Why did this mail get any score at all?
Hi, here's the headers of a mail that got scored (ok, not very high but it should get no score at all): Return-Path: X-Sieve: cmu-sieve 2.0 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on celebrimbor.eregion.home X-Spam-Status: No, score=1.7 required=5.0 tests=ALL_TRUSTED,BAYES_00, DCC_CHECK,SUBJECT_EXCESS_QP autolearn=no version=3.1.0 X-Spam-Level: * Received: from www.eregion.de (unknown [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id 12A20147BB for ; Fri, 4 Nov 2005 05:50:06 + (UTC) Received: from localhost (localhost [127.0.0.1]) by www.eregion.de (Postfix on SuSE Linux 8.0 (i386)) with ESMTP id AE31313FF6 for ; Fri, 4 Nov 2005 06:50:05 +0100 (CET) Delivery-Date: Fri, 04 Nov 2005 06:45:40 +0100 Received: from pop.1und1.de [212.227.15.162] by localhost with POP3 (fetchmail-5.9.0) for XXX (multi-drop); Fri, 04 Nov 2005 06:50:05 +0100 (CET) Received: from [62.27.46.11] (helo=mailagent.jobpilot.de) by mx.kundenserver.de (node=mxeu8) with ESMTP (Nemesis), id 0MKt1w-1EXuOR3vX0-lO for XXX; Fri, 04 Nov 2005 06:45:39 +0100 From: jobpilot Subject: =?iso-8859-1?q?Karriere-Journal:=20Eingewaehlt=20und=20abgezockt?= Errors-To: XXX To: XXX Reply-To: jobpilot X-Template-ID: 329 X-Server-ID: 1 X-Language-ID: 2 X-Templatetype: newsletter MIME-Version: 1.0 What really bugs me are the scores for ALL_TRUSTED and SUBJECT_EXCESS_QP. my local.cf contains this: trusted_networks 192.168/16 127/8 internal_networks 192.168/16 127/8 and the question marks in the subject are because of the encoding... Any hints? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
trusted_networks and SPF
This is related to the topic 'trusted_networks?' from last weak, but instead of snatching the thread I'll start a new one. Meanwhile I've read and re-read the Mail::SpamAssassin::Conf man page, but I'm no wiser. Using SA 3.1, Postfix, amavisd-new. I have a mail relay on an internal network serving as a submission mail relay (let's call it MSA, 193.2.4.152) for internal as well as authenticated external users, e.g. dial-ups via foreign ISP. This MSA feeds all mail to the main MTA on the same network, where SA is running, which in turn redistributes it where necessary. According to SA docs on trusted/internal_networks, the MSA is to be included in the trusted_networks list, and not in internal_networks. (incidently, this is quite a pain to do, instead of something like: trusted_networks 193.2.4.0/24 internal_networks !193.2.4.152 193.2.4.0/24 one needs to use a contortion like: trusted_networks 193.2.4.0/24 internal_networks 193.2.4.0/25 193.2.4.128/28 193.2.4.144/29 internal_networks 193.2.4.153 193.2.4.154 193.2.4.155 internal_networks 193.2.4.156/30 193.2.4.160/27 193.2.4.192/26 Btw, other host on the net are to be listed in internal_networks because some Unix hosts tend to submit their mail indirectly through their private MTA and not necessarily directly from MUA (depending on their admins), which means that such hosts should be treated as internal relays. ) Now the question. A mail submitted to MSA from an external authenticated client (which also happens to be DUL-listed) uses a sender address of our domain (as it should be, according to SPF docs). The SPF check (as done by SA) submits this foreign IP address to SPF, which naturally claims it is a forgery. This is clearly wrong, the IP address submitted to SPF should be that of MSA, or SPF check should be skipped altogether. To clarify, the following are the only two Received header fields in that mail: Received: from MSA by our main MTA Received: from foreign IP client by MSA Interestingly, if I remove the MSA IP address from trusted_networks, the SPF check does use the correct IP address, i.e. that of the MSA. ... but in this case the DUL check strikes in and penalizes the foreign client IP address. MSA listed in x_networks: trusted internal 0 0 SPF ok, no DUL hit 0 1 SPF ok, no DUL hit 1 0 SPF fails, no DUL hit 1 1 SPF fails, DUL hits So, is SPF when called by SA getting the wrong IP address in case of authenticated mail from a foreign MUA submitted through our MSA which is listed in trusted_networks (and not in internal_networks)? Mark
Please remove SC2 rules or references
Anyone using custom rules for sc2.surbl.org, please take them out now, since sc.surbl.org is using that data. Jeff C. -- Don't harm innocent bystanders.
RE: HUGE bayes DB (non-sitewide) advice?
>> email builder wrote: >>> As a result of this, however, we are currently burdened with an >>> 8GB(! yep, you read it right) bayes database (more than 20K users >>> having mail delivered). >> >> Consider using bayes_expiry_max_db_size in conjunction with >> bayes_auto_expire > > "Using"? So you are saying you use non-sitewide bayes but you limit > your max DB size to something much smaller than the default? Care to > share your settings? No, I use sitewide bayes. > We left these at their defaults (not unintentionally). If we have > 20K users, the default max of 150,000 tokens at roughly 8MB comes out > to 160GB. We have the disk space, but just not sure if we have the > tuning it would take to handle a DB of that size. What I am looking > for is tuning help or other ideas on how to achieve some reasonable > level of bayes personalization without drowning our DB resources. For optimum performance you probably want the bayes database to fit into RAM, along with all of your spamassassin objects and anything else on the server. You might consider buying a dedicated Bayes DB server with 4 GB of RAM, and cutting bayes_expiry_max_db_size in half. That should do it. If the DB fits into RAM, the SQL engine should be able to make transactional changes in RAM and lazily spool them to the disk without forcing other transactions to wait. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
RE: HUGE bayes DB (non-sitewide) advice?
--- [EMAIL PROTECTED] wrote: > email builder wrote: > > As a result of this, however, we are currently burdened with an > > 8GB(! yep, you read it right) bayes database (more than 20K users > > having mail delivered). > > Consider using bayes_expiry_max_db_size in conjunction with > bayes_auto_expire "Using"? So you are saying you use non-sitewide bayes but you limit your max DB size to something much smaller than the default? Care to share your settings? We left these at their defaults (not unintentionally). If we have 20K users, the default max of 150,000 tokens at roughly 8MB comes out to 160GB. We have the disk space, but just not sure if we have the tuning it would take to handle a DB of that size. What I am looking for is tuning help or other ideas on how to achieve some reasonable level of bayes personalization without drowning our DB resources. Thanks __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
RE: HUGE bayes DB (non-sitewide) advice?
email builder wrote: > As a result of this, however, we are currently burdened with an > 8GB(! yep, you read it right) bayes database (more than 20K users > having mail delivered). Consider using bayes_expiry_max_db_size in conjunction with bayes_auto_expire -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
HUGE bayes DB (non-sitewide) advice?
Hi all, I'm wondering if anyone out there hosts a large number of users with per-USER bayes (in MySQL)? Our user base is varied enough that we do not feel bayes would be effective if done site-wide. Some people like their spammy newsletters, some are geeks who would deeply resent someone training newsletters to be ham. As a result of this, however, we are currently burdened with an 8GB(! yep, you read it right) bayes database (more than 20K users having mail delivered). We went to InnoDB when we upgraded to 3.1 per the upgrade doc's recommendation, so that also means things are a bit slower. Watching mytop, most all the activity we get is from bayes inserts, which is not surprising, and is probably the cause of why we get a lot of iowait, trying to keep writing to an 8G tablespace... Oh, and we let bayes do its token cleanup on the spot (sorry, not remembering the config setting name right now), not at night, since a small lag in delivery is acceptable, but figuring out how to run an absolutely huge cleanup by cron every night in this scenario seems like it'd really kill the DB (and we'd have to run sa-learn once for every single user, right... ugh) We've tuned the InnoDB some, but performance is still not all that good -- is there anyone out there who runs a system like this? * What kinds of MySQL tuning are people using to help cope? * Are there any SA settings to help allieviate performance problems? * If we want to walk away from per-user bayes, is the only option to go site-wide? What other options are there? __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
Re: Outsource my mail?
Pat Traynor <[EMAIL PROTECTED]> wrote on 11/03/2005 11:53:28 AM: > Are there any companies that offer mail storage services with > Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like > to have mail.xyzzy.com point to this 3rd party provider and have them > handle everything. > Yes there are plenty that provide that service as you have seen. Are easy to spot and don't look too good. :-) Sorry, couldn't resist. I need to go home Andy
Re: Outsource my mail?
Kelson wrote: > Pat Traynor wrote: > >> Are there any companies that offer mail storage services with >> Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like >> to have mail.xyzzy.com point to this 3rd party provider and have them >> handle everything. > > > Another shameless plug. We also provide mail hosting and run incoming > mail through SpamAssassin. Users retrieve mail via POP3. > > http://www.speed.net/ > Since everybody else is plugging themselves ... All our linux hosting plans come with mail filtering, so you can easily put your mail with us and your site elsewhere. Alternatively we have a pure email filtering solution with web-based frontend to manage your quarantine, blacklists and whitelists -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
Re: Outsource my mail?
Pat Traynor wrote: Are there any companies that offer mail storage services with Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like to have mail.xyzzy.com point to this 3rd party provider and have them handle everything. Another shameless plug. We also provide mail hosting and run incoming mail through SpamAssassin. Users retrieve mail via POP3. http://www.speed.net/ -- Kelson Vibber SpeedGate Communications
Re: Does anybody have a rule for product VS product?
wrote: I am getting tons of Whopper vs. Pepsi (not exact but I don't want to trigger a rule) type mailings in the subject line. I don't mind creating a rule but wanted to know if there was one out there somebody already put together? I see them a lot in my spamtraps, but they tend to hit multiple SURBL and URIBL lists and get kicked up pretty high, so I've never bothered writing a rule for them. The SURBL rules are built into SA 3+. You just have to install Net::DNS and turn on network tests. The URIBL.com rules aren't built in, but have the same requirements, and you can find info at http://uribl.com/ -- Kelson Vibber SpeedGate Communications
Re: a little help please
"Ryan O'Neil" <[EMAIL PROTECTED]> wrote on 11/03/2005 03:31:38 PM: > I’m not sure what the problem is but when I run spamassassin –lint – > debug I get this output > > It says it has 4 errors, I’m sure a couple of them are plugin > related but I’m kinda retarted when reading this stuff as I’m new to > all of this. > [snip] > [2718] dbg: dns: Net::DNS version: 0.31 [snip] Your Net::DNS is also pretty ancient. I'd upgrade that as well. Check the INSTALL guide for the required Perl modules and versions. Andy
RE: MimeDefang/spamassassin problem
Lisa Casey wrote: > I posted about this on the Mimedefang list and was told to run > spamassassin --lint. I did, but still don't really see the problem. Run make a backup copy of your rules directory. Delete all the files from the original rules directory and run spamassassin --lint - it should run clean. One by one, add the rules files back in, running spamassassin --lint in each one. The first file that causes spamassassin --lint to not run clean has an error. Have you modified the rules files that come with spamassassin? Don't. Run a diff to compare your modified versions to the originals from source. It's likely a mismatched parenthesis, or /, or quote. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Re: a little help please
Ryan O'Neil wrote: > I’m not sure what the problem is but when I run spamassassin –lint > –debug I get this output > > > > It says it has 4 errors, I’m sure a couple of them are plugin related > but I’m kinda retarted when reading this stuff as I’m new to all of this. Re-run *without* the debug enabled to get a more useful list. Linting with debug on can be useful, but I'd always suggest linting first without debug just so the errors aren't buried in a pile of irrelevant debug messages. Here's the real problems and some commentary. > [2718] warn: config: failed to parse line, skipping: Razor2 - perform > Razor2 message checks. > > > [2718] warn: config: failed to parse line, skipping: > use_razor2 1 Looks like you uncommented a comment line, instead of a loadplugin line for razor in v310.pre.. fix that. > [2718] warn: config: failed to parse line, skipping: > use_pyzor 1 Did you comment out the loadplugin for pyzor? > > [2718] warn: config: failed to parse, now a plugin, skipping: > ok_languagesen Did you uncomment the textcat plugin? > > [2718] warn: config: warning: score set for non-existent rule > SUBJECT_DRUG_GAP_VIA Looks like you've got a score line for SUBJECT_DRUG_GAP_VIA in your local.cf, but that rule was removed and no longer exists in 3.1.0.
Re: MimeDefang/spamassassin problem
> config: SpamAssassin failed to parse line, skipping: ) You have something slightly broken in one of your config files near the URIDSBL stuff, from the looks of it. > debug: running meta tests; score so far=-2.623 > Failed to run meta SpamAssassin tests, skipping some: syntax error at (eval > 53) line 295, near ") {" > syntax error at (eval 53) line 382, near "; > }" You also seem to have a major problem with broken code in some not well at all identified eval someplace. However, this is probably the result of a mis-formatted meta rule in one of your rule files. It is unlikely that any of the standard SA config files are broken if you did a normal install. SO it is likely in some config file that you added. I seem to remember that someone reported a similar problem a few days ago, but I don't recall any of the details. Try looking for 'meta' tests in the config files, and check for anything obvious liek mismatched parends in the rule expressions of the tests. Loren - Original Message - From: "Lisa Casey" <[EMAIL PROTECTED]> To: Sent: Thursday, November 03, 2005 12:05 PM Subject: MimeDefang/spamassassin problem > Hi, > > I'm running MimeDefang/Spamassassin on Redhat Linux. I have noticed the > following in my maillog (not sure when this started): > > Nov 3 14:21:27 Raydeus-Dee mimedefang-multiplexor[935]: Slave 8 > stderr: Failed to run meta SpamAssassin tests, skipping some: syntax > error at (eval 1206) line 295, near ") {" syntax error at (eval 1206) > line 382, near "; }" > > I posted about this on the Mimedefang list and was told to run > spamassassin --lint. I did, but still don't really see the problem. Since I > think this is a spamassassin problem anyway, I'ld like to post my > spamassassin --lint --debug here to see if someone can help. > > Thanks, > > Lisa Casey > > [EMAIL PROTECTED] spamassassin]# spamassassin --lint --debug > debug: SpamAssassin version 3.0.1 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/usr/X11R6/bin', keeping. > debug: PATH included '/home/lisa/bin', which doesn't exist, dropping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/sbin', keeping. > debug: Final PATH set to: > /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin > debug: diag: module not installed: DBI ('require' failed) > debug: diag: module installed: DB_File, version 1.810 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.05 > debug: diag: module installed: Net::DNS, version 0.48 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' failed) > debug: diag: module installed: Storable, version 2.13 > debug: diag: module not installed: URI ('require' failed) > debug: ignore: using a test message to lint rules > debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/mail/spamassassin/init.pre > debug: using "/usr/local/share/spamassassin" for default rules dir > debug: config: read file /usr/local/share/spamassassin/10_misc.cf > debug: config: read file /usr/local/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/local/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_compensate.cf > debug: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_drugs.cf > debug: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_phrases.cf > debug: config: read file /usr/local/share/spamassassin/20_porn.cf > debug: config: read file /usr/local/share/spamassassin/20_ratware.cf > debug: config: read file /usr/local/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/local/share/spamassassin/23_bayes.cf > debug: config: read file /usr/local/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/local/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/local/share/spamassassin/25_spf.cf > debug: config: read file /usr/local/share/spamassassin/25_uribl.cf > debug: config: read file /usr/local/share/spamassassin/30_text_de.cf > debug: config: read file /usr/local/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/local/share/spamassassin/30_text_nl.cf > debug: config: read file /us
Re: MimeDefang/spamassassin problem
On Thu, Nov 03, 2005 at 03:05:34PM -0500, Lisa Casey wrote: > I posted about this on the Mimedefang list and was told to run > spamassassin --lint. I did, but still don't really see the problem. Since I > think this is a spamassassin problem anyway, I'ld like to post my > spamassassin --lint --debug here to see if someone can help. debug: running meta tests; score so far=-2.623 Failed to run meta SpamAssassin tests, skipping some: syntax error at (eval 53) line 295, near ") {" syntax error at (eval 53) line 382, near "; }" You have a syntax error in one of your rules, presumably a meta rule. it could be related to: config: SpamAssassin failed to parse line, skipping: ) The config files you're using are: > debug: config: read file /usr/local/share/spamassassin/10_misc.cf > debug: config: read file /usr/local/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/local/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_compensate.cf > debug: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_drugs.cf > debug: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/local/share/spamassassin/20_phrases.cf > debug: config: read file /usr/local/share/spamassassin/20_porn.cf > debug: config: read file /usr/local/share/spamassassin/20_ratware.cf > debug: config: read file /usr/local/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/local/share/spamassassin/23_bayes.cf > debug: config: read file /usr/local/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/local/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/local/share/spamassassin/25_spf.cf > debug: config: read file /usr/local/share/spamassassin/25_uribl.cf > debug: config: read file /usr/local/share/spamassassin/30_text_de.cf > debug: config: read file /usr/local/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/local/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/local/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/local/share/spamassassin/50_scores.cf > debug: config: read file /usr/local/share/spamassassin/60_whitelist.cf > debug: config: read file /etc/mail/spamassassin/antidrug.cf > debug: config: read file /etc/mail/spamassassin/l_porn.cf > debug: config: read file /etc/mail/spamassassin/local.cf > debug: config: read file /root/.spamassassin/user_prefs -- Randomly Generated Tagline: "When cryptography is outlawed, gjklj nbvmiou wtkj kd;ie4 skt klbjxdf." - Unknown pgpSRhAScWNnA.pgp Description: PGP signature
MimeDefang/spamassassin problem
Hi, I'm running MimeDefang/Spamassassin on Redhat Linux. I have noticed the following in my maillog (not sure when this started): Nov 3 14:21:27 Raydeus-Dee mimedefang-multiplexor[935]: Slave 8 stderr: Failed to run meta SpamAssassin tests, skipping some: syntax error at (eval 1206) line 295, near ") {" syntax error at (eval 1206) line 382, near "; }" I posted about this on the Mimedefang list and was told to run spamassassin --lint. I did, but still don't really see the problem. Since I think this is a spamassassin problem anyway, I'ld like to post my spamassassin --lint --debug here to see if someone can help. Thanks, Lisa Casey [EMAIL PROTECTED] spamassassin]# spamassassin --lint --debug debug: SpamAssassin version 3.0.1 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/usr/X11R6/bin', keeping. debug: PATH included '/home/lisa/bin', which doesn't exist, dropping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/sbin', keeping. debug: Final PATH set to: /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/usr/sbin:/sbin debug: diag: module not installed: DBI ('require' failed) debug: diag: module installed: DB_File, version 1.810 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.48 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.13 debug: diag: module not installed: URI ('require' failed) debug: ignore: using a test message to lint rules debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/mail/spamassassin/init.pre debug: using "/usr/local/share/spamassassin" for default rules dir debug: config: read file /usr/local/share/spamassassin/10_misc.cf debug: config: read file /usr/local/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/local/share/spamassassin/20_body_tests.cf debug: config: read file /usr/local/share/spamassassin/20_compensate.cf debug: config: read file /usr/local/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/local/share/spamassassin/20_drugs.cf debug: config: read file /usr/local/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/local/share/spamassassin/20_head_tests.cf debug: config: read file /usr/local/share/spamassassin/20_html_tests.cf debug: config: read file /usr/local/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/local/share/spamassassin/20_phrases.cf debug: config: read file /usr/local/share/spamassassin/20_porn.cf debug: config: read file /usr/local/share/spamassassin/20_ratware.cf debug: config: read file /usr/local/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/local/share/spamassassin/23_bayes.cf debug: config: read file /usr/local/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/local/share/spamassassin/25_hashcash.cf debug: config: read file /usr/local/share/spamassassin/25_spf.cf debug: config: read file /usr/local/share/spamassassin/25_uribl.cf debug: config: read file /usr/local/share/spamassassin/30_text_de.cf debug: config: read file /usr/local/share/spamassassin/30_text_fr.cf debug: config: read file /usr/local/share/spamassassin/30_text_nl.cf debug: config: read file /usr/local/share/spamassassin/30_text_pl.cf debug: config: read file /usr/local/share/spamassassin/50_scores.cf debug: config: read file /usr/local/share/spamassassin/60_whitelist.cf debug: using "/etc/mail/spamassassin" for site rules dir debug: config: read file /etc/mail/spamassassin/antidrug.cf debug: config: read file /etc/mail/spamassassin/l_porn.cf debug: config: read file /etc/mail/spamassassin/local.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84d933c) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a822d0) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8a61fe4) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84d933c) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8a822d0) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x84d933c)
RE: How to verify SA options being used by spamc from remote host
Geoff Varney wrote: > I start spamd with a -u spamd user. ... > bayes_path /root/.spamassassin The short answer is, you can tell if bayes is being used because (almost) every message will hit a BAYES_XX rule for some value of XX. The exceptions will be messages with blank bodies, or which are unsuitable for bayes-checking for some other reason. But even a Bayes-neutral text should fire BAYES_50. That said, there are at least two problems with your bayes_path. First, it ends in a directory name. Read the documentation for bayes_path to understand why this is wrong... it's not really a "path", despite the name. It's a path and a filename prefix. So /root/.spamassassin/bayes is more likely to be what you want. Second, the spamd user likely doesn't have write access to /root/.spamassassin/ -- if it does, that's a problem. Make a directory like /etc/mail/spamassassin/bayes/, chown it to the spamd user, and set bayes_path to /etc/mail/spamassassin/bayes/bayes (note the double "bayes" there) -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
How to verify SA options being used by spamc from remote host
Hi, I am using SpamAssassin in a way I believe is different from most users. I have an IMail server (Windows 2003) which uses Declude JunkMail and a spamc client (spamc32) to connect to a spamd server on my Redhat FC3 box. It is working well in that I am getting spam reported by SA when invoking the spamc32 client from JunkMail. However, I am not certain that it is working altogether the way it should. I have trainied SA with both SPAM and HAM (several hundred SPAMs at least and a few hundred HAMs) but wonder how I can be CERTAIN that spamc32 is actually using the bayes database. Maybe someone can tell me if this makes any sense at all: I create an email message and send it to a recipient and it is scanned by SA and found clean with a particular score. If I then feed that to sa-learn as SPAM and then resend the same message again, should it NECESSARILY have a different score, or is bayes looking at some many different things that it COULD score the same? In my test it scored the same. Here's how I am set up: I start spamd with a -u spamd user. When I run spamc32 I also run as this user. I don't believe the user piece is necessary in my case, I see no difference when I use it vs. not. I am trying to use a global setup, so all prefs are in the local.cf. There is also a user.prefs file in /root/.spamassassin, which is also where the bayes db is. Running spamassassin --lint -D does report it's using those locations. If it would help I can provide the whole output of that. I also don't see any additional info such as a header rewrite when a message scores 5 or more. Is this something that won't happen due to the way I'm using SA? I'm just not sure how I can verify what my spamc client is doing with spamd. Is it doing the basic default SA stuff and none of the stuff in my local.cf somehow? More info: SA version 3.0.4 local.cf: rewrite_header subject *SPAM* report_safe 0 use_bayes 1 bayes_path /root/.spamassassin bayes_auto_learn 0 skip_rbl_checks 0 use_razor2 0 use_dcc 0 use_pyzor 0 ok_languagesall ok_locales all Thanks for any suggestions. Geoff
Re: Outsource my mail?
Pat Traynor wrote: Our primary business is website design. We also run our own web server, and for some of our clients, we store their mail and run it through Spamassassin. Over the years, processing the mail has become about 90% of what our server is doing during the day, and probably 99% at night. I'm afraid that the web server is starting to suffer because of that. I was thinking that perhaps I should split off the mail to its own seperate server, but I can't justify doubling what I'm paying to my co-hosting provider just for mail. Are there any companies that offer mail storage services with Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like to have mail.xyzzy.com point to this 3rd party provider and have them handle everything. --pat-- Shameless plug: We do that too: http://www.junkemailfilter.com/spam/ And - John Dvorak of PC Mag Plugs us on this week in Technology: http://www.junkemailfilter.com/dvorak.mp3 The way it works is that you set your MX records to point to out servers and we get your email - clean it - and send it to your server. Takes just 5 minutes to set up. And - it's very affordable. -- Marc Perkel - [EMAIL PROTECTED] Spam Filter: http://www.junkemailfilter.com My Blog: http://marc.perkel.com
Re: Outsource my mail?
Shameless Plug #2 www.usermail.com - Original Message - From: "Pat Traynor" <[EMAIL PROTECTED]> To: Sent: Thursday, November 03, 2005 10:53 AM Subject: Outsource my mail? | Our primary business is website design. We also run our own web server, | and for some of our clients, we store their mail and run it through | Spamassassin. | | Over the years, processing the mail has become about 90% of what our | server is doing during the day, and probably 99% at night. I'm afraid | that the web server is starting to suffer because of that. I was thinking | that perhaps I should split off the mail to its own seperate server, | but I can't justify doubling what I'm paying to my co-hosting provider | just for mail. | | Are there any companies that offer mail storage services with | Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like | to have mail.xyzzy.com point to this 3rd party provider and have them | handle everything. | | --pat-- | -- | Pat Traynor | [EMAIL PROTECTED] | |
Re: Outsource my mail?
Pat Traynor wrote: Our primary business is website design. We also run our own web server, and for some of our clients, we store their mail and run it through Spamassassin. Over the years, processing the mail has become about 90% of what our server is doing during the day, and probably 99% at night. I'm afraid that the web server is starting to suffer because of that. I was thinking that perhaps I should split off the mail to its own seperate server, but I can't justify doubling what I'm paying to my co-hosting provider just for mail. Are there any companies that offer mail storage services with Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like to have mail.xyzzy.com point to this 3rd party provider and have them handle everything. --pat-- Hi, We do that at http://www.limelyte.net Regards, Rick
Does anybody have a rule for product VS product?
I am getting tons of Whopper vs. Pepsi (not exact but I don't want to trigger a rule) type mailings in the subject line. I don't mind creating a rule but wanted to know if there was one out there somebody already put together? Thank you,
Outsource my mail?
Our primary business is website design. We also run our own web server, and for some of our clients, we store their mail and run it through Spamassassin. Over the years, processing the mail has become about 90% of what our server is doing during the day, and probably 99% at night. I'm afraid that the web server is starting to suffer because of that. I was thinking that perhaps I should split off the mail to its own seperate server, but I can't justify doubling what I'm paying to my co-hosting provider just for mail. Are there any companies that offer mail storage services with Spamassassin? What I'd like is that if I'm hosting xyzzy.com, I'd like to have mail.xyzzy.com point to this 3rd party provider and have them handle everything. --pat-- -- Pat Traynor [EMAIL PROTECTED]
Re: child processing timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronan writes: > getting quite a few of the following in the logs which are letting > messages through unscanned. > running a dedicated server serving 3 mtas. > SA 3.1 > MTA exim 4.54 > > Nov 3 03:05:44 dung spamd[11633]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 29131 bytes, got 2 > 0440 bytes) at /usr/bin/spamd line 1671, line 461. > Nov 3 03:05:53 dung spamd[12035]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 65351 bytes, got 2 > 0440 bytes) at /usr/bin/spamd line 1671, line 707. > Nov 3 03:05:54 dung spamd[12042]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 25206 bytes, got 2 > 0440 bytes) at /usr/bin/spamd line 1671, line 295. > Nov 3 03:06:02 dung spamd[12046]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 29131 bytes, got 2 > 0440 bytes) at /usr/bin/spamd line 1671, line 461. > Nov 3 03:06:07 dung spamd[12044]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 25295 bytes, got 2 > 0440 bytes) at /usr/bin/spamd line 1671, line 294. > Nov 3 03:06:08 dung spamd[12046]: spamd: bad protocol: header error: > (Content-Length mismatch: Expected 25401 bytes, got 1 > 7520 bytes) at /usr/bin/spamd line 1671, line 258. These are totally new ;) If you can track down a message that causes this, a bug report would be welcome. - --j. > > Nov 3 03:21:28 dung spamd[12035]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > Nov 3 03:21:28 dung spamd[12042]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > Nov 3 03:21:51 dung spamd[11946]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > Nov 3 03:21:51 dung spamd[12039]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > Nov 3 03:22:02 dung spamd[12046]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > Nov 3 03:22:02 dung spamd[12043]: bayes: child processing timeout at > /usr/bin/spamd line 1085. > > Anyone have this or care to guess what it could be? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDakuoMJF5cimLx9ARAibpAJ9C7DHffUAMbyj5uhIgvWt6Ve+ehQCfVlIC mnYzNPMm1ENT1DoevQpa1kI= =z5u4 -END PGP SIGNATURE-
RE: regex help
Ronan wrote: > I have a log file which will throw out the following > > aa:bb cc:dd ee:"ff gg hh" ii:jj > > ie pairs of text, colon seperated > 2nd half is in quotes if there are spaces in it > > I want to be able to read them into an array/table and work on them > > how do i get it so I can have the pairs deined as > > eg a two column table > > aa bb > cc dd > ee ff gg hh > ii jj Is each colon-delimited pair on its own line to begin with? If so... my @table = (); open(LOG, "/path/to/log/file") or die("Could not open log file:\n$!"); my @lines = ; close(LOG); for my $line (@lines) { chomp($line); next unless $line =~ /^(.*?):"?(.*?)"?$/; push @table, [ $1, $2 ]; } for my $row (@table) { $bitbeforecolon = $row->[0]; $bitaftercolon = $row->[1]; dosomething_with($bitbeforecolon, $bitaftercolon); } -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
OT: regex help
I'm posting here becuase there is a lot of knowlegable regex gurus on this list ... and im stuck I have a log file which will throw out the following aa:bb cc:dd ee:"ff gg hh" ii:jj ie pairs of text, colon seperated 2nd half is in quotes if there are spaces in it I want to be able to read them into an array/table and work on them how do i get it so I can have the pairs deined as eg a two column table aa bb cc dd ee ff gg hh ii jj any help greatly appreciated... Ronan
child processing timeout
getting quite a few of the following in the logs which are letting messages through unscanned. running a dedicated server serving 3 mtas. SA 3.1 MTA exim 4.54 Nov 3 03:05:44 dung spamd[11633]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 29131 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 461. Nov 3 03:05:53 dung spamd[12035]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 65351 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 707. Nov 3 03:05:54 dung spamd[12042]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25206 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 295. Nov 3 03:06:02 dung spamd[12046]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 29131 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 461. Nov 3 03:06:07 dung spamd[12044]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25295 bytes, got 2 0440 bytes) at /usr/bin/spamd line 1671, line 294. Nov 3 03:06:08 dung spamd[12046]: spamd: bad protocol: header error: (Content-Length mismatch: Expected 25401 bytes, got 1 7520 bytes) at /usr/bin/spamd line 1671, line 258. Nov 3 03:21:28 dung spamd[12035]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:28 dung spamd[12042]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:51 dung spamd[11946]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:21:51 dung spamd[12039]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:22:02 dung spamd[12046]: bayes: child processing timeout at /usr/bin/spamd line 1085. Nov 3 03:22:02 dung spamd[12043]: bayes: child processing timeout at /usr/bin/spamd line 1085. Anyone have this or care to guess what it could be?