Re: Removing message/rfc822 attachments to separate files
Herb Martin wrote on Tue, 26 Jul 2005 21:21:25 -0500: When forwarding a batch of missed spam (or ham) from Outlook back to SpamAssassin the best way seems to be for our users to select more than a single message, and use the menu: Action-Forward which puts them all in as attachments. I guess this adds only the message bodies? Just want to remmember you that Bayes uses header tokens as well. If you can you should train with headers included. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
Re: spamd blank lines after syslog entries
Steve Martin wrote on Tue, 26 Jul 2005 19:31:07 -0500: (MacOS X 10.4.2). could it be something specific to the Mac or this Syslog version on this OS X version? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
Re: SARE Whitelist candidate
Hello jdow, Tuesday, July 26, 2005, 3:03:23 PM, you wrote: j whitelist_from_rcvd [EMAIL PROTECTED] fidelity2.m0.net j Fidelity Investment's Newsletters Got it. Thanks. Will validate, and then publish shortly. Bob Menschel
Re: spamd blank lines after syslog entries
That is my best guess at this point. On Jul 27, 2005, at 4:31 AM, Kai Schaetzl wrote: Steve Martin wrote on Tue, 26 Jul 2005 19:31:07 -0500: (MacOS X 10.4.2). could it be something specific to the Mac or this Syslog version on this OS X version? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Centerhttp://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
RE: New open http redirector?
Chris Santerre wrote: If they want ad tracking they can simply use gifs. ? Clarify please. I need ad tracking... I've been keeping a database of URLs and passing IDs to the redirection page, so it won't redirect to unauthorized URLs. But I don't understand your use gifs method? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
Re: Correct use of 'spamassassin --report'?
At 01:55 AM 7/27/2005, James Bucanek wrote: I just upgraded my SA system and installed Razor. I have two e-mail addresses set up for spam and ham reporting. Both are sent to an mbox that is, twice an hour, shipped off to a script that runs sa-learn. When I installed Razor I modified the script to send the same messages to razor-report too. Later, I read that one shouldn't do that because it sends Razor the messages with the SpamAssassin headers. One should use 'spamassassin --report' instead. If your spamassassin markup is headers-only it's fine. Razor does NOT care about headers at all. However, if you're using sa in a way that encapsulates spam, then you'll want to use spamassassin --report. This is supposed to update the Bayes DB, strip the SA headers, and report it to Razor sans headers all with a single command. Apparently, I'm not doing it right. But when I run 'spamassassin --debug --report --mbox queued_spam.mbox' I get a bunch of suspicious messages, which makes me think it isn't working right at all: Of course it isn't. spamassassin does not support --mbox, only sa-learn does. spamassassin only accepts single-message rfc-822 format.
Re: Please test sc2.surbl.org (and xs.surbl.org)
Some stats from one of our SA servers. After about two days we had: 9076 SURBL hits 5373 SC2 hits 4813 SC hits 1148 SC2 hits that did not also hit SC 588 SC hits that did not also hit SC2 3701 XS hits 1890 SC2 hits that did not hit XS 218 XS hits that did not hit SC2 So it looks like sc2 hit about 10% more messages than SC. Of the other lists: 7779 JP 6781 OB 5798 WS 4691 AB 7 PH This is without analysis of FPs. Would be very interested to hear how these new lists test out SpamAssassin corpora, or any other corpora or mail servers for that matter. Jeff C. -- Don't harm innocent bystanders.
Re: SARE Whitelist candidate
jdow [EMAIL PROTECTED] wrote on 07/26/2005 05:03:23 PM: whitelist_from_rcvd [EMAIL PROTECTED] fidelity2.m0.net Fidelity Investment's Newsletters {^_^} Didn't know there was a SARE whitelist. Here's another Fidelity E-Mail address we whitelist: [EMAIL PROTECTED] Andy
RE: New open http redirector?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 10:05 AM To: users@spamassassin.apache.org Subject: RE: New open http redirector? Chris Santerre wrote: If they want ad tracking they can simply use gifs. ? Clarify please. I need ad tracking... I've been keeping a database of URLs and passing IDs to the redirection page, so it won't redirect to unauthorized URLs. But I don't understand your use gifs method? Just do a google for 'gif tracking' or 'invisible gifs' or whatever. --Chris
RE: generating rule stats from spamd logs
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 26, 2005 7:15 PM To: jdow Cc: users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jdow writes: From: Chris Santerre [EMAIL PROTECTED] Do you mean this script? http://www.rulesemporium.com/programs/sa-stats.txt Note: It may be named the same as sa-stats.pl, but it is different. Per rule based. Another Dallas miracle! Oh? Er, how does it determine if a message was ham or spam? It looks like it is rather random based on the reports. BAYES_99 may well hit on 84.33% of spam. But I doubt, given it's score, it hits on 44.53% of ham. BTW, it might be quite helpful to rename that script, since there's already an sa-stats.pl in the 'tools' dir -- as follows: NAME sa-stats.pl - Builds received spam/ham report from mail log Yeah, we know. It was originaly only used internaly by SARE. But why not share the love :) I'll see about renaming it. sare-stats.pl ? --Chris
Re: Correct use of 'spamassassin --report'?
Matt Kettler wrote on Wednesday, July 27, 2005: At 01:55 AM 7/27/2005, James Bucanek wrote: I just upgraded my SA system and installed Razor. I have two e-mail addresses set up for spam and ham reporting. Both are sent to an mbox that is, twice an hour, shipped off to a script that runs sa-learn. When I installed Razor I modified the script to send the same messages to razor-report too. Later, I read that one shouldn't do that because it sends Razor the messages with the SpamAssassin headers. One should use 'spamassassin --report' instead. If your spamassassin markup is headers-only it's fine. Razor does NOT care about headers at all. However, if you're using sa in a way that encapsulates spam, then you'll want to use spamassassin --report. No, I'm not encapsulating the spam. I've written some scripts which redirect the messages, unchanged, to the spam/ham reporting address. So it look like I can just go back to using sa-learn and razor-report. Thanks. This is supposed to update the Bayes DB, strip the SA headers, and report it to Razor sans headers all with a single command. Apparently, I'm not doing it right. But when I run 'spamassassin --debug --report --mbox queued_spam.mbox' I get a bunch of suspicious messages, which makes me think it isn't working right at all: Of course it isn't. spamassassin does not support --mbox, only sa-learn does. spamassassin only accepts single-message rfc-822 format. Then what does the --mbox switch do? twilightandbarking:~ james$ spamassassin --help SpamAssassin version 3.0.4 running on Perl version 5.8.1 For more information read the spamassassin man page. Usage: spamassassin [options] [ *mailmessage* | *path* ... ] spamassassin -d [ *mailmessage* | *path* ... ] spamassassin -r [ *mailmessage* | *path* ... ] spamassassin -k [ *mailmessage* | *path* ... ] spamassassin -W|-R [ *mailmessage* | *path* ... ] Options: clip --mboxread in messages in mbox format --mbx read in messages in UW mbx format clip -D, --debug [area=n,...] Print debugging messages -V, --version Print version -h, --helpPrint usage message -- James Bucanek mailto:[EMAIL PROTECTED]
Russian way of fighting spam
http://mosnews.com/news/2005/07/25/spammerdead.shtml Russias Biggest Spammer Brutally Murdered in ApartmentVardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head.Kushnir, 35, headed the English learning centers the Center for American English, the New York English Centre and the Centre for Spoken English, all known to have aggressive Internet advertising policies in which millions of e-mails were sent every day.In the past angry Internet users have targeted the American English centre by publishing the Centers telephone numbers anywhere on the Web to provoke telephone calls. The Centers telephone was advertised as a contact number for cheap sex services, or bargain real estate sales.Another attack involved hundreds of people making phone calls to the American English Center and sending it numerous e-mails back, but Vardan Kushnir remained sure of his right to spam, saying it was what e-mails were for.Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S. _ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this transmission in error, please contact the sender by reply e-mail or by telephone (+1(212)632-5500) and delete and destroy all copies of the material, including all copies stored in the recipient's computer, printed or saved to disk. Disclosure Pursuant to Treasury Regulations in Circular 230 To ensure compliance with requirements imposed by the Internal Revenue Service, we inform you that any tax advice contained in this communication (including any attachments) was not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any tax-related matter(s) addressed herein.
Re: New open http redirector?
Kai Schaetzl wrote on Tue, 26 Jul 2005 23:31:23 +0200: It does. I sent a mail to them in German now. Let's see. Got a reply that they know about the problem and are working on a solution. Just their words ;-) Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
RE: generating rule stats from spamd logs
Another Dallas miracle! Oh? Er, how does it determine if a message was ham or spam? It looks like it is rather random based on the reports. BAYES_99 may well hit on 84.33% of spam. But I doubt, given it's score, it hits on 44.53% of ham. The code should be right... It uses spamassassin's judgement, ie info: spamd: result: Y 20 - BAYES_99,... info: spamd: result: . -2 - AWL, 44.53% of your ham hit BAYES_99... That gotta tell you something is wrong! My bayes hits break down like # ./sa-stats.pl -f spamdlog -n 500 | grep BAYES For spam... 10 BAYES_99 15351 4.46% 45.42% 60.57% 19 BAYES_50 6443 1.87% 19.06% 25.42% 31 BAYES_80 1154 0.34% 3.41% 4.55% 32 BAYES_60 1147 0.33% 3.39% 4.53% 38 BAYES_95 864 0.25% 2.56% 3.41% 102 BAYES_00 187 0.05% 0.55% 0.74% 152 BAYES_40 92 0.03% 0.27% 0.36% 209 BAYES_20 53 0.02% 0.16% 0.21% 228 BAYES_05 44 0.01% 0.13% 0.17% For ham... 2 BAYES_00 6959 15.73% 20.59% 82.32% 9 BAYES_50 623 1.41% 1.84% 7.37% 20 BAYES_40 296 0.67% 0.88% 3.50% 24 BAYES_20 267 0.60% 0.79% 3.16% 29 BAYES_05 217 0.49% 0.64% 2.57% 73 BAYES_60 51 0.12% 0.15% 0.60% 113 BAYES_99 24 0.05% 0.07% 0.28% 142 BAYES_80 14 0.03% 0.04% 0.17% 280 BAYES_95 2 0.00% 0.01% 0.02% So, BAYES_99 hits 0.28% of my ham and 60.57% of my spam. So from your explanation I should be ignoring the %ofham column in the spam stats and the %ofspam column in ham? Otherwise the stats don't seem to make much sense: python# ./sa-stats -f maillog.0 -n 500 | grep BAYES spam rules... 3 BAYES_99 305 3.49 4.99 46.56 5.59 10 BAYES_50 172 1.97 2.81 26.26 3.15 23 BAYES_00 100 1.14 1.64 15.27 1.83 77 BAYES_80 21 0.24 0.34 3.21 0.38 85 BAYES_95 19 0.22 0.31 2.90 0.35 111 BAYES_60 14 0.16 0.23 2.14 0.26 131 BAYES_05 12 0.14 0.20 1.83 0.22 186 BAYES_20 7 0.08 0.11 1.07 0.13 224 BAYES_40 5 0.06 0.08 0.76 0.09 373 SARE_BAYES_5x8 2 0.02 0.03 0.31 0.04 387 SARE_BAYES_6x8 2 0.02 0.03 0.31 0.04 412 SARE_BAYES_7x8 2 0.02 0.03 0.31 0.04 ham rules... 1 BAYES_00 4079 14.05 66.75 622.75 74.76 BAYES_00 hitting 622% of spam??? 6 BAYES_50 771 2.65 12.62 117.71 14.13 25 BAYES_40 238 0.82 3.89 36.34 4.36 35 BAYES_20 190 0.65 3.11 29.01 3.48 40 BAYES_05 148 0.51 2.42 22.60 2.71 173 BAYES_60 15 0.05 0.25 2.29 0.27 232 BAYES_80 9 0.03 0.15 1.37 0.16 310 BAYES_95 5 0.02 0.08 0.76 0.09 349 SARE_BAYES_6x6 4 0.01 0.07 0.61 0.07 416 SARE_BAYES_5x8 2 0.01 0.03 0.31 0.04 496 SARE_BAYES_5x7 1 0.00 0.02 0.15 0.02 Andy
RE: generating rule stats from spamd logs
BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and %ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit. Dallas From: Andy Jezierski [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 10:44 AM To: users@spamassassin.apache.org Subject: RE: generating rule stats from spamd logs Another Dallas miracle! Oh? Er, how does it determine if a message was ham or spam? It looks like it is rather random based on the reports. BAYES_99 may well hit on 84.33% of spam. But I doubt, given it's score, it hits on 44.53% of ham. The code should be right... It uses spamassassin's judgement, ie info: spamd: result: Y 20 - BAYES_99,... info: spamd: result: . -2 - AWL, 44.53% of your ham hit BAYES_99... That gotta tell you something is wrong! My bayes hits break down like # ./sa-stats.pl -f spamdlog -n 500 | grep BAYES For spam... 10BAYES_9915351 4.46% 45.42% 60.57% 19BAYES_50 6443 1.87% 19.06% 25.42% 31BAYES_80 1154 0.34% 3.41% 4.55% 32BAYES_60 1147 0.33% 3.39% 4.53% 38BAYES_95 864 0.25% 2.56% 3.41% 102BAYES_00 187 0.05% 0.55% 0.74% 152BAYES_40 92 0.03% 0.27% 0.36% 209BAYES_20 53 0.02% 0.16% 0.21% 228BAYES_05 44 0.01% 0.13% 0.17% For ham... 2BAYES_00 695915.73% 20.59% 82.32% 9BAYES_50 623 1.41% 1.84% 7.37% 20BAYES_40 296 0.67% 0.88% 3.50% 24BAYES_20 267 0.60% 0.79% 3.16% 29BAYES_05 217 0.49% 0.64% 2.57% 73BAYES_60 51 0.12% 0.15% 0.60% 113BAYES_99 24 0.05% 0.07% 0.28% 142BAYES_80 14 0.03% 0.04% 0.17% 280BAYES_952 0.00% 0.01% 0.02% So, BAYES_99 hits 0.28% of my ham and 60.57% of my spam. So from your explanation I should be ignoring the %ofham column in the spam stats and the %ofspam column in ham? Otherwise the stats don't seem to make much sense: python# ./sa-stats -f maillog.0 -n 500 | grep BAYES spam rules... 3BAYES_99 305 3.494.99 46.565.59 10BAYES_50 172 1.972.81 26.263.15 23BAYES_00 100 1.141.64 15.271.83 77BAYES_80 21 0.240.34 3.210.38 85BAYES_95 19 0.220.31 2.900.35 111BAYES_60 14 0.160.23 2.140.26 131BAYES_05 12 0.140.20 1.830.22 186BAYES_207 0.080.11 1.070.13 224BAYES_405 0.060.08 0.760.09 373SARE_BAYES_5x8 2 0.020.03 0.310.04 387SARE_BAYES_6x8 2 0.020.03 0.310.04 412SARE_BAYES_7x8 2 0.020.03 0.310.04 ham rules... 1BAYES_00 407914.05 66.75 622.75 74.76 BAYES_00 hitting 622% of spam??? 6BAYES_50 771 2.65 12.62 117.71 14.13 25BAYES_40 238 0.823.89 36.344.36 35BAYES_20 190 0.653.11 29.013.48 40BAYES_05 148 0.512.42 22.602.71 173BAYES_60 15 0.050.25 2.290.27 232BAYES_809 0.030.15 1.370.16 310BAYES_955 0.020.08 0.760.09 349SARE_BAYES_6x6 4 0.010.07 0.610.07 416SARE_BAYES_5x8
Re: generating rule stats from spamd logs
Dallas L. Engelken wrote: BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and %ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit. Dallas Dallas, Did you see the patch I sent to the SARE list? Just need to swap two hash lookups. Chris T signature.asc Description: OpenPGP digital signature
RE: [OT] Russian way of fighting spam
http://mosnews.com/news/2005/07/25/spammerdead.shtml Russia's Biggest Spammer Brutally Murdered in Apartment Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head. As noted in the \. discussion (http://it.slashdot.org/it/05/07/25/1745212.shtml?tid=111tid=218) following the original report, it's highly unlikely this has much to do with spam per say. Instead it's more probable that it has to do with the Russian mafia since the bulk of illicit activity in Russa is frimly under their control. Unfortunte (even sad) that this happened to him, even though he was a spammer, but you reap what you sow. My hope is that he didn't leave anyone behind that will be in harms way as well (i.e. kid, wife, etc.) as the Russian mafia is notoriously efficent and brutal. Paul Pettit CTO and IS Manager Consistent Computer Bargains Inc. I've heard it said that the proof of lunacy is when you repeat the same steps expecting different results. I say it's proof that you're a Microsoft user. - comment by deshi777 on experts-exchange.com
RE: generating rule stats from spamd logs
M 10BAYES_9915351 4.46% 45.42% 60.57% M 19BAYES_50 6443 1.87% 19.06% 25.42% M 31BAYES_80 1154 0.34% 3.41% 4.55% M 32BAYES_60 1147 0.33% 3.39% 4.53% M 38BAYES_95 864 0.25% 2.56% 3.41% M 102BAYES_00 187 0.05% 0.55% 0.74% M 152BAYES_40 92 0.03% 0.27% 0.36% M 209BAYES_20 53 0.02% 0.16% 0.21% M 228BAYES_05 44 0.01% 0.13% 0.17% M MFor ham... M 2BAYES_00 695915.73% 20.59% 82.32% M 9BAYES_50 623 1.41% 1.84% 7.37% M 20BAYES_40 296 0.67% 0.88% 3.50% M 24BAYES_20 267 0.60% 0.79% 3.16% M 29BAYES_05 217 0.49% 0.64% 2.57% M 73BAYES_60 51 0.12% 0.15% 0.60% M 113BAYES_99 24 0.05% 0.07% 0.28% M 142BAYES_80 14 0.03% 0.04% 0.17% M 280BAYES_952 0.00% 0.01% 0.02% M MSo, BAYES_99 hits 0.28% of my ham and 60.57% of my spam. M You must have a different version to the one now available because your missing one column Spam RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1BAYES_99 468 5.94 75.48 97.91 329.58 2RAZOR2_CHECK 422 5.35 68.06 88.28 297.18 3RAZOR2_CF_RANGE_51_100421 5.34 67.90 88.08 296.48 4URIBL_BLACK 353 4.48 56.94 73.85 248.59 The %ofham column is obviously wrong but the others seem fine Ham RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1BAYES_00 13737.33 22.10 28.66 96.48 2AWL 11230.52 18.06 23.43 78.87 3HTML_MESSAGE 16 4.362.583.35 11.27 7UPPERCASE_25_50 9 2.451.451.88 6.34 8URIBL_BLACK 5 1.360.811.05 3.52 Again the Spam column is wrong here and should be ignored, nice to see whats false positiving so I can lower scores accordingly. Martin
RE: generating rule stats from spamd logs
-Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 11:02 AM To: Dallas L. Engelken Cc: users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs Dallas L. Engelken wrote: BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and %ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit. Dallas Dallas, Did you see the patch I sent to the SARE list? Just need to swap two hash lookups. Yup yup. http://www.rulesemporium.com/programs/sa-stats.txt updated. D
RE: generating rule stats from spamd logs
Dallas L. Engelken [EMAIL PROTECTED] wrote on 07/27/2005 11:26:54 AM: -Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 11:02 AM To: Dallas L. Engelken Cc: users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs Dallas L. Engelken wrote: BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and %ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit. Dallas Dallas, Did you see the patch I sent to the SARE list? Just need to swap two hash lookups. Yup yup. http://www.rulesemporium.com/programs/sa-stats.txt updated. D Something's still a little fishy. SA 3.1 latest SVN, if it makes any difference. python# ./sa-stats -f maillog.0 -n 5 Email: 6111 Autolearn: 226 AvgScore: 2.15 AvgScanTime: 3.91 sec Spam:655 Autolearn: 133 AvgScore: 14.81 AvgScanTime: 3.76 sec Ham:5456 Autolearn: 93 AvgScore: 0.63 AvgScanTime: 3.93 sec Time Spent Running SA: 6.64 hours Time Spent Processing Spam: 0.68 hours Time Spent Processing Ham: 5.96 hours TOP SPAM RULES FIRED RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1 HTML_MESSAGE 496 5.67 8.12 75.73 62.19 2 DCC_CHECK 310 3.55 5.07 47.33 7.02 3 BAYES_99 305 3.49 4.99 46.56 0.02 4 RAZOR2_CHECK 277 3.17 4.53 42.29 4.23 5 DIGEST_MULTIPLE 251 2.87 4.11 38.32 2.42 TOP HAM RULES FIRED RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1 BAYES_00 4079 14.05 66.75 622.75 1.83 2 HTML_MESSAGE 3393 11.68 55.52 518.02 9.09 3 NO_REAL_NAME 1053 3.63 17.23 160.76 1.06 4 HTML_80_90 931 3.21 15.23 142.14 2.35 5 LG_4C_2V_3C 798 2.75 13.06 121.83 2.20
Re: generating rule stats from spamd logs
He only fixed the spam rules section.The TOP HAM RULES sections still has these two incorrect computations... my $perc2=sprintf("%.2f",($HAM_RULES{$key}/$NUM_SPAM)*100); my $perc3=sprintf("%.2f",($SPAM_RULES{$key}/$NUM_HAM)*100);Number of times a rule fired on ham / total number of spam messages.Number of times a rule fired on spam / total number of ham messages. my $perc2=sprintf("%.2f",($SPAM_RULES{$key}/$NUM_SPAM)*100); my $perc3=sprintf("%.2f",($HAM_RULES{$key}/$NUM_HAM)*100);On Jul 27, 2005, at 11:32 AM, Andy Jezierski wrote:"Dallas L. Engelken" [EMAIL PROTECTED] wrote on 07/27/2005 11:26:54 AM: -Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 27, 2005 11:02 AM To: Dallas L. Engelken Cc: users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs Dallas L. Engelken wrote: BAYES_00 hits 15.27 of spam on yours, the %ofspam on top hamrules and%ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit.Dallas Dallas, Did you see the patch I sent to the SARE list? Just need toswap two hash lookups. Yup yup. http://www.rulesemporium.com/programs/sa-stats.txt updated.D Something's still a little fishy. SA 3.1 latest SVN, if it makes any difference.python# ./sa-stats -f maillog.0 -n 5 Email: 6111 Autolearn: 226 AvgScore: 2.15 AvgScanTime: 3.91 sec Spam: 655 Autolearn: 133 AvgScore: 14.81 AvgScanTime: 3.76 sec Ham: 5456 Autolearn: 93 AvgScore: 0.63 AvgScanTime: 3.93 sec Time Spent Running SA: 6.64 hours Time Spent Processing Spam: 0.68 hours Time Spent Processing Ham: 5.96 hours TOP SPAM RULES FIRED RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1 HTML_MESSAGE 496 5.67 8.12 75.73 62.19 2 DCC_CHECK 310 3.55 5.07 47.33 7.02 3 BAYES_99 305 3.49 4.99 46.56 0.02 4 RAZOR2_CHECK 277 3.17 4.53 42.29 4.23 5 DIGEST_MULTIPLE 251 2.87 4.11 38.32 2.42 TOP HAM RULES FIRED RANK RULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1 BAYES_00 4079 14.05 66.75 622.75 1.83 2 HTML_MESSAGE 3393 11.68 55.52 518.02 9.09 3 NO_REAL_NAME 1053 3.63 17.23 160.76 1.06 4 HTML_80_90 931 3.21 15.23 142.14 2.35 5 LG_4C_2V_3C 798 2.75 13.06 121.83 2.20 -- Steve Martin http://www.cheezmo.com/ Smart Calibration, LLC http://www.smartcalibration.com/ The Widescreen Movie Center http://www.widemovies.com/ Letterboxed Movie TV Schedule http://www.widemovies.com/lbx.html
RE: generating rule stats from spamd logs
My mistake.. It is fixed, hopefully for good. v0.9 - http://www.rulesemporium.com/programs/sa-stats.txt TOP SPAM RULES FIRED RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1UNPARSEABLE_RELAY 25322 7.35 74.72 99.76 99.13 2URIBL_SBL 22241 6.46 65.63 87.63 0.38 3URIBL_JP_SURBL 21419 6.22 63.20 84.39 0.28 4URIBL_BLACK 19436 5.64 57.35 76.57 0.93 5RAZOR2_CF_RANGE_51_100 17562 5.10 51.82 69.19 1.34 6RAZOR2_CHECK17475 5.07 51.57 68.85 1.15 7SARE_SPEC_ROLEX_REP 16553 4.81 48.84 65.22 0.29 8SPOOF_COM2OTH 16537 4.80 48.80 65.15 0.05 9RAZOR2_CF_RANGE_E8_51_100 16329 4.74 48.18 64.33 0.16 10BAYES_9915380 4.47 45.38 60.59 0.28 TOP HAM RULES FIRED RANKRULE NAME COUNT %OFRULES %OFMAIL %OFSPAM %OFHAM 1UNPARSEABLE_RELAY843318.93 24.88 99.76 99.13 2BAYES_00 700515.72 20.670.74 82.34 3AWL 490411.01 14.47 26.64 57.65 4HTML_MESSAGE 3813 8.56 11.25 22.92 44.82 5NO_REAL_NAME 1453 3.264.29 37.79 17.08 6HTML_80_90 1279 2.873.77 10.98 15.03 7MIME_HTML_ONLY972 2.182.876.88 11.43 8HTML_FONT_BIG 794 1.782.349.28 9.33 9BAYES_50 625 1.401.84 25.40 7.35 10HTML_FONT_FACE_BAD545 1.221.610.76 6.41 From: Steve Martin [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 11:44 AM To: Andy Jezierski Cc: Dallas L. Engelken; users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs He only fixed the spam rules section. The TOP HAM RULES sections still has these two incorrect computations... my $perc2=sprintf(%.2f,($HAM_RULES{$key}/$NUM_SPAM)*100); my $perc3=sprintf(%.2f,($SPAM_RULES{$key}/$NUM_HAM)*100); Number of times a rule fired on ham / total number of spam messages. Number of times a rule fired on spam / total number of ham messages. my $perc2=sprintf(%.2f,($SPAM_RULES{$key}/$NUM_SPAM)*100); my $perc3=sprintf(%.2f,($HAM_RULES{$key}/$NUM_HAM)*100); On Jul 27, 2005, at 11:32 AM, Andy Jezierski wrote: Dallas L. Engelken [EMAIL PROTECTED] wrote on 07/27/2005 11:26:54 AM: -Original Message- From: Chris Thielen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 11:02 AM To: Dallas L. Engelken Cc: users@spamassassin.apache.org Subject: Re: generating rule stats from spamd logs Dallas L. Engelken wrote: BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and %ofham on top spam rules must be buggy. i'm not running that version with the 5th column. It must be buggy. i play with it after bit. Dallas Dallas, Did you see the patch I sent to the SARE list? Just need to swap two hash lookups. Yup yup. http://www.rulesemporium.com/programs/sa-stats.txt updated. D Something's still a little fishy. SA 3.1 latest SVN, if it makes any difference. python# ./sa-stats -f maillog.0 -n 5 Email: 6111 Autolearn: 226 AvgScore: 2.15 AvgScanTime: 3.91 sec Spam: 655 Autolearn: 133 AvgScore: 14.81 AvgScanTime: 3.76 sec Ham: 5456 Autolearn:93 AvgScore: 0.63 AvgScanTime: 3.93 sec Time Spent Running SA:
RE: web tracking
On Wed, 27 Jul 2005, Chris Santerre wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Chris Santerre wrote: If they want ad tracking they can simply use gifs. ? Clarify please. I need ad tracking... I've been keeping a database of URLs and passing IDs to the redirection page, so it won't redirect to unauthorized URLs. But I don't understand your use gifs method? Just do a google for 'gif tracking' or 'invisible gifs' or whatever. Another name is 'web bugs', look for a SA ruleset that targets those things. ;) Of course they can be defeated by people who are smart enough to disable automagic loading of remote images in their e-mail client. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
RE: web tracking
David B Funk wrote: On Wed, 27 Jul 2005, Chris Santerre wrote: From: [EMAIL PROTECTED] Chris Santerre wrote: If they want ad tracking they can simply use gifs. ? Clarify please. I need ad tracking... I've been keeping a database of URLs and passing IDs to the redirection page, so it won't redirect to unauthorized URLs. But I don't understand your use gifs method? Just do a google for 'gif tracking' or 'invisible gifs' or whatever. Another name is 'web bugs', look for a SA ruleset that targets those things. ;) Of course they can be defeated by people who are smart enough to disable automagic loading of remote images in their e-mail client. I'm not being clear. I understand HTTP redirection. I understand single-pixel-transparent-gif-images-with-URLs-containing-trackable-information AKA web bugs AKA web beacons etc. I don't understand how the latter can be used in place of the former for ad tracking, though. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
Bayes question
I have a pair of Spamassassin servers filtering e-mail (Spamassassin 3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could share the bayes database between the two server rather than having each with its own and having to do the salearn process twice. Any Thoughts? Robert Peace he would say instead of goodbyepeace my brother.
Re: New open http redirector?
Chris Santerre wrote on Wed, 27 Jul 2005 10:08:21 -0400: If they want ad tracking they can simply use gifs. gifs won't work in certain cases. And they won't work for web banners at all. Remember this is a centralized solution, not one which counts imprints on it's own site. *If* you need ad tracking you will have to use this or a similar method, f.i. using IDs instead of URLs. Of course, there's no problem to secure the redirector against abuse. Just need a list of all allowed targets or source/target combinations. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
RE: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
unfortunately, I'm not sure if there's a workable workaround for that. if you can come up with a pure-perl, non-spamassassin-based test case, it might be worth reporting it to the perl maintainers via perlbug... sounds like they've made some stack-size assumptions that are not valid on FreeBSD by default. - --j. Actually I do have some test-cases. http://noaa.cdsinet.net/~zeek/test-good.txt.gz http://noaa.cdsinet.net/~zeek/test-bad.txt.gz These are the results from the 'x $evalstr'. The test-bad is the full $evalstr that causes the bus errors, and test-good is one that doesn't. Add just one if() block to test-good and it fails. Also: perl -e 'my $x = q[if ($h-{ALPHA}-{BETA}-{q{stuff}}) {] . \n . q[ stuff($h, @_);] . \n}\n\n; $x x= 7238; $x =~ s/stuff/stuff . ++$count/eg; eval $x' (that should be all on one line). Adjust the number after x= until it errors out. 7239 crashes for me, 7238 doesn't. John Narron| Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury? (660) 886 4045 | - Queensryche
Re: Bayes question
Robert Swan wrote: I have a pair of Spamassassin servers filtering e-mail (Spamassassin 3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could share the bayes database between the two server rather than having each with its own and having to do the salearn process twice. Any Thoughts? Robert Peace he would say instead of goodbyepeace my brother. Yes... Use the bayes (MY|Postgre)SQL modules, see the docs on how to set this up. -- Thanks, James
NOTICE: Mass-checks (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 just to broaden the pool of recipients. Reminder: today's the deadline. speak up quick if you're still running mass-check and haven't rsync'd up the files yet!! - --j. - --- Forwarded Message Date:Wed, 27 Jul 2005 20:01:49 +0100 From:Henry Stern [EMAIL PROTECTED] To: dev@spamassassin.apache.org Subject: Mass-checks This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --enig8DAC8B68D149B52627D89CF9 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit As far as I know, I am only waiting on one person's mass-check results. Unless you speak up before he uploads them, I'm going to start the score generation without you! ;) Henry --enig8DAC8B68D149B52627D89CF9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC59ofmjLYMPOJv9oRAl/QAKDAQs0/Kk59LN5hqUCst+B/DUGKAACgj7ID MwCIodLsuYn8IxsDM6AQFv0=TPs7 -END PGP SIGNATURE- --enig8DAC8B68D149B52627D89CF9-- --- End of Forwarded Message -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFC590NMJF5cimLx9ARAgEzAJ0SFQ1gQP2bFn/uJHtZ2ahV8D8IMACeJhWI qejFGKWPkC4eDgkNmfxSWDs= =HPSo -END PGP SIGNATURE-
[FW: spam control
- Forwarded message from Angry and Concerned Customer - X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:11:47 -0600 Hi Dave - we are still getting people labeled as sending us spam that should be on that white list (this includes emails from employees). The last two were addressed to me from Rhonda and one from Jim Wooley - both were labeled as spam! This is nuts! If it doesn't work - it doesn't work! Also can we raise the threshold on the spam to 7.5 instead of 5.00 (7.5 and it is labeled spam) Really for us - we would rather not have anything labeled as spam AT ALL. this would fix most of this issue. Then the only issue would be making sure your Spam filters (Spam Assassin) pass all legitimate emails through to us (even if some spam slipped through with it - we would rather not miss anything). Our issues are major to us - and it seems we have a number of them, so I am going to go over them here again so we don't lose sight of them: 3) Email issues. Spam. We didn't ask for our emails to be labeled with spam and it is creating problems for us. This creates certain issues within the organization when we accidentally reply to a member (not noticing anymore the spam label - since every email seems to have it) and they get an email from us with spam marked in it sighhh Also, a number of members at one time or another could not send email through to us. I haven't heard of any lately, but that was why we went to a whitelist approach - to ensure that people on that whitelist were allowed through - regardless of spam filtering and that their emails would not be labeled spam. (Note I am saying spam filtering - not the standard antivirus checking). Well, it's been a couple months now and the Whitelist doesn't seem to be working as it should/intended and there is also been no way to update that white list (replace the file of acceptable email addresses with updated ones or add people to it). - End forwarded message - All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [FW: spam control
The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim
Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 excellent -- I see it's being discussed on p5p now. thanks for doing that. (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.) - --j. John Narron writes: unfortunately, I'm not sure if there's a workable workaround for that. if you can come up with a pure-perl, non-spamassassin-based test case, it might be worth reporting it to the perl maintainers via perlbug... sounds like they've made some stack-size assumptions that are not valid on FreeBSD by default. - --j. Actually I do have some test-cases. http://noaa.cdsinet.net/~zeek/test-good.txt.gz http://noaa.cdsinet.net/~zeek/test-bad.txt.gz These are the results from the 'x $evalstr'. The test-bad is the full $evalstr that causes the bus errors, and test-good is one that doesn't. Add just one if() block to test-good and it fails. Also: perl -e 'my $x = q[if ($h-{ALPHA}-{BETA}-{q{stuff}}) {] . \n . q[ stuff($h, @_);] . \n}\n\n; $x x= 7238; $x =~ s/stuff/stuff . ++$count/eg; eval $x' (that should be all on one line). Adjust the number after x= until it errors out. 7239 crashes for me, 7238 doesn't. John Narron| Sacrifice, they always say Network Administration | Is a sign of nobility CDS/CDSinet, LLC | But where does one draw the line http://www.cdsinet.net | In the face of injury? (660) 886 4045 | - Queensryche -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFC5+YSMJF5cimLx9ARAiJfAKCU7Kgl8rwiOjs/9wmqT7hTpsReBACgkf9I 3DO7v3TRGXv+yGD/BsNJwjk= =AnBQ -END PGP SIGNATURE-
Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 excellent -- I see it's being discussed on p5p now. thanks for doing that. (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.) It works just fine on rh9 with: This is perl, v5.8.4 built for i386-linux-thread-multi as well. For the record, i jacked the x= up to 10,000 and it still worked fine. -Jim
Re: [FW: spam control
The Doctor writes: - Forwarded message from Angry and Concerned Customer - All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? What version are you running? Are you running any additional rulesets? Have you written any custom rules yourself? Do you have bayes enabled? If so, are you running with autolearn? Do you have AWL enabled? (If so, you may want to start over) You need to find out what rules your false positives are tripping over. I personally find it convenient to run the false positives manually (though that's really not required)
RE: New open http redirector?
-Original Message- From: Kai Schaetzl [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 2:31 PM To: users@spamassassin.apache.org Subject: Re: New open http redirector? Chris Santerre wrote on Wed, 27 Jul 2005 10:08:21 -0400: If they want ad tracking they can simply use gifs. gifs won't work in certain cases. And they won't work for web banners at all. Remember this is a centralized solution, not one which counts imprints on it's own site. *If* you need ad tracking you will have to use this or a similar method, f.i. using IDs instead of URLs. Of course, there's no problem to secure the redirector against abuse. Just need a list of all allowed targets or source/target combinations. Kai My point is whatever code/script the redir is running to generate tracking IDs in a URL can ALWAYS be run from a company's own server. Regardless of the method, the sender could always do it. Oh but you will argue that it isn't cost beneficial to do that for a smaller company. So your saying the cost of email marketing would rise. Hmmand that would be bad why? :) --Chris
spamd wont start with bayesd on mysql
[EMAIL PROTECTED] BayesStore]# spamd -D trying to connect to syslog/unix... no error connecting to syslog/unix logging enabled: facility: mail socket: unix output: syslog creating INET socket: Listen: 128 LocalAddr: 127.0.0.1 LocalPort: 783 Proto: 6 ReuseAddr: 1 Type: 1 debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: Storable module v2.13 found debug: Preloading modules with HOME=/tmp/spamd-20935-init debug: ignore: test message to precompile patterns and load modules debug: using /etc/mail/spamassassin/init.pre for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using /usr/share/spamassassin for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: using /etc/mail/spamassassin for site rules dir debug: config: read file /etc/mail/spamassassin/cc-tweaks.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x921f3f8) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9a37164) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9a06928) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x921f3f8) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9a37164) implements 'parse_config' Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains: ../lib /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval 24) line 2.
Re: [FW: spam control
The Doctor [EMAIL PROTECTED] wrote on 07/27/2005 02:34:42 PM: - Forwarded message from Angry and Concerned Customer - X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0. 0]); Wed, 27 Jul 2005 13:11:47 -0600 [snip] All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? As everyone has said, we need to see the message headers at a minimum in order to try and help. Also, judging from the X-Scanned-By: line above I assume you're using milter-spamc to call SA. If you'd like you can add a few lines to your sendmail access file to bypass SA for individual senders/recipents. Milter-Spamc-From:[EMAIL PROTECTED] OK Milter-Spamc-To:[EMAIL PROTECTED] OK Andy
RE: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
-Original Message- From: Jim Maul [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 3:00 PM To: users@spamassassin.apache.org Subject: Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my! Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 excellent -- I see it's being discussed on p5p now. thanks for doing that. (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.) It works just fine on rh9 with: This is perl, v5.8.4 built for i386-linux-thread-multi as well. For the record, i jacked the x= up to 10,000 and it still worked fine. -Jim It crashes the perl 5.8.7 on 3 FreeBSD 5.4 machines, but not with perl 5.8.6 or Perl 5.8.5 on those same machines. So, we've by far excluded it really being a spamassassin problem, which I didn't think it was to begin with. The original intent was to bring the problem to people's attention, and maybe get some ideas on how to fix it out to the mailling list, and the archives, so when some poor soul out there runs into this problem, he or she will know whats going on. I think we can stop clouding up this list with this thread, as I've put a bug report on the perl side of things. You can follow it there (#36667), and if/when a solution or fix comes around, I'll share it back here. Thanks for you all your help
Re: [FW: spam control
On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote: The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim Sample 1 from a cron job: --- From [EMAIL PROTECTED] Wed Jul 27 13:19:15 2005 Return-Path: [EMAIL PROTECTED] Received: from doctor.nl2k.ab.ca ([EMAIL PROTECTED] [127.0.0.1]) by doctor.nl2k.ab.ca (8.13.4/8.13.4) with ESMTP id j6RJJ6BM011313 for [EMAIL PROTECTED]; Wed, 27 Jul 2005 13:19:06 -0600 (MDT) Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; spf=neutral X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RJJ6BM011313 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Received: (from [EMAIL PROTECTED]) by doctor.nl2k.ab.ca (8.13.4/8.13.4/Submit) id j6RJJ31O011310; Wed, 27 Jul 2005 13:19:03 -0600 (MDT) Date: Wed, 27 Jul 2005 13:19:03 -0600 (MDT) Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Cron Daemon) To: [EMAIL PROTECTED] Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 /usr/home/cariwest/html/analog/analog X-Cron-Env: SHELL=/bin/sh X-Cron-Env: HOME=/root X-Cron-Env: LOGNAME=root X-Cron-Env: USER=root X-Cron-Env: PATH=/bin:/usr/bin:/usr/contrib/bin:/usr/X11/bin X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on doctor.nl2k.ab.ca X-Virus-Status: Clean X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Scanned-By: milter-date/0.12.160 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 2005 13:19:12 -0600 X-Spam-Status: NO, hits=-105.70 required=5.00 X-Spam-Level: X-milter-date-PASS: YES X-milter-7bit-Report: error=7bit octet=0x80 offset=74 line=2 position=11 X-milter-7bit-Pass: NO Status: RO Content-Length: 718 Lines: 13 /usr/home/cariwest/html/analog/analog: analog version 6.0/Unix : Warning : Turning off empty Virtual Host Report (For help on all errors and warnings, see docs/errors.html) : Warning : Turning off empty Virtual Host Redirection Report : Warning : Turning off empty Virtual Host Failure Report : Warning : Turning off empty User Report : Warning : Turning off empty User Redirection Report : Warning : Turning off empty User Failure Report meta=: Warning : Turning off empty Internal Search Query Report meta=: Warning : Turning off empty Internal Search Word Report : Warning : Turning off empty Processing Time Report : Warning : In Redirected Referrer Report, turning off pie chart of only one wedge -- Sample 2 Headers: --- Subject: [SPAM: score=5.4/5.0] spam control and assorted issues Date: Wed, 27 Jul 2005 11:28:31 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on doctor.nl2k.ab.ca X-Virus-Status: Clean X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:33 -0600 X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca X-milter-date-PASS: YES X-milter-7bit-Pass: YES X-UIDL: efU!!CF,!([EMAIL PROTECTED]! --- Sample 3 Return-Path: [EMAIL PROTECTED] Received: from web31112.mail.mud.yahoo.com (web31112.mail.mud.yahoo.com [68.142.201.74]) by doctor.nl2k.ab.ca (8.13.4/8.13.4) with SMTP id j6RITs3q002842 for [EMAIL PROTECTED]; Wed, 27 Jul 2005 12:29:55 -0600 (MDT) Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; spf=neutral X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RITs3q002842 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Received: (qmail 2762
Re: spamd wont start with bayesd on mysql
[EMAIL PROTECTED] wrote: Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains: It is SpamAssassin, notice the uppercase A in Assassin. Michael signature.asc Description: OpenPGP digital signature
Re: spamd wont start with bayesd on mysql
How would I fix this issue. Is it in a script? [EMAIL PROTECTED] wrote: Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains: It is SpamAssassin, notice the uppercase A in Assassin. Michael
Re: Procmail for site wide usage
(Q) Given that this RH machine runs only POP3 (management will not allow anything else) how do I set up my /etc/procmailrc file such that all mail that is marked as SPAM is put into the users $HOME/mail/spam file (they can then login using SSH and use Pine to look at SPAM if $LOGNAME is the procmail variable that use can use to do this.
RE: [FW: spam control
OK something is wrong with your setup! Sample 1 from a cron job: Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 X-Spam-Flag: NO -- Marked as spam but not? Sample 2 Headers: Subject: [SPAM: score=5.4/5.0] spam control and assorted issues X-Spam-Flag: NO X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca --- Same! Is it being run thru twice? Sample 3 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org Subject: [SPAM: score=10.0/5.0] [SPAM] (5.00/5.00) Great Canadian website X-Spam-Flag: YES X-Spam-Status: YES, hits=5.00 required=5.00 X-Spam-Level: x X-Spam-Report: Spam detection software, running on the system doctor.nl2k.ab.ca, has Content analysis details: (5.0 points, 5.0 required) pts rule name description -- -- 3.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.4039] 2.0 HTML_10_20 BODY: Message is 10% to 20% HTML X-Mark-SPAM: YES, score=10.00/5.00, processed for 2.167s on doctor.nl2k.ab.ca 3.0 points for an HTML messege That can't be right! Sample 4: Subject: [SPAM: score=11.0/5.0] [SPAM] (13.80/5.00) Re: [SPAM] (16.50/5.00) Fwd: Fw: 9 Things I Hate About Everyone Subject: [SPAM] (16.50/5.00) Fwd: Fw: 9 Things I Hate Content analysis details: (13.8 points, 5.0 required) pts rule name description -- -- 4.0 MAILTO_TO_SPAM_ADDRURI: Includes a link to a likely spammer email 3.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5585] 4.0 HTML_70_80 BODY: Message is 70% to 80% HTML 2.7 AWLAWL: From: address is in the auto white-list X-Mark-SPAM: YES, score=11.00/5.00, processed for 25.087s on doctor.nl2k.ab.ca Sample 4 has scores all over the place!! 11.00, 13.8, and 16.5!! It went thru 3 times!! Shut off AWL for now! Fix the 3 point score for HTML. Then figure out why your getting multiple scans! --Chris
Re: [FW: spam control
The Doctor wrote: On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote: The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim sniped Looks like your users send/receive a lot of HTML mail. I had to adjust the rules for those down slightly to help reduce the possibility of FP's. Here, I don't care if 'chain mail' is marked as spam -- that is not legitimate mail for our users, tho, my system doesn't delete up to a certain threshold. Your second example had this (watch for line wraps): [...] X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:33 -0600 X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca [...] What looks odd to me is that X-Spam-Status says NO (I'm assuming that this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a score of 5.40.. where is this coming from? -- Thanks, James
Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
On Wed, Jul 27, 2005 at 04:00:15PM -0400, Jim Maul wrote: Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 excellent -- I see it's being discussed on p5p now. thanks for doing that. (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.) It works just fine on rh9 with: This is perl, v5.8.4 built for i386-linux-thread-multi as well. For the record, i jacked the x= up to 10,000 and it still worked fine. We are talking BSD here. (Please recall the complaint on 3.1.0 pres not working) Can one update to perl 5.8.7? -Jim -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:02:32PM -0400, Ron Johnson wrote: The Doctor writes: - Forwarded message from Angry and Concerned Customer - All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? What version are you running? Are you running any additional rulesets? Have you written any custom rules yourself? Do you have bayes enabled? If so, are you running with autolearn? Do you have AWL enabled? (If so, you may want to start over) You need to find out what rules your false positives are tripping over. I personally find it convenient to run the false positives manually (though that's really not required) I am running 3.0.4 on BSD/OS 4.3.1 . Here is my local.cf: # Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf' # SpamAssassin user preferences file. # # Format: # # required_hits n # (how many hits are required to tag a mail as spam.) # # score SYMBOLIC_TEST_NAME n # (if this is omitted, 1 is used as a default score. # Set the score to 0 to ignore the test.) # # # starts a comment, whitespace is not significant. # # NOTE! In conjunction with MIMEDefang, SpamAssassin can *NOT* make any # changes to the message header or body. Any SpamAssassin settings that # relate to changing the message will have *NO EFFECT* when used from # MIMEDefang. Instead, use the various MIMEDefang Perl functions if you # need to alter the message. ### ### # First of all, the generally useful stuff; thresholds and the whitelist # of addresses which, for some reason or another, often trigger false # positives. required_hits 7.5 # Whitelist and blacklist addresses are *not* patterns; they're just normal # strings. one exception is that [EMAIL PROTECTED] is allowed. They should be in # lower-case. You can either add multiple addrs on one line, # whitespace-separated, or you can use multiple lines. # # Monty Solomon: he posts from an ISP that has often been the source of spam # (no fault of his own ;), and sometimes uses Bcc: when mailing. # # whitelist_from[EMAIL PROTECTED] # Add your blacklist entries in the same format... # # blacklist_from[EMAIL PROTECTED] # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # ##ok_localesen # By default, the subject lines of suspected spam will be tagged. # This can be disabled here. # ##rewrite_subject 0 # By default, spamassassin will include its report in the body # of suspected spam. Enabling this causes the report to go in the # headers instead. Using 'use_terse_report' for this is recommended. # # report_header 1 # By default, SpamAssassin uses a fairly long report format. # Enabling this uses a shorter format which includes all the # information in the normal one, but without the superfluous # explanations. # # use_terse_report 0 # By default, spamassassin will change the Content-type: header of # suspected spam to text/plain. This is a safety feature. If you # prefer to leave the Content-type header alone, set this to 0. # defang_mime 0 # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. #skip_rbl_checks 1 ### # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin.cf file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # for details of what can be tweaked. # # SpamAssassin config file for version 2.5x # generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam. required_hits 7.5 # Whether to change the subject of suspected spam ##rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used ##subject_tag *SPAM* rewrite_header Subject SPAM(_SCORE_) # Encapsulate spam in an attachment report_safe 1 # Use terse version of the spam report use_terse_report0 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languagesall # Mail using locales used in these country
RE: [FW: spam control
Also, post the whitelist entry you're using... And what file it's in, and how you're calling SA. Whitelist from user/.spamassassin/user_prefs: NEVER post other peoples' email addresses to a public and archived list!!! Deep breaths Doc! --Chris
RE: [FW: spam control
score gtube 4.0 score razor2_check4 score RAZOR2_CF_RANGE_11_50 4 score RAZOR2_CF_RANGE_51_100 4 score DCC_CHECK 5 score PYZOR_CHECK 5 score REMOVE_IN_QUOTES4 score CLICK_TO_REMOVE_2 4 score ASCII_FORM_ENTRY4 score TRACKER_ID 4 *snip* Holy carp!!! Why did you rescore just about every rule higher? Those rules are bound to cause FPs. Scored waaay too high. Doc, right now I would remove all traces of SA, and start over. There seems to be issues just about everywhere. Setup SA fresh, and callit ONLY for a test account. (Like your own.) --Chris
Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:40:40PM -0400, JamesDR wrote: The Doctor wrote: On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote: The Doctor wrote: SNIP irate customer message All right, the short and simple is that Spam-Assassin may not be doing the correct job. This user has a whitelist in place and some e-mail are getting the label of spam. Even some of my cron jobs are getting a [SPAM] label when they should nt. Why? Perhaps if you posted the headers of the messages that were marked as spam we can look to see what rules hit which would answer your why? question. Until then, no one knows that the problem is, and as such, wont be able to fix it. -Jim sniped Looks like your users send/receive a lot of HTML mail. I had to adjust the rules for those down slightly to help reduce the possibility of FP's. Here, I don't care if 'chain mail' is marked as spam -- that is not legitimate mail for our users, tho, my system doesn't delete up to a certain threshold. Your second example had this (watch for line wraps): [...] X-Spam-Flag: NO X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:55 -0600 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 Jul 2005 11:24:33 -0600 X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca [...] What looks odd to me is that X-Spam-Status says NO (I'm assuming that this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a score of 5.40.. where is this coming from? I am using milter-spamc and smf-spamd . -- Thanks, James -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: spamd wont start with bayesd on mysql
[EMAIL PROTECTED] wrote: How would I fix this issue. Is it in a script? [EMAIL PROTECTED] wrote: Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains: It is SpamAssassin, notice the uppercase A in Assassin. Michael Check your bayes_store_module config option. Michael signature.asc Description: OpenPGP digital signature
Re: New open http redirector?
Chris Santerre wrote: My point is whatever code/script the redir is running to generate tracking IDs in a URL can ALWAYS be run from a company's own server. Regardless of the method, the sender could always do it. You're still making an assumption that what they're tracking is ad *views*. What about tracking clicks? Suppose you have a website with ads -- or search results -- on it, and you want to keep track of which links to third party sites get followed. You can't do that with a web bug. You can only do that by setting up a redirect script so that you log the click, then send the browser off to the other site. At that point it's a matter of locking it down so that only specific targets are allowed, etc., or else you end up setting up a script that can be abused by spammers. Which brings us to where this thread started. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: [FW: spam control
The Doctor [EMAIL PROTECTED] wrote on 07/27/2005 03:51:13 PM: [snip] X-Spam-Status: NO, hits=2.20 required=5.00 X-Spam-Level: xx X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca [...] What looks odd to me is that X-Spam-Status says NO (I'm assuming that this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a score of 5.40.. where is this coming from? I am using milter-spamc and smf-spamd . Pick one milter and get rid of the other. Above, Milter-spamc said the message wasn't spam, and I'm assuming that the X-Mark-SPAM is from smf-spamd said the message is spam. Looks like your two milters might be looking at different configs, since they are coming up with different scores. Also as Chris said, get rid of ALL of your score overrides. That's probably your biggest problem. Andy
Re: [FW: spam control
Chris Santerre wrote: score gtube 4.0 *snip* Holy carp!!! Why did you rescore just about every rule higher? An even better question.. why did he try to rescore GTUBE down to 4.0? Although that was slightly screwed up by not puting the rule name in all-caps, GTUBE should always cause a message to be high-scoring spam. That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string which should never be present in normal email, and it's kind of like the EICAR virus-test string, but for spam.
Re: [FW: spam control
The Doctor [EMAIL PROTECTED] wrote on 07/27/2005 03:42:41 PM: [snip] In my /etc/rc for spam assassin I have, echo -n ' Spam Assassin'; /usr/contrib/bin/spamd -d -i -D -u defang --user-config --siteconfigpath=/etc/mail/spamassassin -- syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid; You do realize you have debugging turned on right? -D Makes for a HUGE log file each day. /usr/contrib/bin/smf-spamd; First call to SpamAssassin (Is this spam?) [snip] /usr/contrib/bin/daemon /usr/contrib/bin/milter-spamc -r 50 -S - v all unix:/var/lib/milter-spamc/socket; Second call to SpamAssassin (Is this REALLY spam?) [snip] /etc/procmailrc in my system reads: :0fw:spamassassin.lock * 1000 |/usr/contrib/bin/spamc :0 w ! -oi -f $@ Third call to SpamAssassin (Are you REALY REALY sure this is spam?) Pick ONE method to call SA Andy
Re: New open http redirector?
Chris Santerre wrote on Wed, 27 Jul 2005 16:14:13 -0400: So your saying the cost of email marketing would rise. Chris, I did't think about email at all ;-) Maybe I'm wrong and the use of this redirector is mostly for email. I thought of it as a central tracker which gets launched when someone clicks a banner ad or similar in a web page. There can be several reasons why you can't put this on the source or target server, but need an intermediary. It seems to me that the use for email is quite marginal because you can't track opening a message this way, you can only use it in the same way as for web pages. And that's what these spammers do, they try to disguise the real URL. But why? Users won't examine the URL before they click it and most spam processors should know how to get the target hostname. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de http://msie.winware.org
Re: Mass-checks
Mass check submissions are closed. I won't be picking up any more. Thanks everyone! Henry Stern wrote: As far as I know, I am only waiting on one person's mass-check results. Unless you speak up before he uploads them, I'm going to start the score generation without you! ;) Henry signature.asc Description: OpenPGP digital signature
RE: New open http redirector?
-Original Message- From: Kelson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 4:59 PM To: 'users@spamassassin.apache.org' Subject: Re: New open http redirector? Chris Santerre wrote: My point is whatever code/script the redir is running to generate tracking IDs in a URL can ALWAYS be run from a company's own server. Regardless of the method, the sender could always do it. You're still making an assumption that what they're tracking is ad *views*. What about tracking clicks? Suppose you have a website with ads -- or search results -- on it, and you want to keep track of which links to third party sites get followed. You can't do that with a web bug. You can only do that by setting up a redirect script so that you log the click, then send the browser off to the other site. At that point it's a matter of locking it down so that only specific targets are allowed, etc., or else you end up setting up a script that can be abused by spammers. Which brings us to where this thread started. Your tellng me you can't get a redir for your own website? You can't get a script to point: www.example.com/4gk43gg435gh43ghk.htm - www.example.com/realpage.htm And generate your own IDs? This makes no sense. If a third party service can do it, so can a company. 3rd party redirs are simply not needed. *goes to google open source redir scripts* --Chris
RE: Bayes question
I attempted to do that once, with a network file system, but it didnt seem to know how to handle the locking properly. I know I did something wrong, so if anyone else has a solution, Id also be happy to hear it! J -Alan Fullmer [EMAIL PROTECTED] www.xnote.com www.zoobuh.com From: Robert Swan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 12:22 PM To: users@spamassassin.apache.org Subject: Bayes question I have a pair of Spamassassin servers filtering e-mail (Spamassassin 3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could share the bayes database between the two server rather than having each with its own and having to do the salearn process twice. Any Thoughts? Robert Peace he would say instead of goodbyepeace my brother.
RE: Bayes question
Boy... anytime I've done some kind of network file sharing across a system or two, I have never done it for good performance reasons... only convenience sakes. And even then, never large files. Almost a decade ago when I was performing massive COBOL database conversions to load data into flat files to be imported into a relational database, I noticed a significant decrease in performance of the machine that is accessing remotely stored files. It was far easier/faster to auto-ftp the half a gigabyte of information to another machine so that it could have the information *local* and therefore it can access the data extremely quickly. Depending on the machine and it's resources, I'd expect it to slow down it's processing between 25-40% on the average. If the data remained on a remote machine, then the CPU has to use it's resources to handle the resources on the remote file system as if it's a part of it's own. It is then at the whim of a NFS file system handle that may or may not stay fresh. Even if the machines are separated by a couple feet of cable .. for me .. back then ... NFS wasn't reliable enough for me to be able to bank on it being up. Because when the remote NFS file handle went stale, it caused the local machine to hang and drag. Maybe NFS is better now than back then... I don't know. The machine doesn't make a network *call* to the other machine to borrow it's resources, it uses it's own resources to access the remote files as if they are local yet, it does it over a network cable rather than the typical high-speed of motherboard's bus that would access the local hard drive. So... the only way I'd do this in this day and age would be to have the kind of hardware that you could build a multi-node supercomputer where they all share the same hard drive over a fiber optic network with lightning quick hard disks on the server node as it shares its resources with the worker nodes. In that case, the networking element has been removed from the equation as the slowest link in the chain of events. On Wed, July 27, 2005 16:37, Alan Fullmer said: I attempted to do that once, with a network file system, but it didn't seem to know how to handle the locking properly. I know I did something wrong, so if anyone else has a solution, I'd also be happy to hear it! :-) -- Tyler Nally [EMAIL PROTECTED]
autolearn
I posted a message the other day asking why my spamd might backlog periodically and someone asked me if I could see from the log what was happening. It started again today and I see something. the last entry in the log when the jam occurred said autolearn=unavailable when I stopped checking, cleared the spool, and restarted checking the log began to show autolearn=no should I just set something in local.cf to turn off autolearning more completely so it knows not to try? would I be better off doing whatever is required to create a real autolearning system? am I right in thinking that requires a database? Frank M. Cook
Re: [FW: spam control
On Wed, Jul 27, 2005 at 05:25:42PM -0400, Matt Kettler wrote: Chris Santerre wrote: score gtube 4.0 *snip* Holy carp!!! Why did you rescore just about every rule higher? An even better question.. why did he try to rescore GTUBE down to 4.0? Although that was slightly screwed up by not puting the rule name in all-caps, GTUBE should always cause a message to be high-scoring spam. That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string which should never be present in normal email, and it's kind of like the EICAR virus-test string, but for spam. I did try to go back to default and raise the level to 7.5 and did try to restart spamd amd spamc, but it seems that Spam Assassin still has the old high features. The local.cf looks like: - # Add your own customisations to this file. See 'man Mail::SpamAssassin::Conf' # SpamAssassin user preferences file. # # Format: # # required_hits n # (how many hits are required to tag a mail as spam.) # # score SYMBOLIC_TEST_NAME n # (if this is omitted, 1 is used as a default score. # Set the score to 0 to ignore the test.) # # # starts a comment, whitespace is not significant. # # NOTE! In conjunction with MIMEDefang, SpamAssassin can *NOT* make any # changes to the message header or body. Any SpamAssassin settings that # relate to changing the message will have *NO EFFECT* when used from # MIMEDefang. Instead, use the various MIMEDefang Perl functions if you # need to alter the message. ### ### # First of all, the generally useful stuff; thresholds and the whitelist # of addresses which, for some reason or another, often trigger false # positives. required_hits 7.5 # Whitelist and blacklist addresses are *not* patterns; they're just normal # strings. one exception is that [EMAIL PROTECTED] is allowed. They should be in # lower-case. You can either add multiple addrs on one line, # whitespace-separated, or you can use multiple lines. # # Monty Solomon: he posts from an ISP that has often been the source of spam # (no fault of his own ;), and sometimes uses Bcc: when mailing. # # whitelist_from[EMAIL PROTECTED] # Add your blacklist entries in the same format... # # blacklist_from[EMAIL PROTECTED] # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. # ##ok_localesen # By default, the subject lines of suspected spam will be tagged. # This can be disabled here. # ##rewrite_subject 0 # By default, spamassassin will include its report in the body # of suspected spam. Enabling this causes the report to go in the # headers instead. Using 'use_terse_report' for this is recommended. # # report_header 1 # By default, SpamAssassin uses a fairly long report format. # Enabling this uses a shorter format which includes all the # information in the normal one, but without the superfluous # explanations. # # use_terse_report 0 # By default, spamassassin will change the Content-type: header of # suspected spam to text/plain. This is a safety feature. If you # prefer to leave the Content-type header alone, set this to 0. # defang_mime 0 # By default, SpamAssassin will run RBL checks. If your ISP already # does this, set this to 1. #skip_rbl_checks 1 ### # Add your own customised scores for some tests below. The default scores are # read from the installed spamassassin.cf file, but you can override them # here. To see the list of tests and their default scores, go to # http://spamassassin.taint.org/tests.html . # for details of what can be tweaked. # # SpamAssassin config file for version 2.5x # generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam. required_hits 7.5 # Whether to change the subject of suspected spam ##rewrite_subject 1 # Text to prepend to subject if rewrite_subject is used ##subject_tag *SPAM* rewrite_header Subject SPAM(_SCORE_) # Encapsulate spam in an attachment report_safe 1 # Use terse version of the spam report use_terse_report0 # Enable the Bayes system use_bayes 1 # Enable Bayes auto-learning auto_learn 1 # Enable or disable network checks skip_rbl_checks 0 use_razor2 1 use_dcc 1 use_pyzor 1 # Mail using languages used in these country codes will not be marked # as being possibly spam in a foreign language. ok_languagesall # Mail using locales used in these country codes will not be marked # as being possibly spam in a foreign language. ok_locales
Re: Bayes question
Alan Fullmer wrote: I attempted to do that once, with a network file system, but it didn’t seem to know how to handle the locking properly. I know I did something wrong, so if anyone else has a solution, I’d also be happy to hear it! J As JamesDR suggested.. Do it right, use SQL. It's a database that's *designed* to be accessed remotely. Trying to share a DB_File based database over NFS is asking for poor performance and trouble.
RE: New open http redirector?
Chris Santerre wrote: From: Kelson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 4:59 PM To: 'users@spamassassin.apache.org' Subject: Re: New open http redirector? Chris Santerre wrote: My point is whatever code/script the redir is running to generate tracking IDs in a URL can ALWAYS be run from a company's own server. Regardless of the method, the sender could always do it. What about tracking clicks? Your tellng me you can't get a redir for your own website? Chris, take a deep breath and relax... There are good reasons for third-party advertising services. Suppose Acme Inc. wants to put an ad on Zero's site. Acme could host the ad image, and the clickthrough could go to Acme's site. Zero could host the ad image, and the clickthrough could go to Zero's site... which could in turn go to Acme's site. But the best situation from a game theory point of view is to bring in a third party ad hosting service Elmer. Zero would place Elmer's HTML code on their site. The ad image would be src'd to Elmer's site, and the click would href through to Elmer's site which would in turn redirect to Acme's site. Why? Trust. Ads are frequently contracted for a certain number of impressions, with a price that, in the long run, depends on the click-through rate. Acme should not trust Zero's statistics, and Zero should not trust Acme's statistics - because each has an incentive to lie. The best solution, then, is to bring in Elmer who acts as an arbiter or escrow agent, and both sides can trust Elmer. Elmer has a disincentive to lie in both directions. Open HTTP redirects are still bad, though. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
Re: [FW: spam control
The Doctor wrote: Next? My honest suggestion? Stop everything, and take a step back. Read, think about the options, then act. First, Fix your setup as Andy Jezerski suggested. Have ONE and only ONE call to spamassassin. You've got 3 right now. Two milters and a procmail call. That's VERY bad news, and will greatly complicate configuration, testing and debugging. Pick ONE of the following: smf-spamd milter-spamc procmailrc call to spamc And ditch the other two. With all three of them in place, that's 3 tools you have to configure, and if any one of them isn't set up right you'll have problems. Reducing it to one tool, one call, will make your life easier. Second, I would personally just get rid of your local.cf and start over. At the very minimum get rid of every score statement you've added in there. You've been raising rule scores all over the place, which wound up causing FP problems. Then you raised your threshold to counteract the FP problems your modified scores caused. Bad news. You're getting into an arms race with yourself. Third, once you've picked one of the methods of calling SpamAssassin (instead of three) configure that tool to bypass SA calls. If you decide to keep milter-spamc, I'd suggest using Andy's suggestion of a /etc/mail/access statement. Milter-Spamc-From:[EMAIL PROTECTED]OK
Re: [FW: spam control
From: Kai Schaetzl [EMAIL PROTECTED] The Doctor wrote on Wed, 27 Jul 2005 13:34:42 -0600: This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] Ah, it's he again. Setting to ignore mode. Kai He rather is an example of why we tended not to allow our doctorates into the lab when I was doing RF engineering for Rockwell International. They broke everything they touched. Heck, one fellow only had to step inside the room and half the equipment quit working. If he has a doctorate in Computer Science he knows too much to get SpamAssassin running. He knows how things should be done and knows that what he knows is absolutely the only way things should be done. So why sit down and figure out how it really works carefully and methodically. He religiously seems to hide major pieces of his configuration from us and then demand solutions. I've quit even bothering to reply to him. I do read him. He's so silly he's amusing. (One thing I have found is that people who use the term Dr. in front of their monikers when out in public are incapable of learning because all the public is too dumb to listen to. It earns them incredible amounts of heartburn.) {^_^}
RE: Russian way of fighting spam
jdow wrote: From: Slava Madrit [EMAIL PROTECTED] ... If you received this transmission in error, please contact the sender by reply e-mail or by telephone (+1(212)632-5500) - In other words as soon as the SpamAssassin mailinglist forwarded this we were all in violation of Treasury Regulations in Circular 230. Sheesh. I'm sorely tempted to call. Anyone else? Should we all call at once? :) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
Re: Russian way of fighting spam
jdow wrote: From: Slava Madrit [EMAIL PROTECTED] _ and delete and destroy all copies of the material, including all copies stored in the recipient's computer, printed or saved to disk. Does that also mean we should all show up at Slava's office to destroy all copies of the material?
Re: [SPAM] (6.70/5.00) Re: [FW: spam control
On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote: The Doctor wrote: The whitelist in question: user/.spamassassin/user_prefs: snip And the spamassassin is called as follows: echo -n ' Spam Assassin'; /usr/contrib/bin/spamd -d -i -D -u defang --user-config --siteconfigpath=/etc/mail/spamassassin --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid; /usr/contrib/bin/smf-spamd; is user in the user_prefs path the home directory for the user defang... if not, then that whole file will NOT under ANY condition be read. Since you're passing -u defang to spamd, it will ONLY run as defang, and it will ONLY check defang's home directory for a user_prefs file. Question: How can ever user use Spam Assassin without having to specify a user? It would be nice for every user to govern their own account. -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
SURBL Rules Not Being Used
Hello, The SURBL Rules do not appear to be working for me. I think I am missing something basic. The test: First Test: Telnet into my MTA and manually enter the SMTP Commands to send an email from a bogus address, email content is the same as the other tests. Second Test: Using a local .eml file I have a hyper link to http://test.surbl.org I then pass with file to either spamassassin or spamc Third Test: Send an email from a yahoo account with the same content. The spamc -R report from the first and second tests: pts rule name description -- -- 0.2 NO_REAL_NAME From: does not include a real name -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts 0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org My Configuration: Debian 3.1 SpamAssassin 3.0.3-2 (From Debian) Bind9 (from Debian) Spamd started with --max-children 5 --helper-home-dir What I have tested: Net::DNS is installed. Use a simple Perl Script to Test DNS Resolving via the Bind9 works. SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule. No entry in local.cf for skip_rbl_checks, rbl_timeout No changes to any scores. TIA Tim
Re: SURBL Rules Not Being Used
Timothy Spear wrote: Hello, The SURBL Rules do not appear to be working for me. I think I am missing something basic. The test: First Test: Telnet into my MTA and manually enter the SMTP Commands to send an email from a bogus address, email content is the same as the other tests. Second Test: Using a local .eml file I have a hyper link to http://test.surbl.org I then pass with file to either spamassassin or spamc Third Test: Send an email from a yahoo account with the same content. The spamc -R report from the first and second tests: pts rule name description -- -- 0.2 NO_REAL_NAME From: does not include a real name -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts 0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org My Configuration: Debian 3.1 SpamAssassin 3.0.3-2 (From Debian) Bind9 (from Debian) Spamd started with --max-children 5 --helper-home-dir What I have tested: Net::DNS is installed. Use a simple Perl Script to Test DNS Resolving via the Bind9 works. SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule. No entry in local.cf for skip_rbl_checks, rbl_timeout No changes to any scores. TIA Tim Hi, Although it appears Net::DNS is working, what version is it ? I've never gotten 0.49 - 0.52 to work correctly. 0.48 and 0.53+ all work fine. HTH, Rick
RE: SURBL Rules Not Being Used
I am running 0.53; straight from CPAN. Any other ideas? Tim -Original Message- From: Rick Macdougall [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 8:13 PM To: Timothy Spear Cc: users@spamassassin.apache.org Subject: Re: SURBL Rules Not Being Used Timothy Spear wrote: Hello, The SURBL Rules do not appear to be working for me. I think I am missing something basic. The test: First Test: Telnet into my MTA and manually enter the SMTP Commands to send an email from a bogus address, email content is the same as the other tests. Second Test: Using a local .eml file I have a hyper link to http://test.surbl.org I then pass with file to either spamassassin or spamc Third Test: Send an email from a yahoo account with the same content. The spamc -R report from the first and second tests: pts rule name description -- -- 0.2 NO_REAL_NAME From: does not include a real name -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts 0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org My Configuration: Debian 3.1 SpamAssassin 3.0.3-2 (From Debian) Bind9 (from Debian) Spamd started with --max-children 5 --helper-home-dir What I have tested: Net::DNS is installed. Use a simple Perl Script to Test DNS Resolving via the Bind9 works. SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule. No entry in local.cf for skip_rbl_checks, rbl_timeout No changes to any scores. TIA Tim Hi, Although it appears Net::DNS is working, what version is it ? I've never gotten 0.49 - 0.52 to work correctly. 0.48 and 0.53+ all work fine. HTH, Rick !DSPAM:42e82313202012322511209!
Re: SURBL Rules Not Being Used
On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote: Any other ideas? The first thing for any issue is: run with -D and see what's happening. -- Randomly Generated Tagline: Q. Why is this so clumsy? A. The trick is to use Perl's strengths rather than its weaknesses. - Larry Wall pgpx1xR900lfD.pgp Description: PGP signature
RE: SURBL Rules Not Being Used
Found it. I hade two versions of Perl installed, spamassassin was picking up the test install I did of version 6. Which had no Net::DNS installed. Tim -Original Message- From: Theo Van Dinter [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 27, 2005 9:25 PM To: users@spamassassin.apache.org Subject: Re: SURBL Rules Not Being Used On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote: Any other ideas? The first thing for any issue is: run with -D and see what's happening. -- Randomly Generated Tagline: Q. Why is this so clumsy? A. The trick is to use Perl's strengths rather than its weaknesses. - Larry Wall
Re: Bogus MS 'critical update'
On Mon, 2005-07-25 at 10:33 +0100, Nigel kendrick wrote: I have just had a bogus Microsoft update slip through the net. Is there a rule to combat these? In any case, here's the info in case it's of use: snip IMHO that's a virus, not spam. You should prolly install ClamAV on your mail server. -- Thomas Cameron, RHCE, CNE, MCSE, MCT 512-241-0774 (office) 512-924-8592 (cell)
Re: Russian way of fighting spam
On Wednesday 27 July 2005 19:46, Daryl C. W. O'Shea wrote: jdow wrote: From: Slava Madrit [EMAIL PROTECTED] _ and delete and destroy all copies of the material, including all copies stored in the recipient's computer, printed or saved to disk. Does that also mean we should all show up at Slava's office to destroy all copies of the material? Now there's an idea, go for it. Start with that ridiculous sig. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) 99.35% setiathome rank, not too shabby for a WV hillbilly Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
Basic Questions
Setup Redhat 9 Spamassassin 3.0.4 I am struggling with learning the basics about spamassassin. I think I = have it going now but I am still not sure. I stumbled into a working = scenario. Somehow Sendmail is calling procmal for me so I do nto need = the .forward file. If someone knows how that could be happening I would = love to know how I got lucky. 1) I am not sur eof the locations the installation of spamassassin is = using. I do not know if it is using my ~/.spamassassin or = /etc/mail/spamassassin or both. The main reason I ask is I think an = existing install was there befor emy make. I am trying to install some = custom rules and cf files and in particular an sa-blacklist.current file = but I am not sure where to put the cf files, etc so that spamd/spamc = will see them. 2) I want to convert to a site installation so I can use one setting for = required score, custom rules (contents of user_prefs). How can I do = this? IMO the docs on the web site are inadequate.
Re: [SPAM] (6.70/5.00) Re: [FW: spam control
On Wed, Jul 27, 2005 at 06:00:58PM -0600, The Doctor wrote: On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote: The Doctor wrote: The whitelist in question: user/.spamassassin/user_prefs: snip And the spamassassin is called as follows: echo -n ' Spam Assassin'; /usr/contrib/bin/spamd -d -i -D -u defang --user-config --siteconfigpath=/etc/mail/spamassassin --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid; /usr/contrib/bin/smf-spamd; is user in the user_prefs path the home directory for the user defang... if not, then that whole file will NOT under ANY condition be read. Since you're passing -u defang to spamd, it will ONLY run as defang, and it will ONLY check defang's home directory for a user_prefs file. Question: How can ever user use Spam Assassin without having to specify a user? It would be nice for every user to govern their own account. Also, IS it possible for Spam Assassin to skip over a realm? -- Member - Liberal International This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED] God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
Re: autolearn
Hello Frank, Wednesday, July 27, 2005, 3:02:23 PM, you wrote: FMC I posted a message the other day asking why my spamd might FMC backlog periodically and someone asked me if I could see from the FMC log what was happening. It started again today and I see FMC something. the last entry in the log when the jam occurred said FMC FMC autolearn=unavailable FMC FMC when I stopped checking, cleared the spool, and restarted FMC checking the log began to show FMC FMC autolearn=no FMC FMC should I just set something in local.cf to turn off FMC autolearning more completely so it knows not to try? Actually, that suggests your problem may be with an auto-expire against the Bayes database, rather than auto-learn. The Bayes system will occasionally determine that it needs to expire old entries, to keep the database files within reasonable size, and that expiration can take a long while. I've not had the problem, so I can't suggest good solutions from experience, but others here on the list can... Bob Menschel
Re: Basic Questions
On Wed, Jul 27, 2005 at 09:11:22PM -0500, John D. Maag wrote: scenario. Somehow Sendmail is calling procmal for me so I do nto need = the .forward file. If someone knows how that could be happening I would love to know how I got lucky. Most Linux distros, since you said you're using RH9, setup procmail as the local delivery agent. 1) I am not sur eof the locations the installation of spamassassin is = using. I do not know if it is using my ~/.spamassassin or = /etc/mail/spamassassin or both. The main reason I ask is I think an = Both, depending on how you call SA. If you ever want to know what SpamAssassin is doing, run a message through spamassassin -D and it'll tell you what files are being read, etc. custom rules and cf files and in particular an sa-blacklist.current file = but I am not sure where to put the cf files, etc so that spamd/spamc = will see them. /etc/mail/spamassassin are for site-wide local rules. 2) I want to convert to a site installation so I can use one setting for = required score, custom rules (contents of user_prefs). How can I do = this? IMO the docs on the web site are inadequate. Well, you can always set site wide configuration, per-user configs are allowed by default but can easily be shut off if using spamd (see the man page). -- Randomly Generated Tagline: Don't mock the cookie. - Jackie Chan Adventures pgpiTCqyYnQz8.pgp Description: PGP signature
Re: New open http redirector?
What about tracking clicks? Suppose you have a website with ads -- or search results -- on it, and you want to keep track of which links to third party sites get followed. You can't do that with a web bug. You can only do that by setting up a redirect script so that you log the click, then send the browser off to the other site. At that point it's a matter of locking it down so that only specific targets are allowed, etc., or else you end up setting up a script that can be abused by spammers. Which brings us to where this thread started. Ah, but at least they would have a log of the number of clicks to the spammer site! Perhaps they could then send the spammer a bill for services provided? ;-) Loren
Re: autolearn
The Bayes system will occasionally determine that it needs to expire old entries, to keep the database files within reasonable size, and that expiration can take a long while. is there a file I can check to see if it has become large? better yet is there some kind of routine to run to do the purging? I could shut down message checking to give an expiration routine time to do its thing. Frank M. Cook Association Computer Services, Inc. http://www.acsplus.com
Re: autolearn
The Bayes system will occasionally determine that it needs to expire old entries, to keep the database files within reasonable size, and that expiration can take a long while. is there a file I can check to see if it has become large? Yes. I don't know quite how to do it, so someone else will chime in, I hope. better yet is there some kind of routine to run to do the purging? I could shut down message checking to give an expiration routine time to do its thing. You can turn off bayes_auto_expire in user_prefs, and then use a cron job to run an expire every midnight or so. Loren
Re[2]: SARE Whitelist candidate
Hello Andy, Wednesday, July 27, 2005, 7:13:01 AM, you wrote: AJ Didn't know there was a SARE whitelist. Discussed on this list a few months back, while experimenting with it on my own system. Then announced it here when published, but otherwise it's been quiet. Worth mentioning from time to time... AJ Here'sanother Fidelity E-Mail address we whitelist: AJ [EMAIL PROTECTED] Thanks, but I need more than just the email address. It's much, much too easy for spammers to forge/fake an email address in their From header. We use the whitelist_from_rcvd directive instead, whitelist_from_rcvd EmailAddress ServerDomain SpamAssassin identifies which Received headers are trusted (belong to your system, or otherwise are trusted to pass you accurate information about the upstream/sending server). It compares the sending server in the last of these against the ServerDomain parameter. Only if both the email address pattern and the server domain match is the email whitelisted. Even if the spammer fakes the email address, and generates a bogus Received header with the server domain, that received header will not be trusted (it wasn't generated by your system), and therefore the email won't be whitelisted in error. If you can send me a copy of the email, or at least its full headers (no need for any of the confidential information that might be in the body), I can identify the correct server domain to include in the directive. Bob Menschel
Basic Questions
Ok, If I put preferences in the user_prefs file in $HOME/.spamassassin, do I call the file the same thing in /etc/mail/spamassassin?
Re[2]: autolearn
Hello Frank, Wednesday, July 27, 2005, 8:34:02 PM, you wrote: The Bayes system will occasionally determine that it needs to expire old entries, to keep the database files within reasonable size, and that expiration can take a long while. FMC is there a file I can check to see if it has become large? better yet is FMC there some kind of routine to run to do the purging? I could shut down FMC message checking to give an expiration routine time to do its thing. The files are the bayes_* files, by default located in the user's $HOME/.spamassassin directory (whatever user is doing the email check at the time). bayes_journal_max_size (default: 102400) bayes_expiry_max_db_size (default: 15) bayes_auto_expire (default: 1) bayes_learn_to_journal (default: 0) are the local.cf or user_prefs parameters that affect bayes expiration. See http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#learning_options for the 3.0.x application of these parameters. See http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html#expiration for a discussion of expiration. sa-learn --force-expire will force an expiration run. So a script which will stop email filtering sa-learn --force-expire restart email filtering will help if this is indeed your problem. Bob Menschel
RE: Removing message/rfc822 attachments to separate files
-Original Message- From: Kai Schaetzl [mailto:[EMAIL PROTECTED] Herb Martin wrote on Tue, 26 Jul 2005 21:21:25 -0500: When forwarding a batch of missed spam (or ham) from Outlook back to SpamAssassin the best way seems to be for our users to select more than a single message, and use the menu: Action-Forward which puts them all in as attachments. I guess this adds only the message bodies? Just want to remmember you that Bayes uses header tokens as well. If you can you should train with headers included. I understand the latter, but No, the method sends the full headers/messages encapsulated as message/rfc822 top level parts. The only change I see between the Mime Markers are these 4 lines (including the blank): --=_NextPart_000_067D_01C591D1.7F02A7C0 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: attachment From: etc. snip header and body --=_NextPart_000_067D_01C591D1.7F02A7C0 FYI: Mail::SpamAssassin::Message (and Node) do seems to have what I need, but so far on quick examination and a brief initial code attempt it escapes my understanding to use this immediately. After writing the following and trying Mail::SpamAssassin::Message (off and on all afternoon) I stumbled upon the tool intended for the job: MIME::Parser from MIME::Toolkit (which was already on my system) -- the pod doc examples had almost exactly what I need (added one line to first example): http://www.globedomain.com/cgi-bin/perldiver/perldiver.cgi?action=2010modu le=MIME%3A%3AParser This does it -- the whole thing -- if I don't mind submitting one file per run (with a command script loop for all of them of course): #!/usr/bin/perl -w use MIME::Parser; my $parser = new MIME::Parser; # Create parser $parser-output_dir(./tmp);# Give output dir $parser-extract_nested_messages(0); # Extract messages whole? $entity = $parser-parse(\*STDIN); # Parse an input filehandle print Entity: $entity\n\n if $entity; __END__ This method is so much cleaner than the others I have tried -- users can just email a whole batch of Spam (or Ham) messages to our Spam (or Ham) Multi account for automatic processing. No change to individual message headers -- easy to do once or twice a day for those who get a lot of spam. Thank you so much for your help -- sometimes it is encouraging just to have someone throwing back ideas and suggestions. -- Herb