Re: Nigerian scam not catched by 3.10?
FYI: I tested 3.10 for a week now and indeed some (very few) Scams don't get hit anymore by 3.10 but more scams then before get hit by the new Scam-rules (Advance_fee) so all in all it is a positive change. Also for other spam it seems to do a better job because of new rules. Time to upgrade the SA of my production server. Menno I installed 3.10 on my testserver to compare some scores with my current 3.03 version. I only have the default checks. Some spam was not marked in 3.10 because checks like NIGERIAN_BODY* didn't get off. It seems that everything with 'NIGERIAN' in it is removed from /usr/share/spamassassin/*.cf in version 3.10. Any idea why? These checks were really important to me, I get a lot of Nigerian scams especially via hotmail. Regards Menno van Bennekom
TextCat usage and language dependent rules
I've looked thru the documentation and the wiki, etc. and haven't found any clear information on how to use the TextCat plugin. previously I used the config file switch ok_languages en ja ko ... after upgrading to 3.10 and uncommenting the textcat plugin spamassassin -D --lint isn't returning any parsing errors on that line, but i'm not sure if it's actually taking effect. Also, tests like PLING_QUERY and GAPPY_SUBJECT which were properly skipped for ISO-2022-JP encoded mail is starting to hit again. additionally, SUBJECT_ENCODED_TWICE is hitting quite a lot, but double-encoding is normal for Japanese mail. often the mail client used to send mail will take a long subject and break it into multiple lines, each with the iso-2022-jp encoding. This is more than likely due to the 2-byte characters and line length limitations. (do i need to file a bug report on this?) can someone give me some insight into how the textcat plugin stuff works and what I should be expecting to see as a result of enabling it and leaving the ok_languages directive set? Thanks, alan
upgrade error spamassassin t/SATest.pm at line 592
Hello my os version is linux debian 3.1 (sarge) on my system SpamAssassin (version 3.0.2) is runing with Perl version 5.8.4. now i will upgrade to SpamAssassin 3.1 with cpan but every time i get this error: - cpan install Mail::SpamAssassin CPAN: Storable loaded ok .. ... t/regexp_valid..ok t/relative_scores...ok t/report_safe...ok t/reportheader..Not found: msgidnotvalid = Message-Id is not valid, # Failed test 6 in t/SATest.pm at line 592 Not found: spam-report-body = Spam detection software, running on the system # Failed test 7 in t/SATest.pm at line 592 fail #2 t/reportheader..FAILED tests 6-7 Failed 2/11 tests, 81.82% okay t/reportheader_8bit.ok t/rule_namesok t/rule_typesok ... ... .. t/whitelist_to..ok t/zz_cleanupok Failed Test Stat Wstat Total Fail Failed List of Failed --- t/reportheader.t 112 18.18% 6-7 13 tests skipped. Failed 1/93 test scripts, 98.92% okay. 2/2071 subtests failed, 99.90% okay. make: *** [test_dynamic] Error 255 /usr/bin/make test -- NOT OK Running make install make test had returned bad status, won't install without force - can any body help? thanks bernd -- B. Geier [EMAIL PROTECTED]
Re: Newbie: Postfix/Spamassassin Questions
Well that confirms my suspicion on it not doing Content-Checking (quarantining messages based on content/attachments) - can anyone suggest something to do this? From the tutorials I've been following it looks like SA will hook into AV software (or vice versa) - I think the key is amavisd-new. I tested telneting into ports 10024 and 10025 but 10024 can't connect - could this indicate a problem or is that normal? On 10/6/05, Loren Wilton [EMAIL PROTECTED] wrote: I was told that I can use spamassassin to do Content Checking but I see no evidence of it as yet. That may depend on what you mean by content checking SA is a tool for classifying spam. You seem to have tried it on a virus. A virus really isn't spam, it is a virus. SA makes little attempt to catch virui, there are tools designed for that purpose. Now, if you want to catch messages about mortgage deals and the latest popularity pills and sex clubs, then SA will do a nice job for you once you have it set up right. It is important to realyse that SA is a *filter*. It doesn;t DO anything to the spam, other than add a score that indicates how likely a message is to be spam. Something else in your processing chain needs to follow SA, look at the score, and decide what to do with the mail. If you don't have that, then all mail, spam included, will get routed to the users. However, the spam will be scored and marked as spam in the subject line. The user's mail client can then usually filter on that if they want to. It sounds like you don't have SA properly integrated into the rest of your mail system, and it isn't processing the messages. Unfortunately I don't recognize the tool you are using, so I can't help. Someone else will probably be along soon that may be able to. Loren
Spam increase after upgrade to 3.03 on Debian Stable
I'm stabbing in the dark a bit here, sorry. I had a server running Debian Woody which was running, IIRC[1], 2.6x. After upgrading to Sarge now running 3.0.3-2 and exim 4.50-8 the users are complaining of a lot more spam getting through. I'm now seeing it also -- looking at a few of my spam mailboxes on that machine I can see a change on the day I did the update to Sarge. I thought I saw a post here about this a few weeks (months?) back but I'm not having luck finding it in my pre-coffee haze looking though the last 2000 or so messages. That's why I'm posting, as I'm thinking I saw a discussion about this. I've also looked over my old backed-up configs compared to the current ones and I'm not seeing any major differences. Can anyone recommend where I should look for changes that might have resulted in a change in the scoring? BTW -- I'm also using RulesDuJour[2]. Thanks, [1] I say IIRC because I have some commented out notes in my old sources.list for: # Mon May 2 23:35:36 PDT 2005 deb http://www.backports.org/debian/ woody exim4 # Spamassassin backport # from maintainer #deb http://people.debian.org/~duncf/debian woody main #another source # deb http://people.debian.org/~aurel32/BACKPORTS woody main [2] TRUSTED_RULESETS=TRIPWIRE ANTIDRUG EVILNUMBERS BOGUSVIRUS SARE_ADULT \ SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF SARE_BAYES_POISON_NXM \ SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE SARE_CODING_HTML; -- Bill Moseley [EMAIL PROTECTED]
RE: Spam increase after upgrade to 3.03 on Debian Stable
From: Bill Moseley [mailto:[EMAIL PROTECTED] I had a server running Debian Woody which was running, IIRC[1], 2.6x. After upgrading to Sarge now running 3.0.3-2 and exim 4.50-8 the users are complaining of a lot more spam getting through. I'm now seeing it also -- looking at a few of my spam mailboxes on that machine I can see a change on the day I did the update to Sarge. I thought I saw a post here about this a few weeks (months?) back but I'm not having luck finding it in my pre-coffee haze looking though the last 2000 or so messages. That's why I'm posting, as I'm thinking I saw a discussion about this. I've also looked over my old backed-up configs compared to the current ones and I'm not seeing any major differences. Can anyone recommend where I should look for changes that might have resulted in a change in the scoring? The most likely cause is a misconfigured trust path. 3.0.x introduced the ALL_TRUSTED rule. This rule is supposed to fire with a negative score if the message has not passed through any untrusted servers. A common problem is that you have not configured your trust path properly, so ALL_TRUSTED is firing on spam and lowering the score. It's tempting to just score ALL_TRUSTED as 0 to disable it, but don't do that. The trust path settings are used on quite a few other things behind the scenes to determine how to interpret the headers. You need to set the trusted_networks setting to list all of the networks and servers that you control. There is also an internal_networks setting that you may or may not need. If you only set one of the two, the other one will default to using the same values. Take a look at the Mail::SpamAssassin::Conf manpage for more info. There have also been a few lengthy discussions on the list regarding this, so you may want to check the archives. Bowie
RE: Spam increase after upgrade to 3.03 on Debian Stable
Also make sure that if you are using bayes learning that spamassassin is still able to read the bayes_ files. There must have been some incompatibility with mine because I had to nuke everyones bayes_ files and return sa-learn so that bayes started kicking in again. Also the config problem that Bill described bit me in the ass as well. Almost all incoming mail was being tagged as ALL_TRUSTED. On Fri, 2005-10-07 at 11:18 -0400, Bowie Bailey wrote: From: Bill Moseley [mailto:[EMAIL PROTECTED] I had a server running Debian Woody which was running, IIRC[1], 2.6x. After upgrading to Sarge now running 3.0.3-2 and exim 4.50-8 the users are complaining of a lot more spam getting through. I'm now seeing it also -- looking at a few of my spam mailboxes on that machine I can see a change on the day I did the update to Sarge. I thought I saw a post here about this a few weeks (months?) back but I'm not having luck finding it in my pre-coffee haze looking though the last 2000 or so messages. That's why I'm posting, as I'm thinking I saw a discussion about this. I've also looked over my old backed-up configs compared to the current ones and I'm not seeing any major differences. Can anyone recommend where I should look for changes that might have resulted in a change in the scoring? The most likely cause is a misconfigured trust path. 3.0.x introduced the ALL_TRUSTED rule. This rule is supposed to fire with a negative score if the message has not passed through any untrusted servers. A common problem is that you have not configured your trust path properly, so ALL_TRUSTED is firing on spam and lowering the score. It's tempting to just score ALL_TRUSTED as 0 to disable it, but don't do that. The trust path settings are used on quite a few other things behind the scenes to determine how to interpret the headers. You need to set the trusted_networks setting to list all of the networks and servers that you control. There is also an internal_networks setting that you may or may not need. If you only set one of the two, the other one will default to using the same values. Take a look at the Mail::SpamAssassin::Conf manpage for more info. There have also been a few lengthy discussions on the list regarding this, so you may want to check the archives. Bowie
RE: Spam increase after upgrade to 3.03 on Debian Stable
From: Matthew Lenz [mailto:[EMAIL PROTECTED] Also make sure that if you are using bayes learning that spamassassin is still able to read the bayes_ files. There must have been some incompatibility with mine because I had to nuke everyones bayes_ files and return sa-learn so that bayes started kicking in again. Also the config problem that Bill described bit me in the ass as well. Almost all incoming mail was being tagged as ALL_TRUSTED. It tends to bite quite a few people and should probably qualify as an FAQ by now. If you don't specify trusted_networks or internal_networks, SA tries to guess at your network. It assumes that the first non-private IP that it sees is your external mail relay. If your frontline mailserver has a private IP, then the server that is sending to you is assumed to be your external relay and is trusted. The result is that all mail that doesn't pass through more than one mail relay before getting to you will be marked ALL_TRUSTED. Bowie
RE: Newbie: Postfix/Spamassassin Questions
Alex, Amavisd-new is the ticket. I use it w/ sa and clamav. Setting up the config for amavis was a real pain for me, but it works great now. I am trying to find the online tutorial that I used to set it up. Are you using it as a wall before mail gets to exchange? That is what I am doing, but I have no 'per-user' whitelists or tweakable settings. I will try my best to answer any questions you have, but I am linux challenged. Mike S -Original Message- From: Alex Davidson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:32 AM To: SpamAssassin Mailing List Subject: Re: Newbie: Postfix/Spamassassin Questions Well that confirms my suspicion on it not doing Content-Checking (quarantining messages based on content/attachments) - can anyone suggest something to do this? From the tutorials I've been following it looks like SA will hook into AV software (or vice versa) - I think the key is amavisd-new. I tested telneting into ports 10024 and 10025 but 10024 can't connect - could this indicate a problem or is that normal? On 10/6/05, Loren Wilton [EMAIL PROTECTED] wrote: I was told that I can use spamassassin to do Content Checking but I see no evidence of it as yet. That may depend on what you mean by content checking SA is a tool for classifying spam. You seem to have tried it on a virus. A virus really isn't spam, it is a virus. SA makes little attempt to catch virui, there are tools designed for that purpose. Now, if you want to catch messages about mortgage deals and the latest popularity pills and sex clubs, then SA will do a nice job for you once you have it set up right. It is important to realyse that SA is a *filter*. It doesn;t DO anything to the spam, other than add a score that indicates how likely a message is to be spam. Something else in your processing chain needs to follow SA, look at the score, and decide what to do with the mail. If you don't have that, then all mail, spam included, will get routed to the users. However, the spam will be scored and marked as spam in the subject line. The user's mail client can then usually filter on that if they want to. It sounds like you don't have SA properly integrated into the rest of your mail system, and it isn't processing the messages. Unfortunately I don't recognize the tool you are using, so I can't help. Someone else will probably be along soon that may be able to. Loren
RE: Newbie: Postfix/Spamassassin Questions
Alex, http://workaround.org/articles/ispmail-sarge/ I started w/ this tutorial to get some virtual domains working. It works well for those LOW traffic domains. Then I allowed postfix to relay some other domains to exchange (after sa and clamav told amavisd what's the score) But this has some good scoop on amavis Mike S -Original Message- From: Mike Schrauder Sent: Friday, October 07, 2005 12:58 PM To: SpamAssassin Mailing List Subject: RE: Newbie: Postfix/Spamassassin Questions Alex, Amavisd-new is the ticket. I use it w/ sa and clamav. Setting up the config for amavis was a real pain for me, but it works great now. I am trying to find the online tutorial that I used to set it up. Are you using it as a wall before mail gets to exchange? That is what I am doing, but I have no 'per-user' whitelists or tweakable settings. I will try my best to answer any questions you have, but I am linux challenged. Mike S -Original Message- From: Alex Davidson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:32 AM To: SpamAssassin Mailing List Subject: Re: Newbie: Postfix/Spamassassin Questions Well that confirms my suspicion on it not doing Content-Checking (quarantining messages based on content/attachments) - can anyone suggest something to do this? From the tutorials I've been following it looks like SA will hook into AV software (or vice versa) - I think the key is amavisd-new. I tested telneting into ports 10024 and 10025 but 10024 can't connect - could this indicate a problem or is that normal? On 10/6/05, Loren Wilton [EMAIL PROTECTED] wrote: I was told that I can use spamassassin to do Content Checking but I see no evidence of it as yet. That may depend on what you mean by content checking SA is a tool for classifying spam. You seem to have tried it on a virus. A virus really isn't spam, it is a virus. SA makes little attempt to catch virui, there are tools designed for that purpose. Now, if you want to catch messages about mortgage deals and the latest popularity pills and sex clubs, then SA will do a nice job for you once you have it set up right. It is important to realyse that SA is a *filter*. It doesn;t DO anything to the spam, other than add a score that indicates how likely a message is to be spam. Something else in your processing chain needs to follow SA, look at the score, and decide what to do with the mail. If you don't have that, then all mail, spam included, will get routed to the users. However, the spam will be scored and marked as spam in the subject line. The user's mail client can then usually filter on that if they want to. It sounds like you don't have SA properly integrated into the rest of your mail system, and it isn't processing the messages. Unfortunately I don't recognize the tool you are using, so I can't help. Someone else will probably be along soon that may be able to. Loren
Re: Spam increase after upgrade to 3.03 on Debian Stable
On Fri, Oct 07, 2005 at 11:18:11AM -0400, Bowie Bailey wrote: The most likely cause is a misconfigured trust path. 3.0.x introduced the ALL_TRUSTED rule. This rule is supposed to fire with a negative score if the message has not passed through any untrusted servers. A common problem is that you have not configured your trust path properly, so ALL_TRUSTED is firing on spam and lowering the score. Looks like I was running some version of 3.0 on that machine before upgrading to Sarge, as pre-upgrade messages do include: -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts on locally generated messages. Oddly, I no longer see that message *after* I upgraded to Sarge. But, if anything that would catch more spam, not less as I'm seeing now. I've been pushing old spam messages through my new setup to see if how the scores change. It's starting to look like RBL checks are not happening any more, but skip_rbl_checks is not adjusted in local.cf. Ah! debug: failed to load Net::DNS::Resolver: Can't locate Net/DNS.pm in @INC I updated two very similar Woody machines that day, and this machine was trouble -- for some reason dist-upgraded removed a number of packages for a reason I'm not clear on. (Like Apache and Bind!) BTW -- Any of these need attention? $ spamassassin --lint config: SpamAssassin failed to parse line, skipping: rewrite_subject 0 warning: score set for non-existent rule RCVD_IN_DUL warning: score set for non-existent rule RCVD_IN_RBL warning: score set for non-existent rule RCVD_IN_RSS warning: score set for non-existent rule MICROSOFT_EXECUTABLE lint: 5 issues detected. please rerun with debug enabled for more information. -- Bill Moseley [EMAIL PROTECTED]
Re: Newbie: Postfix/Spamassassin Questions
Yes Mike, I'm actually still pulling mail in with Mail Essentials as it has a nifty mail archiver built in (eventually I'd like to switch that to the linux box too), then I'm passing mail on to Postfix, then on to Exchange 2000. The whole whitelist/blacklist thing is next I guess, once I have the server doing the spam and virus analysis. I would like to replicate Gfi's ability to allow users to blacklist and whitelist addresses and mark content as spam if possible. No idea how that all works (or does it?) On 10/7/05, Mike Schrauder [EMAIL PROTECTED] wrote: Alex, Amavisd-new is the ticket. I use it w/ sa and clamav. Setting up the config for amavis was a real pain for me, but it works great now. I am trying to find the online tutorial that I used to set it up. Are you using it as a wall before mail gets to exchange? That is what I am doing, but I have no 'per-user' whitelists or tweakable settings. I will try my best to answer any questions you have, but I am linux challenged. Mike S -Original Message- From: Alex Davidson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:32 AM To: SpamAssassin Mailing List Subject: Re: Newbie: Postfix/Spamassassin Questions Well that confirms my suspicion on it not doing Content-Checking (quarantining messages based on content/attachments) - can anyone suggest something to do this? From the tutorials I've been following it looks like SA will hook into AV software (or vice versa) - I think the key is amavisd-new. I tested telneting into ports 10024 and 10025 but 10024 can't connect - could this indicate a problem or is that normal? On 10/6/05, Loren Wilton [EMAIL PROTECTED] wrote: I was told that I can use spamassassin to do Content Checking but I see no evidence of it as yet. That may depend on what you mean by content checking SA is a tool for classifying spam. You seem to have tried it on a virus. A virus really isn't spam, it is a virus. SA makes little attempt to catch virui, there are tools designed for that purpose. Now, if you want to catch messages about mortgage deals and the latest popularity pills and sex clubs, then SA will do a nice job for you once you have it set up right. It is important to realyse that SA is a *filter*. It doesn;t DO anything to the spam, other than add a score that indicates how likely a message is to be spam. Something else in your processing chain needs to follow SA, look at the score, and decide what to do with the mail. If you don't have that, then all mail, spam included, will get routed to the users. However, the spam will be scored and marked as spam in the subject line. The user's mail client can then usually filter on that if they want to. It sounds like you don't have SA properly integrated into the rest of your mail system, and it isn't processing the messages. Unfortunately I don't recognize the tool you are using, so I can't help. Someone else will probably be along soon that may be able to. Loren
Re: Newbie: Postfix/Spamassassin Questions
Thanks! I'll take a look at this and see if I can figure out what's going on On 10/7/05, Mike Schrauder [EMAIL PROTECTED] wrote: Alex, http://workaround.org/articles/ispmail-sarge/ I started w/ this tutorial to get some virtual domains working. It works well for those LOW traffic domains. Then I allowed postfix to relay some other domains to exchange (after sa and clamav told amavisd what's the score) But this has some good scoop on amavis Mike S -Original Message- From: Mike Schrauder Sent: Friday, October 07, 2005 12:58 PM To: SpamAssassin Mailing List Subject: RE: Newbie: Postfix/Spamassassin Questions Alex, Amavisd-new is the ticket. I use it w/ sa and clamav. Setting up the config for amavis was a real pain for me, but it works great now. I am trying to find the online tutorial that I used to set it up. Are you using it as a wall before mail gets to exchange? That is what I am doing, but I have no 'per-user' whitelists or tweakable settings. I will try my best to answer any questions you have, but I am linux challenged. Mike S -Original Message- From: Alex Davidson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:32 AM To: SpamAssassin Mailing List Subject: Re: Newbie: Postfix/Spamassassin Questions Well that confirms my suspicion on it not doing Content-Checking (quarantining messages based on content/attachments) - can anyone suggest something to do this? From the tutorials I've been following it looks like SA will hook into AV software (or vice versa) - I think the key is amavisd-new. I tested telneting into ports 10024 and 10025 but 10024 can't connect - could this indicate a problem or is that normal? On 10/6/05, Loren Wilton [EMAIL PROTECTED] wrote: I was told that I can use spamassassin to do Content Checking but I see no evidence of it as yet. That may depend on what you mean by content checking SA is a tool for classifying spam. You seem to have tried it on a virus. A virus really isn't spam, it is a virus. SA makes little attempt to catch virui, there are tools designed for that purpose. Now, if you want to catch messages about mortgage deals and the latest popularity pills and sex clubs, then SA will do a nice job for you once you have it set up right. It is important to realyse that SA is a *filter*. It doesn;t DO anything to the spam, other than add a score that indicates how likely a message is to be spam. Something else in your processing chain needs to follow SA, look at the score, and decide what to do with the mail. If you don't have that, then all mail, spam included, will get routed to the users. However, the spam will be scored and marked as spam in the subject line. The user's mail client can then usually filter on that if they want to. It sounds like you don't have SA properly integrated into the rest of your mail system, and it isn't processing the messages. Unfortunately I don't recognize the tool you are using, so I can't help. Someone else will probably be along soon that may be able to. Loren
SPF_HELO
I installed the Mail::SPF::Query module, and have a few questions. I understand the normal SPF lookup on the envelope sender's domain, but I'm not clear about the HELO SPF lookup. Is that explained somewhere? My other question is: is there a recommended score for the SPF_FAIL test? Thanks, -- Bill Moseley [EMAIL PROTECTED]
ALL_TRUSTED (was: Spam increase after upgrade to 3.03 on Debian Stable)
On Fri, Oct 07, 2005 at 12:57:10PM -0400, Bowie Bailey wrote: If you don't specify trusted_networks or internal_networks, SA tries to guess at your network. It assumes that the first non-private IP that it sees is your external mail relay. If your frontline mailserver has a private IP, then the server that is sending to you is assumed to be your external relay and is trusted. The result is that all mail that doesn't pass through more than one mail relay before getting to you will be marked ALL_TRUSTED. Not sure I'm following. You mean the defaults don't work on a mail server with a public IP and an internal 192.168 net? I just got this: Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 07 Oct 2005 12:10:40 -0700 Received: from [71.114.166.156] (helo=mailbox.hu) by mardy.hank.org with smtp (Exim 4.50) id 1ENxc8-0006mB-2h for [EMAIL PROTECTED]; Fri, 07 Oct 2005 12:10:40 -0700 Received: from 251.150.107.4 by smtp.state.mn.us; Fri, 07 Oct 2005 19:03:58 + Message-ID: [EMAIL PROTECTED] From: Noelle Moran [EMAIL PROTECTED] [...] -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts -- Bill Moseley [EMAIL PROTECTED]
RE: ALL_TRUSTED (was: Spam increase after upgrade to 3.03 on De bian Stable)
From: Bill Moseley [mailto:[EMAIL PROTECTED] On Fri, Oct 07, 2005 at 12:57:10PM -0400, Bowie Bailey wrote: If you don't specify trusted_networks or internal_networks, SA tries to guess at your network. It assumes that the first non-private IP that it sees is your external mail relay. If your frontline mailserver has a private IP, then the server that is sending to you is assumed to be your external relay and is trusted. The result is that all mail that doesn't pass through more than one mail relay before getting to you will be marked ALL_TRUSTED. Not sure I'm following. You mean the defaults don't work on a mail server with a public IP and an internal 192.168 net? The defaults will not work properly if your front-line mailserver has a private (192.168) IP address. In that case, you must manually configure trusted_networks. (Manual configuration is a good idea anyway) I just got this: Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 07 Oct 2005 12:10:40 -0700 Received: from [71.114.166.156] (helo=mailbox.hu) by mardy.hank.org with smtp (Exim 4.50) id 1ENxc8-0006mB-2h for [EMAIL PROTECTED]; Fri, 07 Oct 2005 12:10:40 -0700 Received: from 251.150.107.4 by smtp.state.mn.us; Fri, 07 Oct 2005 19:03:58 + Message-ID: [EMAIL PROTECTED] From: Noelle Moran [EMAIL PROTECTED] [...] -2.8 ALL_TRUSTEDDid not pass through any untrusted hosts Ok... 251.150.107.4 -- smtp.state.mn.us 71.114.166.156 -- mardy.hank.org What results do you get on your SA box from these two commands? dig smtp.state.mn.us dig mardy.hank.org This is what man Mail::SpamAssassin::Conf has to say about the automatic trust algorithm: * if the 'from' IP address is on the same /16 network as the top Received line's 'by' host, it's trusted * if the address of the 'from' host is in a private network range, then it's trusted * if any addresses of the 'by' host is in a private network range, then it's trusted Of course, if you manually set trusted_networks, then that logic will be replace by a simple check to see if the 'by' host is in your trusted_networks list. (Although this may not be quite right as the manpage doesn't specify exactly what is checked.) Either way, once you come to an untrusted received line, all lines below that are also considered untrusted. Bowie
Re: Newbie: Postfix/Spamassassin Questions
From: Alex Davidson [EMAIL PROTECTED]
Well that confirms my suspicion on it not doing Content-Checking
(quarantining messages based on content/attachments) - can anyone
suggest something to do this?
Procmail, MailScanner, Amavis-new, and so forth. I use procmail.
{^_^}
SA 3.1 Tools
Trying to run the bayes_dump_to_trusted_networks tool, with this on the cl: [EMAIL PROTECTED] .spamassassin]$ sa-learn --dump | ./bayes_dump_to_trusted_networks --rdns trust.cf Trust.cf is created however when the script is done, the output is blank. Anyone know where I'm going wrong? -- Chris Registered Linux User 283774 http://counter.li.org 18:47:11 up 22:09, 2 users, load average: 0.64, 0.64, 0.44 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
STOCK_PICK
I had an enhanced score for STOCK_PICK, which is still listed on this page http://spamassassin.apache.org/tests_3_0_x.html as being one of the tests performed. However when movint to 3.10 I had to comment out that line in my local.cf because STOCK_PICK apparently no longer exists. As a result a log of pump-and-dump stock spam is getting through under the radar. 1 Why was it deleted? 2 Was it a simple enough rule to be hand written as a user rule, and if so, does any one know that it was? -- _ John Andersen pgpzEckTGX4DH.pgp Description: signature
Razor 2 license
Is it possible to use Razor 2 for a business email server or is it limited to personal use only? Has anyone been able to obtain a license to do this or have you discontinued using Razor 2 with SpamAssassin? I couldn't find information on the couldmark web site and I haven't received a response to my request for more information. Cloudmark SpamNet Service PolicyV1.0Aug 1, 2003SpamNet Service and Razor-Agents While Razor-Agents are distributed under the Artistic License and willstay that way, the Cloudmark SpamNet service, a particular implementationof a Razor-compliant back-end, is a commercial operation with maintenanceand support costs, and is no longer available for unlimited free use,effective immediately.Use of the SpamNet service by Razor-agent-enabled software will remainfree for personal use, subject to capacity constraints that Cloudmark mayenforce against intensive users of the service as it sees fit.Distribution or use of the system in commercial embedded softwaresolutions is not free. All such access must be licensed by Cloudmark.Organizations interested in working with Razor or with Cloudmark'snext-generation SpamNet client technologies should contact Cloudmark at[EMAIL PROTECTED]
Re: STOCK_PICK
Hello John, Friday, October 7, 2005, 5:26:58 PM, you wrote: JA 2 Was it a simple enough rule to be hand written as a JAuser rule, and if so, does any one know that it was? From SA 3.0.4: body STOCK_PICK/STOCK PICK/i describe STOCK_PICK Offers a picked stock lang de describe STOCK_PICK Bietet eine Aktienempfehlung an lang fr describe STOCK_PICK Contient la formule stock pick lang nl describe STOCK_PICK Biedt geselecteerde aandelen aan lang pl describe STOCK_PICK Oferuje pierwszorzêdne akcje score STOCK_PICK 0.106 0.150 0.041 1.470
Configuration tool updated
My SpamAssassin Configuration Tool, which is linked from the SpamAssassin site and hasn't worked with 3.0 or 3.1, has finally been updated.http://www.yrex.com/spam/spamconfig.php It now works with 3.0 or 3.1, although 3.1 will need some edits to v310.pre for razor/dcc/textcat along with the output of my script. The old (SpamAssassin 2.5) version is still available here: http://www.yrex.com/spam/spamconfig25.php Please let me know if this doesn't work for anyone, or if there's a commonly-used setting that it lacks. -- Michael Moncur - mgm at starlingtech dot com
