out. If this can already be done, let me know
and I'll figure out how to do it.
 


Currently, that's pretty much impossible to do in spamassassin, and it would be
difficult to do without increasing memory usage.

Right now, SA just maintains a simple hit list when it scans a message. It
doesn't extract the text which matched at all, much less save it where it can be
referenced later.

Quoting the part of the email that caused the rule to trip is particularly
difficult for eval tests, as their code could look at anything or everything.

It's also a little tricky for meta tests which wind up triggering as a cascade
of other rules trip off. (ie: DRUGS_MANYKINDS).

I'd also question who would find such a feature more useful, end users or 
spammers.

Certainly it has some valid uses for end users and non-spammers, but it's
considerably more useful to a spammer. For end users it answers the "why did
this happen" questions, for spammers it provides useful spam-tuning feedback
that makes their spam more effective at evading detection by SA.
   



actually, we do already support it ;)  if you run SpamAssassin 3.1.0 with
- -D, it'll log what parts of the message hit for some of the rules (just
the simple regexp rules, not eval tests).

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCtxlVMJF5cimLx9ARAuUPAJkBtnZG+REM8mVUISHMumdxKmNLlACfbt77
2MhOg5NLA4GBLS9HEaQsxTo=
=y3Gn
-END PGP SIGNATURE-

 

Thanks very much. I am held accountable for mail that is held up on the 
gateway. We have plans to move it on to the primary mail host later, but 
until then I get get the occasional irate user demanding an explanation.

Craig

RE: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Matthew.van.Eerde]

Kai Schaetzl wrote:
> 30_text_de.cf:lang de describe HASHCASH_HIGH Enthält korrekte
> Hashcash-Kennzeichnung (> 25 bits)
> 50_scores.cf:score HASHCASH_HIGH -5.000
> 
> Where's that warning coming from?

Perhaps the ä?

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"

Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Kai Schaetzl]

I installed on CentOS which I have never done before. Everything is okay 
except for one thing. I get

[28414] warn: config: warning: description exists for non-existent rule 
HASHCASH_HIGH

+ 7 ever HASHCASH rule warnings in --lint

all the other output is exactly like on my other non-CentOS systems.

Hashcash is disabled and there's no such rule in /etc/mail/spamassassin. 
grep in /usr/share/spamassassin shows the following output which seems to 
be quite ok:

25_hashcash.cf:header HASHCASH_HIGH  
eval:check_hashcash_value('26', '')
25_hashcash.cf:tflags HASHCASH_HIGH  nice userconf
25_hashcash.cf:describe HASHCASH_HIGHContains valid Hashcash token 
(>25 bits)
30_text_de.cf:lang de describe HASHCASH_HIGH Enthält korrekte 
Hashcash-Kennzeichnung (> 25 bits)
50_scores.cf:score HASHCASH_HIGH -5.000

Where's that warning coming from?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

RE: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Larry Rosenman]

The current one from SARE works fine :) 

And, the latest RDJ has support for all the SARE rules. 

LER
 


-- 
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 3535 Gaspar Drive, Dallas, TX 75220-3611 US

-Original Message-
From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 20, 2005 6:23 PM
To: Ben Hanson
Cc: users@spamassassin.apache.org
Subject: Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

Ben Hanson wrote:
> I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from 
> 3.1pre.  Has the syntax for whitelist_from_rcvd changed?
> Ben

This is due to the comments Bob had at the end of each entry, without a #
before them.

He was going to correct this prior to the 3.1 release.  I believe there is
an updated version that corrects this available.

Daryl

Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Daryl C. W. O'Shea]

Ben Hanson wrote:
I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from 
3.1pre.  Has the syntax for whitelist_from_rcvd changed?

Ben


This is due to the comments Bob had at the end of each entry, without a 
# before them.


He was going to correct this prior to the 3.1 release.  I believe there 
is an updated version that corrects this available.


Daryl

Re: How to block this email??

[Sean Sowell]

Bryan Haase asked Monday, June 20, 2005 0830:

> Does anyone have a rule that will score foreign characters or characters with
the dashes on top?
> Below is example email that is not scoring at all for me.
>
> Thanks
> Bryan
>
>
> >>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>>
>ТР��СБЛОК XXI
>
>
> �аша компани� 
> оказывает 
> юридиче�кие
у�луги в обла�ти 
налогооблажени�:
>
> - Возмещение �ДС
>
> по�ле проведени� 
> правовой 
> �к�пертизы
финан�ово-хоз�й�твенной
 де�тельно�ти В
ашей компании мы 
обе�печиваем 
по�тупление
денег на ваш 
ра�четный �чет.
>
> - Пред�тавитель�тво 
> и защита интере�ов
вашей компании в 
арбитражных �удах и 
�удах
общей юри�дикции, во 
в�ех 
го�удар�твенных
органах, включа� 
налоговые и 
таможенные
органы.
>
> -Реги�траци� 
> предпри�тий 
> различных форм
�об�твенно�ти.
>
> Телефон: 8(926)530-13-94

... [snip] ...

Am rather new to SpamAssassin Bryan, but I hope this helps.  There are two
default SA rules that may help here:

DESCRIPTION OF TEST / TEST NAME / Score
Character set indicates a foreign language / CHARSET_FARAWAY / 3.2
Message written in an undesired language / UNWANTED_LANGUAGE_BODY / 2.8

The points assigned _should_ be showing up.  If they are but the messages are
still getting through, you could bump up the scores in your local.cf file - say
to 4.0 and 3.5.  Then these messages might score above your threshold.

If these rules are not showing up at all, then something else is probably going
on and hopefully somebody with more experience could offer you another solution
...

Anyway, these and the other default SA rules are on the wiki at
http://spamassassin.apache.org/tests_3_0_x.html.

Regards,

Sean Sowell
www.twin-dad.com

Re: SA3.1 spamd userid

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 11:34:26AM -0500, Andy Jezierski wrote:
> I've noticed that when starting up SA 3.1 the main spamd process doesn't 
> change userid's like 3.0.x did.  It stays as root but the child processes 
> do switch over.  Is this normal? 

Yes.  The parent now stays as root so that things like HUP, logging,
etc, can work as expected.  The children, as you say, change over when
they're created.

-- 
Randomly Generated Tagline:
"I sometimes think that they hire guards based on the bone content in their
 heads." - Londo on Babylon 5


pgphNhjd6UYUg.pgp
Description: PGP signature

Re: dynamic IP range and good RBL?

[Matt Kettler]

[EMAIL PROTECTED] wrote:
>>"Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes:
> 
> 
>  Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs?
>  Ryan> Or just the dynamic IPs which fall in spamtrap?
> 
> It includes IP addresses that are not dynamic as well.  It seems to
> make unintelligent guesses as well

Well, ALL RBLs list some IPs that don't fit their criteria. Mislistings are a
fact of life for every RBL operator.

In general I find the SORBS DUL quite accurate, unless your SA trust path is
broken and SA winds up checking source IPs instead of only checking the
delivering relay. (By default you WILL suffer from this problem if you have a
NATed mailserver.)

However, rather than theorizing about how SORBs DUL works, why not just read
their FAQ:

http://www.us.sorbs.net/faq/dul.shtml

In theory, all dynamic IPs will be listed, and all static will be excluded.
Reality is significantly less perfect than theory. However, the FAQ will also
point you in the right direction for fixing errors.

Large ISPs can get an ID to directly register information, end users can submit
information via a web mail form for consideration by the SORBs operators.

Re: dynamic IP range and good RBL?

[jpff]

> "Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes:

 Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs?
 Ryan> Or just the dynamic IPs which fall in spamtrap?

It includes IP addresses that are not dynamic as well.  It seems to
make unintelligent guesses as well

==John ffitch

RE: SA 3.1 SpamdForkScaling.pm Error

[Jason Brunette]

Yeah, I'm seeing that too, see the bug here:

http://bugzilla.spamassassin.org/show_bug.cgi?id=4410

* Jason Brunette ([EMAIL PROTECTED])
* Excel.Net,Inc. - http://www.excel.net/
* (920) 452-0455 - Sheboygan/Plymouth area
* (888) 489-9995 - Other areas, toll-free
  

 



From: Andy Jezierski [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 20, 2005 2:36 PM
To: users@spamassassin.apache.org
Subject: SA 3.1 SpamdForkScaling.pm Error



Doing some testing with 3.1 and ran across this in the log: 

Jun 20 14:30:49 python spamassassin[36101]: syswrite() on closed
filehandle GEN5 at /usr/local/lib/perl5/5.8.6/mach/IO/Handle 
.pm line 451. 
Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value
in concatenation (.) or string at /usr/local/lib/perl5 
/site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. 
Jun 20 14:30:49 python spamassassin[36101]: prefork: write of ping
failed to 36105 fd=:  at /usr/local/lib/perl5/site_perl/5. 
8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. 
Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value
in concatenation (.) or string at /usr/local/lib/perl5 
/site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 115. 
Jun 20 14:30:49 python spamassassin[36101]: prefork: killing failed
child 36105 fd= at /usr/local/lib/perl5/site_perl/5.8.6/M 
ail/SpamAssassin/SpamdForkScaling.pm line 115. 
Jun 20 14:30:49 python spamassassin[36101]: prefork: kill of failed
child 36105 failed: No such process 
Jun 20 14:30:49 python spamassassin[36101]: prefork: killed child 36105
at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssa 
ssin/SpamdForkScaling.pm line 129. 


Andy

SA 3.1 SpamdForkScaling.pm Error

[Andy Jezierski]

Doing some testing with 3.1 and ran
across this in the log:

Jun 20 14:30:49 python spamassassin[36101]:
syswrite() on closed filehandle GEN5 at /usr/local/lib/perl5/5.8.6/mach/IO/Handle
.pm line 451.
Jun 20 14:30:49 python spamassassin[36101]:
Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5
/site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm
line 279.
Jun 20 14:30:49 python spamassassin[36101]:
prefork: write of ping failed to 36105 fd=:  at /usr/local/lib/perl5/site_perl/5.
8.6/Mail/SpamAssassin/SpamdForkScaling.pm
line 279.
Jun 20 14:30:49 python spamassassin[36101]:
Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5
/site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm
line 115.
Jun 20 14:30:49 python spamassassin[36101]:
prefork: killing failed child 36105 fd= at /usr/local/lib/perl5/site_perl/5.8.6/M
ail/SpamAssassin/SpamdForkScaling.pm
line 115.
Jun 20 14:30:49 python spamassassin[36101]:
prefork: kill of failed child 36105 failed: No such process
Jun 20 14:30:49 python spamassassin[36101]:
prefork: killed child 36105 at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssa
ssin/SpamdForkScaling.pm line 129.


Andy

RE: shared SQL DB

[Matthew Yette]

Hey Michael (or anyone else who sees this) - 

I'm in the process of switching over spamd to use mysql instead of flat
files for user preferences - here's my dilemma:

The doc for 2.6 (I'm using 3.04 but in principle I believe it's the
same) makes not of making sure the correct username (email
address/domain?) is passed to spamd, by way of procmailrc. Is this
necessary, even with using the -q directive in the spamd script? I'm
using qmail-scanner to tie this all together, and I haven't been able to
find reference to making sure the mail gets passed through spamc/d when
using the SQL settings. Is this something I have to worry about or is it
as simple as your presentation shows?

Matt

--
Matthew Yette
Senior Engineer - NOC/Operations
MA Polce Consulting, Inc.
[EMAIL PROTECTED]
315-838-1644 (w)
315-356-0597 (f)
AIM/Yahoo: MAPolceNOC
MSN: [EMAIL PROTECTED]

-Original Message-
From: Matthew Yette 
Sent: Tuesday, June 14, 2005 1:23 PM
To: Michael Parker
Cc: users@spamassassin.apache.org
Subject: RE: shared SQL DB


Great stuff. Thank you Michael, I'll let you know how it goes.

--
Matthew Yette
Senior Engineer - NOC/Operations
MA Polce Consulting, Inc.
[EMAIL PROTECTED]
315-838-1644 (w)
315-356-0597 (f)
AIM/Yahoo: MAPolceNOC
MSN: [EMAIL PROTECTED]

-Original Message-
From: Michael Parker [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 14, 2005 1:17 PM
To: Matthew Yette
Cc: users@spamassassin.apache.org
Subject: Re: shared SQL DB


Matthew Yette wrote:

>Care to explain how you've come to set this up? We run an ISP-type
>solution w/  two identical qmail-scanner/SA/clamav servers set up for 
>load-balancing purposes (network edge device decides which server to 
>use at all times). We'd like to consolidate bayes db, auto-whitelist 
>settings, and logs to one location (all mysql db possibly?) so we can 
>generate stats and keep bayes/auto-whitelist lists current on both 
>machines.
>  
>

This should help with the SQL side, at least with SA proper:
http://people.apache.org/~parker/presentations/

For logging, man syslog.  You can send your syslogs to a remote server
and parse them from there.

Michael

Re: possible wish list item

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Matt Kettler writes:
> Craig Jackson wrote:
> > Regarding the report that is made part of the header, instead of a
> > summary of the email (which makes downloading tiresomely long even on a
> > high speed connection), I would like to see only the text that tripped
> > each particular test. Users often want to know what exactly in the email
> > caused it to be tagged as spam. It would be nice if I could show them in
> > the header at the workstation, rather than run a test from my
> > workstation and print it out. If this can already be done, let me know
> > and I'll figure out how to do it.
> 
> Currently, that's pretty much impossible to do in spamassassin, and it would 
> be
> difficult to do without increasing memory usage.
> 
> Right now, SA just maintains a simple hit list when it scans a message. It
> doesn't extract the text which matched at all, much less save it where it can 
> be
> referenced later.
> 
> Quoting the part of the email that caused the rule to trip is particularly
> difficult for eval tests, as their code could look at anything or everything.
> 
> It's also a little tricky for meta tests which wind up triggering as a cascade
> of other rules trip off. (ie: DRUGS_MANYKINDS).
> 
> I'd also question who would find such a feature more useful, end users or 
> spammers.
> 
> Certainly it has some valid uses for end users and non-spammers, but it's
> considerably more useful to a spammer. For end users it answers the "why did
> this happen" questions, for spammers it provides useful spam-tuning feedback
> that makes their spam more effective at evading detection by SA.

actually, we do already support it ;)  if you run SpamAssassin 3.1.0 with
- -D, it'll log what parts of the message hit for some of the rules (just
the simple regexp rules, not eval tests).

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCtxlVMJF5cimLx9ARAuUPAJkBtnZG+REM8mVUISHMumdxKmNLlACfbt77
2MhOg5NLA4GBLS9HEaQsxTo=
=y3Gn
-END PGP SIGNATURE-

Re: possible wish list item

[Matt Kettler]

Craig Jackson wrote:
> Regarding the report that is made part of the header, instead of a
> summary of the email (which makes downloading tiresomely long even on a
> high speed connection), I would like to see only the text that tripped
> each particular test. Users often want to know what exactly in the email
> caused it to be tagged as spam. It would be nice if I could show them in
> the header at the workstation, rather than run a test from my
> workstation and print it out. If this can already be done, let me know
> and I'll figure out how to do it.


Currently, that's pretty much impossible to do in spamassassin, and it would be
difficult to do without increasing memory usage.

Right now, SA just maintains a simple hit list when it scans a message. It
doesn't extract the text which matched at all, much less save it where it can be
referenced later.

Quoting the part of the email that caused the rule to trip is particularly
difficult for eval tests, as their code could look at anything or everything.

It's also a little tricky for meta tests which wind up triggering as a cascade
of other rules trip off. (ie: DRUGS_MANYKINDS).

I'd also question who would find such a feature more useful, end users or 
spammers.

Certainly it has some valid uses for end users and non-spammers, but it's
considerably more useful to a spammer. For end users it answers the "why did
this happen" questions, for spammers it provides useful spam-tuning feedback
that makes their spam more effective at evading detection by SA.

Re: How to block this email??

[Shelley Waltz]

I had good luck eliminating this by using sa-learn.  It took about 15
messages
before the score went high enough to register as spam.

Shelley Waltz

Bryan Haase said:
> Does anyone have a rule that will score foreign characters or characters
> with the dashes on top?
> Below is example email that is not scoring at all for me.
>
> Thanks
> Bryan
>
>
 berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>>
>ТРÐ?Ð?СБЛОК XXI
>
>
> Ð?аша компаниÑ? 
> оказывает 
> юридичеÑ?кие
> уÑ?луги в облаÑ?ти 
> налогооблажениÑ?:
>
> - Возмещение Ð?ДС
>
> поÑ?ле проведениÑ? 
> правовой Ñ?кÑ?пертизы
> финанÑ?ово-хозÑ?йÑ?твенной
>  деÑ?тельноÑ?ти
> Вашей компании мы 
> обеÑ?печиваем
> поÑ?тупление денег на 
> ваш раÑ?четный
> Ñ?чет.
>
> - ПредÑ?тавительÑ?тво и 
> защита интереÑ?ов
> вашей компании в 
> арбитражных Ñ?удах и
> Ñ?удах общей 
> юриÑ?дикции, во вÑ?ех
> гоÑ?ударÑ?твенных 
> органах, включаÑ?
> налоговые и 
> таможенные органы.
>
> -РегиÑ?трациÑ? 
> предприÑ?тий 
> различных форм
> Ñ?обÑ?твенноÑ?ти.
>
> Телефон: 8(926)530-13-94
>
>
> -
>
> This email transmission and any documents, files or previous
>
> email messages attached to it may contain information that is
>
> confidential or legally privileged. If you are not the intended
>
> recipient, you are hereby notified that any disclosure, copying,
>
> printing, distributing or use of this transmission is strictly
>
> prohibited. If you have received this transmission in error,
>
> please immediately notify the sender by telephone or return
>
> email and delete the original transmission and its attachments
>
> without reading or saving in any manner.
>
>
>
> The Evangelical Lutheran Good Samaritan Society.
>
> -
>


{ Shelley Waltz;
  Center for Advanced Biotechnology and Medicine;
  Rutgers University/UMDNJ;
  679 Hoes Lane;
  Piscataway, NJ 08854;
  732 235 3346 }

Problem with 3.1.0pre and Razor

[Rosenbaum, Larry M.]

I have installed SpamAssassin v3.1.0pre on a test system running Solaris
8, Perl 5.8.5, and Razor 2.67.  I got the following message when I lint:


# spamassassin --lint

[15182] warn: razor2: razor2 check failed: No such file or directory
Can't use an undefined value as a SCALAR reference at
/usr/local/lib/perl5/site_perl/5.8.5/sun4-solaris/Razor2/Client/Agent.pm
line 828. at
/usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm
line 317.

I also see this error in the log file when I run spamd.  I have the
following razor entries in local.cf:

use_razor2  1
razor_config  /etc/mail/spamassassin/.razor/razor-agent.conf

Contents of razor-agent.conf:

#
# Razor2 config file
# 
# Autogenerated by Razor-Agents v2.61 
# Mon Sep 13 11:48:50 2004
# Created with all default values 
# 
# see razor-agent.conf(5) man page 
#

debuglevel = 2
identity   = identity
ignorelist = 0
listfile_catalogue = servers.catalogue.lst
listfile_discovery = servers.discovery.lst
listfile_nomination= servers.nomination.lst
logfile= razor-agent.log
logic_method   = 4
min_cf = ac
razorzone  = razor2.cloudmark.com
rediscovery_wait   = 172800
report_headers = 1
sort_by_distance   = 0
turn_off_discovery = 0
use_engines= 4,8
whitelist  = razor-whitelist
razorhome = /etc/mail/spamassassin/.razor/

What do I need to fix?

Larry Rosenbaum
ORNL

Re: Spamassassin & milter-spamc ...interdependencies?

[Andy Jezierski]

Dr Robert Young <[EMAIL PROTECTED]>
wrote on 06/20/2005 12:48:21 PM:

> We are looking at upgrading from V2 to V3 of Spamassassin. The previous

> system person installed milter-spamc to link into sendmail with  the
v2 
> product (v2.6'ish I think).
> 
> Since we are looking at the Spamassassin upgrade, are there any 
> corresponding upgrades "mandatory" for milter ?
> 
> Since the (2) programs "talk" to each other, I want to identify
any 
> dependencies such as specific version number, or if relinking is 
> required in any specific product to take into account any library

> changes "shared" by the various programs
> 

If you're only upgrading SA, you shouldn't need to
make any other changes. Although someone mentioned that milter-spamc didn't
seem to work with SA 3.1pre1 but didn't provide any details.  In the
past I've upgraded from 2.6x to 3.0x without any problems using milter-spamc
0.25.

Although on the new machine I'm putting together it
won't compile, so I'm switching over to spamass-milter.

Andy

Re: Listening on local interface

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 06:17:25PM +0200, Marco Herrn wrote:
> udp  368  0 *:34602 *:*   
>  10608/spamd child   
> udp  368  0 *:34603 *:*   
>  10608/spamd child   
> udp  368  0 *:34604 *:*   
>  10608/spamd child   
> 
> What does that mean? All udp connections listen on the whole internet. Is 
> this a bug? Have I configured spamd incorrectly? 

Those look like DNS queries waiting for a response.  Should be fine, they're
short-lived.

-- 
Randomly Generated Tagline:
"I can please only one person per day.
  Today is not your day.
  Tomorrow isn't looking good either."
 - Dave Morse (DNRC Motto suggestion)


pgpxEpwKENhia.pgp
Description: PGP signature

Re: Listening on local interface

[Matt Kettler]

Marco Herrn wrote:
> Hi, 
> 
> I am using spamd and told it to listen only on the local interface:
> 
> [EMAIL PROTECTED]:~$ ps aux|grep spamd
> root  1764  0.0  3.0 34456 30672 ?   SNs  Jun01   0:00 /usr/bin/perl 
> -T
> -w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir 
> --syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d 
> --pidfile=/var/run/spamd.pid
> 
> A look on netstat shows, that this is indeed correct:
> 
> tcp0  0 127.0.0.1:783   0.0.0.0:* LISTEN 1764/perl
> 

> udp  368  0 *:34604 *:*   
>  10608/spamd child   
> 
> What does that mean? All udp connections listen on the whole internet. Is 
> this a bug? Have I configured spamd incorrectly? 
> 

What plugins are you using? Any chance you've got a SA plugin that does it's own
UDP based communications?

Spamassassin & milter-spamc ...interdependencies?

[Dr Robert Young]

We are looking at upgrading from V2 to V3 of Spamassassin. The previous 
system person installed milter-spamc to link into sendmail with  the v2 
product (v2.6'ish I think).


Since we are looking at the Spamassassin upgrade, are there any 
corresponding upgrades "mandatory" for milter ?


Since the (2) programs "talk" to each other, I want to identify any 
dependencies such as specific version number, or if relinking is 
required in any specific product to take into account any library 
changes "shared" by the various programs





Dr. Robert Young

Re: Problems after recent upgrade

[Jim Hatfield]

On Mon, 20 Jun 2005 11:50:09 +0100, in local.spamassassin you wrote:

>>Jun 20 11:43:18 highland mimedefang-multiplexor[89044]: Slave 1 stderr:
>Failed to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping:
>(Can't call method "bgsend" on an undefined value at
>/usr/local/lib/perl5/site_perl/5.6.2/Mail/SpamAssassin/Dns.pm line 112.

How do I get the dbg() function to output something? I should be able
to find out what's going on here if I can see the output. I presume
that load_resolver somehow is failing to create the resolver object.

Re: Phishing: My rule and thoughts

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 08:29:19AM -0700, Kenneth Porter wrote:
> >OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
> 
> How does one read this chart? (Ideally I'm looking for an answer in the 
> wiki, but I couldn't find one there. I thought it might be in the FAQ or 
> under SubmittingNewRules.) I can guess most of the columns but S/O and Rank 
> have me stumped. How does one generate the chart?

It's the output from hit-frequencies based on the output from mass-check.
There's bits about it in the distro masses directory and under the
"Developer Stuff" section on the Wiki, ala:

http://wiki.apache.org/spamassassin/MassesOverview

Basically you run mass-check over your corpus, using whatever rules you want
(by default, all of them,) then run hit-frequencies to generate the output.
Various people run these nightly to help develop rules, and then we encourage
people to help with the score generation by running mass-check and sending us
the results.

-- 
Randomly Generated Tagline:
Bender: Yeah, well I'm gonna build my own lunar space lander! 
  With blackjack annd Hookers! Actually, forget the space 
  lander, and the blackjack. A forget the whole thing!


pgpeFSqx0ekQq.pgp
Description: PGP signature

Re: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Theo Van Dinter]

On Mon, Jun 20, 2005 at 09:43:05AM +0200, Bart Verwilst wrote:
> Does SA 3.1.0 have support for expiring bayes and AWL data? SA 3.0 just
> keeps filling the mysql databases containing this data endlessly.. My db
> has a couple of million entries now and still growing, and there is no
> way to clean em reliably..

Bayes tokens has had expiry since day 1.  If that's not expiring, you need to
run some debug and find out what's going on.

Bayes seen and AWL do not have expiry, though you should be able to delete the
seen DB now if you want.

-- 
Randomly Generated Tagline:
"I love deadlines.  I like the whooshing sound they make as they fly by."
   - Douglas Adams


pgpBUTAZmOk7G.pgp
Description: PGP signature

Re: How to block this email??

[Joe Zitnik]

I know some of the rules at SARE: http://www.rulesemporium.com/rules.htm are aimed at English only environments, and will score non English e-mail higher.  Look for the .cf files with _eng in the names.>>> "Bryan Haase" <[EMAIL PROTECTED]> 6/20/2005 11:30 AM >>>
Does anyone have a rule that will score foreign characters or characters with the dashes on top?Below is example email that is not scoring at all for me.ThanksBryan>>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>>   ? XXI  ? ??? ?? ? ??? ???:- ?? ??? ? ??  ?? ?-?  ?  ??  ??? ? ?? ??? ? .- ? ? ?? ? ?  ? ??? ? ? ? ? ??, ??  ??? ???, ??? ? ? ?? ??.-??? ??? ?  ?. ???: 8(926)530-13-94

SA3.1 spamd userid

[Andy Jezierski]

I've noticed that when starting up SA 3.1 the main
spamd process doesn't change userid's like 3.0.x did.  It stays as
root but the child processes do switch over.  Is this normal?  

Old box FreeBSD 5.3 
SA 3.0.2
spamd_flags="-m 5 -u spamd -x -d -r ${pidfile}
--max-conn-per-child 10 -A 198.180.157.0/24 -i 172.16.8.24"

sidewinder# ps -aux | grep spamd
spamd      58590 20.2 21.3 54868 40032
 ??  S    10:55AM   0:08.45 spamd child (perl)
spamd      58577  9.9 15.6 54624
29324  ??  DL   10:55AM   0:04.95 spamd child (perl)
spamd      58536  7.9 24.5 61216
46040  ??  S    10:54AM   0:24.17 spamd child
(perl)
spamd      80976  0.0  0.0
50136    0  ??  IWs  -        
0:00.00 /usr/local/bin/spamd -m 5 -u spamd -x -d -r /home/spamd/sp
spamd      58531  0.0  0.0
55160    0  ??  SW   -        
0:00.00 spamd child (perl)
spamd      58535  0.0  0.0
55000    0  ??  SW   -        
0:00.00 spamd child (perl)

New box FreeBSD 5.4
SA 3.1pre1
spamd_flags="-u spamd -x -d --max-conn-per-child=10
-r /var/run/spamd.pid"


python# ps -aux | grep spamd
root       21196  0.0  5.4
60140 56104  ??  Ss   11:04AM   0:02.18 /usr/local/bin/perl
-T -w /usr/local/bin/spamd -u spamd 
spamd      21199  0.0  5.4
60140 56108  ??  I    11:04AM   0:00.00 spamd
child (perl)
spamd      21200  0.0  5.4
60140 56108  ??  I    11:04AM   0:00.00 spamd
child (perl)


Andy

Listening on local interface

[Marco Herrn]

Hi, 

I am using spamd and told it to listen only on the local interface:

[EMAIL PROTECTED]:~$ ps aux|grep spamd
root  1764  0.0  3.0 34456 30672 ?   SNs  Jun01   0:00 /usr/bin/perl -T
-w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir 
--syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d 
--pidfile=/var/run/spamd.pid

A look on netstat shows, that this is indeed correct:

tcp0  0 127.0.0.1:783   0.0.0.0:* LISTEN 1764/perl


But when spamc spawns some children when actually scanning a message those 
listen on the whole internet:

tcp0  0 localhost:spamd *:* LISTEN 
1764/perl   
tcp0  0 localhost:spamd localhost:42346 CLOSE_WAIT 
10608/spamd child   
tcp0  0 localhost:42346 localhost:spamd FIN_WAIT2  
10689/spamc 
tcp0  0 localhost:42336 localhost:spamd TIME_WAIT  
-   
tcp0  0 localhost:42341 localhost:spamd TIME_WAIT  
-   
udp  368  0 *:34591 *:*
10608/spamd child   
udp  368  0 *:34592 *:*
10608/spamd child   
udp  368  0 *:34593 *:*
10608/spamd child   
udp  368  0 *:34594 *:*
10608/spamd child   
udp  368  0 *:34595 *:*
10608/spamd child   
udp  368  0 *:34596 *:*
10608/spamd child   
udp  368  0 *:34597 *:*
10608/spamd child   
udp  368  0 *:34598 *:*
10608/spamd child   
udp  368  0 *:34599 *:*
10608/spamd child   
udp  368  0 *:34600 *:*
10608/spamd child   
udp  368  0 *:34601 *:*
10608/spamd child   
udp  368  0 *:34602 *:*
10608/spamd child   
udp  368  0 *:34603 *:*
10608/spamd child   
udp  368  0 *:34604 *:*
10608/spamd child   

What does that mean? All udp connections listen on the whole internet. Is this 
a bug? Have I configured spamd incorrectly? 

Any hints are appreciated.

Regards
Marco

Re: AWL Question

[Matt Kettler]

First, the AWL isn't a whitelist. Period. It's a score averager.

http://wiki.apache.org/spamassassin/AutoWhitelist



> I have a particular address whitelisted via "spamassassin
> [EMAIL PROTECTED]"

No, that command does not whitelist a sender.

It adds ONE message scored at -100 to the sender's averages. It's intended to
correct minor imbalances in the AWL system, and is not an effective method of
whitelisting email. Any single message score winds up lost in the surf of
averages over time.

If that sender has sent 100 emails, this command only gives them a -1.0
advantage, for example.


> I thought AWL assigns a score of -100;

It does not.

If you want to assign a score of -100 to a particular sender you must use
whitelist_from or whitelist_from_rcvd.

Note that these commands have nothing at all to do with the AWL.

Re: report settings

[Matthew Newton]

On Mon, Jun 20, 2005 at 02:06:11PM +0100, Ron McKeating wrote:
> Is it possible to have a standard setting that does not put a full
> report in the header for normal users, but does for one or 2 selected
> users?

If it is exiscan you are currently using, then I guess you currently
have something like...?

# reject messages over score 10 (don't check if size is too big though)
  deny  message = Sorry, that looks like spam.
condition   = ${if <{$message_size}{1048576}{1}{0}}
spam = nobody:true
condition   = ${if >= {$spam_score_int}{100}{1}{0}}

# add headers to messages that got through the last one
  warn  message  = X-Spam-Score: ($spam_bar) $spam_score\n
   X-Spam-Report: $spam_report
condition   = ${if <{$message_size}{1048576}{1}{0}}

  accept


In which case you could add conditions on the "warn" statement, i.e.

  warn  message   = X-Spam-Score: ($spam_bar) $spam_score\n
X-Spam-Report: $spam_report
condition = ${if <{$message_size}{1048576}{1}{0}}
condition = ${if eq {$sender_address_local_part}{postmaster} \
{yes}{no}}

  warn  message   = X-Spam-Score: ($spam_bar) $spam_score
condition = ${if <{$message_size}{1048576}{1}{0}}
condition = ${if ! eq {$sender_address_local_part}{postmaster} \
{yes}{no}}

(untested) which would add the full report to the postmaster@ address,
but not for everyone else. You could use a file lookup as the condition,
of course.

Matthew


-- 
Matthew Newton <[EMAIL PROTECTED]>

UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom

Re: Scoreproblem: AWL, HTML_MESSAGE = 17

[Matt Kettler]

[EMAIL PROTECTED] wrote:
> Hi! 
>  
> A Mail is identified as spam with a score of 17 but I don't know how and 
> why. It is autowhitelisted and the only other score is from the rule 
> HTML_MESSAGE witch defaults to 0.001 points. 

First, ignore the "white" in "autowhitelist". It's a score averager. It can have
positive scores. In this case, it had a very significant positive score.

Suggested reading on how the AWL really works:

http://wiki.apache.org/spamassassin/AutoWhitelist

http://wiki.apache.org/spamassassin/AwlWrongWay


After all the "identified
> spam" is learned as ham ?! 


The bayes autolearner does not trust the AWL, so it ignores it. The bayes
autolearner saw a message that scores 0.001.

How to block this email??

[Bryan Haase]

Does anyone have a rule that will score foreign characters or characters with 
the dashes on top?
Below is example email that is not scoring at all for me.

Thanks
Bryan


>>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>>
   ТРАНСБЛОК XXI


Наша компания оказывает юридические 
услуги в области налогооблажения:

- Возмещение НДС 

после проведения правовой экспертизы 
финансово-хозяйственной деятельности 
Вашей компании мы обеспечиваем 
поступление денег на ваш расчетный счет.

- Представительство и защита интересов 
вашей компании в арбитражных судах и судах 
общей юрисдикции, во всех государственных 
органах, включая налоговые и таможенные 
органы.

-Регистрация предприятий различных форм 
собственности. 

Телефон: 8(926)530-13-94


-

This email transmission and any documents, files or previous

email messages attached to it may contain information that is

confidential or legally privileged. If you are not the intended

recipient, you are hereby notified that any disclosure, copying,

printing, distributing or use of this transmission is strictly

prohibited. If you have received this transmission in error,

please immediately notify the sender by telephone or return

email and delete the original transmission and its attachments

without reading or saving in any manner.



The Evangelical Lutheran Good Samaritan Society.

-

Re: Phishing: My rule and thoughts

[Kenneth Porter]

--On Sunday, June 19, 2005 8:16 PM -0400 Theo Van Dinter 
<[EMAIL PROTECTED]> wrote:



OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME


How does one read this chart? (Ideally I'm looking for an answer in the 
wiki, but I couldn't find one there. I thought it might be in the FAQ or 
under SubmittingNewRules.) I can guess most of the columns but S/O and Rank 
have me stumped. How does one generate the chart?

Re: SA round-robin in exim ~ BAYES

[Nigel Frankcom]

I've used local MySQL on several SA servers before now (without a
cluster). It worked well. I used the same bayes database to 'seed' all
of the servers so they at least started with the same data.

I didn't notice any huge differences in scores and on the whole it
worked well - if inelegantly.

Nigel

On Mon, 20 Jun 2005 15:13:32 +, Ronan <[EMAIL PROTECTED]> wrote:

>Further to my last post regarding the Mysql Backend to multiple Spamd 
>servers. How much difference would there be if I ran the (in this case ) 
>2 servers on a round robin basis from exim. So over time they would both 
>recieve a fair enough diverse amount of mail to make them practically 
>identical in terms of accuracy for our domain... I dont really need both 
>of them atm as one machine only ever hits .75~.8 load constanly at full 
>throughput.
>Would the MySql option be a better future proof method as i coud just 
>tag servers onto the 'cluster'.
>
>ronan

Re: spamd mem usage

[Matt Kettler]

At 08:18 AM 6/20/2005, Chris Knipe wrote:
Uhm... I'm a bit worried about the below The 5 processes are also 
utilising close to 400MB of my swap space


USER  PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED  TIME COMMAND
spamd7167  0.0 13.5 140664 140020  ??  I 2:03PM   0:03.36 spamd 
child (perl5.8.6)
spamd7162  0.0 12.6 130604 129948  ??  Is2:03PM   0:23.86 
/usr/local/bin/spamd --daemonize --listen-ip=127.0.0.1 --max-children=5 
--max-conn-per-child
spamd7168  0.0 12.6 130604 129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)
spamd7169  0.0 12.6 130604 129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)
spamd7170  0.0 12.6 130604 129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)
spamd7171  0.0 12.6 130604 129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)


This is on FreeBSD 5.4-STABLE, a 3.2GHz system with 1GB Ram SA has 
most of the rules loaded that comes with rules_de_jour.



Do you have bigevil.cf? If so, stop, and delete it ASAP. The author has 
removed this ruleset from the web because people failed to heed his warning 
that it's grown to be very large and uses a lot of RAM.


Next step, remove ALL your RDJ rulesets that are over 64k in filesize, and 
add them back 1 at a time to check their memory impact.


In general, you can't add every ruleset in the universe without paying a 
penalty in memory usage. More rules = more memory consumption.

Re: Bayes learning error

[Matt Kettler]

At 09:52 AM 6/20/2005, Robert Swan wrote:
I am getting an error when I run manual learning “sa-learn –ham” . Has 
anyone seen this before or have a clue how to fix it


debug: bayes: DB_File module not installed, cannot use Bayes



As it says, you need to install DB_File. This is going to be something like 
perl-DB_File-1.2.3.rpm on your RedHat install CD.

Re: report settings

[Ron McKeating]

On Mon, 2005-06-20 at 18:51 +0530, Rakesh wrote:
> Ron McKeating wrote:
> 
> >Is it possible to have a standard setting that does not put a full
> >report in the header for normal users, but does for one or 2 selected
> >users?
> >
> >Ron
> >
> >  
> >
> Are you directly using Spamc or using Amavis or MailScanner or something 
> else as a wrapper. If you are using MailScanner then you can do it, I 
> don't know abt Amavis.
> 
We run spamd and call it from exim.

Ron

> Rakesh
> 
> --
> Netcore Solutions Pvt. Ltd.
> Website:  http://www.netcore.co.in
> Spamtraps: http://cleanmail.netcore.co.in/directory.html
> --
-- 
Ron McKeating
Senior IT Services Specialist
Computing Services
Loughborough University
01509 222329

RE: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Andy Jezierski]

"Larry Rosenman" 
wrote on 06/19/2005 01:46:41 PM:

> Another one you might want to add to that list:
> 
> Crypt::OpenSSL::Bignum
> 
> The pre-req chain for Mail::DomainKeys doesn't req it, but apparently
SA
> 3.1.0pre1 does.
> 
> LER
>  
Yep, ditto here.  This was with the last SVN build though. Crypt::OpenSSL::RSA
version is 0.21

Jun 15 17:05:32 python spamassassin[16041]: Can't
locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: ../lib /usr/local/li
b/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/mach
/usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.6/B
SDPAN /usr/local/lib/perl5/5.8.6/mach /usr/local/lib/perl5/5.8.6)
at /usr/local/lib/perl5/site_perl/5.8.6/mach/Crypt/OpenSSL/
RSA.pm line 29.

Andy

SA round-robin in exim ~ BAYES

[Ronan]

Further to my last post regarding the Mysql Backend to multiple Spamd 
servers. How much difference would there be if I ran the (in this case ) 
2 servers on a round robin basis from exim. So over time they would both 
recieve a fair enough diverse amount of mail to make them practically 
identical in terms of accuracy for our domain... I dont really need both 
of them atm as one machine only ever hits .75~.8 load constanly at full 
throughput.
Would the MySql option be a better future proof method as i coud just 
tag servers onto the 'cluster'.


ronan

RE: Bayes learning error

[Chris Russell]

Hi Robert,
 
 You need to install the DB_File perl module. Do the
following:
 
perl -eshell -MCPAN
install DB_File
 
 
Cheers,
 
Chris
 


From: Robert Swan [mailto:[EMAIL PROTECTED]
Sent: 20 June 2005 14:53To:
users@spamassassin.apache.orgSubject: Bayes learning
error


I am getting an error when I run
manual learning “sa-learn –ham” . Has anyone seen this before or have a clue how
to fix it
 
debug: bayes: DB_File module not
installed, cannot use Bayes
 
 
 I am using Redhat,
spamassassin 3.03 spamd,spamc, postfix
 
 
thanks
 
 
Robert
Swan
 
 
 
 
 
 
 
Peace he would say instead of
goodbyepeace my brother.
 -- This
message has been scanned for viruses and dangerous content by MailScanner, and is believed
to be clean. MailScanner is part of the Email Filtering Service from Nexent
Internet . 

___The contents of this e-mail may be privileged and are confidential.It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way.  Any views or opinionspresented are solely those of the author and do not necessarily represent those of Knowledge Limited.If received in error, please advise the sender, then delete it from your system.___

Bayes learning error

[Robert Swan]

I am getting an error when I run manual learning “sa-learn
–ham” . Has anyone seen this before or have a clue how to fix it

 

debug: bayes: DB_File module not installed, cannot use Bayes

 

 

 I am using Redhat, spamassassin 3.03 spamd,spamc, postfix

 

 

thanks

 

 

Robert Swan

 

 

 

 

 

 

 

Peace he would say instead of goodbyepeace my brother.

 

RE: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Ben Hanson]

I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from 
3.1pre.  Has the syntax for whitelist_from_rcvd changed?

Ben

Re: report settings

[Rakesh]

Ron McKeating wrote:


Is it possible to have a standard setting that does not put a full
report in the header for normal users, but does for one or 2 selected
users?

Ron

 

Are you directly using Spamc or using Amavis or MailScanner or something 
else as a wrapper. If you are using MailScanner then you can do it, I 
don't know abt Amavis.


Rakesh

--
Netcore Solutions Pvt. Ltd.
Website:  http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
--

report settings

[Ron McKeating]

Is it possible to have a standard setting that does not put a full
report in the header for normal users, but does for one or 2 selected
users?

Ron

-- 
Ron McKeating
Senior IT Services Specialist
Computing Services
Loughborough University
01509 222329

Scoreproblem: AWL, HTML_MESSAGE = 17

[joeber]

Hi! 
 
A Mail is identified as spam with a score of 17 but I don't know how and 
why. It is autowhitelisted and the only other score is from the rule 
HTML_MESSAGE witch defaults to 0.001 points. After all the "identified 
spam" is learned as ham ?! 
 
Jun 18 21:01:35 fw spamd[31276]: identified spam (17.3/6.0) for clamav:109 
in 1.2 seconds, 6480 bytes. 
Jun 18 21:01:35 fw spamd[31276]: result: Y 17 - AWL,HTML_MESSAGE 

scantime=1.2,size=6480,mid=<[EMAIL PROTECTED]>,autolearn=ham

 
System is Debian 3.0 with spamassassin-package from backports.org 
SpamAssassin version 3.0.3 running on Perl version 5.6.1 
Spamassassin ist called via qmail-scanner 1.25st 
 
# local.cf 
add_header spam Flag _YESNOCAPS_ 
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_  
autolearn=_AUTOLEARN 
rewrite_header Subject *SPAM* 
lock_method flock 
required_hits 6 
ok_languages de en fr it es 
score UNWANTED_LANGUAGE_BODY 2.8 
 
Tanks for help and hints! 
bye Josef 

-- 
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl

spamd mem usage

[Chris Knipe]

Lo all,
 
Uhm... I'm a bit worried about the below The 5 
processes are also utilising close to 400MB of my swap space 

USER  PID %CPU 
%MEM   VSZ   RSS  TT  STAT 
STARTED  TIME COMMANDspamd    
7167  0.0 13.5 140664 140020  ??  I 
2:03PM   0:03.36 spamd child (perl5.8.6)spamd    
7162  0.0 12.6 130604 129948  ??  Is    
2:03PM   0:23.86 /usr/local/bin/spamd --daemonize 
--listen-ip=127.0.0.1 --max-children=5 
--max-conn-per-childspamd    7168  0.0 12.6 130604 
129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)spamd    7169  0.0 12.6 130604 
129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)spamd    7170  0.0 12.6 130604 
129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)spamd    7171  0.0 12.6 130604 
129948  ??  I 2:03PM   0:00.00 spamd 
child (perl5.8.6)
 
This is on FreeBSD 5.4-STABLE, a 3.2GHz system with 
1GB Ram SA has most of the rules loaded that comes with 
rules_de_jour.
 
This, can't be normal, can it My bayes database 
is also relatively new, it's a new installation, less than 1 day old, and the 
system is not even receiving a heavy mail load either... About 30 to 40 messages 
per hour 
 
Hopefully someone can start me out somewhere as to 
what can be causing this...
 
--
Chris.
 

Re: autolearn=disabled why?

[Bill Taroli]

Theo Van Dinter wrote:


On Fri, Jun 17, 2005 at 01:01:11PM -0500, Kyle Wheeler wrote:
 

Is it disabling the autolearning because it already autolearned it, 
maybe? Or is it disabling the autolearning because of something else 
that might be going wrong?
   



It's disabled because you've disabled it somewhere. :)

This is in the FAQ: http://wiki.apache.org/spamassassin/AutolearningNotWorking
 



I've been very concerned about the autolearn=unavailable, since to me 
this indicates some kind of configuration or environment problem. I 
would prefer that it just say "no" or something a little more germane to 
the situation that this is a catch-all for any possible unknown 
condition: "unknown".


I suppose, like always, the only way to be sure of why it's 
"unavailable" is to spamassassin -D on it. But still some care should be 
taken that the word used is generally meaningful from the perspective of 
a mail admin reading it. "unavailable" can mean something really 
horrible when you're using MySQL... or even Bayes (file perms, etc).


Bill

Problems after recent upgrade

[Jim Hatfield]

After a recent upgrade of MIMEDefang and SpamAssassin I get this:

>Jun 20 11:43:18 highland mimedefang-multiplexor[89044]: Slave 1 stderr: Failed 
>to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping:  (Can't call 
>method "bgsend" on an undefined value at 
>/usr/local/lib/perl5/site_perl/5.6.2/Mail/SpamAssassin/Dns.pm line 112. )

I tried deinstalling and reinstalling everything, including all the
Perl modules, but it remains.

Re: bayes db from SA 3.0.2 to 3.0.4

[jdow]

I suspect you wanted to perform a "sa-learn --sync" first. But I do not
know for sure.
{^_^}
- Original Message - 
From: "Roman Serbski" <[EMAIL PROTECTED]>


Dear colleagues,

Could you please share the correct procedure for moving bayes database
from the server powered by SA 3.0.2 to another server with 3.0.4
installed?

Here is what I did:

1. sa-learn --backup > db.txt (on old server)
2. Transfer of bayes db files from old server to a new one.

cd /var/spool/spamd/.spamassassin/ && ls -al

drwx--  2 spamd  spamd   512 Jun 20 14:46 .
drwxr-xr-x  3 spamd  spamd   512 Feb 20 17:03 ..
-rw---  1 spamd  spamd  3798 Jun 20 14:56 bayes.mutex
-rw-rw-rw-  1 root   spamd 33480 Jun 20 14:56 bayes_journal
-rw---  1 spamd  spamd  10174464 Jun 20 14:56 bayes_seen
-rw-rw-rw-  1 root   spamd   5324800 Jun 20 14:56 bayes_toks
-rw-r--r--  1 spamd  spamd  1175 Jan 30 12:08 user_prefs
-rw-rw-rw-  1 spamd  spamd 65536 Feb 19 17:41 whitelist
-rw---  1 spamd  spamd 6 Feb 19 17:41 whitelist.mutex

3. sa-learn --restore db.txt (on new server)

`spamassassin -D --lint` doesn't show any errors.

Does this procedure look correct?
Thank you for your time!

Roman

bayes db from SA 3.0.2 to 3.0.4

[Roman Serbski]

Dear colleagues,

Could you please share the correct procedure for moving bayes database
from the server powered by SA 3.0.2 to another server with 3.0.4
installed?

Here is what I did:

1. sa-learn --backup > db.txt (on old server)
2. Transfer of bayes db files from old server to a new one.

cd /var/spool/spamd/.spamassassin/ && ls -al

drwx--  2 spamd  spamd   512 Jun 20 14:46 .
drwxr-xr-x  3 spamd  spamd   512 Feb 20 17:03 ..
-rw---  1 spamd  spamd  3798 Jun 20 14:56 bayes.mutex
-rw-rw-rw-  1 root   spamd 33480 Jun 20 14:56 bayes_journal
-rw---  1 spamd  spamd  10174464 Jun 20 14:56 bayes_seen
-rw-rw-rw-  1 root   spamd   5324800 Jun 20 14:56 bayes_toks
-rw-r--r--  1 spamd  spamd  1175 Jan 30 12:08 user_prefs
-rw-rw-rw-  1 spamd  spamd 65536 Feb 19 17:41 whitelist
-rw---  1 spamd  spamd 6 Feb 19 17:41 whitelist.mutex

3. sa-learn --restore db.txt (on new server)

`spamassassin -D --lint` doesn't show any errors.

Does this procedure look correct?
Thank you for your time!

Roman

Re: yet another uribl evasion example

[Nix]

On Mon, 13 Jun 2005, Theo Van Dinter uttered the following:
> On Mon, Jun 13, 2005 at 09:42:35PM +0200, wolfgang wrote:
>> - 3.0.4 appears to bring new challenges (Net::DNS version and such)
> 
> 3.0.4 should be a drop-in replacement for earlier versions.  People seem
> to be having issues if they also upgrade Net::DNS, but there's no
> requirement to do so.

This doesn't seem to be invariably true: I've upgraded Net::DNS to 1.51
on this box (Perl 5.8.5, Linux 2.6.11) and had no problems whatsoever.

Passing strange...

-- 
`It's as bizarre an intrusion as, I don't know, the hobbits coming home
 to find that the Shire has been taken over by gangsta rappers.'

RE: SpamAssassin 3.1.0pre1 PRERELEASE available!

[Bart Verwilst]

Hello,

Does SA 3.1.0 have support for expiring bayes and AWL data? SA 3.0 just
keeps filling the mysql databases containing this data endlessly.. My db
has a couple of million entries now and still growing, and there is no
way to clean em reliably..

Thanks in advance!

--
Bart Verwilst
Linux R&D Engineer
Hostbasket NV