How to control the hits for a mail
hi all, I am using spamassassin with sendmail and procmail. I am redirecting the spam mails based upon comparing the resulting hits for each mail after passing through spmamc with some fixed required_hits . I want to know how these hits will be determined by spamassassin .If anyone knows kindly let me know. If it is because of various tests handled by spamassassin then where are they assigned ? Can we change the score value for each test and determine the required_hits as per our wish . If possible where and how can we do that. Your precious answer will be very much appriciated . I am expecting it at the earliest. Thanks. Suresh Kumar Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Training a forwarding filter
This works great, but the load is too much. I'm trying to move SpamAssassin to a second server that will serve as a relay in front of the existing server. However, I don't want to lose the ability to train the filter by simply moving bad mail into a different folder. As far as I can tell, it's not possible to tell sa-learn to connect to a remote server. So how can I get those spams into sa-learn on the relay? Share the disk that has the training folders on it? If the only thing it is used for (shared) is the spam learning the overhead shouldn't be a problem. Use IMAP folders on one of the boxes? Probably half a dozen other solutions. Loren
Re: spamd[7745]: bad protocol: header error:
On Thursday 25 August 2005 12:31, Chris typed: Noted this in my syslog this morning, is this another harmless error, or is something borked somewhere? Aug 24 21:30:09 cpollock spamd[7745]: bad protocol: header error: \200__( '$Î__\206 __\2377\200__( '$Ï__ \206¡__\2377\200__( '$Ð__\206¢__\2377__ __\200__( '$Ñ__\206£__\2377\200__(`'$Î__ \206 __\2377\200__(`'$Ï__\206¡__\2377_ ___\200__(`'$Ð__\206¢__\2377\ 200__(`'$Ñ__\206£__\2377\200__( '$Î__\ 206 __\2377\200__( '$Ï__\206¡__\2377__ __\200__( '$Ð__\206¢__\2377\200__( '$Ñ_ _\206£__\2377 Aug 24 21:30:40 cpollock spamd[7799]: bad protocol: header error: GET / HTTP/1.0 I'd guess your spamd is listening on a port that realplayer or similar thought was a web server/audio server (and possibly an MS box based on one record). Is your spamd exposed to the cruel internet, or protected by a firewall?
Spamassassin mangling messages
Hi there. I'm using Spamassassin 2.44 on a RH9 box (postfix uses maildrop as a transport, which calls SA) at the moment, and I'm considering updating it, but I have a problem with it that might lead me to another spam program. When SA scans a message, it rewrites the message and replaces certain characters in it with other ones (=20 and =3D being notable examples). Other than this, SA is a great little app, but my customers complain to me saying that these strings pop up all over the place and annoy them immensely. I'm of a mind to say deal with it, but they wouldn't like that. So is there a way in SA to switch the email rewriting off completely? All I want it to do is mark the message as spam or not spam, and not touch the content of the actual message. Your help would be appreciated. Regards Daniel
Re: AWL doesn't seem to work
At 01:44 AM 8/25/2005, Ilan Aisic wrote: OK, I figured out what my problem was. It's in the way I always restarted SA. This was from the following simple script that I always ran as root: --- echo Running spamassassin --lint and then restarting spamd if OK... spamassassin --lint if [ $? != 0 ] ; then echo SA discovered errors! else /etc/init.d/spamassassin restart fi --- Apparently, the command `spamassassin --lint` created the 2 files: -rw-rw-rw-1 root root12288 Aug 25 08:12 auto-whitelist -rw---1 root root6 Aug 25 08:12 auto-whitelist.mutex It should create the two, but the mutex should be deleted when --lint exits. Perhaps this is one of the bugs in SA 3.0.2. I'm not sure, as the DoS vulnerability alone is enough for me to steer clear of running this version of SA on a production box. I know that 3.0.3 fixed some memory bloat problems with the AWL, so I wouldn't suggest using the AWL with 3.0.2: http://www.gossamer-threads.com/lists/spamassassin/announce/8
Re: Spamassassin mangling messages
Daniel Acton wrote: Hi there. I'm using Spamassassin 2.44 on a RH9 box (postfix uses maildrop as a transport, which calls SA) at the moment, and I'm considering updating it, but I have a problem with it that might lead me to another spam program. When SA scans a message, it rewrites the message and replaces certain characters in it with other ones (=20 and =3D being notable examples). Other than this, SA is a great little app, but my customers complain to me saying that these strings pop up all over the place and annoy them immensely. I'm of a mind to say deal with it, but they wouldn't like that. So is there a way in SA to switch the email rewriting off completely? All I want it to do is mark the message as spam or not spam, and not touch the content of the actual message. man Mail::SpamAssassin::Conf See report_safe. Setting this to 0 will cause SA to do a headers-only tag with no body tagging at all.
Re: More zombie problems
On 24 Aug 2005 at 11:18, Justin Mason wrote: Nels Lindquist writes: Any ideas on how I can further troubleshoot this? I'm pursuing parallel lines of inquiry on the MIMEDefang list too. I'd suggest (a) opening a separate bug in the bugzilla and (b) getting output from strace -fo TRACE -p PID of a process turning into a zombie. Sadly, I don't see much, since as soon as the process receives a TERM signal strace disconnects: 32358 read(0, , 4096) = 0 32358 exit_group(0) = ? Nels Lindquist * Information Systems Manager Morningstar Air Express Inc.
Re: More zombie problems
On 25 Aug 2005 at 15:13, Justin Mason wrote: try tracing the master spamd process using -f, so that it traces *both* the parent and the child processes. Since I'm using MIMEDefang which loads the SA libraries directly, I'm not running spamd. I'll see if tracing the multiplexor process shows anything, though... Nels Lindquist * Information Systems Manager Morningstar Air Express Inc.
phish/bayes
I could not find any email in this forum addressing this issue - it does not mean there is not one - I just could'nt find it :) MY question is as follows: Given that so many valid tokens from ebay/paypal sites exist in phish emails, am I correct in saying that it is imperative to avoid phish emails entering the bayes database? Anthony Sent from the SpamAssassin - Users forum at Nabble.com.
Re: More zombie problems
On 25 Aug 2005 at 16:34, Nels Lindquist wrote:
On 25 Aug 2005 at 15:13, Justin Mason wrote:
try tracing the master spamd process using -f, so that it traces *both*
the parent and the child processes.
Since I'm using MIMEDefang which loads the SA libraries directly, I'm
not running spamd. I'll see if tracing the multiplexor process shows
anything, though...
Okay, I've done that and I did get a lot more info out of strace.
See attached file.
Nels Lindquist *
Information Systems Manager
Morningstar Air Express Inc.
The following section of this message contains a file attachment
prepared for transmission using the Internet MIME message format.
If you are using Pegasus Mail, or any other MIME-compliant system,
you should be able to save it or view it from within your mailer.
If you cannot, please ask your system administrator for assistance.
File information ---
File: TRACE.gz
Date: 25 Aug 2005, 16:52
Size: 42423 bytes.
Type: Unknown
TRACE.gz
Description: Binary data
Re: phish/bayes
On Thu, 2005-08-25 at 15:49 -0700, satalk (sent by Nabble.com) wrote: I could not find any email in this forum addressing this issue - it does not mean there is not one - I just could'nt find it :) MY question is as follows: Given that so many valid tokens from ebay/paypal sites exist in phish emails, am I correct in saying that it is imperative to avoid phish emails entering the bayes database? It has been my experience that the more of them I teach Bayes, the less get through. None of my legit eBay/PayPal e-mail has been tagged. Thomas
RE: phish/bayes
From: Thomas Cameron [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 6:03 PM To: users@spamassassin.apache.org Subject: Re: phish/bayes On Thu, 2005-08-25 at 15:49 -0700, satalk (sent by Nabble.com) wrote: I could not find any email in this forum addressing this issue - it does not mean there is not one - I just could'nt find it :) MY question is as follows: Given that so many valid tokens from ebay/paypal sites exist in phish emails, am I correct in saying that it is imperative to avoid phish emails entering the bayes database? It has been my experience that the more of them I teach Bayes, the less get through. None of my legit eBay/PayPal e-mail has been tagged. Mine too -- and we likely need to remind the original poster that it is VERY important to also train some VALID emails from the real source that such phishes are targetting. This puts the real mails words in as tokens an means that the words in both types will not be strong indicators of spam (or ham) and other differences will be used to make the estimate. -- Herb Martin
Re: spamd[7745]: bad protocol: header error:
On Thursday 25 August 2005 11:35 am, Justin Mason wrote: Duncan Hill writes: On Thursday 25 August 2005 12:31, Chris typed: Noted this in my syslog this morning, is this another harmless error, or is something borked somewhere? Aug 24 21:30:09 cpollock spamd[7745]: bad protocol: header error: Actually, I think it was a portscan. See the IMAP and POP3 servers shutting down around the same time, and the multiple different protocols attempted. --j. My apologies to the list for asking this. After seeing Justin's reply that it may have been a portscan I remembered that I was checking out nmap at about the same time last night on 127.0.0.1. I didn't realize that spamassassin and courier-imap would be affected. Again, my apologies for the wasted bandwidth. Chris -- Chris Registered Linux User 283774 http://counter.li.org 18:51:12 up 4 days, 6:34, 1 user, load average: 0.39, 0.42, 0.35 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
