Supported Userpref with MySQL on SA 3.02
Hello All I'm not sure which settings are supported when using userprefs with a mysql db In the sql-readme file from SA i found a restriction: "Note that this will NOT look for test rules, only local scores, whitelist_from(s), required_score, and auto_report_threshold." But in the page from Dallas Engelken http://wiki.apache.org/spamassassin/UsingSQL i saw many other settings, like: [EMAIL PROTECTED] use_razor2 1 [EMAIL PROTECTED] use_bayes 1 [EMAIL PROTECTED] use_pyzor 1 [EMAIL PROTECTED] use_dcc 1 [EMAIL PROTECTED] skip_rbl_checks 0 [EMAIL PROTECTED] ok_languages en [EMAIL PROTECTED] ok_locales en Is there a complete list of all supported settings with sql? Thanks for any help Bruno
SA 3.04 and RHEL4, Net::DNS isn't working
On a brand new RHEL4 installation, I've having problems with Net::DNS: debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.51 debug: trying (3) apache.org... debug: looking up NS for 'apache.org' debug: NS lookup of apache.org failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 Dig is able to find apache.org. I've seen some posts on downgrading Net::DNS, but I can't find explicit instructions on how to do it. I installed it via CPAN inside perl. -- Steve
Re: Phishing: My rule and thoughts
Thank you for the report but is it fair to run masses for filtering phishing emails ? Phishing emails are not sent using the same bulk mailing software spammers use. Spammers most of the time dont even understand SMTP 451 retry but phishermen do. Also, phish doesn't go with spam and ham..its seafood for godsake :) > On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote: >> >Here is my custom spamass rule file to block Phishing emails. Please >> note >> >that this is aggressive and you may want to lower scores. But I refuse >> to >> >lower scores for my mail server :) > Hi Murty, I just believe that you can have legitimate emails where ebay and an unrelated url go together as a very simple case a friend might write he got / is trying to get a product through ebay that is described on some site. There has been a discussion about writing a plugin that could discover visible links vastly different from their urls. However, at least ebay works together with some company that uses ebay.someserver.com style addresses that tend to look like phish at first glance Wolfgang Hamann
Re: Problems after update SA 2.64 => 3.0.4
Theo, I thought the warning on rule name length and description length had either been eliminated to drastically lengthened for non-English rules. Or was this only in the 3.1 stream? I know there was work done on this somewhere. Loren
Re: Problems after update SA 2.64 => 3.0.4
On Tue, Jun 21, 2005 at 06:05:10AM +0200, Jim Knuth wrote: > sorry, but that`s not all. lint has 187 issues detected. Which is > (see attachment warning.txt) The warnings are all covered by my previous message. The description over 50 chars warning is known and apparently unavoidable for German. The non-existent rules should definitely not be in there. > ok. Yes I use the locale for Germany. Can I delete the > language files? You know, I use SA with amavis and the notify > comes from there (not really). ;-) These warnings are, well, just warnings. They do not cause you problems with running SpamAssassin. If you wish, you could change the locale for SpamAssassin to something other than German, but I would just suggest not worrying about this. -- Randomly Generated Tagline: Robot priest: And so we commend Vladimir's remains to the earth: filings to filings, rust to rust. pgpsXNeUPGTPG.pgp Description: PGP signature
Re: Problems after update SA 2.64 => 3.0.4
Hallo und guten Morgen Theo, Heute (am 21.06.2005 - 05:28 Uhr) schriebst Du: > lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste > (www.isipp.com) sorry, but that`s not all. lint has 187 issues detected. Which is (see attachment warning.txt) -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 PGP Fingerprint: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F -- Zufalls-Zitat -- Wenn du siehst, wen einige Mädchen heiraten, weißt du, wie sehr sie es hassen müssen, ihren Lebensunterhalt selbst zu verdienen. (Helen Rowland) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005warning: description for HTML_SHOUTING4 is over 50 chars warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for RCVD_IN_SORBS_SMTP is over 50 chars warning: description for OFFSHORE_SCAM is over 50 chars warning: description for FROM_WEBMAIL_END_NUMS6 is over 50 chars warning: description for DIGEST_MULTIPLE is over 50 chars warning: description for MIME_BOUND_DIGITS_15 is over 50 chars warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T warning: description for MAILTO_SUBJ_REMOVE is over 50 chars warning: description for DRUG_ED_SILD is over 50 chars warning: description for HDR_ORDER_MTSRIX is over 50 chars warning: description for NORMAL_HTTP_TO_IP is over 50 chars warning: description for RCVD_IN_XBL is over 50 chars warning: description for EXCUSE_4 is over 50 chars warning: description for RCVD_IN_MAPS_DUL is over 50 chars warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST warning: description for HTML_SHOUTING5 is over 50 chars warning: description for MAILTO_TO_SPAM_ADDR is over 50 chars warning: description for RCVD_IN_RSL is over 50 chars warning: description for MIME_QP_LONG_LINE is over 50 chars warning: description for HASHCASH_HIGH is over 50 chars warning: description for DATE_IN_FUTURE_96_XX is over 50 chars warning: description for DCC_CHECK is over 50 chars warning: description for X_MSMAIL_PRIORITY_HIGH is over 50 chars warning: description for DATE_IN_FUTURE_48_96 is over 50 chars warning: description for MSGID_OUTLOOK_INVALID is over 50 chars warning: description for DRUGS_ERECTILE_OBFU is over 50 chars warning: description for FORGED_RCVD_HELO is over 50 chars warning: description for MSGID_SPAM_99X9XX99 is over 50 chars warning: description for RATWARE_EGROUPS is over 50 chars warning: description for UPPERCASE_75_100 is over 50 chars warning: description for FORGED_QUALCOMM_TAGS is over 50 chars warning: description for MICRO_CAP_WARNING is over 50 chars warning: description for INVALID_TZ_EST is over 50 chars warning: description for SUBJ_HAS_UNIQ_ID is over 50 chars warning: description for UPPERCASE_25_50 is over 50 chars warning: description for RCVD_HELO_IP_MISMATCH is over 50 chars warning: description for DATE_IN_FUTURE_06_12 is over 50 chars warning: description for HDR_ORDER_TRIMRS is over 50 chars warning: description for RATWARE_OE_MALFORMED is over 50 chars warning: description for EXCUSE_3 is over 50 chars warning: description for RCVD_IN_MAPS_RBL is over 50 chars warning: description for BILL_1618 is over 50 chars warning: description for ALL_TRUSTED is over 50 chars warning: description for HTML_NONELEMENT_30_40 is over 50 chars warning: description for FORGED_THEBAT_HTML is over 50 chars warning: description for RCVD_IN_SORBS_SOCKS is over 50 chars warning: description for MSGID_SPAM_ALPHA_NUM is over 50 chars warning: description for RCVD_IN_SBL is over 50 chars warning: description for RATWARE_HASH_2_V2 is over 50 chars warning: description for ROUND_THE_WORLD is over 50 chars warning: description exists for non-existent rule T_RCVD_IN_CSMA_BL warning: description for RATWARE_GECKO_BUILD is over 50 chars warning: description for MSGID_YAHOO_CAPS is over 50 chars warning: description for MIME_HEADER_CTYPE_ONLY is over 50 chars warning: description for REMOVE_POSTAL is over 50 chars warning: description for RATWARE_RCVD_LC_ESMTP is over 50 chars warning: description for NO_RDNS_DOTCOM_HELO is over 50 chars warning: description for DATE_IN_PAST_12_24 is over 50 chars warning: description for MIME_BOUND_RKFINDY is over 50 chars warning: description for HTTP_CTRL_CHARS_HOST is over 50 chars warning: description for RCVD_IN_SORBS_DUL is over 50 chars warning: description for DATE_IN_FUTURE_12_24 is over 50 chars warning: description for MSGID_SPAM_ZEROES is over 50 chars warning: description for HTML_SHOUTING3 is over 50 chars warning: description for EXCUSE_6 is over 50 chars warning: description for X_ORIG_IP_NOT_IPV4 is over 50 chars warning: description for DRUGS_SLEEP_EREC is over 50 chars warning: description for FORGED_JUNO_RCVD is over 50 chars warning: description for PRIORITY_NO_NAME is over 50 chars warning: description for FROM_HAS_MIXED_NUMS3 is over 50 chars w
Re: Problems after update SA 2.64 => 3.0.4
Hallo und guten Morgen Theo, Heute (am 21.06.2005 - 05:28 Uhr) schriebst Du: > Aha. So there are three things here. First, I misread the warning. > Second, you are running with a locale for Germany, so you get the rule > descriptions from 30_text_de.cf. Third, the rule translations have a > known issue where German, in particular, tend to have long descriptions, > over the 50 character length that lint will alert on. Also, the German > description file seems to include: > lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste > (www.isipp.com) ok. Yes I use the locale for Germany. Can I delete the language files? You know, I use SA with amavis and the notify comes from there (not really). ;-) > I opened up a ticket to clean this up > for a future 3.0.5 release: > http://bugzilla.spamassassin.org/show_bug.cgi?id=4413 Thank you. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 PGP Fingerprint: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F -- Zufalls-Zitat -- Ein richtiger Optimist ist wie ein Dieb: Er nimmt die Dinge zu leicht. (Peter Frankenfeld) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005
Re: Problems after update SA 2.64 => 3.0.4
On Tue, Jun 21, 2005 at 04:59:30AM +0200, Jim Knuth wrote: > >> warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T > > Mmh. wget from > http://www.apache.de/dist/spamassassin/source/Mail-SpamAssassin-3.0.4.tar.gz > I`ts no development. Aha. So there are three things here. First, I misread the warning. Second, you are running with a locale for Germany, so you get the rule descriptions from 30_text_de.cf. Third, the rule translations have a known issue where German, in particular, tend to have long descriptions, over the 50 character length that lint will alert on. Also, the German description file seems to include: lang de describe T_RCVD_IN_IADB_LIST_T Senderechner in IADB-Liste (www.isipp.com) Which it really shouldn't have at all. I opened up a ticket to clean this up for a future 3.0.5 release: http://bugzilla.spamassassin.org/show_bug.cgi?id=4413 However, the length warnings are summed up here: http://bugzilla.spamassassin.org/show_bug.cgi?id=2181 -- Randomly Generated Tagline: Silly rabbit, tricks are for hookers! pgpGKadpJ9EXS.pgp Description: PGP signature
Re: Problems after update SA 2.64 => 3.0.4
Hallo und guten Morgen Theo, Heute (am 21.06.2005 - 04:33 Uhr) schriebst Du: > On Tue, Jun 21, 2005 at 03:41:41AM +0200, Jim Knuth wrote: >> I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new >> 2.3.1. When I try spamassassin --lint -D comes: >> >> warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T > Hrm. You seem to have some development rule files installed, old ones > at that. There hasn't been a T_RCVD_IN_IADB_LIST_* file in ages. Mmh. wget from http://www.apache.de/dist/spamassassin/source/Mail-SpamAssassin-3.0.4.tar.gz I`ts no development. > I'd find out what files are being read (spamassassin -D), and clean out > the old ones... You may wish to remove all traces of SA and reinstall > 3.0.4 in case there are also perl modules and such which could cause > you problems. I`ve new installed, but is the same error. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 PGP Fingerprint: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F -- Zufalls-Zitat -- In der Karibik gibt es Austern, die auf Bäume klettern können. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005
Re: Problems after update SA 2.64 => 3.0.4
On Tue, Jun 21, 2005 at 03:41:41AM +0200, Jim Knuth wrote: > I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new > 2.3.1. When I try spamassassin --lint -D comes: > > warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T Hrm. You seem to have some development rule files installed, old ones at that. There hasn't been a T_RCVD_IN_IADB_LIST_* file in ages. I'd find out what files are being read (spamassassin -D), and clean out the old ones... You may wish to remove all traces of SA and reinstall 3.0.4 in case there are also perl modules and such which could cause you problems. -- Randomly Generated Tagline: Leela: You buy one pound of underwear and you're on their list forever. pgpAjgCcCxLep.pgp Description: PGP signature
Re: spamassassin smtp domino exchange passthru
On Tue, Jun 21, 2005 at 11:31:01AM +1000, SSK1 wrote: > Basically I would like to know if it's possible to have a > linux/SpamAssassin server receive smtp traffic and then pass it on to > the passthru/exchange server once checked. > If it is possible, apart from Spamassassin, what other ingredients do I > need ? ie qmail ?? etc.. Sure. I'm a fan of postfix/MailScanner/SpamAssassin. There's various options available, I believe a bunch of them are on the wiki. -- Randomly Generated Tagline: Have an adequate day. pgpCB8vyMQvni.pgp Description: PGP signature
Problems after update SA 2.64 => 3.0.4
Hallo und guten Morgen List, I`ve updated from SA 2.64 to 3.0.4. I use SA with amavisd-new 2.3.1. When I try spamassassin --lint -D comes: --snip warning: description for HTML_SHOUTING4 is over 50 chars warning: description for CLICK_TO_REMOVE_1 is over 50 chars warning: description for RCVD_IN_SORBS_SMTP is over 50 chars warning: description for OFFSHORE_SCAM is over 50 chars warning: description for FROM_WEBMAIL_END_NUMS6 is over 50 chars warning: description for DIGEST_MULTIPLE is over 50 chars warning: description for MIME_BOUND_DIGITS_15 is over 50 chars warning: description exists for non-existent rule T_RCVD_IN_IADB_LIST_T --snap and so on. I`m "googling" and find this: --snip On 2005-01-31 18:21:31 -0800, Robert Menschel wrote: > warning: description exists for non-existent rule SPF_HELO_PASS > Isn't this part of 3.0 standard? Is there a problem with your > installation? I don't think so; I just don't use the spf plugin. > > warning: description for DATE_IN_FUTURE_48_96 is over 50 chars > Another distribrule, I think. I suspect you're pulling in some pre-3.0 > distrib rules into your 3.0 installation. No; it's in 30_text_de.cf, 30_text_fr.cf, 30_text_nl.cf and 30_text_pl.cf. --snap I`m so confused now. :( How can I fix it? Thank you for help. -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 PGP Fingerprint: 54C9 1A46 D3B2 95B6 454D 74FA AC73 773E 1F78 066F -- Zufalls-Zitat -- Ein Freund ist, wer Dich für gutes Schwimmen lobt, nachdem Du beim Segeln gekentert bist. (Werner Schneider) -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1146 Update 20.06.2005
spamassassin smtp domino exchange passthru
Our inbound/outbound SMTP mail is traversing via MessageLabs.. Cut a long story stort - I want to bypass messagelabs (costs) and implement an (in-house) Antispam solution. (domain1.com) I have 12 (W2K/Linux) Domino Servers including the (w2k) Passthru Server. (domain2.com) I have 1 2003 exchange server. 2 of the above servers receive smtp traffic and forward it to the users/other servers. Basically I would like to know if it's possible to have a linux/SpamAssassin server receive smtp traffic and then pass it on to the passthru/exchange server once checked. If it is possible, apart from Spamassassin, what other ingredients do I need ? ie qmail ?? etc.. Any other suggestions would be very much appreciated.. thanks Shannon
Re: Phishing: My rule and thoughts
On Mon, Jun 20, 2005 at 08:05:32PM -0400, Murty Rompalli wrote: > Also, I believe PGP signed messages cause a negative score. Can someone > confirm this one, I am lazy after a long day. I know TRUSTED_HOSTS has a > negative score to compensate, just dont know if PGP signed carries > negative score too. They used to, in 2.5, along with other "nice" rules, which quickly got forged by spammers, and out the rules came. -- Randomly Generated Tagline: Double your drive space! Delete Windows! pgpCTVYQzn1dc.pgp Description: PGP signature
Re: Phishing: My rule and thoughts
On Mon, Jun 20, 2005 at 08:01:15PM -0400, Murty Rompalli wrote: > Thank you for the report but is it fair to run masses for filtering > phishing emails ? Sure, why not? Phish mails are spam. -- Randomly Generated Tagline: "Special? Our longest phone conversation is 'Get over here.'" - Ross on ER pgp29wBuCW4Gf.pgp Description: PGP signature
Re: Phishing: My rule and thoughts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi I did get this and other replies from list users! My rule does not assign a score of 5.0 (threshold to call it spam for sure). So, an email can still get a score of 4.0 from my phish block rule and still go through unless ofcourse you changed the threshold. Also, I believe PGP signed messages cause a negative score. Can someone confirm this one, I am lazy after a long day. I know TRUSTED_HOSTS has a negative score to compensate, just dont know if PGP signed carries negative score too. > > so this apply to your your own message (and my reply)? I mean your > message contains all those keywords (since you list them) and insecure > urls (http://solar.murty.net/...). > -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCt1nMTjCkEJGBE14RAsUdAKCECgjr/Hd9mwMOlTOfpJyBsJ3E+gCgtC4t ASUo1GVE4linmE8LkQIN5B8= =QcGV -END PGP SIGNATURE-
Re: Phishing: My rule and thoughts
From: "Murty Rompalli" <[EMAIL PROTECTED]> Quite fair - look at all the ham the rules hit. They are not very good rules. {^_^} > Thank you for the report but is it fair to run masses for filtering > phishing emails ? Phishing emails are not sent using the same bulk mailing > software spammers use. Spammers most of the time dont even understand SMTP > 451 retry but phishermen do. Also, phish doesn't go with spam and ham..its > seafood for godsake :) > > > On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote: > >> >Here is my custom spamass rule file to block Phishing emails. Please > >> note > >> >that this is aggressive and you may want to lower scores. But I refuse > >> to > >> >lower scores for my mail server :) > > > > FYI: > > > > OVERALL% SPAM% HAM% S/ORANK SCORE NAME > > 2721823226 39920.853 0.000.00 (all messages) > > 100.000 85.3332 14.66680.853 0.000.00 (all messages as %) > > 1.029 1.1367 0.40080.739 0.793.50 MURTY_PHISHING2 > > 20.450 17.9842 34.79460.341 0.413.00 MURTY_PHISHING1 > > 1.249 0.5339 5.41080.090 0.174.00 MURTY_PHISHING3 >
Re: Phishing: My rule and thoughts
Thank you for the report but is it fair to run masses for filtering phishing emails ? Phishing emails are not sent using the same bulk mailing software spammers use. Spammers most of the time dont even understand SMTP 451 retry but phishermen do. Also, phish doesn't go with spam and ham..its seafood for godsake :) > On Mon, Jun 20, 2005 at 01:58:52AM +0200, mouss wrote: >> >Here is my custom spamass rule file to block Phishing emails. Please >> note >> >that this is aggressive and you may want to lower scores. But I refuse >> to >> >lower scores for my mail server :) > > FYI: > > OVERALL% SPAM% HAM% S/ORANK SCORE NAME > 2721823226 39920.853 0.000.00 (all messages) > 100.000 85.3332 14.66680.853 0.000.00 (all messages as %) > 1.029 1.1367 0.40080.739 0.793.50 MURTY_PHISHING2 > 20.450 17.9842 34.79460.341 0.413.00 MURTY_PHISHING1 > 1.249 0.5339 5.41080.090 0.174.00 MURTY_PHISHING3
Re: Spamassassin & milter-spamc ...interdependencies?
I'll be using the SA 3.0.4 and not the "pre" version. Hopefully that will help. I'll have to check to see which version of milter-spamc they are using however. I was afraid the the products had to be "built" with version specific libraries, or something similar, that would make a simple "replacement" impossible. On Jun 20, 2005, at 2:05 PM, Andy Jezierski wrote: If you're only upgrading SA, you shouldn't need to make any other changes. Although someone mentioned that milter-spamc didn't seem to work with SA 3.1pre1 but didn't provide any details. In the past I've upgraded from 2.6x to 3.0x without any problems using milter-spamc 0.25. Although on the new machine I'm putting together it won't compile, so I'm switching over to spamass-milter. Andy Dr. Robert Young ALI Database Consultants 1151 Williams Dr Aiken SC 29803 USA WWW: http://www.aliconsultants.com Tele: 1-803-648-5931 Toll free in US: 1-866-257-8970 Fax:1-803-641-0345 Email: [EMAIL PROTECTED] "Source of Rdb Controller, software for database analysis & performance tuning"
How to get sa-learn the original message of application/ms-tnef email?
Hello All. We have a smarthost running spamassassin in the permiter, this host relays email for our internal domains to an M$ Exchange server in our private LAN. Spamassassin is doing a great job in filtering most spams. I get my MS Exchange users to drop any 'Undetected SPAM' to a folder which I daily feed to sa-learn on the smarthost. I can notice a big difference this makes to the spamassassin filter. After a time, I notice an email pattern in this folder that doesn't seem to improve from time to time. I did some investigations and concluded that most emails with ms-tnef have low rate spam detection. My guess is that because the emails that I feed to sa-learn is NO LONGER the original email due to ms-tnef. Below is a sample email from my Undetected Spam folder, as you can see, the mail body gets modified, hence sa-learn do not get to learn the original message and this kind of spam pattern just keeps coming in. I read a bit about ms-tnef on this website http://agamemnon.ucs.ed.ac.uk/faq/mstnef.html - I can't get my Exchange server to receive text only message (instead of rich text/html) due to internal politic issue, so I'm trying to find a way to get around this outside the Exchange box. Has anyone experience this problem before? Thanks in advance. -- [-- Attachment #2: winmail.dat --] [-- Type: application/ms-tnef, Encoding: base64, Size: 3.0K --] Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="winmail.dat" [-- application/ms-tnef is unsupported (use 'v' to view this part) --] --
Re[2]: SpamAssassin 3.1.0pre1 PRERELEASE available!
Hello Ben, Monday, June 20, 2005, 6:50:46 AM, you wrote: BH> I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from BH> 3.1pre. Has the syntax for whitelist_from_rcvd changed? BH> Ben Which version of 70_sare_whitelist.cf? What are the errors? Yes, the syntax for whitelist_from_rcvd changed (has tightened up some), but the file that has been published since early June should be in the new format. Bob Menschel
Re: possible wish list item
Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: Craig Jackson wrote: Regarding the report that is made part of the header, instead of a summary of the email (which makes downloading tiresomely long even on a high speed connection), I would like to see only the text that tripped each particular test. Users often want to know what exactly in the email caused it to be tagged as spam. It would be nice if I could show them in the header at the workstation, rather than run a test from my workstation and print it out. If this can already be done, let me know and I'll figure out how to do it. Currently, that's pretty much impossible to do in spamassassin, and it would be difficult to do without increasing memory usage. Right now, SA just maintains a simple hit list when it scans a message. It doesn't extract the text which matched at all, much less save it where it can be referenced later. Quoting the part of the email that caused the rule to trip is particularly difficult for eval tests, as their code could look at anything or everything. It's also a little tricky for meta tests which wind up triggering as a cascade of other rules trip off. (ie: DRUGS_MANYKINDS). I'd also question who would find such a feature more useful, end users or spammers. Certainly it has some valid uses for end users and non-spammers, but it's considerably more useful to a spammer. For end users it answers the "why did this happen" questions, for spammers it provides useful spam-tuning feedback that makes their spam more effective at evading detection by SA. actually, we do already support it ;) if you run SpamAssassin 3.1.0 with - -D, it'll log what parts of the message hit for some of the rules (just the simple regexp rules, not eval tests). - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCtxlVMJF5cimLx9ARAuUPAJkBtnZG+REM8mVUISHMumdxKmNLlACfbt77 2MhOg5NLA4GBLS9HEaQsxTo= =y3Gn -END PGP SIGNATURE- Thanks very much. I am held accountable for mail that is held up on the gateway. We have plans to move it on to the primary mail host later, but until then I get get the occasional irate user demanding an explanation. Craig
RE: SpamAssassin 3.1.0pre1 PRERELEASE available!
Kai Schaetzl wrote: > 30_text_de.cf:lang de describe HASHCASH_HIGH Enthält korrekte > Hashcash-Kennzeichnung (> 25 bits) > 50_scores.cf:score HASHCASH_HIGH -5.000 > > Where's that warning coming from? Perhaps the ä? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
I installed on CentOS which I have never done before. Everything is okay except for one thing. I get [28414] warn: config: warning: description exists for non-existent rule HASHCASH_HIGH + 7 ever HASHCASH rule warnings in --lint all the other output is exactly like on my other non-CentOS systems. Hashcash is disabled and there's no such rule in /etc/mail/spamassassin. grep in /usr/share/spamassassin shows the following output which seems to be quite ok: 25_hashcash.cf:header HASHCASH_HIGH eval:check_hashcash_value('26', '') 25_hashcash.cf:tflags HASHCASH_HIGH nice userconf 25_hashcash.cf:describe HASHCASH_HIGHContains valid Hashcash token (>25 bits) 30_text_de.cf:lang de describe HASHCASH_HIGH Enthält korrekte Hashcash-Kennzeichnung (> 25 bits) 50_scores.cf:score HASHCASH_HIGH -5.000 Where's that warning coming from? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org
RE: SpamAssassin 3.1.0pre1 PRERELEASE available!
The current one from SARE works fine :) And, the latest RDJ has support for all the SARE rules. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 3535 Gaspar Drive, Dallas, TX 75220-3611 US -Original Message- From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 6:23 PM To: Ben Hanson Cc: users@spamassassin.apache.org Subject: Re: SpamAssassin 3.1.0pre1 PRERELEASE available! Ben Hanson wrote: > I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from > 3.1pre. Has the syntax for whitelist_from_rcvd changed? > Ben This is due to the comments Bob had at the end of each entry, without a # before them. He was going to correct this prior to the 3.1 release. I believe there is an updated version that corrects this available. Daryl
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
Ben Hanson wrote: I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from 3.1pre. Has the syntax for whitelist_from_rcvd changed? Ben This is due to the comments Bob had at the end of each entry, without a # before them. He was going to correct this prior to the 3.1 release. I believe there is an updated version that corrects this available. Daryl
Re: How to block this email??
Bryan Haase asked Monday, June 20, 2005 0830: > Does anyone have a rule that will score foreign characters or characters with the dashes on top? > Below is example email that is not scoring at all for me. > > Thanks > Bryan > > > >>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>> >ТР��СБЛОК XXI > > > �аша компани� > оказывает > юридиче�кие у�луги в обла�ти налогооблажени�: > > - Возмещение �ДС > > по�ле проведени� > правовой > �к�пертизы финан�ово-хоз�й�твенной де�тельно�ти В ашей компании мы обе�печиваем по�тупление денег на ваш ра�четный �чет. > > - Пред�тавитель�тво > и защита интере�ов вашей компании в арбитражных �удах и �удах общей юри�дикции, во в�ех го�удар�твенных органах, включа� налоговые и таможенные органы. > > -Реги�траци� > предпри�тий > различных форм �об�твенно�ти. > > Телефон: 8(926)530-13-94 ... [snip] ... Am rather new to SpamAssassin Bryan, but I hope this helps. There are two default SA rules that may help here: DESCRIPTION OF TEST / TEST NAME / Score Character set indicates a foreign language / CHARSET_FARAWAY / 3.2 Message written in an undesired language / UNWANTED_LANGUAGE_BODY / 2.8 The points assigned _should_ be showing up. If they are but the messages are still getting through, you could bump up the scores in your local.cf file - say to 4.0 and 3.5. Then these messages might score above your threshold. If these rules are not showing up at all, then something else is probably going on and hopefully somebody with more experience could offer you another solution ... Anyway, these and the other default SA rules are on the wiki at http://spamassassin.apache.org/tests_3_0_x.html. Regards, Sean Sowell www.twin-dad.com
Re: SA3.1 spamd userid
On Mon, Jun 20, 2005 at 11:34:26AM -0500, Andy Jezierski wrote: > I've noticed that when starting up SA 3.1 the main spamd process doesn't > change userid's like 3.0.x did. It stays as root but the child processes > do switch over. Is this normal? Yes. The parent now stays as root so that things like HUP, logging, etc, can work as expected. The children, as you say, change over when they're created. -- Randomly Generated Tagline: "I sometimes think that they hire guards based on the bone content in their heads." - Londo on Babylon 5 pgphNhjd6UYUg.pgp Description: PGP signature
Re: dynamic IP range and good RBL?
[EMAIL PROTECTED] wrote: >>"Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes: > > > Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? > Ryan> Or just the dynamic IPs which fall in spamtrap? > > It includes IP addresses that are not dynamic as well. It seems to > make unintelligent guesses as well Well, ALL RBLs list some IPs that don't fit their criteria. Mislistings are a fact of life for every RBL operator. In general I find the SORBS DUL quite accurate, unless your SA trust path is broken and SA winds up checking source IPs instead of only checking the delivering relay. (By default you WILL suffer from this problem if you have a NATed mailserver.) However, rather than theorizing about how SORBs DUL works, why not just read their FAQ: http://www.us.sorbs.net/faq/dul.shtml In theory, all dynamic IPs will be listed, and all static will be excluded. Reality is significantly less perfect than theory. However, the FAQ will also point you in the right direction for fixing errors. Large ISPs can get an ID to directly register information, end users can submit information via a web mail form for consideration by the SORBs operators.
Re: dynamic IP range and good RBL?
> "Ryan" == Ryan L Sun <[EMAIL PROTECTED]> writes: Ryan> Does "dul.dnsbl.sorbs.net" list all the dynamic IPs? Ryan> Or just the dynamic IPs which fall in spamtrap? It includes IP addresses that are not dynamic as well. It seems to make unintelligent guesses as well ==John ffitch
RE: SA 3.1 SpamdForkScaling.pm Error
Yeah, I'm seeing that too, see the bug here: http://bugzilla.spamassassin.org/show_bug.cgi?id=4410 * Jason Brunette ([EMAIL PROTECTED]) * Excel.Net,Inc. - http://www.excel.net/ * (920) 452-0455 - Sheboygan/Plymouth area * (888) 489-9995 - Other areas, toll-free From: Andy Jezierski [mailto:[EMAIL PROTECTED] Sent: Monday, June 20, 2005 2:36 PM To: users@spamassassin.apache.org Subject: SA 3.1 SpamdForkScaling.pm Error Doing some testing with 3.1 and ran across this in the log: Jun 20 14:30:49 python spamassassin[36101]: syswrite() on closed filehandle GEN5 at /usr/local/lib/perl5/5.8.6/mach/IO/Handle .pm line 451. Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5 /site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. Jun 20 14:30:49 python spamassassin[36101]: prefork: write of ping failed to 36105 fd=: at /usr/local/lib/perl5/site_perl/5. 8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5 /site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 115. Jun 20 14:30:49 python spamassassin[36101]: prefork: killing failed child 36105 fd= at /usr/local/lib/perl5/site_perl/5.8.6/M ail/SpamAssassin/SpamdForkScaling.pm line 115. Jun 20 14:30:49 python spamassassin[36101]: prefork: kill of failed child 36105 failed: No such process Jun 20 14:30:49 python spamassassin[36101]: prefork: killed child 36105 at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssa ssin/SpamdForkScaling.pm line 129. Andy
SA 3.1 SpamdForkScaling.pm Error
Doing some testing with 3.1 and ran across this in the log: Jun 20 14:30:49 python spamassassin[36101]: syswrite() on closed filehandle GEN5 at /usr/local/lib/perl5/5.8.6/mach/IO/Handle .pm line 451. Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5 /site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. Jun 20 14:30:49 python spamassassin[36101]: prefork: write of ping failed to 36105 fd=: at /usr/local/lib/perl5/site_perl/5. 8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 279. Jun 20 14:30:49 python spamassassin[36101]: Use of uninitialized value in concatenation (.) or string at /usr/local/lib/perl5 /site_perl/5.8.6/Mail/SpamAssassin/SpamdForkScaling.pm line 115. Jun 20 14:30:49 python spamassassin[36101]: prefork: killing failed child 36105 fd= at /usr/local/lib/perl5/site_perl/5.8.6/M ail/SpamAssassin/SpamdForkScaling.pm line 115. Jun 20 14:30:49 python spamassassin[36101]: prefork: kill of failed child 36105 failed: No such process Jun 20 14:30:49 python spamassassin[36101]: prefork: killed child 36105 at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssa ssin/SpamdForkScaling.pm line 129. Andy
RE: shared SQL DB
Hey Michael (or anyone else who sees this) - I'm in the process of switching over spamd to use mysql instead of flat files for user preferences - here's my dilemma: The doc for 2.6 (I'm using 3.04 but in principle I believe it's the same) makes not of making sure the correct username (email address/domain?) is passed to spamd, by way of procmailrc. Is this necessary, even with using the -q directive in the spamd script? I'm using qmail-scanner to tie this all together, and I haven't been able to find reference to making sure the mail gets passed through spamc/d when using the SQL settings. Is this something I have to worry about or is it as simple as your presentation shows? Matt -- Matthew Yette Senior Engineer - NOC/Operations MA Polce Consulting, Inc. [EMAIL PROTECTED] 315-838-1644 (w) 315-356-0597 (f) AIM/Yahoo: MAPolceNOC MSN: [EMAIL PROTECTED] -Original Message- From: Matthew Yette Sent: Tuesday, June 14, 2005 1:23 PM To: Michael Parker Cc: users@spamassassin.apache.org Subject: RE: shared SQL DB Great stuff. Thank you Michael, I'll let you know how it goes. -- Matthew Yette Senior Engineer - NOC/Operations MA Polce Consulting, Inc. [EMAIL PROTECTED] 315-838-1644 (w) 315-356-0597 (f) AIM/Yahoo: MAPolceNOC MSN: [EMAIL PROTECTED] -Original Message- From: Michael Parker [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 1:17 PM To: Matthew Yette Cc: users@spamassassin.apache.org Subject: Re: shared SQL DB Matthew Yette wrote: >Care to explain how you've come to set this up? We run an ISP-type >solution w/ two identical qmail-scanner/SA/clamav servers set up for >load-balancing purposes (network edge device decides which server to >use at all times). We'd like to consolidate bayes db, auto-whitelist >settings, and logs to one location (all mysql db possibly?) so we can >generate stats and keep bayes/auto-whitelist lists current on both >machines. > > This should help with the SQL side, at least with SA proper: http://people.apache.org/~parker/presentations/ For logging, man syslog. You can send your syslogs to a remote server and parse them from there. Michael
Re: possible wish list item
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt Kettler writes: > Craig Jackson wrote: > > Regarding the report that is made part of the header, instead of a > > summary of the email (which makes downloading tiresomely long even on a > > high speed connection), I would like to see only the text that tripped > > each particular test. Users often want to know what exactly in the email > > caused it to be tagged as spam. It would be nice if I could show them in > > the header at the workstation, rather than run a test from my > > workstation and print it out. If this can already be done, let me know > > and I'll figure out how to do it. > > Currently, that's pretty much impossible to do in spamassassin, and it would > be > difficult to do without increasing memory usage. > > Right now, SA just maintains a simple hit list when it scans a message. It > doesn't extract the text which matched at all, much less save it where it can > be > referenced later. > > Quoting the part of the email that caused the rule to trip is particularly > difficult for eval tests, as their code could look at anything or everything. > > It's also a little tricky for meta tests which wind up triggering as a cascade > of other rules trip off. (ie: DRUGS_MANYKINDS). > > I'd also question who would find such a feature more useful, end users or > spammers. > > Certainly it has some valid uses for end users and non-spammers, but it's > considerably more useful to a spammer. For end users it answers the "why did > this happen" questions, for spammers it provides useful spam-tuning feedback > that makes their spam more effective at evading detection by SA. actually, we do already support it ;) if you run SpamAssassin 3.1.0 with - -D, it'll log what parts of the message hit for some of the rules (just the simple regexp rules, not eval tests). - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCtxlVMJF5cimLx9ARAuUPAJkBtnZG+REM8mVUISHMumdxKmNLlACfbt77 2MhOg5NLA4GBLS9HEaQsxTo= =y3Gn -END PGP SIGNATURE-
Re: possible wish list item
Craig Jackson wrote: > Regarding the report that is made part of the header, instead of a > summary of the email (which makes downloading tiresomely long even on a > high speed connection), I would like to see only the text that tripped > each particular test. Users often want to know what exactly in the email > caused it to be tagged as spam. It would be nice if I could show them in > the header at the workstation, rather than run a test from my > workstation and print it out. If this can already be done, let me know > and I'll figure out how to do it. Currently, that's pretty much impossible to do in spamassassin, and it would be difficult to do without increasing memory usage. Right now, SA just maintains a simple hit list when it scans a message. It doesn't extract the text which matched at all, much less save it where it can be referenced later. Quoting the part of the email that caused the rule to trip is particularly difficult for eval tests, as their code could look at anything or everything. It's also a little tricky for meta tests which wind up triggering as a cascade of other rules trip off. (ie: DRUGS_MANYKINDS). I'd also question who would find such a feature more useful, end users or spammers. Certainly it has some valid uses for end users and non-spammers, but it's considerably more useful to a spammer. For end users it answers the "why did this happen" questions, for spammers it provides useful spam-tuning feedback that makes their spam more effective at evading detection by SA.
Re: How to block this email??
I had good luck eliminating this by using sa-learn. It took about 15 messages before the score went high enough to register as spam. Shelley Waltz Bryan Haase said: > Does anyone have a rule that will score foreign characters or characters > with the dashes on top? > Below is example email that is not scoring at all for me. > > Thanks > Bryan > > berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>> >ТРÐ?Ð?СÐÐÐÐ XXI > > > Ð?аÑа компаниÑ? > оказÑÐ²Ð°ÐµÑ > ÑÑидиÑеÑ?кие > ÑÑ?лÑги в облаÑ?Ñи > налогооблажениÑ?: > > - ÐозмеÑение Ð?ÐС > > поÑ?ле пÑоведениÑ? > пÑавовой Ñ?кÑ?пеÑÑÐ¸Ð·Ñ > ÑинанÑ?ово-Ñ Ð¾Ð·Ñ?йÑ?Ñвенной > деÑ?ÑелÑноÑ?Ñи > ÐаÑей компании Ð¼Ñ > обеÑ?пеÑиваем > поÑ?ÑÑпление денег на > Ð²Ð°Ñ ÑаÑ?ÑеÑнÑй > Ñ?ÑеÑ. > > - ÐÑедÑ?ÑавиÑелÑÑ?Ñво и > заÑиÑа инÑеÑеÑ?ов > ваÑей компании в > аÑбиÑÑажнÑÑ Ñ?ÑÐ´Ð°Ñ Ð¸ > Ñ?ÑÐ´Ð°Ñ Ð¾Ð±Ñей > ÑÑиÑ?дикÑии, во вÑ?ÐµÑ > гоÑ?ÑдаÑÑ?ÑвеннÑÑ > оÑÐ³Ð°Ð½Ð°Ñ , вклÑÑаÑ? > налоговÑе и > ÑаможеннÑе оÑганÑ. > > -РегиÑ?ÑÑаÑиÑ? > пÑедпÑиÑ?Ñий > ÑазлиÑнÑÑ ÑоÑм > Ñ?обÑ?ÑвенноÑ?Ñи. > > ТелеÑон: 8(926)530-13-94 > > > - > > This email transmission and any documents, files or previous > > email messages attached to it may contain information that is > > confidential or legally privileged. If you are not the intended > > recipient, you are hereby notified that any disclosure, copying, > > printing, distributing or use of this transmission is strictly > > prohibited. If you have received this transmission in error, > > please immediately notify the sender by telephone or return > > email and delete the original transmission and its attachments > > without reading or saving in any manner. > > > > The Evangelical Lutheran Good Samaritan Society. > > - > { Shelley Waltz; Center for Advanced Biotechnology and Medicine; Rutgers University/UMDNJ; 679 Hoes Lane; Piscataway, NJ 08854; 732 235 3346 }
Problem with 3.1.0pre and Razor
I have installed SpamAssassin v3.1.0pre on a test system running Solaris 8, Perl 5.8.5, and Razor 2.67. I got the following message when I lint: # spamassassin --lint [15182] warn: razor2: razor2 check failed: No such file or directory Can't use an undefined value as a SCALAR reference at /usr/local/lib/perl5/site_perl/5.8.5/sun4-solaris/Razor2/Client/Agent.pm line 828. at /usr/local/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line 317. I also see this error in the log file when I run spamd. I have the following razor entries in local.cf: use_razor2 1 razor_config /etc/mail/spamassassin/.razor/razor-agent.conf Contents of razor-agent.conf: # # Razor2 config file # # Autogenerated by Razor-Agents v2.61 # Mon Sep 13 11:48:50 2004 # Created with all default values # # see razor-agent.conf(5) man page # debuglevel = 2 identity = identity ignorelist = 0 listfile_catalogue = servers.catalogue.lst listfile_discovery = servers.discovery.lst listfile_nomination= servers.nomination.lst logfile= razor-agent.log logic_method = 4 min_cf = ac razorzone = razor2.cloudmark.com rediscovery_wait = 172800 report_headers = 1 sort_by_distance = 0 turn_off_discovery = 0 use_engines= 4,8 whitelist = razor-whitelist razorhome = /etc/mail/spamassassin/.razor/ What do I need to fix? Larry Rosenbaum ORNL
Re: Spamassassin & milter-spamc ...interdependencies?
Dr Robert Young <[EMAIL PROTECTED]> wrote on 06/20/2005 12:48:21 PM: > We are looking at upgrading from V2 to V3 of Spamassassin. The previous > system person installed milter-spamc to link into sendmail with the v2 > product (v2.6'ish I think). > > Since we are looking at the Spamassassin upgrade, are there any > corresponding upgrades "mandatory" for milter ? > > Since the (2) programs "talk" to each other, I want to identify any > dependencies such as specific version number, or if relinking is > required in any specific product to take into account any library > changes "shared" by the various programs > If you're only upgrading SA, you shouldn't need to make any other changes. Although someone mentioned that milter-spamc didn't seem to work with SA 3.1pre1 but didn't provide any details. In the past I've upgraded from 2.6x to 3.0x without any problems using milter-spamc 0.25. Although on the new machine I'm putting together it won't compile, so I'm switching over to spamass-milter. Andy
Re: Listening on local interface
On Mon, Jun 20, 2005 at 06:17:25PM +0200, Marco Herrn wrote: > udp 368 0 *:34602 *:* > 10608/spamd child > udp 368 0 *:34603 *:* > 10608/spamd child > udp 368 0 *:34604 *:* > 10608/spamd child > > What does that mean? All udp connections listen on the whole internet. Is > this a bug? Have I configured spamd incorrectly? Those look like DNS queries waiting for a response. Should be fine, they're short-lived. -- Randomly Generated Tagline: "I can please only one person per day. Today is not your day. Tomorrow isn't looking good either." - Dave Morse (DNRC Motto suggestion) pgpxEpwKENhia.pgp Description: PGP signature
Re: Listening on local interface
Marco Herrn wrote: > Hi, > > I am using spamd and told it to listen only on the local interface: > > [EMAIL PROTECTED]:~$ ps aux|grep spamd > root 1764 0.0 3.0 34456 30672 ? SNs Jun01 0:00 /usr/bin/perl > -T > -w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir > --syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d > --pidfile=/var/run/spamd.pid > > A look on netstat shows, that this is indeed correct: > > tcp0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1764/perl > > udp 368 0 *:34604 *:* > 10608/spamd child > > What does that mean? All udp connections listen on the whole internet. Is > this a bug? Have I configured spamd incorrectly? > What plugins are you using? Any chance you've got a SA plugin that does it's own UDP based communications?
Spamassassin & milter-spamc ...interdependencies?
We are looking at upgrading from V2 to V3 of Spamassassin. The previous system person installed milter-spamc to link into sendmail with the v2 product (v2.6'ish I think). Since we are looking at the Spamassassin upgrade, are there any corresponding upgrades "mandatory" for milter ? Since the (2) programs "talk" to each other, I want to identify any dependencies such as specific version number, or if relinking is required in any specific product to take into account any library changes "shared" by the various programs Dr. Robert Young
Re: Problems after recent upgrade
On Mon, 20 Jun 2005 11:50:09 +0100, in local.spamassassin you wrote: >>Jun 20 11:43:18 highland mimedefang-multiplexor[89044]: Slave 1 stderr: >Failed to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping: >(Can't call method "bgsend" on an undefined value at >/usr/local/lib/perl5/site_perl/5.6.2/Mail/SpamAssassin/Dns.pm line 112. How do I get the dbg() function to output something? I should be able to find out what's going on here if I can see the output. I presume that load_resolver somehow is failing to create the resolver object.
Re: Phishing: My rule and thoughts
On Mon, Jun 20, 2005 at 08:29:19AM -0700, Kenneth Porter wrote: > >OVERALL% SPAM% HAM% S/ORANK SCORE NAME > > How does one read this chart? (Ideally I'm looking for an answer in the > wiki, but I couldn't find one there. I thought it might be in the FAQ or > under SubmittingNewRules.) I can guess most of the columns but S/O and Rank > have me stumped. How does one generate the chart? It's the output from hit-frequencies based on the output from mass-check. There's bits about it in the distro masses directory and under the "Developer Stuff" section on the Wiki, ala: http://wiki.apache.org/spamassassin/MassesOverview Basically you run mass-check over your corpus, using whatever rules you want (by default, all of them,) then run hit-frequencies to generate the output. Various people run these nightly to help develop rules, and then we encourage people to help with the score generation by running mass-check and sending us the results. -- Randomly Generated Tagline: Bender: Yeah, well I'm gonna build my own lunar space lander! With blackjack annd Hookers! Actually, forget the space lander, and the blackjack. A forget the whole thing! pgpeFSqx0ekQq.pgp Description: PGP signature
Re: SpamAssassin 3.1.0pre1 PRERELEASE available!
On Mon, Jun 20, 2005 at 09:43:05AM +0200, Bart Verwilst wrote: > Does SA 3.1.0 have support for expiring bayes and AWL data? SA 3.0 just > keeps filling the mysql databases containing this data endlessly.. My db > has a couple of million entries now and still growing, and there is no > way to clean em reliably.. Bayes tokens has had expiry since day 1. If that's not expiring, you need to run some debug and find out what's going on. Bayes seen and AWL do not have expiry, though you should be able to delete the seen DB now if you want. -- Randomly Generated Tagline: "I love deadlines. I like the whooshing sound they make as they fly by." - Douglas Adams pgpBUTAZmOk7G.pgp Description: PGP signature
Re: How to block this email??
I know some of the rules at SARE: http://www.rulesemporium.com/rules.htm are aimed at English only environments, and will score non English e-mail higher. Look for the .cf files with _eng in the names.>>> "Bryan Haase" <[EMAIL PROTECTED]> 6/20/2005 11:30 AM >>> Does anyone have a rule that will score foreign characters or characters with the dashes on top?Below is example email that is not scoring at all for me.ThanksBryan>>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>> ? XXI ? ??? ?? ? ??? ???:- ?? ??? ? ?? ?? ?-? ? ?? ??? ? ?? ??? ? .- ? ? ?? ? ? ? ??? ? ? ? ? ??, ?? ??? ???, ??? ? ? ?? ??.-??? ??? ? ?. ???: 8(926)530-13-94
SA3.1 spamd userid
I've noticed that when starting up SA 3.1 the main spamd process doesn't change userid's like 3.0.x did. It stays as root but the child processes do switch over. Is this normal? Old box FreeBSD 5.3 SA 3.0.2 spamd_flags="-m 5 -u spamd -x -d -r ${pidfile} --max-conn-per-child 10 -A 198.180.157.0/24 -i 172.16.8.24" sidewinder# ps -aux | grep spamd spamd 58590 20.2 21.3 54868 40032 ?? S 10:55AM 0:08.45 spamd child (perl) spamd 58577 9.9 15.6 54624 29324 ?? DL 10:55AM 0:04.95 spamd child (perl) spamd 58536 7.9 24.5 61216 46040 ?? S 10:54AM 0:24.17 spamd child (perl) spamd 80976 0.0 0.0 50136 0 ?? IWs - 0:00.00 /usr/local/bin/spamd -m 5 -u spamd -x -d -r /home/spamd/sp spamd 58531 0.0 0.0 55160 0 ?? SW - 0:00.00 spamd child (perl) spamd 58535 0.0 0.0 55000 0 ?? SW - 0:00.00 spamd child (perl) New box FreeBSD 5.4 SA 3.1pre1 spamd_flags="-u spamd -x -d --max-conn-per-child=10 -r /var/run/spamd.pid" python# ps -aux | grep spamd root 21196 0.0 5.4 60140 56104 ?? Ss 11:04AM 0:02.18 /usr/local/bin/perl -T -w /usr/local/bin/spamd -u spamd spamd 21199 0.0 5.4 60140 56108 ?? I 11:04AM 0:00.00 spamd child (perl) spamd 21200 0.0 5.4 60140 56108 ?? I 11:04AM 0:00.00 spamd child (perl) Andy
Listening on local interface
Hi, I am using spamd and told it to listen only on the local interface: [EMAIL PROTECTED]:~$ ps aux|grep spamd root 1764 0.0 3.0 34456 30672 ? SNs Jun01 0:00 /usr/bin/perl -T -w /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir --syslog=/var/log/spamd.log -q --debug --listen-ip=127.0.0.1 -d --pidfile=/var/run/spamd.pid A look on netstat shows, that this is indeed correct: tcp0 0 127.0.0.1:783 0.0.0.0:* LISTEN 1764/perl But when spamc spawns some children when actually scanning a message those listen on the whole internet: tcp0 0 localhost:spamd *:* LISTEN 1764/perl tcp0 0 localhost:spamd localhost:42346 CLOSE_WAIT 10608/spamd child tcp0 0 localhost:42346 localhost:spamd FIN_WAIT2 10689/spamc tcp0 0 localhost:42336 localhost:spamd TIME_WAIT - tcp0 0 localhost:42341 localhost:spamd TIME_WAIT - udp 368 0 *:34591 *:* 10608/spamd child udp 368 0 *:34592 *:* 10608/spamd child udp 368 0 *:34593 *:* 10608/spamd child udp 368 0 *:34594 *:* 10608/spamd child udp 368 0 *:34595 *:* 10608/spamd child udp 368 0 *:34596 *:* 10608/spamd child udp 368 0 *:34597 *:* 10608/spamd child udp 368 0 *:34598 *:* 10608/spamd child udp 368 0 *:34599 *:* 10608/spamd child udp 368 0 *:34600 *:* 10608/spamd child udp 368 0 *:34601 *:* 10608/spamd child udp 368 0 *:34602 *:* 10608/spamd child udp 368 0 *:34603 *:* 10608/spamd child udp 368 0 *:34604 *:* 10608/spamd child What does that mean? All udp connections listen on the whole internet. Is this a bug? Have I configured spamd incorrectly? Any hints are appreciated. Regards Marco
Re: AWL Question
First, the AWL isn't a whitelist. Period. It's a score averager. http://wiki.apache.org/spamassassin/AutoWhitelist > I have a particular address whitelisted via "spamassassin > [EMAIL PROTECTED]" No, that command does not whitelist a sender. It adds ONE message scored at -100 to the sender's averages. It's intended to correct minor imbalances in the AWL system, and is not an effective method of whitelisting email. Any single message score winds up lost in the surf of averages over time. If that sender has sent 100 emails, this command only gives them a -1.0 advantage, for example. > I thought AWL assigns a score of -100; It does not. If you want to assign a score of -100 to a particular sender you must use whitelist_from or whitelist_from_rcvd. Note that these commands have nothing at all to do with the AWL.
Re: report settings
On Mon, Jun 20, 2005 at 02:06:11PM +0100, Ron McKeating wrote: > Is it possible to have a standard setting that does not put a full > report in the header for normal users, but does for one or 2 selected > users? If it is exiscan you are currently using, then I guess you currently have something like...? # reject messages over score 10 (don't check if size is too big though) deny message = Sorry, that looks like spam. condition = ${if <{$message_size}{1048576}{1}{0}} spam = nobody:true condition = ${if >= {$spam_score_int}{100}{1}{0}} # add headers to messages that got through the last one warn message = X-Spam-Score: ($spam_bar) $spam_score\n X-Spam-Report: $spam_report condition = ${if <{$message_size}{1048576}{1}{0}} accept In which case you could add conditions on the "warn" statement, i.e. warn message = X-Spam-Score: ($spam_bar) $spam_score\n X-Spam-Report: $spam_report condition = ${if <{$message_size}{1048576}{1}{0}} condition = ${if eq {$sender_address_local_part}{postmaster} \ {yes}{no}} warn message = X-Spam-Score: ($spam_bar) $spam_score condition = ${if <{$message_size}{1048576}{1}{0}} condition = ${if ! eq {$sender_address_local_part}{postmaster} \ {yes}{no}} (untested) which would add the full report to the postmaster@ address, but not for everyone else. You could use a file lookup as the condition, of course. Matthew -- Matthew Newton <[EMAIL PROTECTED]> UNIX and e-mail Systems Administrator, Network Support Section, Computer Centre, University of Leicester, Leicester LE1 7RH, United Kingdom
Re: Scoreproblem: AWL, HTML_MESSAGE = 17
[EMAIL PROTECTED] wrote: > Hi! > > A Mail is identified as spam with a score of 17 but I don't know how and > why. It is autowhitelisted and the only other score is from the rule > HTML_MESSAGE witch defaults to 0.001 points. First, ignore the "white" in "autowhitelist". It's a score averager. It can have positive scores. In this case, it had a very significant positive score. Suggested reading on how the AWL really works: http://wiki.apache.org/spamassassin/AutoWhitelist http://wiki.apache.org/spamassassin/AwlWrongWay After all the "identified > spam" is learned as ham ?! The bayes autolearner does not trust the AWL, so it ignores it. The bayes autolearner saw a message that scores 0.001.
How to block this email??
Does anyone have a rule that will score foreign characters or characters with the dashes on top? Below is example email that is not scoring at all for me. Thanks Bryan >>> berton laurence <[EMAIL PROTECTED]> 6/18/2005 7:52 PM >>> ТРАНСБЛОК XXI Наша компания оказывает юридические услуги в области налогооблажения: - Возмещение НДС после проведения правовой экспертизы финансово-хозяйственной деятельности Вашей компании мы обеспечиваем поступление денег на ваш расчетный счет. - Представительство и защита интересов вашей компании в арбитражных судах и судах общей юрисдикции, во всех государственных органах, включая налоговые и таможенные органы. -Регистрация предприятий различных форм собственности. Телефон: 8(926)530-13-94 - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. -
Re: Phishing: My rule and thoughts
--On Sunday, June 19, 2005 8:16 PM -0400 Theo Van Dinter <[EMAIL PROTECTED]> wrote: OVERALL% SPAM% HAM% S/ORANK SCORE NAME How does one read this chart? (Ideally I'm looking for an answer in the wiki, but I couldn't find one there. I thought it might be in the FAQ or under SubmittingNewRules.) I can guess most of the columns but S/O and Rank have me stumped. How does one generate the chart?
Re: SA round-robin in exim ~ BAYES
I've used local MySQL on several SA servers before now (without a cluster). It worked well. I used the same bayes database to 'seed' all of the servers so they at least started with the same data. I didn't notice any huge differences in scores and on the whole it worked well - if inelegantly. Nigel On Mon, 20 Jun 2005 15:13:32 +, Ronan <[EMAIL PROTECTED]> wrote: >Further to my last post regarding the Mysql Backend to multiple Spamd >servers. How much difference would there be if I ran the (in this case ) >2 servers on a round robin basis from exim. So over time they would both >recieve a fair enough diverse amount of mail to make them practically >identical in terms of accuracy for our domain... I dont really need both >of them atm as one machine only ever hits .75~.8 load constanly at full >throughput. >Would the MySql option be a better future proof method as i coud just >tag servers onto the 'cluster'. > >ronan
Re: spamd mem usage
At 08:18 AM 6/20/2005, Chris Knipe wrote: Uhm... I'm a bit worried about the below The 5 processes are also utilising close to 400MB of my swap space USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND spamd7167 0.0 13.5 140664 140020 ?? I 2:03PM 0:03.36 spamd child (perl5.8.6) spamd7162 0.0 12.6 130604 129948 ?? Is2:03PM 0:23.86 /usr/local/bin/spamd --daemonize --listen-ip=127.0.0.1 --max-children=5 --max-conn-per-child spamd7168 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6) spamd7169 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6) spamd7170 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6) spamd7171 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6) This is on FreeBSD 5.4-STABLE, a 3.2GHz system with 1GB Ram SA has most of the rules loaded that comes with rules_de_jour. Do you have bigevil.cf? If so, stop, and delete it ASAP. The author has removed this ruleset from the web because people failed to heed his warning that it's grown to be very large and uses a lot of RAM. Next step, remove ALL your RDJ rulesets that are over 64k in filesize, and add them back 1 at a time to check their memory impact. In general, you can't add every ruleset in the universe without paying a penalty in memory usage. More rules = more memory consumption.
Re: Bayes learning error
At 09:52 AM 6/20/2005, Robert Swan wrote: I am getting an error when I run manual learning sa-learn ham . Has anyone seen this before or have a clue how to fix it debug: bayes: DB_File module not installed, cannot use Bayes As it says, you need to install DB_File. This is going to be something like perl-DB_File-1.2.3.rpm on your RedHat install CD.
Re: report settings
On Mon, 2005-06-20 at 18:51 +0530, Rakesh wrote: > Ron McKeating wrote: > > >Is it possible to have a standard setting that does not put a full > >report in the header for normal users, but does for one or 2 selected > >users? > > > >Ron > > > > > > > Are you directly using Spamc or using Amavis or MailScanner or something > else as a wrapper. If you are using MailScanner then you can do it, I > don't know abt Amavis. > We run spamd and call it from exim. Ron > Rakesh > > -- > Netcore Solutions Pvt. Ltd. > Website: http://www.netcore.co.in > Spamtraps: http://cleanmail.netcore.co.in/directory.html > -- -- Ron McKeating Senior IT Services Specialist Computing Services Loughborough University 01509 222329
RE: SpamAssassin 3.1.0pre1 PRERELEASE available!
"Larry Rosenman" wrote on 06/19/2005 01:46:41 PM: > Another one you might want to add to that list: > > Crypt::OpenSSL::Bignum > > The pre-req chain for Mail::DomainKeys doesn't req it, but apparently SA > 3.1.0pre1 does. > > LER > Yep, ditto here. This was with the last SVN build though. Crypt::OpenSSL::RSA version is 0.21 Jun 15 17:05:32 python spamassassin[16041]: Can't locate Crypt/OpenSSL/Bignum.pm in @INC (@INC contains: ../lib /usr/local/li b/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/mach /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.6/B SDPAN /usr/local/lib/perl5/5.8.6/mach /usr/local/lib/perl5/5.8.6) at /usr/local/lib/perl5/site_perl/5.8.6/mach/Crypt/OpenSSL/ RSA.pm line 29. Andy
SA round-robin in exim ~ BAYES
Further to my last post regarding the Mysql Backend to multiple Spamd servers. How much difference would there be if I ran the (in this case ) 2 servers on a round robin basis from exim. So over time they would both recieve a fair enough diverse amount of mail to make them practically identical in terms of accuracy for our domain... I dont really need both of them atm as one machine only ever hits .75~.8 load constanly at full throughput. Would the MySql option be a better future proof method as i coud just tag servers onto the 'cluster'. ronan
RE: Bayes learning error
Hi Robert, You need to install the DB_File perl module. Do the following: perl -eshell -MCPAN install DB_File Cheers, Chris From: Robert Swan [mailto:[EMAIL PROTECTED] Sent: 20 June 2005 14:53To: users@spamassassin.apache.orgSubject: Bayes learning error I am getting an error when I run manual learning “sa-learn –ham” . Has anyone seen this before or have a clue how to fix it debug: bayes: DB_File module not installed, cannot use Bayes I am using Redhat, spamassassin 3.03 spamd,spamc, postfix thanks Robert Swan Peace he would say instead of goodbyepeace my brother. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner is part of the Email Filtering Service from Nexent Internet . ___The contents of this e-mail may be privileged and are confidential.It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinionspresented are solely those of the author and do not necessarily represent those of Knowledge Limited.If received in error, please advise the sender, then delete it from your system.___
Bayes learning error
I am getting an error when I run manual learning “sa-learn –ham” . Has anyone seen this before or have a clue how to fix it debug: bayes: DB_File module not installed, cannot use Bayes I am using Redhat, spamassassin 3.03 spamd,spamc, postfix thanks Robert Swan Peace he would say instead of goodbyepeace my brother.
RE: SpamAssassin 3.1.0pre1 PRERELEASE available!
I get 139 "errors" regarding the 70_sare_whitelist.cf entries. from 3.1pre. Has the syntax for whitelist_from_rcvd changed? Ben
Re: report settings
Ron McKeating wrote: Is it possible to have a standard setting that does not put a full report in the header for normal users, but does for one or 2 selected users? Ron Are you directly using Spamc or using Amavis or MailScanner or something else as a wrapper. If you are using MailScanner then you can do it, I don't know abt Amavis. Rakesh -- Netcore Solutions Pvt. Ltd. Website: http://www.netcore.co.in Spamtraps: http://cleanmail.netcore.co.in/directory.html --
report settings
Is it possible to have a standard setting that does not put a full report in the header for normal users, but does for one or 2 selected users? Ron -- Ron McKeating Senior IT Services Specialist Computing Services Loughborough University 01509 222329
Scoreproblem: AWL, HTML_MESSAGE = 17
Hi! A Mail is identified as spam with a score of 17 but I don't know how and why. It is autowhitelisted and the only other score is from the rule HTML_MESSAGE witch defaults to 0.001 points. After all the "identified spam" is learned as ham ?! Jun 18 21:01:35 fw spamd[31276]: identified spam (17.3/6.0) for clamav:109 in 1.2 seconds, 6480 bytes. Jun 18 21:01:35 fw spamd[31276]: result: Y 17 - AWL,HTML_MESSAGE scantime=1.2,size=6480,mid=<[EMAIL PROTECTED]>,autolearn=ham System is Debian 3.0 with spamassassin-package from backports.org SpamAssassin version 3.0.3 running on Perl version 5.6.1 Spamassassin ist called via qmail-scanner 1.25st # local.cf add_header spam Flag _YESNOCAPS_ add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN rewrite_header Subject *SPAM* lock_method flock required_hits 6 ok_languages de en fr it es score UNWANTED_LANGUAGE_BODY 2.8 Tanks for help and hints! bye Josef -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
spamd mem usage
Lo all, Uhm... I'm a bit worried about the below The 5 processes are also utilising close to 400MB of my swap space USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMANDspamd 7167 0.0 13.5 140664 140020 ?? I 2:03PM 0:03.36 spamd child (perl5.8.6)spamd 7162 0.0 12.6 130604 129948 ?? Is 2:03PM 0:23.86 /usr/local/bin/spamd --daemonize --listen-ip=127.0.0.1 --max-children=5 --max-conn-per-childspamd 7168 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6)spamd 7169 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6)spamd 7170 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6)spamd 7171 0.0 12.6 130604 129948 ?? I 2:03PM 0:00.00 spamd child (perl5.8.6) This is on FreeBSD 5.4-STABLE, a 3.2GHz system with 1GB Ram SA has most of the rules loaded that comes with rules_de_jour. This, can't be normal, can it My bayes database is also relatively new, it's a new installation, less than 1 day old, and the system is not even receiving a heavy mail load either... About 30 to 40 messages per hour Hopefully someone can start me out somewhere as to what can be causing this... -- Chris.
Re: autolearn=disabled why?
Theo Van Dinter wrote: On Fri, Jun 17, 2005 at 01:01:11PM -0500, Kyle Wheeler wrote: Is it disabling the autolearning because it already autolearned it, maybe? Or is it disabling the autolearning because of something else that might be going wrong? It's disabled because you've disabled it somewhere. :) This is in the FAQ: http://wiki.apache.org/spamassassin/AutolearningNotWorking I've been very concerned about the autolearn=unavailable, since to me this indicates some kind of configuration or environment problem. I would prefer that it just say "no" or something a little more germane to the situation that this is a catch-all for any possible unknown condition: "unknown". I suppose, like always, the only way to be sure of why it's "unavailable" is to spamassassin -D on it. But still some care should be taken that the word used is generally meaningful from the perspective of a mail admin reading it. "unavailable" can mean something really horrible when you're using MySQL... or even Bayes (file perms, etc). Bill
Problems after recent upgrade
After a recent upgrade of MIMEDefang and SpamAssassin I get this: >Jun 20 11:43:18 highland mimedefang-multiplexor[89044]: Slave 1 stderr: Failed >to run DNS_FROM_AHBL_RHSBL RBL SpamAssassin test, skipping: (Can't call >method "bgsend" on an undefined value at >/usr/local/lib/perl5/site_perl/5.6.2/Mail/SpamAssassin/Dns.pm line 112. ) I tried deinstalling and reinstalling everything, including all the Perl modules, but it remains.
Re: bayes db from SA 3.0.2 to 3.0.4
I suspect you wanted to perform a "sa-learn --sync" first. But I do not know for sure. {^_^} - Original Message - From: "Roman Serbski" <[EMAIL PROTECTED]> Dear colleagues, Could you please share the correct procedure for moving bayes database from the server powered by SA 3.0.2 to another server with 3.0.4 installed? Here is what I did: 1. sa-learn --backup > db.txt (on old server) 2. Transfer of bayes db files from old server to a new one. cd /var/spool/spamd/.spamassassin/ && ls -al drwx-- 2 spamd spamd 512 Jun 20 14:46 . drwxr-xr-x 3 spamd spamd 512 Feb 20 17:03 .. -rw--- 1 spamd spamd 3798 Jun 20 14:56 bayes.mutex -rw-rw-rw- 1 root spamd 33480 Jun 20 14:56 bayes_journal -rw--- 1 spamd spamd 10174464 Jun 20 14:56 bayes_seen -rw-rw-rw- 1 root spamd 5324800 Jun 20 14:56 bayes_toks -rw-r--r-- 1 spamd spamd 1175 Jan 30 12:08 user_prefs -rw-rw-rw- 1 spamd spamd 65536 Feb 19 17:41 whitelist -rw--- 1 spamd spamd 6 Feb 19 17:41 whitelist.mutex 3. sa-learn --restore db.txt (on new server) `spamassassin -D --lint` doesn't show any errors. Does this procedure look correct? Thank you for your time! Roman
bayes db from SA 3.0.2 to 3.0.4
Dear colleagues, Could you please share the correct procedure for moving bayes database from the server powered by SA 3.0.2 to another server with 3.0.4 installed? Here is what I did: 1. sa-learn --backup > db.txt (on old server) 2. Transfer of bayes db files from old server to a new one. cd /var/spool/spamd/.spamassassin/ && ls -al drwx-- 2 spamd spamd 512 Jun 20 14:46 . drwxr-xr-x 3 spamd spamd 512 Feb 20 17:03 .. -rw--- 1 spamd spamd 3798 Jun 20 14:56 bayes.mutex -rw-rw-rw- 1 root spamd 33480 Jun 20 14:56 bayes_journal -rw--- 1 spamd spamd 10174464 Jun 20 14:56 bayes_seen -rw-rw-rw- 1 root spamd 5324800 Jun 20 14:56 bayes_toks -rw-r--r-- 1 spamd spamd 1175 Jan 30 12:08 user_prefs -rw-rw-rw- 1 spamd spamd 65536 Feb 19 17:41 whitelist -rw--- 1 spamd spamd 6 Feb 19 17:41 whitelist.mutex 3. sa-learn --restore db.txt (on new server) `spamassassin -D --lint` doesn't show any errors. Does this procedure look correct? Thank you for your time! Roman
Re: yet another uribl evasion example
On Mon, 13 Jun 2005, Theo Van Dinter uttered the following: > On Mon, Jun 13, 2005 at 09:42:35PM +0200, wolfgang wrote: >> - 3.0.4 appears to bring new challenges (Net::DNS version and such) > > 3.0.4 should be a drop-in replacement for earlier versions. People seem > to be having issues if they also upgrade Net::DNS, but there's no > requirement to do so. This doesn't seem to be invariably true: I've upgraded Net::DNS to 1.51 on this box (Perl 5.8.5, Linux 2.6.11) and had no problems whatsoever. Passing strange... -- `It's as bizarre an intrusion as, I don't know, the hobbits coming home to find that the Shire has been taken over by gangsta rappers.'
RE: SpamAssassin 3.1.0pre1 PRERELEASE available!
Hello, Does SA 3.1.0 have support for expiring bayes and AWL data? SA 3.0 just keeps filling the mysql databases containing this data endlessly.. My db has a couple of million entries now and still growing, and there is no way to clean em reliably.. Thanks in advance! -- Bart Verwilst Linux R&D Engineer Hostbasket NV