Re: Removing message/rfc822 attachments to separate files

[Kai Schaetzl]

Herb Martin wrote on Tue, 26 Jul 2005 21:21:25 -0500:

 When forwarding a batch of missed spam (or ham) from 
 Outlook back to SpamAssassin the best way seems to be 
 for our users to select more than a single message, 
 and use the menu:  Action-Forward which puts them 
 all in as attachments.

I guess this adds only the message bodies? Just want to remmember you that 
Bayes uses header tokens as well. If you can you should train with headers 
included.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org

Re: spamd blank lines after syslog entries

[Kai Schaetzl]

Steve Martin wrote on Tue, 26 Jul 2005 19:31:07 -0500:

 (MacOS 
 X 10.4.2).

could it be something specific to the Mac or this Syslog version on this 
OS X version?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org

Re: SARE Whitelist candidate

[Robert Menschel]

Hello jdow,

Tuesday, July 26, 2005, 3:03:23 PM, you wrote:

j whitelist_from_rcvd   [EMAIL PROTECTED]  fidelity2.m0.net
j   Fidelity Investment's Newsletters

Got it.  Thanks.  Will validate, and then publish shortly.

Bob Menschel

Re: spamd blank lines after syslog entries

[Steve Martin]

That is my best guess at this point.

On Jul 27, 2005, at 4:31 AM, Kai Schaetzl wrote:


Steve Martin wrote on Tue, 26 Jul 2005 19:31:07 -0500:



(MacOS
X 10.4.2).



could it be something specific to the Mac or this Syslog version on  
this

OS X version?

Kai

--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org






--
Steve Martin  http://www.cheezmo.com/
Smart Calibration, LLC   http://www.smartcalibration.com/
The Widescreen Movie Centerhttp://www.widemovies.com/
Letterboxed Movie TV Schedule  http://www.widemovies.com/lbx.html

RE: New open http redirector?

[Matthew.van.Eerde]

Chris Santerre wrote:
 If they want ad tracking they can simply use gifs.

? Clarify please.

I need ad tracking... I've been keeping a database of URLs and passing IDs to 
the redirection page, so it won't redirect to unauthorized URLs.  But I don't 
understand your use gifs method?

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
 

Re: Correct use of 'spamassassin --report'?

[Matt Kettler]

At 01:55 AM 7/27/2005, James Bucanek wrote:

I just upgraded my SA system and installed Razor.

I have two e-mail addresses set up for spam and ham reporting. Both are 
sent to an mbox that is, twice an hour, shipped off to a script that runs 
sa-learn.


When I installed Razor I modified the script to send the same messages to 
razor-report too.


Later, I read that one shouldn't do that because it sends Razor the 
messages with the SpamAssassin headers. One should use 'spamassassin 
--report' instead.


If your spamassassin markup is headers-only it's fine. Razor does NOT care 
about headers at all.


However, if you're using sa in a way that encapsulates spam, then you'll 
want to use spamassassin --report.



This is supposed to update the Bayes DB, strip the SA headers, and report 
it to Razor sans headers all with a single command. Apparently, I'm not 
doing it right.


But when I run 'spamassassin --debug --report --mbox  queued_spam.mbox' I 
get a bunch of suspicious messages, which makes me think it isn't working 
right at all:


Of course it isn't. spamassassin does not support --mbox, only sa-learn does.

spamassassin only accepts single-message rfc-822 format.  

Re: Please test sc2.surbl.org (and xs.surbl.org)

[Jeff Chan]

Some stats from one of our SA servers.  After about two days we
had:

  9076  SURBL hits
  5373  SC2 hits
  4813  SC hits
  1148  SC2 hits that did not also hit SC
   588  SC hits that did not also hit SC2
  3701  XS hits
  1890  SC2 hits that did not hit XS
   218  XS hits that did not hit SC2

So it looks like sc2 hit about 10% more messages than SC.

Of the other lists:

  7779  JP
  6781  OB
  5798  WS
  4691  AB
 7  PH

This is without analysis of FPs.

Would be very interested to hear how these new lists test out
SpamAssassin corpora, or any other corpora or mail servers for
that matter.

Jeff C.
--
Don't harm innocent bystanders.

Re: SARE Whitelist candidate

[Andy Jezierski]

jdow [EMAIL PROTECTED] wrote
on 07/26/2005 05:03:23 PM:

 whitelist_from_rcvd  [EMAIL PROTECTED]   
   fidelity2.m0.net
Fidelity Investment's Newsletters
 
 
 {^_^}
 


Didn't know there was a SARE whitelist. Here's
another Fidelity E-Mail address we whitelist:

[EMAIL PROTECTED]

Andy

RE: New open http redirector?

[Chris Santerre]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, July 27, 2005 10:05 AM
 To: users@spamassassin.apache.org
 Subject: RE: New open http redirector?
 
 
 Chris Santerre wrote:
  If they want ad tracking they can simply use gifs.
 
 ? Clarify please.
 
 I need ad tracking... I've been keeping a database of URLs 
 and passing IDs to the redirection page, so it won't redirect 
 to unauthorized URLs.  But I don't understand your use gifs method?

Just do a google for 'gif tracking' or 'invisible gifs' or whatever. 

--Chris  

RE: generating rule stats from spamd logs

[Chris Santerre]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, July 26, 2005 7:15 PM
 To: jdow
 Cc: users@spamassassin.apache.org
 Subject: Re: generating rule stats from spamd logs 
 
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
 jdow writes:
  From: Chris Santerre [EMAIL PROTECTED]
  
   Do you mean this script?
  
   http://www.rulesemporium.com/programs/sa-stats.txt
  
   Note: It may be named the same as sa-stats.pl, but it is 
 different. Per
   rule based.
  
   Another Dallas miracle!
  
  Oh? Er, how does it determine if a message was ham or spam? 
 It looks like
  it is rather random based on the reports. BAYES_99 may well 
 hit on 84.33%
  of spam. But I doubt, given it's score, it hits on 44.53% of ham.
 
 BTW, it might be quite helpful to rename that script, since there's
 already an sa-stats.pl in the 'tools' dir -- as follows:
 
 NAME
   sa-stats.pl - Builds received spam/ham report from mail log
 

Yeah, we know. It was originaly only used internaly by SARE. But why not
share the love :)

I'll see about renaming it. sare-stats.pl ? 

--Chris 

Re: Correct use of 'spamassassin --report'?

[James Bucanek]

Matt Kettler wrote on Wednesday, July 27, 2005:

At 01:55 AM 7/27/2005, James Bucanek wrote:
I just upgraded my SA system and installed Razor.

I have two e-mail addresses set up for spam and ham reporting. Both are 
sent to an mbox that is, twice an hour, shipped off to a script that runs 
sa-learn.

When I installed Razor I modified the script to send the same messages to 
razor-report too.

Later, I read that one shouldn't do that because it sends Razor the 
messages with the SpamAssassin headers. One should use 'spamassassin 
--report' instead.

If your spamassassin markup is headers-only it's fine. Razor does NOT care 
about headers at all.

However, if you're using sa in a way that encapsulates spam, then you'll 
want to use spamassassin --report.

No, I'm not encapsulating the spam. I've written some scripts which redirect 
the messages, unchanged, to the spam/ham reporting address.

So it look like I can just go back to using sa-learn and razor-report.

Thanks.


This is supposed to update the Bayes DB, strip the SA headers, and report 
it to Razor sans headers all with a single command. Apparently, I'm not 
doing it right.

But when I run 'spamassassin --debug --report --mbox  queued_spam.mbox' I 
get a bunch of suspicious messages, which makes me think it isn't working 
right at all:

Of course it isn't. spamassassin does not support --mbox, only sa-learn does.

spamassassin only accepts single-message rfc-822 format.  

Then what does the --mbox switch do?

twilightandbarking:~ james$ spamassassin --help
SpamAssassin version 3.0.4
  running on Perl version 5.8.1

For more information read the spamassassin man page.

Usage:
spamassassin [options] [  *mailmessage* | *path* ... ]

spamassassin -d [  *mailmessage* | *path* ... ]

spamassassin -r [  *mailmessage* | *path* ... ]

spamassassin -k [  *mailmessage* | *path* ... ]

spamassassin -W|-R [  *mailmessage* | *path* ... ]

Options:

clip  
 --mboxread in messages in mbox format
 --mbx read in messages in UW mbx format
clip
 -D, --debug [area=n,...]  Print debugging messages
 -V, --version Print version
 -h, --helpPrint usage message

-- 
James Bucanek mailto:[EMAIL PROTECTED]

Russian way of fighting spam

[Slava Madrit]

http://mosnews.com/news/2005/07/25/spammerdead.shtml Russia’s Biggest Spammer Brutally Murdered in ApartmentVardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head.Kushnir, 35, headed the English learning centers the Center for American English, the New York English Centre and the Centre for Spoken English, all known to have aggressive Internet advertising policies in which millions of e-mails were sent every day.In the past angry Internet users have targeted the American English centre by publishing the Center’s telephone numbers anywhere on the Web to provoke telephone calls. The Center’s telephone was advertised as a contact number for cheap sex services, or bargain real estate sales.Another attack involved hundreds of people making phone calls to the American English Center and sending it numerous e-mails back, but Vardan Kushnir remained sure of his right to spam, saying it was what e-mails were for.Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S.



_

The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material.  Any review, retransmission, dissemination
or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient
is prohibited.  If you received this transmission in error, please
contact the sender by reply e-mail or by telephone (+1(212)632-5500)
and delete and destroy all copies of the material, including all
copies stored in the recipient's computer, printed or saved to disk.

Disclosure Pursuant to Treasury Regulations in Circular 230 

To ensure compliance with requirements imposed by the Internal
Revenue Service, we inform you that any tax advice contained in 
this communication (including any attachments) was not intended 
or written to be used, and cannot be used, for the purpose of (i) 
avoiding tax-related penalties under the Internal Revenue Code or
(ii) promoting, marketing or recommending to another party any 
tax-related matter(s) addressed herein.

Re: New open http redirector?

[Kai Schaetzl]

Kai Schaetzl wrote on Tue, 26 Jul 2005 23:31:23 +0200:

 It does. I sent a mail to them in German now. Let's see.

Got a reply that they know about the problem and are working on a 
solution. Just their words ;-)

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org

RE: generating rule stats from spamd logs

[Andy Jezierski]

 Another Dallas miracle!

Oh? Er, how does it determine if a message was ham
or spam? 
   It looks like
it is rather random based on the reports. BAYES_99
may well
   hit on 84.33%
of spam. But I doubt, given it's score, it hits on
44.53% of ham.
   
 
 The code should be right... It uses spamassassin's judgement, ie 
 
 info: spamd: result: Y 20 - BAYES_99,...
 info: spamd: result: . -2 - AWL,
 
 44.53% of your ham hit BAYES_99... That gotta tell you something is
 wrong! My bayes hits break down like
 
 # ./sa-stats.pl -f spamdlog -n 500 | grep BAYES
 For spam...
  10  BAYES_99 
  15351   4.46%
45.42% 60.57%
  19  BAYES_50 
   6443   1.87%
19.06% 25.42%
  31  BAYES_80 
   1154   0.34%
 3.41%  4.55%
  32  BAYES_60 
   1147   0.33%
 3.39%  4.53%
  38  BAYES_95 
   864  
0.25%  2.56%  3.41%
 102  BAYES_00 
   187  
0.05%  0.55%  0.74%
 152  BAYES_40 
92  
0.03%  0.27%  0.36%
 209  BAYES_20 
53  
0.02%  0.16%  0.21%
 228  BAYES_05 
44  
0.01%  0.13%  0.17%
 
 For ham...
  2  BAYES_00 
   6959  15.73%
20.59% 82.32%
  9  BAYES_50 
   623  
1.41%  1.84%  7.37%
  20  BAYES_40 
   296  
0.67%  0.88%  3.50%
  24  BAYES_20 
   267  
0.60%  0.79%  3.16%
  29  BAYES_05 
   217  
0.49%  0.64%  2.57%
  73  BAYES_60 
51  
0.12%  0.15%  0.60%
 113  BAYES_99 
24  
0.05%  0.07%  0.28%
 142  BAYES_80 
14  
0.03%  0.04%  0.17%
 280  BAYES_95 
2 
 0.00%  0.01%  0.02%
 
 So, BAYES_99 hits 0.28% of my ham and 60.57% of my spam. 
 
 

So from your explanation I should be ignoring the
%ofham column in the spam stats and the %ofspam column in ham? Otherwise
the stats don't seem to make much sense:

python# ./sa-stats -f maillog.0 -n 500 | grep BAYES

spam rules...
 3  BAYES_99  
  305
  3.49  4.99  46.56  5.59
 10  BAYES_50   
 172
  1.97  2.81  26.26  3.15
 23  BAYES_00   
 100
  1.14  1.64  15.27  1.83
 77  BAYES_80   
  21
  0.24  0.34  3.21  0.38
 85  BAYES_95   
  19
  0.22  0.31  2.90  0.35
111  BAYES_60   
  14
  0.16  0.23  2.14  0.26
131  BAYES_05   
  12
  0.14  0.20  1.83  0.22
186  BAYES_20   
  7
  0.08  0.11  1.07  0.13
224  BAYES_40   
  5
  0.06  0.08  0.76  0.09
373  SARE_BAYES_5x8  
2 
 0.02  0.03  0.31  0.04
387  SARE_BAYES_6x8  
2 
 0.02  0.03  0.31  0.04
412  SARE_BAYES_7x8  
2 
 0.02  0.03  0.31  0.04

ham rules...
 1  BAYES_00  
  4079
 14.05  66.75 622.75  74.76

BAYES_00 hitting 622% of spam???

 6  BAYES_50  
  771
  2.65  12.62 117.71  14.13
 25  BAYES_40   
 238
  0.82  3.89  36.34  4.36
 35  BAYES_20   
 190
  0.65  3.11  29.01  3.48
 40  BAYES_05   
 148
  0.51  2.42  22.60  2.71
173  BAYES_60   
  15
  0.05  0.25  2.29  0.27
232  BAYES_80   
  9
  0.03  0.15  1.37  0.16
310  BAYES_95   
  5
  0.02  0.08  0.76  0.09
349  SARE_BAYES_6x6  
4 
 0.01  0.07  0.61  0.07
416  SARE_BAYES_5x8  
2 
 0.01  0.03  0.31  0.04
496  SARE_BAYES_5x7  
1 
 0.00  0.02  0.15  0.02



Andy

RE: generating rule stats from spamd logs

[Dallas L. Engelken]

BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and
%ofham on top spam rules must be buggy.

i'm not running that version with the 5th column.   It must be buggy.
i play with it after bit. 
 
Dallas
 
 




From: Andy Jezierski [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 27, 2005 10:44 AM
To: users@spamassassin.apache.org
Subject: RE: generating rule stats from spamd logs



 Another Dallas miracle!

Oh? Er, how does it determine if a message was ham or
spam? 
   It looks like
it is rather random based on the reports. BAYES_99 may
well
   hit on 84.33%
of spam. But I doubt, given it's score, it hits on
44.53% of ham.
   
 
 The code should be right... It uses spamassassin's judgement,
ie 
 
 info: spamd: result: Y 20 - BAYES_99,...
 info: spamd: result: . -2 - AWL,
 
 44.53% of your ham hit BAYES_99... That gotta tell you
something is
 wrong!  My bayes hits break down like
 
 # ./sa-stats.pl -f spamdlog -n 500 | grep BAYES
 For spam...
   10BAYES_9915351 4.46%
45.42%  60.57%
   19BAYES_50 6443 1.87%
19.06%  25.42%
   31BAYES_80 1154 0.34%
3.41%   4.55%
   32BAYES_60 1147 0.33%
3.39%   4.53%
   38BAYES_95  864 0.25%
2.56%   3.41%
  102BAYES_00  187 0.05%
0.55%   0.74%
  152BAYES_40   92 0.03%
0.27%   0.36%
  209BAYES_20   53 0.02%
0.16%   0.21%
  228BAYES_05   44 0.01%
0.13%   0.17%
 
 For ham...
2BAYES_00 695915.73%
20.59%  82.32%
9BAYES_50  623 1.41%
1.84%   7.37%
   20BAYES_40  296 0.67%
0.88%   3.50%
   24BAYES_20  267 0.60%
0.79%   3.16%
   29BAYES_05  217 0.49%
0.64%   2.57%
   73BAYES_60   51 0.12%
0.15%   0.60%
  113BAYES_99   24 0.05%
0.07%   0.28%
  142BAYES_80   14 0.03%
0.04%   0.17%
  280BAYES_952 0.00%
0.01%   0.02%
 
 So, BAYES_99 hits 0.28% of my ham and 60.57% of my spam.  
 
 

So from your explanation I should be ignoring the %ofham column
in the spam stats and the %ofspam column in ham?  Otherwise the stats
don't seem to make much sense: 

python# ./sa-stats -f maillog.0 -n 500 | grep BAYES 

spam rules... 
   3BAYES_99  305 3.494.99
46.565.59 
  10BAYES_50  172 1.972.81
26.263.15 
  23BAYES_00  100 1.141.64
15.271.83 
  77BAYES_80   21 0.240.34
3.210.38 
  85BAYES_95   19 0.220.31
2.900.35 
 111BAYES_60   14 0.160.23
2.140.26 
 131BAYES_05   12 0.140.20
1.830.22 
 186BAYES_207 0.080.11
1.070.13 
 224BAYES_405 0.060.08
0.760.09 
 373SARE_BAYES_5x8  2 0.020.03
0.310.04 
 387SARE_BAYES_6x8  2 0.020.03
0.310.04 
 412SARE_BAYES_7x8  2 0.020.03
0.310.04 

ham rules... 
   1BAYES_00 407914.05   66.75
622.75   74.76 

BAYES_00 hitting 622% of spam??? 

   6BAYES_50  771 2.65   12.62
117.71   14.13 
  25BAYES_40  238 0.823.89
36.344.36 
  35BAYES_20  190 0.653.11
29.013.48 
  40BAYES_05  148 0.512.42
22.602.71 
 173BAYES_60   15 0.050.25
2.290.27 
 232BAYES_809 0.030.15
1.370.16 
 310BAYES_955 0.020.08
0.760.09 
 349SARE_BAYES_6x6  4 0.010.07
0.610.07 
 416SARE_BAYES_5x8   

Re: generating rule stats from spamd logs

[Chris Thielen]

Dallas L. Engelken wrote:


BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham rules and
%ofham on top spam rules must be buggy.

i'm not running that version with the 5th column.   It must be buggy.
i play with it after bit. 


Dallas
 



Dallas,

Did you see the patch I sent to the SARE list?  Just need to swap two 
hash lookups.



Chris T


signature.asc
Description: OpenPGP digital signature

RE: [OT] Russian way of fighting spam

[Pettit, Paul]

 http://mosnews.com/news/2005/07/25/spammerdead.shtml 

 Russia's Biggest Spammer Brutally Murdered in Apartment

 Vardan Kushnir, notorious for sending spam to each and every citizen of
 Russia who appeared to have an e-mail, was found dead in his Moscow
apartment
 on Sunday, Interfax reported Monday. He died after suffering repeated
blows
 to the head.


As noted in the \. discussion
(http://it.slashdot.org/it/05/07/25/1745212.shtml?tid=111tid=218) following
the original report, it's highly unlikely this has much to do with spam per
say. Instead it's more probable that it has to do with the Russian mafia
since the bulk of illicit activity in Russa is frimly under their control.

Unfortunte (even sad) that this happened to him, even though he was a
spammer, but you reap what you sow. My hope is that he didn't leave anyone
behind that will be in harms way as well (i.e. kid, wife, etc.) as the
Russian mafia is notoriously efficent and brutal.

Paul Pettit
CTO and IS Manager
Consistent Computer Bargains Inc.

I've heard it said that the proof of lunacy is when you repeat the same
steps expecting different results.  I say it's proof that you're a Microsoft
user. - comment by deshi777 on experts-exchange.com

RE: generating rule stats from spamd logs

[martin smith]

M  10BAYES_9915351 4.46%  45.42%  60.57%
M  19BAYES_50 6443 1.87%  19.06%  25.42%
M  31BAYES_80 1154 0.34%   3.41%   4.55%
M  32BAYES_60 1147 0.33%   3.39%   4.53%
M  38BAYES_95  864 0.25%   2.56%   3.41%
M 102BAYES_00  187 0.05%   0.55%   0.74%
M 152BAYES_40   92 0.03%   0.27%   0.36%
M 209BAYES_20   53 0.02%   0.16%   0.21%
M 228BAYES_05   44 0.01%   0.13%   0.17%
M
MFor ham...
M   2BAYES_00 695915.73%  20.59%  82.32%
M   9BAYES_50  623 1.41%   1.84%   7.37%
M  20BAYES_40  296 0.67%   0.88%   3.50%
M  24BAYES_20  267 0.60%   0.79%   3.16%
M  29BAYES_05  217 0.49%   0.64%   2.57%
M  73BAYES_60   51 0.12%   0.15%   0.60%
M 113BAYES_99   24 0.05%   0.07%   0.28%
M 142BAYES_80   14 0.03%   0.04%   0.17%
M 280BAYES_952 0.00%   0.01%   0.02%
M
MSo, BAYES_99 hits 0.28% of my ham and 60.57% of my spam.  
M

You must have a different version to the one now available because your
missing one column

Spam
RANKRULE NAME   COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM

   1BAYES_99  468 5.94   75.48   97.91
329.58
   2RAZOR2_CHECK  422 5.35   68.06   88.28
297.18
   3RAZOR2_CF_RANGE_51_100421 5.34   67.90   88.08
296.48
   4URIBL_BLACK   353 4.48   56.94   73.85
248.59

The %ofham column is obviously wrong but the others seem fine

Ham
RANKRULE NAME   COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM

   1BAYES_00  13737.33   22.10   28.66
96.48
   2AWL   11230.52   18.06   23.43
78.87
   3HTML_MESSAGE   16 4.362.583.35
11.27
   7UPPERCASE_25_50 9 2.451.451.88
6.34
   8URIBL_BLACK 5 1.360.811.05
3.52

Again the Spam column is wrong here and should be ignored, nice to see whats
false positiving so I can lower scores accordingly.

Martin

RE: generating rule stats from spamd logs

[Dallas L. Engelken]

  -Original Message-
 From: Chris Thielen [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, July 27, 2005 11:02 AM
 To: Dallas L. Engelken
 Cc: users@spamassassin.apache.org
 Subject: Re: generating rule stats from spamd logs
 
 Dallas L. Engelken wrote:
 
 BAYES_00 hits 15.27 of spam on yours, the %ofspam on top ham 
 rules and 
 %ofham on top spam rules must be buggy.
 
 i'm not running that version with the 5th column.   It must be buggy.
 i play with it after bit. 
  
 Dallas
   
 
 
 Dallas,
 
 Did you see the patch I sent to the SARE list?  Just need to 
 swap two hash lookups.
 
 

Yup yup.  http://www.rulesemporium.com/programs/sa-stats.txt updated.

D

RE: generating rule stats from spamd logs

[Andy Jezierski]

Dallas L. Engelken [EMAIL PROTECTED]
wrote on 07/27/2005 11:26:54 AM:

  -Original Message-
  From: Chris Thielen [mailto:[EMAIL PROTECTED]

  Sent: Wednesday, July 27, 2005 11:02 AM
  To: Dallas L. Engelken
  Cc: users@spamassassin.apache.org
  Subject: Re: generating rule stats from spamd logs
  
  Dallas L. Engelken wrote:
  
  BAYES_00 hits 15.27 of spam on yours, the %ofspam on top
ham 
  rules and 
  %ofham on top spam rules must be buggy.
  
  i'm not running that version with the 5th column. 
It must be buggy.
  i play with it after bit. 
   
  Dallas
   
  
  
  Dallas,
  
  Did you see the patch I sent to the SARE list? Just need
to 
  swap two hash lookups.
  
  
 
 Yup yup. http://www.rulesemporium.com/programs/sa-stats.txt
updated.
 
 D


Something's still a little fishy. SA 3.1 latest
SVN, if it makes any difference.



python# ./sa-stats -f maillog.0 -n 5
Email:   6111 Autolearn: 
226 AvgScore:  2.15 AvgScanTime: 3.91 sec
Spam:655 Autolearn: 
133 AvgScore: 14.81 AvgScanTime: 3.76 sec
Ham:5456 Autolearn: 
93 AvgScore:  0.63 AvgScanTime: 3.93 sec

Time Spent Running SA:
6.64 hours
Time Spent Processing Spam:  0.68 hours
Time Spent Processing Ham:   5.96 hours

TOP SPAM RULES FIRED

RANK  RULE NAME
   COUNT %OFRULES %OFMAIL
%OFSPAM %OFHAM

 1  HTML_MESSAGE  
496 
 5.67  8.12  75.73  62.19
 2  DCC_CHECK  
  310
  3.55  5.07  47.33  7.02
 3  BAYES_99  
  305
  3.49  4.99  46.56  0.02
 4  RAZOR2_CHECK  
277 
 3.17  4.53  42.29  4.23
 5  DIGEST_MULTIPLE 
251  
2.87  4.11  38.32  2.42


TOP HAM RULES FIRED

RANK  RULE NAME
   COUNT %OFRULES %OFMAIL
%OFSPAM %OFHAM

 1  BAYES_00  
  4079
 14.05  66.75 622.75  1.83
 2  HTML_MESSAGE  
3393  11.68
 55.52 518.02  9.09
 3  NO_REAL_NAME  
1053  
3.63  17.23 160.76  1.06
 4  HTML_80_90  
 931
  3.21  15.23 142.14  2.35
 5  LG_4C_2V_3C  
 798 
 2.75  13.06 121.83  2.20

Re: generating rule stats from spamd logs

[Steve Martin]

He only fixed the spam rules section.The TOP HAM RULES sections still has these two incorrect computations...    my $perc2=sprintf("%.2f",($HAM_RULES{$key}/$NUM_SPAM)*100);    my $perc3=sprintf("%.2f",($SPAM_RULES{$key}/$NUM_HAM)*100);Number of times a rule fired on ham / total number of spam messages.Number of times a rule fired on spam / total number of ham messages.    my $perc2=sprintf("%.2f",($SPAM_RULES{$key}/$NUM_SPAM)*100);    my $perc3=sprintf("%.2f",($HAM_RULES{$key}/$NUM_HAM)*100);On Jul 27, 2005, at 11:32 AM, Andy Jezierski wrote:"Dallas L. Engelken" [EMAIL PROTECTED] wrote on 07/27/2005 11:26:54 AM:     -Original Message-   From: Chris Thielen [mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 27, 2005 11:02 AM   To: Dallas L. Engelken   Cc: users@spamassassin.apache.org   Subject: Re: generating rule stats from spamd logs  Dallas L. Engelken wrote:  BAYES_00 hits 15.27 of spam on yours, the %ofspam on top hamrules and%ofham on top spam rules must be buggy.  i'm not running that version with the 5th column.   It must be buggy.   i play with it after bit.Dallas  Dallas,  Did you see the patch I sent to the SARE list?  Just need toswap two hash lookups.  Yup yup.  http://www.rulesemporium.com/programs/sa-stats.txt updated.D   Something's still a little fishy.  SA 3.1 latest SVN, if it makes any difference.python# ./sa-stats -f maillog.0 -n 5 Email:     6111  Autolearn:   226  AvgScore:   2.15  AvgScanTime:  3.91 sec Spam:       655  Autolearn:   133  AvgScore:  14.81  AvgScanTime:  3.76 sec Ham:       5456  Autolearn:    93  AvgScore:   0.63  AvgScanTime:  3.93 sec  Time Spent Running SA:         6.64 hours Time Spent Processing Spam:    0.68 hours Time Spent Processing Ham:     5.96 hours  TOP SPAM RULES FIRED  RANK    RULE NAME                       COUNT %OFRULES %OFMAIL %OFSPAM  %OFHAM     1    HTML_MESSAGE                      496     5.67    8.12   75.73   62.19    2    DCC_CHECK                         310     3.55    5.07   47.33    7.02    3    BAYES_99                          305     3.49    4.99   46.56    0.02    4    RAZOR2_CHECK                      277     3.17    4.53   42.29    4.23    5    DIGEST_MULTIPLE                   251     2.87    4.11   38.32    2.42   TOP HAM RULES FIRED  RANK    RULE NAME                       COUNT %OFRULES %OFMAIL %OFSPAM  %OFHAM     1    BAYES_00                         4079    14.05   66.75  622.75    1.83    2    HTML_MESSAGE                     3393    11.68   55.52  518.02    9.09    3    NO_REAL_NAME                     1053     3.63   17.23  160.76    1.06    4    HTML_80_90                        931     3.21   15.23  142.14    2.35    5    LG_4C_2V_3C                       798     2.75   13.06  121.83    2.20     -- Steve Martin                              http://www.cheezmo.com/ Smart Calibration, LLC           http://www.smartcalibration.com/ The Widescreen Movie Center            http://www.widemovies.com/ Letterboxed Movie TV Schedule  http://www.widemovies.com/lbx.html  

RE: generating rule stats from spamd logs

[Dallas L. Engelken]

My mistake.. It is fixed, hopefully for good.
v0.9 - http://www.rulesemporium.com/programs/sa-stats.txt


TOP SPAM RULES FIRED

RANKRULE NAME   COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM

   1UNPARSEABLE_RELAY   25322 7.35   74.72   99.76
99.13
   2URIBL_SBL   22241 6.46   65.63   87.63
0.38
   3URIBL_JP_SURBL  21419 6.22   63.20   84.39
0.28
   4URIBL_BLACK 19436 5.64   57.35   76.57
0.93
   5RAZOR2_CF_RANGE_51_100  17562 5.10   51.82   69.19
1.34
   6RAZOR2_CHECK17475 5.07   51.57   68.85
1.15
   7SARE_SPEC_ROLEX_REP 16553 4.81   48.84   65.22
0.29
   8SPOOF_COM2OTH   16537 4.80   48.80   65.15
0.05
   9RAZOR2_CF_RANGE_E8_51_100   16329 4.74   48.18   64.33
0.16
  10BAYES_9915380 4.47   45.38   60.59
0.28

 
TOP HAM RULES FIRED

RANKRULE NAME   COUNT %OFRULES %OFMAIL %OFSPAM
%OFHAM

   1UNPARSEABLE_RELAY843318.93   24.88   99.76
99.13
   2BAYES_00 700515.72   20.670.74
82.34
   3AWL  490411.01   14.47   26.64
57.65
   4HTML_MESSAGE 3813 8.56   11.25   22.92
44.82
   5NO_REAL_NAME 1453 3.264.29   37.79
17.08
   6HTML_80_90   1279 2.873.77   10.98
15.03
   7MIME_HTML_ONLY972 2.182.876.88
11.43
   8HTML_FONT_BIG 794 1.782.349.28
9.33
   9BAYES_50  625 1.401.84   25.40
7.35
  10HTML_FONT_FACE_BAD545 1.221.610.76
6.41


 




From: Steve Martin [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 27, 2005 11:44 AM
To: Andy Jezierski
Cc: Dallas L. Engelken; users@spamassassin.apache.org
Subject: Re: generating rule stats from spamd logs


He only fixed the spam rules section. 

The TOP HAM RULES sections still has these two incorrect
computations...

my $perc2=sprintf(%.2f,($HAM_RULES{$key}/$NUM_SPAM)*100);
my $perc3=sprintf(%.2f,($SPAM_RULES{$key}/$NUM_HAM)*100);


Number of times a rule fired on ham / total number of spam
messages.
Number of times a rule fired on spam / total number of ham
messages.

my $perc2=sprintf(%.2f,($SPAM_RULES{$key}/$NUM_SPAM)*100);
my $perc3=sprintf(%.2f,($HAM_RULES{$key}/$NUM_HAM)*100);

On Jul 27, 2005, at 11:32 AM, Andy Jezierski wrote:



Dallas L. Engelken [EMAIL PROTECTED] wrote on
07/27/2005 11:26:54 AM:

   -Original Message-
  From: Chris Thielen
[mailto:[EMAIL PROTECTED] 
  Sent: Wednesday, July 27, 2005 11:02 AM
  To: Dallas L. Engelken
  Cc: users@spamassassin.apache.org
  Subject: Re: generating rule stats from spamd logs
  
  Dallas L. Engelken wrote:
  
  BAYES_00 hits 15.27 of spam on yours, the %ofspam
on top ham 
  rules and 
  %ofham on top spam rules must be buggy.
  
  i'm not running that version with the 5th column.
It must be buggy.
  i play with it after bit. 
   
  Dallas

  
  
  Dallas,
  
  Did you see the patch I sent to the SARE list?  Just
need to 
  swap two hash lookups.
  
  
 
 Yup yup.
http://www.rulesemporium.com/programs/sa-stats.txt updated.
 
 D


Something's still a little fishy.  SA 3.1 latest SVN, if
it makes any difference. 



python# ./sa-stats -f maillog.0 -n 5 
Email: 6111  Autolearn:   226  AvgScore:   2.15
AvgScanTime:  3.91 sec 
Spam:   655  Autolearn:   133  AvgScore:  14.81
AvgScanTime:  3.76 sec 
Ham:   5456  Autolearn:93  AvgScore:   0.63
AvgScanTime:  3.93 sec 

Time Spent Running SA: 

RE: web tracking

[David B Funk]

On Wed, 27 Jul 2005, Chris Santerre wrote:

  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 
  Chris Santerre wrote:
   If they want ad tracking they can simply use gifs.
 
  ? Clarify please.
 
  I need ad tracking... I've been keeping a database of URLs
  and passing IDs to the redirection page, so it won't redirect
  to unauthorized URLs.  But I don't understand your use gifs method?

 Just do a google for 'gif tracking' or 'invisible gifs' or whatever.

Another name is 'web bugs', look for a SA ruleset that targets
those things. ;)
Of course they can be defeated by people who are smart enough to
disable automagic loading of remote images in their e-mail client.


-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{

RE: web tracking

[Matthew.van.Eerde]

David B Funk wrote:
 On Wed, 27 Jul 2005, Chris Santerre wrote:
 
 From: [EMAIL PROTECTED]
 
 Chris Santerre wrote:
 If they want ad tracking they can simply use gifs.
 
 ? Clarify please.
 
 I need ad tracking... I've been keeping a database of URLs
 and passing IDs to the redirection page, so it won't redirect
 to unauthorized URLs.  But I don't understand your use gifs
 method? 
 
 Just do a google for 'gif tracking' or 'invisible gifs' or whatever.
 
 Another name is 'web bugs', look for a SA ruleset that targets
 those things. ;)
 Of course they can be defeated by people who are smart enough to
 disable automagic loading of remote images in their e-mail client.

I'm not being clear.  I understand HTTP redirection.  I understand 
single-pixel-transparent-gif-images-with-URLs-containing-trackable-information 
AKA web bugs AKA web beacons etc.

I don't understand how the latter can be used in place of the former for ad 
tracking, though.

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,

Bayes question

[Robert Swan]

I have a pair of Spamassassin servers filtering e-mail (Spamassassin
3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could share the
bayes database between the two server rather than having each with its own and
having to do the salearn process twice.



Any Thoughts?











Robert













Peace he would say instead of goodbyepeace my brother.

Re: New open http redirector?

[Kai Schaetzl]

Chris Santerre wrote on Wed, 27 Jul 2005 10:08:21 -0400:

 If they want ad tracking they can simply use gifs.

gifs won't work in certain cases. And they won't work for web banners at 
all. Remember this is a centralized solution, not one which counts 
imprints on it's own site. *If* you need ad tracking you will have to use 
this or a similar method, f.i. using IDs instead of URLs. Of course, 
there's no problem to secure the redirector against abuse. Just need a 
list of all allowed targets or source/target combinations.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org

RE: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[John Narron]

 
 unfortunately, I'm not sure if there's a workable workaround for that.
 
 if you can come up with a pure-perl, non-spamassassin-based 
 test case, it might be worth reporting it to the perl 
 maintainers via perlbug...
 sounds like they've made some stack-size assumptions that are 
 not valid on FreeBSD by default.
 
 - --j.

Actually I do have some test-cases.

http://noaa.cdsinet.net/~zeek/test-good.txt.gz
http://noaa.cdsinet.net/~zeek/test-bad.txt.gz

These are the results from the 'x $evalstr'.  The test-bad is the full
$evalstr that causes the bus errors, and test-good is one that doesn't.
Add just one if() block to test-good and it fails.

Also:

perl -e 'my $x = q[if ($h-{ALPHA}-{BETA}-{q{stuff}}) {] . \n . q[
stuff($h, @_);] . \n}\n\n; $x x= 7238; $x =~ s/stuff/stuff .
++$count/eg; eval $x' 

(that should be all on one line).  Adjust the number after  x=  until it
errors out.  7239 crashes for me, 7238 doesn't.


John Narron| Sacrifice, they always say
Network Administration |  Is a sign of nobility
CDS/CDSinet, LLC   |  But where does one draw the line
http://www.cdsinet.net |  In the face of injury?
(660) 886 4045 | - Queensryche  

Re: Bayes question

[JamesDR]

Robert Swan wrote:
I have a pair of Spamassassin servers filtering e-mail (Spamassassin 
3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could share 
the bayes database between the two server rather than having each with 
its own and having to do the salearn process twice.


 


Any Thoughts?

 

 

 

 


Robert

 

 

 

 

 

 


Peace he would say instead of goodbyepeace my brother.

 

Yes... Use the bayes (MY|Postgre)SQL modules, see the docs on how to set 
this up.


--
Thanks,
James

NOTICE: Mass-checks (fwd)

[jm]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


just to broaden the pool of recipients.  Reminder: today's the deadline.
speak up quick if you're still running mass-check and haven't rsync'd
up the files yet!!

- --j.

- --- Forwarded Message
 Date:Wed, 27 Jul 2005 20:01:49 +0100
 From:Henry Stern [EMAIL PROTECTED]
 To:  dev@spamassassin.apache.org
 Subject: Mass-checks
 
 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --enig8DAC8B68D149B52627D89CF9
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 As far as I know, I am only waiting on one person's mass-check results.
   Unless you speak up before he uploads them, I'm going to start the
 score generation without you! ;)
 
 Henry
 
 --enig8DAC8B68D149B52627D89CF9
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename=signature.asc
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.1 (MingW32)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
 
 iD8DBQFC59ofmjLYMPOJv9oRAl/QAKDAQs0/Kk59LN5hqUCst+B/DUGKAACgj7ID
 MwCIodLsuYn8IxsDM6AQFv0=TPs7
 -END PGP SIGNATURE-
 
 --enig8DAC8B68D149B52627D89CF9--
 
 --- End of Forwarded Message
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFC590NMJF5cimLx9ARAgEzAJ0SFQ1gQP2bFn/uJHtZ2ahV8D8IMACeJhWI
qejFGKWPkC4eDgkNmfxSWDs=
=HPSo
-END PGP SIGNATURE-

[FW: spam control

[The Doctor]

- Forwarded message from Angry and Concerned Customer -

X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:11:47 -0600
  

Hi Dave - we are still getting people labeled as sending us spam that should
be on that white list (this includes emails from employees).  The last two
were addressed to me from Rhonda and one from Jim Wooley - both were labeled
as spam!

This is nuts!  If it doesn't work - it doesn't work!

Also can we raise the threshold on the spam to 7.5 instead of 5.00 (7.5 
and it is labeled spam)

Really for us - we would rather not have anything labeled as spam AT ALL.
this would fix most of this issue.  Then the only issue would be making sure
your Spam filters (Spam Assassin) pass all legitimate emails through to us
(even if some spam slipped through with it - we would rather not miss
anything).

Our issues are major to us - and it seems we have a number of them, so I am
going to go over them here again so we don't lose sight of them:


3) Email issues.  Spam.  We didn't ask for our emails to be labeled with
spam and it is creating problems for us.  This creates certain issues
within the organization when we accidentally reply to a member (not
noticing anymore the spam label - since every email seems to have it) and
they get an email from us with spam marked in it sighhh

Also, a number of members at one time or another could not send email
through to us.  I haven't heard of any lately, but that was why we went to a
whitelist approach - to ensure that people on that whitelist were allowed
through - regardless of spam filtering and that their emails would not be
labeled spam.  (Note I am saying spam filtering - not the standard antivirus
checking).  Well, it's been a couple months now and the Whitelist doesn't
seem to be working as it should/intended and there is also been no way to
update that white list (replace the file of acceptable email addresses
with updated ones or add people to it).

- End forwarded message -


All right, the short and simple is that Spam-Assassin may not be doing
the correct job.  This user has a whitelist in place and
some e-mail are getting the label of spam.

Even some of my cron jobs are getting  a [SPAM] label when they should nt.

Why?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [FW: spam control

[Jim Maul]

The Doctor wrote:

SNIP irate customer message



All right, the short and simple is that Spam-Assassin may not be doing
the correct job.  This user has a whitelist in place and
some e-mail are getting the label of spam.

Even some of my cron jobs are getting  a [SPAM] label when they should nt.

Why?




Perhaps if you posted the headers of the messages that were marked as 
spam we can look to see what rules hit which would answer your why? 
question.  Until then, no one knows that the problem is, and as such, 
wont be able to fix it.


-Jim

Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[Justin Mason]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


excellent -- I see it's being discussed on p5p now.  thanks for
doing that.

(fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.)

- --j.

John Narron writes:
  
  unfortunately, I'm not sure if there's a workable workaround for that.
  
  if you can come up with a pure-perl, non-spamassassin-based 
  test case, it might be worth reporting it to the perl 
  maintainers via perlbug...
  sounds like they've made some stack-size assumptions that are 
  not valid on FreeBSD by default.
  
  - --j.
 
 Actually I do have some test-cases.
 
 http://noaa.cdsinet.net/~zeek/test-good.txt.gz
 http://noaa.cdsinet.net/~zeek/test-bad.txt.gz
 
 These are the results from the 'x $evalstr'.  The test-bad is the full
 $evalstr that causes the bus errors, and test-good is one that doesn't.
 Add just one if() block to test-good and it fails.
 
 Also:
 
 perl -e 'my $x = q[if ($h-{ALPHA}-{BETA}-{q{stuff}}) {] . \n . q[
 stuff($h, @_);] . \n}\n\n; $x x= 7238; $x =~ s/stuff/stuff .
 ++$count/eg; eval $x' 
 
 (that should be all on one line).  Adjust the number after  x=  until it
 errors out.  7239 crashes for me, 7238 doesn't.
 
 John Narron| Sacrifice, they always say
 Network Administration |  Is a sign of nobility
 CDS/CDSinet, LLC   |  But where does one draw the line
 http://www.cdsinet.net |  In the face of injury?
 (660) 886 4045 | - Queensryche  
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFC5+YSMJF5cimLx9ARAiJfAKCU7Kgl8rwiOjs/9wmqT7hTpsReBACgkf9I
3DO7v3TRGXv+yGD/BsNJwjk=
=AnBQ
-END PGP SIGNATURE-

Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[Jim Maul]

Justin Mason wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


excellent -- I see it's being discussed on p5p now.  thanks for
doing that.

(fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.)




It works just fine on rh9 with:

This is perl, v5.8.4 built for i386-linux-thread-multi

as well.  For the record, i jacked the x= up to 10,000 and it still 
worked fine.


-Jim

Re: [FW: spam control

[Ron Johnson]

The Doctor writes:
 
 - Forwarded message from Angry and Concerned Customer -
 
 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job.  This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting  a [SPAM] label when they should nt.
 
 Why?

What version are you running? Are you running any additional rulesets?
Have you written any custom rules yourself? Do you have bayes enabled?
If so, are you running with autolearn? Do you have AWL enabled? (If so,
you may want to start over)

You need to find out what rules your false positives are tripping over.

I personally find it convenient to run the false positives manually
(though that's really not required)

RE: New open http redirector?

[Chris Santerre]

 -Original Message-
 From: Kai Schaetzl [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, July 27, 2005 2:31 PM
 To: users@spamassassin.apache.org
 Subject: Re: New open http redirector?
 
 
 Chris Santerre wrote on Wed, 27 Jul 2005 10:08:21 -0400:
 
  If they want ad tracking they can simply use gifs.
 
 gifs won't work in certain cases. And they won't work for web 
 banners at 
 all. Remember this is a centralized solution, not one which counts 
 imprints on it's own site. *If* you need ad tracking you will 
 have to use 
 this or a similar method, f.i. using IDs instead of URLs. Of course, 
 there's no problem to secure the redirector against abuse. 
 Just need a 
 list of all allowed targets or source/target combinations.
 
 Kai

My point is whatever code/script the redir is running to generate tracking
IDs in a URL can ALWAYS be run from a company's own server. Regardless of
the method, the sender could always do it. 

Oh but you will argue that it isn't cost beneficial to do that for a smaller
company.

So your saying the cost of email marketing would rise. Hmmand that would
be bad why? :) 

--Chris 

spamd wont start with bayesd on mysql

[spamass]

[EMAIL PROTECTED] BayesStore]# spamd -D
trying to connect to syslog/unix...
no error connecting to syslog/unix
logging enabled:
facility: mail
socket:   unix
output:   syslog
creating INET socket:
Listen: 128
LocalAddr: 127.0.0.1
LocalPort: 783
Proto: 6
ReuseAddr: 1
Type: 1
debug: SpamAssassin version 3.0.4
debug: Score set 0 chosen.
debug: Storable module v2.13 found
debug: Preloading modules with HOME=/tmp/spamd-20935-init
debug: ignore: test message to precompile patterns and load modules
debug: using /etc/mail/spamassassin/init.pre for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using /usr/share/spamassassin for default rules dir
debug: config: read file /usr/share/spamassassin/10_misc.cf
debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf
debug: config: read file /usr/share/spamassassin/20_body_tests.cf
debug: config: read file /usr/share/spamassassin/20_compensate.cf
debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
debug: config: read file /usr/share/spamassassin/20_drugs.cf
debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
debug: config: read file /usr/share/spamassassin/20_head_tests.cf
debug: config: read file /usr/share/spamassassin/20_html_tests.cf
debug: config: read file /usr/share/spamassassin/20_meta_tests.cf
debug: config: read file /usr/share/spamassassin/20_phrases.cf
debug: config: read file /usr/share/spamassassin/20_porn.cf
debug: config: read file /usr/share/spamassassin/20_ratware.cf
debug: config: read file /usr/share/spamassassin/20_uri_tests.cf
debug: config: read file /usr/share/spamassassin/23_bayes.cf
debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf
debug: config: read file /usr/share/spamassassin/25_hashcash.cf
debug: config: read file /usr/share/spamassassin/25_spf.cf
debug: config: read file /usr/share/spamassassin/25_uribl.cf
debug: config: read file /usr/share/spamassassin/30_text_de.cf
debug: config: read file /usr/share/spamassassin/30_text_fr.cf
debug: config: read file /usr/share/spamassassin/30_text_nl.cf
debug: config: read file /usr/share/spamassassin/30_text_pl.cf
debug: config: read file /usr/share/spamassassin/50_scores.cf
debug: config: read file /usr/share/spamassassin/60_whitelist.cf
debug: using /etc/mail/spamassassin for site rules dir
debug: config: read file /etc/mail/spamassassin/cc-tweaks.cf
debug: config: read file /etc/mail/spamassassin/local.cf
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x921f3f8)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9a37164)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x9a06928)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x921f3f8)
implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9a37164)
implements 'parse_config'
Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains:
../lib /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.5
/usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4
/usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2
/usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0
/usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4 /usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/vendor_perl/5.8.2 /usr/lib/perl5/vendor_perl/5.8.1
/usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl) at (eval 24)
line 2.

Re: [FW: spam control

[Andy Jezierski]

The Doctor [EMAIL PROTECTED] wrote
on 07/27/2005 02:34:42 PM:

 - Forwarded message from Angry and Concerned Customer -
 
 X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.
 0]); Wed, 27 Jul 2005 13:11:47 -0600
  

[snip]

 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job. This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting a [SPAM] label when they
should nt.
 
 Why?
 

As everyone has said, we need to see the message headers
at a minimum in order to try and help. Also, judging from the X-Scanned-By:
line above I assume you're using milter-spamc to call SA. If you'd
like you can add a few lines to your sendmail access file to bypass SA
for individual senders/recipents.

Milter-Spamc-From:[EMAIL PROTECTED]  OK
Milter-Spamc-To:[EMAIL PROTECTED]  OK
 

Andy

RE: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[John Narron]

 -Original Message-
 From: Jim Maul [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, July 27, 2005 3:00 PM
 To: users@spamassassin.apache.org
 Subject: Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!
 
 Justin Mason wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
  
  
  excellent -- I see it's being discussed on p5p now.  thanks 
 for doing 
  that.
  
  (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.)
  
 
 
 It works just fine on rh9 with:
 
 This is perl, v5.8.4 built for i386-linux-thread-multi
 
 as well.  For the record, i jacked the x= up to 10,000 and it 
 still worked fine.
 
 -Jim
 
 

It crashes the perl 5.8.7 on 3 FreeBSD 5.4 machines, but not with perl 5.8.6
or
Perl 5.8.5 on those same machines.  So, we've by far excluded it really
being
a spamassassin problem, which I didn't think it was to begin with.  The
original
intent was to bring the problem to people's attention, and maybe get some
ideas
on how to fix it out to the mailling list, and the archives, so when some
poor
soul out there runs into this problem, he or she will know whats going on.

I think we can stop clouding up this list with this thread, as I've put a
bug
report on the perl side of things.  You can follow it there (#36667), and
if/when
a solution or fix comes around, I'll share it back here.

Thanks for you all your help

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote:
 The Doctor wrote:
 
 SNIP irate customer message
 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job.  This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting  a [SPAM] label when they should nt.
 
 Why?
 
 
 
 Perhaps if you posted the headers of the messages that were marked as 
 spam we can look to see what rules hit which would answer your why? 
 question.  Until then, no one knows that the problem is, and as such, 
 wont be able to fix it.
 
 -Jim

Sample 1 from a cron job:

---

From [EMAIL PROTECTED] Wed Jul 27 13:19:15 2005
Return-Path: [EMAIL PROTECTED]
Received: from doctor.nl2k.ab.ca ([EMAIL PROTECTED] [127.0.0.1])
by doctor.nl2k.ab.ca (8.13.4/8.13.4) with ESMTP id j6RJJ6BM011313
for [EMAIL PROTECTED]; Wed, 27 Jul 2005 13:19:06 -0600 (MDT)
Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; 
spf=neutral
X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RJJ6BM011313
X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org
Received: (from [EMAIL PROTECTED])
by doctor.nl2k.ab.ca (8.13.4/8.13.4/Submit) id j6RJJ31O011310;
Wed, 27 Jul 2005 13:19:03 -0600 (MDT)
Date: Wed, 27 Jul 2005 13:19:03 -0600 (MDT)
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Cron Daemon)
To: [EMAIL PROTECTED]
Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 
/usr/home/cariwest/html/analog/analog
X-Cron-Env: SHELL=/bin/sh
X-Cron-Env: HOME=/root
X-Cron-Env: LOGNAME=root
X-Cron-Env: USER=root
X-Cron-Env: PATH=/bin:/usr/bin:/usr/contrib/bin:/usr/X11/bin
X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on 
doctor.nl2k.ab.ca
X-Virus-Status: Clean
X-Spam-Flag: NO
X-Scanned-By: milter-7bit/0.7.101 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 Jul 
2005 13:19:12 -0600
X-Scanned-By: milter-date/0.12.160 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:19:12 -0600
X-Scanned-By: milter-spamc/0.25.321 (localhost.nl2k.ab.ca [0.0.0.0]); Wed, 27 
Jul 2005 13:19:12 -0600
X-Spam-Status: NO, hits=-105.70 required=5.00
X-Spam-Level: 
X-milter-date-PASS: YES
X-milter-7bit-Report: error=7bit octet=0x80 offset=74 line=2 position=11
X-milter-7bit-Pass: NO
Status: RO
Content-Length: 718
Lines: 13

/usr/home/cariwest/html/analog/analog: analog version 6.0/Unix
: Warning €: Turning off empty Virtual Host Report
  (For help on all errors and warnings, see docs/errors.html)
: Warning €: Turning off empty Virtual Host Redirection Report
: Warning €: Turning off empty Virtual Host Failure Report
: Warning €: Turning off empty User Report
: Warning €: Turning off empty User Redirection Report
: Warning €: Turning off empty User Failure Report
meta=: Warning €: Turning off empty Internal Search Query Report
meta=: Warning €: Turning off empty Internal Search Word Report
: Warning €: Turning off empty Processing Time Report
: Warning : In Redirected Referrer Report, turning off pie chart of only one
  wedge

--

Sample 2

Headers:

---

Subject: [SPAM: score=5.4/5.0] spam control and assorted issues

Date: Wed, 27 Jul 2005 11:28:31 -0600

Message-ID: [EMAIL PROTECTED]

MIME-Version: 1.0

Content-Type: text/plain;

charset=iso-8859-1

Content-Transfer-Encoding: 7bit

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook CWS, Build 9.0.6604 (9.0.2911.0)

Importance: Normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409

X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on 
doctor.nl2k.ab.ca

X-Virus-Status: Clean

X-Spam-Flag: NO

X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:55 -0600

X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:55 -0600

X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); Wed, 27 
Jul 2005 11:24:33 -0600

X-Spam-Status: NO, hits=2.20 required=5.00

X-Spam-Level: xx

X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca

X-milter-date-PASS: YES

X-milter-7bit-Pass: YES

X-UIDL: efU!!CF,!([EMAIL PROTECTED]!

  ---


Sample 3

Return-Path: [EMAIL PROTECTED]

Received: from web31112.mail.mud.yahoo.com (web31112.mail.mud.yahoo.com 
[68.142.201.74])

by doctor.nl2k.ab.ca (8.13.4/8.13.4) with SMTP id j6RITs3q002842

for [EMAIL PROTECTED]; Wed, 27 Jul 2005 12:29:55 -0600 (MDT)

Authentication-Results: doctor.nl2k.ab.ca [EMAIL PROTECTED]; sender-id=neutral; 
spf=neutral

X-SenderID: Sendmail Sender-ID Filter v0.2.8 doctor.nl2k.ab.ca j6RITs3q002842

X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org

Received: (qmail 2762 

Re: spamd wont start with bayesd on mysql

[Michael Parker]

[EMAIL PROTECTED] wrote:

Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains:
  


It is SpamAssassin, notice the uppercase A in Assassin.

Michael


signature.asc
Description: OpenPGP digital signature

Re: spamd wont start with bayesd on mysql

[spamass]

How would I fix this issue.  Is it in a script?

 [EMAIL PROTECTED] wrote:

Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains:



 It is SpamAssassin, notice the uppercase A in Assassin.

 Michael

Re: Procmail for site wide usage

[.rp]

 (Q) Given that this RH machine runs only POP3 (management will not
 allow anything else) how do I set up my /etc/procmailrc file such that
 all mail that is marked as SPAM is put into the users $HOME/mail/spam
 file (they can then login using SSH and use Pine to look at SPAM if


$LOGNAME is the procmail variable that use can use to do this.

RE: [FW: spam control

[Chris Santerre]

OK something is wrong with your setup!

 
 Sample 1 from a cron job:
 
 Subject: [SPAM] Cron [EMAIL PROTECTED] /usr/bin/nice -20 
 X-Spam-Flag: NO
 --

Marked as spam but not?


 
 Sample 2
 
 Headers:
 
 Subject: [SPAM: score=5.4/5.0] spam control and assorted issues
 
 X-Spam-Flag: NO
 X-Spam-Status: NO, hits=2.20 required=5.00
 X-Spam-Level: xx
 X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on 
 doctor.nl2k.ab.ca
 
   ---

Same! Is it being run thru twice? 

 
 Sample 3
 
 
 X-Spam-Filter: [EMAIL PROTECTED] by digitalanswers.org

 Subject: [SPAM: score=10.0/5.0] [SPAM] (5.00/5.00) Great 
 Canadian website
 
 X-Spam-Flag: YES
 
 X-Spam-Status: YES, hits=5.00 required=5.00
 
 X-Spam-Level: x
 
 X-Spam-Report: Spam detection software, running on the system 
 doctor.nl2k.ab.ca, has
 

   Content analysis details:   (5.0 points, 5.0 required)
pts rule name  description
 
    -- 
 --
 
3.0 HTML_MESSAGE   BODY: HTML included in message
 
0.0 BAYES_50   BODY: Bayesian spam probability 
 is 40 to 60%
 
   [score: 0.4039]
 
2.0 HTML_10_20 BODY: Message is 10% to 20% HTML
 
   
 
 X-Mark-SPAM: YES, score=10.00/5.00, processed for 2.167s on 
 doctor.nl2k.ab.ca

3.0 points for an HTML messege That can't be right!


 
 
 
 Sample 4:
 
 

 
 Subject: [SPAM: score=11.0/5.0] [SPAM] (13.80/5.00) Re: 
 [SPAM] (16.50/5.00) Fwd: Fw: 9 Things I Hate About Everyone

 
 Subject: [SPAM] (16.50/5.00) Fwd: Fw: 9 Things I Hate 

 
   Content analysis details:   (13.8 points, 5.0 required)
 
   
 
pts rule name  description
 
    -- 
 --
 
4.0 MAILTO_TO_SPAM_ADDRURI: Includes a link to a 
 likely spammer email
 
3.0 HTML_MESSAGE   BODY: HTML included in message
 
0.0 BAYES_50   BODY: Bayesian spam probability 
 is 40 to 60%
 
   [score: 0.5585]
 
4.0 HTML_70_80 BODY: Message is 70% to 80% HTML
 
2.7 AWLAWL: From: address is in the 
 auto white-list
 
   
 
 X-Mark-SPAM: YES, score=11.00/5.00, processed for 25.087s on 
 doctor.nl2k.ab.ca


Sample 4 has scores all over the place!!  11.00, 13.8, and 16.5!! It went
thru 3 times!!

Shut off AWL for now! Fix the 3 point score for HTML. Then figure out why
your getting multiple scans!

--Chris 

Re: [FW: spam control

[JamesDR]

The Doctor wrote:

On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote:


The Doctor wrote:

SNIP irate customer message



All right, the short and simple is that Spam-Assassin may not be doing
the correct job.  This user has a whitelist in place and
some e-mail are getting the label of spam.

Even some of my cron jobs are getting  a [SPAM] label when they should nt.

Why?




Perhaps if you posted the headers of the messages that were marked as 
spam we can look to see what rules hit which would answer your why? 
question.  Until then, no one knows that the problem is, and as such, 
wont be able to fix it.


-Jim





sniped

Looks like your users send/receive a lot of HTML mail. I had to adjust 
the rules for those down slightly to help reduce the possibility of FP's.


Here, I don't care if 'chain mail' is marked as spam -- that is not 
legitimate mail for our users, tho, my system doesn't delete up to a 
certain threshold.

Your second example had this (watch for line wraps):

[...]

X-Spam-Flag: NO

X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); 
Wed, 27 Jul 2005 11:24:55 -0600


X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); 
Wed, 27 Jul 2005 11:24:55 -0600


X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); 
Wed, 27 Jul 2005 11:24:33 -0600


X-Spam-Status: NO, hits=2.20 required=5.00

X-Spam-Level: xx

X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca

[...]

What looks odd to me is that X-Spam-Status says NO (I'm assuming that 
this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a 
score of 5.40.. where is this coming from?



--
Thanks,
James

Re: SpamAssassin, FreeBSD, Perl 5.8.7, bus errors, oh my!

[The Doctor]

On Wed, Jul 27, 2005 at 04:00:15PM -0400, Jim Maul wrote:
 Justin Mason wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 
 excellent -- I see it's being discussed on p5p now.  thanks for
 doing that.
 
 (fwiw, that one-liner doesn't crash on Ubuntu Hoary's perl 5.8.3.)
 
 
 
 It works just fine on rh9 with:
 
 This is perl, v5.8.4 built for i386-linux-thread-multi
 
 as well.  For the record, i jacked the x= up to 10,000 and it still 
 worked fine.

We are talking BSD here.  (Please recall the complaint on 3.1.0 pres not 
working)

Can one update to perl 5.8.7?

 
 -Jim

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:02:32PM -0400, Ron Johnson wrote:
 The Doctor writes:
  
  - Forwarded message from Angry and Concerned Customer -
  
  
  
  All right, the short and simple is that Spam-Assassin may not be doing
  the correct job.  This user has a whitelist in place and
  some e-mail are getting the label of spam.
  
  Even some of my cron jobs are getting  a [SPAM] label when they should nt.
  
  Why?
 
 What version are you running? Are you running any additional rulesets?
 Have you written any custom rules yourself? Do you have bayes enabled?
 If so, are you running with autolearn? Do you have AWL enabled? (If so,
 you may want to start over)
 
 You need to find out what rules your false positives are tripping over.
 
 I personally find it convenient to run the false positives manually
 (though that's really not required)
 
 


I am running 3.0.4 on BSD/OS 4.3.1 .

Here is my local.cf:


# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# SpamAssassin user preferences file.
#
# Format:
#
#   required_hits n
#   (how many hits are required to tag a mail as spam.)
#
#   score SYMBOLIC_TEST_NAME n
#   (if this is omitted, 1 is used as a default score.
#   Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
# NOTE!  In conjunction with MIMEDefang, SpamAssassin can *NOT* make any
# changes to the message header or body.  Any SpamAssassin settings that
# relate to changing the message will have *NO EFFECT* when used from
# MIMEDefang.  Instead, use the various MIMEDefang Perl functions if you
# need to alter the message.
###

###
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.

required_hits   7.5

# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings.  one exception is that [EMAIL PROTECTED] is allowed.  They should 
be in
# lower-case.  You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
# whitelist_from[EMAIL PROTECTED]

# Add your blacklist entries in the same format...
#
# blacklist_from[EMAIL PROTECTED]

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
##ok_localesen

# By default, the subject lines of suspected spam will be tagged.
# This can be disabled here.
#
##rewrite_subject 0
# By default, spamassassin will include its report in the body
# of suspected spam. Enabling this causes the report to go in the
# headers instead. Using 'use_terse_report' for this is recommended.
#
# report_header 1

# By default, SpamAssassin uses a fairly long report format.
# Enabling this uses a shorter format which includes all the
# information in the normal one, but without the superfluous
# explanations.
#
# use_terse_report 0

# By default, spamassassin will change the Content-type: header of
# suspected spam to text/plain. This is a safety feature. If you
# prefer to leave the Content-type header alone, set this to 0.
#
defang_mime 0

# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, set this to 1.

#skip_rbl_checks 1

###
# Add your own customised scores for some tests below.  The default scores are
# read from the installed spamassassin.cf file, but you can override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .

# for details of what can be tweaked.
#

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits   7.5

# Whether to change the subject of suspected spam
##rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
##subject_tag *SPAM*
rewrite_header Subject SPAM(_SCORE_)   

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report0

# Enable the Bayes system
use_bayes   1

# Enable Bayes auto-learning
auto_learn  1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2  1
use_dcc 1
use_pyzor   1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languagesall

# Mail using locales used in these country 

RE: [FW: spam control

[Chris Santerre]

  Also, post the whitelist entry you're using... And what 
 file it's in, and how
  you're calling SA.
 
 Whitelist from user/.spamassassin/user_prefs:
 
 

NEVER post other peoples' email addresses to a public and archived list!!! 

Deep breaths Doc!

--Chris

RE: [FW: spam control

[Chris Santerre]

 score gtube   4.0
 score razor2_check4
 score RAZOR2_CF_RANGE_11_50   4
 score RAZOR2_CF_RANGE_51_100  4
 score DCC_CHECK   5
 score PYZOR_CHECK 5
 score REMOVE_IN_QUOTES4
 score CLICK_TO_REMOVE_2   4
 score ASCII_FORM_ENTRY4
 score TRACKER_ID  4

*snip*

Holy carp!!! Why did you rescore just about every rule higher? Those
rules are bound to cause FPs. Scored waaay too high.

Doc, right now I would remove all traces of SA, and start over. There seems
to be issues just about everywhere. 

Setup SA fresh, and callit ONLY for a test account. (Like your own.)

--Chris 

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:40:40PM -0400, JamesDR wrote:
 The Doctor wrote:
 On Wed, Jul 27, 2005 at 03:48:22PM -0400, Jim Maul wrote:
 
 The Doctor wrote:
 
 SNIP irate customer message
 
 
 All right, the short and simple is that Spam-Assassin may not be doing
 the correct job.  This user has a whitelist in place and
 some e-mail are getting the label of spam.
 
 Even some of my cron jobs are getting  a [SPAM] label when they should 
 nt.
 
 Why?
 
 
 
 Perhaps if you posted the headers of the messages that were marked as 
 spam we can look to see what rules hit which would answer your why? 
 question.  Until then, no one knows that the problem is, and as such, 
 wont be able to fix it.
 
 -Jim
 
 
 
 sniped
 
 Looks like your users send/receive a lot of HTML mail. I had to adjust 
 the rules for those down slightly to help reduce the possibility of FP's.
 
 Here, I don't care if 'chain mail' is marked as spam -- that is not 
 legitimate mail for our users, tho, my system doesn't delete up to a 
 certain threshold.
 Your second example had this (watch for line wraps):
 
 [...]
 
 X-Spam-Flag: NO
 
 X-Scanned-By: milter-7bit/0.7.101 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:55 -0600
 
 X-Scanned-By: milter-date/0.12.160 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:55 -0600
 
 X-Scanned-By: milter-spamc/0.25.321 (doctor.nl2k.ab.ca [204.209.81.1]); 
 Wed, 27 Jul 2005 11:24:33 -0600
 
 X-Spam-Status: NO, hits=2.20 required=5.00
 
 X-Spam-Level: xx
 
 X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca
 
 [...]
 
 What looks odd to me is that X-Spam-Status says NO (I'm assuming that 
 this comes from sa), level is only 2, but X-Mark-Spam: is yes.. with a 
 score of 5.40.. where is this coming from?


I am using milter-spamc and smf-spamd .

 
 
 -- 
 Thanks,
 James
 

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: spamd wont start with bayesd on mysql

[Michael Parker]

[EMAIL PROTECTED] wrote:

How would I fix this issue.  Is it in a script?

  

[EMAIL PROTECTED] wrote:



Can't locate Mail/Spamassassin/BayesStore/SQL.pm in @INC (@INC contains:


  

It is SpamAssassin, notice the uppercase A in Assassin.

Michael




Check your bayes_store_module config option.

Michael


signature.asc
Description: OpenPGP digital signature

Re: New open http redirector?

[Kelson]

Chris Santerre wrote:

My point is whatever code/script the redir is running to generate tracking
IDs in a URL can ALWAYS be run from a company's own server. Regardless of
the method, the sender could always do it. 


You're still making an assumption that what they're tracking is ad *views*.

What about tracking clicks?  Suppose you have a website with ads -- or 
search results -- on it, and you want to keep track of which links to 
third party sites get followed.  You can't do that with a web bug.  You 
can only do that by setting up a redirect script so that you log the 
click, then send the browser off to the other site.


At that point it's a matter of locking it down so that only specific 
targets are allowed, etc., or else you end up setting up a script that 
can be abused by spammers.  Which brings us to where this thread started.


--
Kelson Vibber
SpeedGate Communications www.speed.net

Re: [FW: spam control

[Andy Jezierski]

The Doctor [EMAIL PROTECTED] wrote
on 07/27/2005 03:51:13 PM:

[snip]
  X-Spam-Status: NO, hits=2.20 required=5.00
  
  X-Spam-Level: xx
  
  X-Mark-SPAM: YES, score=5.40/5.00, processed for 2.536s on doctor.nl2k.ab.ca
  
  [...]
  
  What looks odd to me is that X-Spam-Status says NO (I'm assuming
that 
  this comes from sa), level is only 2, but X-Mark-Spam: is yes..
with a 
  score of 5.40.. where is this coming from?
 
 
 I am using milter-spamc and smf-spamd .
 
 

Pick one milter and get rid of the other. 

Above, Milter-spamc said the message wasn't spam,
and I'm assuming that the X-Mark-SPAM is from smf-spamd said the message
is spam. Looks like your two milters might be looking at different configs,
since they are coming up with different scores. Also as Chris said,
get rid of ALL of your score overrides. That's probably your biggest problem.

Andy 

Re: [FW: spam control

[Matt Kettler]

Chris Santerre wrote:
score gtube   4.0

 
 
 *snip*
 
 Holy carp!!! Why did you rescore just about every rule higher? 

An even better question.. why did he try to rescore GTUBE down to 4.0?

Although that was slightly screwed up by not puting the rule name in all-caps,
GTUBE should always cause a message to be high-scoring spam.

That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string
which should never be present in normal email, and it's kind of like the EICAR
virus-test string, but for spam.

Re: [FW: spam control

[Andy Jezierski]

The Doctor [EMAIL PROTECTED] wrote
on 07/27/2005 03:42:41 PM:

[snip]
 
 In my /etc/rc for spam assassin I have,
 
 
  echo -n ' Spam Assassin';  /usr/contrib/bin/spamd
-d -i -D -u 
 defang --user-config --siteconfigpath=/etc/mail/spamassassin --
 syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid;

You do realize you have debugging turned on right?
-D Makes for a HUGE log file each day.


  /usr/contrib/bin/smf-spamd;

First call to SpamAssassin (Is this spam?)

[snip]

   /usr/contrib/bin/daemon /usr/contrib/bin/milter-spamc
-r 50 -S -
 v all unix:/var/lib/milter-spamc/socket;

Second call to SpamAssassin  (Is this REALLY
spam?)

[snip]

 
 /etc/procmailrc in my system reads:
 
 
 :0fw:spamassassin.lock
 *  1000
 |/usr/contrib/bin/spamc
 
 :0 w
 ! -oi -f $@
 

Third call to SpamAssassin  (Are you REALY REALY
sure this is spam?)

Pick ONE method to call SA

Andy

Re: New open http redirector?

[Kai Schaetzl]

Chris Santerre wrote on Wed, 27 Jul 2005 16:14:13 -0400:

 So your saying the cost of email marketing would rise.

Chris, I did't think about email at all ;-) Maybe I'm wrong and the use of 
this redirector is mostly for email. I thought of it as a central tracker 
which gets launched when someone clicks a banner ad or similar in a web 
page. There can be several reasons why you can't put this on the source or 
target server, but need an intermediary. It seems to me that the use for 
email is quite marginal because you can't track opening a message this 
way, you can only use it in the same way as for web pages. And that's what 
these spammers do, they try to disguise the real URL. But why? Users won't 
examine the URL before they click it and most spam processors should know 
how to get the target hostname.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de  http://msie.winware.org

Re: Mass-checks

[Henry Stern]

Mass check submissions are closed.  I won't be picking up any more.

Thanks everyone!

Henry Stern wrote:

As far as I know, I am only waiting on one person's mass-check results.
 Unless you speak up before he uploads them, I'm going to start the
score generation without you! ;)

Henry


signature.asc
Description: OpenPGP digital signature

RE: New open http redirector?

[Chris Santerre]

 -Original Message-
 From: Kelson [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, July 27, 2005 4:59 PM
 To: 'users@spamassassin.apache.org'
 Subject: Re: New open http redirector?
 
 
 Chris Santerre wrote:
  My point is whatever code/script the redir is running to 
 generate tracking
  IDs in a URL can ALWAYS be run from a company's own server. 
 Regardless of
  the method, the sender could always do it. 
 
 You're still making an assumption that what they're tracking 
 is ad *views*.
 
 What about tracking clicks?  Suppose you have a website with 
 ads -- or 
 search results -- on it, and you want to keep track of which links to 
 third party sites get followed.  You can't do that with a web 
 bug.  You 
 can only do that by setting up a redirect script so that you log the 
 click, then send the browser off to the other site.
 
 At that point it's a matter of locking it down so that only specific 
 targets are allowed, etc., or else you end up setting up a 
 script that 
 can be abused by spammers.  Which brings us to where this 
 thread started.

Your tellng me you can't get a redir for your own website? 

You can't get a script to point:

www.example.com/4gk43gg435gh43ghk.htm - www.example.com/realpage.htm

And generate your own IDs? This makes no sense. If a third party service can
do it, so can a company. 3rd party redirs are simply not needed. 

*goes to google open source redir scripts*

--Chris

RE: Bayes question

[Alan Fullmer]

I attempted to do that once, with a
network file system, but it didnt seem to know how to handle the locking
properly. I know I did something wrong, so if anyone else has a solution,
Id also be happy to hear it! J



-Alan Fullmer

[EMAIL PROTECTED]

www.xnote.com

www.zoobuh.com

















From: Robert Swan
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 27, 2005
12:22 PM
To: users@spamassassin.apache.org
Subject: Bayes question





I have a pair of Spamassassin servers filtering e-mail
(Spamassassin 3.0.4, spamd/spamc, Postfix, redhat 9) I was wondering if I could
share the bayes database between the two server rather than having each with
its own and having to do the salearn process twice.



Any Thoughts?











Robert













Peace he would say instead of goodbyepeace my brother.

RE: Bayes question

[Tyler Nally]

Boy... anytime I've done some kind of network file sharing across
a system or two, I have never done it for good performance reasons...
only convenience sakes.  And even then, never large files.

Almost a decade ago when I was performing massive COBOL database
conversions to load data into flat files to be imported into a
relational database, I noticed a significant decrease in performance
of the machine that is accessing remotely stored files.  It was far
easier/faster to auto-ftp the half a gigabyte of information to another
machine so that it could have the information *local* and therefore it
can access the data extremely quickly.   Depending on the machine and
it's resources, I'd expect it to slow down it's processing between 25-40%
on the average.

If the data remained on a remote machine, then the CPU has to use
it's resources to handle the resources on the remote file system
as if it's a part of it's own.  It is then at the whim of a NFS
file system handle that may or may not stay fresh.  Even if the
machines are separated by a couple feet of cable .. for me .. back
then ... NFS wasn't reliable enough for me to be able to bank on it
being up.  Because when the remote NFS file handle went stale, it
caused the local machine to hang and drag.  Maybe NFS is better now
than back then... I don't know.

The machine doesn't make a network *call* to the other machine to
borrow it's resources, it uses it's own resources to access the
remote files as if they are local yet, it does it over a network
cable rather than the typical high-speed of motherboard's bus that
would access the local hard drive.

So... the only way I'd do this in this day and age would be to have
the kind of hardware that you could build a multi-node supercomputer
where they all share the same hard drive over a fiber optic network
with lightning quick hard disks on the server node as it shares its
resources with the worker nodes.  In that case, the networking element
has been removed from the equation as the slowest link in the chain
of events.

On Wed, July 27, 2005 16:37, Alan Fullmer said:
 I attempted to do that once, with a network file system, but it didn't seem
 to know how to handle the locking properly.  I know I did something wrong,
 so if anyone else has a solution, I'd also be happy to hear it! :-)


-- 
Tyler Nally
[EMAIL PROTECTED]

autolearn

[Frank M. Cook]

I posted a message the other day asking why my spamd might backlog 
periodically and someone asked me if I could see from the log what was 
happening. It started again today and I see something. the last 
entry in the log when the jam occurred said

 autolearn=unavailable

when I stopped checking, cleared the spool, and restarted checking the log 
began to show

 autolearn=no

should I just set something in local.cf to turn off autolearning more 
completely so it knows not to try? 

would I be better off doing whatever is required to create a real 
autolearning system? am I right in thinking that requires a 
database?

Frank M. Cook

Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 05:25:42PM -0400, Matt Kettler wrote:
 Chris Santerre wrote:
 score   gtube   4.0
 
  
  
  *snip*
  
  Holy carp!!! Why did you rescore just about every rule higher? 
 
 An even better question.. why did he try to rescore GTUBE down to 4.0?
 
 Although that was slightly screwed up by not puting the rule name in all-caps,
 GTUBE should always cause a message to be high-scoring spam.
 
 That's the whole point of GTUBE. GTUBE detects a really odd-ball test-string
 which should never be present in normal email, and it's kind of like the EICAR
 virus-test string, but for spam.
 
 
 


I did try to go back to default and raise the level to 7.5 and
did try to restart spamd amd spamc, but it seems that Spam Assassin
still has the old high features.

The local.cf looks like:
-

# Add your own customisations to this file.  See 'man Mail::SpamAssassin::Conf'
# SpamAssassin user preferences file.
#
# Format:
#
#   required_hits n
#   (how many hits are required to tag a mail as spam.)
#
#   score SYMBOLIC_TEST_NAME n
#   (if this is omitted, 1 is used as a default score.
#   Set the score to 0 to ignore the test.)
#
# # starts a comment, whitespace is not significant.
#
# NOTE!  In conjunction with MIMEDefang, SpamAssassin can *NOT* make any
# changes to the message header or body.  Any SpamAssassin settings that
# relate to changing the message will have *NO EFFECT* when used from
# MIMEDefang.  Instead, use the various MIMEDefang Perl functions if you
# need to alter the message.
###

###
# First of all, the generally useful stuff; thresholds and the whitelist
# of addresses which, for some reason or another, often trigger false
# positives.

required_hits   7.5

# Whitelist and blacklist addresses are *not* patterns; they're just normal
# strings.  one exception is that [EMAIL PROTECTED] is allowed.  They should 
be in
# lower-case.  You can either add multiple addrs on one line,
# whitespace-separated, or you can use multiple lines.
#
# Monty Solomon: he posts from an ISP that has often been the source of spam
# (no fault of his own ;), and sometimes uses Bcc: when mailing.
#
# whitelist_from[EMAIL PROTECTED]

# Add your blacklist entries in the same format...
#
# blacklist_from[EMAIL PROTECTED]

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
#
##ok_localesen

# By default, the subject lines of suspected spam will be tagged.
# This can be disabled here.
#
##rewrite_subject 0
# By default, spamassassin will include its report in the body
# of suspected spam. Enabling this causes the report to go in the
# headers instead. Using 'use_terse_report' for this is recommended.
#
# report_header 1

# By default, SpamAssassin uses a fairly long report format.
# Enabling this uses a shorter format which includes all the
# information in the normal one, but without the superfluous
# explanations.
#
# use_terse_report 0

# By default, spamassassin will change the Content-type: header of
# suspected spam to text/plain. This is a safety feature. If you
# prefer to leave the Content-type header alone, set this to 0.
#
defang_mime 0

# By default, SpamAssassin will run RBL checks.  If your ISP already
# does this, set this to 1.

#skip_rbl_checks 1

###
# Add your own customised scores for some tests below.  The default scores are
# read from the installed spamassassin.cf file, but you can override them
# here.  To see the list of tests and their default scores, go to
# http://spamassassin.taint.org/tests.html .

# for details of what can be tweaked.
#

# SpamAssassin config file for version 2.5x
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits   7.5

# Whether to change the subject of suspected spam
##rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
##subject_tag *SPAM*
rewrite_header Subject SPAM(_SCORE_)   

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report0

# Enable the Bayes system
use_bayes   1

# Enable Bayes auto-learning
auto_learn  1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2  1
use_dcc 1
use_pyzor   1

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_languagesall

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales  

Re: Bayes question

[Matt Kettler]

Alan Fullmer wrote:
 I attempted to do that once, with a network file system, but it didn’t
 seem to know how to handle the locking properly.  I know I did something
 wrong, so if anyone else has a solution, I’d also be happy to hear it! J

As JamesDR suggested.. Do it right, use SQL. It's a database that's *designed*
to be accessed remotely. Trying to share a DB_File based database over NFS is
asking for poor performance and trouble.

RE: New open http redirector?

[Matthew.van.Eerde]

Chris Santerre wrote:

 From: Kelson [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, July 27, 2005 4:59 PM
 To: 'users@spamassassin.apache.org'
 Subject: Re: New open http redirector?
 
 
 Chris Santerre wrote:
 My point is whatever code/script the redir is running to generate
 tracking IDs in a URL can ALWAYS be run from a company's own
 server. Regardless of the method, the sender could always do it.
 
 What about tracking clicks?
 
 Your tellng me you can't get a redir for your own website?

Chris, take a deep breath and relax...

There are good reasons for third-party advertising services.

Suppose Acme Inc. wants to put an ad on Zero's site.

Acme could host the ad image, and the clickthrough could go to Acme's site.
Zero could host the ad image, and the clickthrough could go to Zero's site... 
which could in turn go to Acme's site.

But the best situation from a game theory point of view is to bring in a third 
party ad hosting service Elmer.  Zero would place Elmer's HTML code on their 
site.  The ad image would be src'd to Elmer's site, and the click would href 
through to Elmer's site which would in turn redirect to Acme's site.

Why?

Trust.  Ads are frequently contracted for a certain number of impressions, with 
a price that, in the long run, depends on the click-through rate.  Acme should 
not trust Zero's statistics, and Zero should not trust Acme's statistics - 
because each has an incentive to lie.  The best solution, then, is to bring in 
Elmer who acts as an arbiter or escrow agent, and both sides can trust Elmer.  
Elmer has a disincentive to lie in both directions.

Open HTTP redirects are still bad, though.

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,

Re: [FW: spam control

[Matt Kettler]

The Doctor wrote:
 
 Next?
 

My honest suggestion?

Stop everything, and take a step back. Read, think about the options, then act.

First, Fix your setup as Andy Jezerski suggested. Have ONE and only ONE call to
spamassassin. You've got 3 right now. Two milters and a procmail call. That's
VERY bad news, and will greatly complicate configuration, testing and debugging.

Pick ONE of the following:
smf-spamd
milter-spamc
procmailrc call to spamc

And ditch the other two. With all three of them in place, that's 3 tools you
have to configure, and if any one of them isn't set up right you'll have
problems. Reducing it to one tool, one call, will make your life easier.

Second, I would personally just get rid of your local.cf and start over. At the
very minimum get rid of every score statement you've added in there.

You've been raising rule scores all over the place, which wound up causing FP
problems. Then you raised your threshold to counteract the FP problems your
modified scores caused. Bad news. You're getting into an arms race with 
yourself.

Third, once you've picked one of the methods of calling SpamAssassin (instead of
three) configure that tool to bypass SA calls. If you decide to keep
milter-spamc, I'd suggest using Andy's suggestion of a /etc/mail/access 
statement.

Milter-Spamc-From:[EMAIL PROTECTED]OK

Re: [FW: spam control

[jdow]

From: Kai Schaetzl [EMAIL PROTECTED]

 The Doctor wrote on Wed, 27 Jul 2005 13:34:42 -0600:
 
  This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED]
 
 Ah, it's he again. Setting to ignore mode.
 
 Kai

He rather is an example of why we tended not to allow our doctorates
into the lab when I was doing RF engineering for Rockwell International.
They broke everything they touched. Heck, one fellow only had to step
inside the room and half the equipment quit working.

If he has a doctorate in Computer Science he knows too much to get
SpamAssassin running. He knows how things should be done and knows
that what he knows is absolutely the only way things should be done.
So why sit down and figure out how it really works carefully and
methodically. He religiously seems to hide major pieces of his
configuration from us and then demand solutions. I've quit even bothering
to reply to him. I do read him. He's so silly he's amusing.

(One thing I have found is that people who use the term Dr. in front
of their monikers when out in public are incapable of learning because
all the public is too dumb to listen to. It earns them incredible amounts
of heartburn.)

{^_^}

RE: Russian way of fighting spam

[Matthew.van.Eerde]

jdow wrote:
 From: Slava Madrit [EMAIL PROTECTED]
... 
 If you received this transmission in error, please contact the
 sender by reply e-mail or by telephone (+1(212)632-5500)
 -
 
 In other words as soon as the SpamAssassin mailinglist forwarded
 this we were all in violation of Treasury Regulations in Circular
 230. Sheesh.

I'm sorely tempted to call.  Anyone else?  Should we all call at once?  :)

-- 
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,

Re: Russian way of fighting spam

[Daryl C. W. O'Shea]

jdow wrote:

From: Slava Madrit [EMAIL PROTECTED]
_

and delete and destroy all copies of the material, including all
copies stored in the recipient's computer, printed or saved to disk.


Does that also mean we should all show up at Slava's office to destroy 
all copies of the material?

Re: [SPAM] (6.70/5.00) Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote:
 The Doctor wrote:
 
  
  The whitelist in question:
  
  user/.spamassassin/user_prefs:
  
  
 snip
 
 
  
  And the spamassassin is called as follows:
  
  echo -n ' Spam Assassin';   /usr/contrib/bin/spamd -d -i -D -u 
  defang --user-config --siteconfigpath=/etc/mail/spamassassin 
  --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid;
  /usr/contrib/bin/smf-spamd;
 
 
 is user in the user_prefs path the home directory for the user defang...
 if not, then that whole file will NOT under ANY condition be read.
 
 Since you're passing -u defang to spamd, it will ONLY run as defang, and it 
 will
 ONLY check defang's home directory for a user_prefs file.
 


Question:  How can ever user use Spam Assassin without having to specify a
user?  It would be nice for every user to govern their own account.

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

SURBL Rules Not Being Used

[Timothy Spear]

Hello,
The SURBL Rules do not appear to be working for me. I think I am
missing something basic.

The test:
First Test: Telnet into my MTA and manually enter the SMTP
Commands to send an email from a bogus address, email content is the same as
the other tests.
Second Test: Using a local .eml file I have a hyper link to
http://test.surbl.org  I then pass with file to either spamassassin or spamc
Third Test: Send an email from a yahoo account with the same
content.

The spamc -R report from the first and second tests:

pts rule name  description
 --
--
0.2 NO_REAL_NAME   From: does not include a real name 
-2.8 ALL_TRUSTEDDid not pass through any untrusted hosts
0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org


My Configuration:
Debian 3.1
SpamAssassin 3.0.3-2 (From Debian)
Bind9 (from Debian)
Spamd started with  --max-children 5 --helper-home-dir

What I have tested:
Net::DNS is installed. Use a simple Perl Script to Test
DNS Resolving via the Bind9 works. 
SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule.
No entry in local.cf for skip_rbl_checks, rbl_timeout
No changes to any scores.

TIA

Tim 

Re: SURBL Rules Not Being Used

[Rick Macdougall]

Timothy Spear wrote:


Hello,
The SURBL Rules do not appear to be working for me. I think I am
missing something basic.

The test:
First Test: Telnet into my MTA and manually enter the SMTP
Commands to send an email from a bogus address, email content is the same as
the other tests.
Second Test: Using a local .eml file I have a hyper link to
http://test.surbl.org  I then pass with file to either spamassassin or spamc
Third Test: Send an email from a yahoo account with the same
content.

The spamc -R report from the first and second tests:

pts rule name  description
 --
--
0.2 NO_REAL_NAME   From: does not include a real name 
-2.8 ALL_TRUSTEDDid not pass through any untrusted hosts

0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org


My Configuration:
Debian 3.1
SpamAssassin 3.0.3-2 (From Debian)
Bind9 (from Debian)
Spamd started with  --max-children 5 --helper-home-dir

What I have tested:
Net::DNS is installed. Use a simple Perl Script to Test
		DNS Resolving via the Bind9 works. 
		SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule.

No entry in local.cf for skip_rbl_checks, rbl_timeout
No changes to any scores.

TIA

Tim 

 


Hi,

Although it appears Net::DNS is working, what version is it ?  I've 
never gotten 0.49 - 0.52 to work correctly.  0.48 and 0.53+ all work fine.


HTH,

Rick

RE: SURBL Rules Not Being Used

[Timothy Spear]

I am running 0.53; straight from CPAN.

Any other ideas?

Tim

-Original Message-
From: Rick Macdougall [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 27, 2005 8:13 PM
To: Timothy Spear
Cc: users@spamassassin.apache.org
Subject: Re: SURBL Rules Not Being Used

Timothy Spear wrote:

Hello,
   The SURBL Rules do not appear to be working for me. I think I am
missing something basic.

   The test:
   First Test: Telnet into my MTA and manually enter the SMTP
Commands to send an email from a bogus address, email content is the same
as
the other tests.
   Second Test: Using a local .eml file I have a hyper link to
http://test.surbl.org  I then pass with file to either spamassassin or
spamc
   Third Test: Send an email from a yahoo account with the same
content.

   The spamc -R report from the first and second tests:

pts rule name  description
 --
--
0.2 NO_REAL_NAME   From: does not include a real name 
-2.8 ALL_TRUSTEDDid not pass through any untrusted hosts
0.1 DNS_FROM_AHBL_RHSBLRBL: From: sender listed in dnsbl.ahbl.org


   My Configuration:
   Debian 3.1
   SpamAssassin 3.0.3-2 (From Debian)
   Bind9 (from Debian)
   Spamd started with  --max-children 5 --helper-home-dir

   What I have tested:
   Net::DNS is installed. Use a simple Perl Script to Test
   DNS Resolving via the Bind9 works. 
   SpamAssassin is resolving the DNS_FROM_AHBL_RHSBL rule.
   No entry in local.cf for skip_rbl_checks, rbl_timeout
   No changes to any scores.

TIA

Tim

  

Hi,

Although it appears Net::DNS is working, what version is it ?  I've 
never gotten 0.49 - 0.52 to work correctly.  0.48 and 0.53+ all work fine.

HTH,

Rick


!DSPAM:42e82313202012322511209!

Re: SURBL Rules Not Being Used

[Theo Van Dinter]

On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote:
 Any other ideas?

The first thing for any issue is: run with -D and see what's happening.

-- 
Randomly Generated Tagline:
Q. Why is this so clumsy?
  A. The trick is to use Perl's strengths rather than its weaknesses.
   - Larry Wall


pgpx1xR900lfD.pgp
Description: PGP signature

RE: SURBL Rules Not Being Used

[Timothy Spear]

Found it. I hade two versions of Perl installed, spamassassin was picking up
the test install I did of version 6. Which had no Net::DNS installed.

Tim

-Original Message-
From: Theo Van Dinter [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 27, 2005 9:25 PM
To: users@spamassassin.apache.org
Subject: Re: SURBL Rules Not Being Used

On Wed, Jul 27, 2005 at 09:08:28PM -0400, Timothy Spear wrote:
 Any other ideas?

The first thing for any issue is: run with -D and see what's happening.

-- 
Randomly Generated Tagline:
Q. Why is this so clumsy?
  A. The trick is to use Perl's strengths rather than its weaknesses.
   - Larry Wall

Re: Bogus MS 'critical update'

[Thomas Cameron]

On Mon, 2005-07-25 at 10:33 +0100, Nigel kendrick wrote:
 I have just had a bogus Microsoft update slip through the net. Is there a
 rule to combat these? In any case, here's the info in case it's of use:

snip

IMHO that's a virus, not spam.  You should prolly install ClamAV on your
mail server.
-- 
Thomas Cameron, RHCE, CNE, MCSE, MCT
512-241-0774 (office)
512-924-8592 (cell)

Re: Russian way of fighting spam

[Gene Heskett]

On Wednesday 27 July 2005 19:46, Daryl C. W. O'Shea wrote:
jdow wrote:
 From: Slava Madrit [EMAIL PROTECTED]
 _

 and delete and destroy all copies of the material, including all
 copies stored in the recipient's computer, printed or saved to
 disk.

Does that also mean we should all show up at Slava's office to
 destroy all copies of the material?

Now there's an idea, go for it.  Start with that ridiculous sig.

-- 
Cheers, Gene
There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order.
-Ed Howdershelt (Author)
99.35% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.

Basic Questions

[John D. Maag]

Setup Redhat 9
Spamassassin  3.0.4

I am struggling with learning the basics about spamassassin. I think I 
=
have it going now but I am still not sure. I stumbled into a working =
scenario. Somehow Sendmail is calling procmal for me so I do nto need =
the .forward file. If someone knows how that could be happening I would 
=
love to know how I got lucky.

1) I am not sur eof the locations the installation of spamassassin is =
using. I do not know if it is using my ~/.spamassassin or =
/etc/mail/spamassassin or both. The main reason I ask is I think an =
existing install was there befor emy make. I am trying to install some 
=
custom rules and cf files and in particular an sa-blacklist.current 
file =
but I am not sure where to put the cf files, etc so that spamd/spamc =
will see them.


2) I want to convert to a site installation so I can use one setting 
for =
required score, custom rules (contents of user_prefs). How can I do =
this? IMO the docs on the web site are inadequate.

Re: [SPAM] (6.70/5.00) Re: [FW: spam control

[The Doctor]

On Wed, Jul 27, 2005 at 06:00:58PM -0600, The Doctor wrote:
 On Wed, Jul 27, 2005 at 04:45:36PM -0400, Matt Kettler wrote:
  The Doctor wrote:
  
   
   The whitelist in question:
   
   user/.spamassassin/user_prefs:
   
   
  snip
  
  
   
   And the spamassassin is called as follows:
   
 echo -n ' Spam Assassin';   /usr/contrib/bin/spamd -d -i -D -u 
   defang --user-config --siteconfigpath=/etc/mail/spamassassin 
   --syslog=/var/log/spamd.log --pidfile=/var/run/spamd.pid;
 /usr/contrib/bin/smf-spamd;
  
  
  is user in the user_prefs path the home directory for the user 
  defang...
  if not, then that whole file will NOT under ANY condition be read.
  
  Since you're passing -u defang to spamd, it will ONLY run as defang, and it 
  will
  ONLY check defang's home directory for a user_prefs file.
  
 
 
 Question:  How can ever user use Spam Assassin without having to specify a
 user?  It would be nice for every user to govern their own account.
 

Also, IS it possible for Spam Assassin to skip over a realm?

-- 
Member - Liberal International  
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
God Queen and country! Beware Anti-Christ rising!
Better to serve in Heaven that to Rule in Hell.

Re: autolearn

[Robert Menschel]

Hello Frank,

Wednesday, July 27, 2005, 3:02:23 PM, you wrote:

FMC I posted a message the other day asking why my spamd might
FMC backlog periodically and someone asked me if I could see from the
FMC log what was happening.  It started again today and I see
FMC something.  the last entry in the log when the jam occurred said
FMC  
FMC     autolearn=unavailable
FMC  
FMC when I stopped checking, cleared the spool, and restarted
FMC checking the log began to show
FMC  
FMC     autolearn=no
FMC  
FMC should I just set something in local.cf to turn off
FMC autolearning more completely so it knows not to try? 

Actually, that suggests your problem may be with an auto-expire
against the Bayes database, rather than auto-learn.

The Bayes system will occasionally determine that it needs to expire
old entries, to keep the database files within reasonable size, and
that expiration can take a long while.

I've not had the problem, so I can't suggest good solutions from
experience, but others here on the list can...

Bob Menschel

Re: Basic Questions

[Theo Van Dinter]

On Wed, Jul 27, 2005 at 09:11:22PM -0500, John D. Maag wrote:
 scenario. Somehow Sendmail is calling procmal for me so I do nto need =
 the .forward file. If someone knows how that could be happening I would 
 love to know how I got lucky.

Most Linux distros, since you said you're using RH9, setup procmail as
the local delivery agent.

 1) I am not sur eof the locations the installation of spamassassin is =
 using. I do not know if it is using my ~/.spamassassin or =
 /etc/mail/spamassassin or both. The main reason I ask is I think an =

Both, depending on how you call SA.  If you ever want to know what
SpamAssassin is doing, run a message through spamassassin -D and it'll
tell you what files are being read, etc.

 custom rules and cf files and in particular an sa-blacklist.current 
 file =
 but I am not sure where to put the cf files, etc so that spamd/spamc =
 will see them.

/etc/mail/spamassassin are for site-wide local rules.

 2) I want to convert to a site installation so I can use one setting 
 for =
 required score, custom rules (contents of user_prefs). How can I do =
 this? IMO the docs on the web site are inadequate.

Well, you can always set site wide configuration, per-user configs are allowed
by default but can easily be shut off if using spamd (see the man page).

-- 
Randomly Generated Tagline:
Don't mock the cookie. - Jackie Chan Adventures


pgpiTCqyYnQz8.pgp
Description: PGP signature

Re: New open http redirector?

[Loren Wilton]

 What about tracking clicks?  Suppose you have a website with ads -- or
 search results -- on it, and you want to keep track of which links to
 third party sites get followed.  You can't do that with a web bug.  You
 can only do that by setting up a redirect script so that you log the
 click, then send the browser off to the other site.

 At that point it's a matter of locking it down so that only specific
 targets are allowed, etc., or else you end up setting up a script that
 can be abused by spammers.  Which brings us to where this thread started.

Ah, but at least they would have a log of the number of clicks to the
spammer site!
Perhaps they could then send the spammer a bill for services provided?  ;-)

Loren

Re: autolearn

[Frank M. Cook]

The Bayes system will occasionally determine that it needs to expire
old entries, to keep the database files within reasonable size, and
that expiration can take a long while.


is there a file I can check to see if it has become large?  better yet is 
there some kind of routine to run to do the purging?  I could shut down 
message checking to give an expiration routine time to do its thing.


Frank M. Cook
Association Computer Services, Inc.
http://www.acsplus.com 

Re: autolearn

[Loren Wilton]

  The Bayes system will occasionally determine that it needs to expire
  old entries, to keep the database files within reasonable size, and
  that expiration can take a long while.

 is there a file I can check to see if it has become large?

Yes. I don't know quite how to do it, so someone else will chime in, I hope.

 better yet is
 there some kind of routine to run to do the purging?  I could shut down
 message checking to give an expiration routine time to do its thing.

You can turn off bayes_auto_expire in user_prefs, and then use a cron job to
run an expire every midnight or so.

Loren

Re[2]: SARE Whitelist candidate

[Robert Menschel]

Hello Andy,

Wednesday, July 27, 2005, 7:13:01 AM, you wrote:

AJ Didn't know there was a SARE whitelist.

Discussed on this list a few months back, while experimenting with it
on my own system. Then announced it here when published, but otherwise
it's been quiet. Worth mentioning from time to time...

AJ Here'sanother Fidelity E-Mail address we whitelist:
AJ [EMAIL PROTECTED]

Thanks, but I need more than just the email address.  It's much, much
too easy for spammers to forge/fake an email address in their From
header.

We use the whitelist_from_rcvd directive instead,
 whitelist_from_rcvd  EmailAddress  ServerDomain

SpamAssassin identifies which Received headers are trusted (belong to
your system, or otherwise are trusted to pass you accurate information
about the upstream/sending server).  It compares the sending server in
the last of these against the ServerDomain parameter.

Only if both the email address pattern and the server domain match is
the email whitelisted.

Even if the spammer fakes the email address, and generates a bogus
Received header with the server domain, that received header will not
be trusted (it wasn't generated by your system), and therefore the
email won't be whitelisted in error.

If you can send me a copy of the email, or at least its full headers
(no need for any of the confidential information that might be in the
body), I can identify the correct server domain to include in the
directive.

Bob Menschel

Basic Questions

[John D. Maag]

Ok, If I put preferences in the user_prefs file in $HOME/.spamassassin, do I 
call the file the same thing in /etc/mail/spamassassin?

Re[2]: autolearn

[Robert Menschel]

Hello Frank,

Wednesday, July 27, 2005, 8:34:02 PM, you wrote:

 The Bayes system will occasionally determine that it needs to expire
 old entries, to keep the database files within reasonable size, and
 that expiration can take a long while.

FMC is there a file I can check to see if it has become large?  better yet is
FMC there some kind of routine to run to do the purging?  I could shut down
FMC message checking to give an expiration routine time to do its thing.

The files are the bayes_* files, by default located in the user's
$HOME/.spamassassin directory (whatever user is doing the email check
at the time).

bayes_journal_max_size (default: 102400)
bayes_expiry_max_db_size (default: 15)
bayes_auto_expire (default: 1)
bayes_learn_to_journal (default: 0)
are the local.cf or user_prefs parameters that affect bayes
expiration. See
http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.html#learning_options
for the 3.0.x application of these parameters.

See
http://spamassassin.apache.org/full/3.0.x/dist/doc/sa-learn.html#expiration
for a discussion of expiration.
 sa-learn --force-expire
will force an expiration run. So a script which will
 stop email filtering
 sa-learn --force-expire
 restart email filtering
will help if this is indeed your problem.

Bob Menschel

RE: Removing message/rfc822 attachments to separate files

[Herb Martin]

 -Original Message-
 From: Kai Schaetzl [mailto:[EMAIL PROTECTED] 
 
 Herb Martin wrote on Tue, 26 Jul 2005 21:21:25 -0500:
  When forwarding a batch of missed spam (or ham) from 
  Outlook back to 
  SpamAssassin the best way seems to be for our users to select more 
  than a single message, and use the menu:  Action-Forward 
  which puts them all in as attachments.
 
 I guess this adds only the message bodies? Just want to 
 remmember you that Bayes uses header tokens as well. If you 
 can you should train with headers included.

I understand the latter, but No, the method sends the full
headers/messages encapsulated as message/rfc822 top level parts.

The only change I see between the Mime Markers are these 4
lines (including the blank):

--=_NextPart_000_067D_01C591D1.7F02A7C0
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment

From:  etc.
snip header and body

--=_NextPart_000_067D_01C591D1.7F02A7C0

FYI:  Mail::SpamAssassin::Message (and Node) do seems to
have what I need, but so far on quick examination and a
brief initial code attempt it escapes my understanding
to use this immediately.

After writing the following and trying 
Mail::SpamAssassin::Message (off and on all afternoon)
I stumbled upon the tool intended for the job:

MIME::Parser from MIME::Toolkit (which was already on
my system) -- the pod doc examples had almost exactly
what I need (added one line to first example):

http://www.globedomain.com/cgi-bin/perldiver/perldiver.cgi?action=2010modu
le=MIME%3A%3AParser

This does it -- the whole thing -- if I don't mind 
submitting one file per run (with a command script
loop for all of them of course):

#!/usr/bin/perl -w

use MIME::Parser;

my $parser = new MIME::Parser;   # Create parser
$parser-output_dir(./tmp);# Give output dir
$parser-extract_nested_messages(0); # Extract messages whole?
$entity = $parser-parse(\*STDIN);   # Parse an input filehandle  
print Entity: $entity\n\n if $entity;

__END__

This method is so much cleaner than the others I have
tried -- users can just email a whole batch of Spam
(or Ham) messages to our Spam (or Ham) Multi account
for automatic processing.  No change to individual 
message headers -- easy to do once or twice a day for
those who get a lot of spam.

Thank you so much for your help -- sometimes it is 
encouraging just to have someone throwing back ideas
and suggestions.

--
Herb