rejectlog
Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Anyone experience this? Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED]
Re: rejectlog
Jean-Paul Natola wrote: Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Anyone experience this? This looks like your MTA rejecting it, not spamassassin.
Re: Typical settings for bayes_ignore_header?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: I'm pretty sure my Bayes database is muntered Although I can't help with your problem, I *have* just found my new word for the week. And for that, I thank you. C. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDc1YLMDDagS2VwJ4RAhbFAJwOL+lgJzXWqLwIWRbsfA731SUqgACeLOp3 RcG227Si/boF2EZlITD+3Lo= =q8LL -END PGP SIGNATURE-
RE: rejectlog
Jean-Paul Natola wrote: Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Anyone experience this? This looks like your MTA rejecting it, not spamassassin. Oh, ok, any ideas why? I do see other rejects have the reason appended Checking for rejected mail: 2005-11-09 00:03:54 1EZi7e-000Het-74 H=(mail.fdsjsu.com) [58.180.196.234] F=[EMAIL PROTECTED] rejected after DATA: This message scored 22.7 points. Congratulations! 2005-11-09 00:26:25 1EZiTY-000Hfn-D7 H=pim-112-112.focalexmail.com [206.81.112.112] F=[EMAIL PROTECTED] rejected after DATA: This message scored 9.3 points. Congratulations! Can someone perhaps point me in the right direction?
Re: More spam getting through
On Wednesday, November 9, 2005, 10:31:30 AM, Pierre Thomson wrote: Where are those URIBL_RHS_* tests from? I see no mention of them on either SA or URIBL sites. Pierre See: http://www.uribl.com/usage.shtml Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: rejectlog
Jean-Paul Natola wrote: Jean-Paul Natola wrote: Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Anyone experience this? This looks like your MTA rejecting it, not spamassassin. Oh, ok, any ideas why? I do see other rejects have the reason appended Checking for rejected mail: 2005-11-09 00:03:54 1EZi7e-000Het-74 H=(mail.fdsjsu.com) [58.180.196.234] F=[EMAIL PROTECTED] rejected after DATA: This message scored 22.7 points. Congratulations! 2005-11-09 00:26:25 1EZiTY-000Hfn-D7 H=pim-112-112.focalexmail.com [206.81.112.112] F=[EMAIL PROTECTED] rejected after DATA: This message scored 9.3 points. Congratulations! Can someone perhaps point me in the right direction? Rejecting the mail after DATA? Spamassassin runs behind my MTA, if the sender passes blacklist checks and any other obvious no-nos, it's then passed to spamassassin which NEVER discards email, but places them in a spam folder. Discarding emails based on a spam score is a bad idea. As you can see quite clearly, the reasons behind the discard/tagging aren't logged, so false positives can't be corrected. Removing spamassassin from the front line would my first step.
Re: rejectlog
nick wrote: Jean-Paul Natola wrote: Jean-Paul Natola wrote: Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Anyone experience this? This looks like your MTA rejecting it, not spamassassin. Oh, ok, any ideas why? I do see other rejects have the reason appended Checking for rejected mail: 2005-11-09 00:03:54 1EZi7e-000Het-74 H=(mail.fdsjsu.com) [58.180.196.234] F=[EMAIL PROTECTED] rejected after DATA: This message scored 22.7 points. Congratulations! 2005-11-09 00:26:25 1EZiTY-000Hfn-D7 H=pim-112-112.focalexmail.com [206.81.112.112] F=[EMAIL PROTECTED] rejected after DATA: This message scored 9.3 points. Congratulations! Can someone perhaps point me in the right direction? Rejecting the mail after DATA? Spamassassin runs behind my MTA, if the sender passes blacklist checks and any other obvious no-nos, it's then passed to spamassassin which NEVER discards email, but places them in a spam folder. Discarding emails based on a spam score is a bad idea. As you can see quite clearly, the reasons behind the discard/tagging aren't logged, so false positives can't be corrected. Removing spamassassin from the front line would my first step. Haha you just rejected me too! [EMAIL PROTECTED]: host mail.familycareintl.org[68.167.21.154] said: 550 This message scored 8.9 points. Congratulations! (in reply to end of DATA command) Please, for your sake, get spamassassin behind your MTA.
RE: rejectlog
On Thursday 10 Nov 2005 14:01, Jean-Paul Natola wrote: Hi everyone, I received a call from our presidents husband stating several messages he had sent never made it to her. In the logs it says it was rejected , but it gives no reason And not just for him, here's some sample entries 2005-11-09 14:51:14 1EZvyT-0009Y5-6G H=cpe-66-61-52-164.midsouth.res.rr.com (bridget) [66.61.52.164] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:51:42 1EZvyv-0009Y6-Q3 H=imo-m26.mx.aol.com [64.12.137.7] F=[EMAIL PROTECTED] temporarily rejected after DATA 2005-11-09 14:54:29 1EZw1d-000AZF-1t H=lists.fdncenter.org [206.17.146.50] F=[EMAIL PROTECTED] temporarily rejected after DATA Unfortunately, pretty much no one on the SA users list is going to be psychic. You haven't specified what MTA you're using, how SA factors in, or anything else that will help the list members help you. At a guess, that's Exim (doesn't look like Postfix, Sendmail or QMail) - but only a guess. Sorry, I'm still fairly wet behind the ears in opensource world You correct though in your guess My setup is: FreeBSD EXIM CLAMAV SA
Re: rejectlog
On Thursday 10 Nov 2005 14:21, Jean-Paul Natola wrote: I do see other rejects have the reason appended Checking for rejected mail: 2005-11-09 00:03:54 1EZi7e-000Het-74 H=(mail.fdsjsu.com) [58.180.196.234] F=[EMAIL PROTECTED] rejected after DATA: This message scored 22.7 points. Congratulations! 2005-11-09 00:26:25 1EZiTY-000Hfn-D7 H=pim-112-112.focalexmail.com [206.81.112.112] F=[EMAIL PROTECTED] rejected after DATA: This message scored 9.3 points. Congratulations! You have configured Exim to use SA on the DATA segment of an SMTP transaction. This is, as nick @ mobilia pointed out, a bad idea. Use things like Spamhaus and ORDB to reject at the SMTP layer, along with any other checks that careful research indicates will work for your environment. Use things like SpamAssassin to tag mail with a score after accepting the e-mail. Use things like procmail, maildrop, sieve or even Outlook/Thunderbird/mail_client_of_choice to use that score to decide whether to see the mail, bin it or put it somewhere for review. Never, ever bounce mail after accepting it for delivery. That'll earn you the ire of many mail admins the world over. And probably get you blacklisted.
Frustrated! Can't locate object method
Anyone? Jeffrey Duncan wrote: Okay, so I see that I have two versions of PerMsgStatus.pm (below) Would this be causing the following issues? Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate object metho d "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAs sassin/PerMsgStatus.pm line 2312, GEN12 line 83._) How do I remove one of them to get rid of the issues? Jeffrey Duncan wrote: Thanks, What do you mean resolve? Here is the output ... [EMAIL PROTECTED] log]# locate PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm [EMAIL PROTECTED] log]# Justin Mason wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey Duncan writes: Hello. I am getting the following in my logs and wonder if anyone can help with the problem: Nov 9 12:56:01 server spamd[1845]: Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAss assin/PerMsgStatus.pm line 2312, GEN3 line 144._) Nov 9 12:56:01 server spamd[1845]: Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping:__(Can't locate object method "chec k_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Per MsgStatus.pm line 2312, GEN3 line 144._) Nov 9 12:56:01 server spamd[1845]: Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping:__(Can't locate object method "c heck_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerM sgStatus.pm line 2312, GEN3 line 144._) Version is : SpamAssassin version 3.0.2 running on Perl version 5.8.6 I am using Fedora Core 4 and qmail I have search for days on this and can't seem to find what's wrong. Any help would be greatly appreciated! Run "locate spamd", "locate PerMsgStatus.pm", and resolve the two. there should only be one set of SpamAssassin perl modules in your system, and this almost definitely is not the case, as it's picking up modules that do not match the rules. - --j. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Exmh CVS iD8DBQFDcmEsMJF5cimLx9ARAkDKAJ9FVZuWLhicYL4VH0sd/KSQDzWgdgCfdbkz jje1pi73zTGyMEthQEBmELg= =TKzI -END PGP SIGNATURE-
Re: Can't locate object method
Jeffrey Duncan wrote: Okay, so I see that I have two versions of PerMsgStatus.pm (below) How do I remove one of them to get rid of the issues? Jeffrey Duncan wrote: Thanks, What do you mean resolve? Here is the output ... [EMAIL PROTECTED] log]# locate PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm I'd assume you installed an older version of SA while you were using perl 5.8.5. Later you upgraded to 5.8.6 and then installed 3.1.0 sometime afterward. The 3.1.0 installation did not see the outdated site_perl directory, thus never removed it. I'd suggest blowing away the old copy entirely with rm -rf: rm -rf /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/ then try your SA. If that doesn't fix things, rm -rf both of them and re-install SA 3.1.0. While you're at it double-check for duplicate spamd and spamc scripts. That's less likely but it is possible that one is in /usr/bin and another is in /usr/local/bin..
Re: Can't locate object method
Thanks, >From my mail headers I think I am running 3.0.2 - also, spamc -V SpamAssassin Client version 3.0.2 I think what happened is that I did a yum update and it broke things. I tried to rename the 5.8.5 PerMsgStatus and spamd didn't load. I thinik I have some mix ups here. Should I uninstall SA and start from scratch? COuld you give me a few pointers on how to get rid of it gracefully? Thanks for your help! j Matt Kettler wrote: Jeffrey Duncan wrote: Matt Kettler wrote: Jeffrey Duncan wrote: Okay, so I see that I have two versions of PerMsgStatus.pm (below) How do I remove one of them to get rid of the issues? Jeffrey Duncan wrote: Thanks, What do you mean resolve? Here is the output ... [EMAIL PROTECTED] log]# locate PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /usr/src/redhat/BUILD/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin/PerMsgStatus.pm /downloads/qmailrocks/perlmods/rpms/newmods/Mail-SpamAssassin-3.1.0/blib/lib/Mail/SpamAssassin/PerMsgStatus.pm I'd assume you installed an older version of SA while you were using perl 5.8.5. Later you upgraded to 5.8.6 and then installed 3.1.0 sometime afterward. The 3.1.0 installation did not see the outdated site_perl directory, thus never removed it. I'd suggest blowing away the old copy entirely with rm -rf: rm -rf /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/ then try your SA. If that doesn't fix things, rm -rf both of them and re-install SA 3.1.0. While you're at it double-check for duplicate spamd and spamc scripts. That's less likely but it is possible that one is in /usr/bin and another is in /usr/local/bin..
Re: Can't locate object method
Jeffrey Duncan wrote: Thanks, From my mail headers I think I am running 3.0.2 - also, spamc -V SpamAssassin Client version 3.0.2 I think what happened is that I did a yum update and it broke things. I tried to rename the 5.8.5 PerMsgStatus and spamd didn't load. I thinik I have some mix ups here. Should I uninstall SA and start from scratch? Probably... COuld you give me a few pointers on how to get rid of it gracefully? I'd first try to use yum remove. At least this will gracefully remove as much as yum understands. After that I'd check and see if rpm -qa thinks there's still some kind of SA package installed and I'd rpm -e any that are left over. From there, do an updatedb and locate to see what's left over that couldn't be removed by your package manager and wipe the leftovers out with rm. While this might sound un-graceful, it's pretty much all you've got. Suggested locate searches: locate spamassassin locate spamc locate spamd locate sa-learn locate SpamAssassin Make sure you hit pretty much everything in /usr. (ie: /usr/share/spamassassin/, /usr/lib/perl5/site_perl/*/SpamAssassin, /usr/bin/, /usr/local/bin, etc.) After you've cleaned out all the SA residue, then try to re-install SA.
Re: Can't locate object method
Thanks! Do I need to remove the 5.8.5 and 5.8.6 perl libraries too? Matt Kettler wrote: Jeffrey Duncan wrote: Thanks, From my mail headers I think I am running 3.0.2 - also, spamc -V SpamAssassin Client version 3.0.2 I think what happened is that I did a yum update and it broke things. I tried to rename the 5.8.5 PerMsgStatus and spamd didn't load. I thinik I have some mix ups here. Should I uninstall SA and start from scratch? Probably... COuld you give me a few pointers on how to get rid of it gracefully? I'd first try to use "yum remove". At least this will gracefully remove as much as yum understands. After that I'd check and see if rpm -qa thinks there's still some kind of SA package installed and I'd rpm -e any that are left over. From there, do an updatedb and locate to see what's left over that couldn't be removed by your package manager and wipe the leftovers out with rm. While this might sound un-graceful, it's pretty much all you've got. Suggested locate searches: locate spamassassin locate spamc locate spamd locate sa-learn locate SpamAssassin Make sure you hit pretty much everything in /usr. (ie: /usr/share/spamassassin/, /usr/lib/perl5/site_perl/*/SpamAssassin, /usr/bin/, /usr/local/bin, etc.) After you've cleaned out all the SA residue, then try to re-install SA.
Re: Spam, Block: Good to know my representative is spamming..
At 12:52 PM 11/9/2005, you wrote: Woops, should have gone to Spam-L, the anti-spam list. But.. Good fodder to set up filters for. :) Evan Just received quite a rude reply off list, which I did reply to, but I'm pretty confident the return address was false. It was from a Not Here as the name. The reply was simply (and quoted my Received the below crap in my inbox comment: So did I - from some idiot, who doesn't know how to post to a LIST!!! Well, not here - first off, my post was intended for SPAM-L, a anti-spam list. SPAM-L comes right after SpamAssassin in my address book. Honest mistake. I posted the above apology minutes after realizing my mistake. Second off, I'm guessin you were commenting that I was the idiot. I believe YOU are the idiot (nameless, nonetheless) because you DIDN'T receive the spam from me. If you knew how to read, I ONLY included the headers. I cannot locate who this person is, searching on a number of headers, but I have their IP information from the e-mail. Granted, I'm taking it with a very small grain of salt, based on the fact that the person doesn't even have the guts to use their name. Perhaps a simple IQ test prior to allowing people to join this list would eliminate these types of people from joining?
Re: HUGE bayes DB (non-sitewide) advice?
Just a follow-up to my own brain-lapse: If you define a custom user scores query like this: user_scores_sql_custom_querySELECT preference, value FROM spamassassin_settings WHERE username = _USERNAME_ OR username = '!GLOBAL' OR username = CONCAT('@', _DOMAIN_) ORDER BY username ASC Then you can easily decide to use bayes on a per-domain basis for one or more of your domains (and still have per-user bayes for all other domains). A sample insert row into the settings table, then, would be: INSERT INTO spamassassin_settings (username, preference, value) VALUES ('@example.com', 'bayes_sql_override_username', 'example.com'); So everyone in the example.com domain shares all bayes information which is placed under the username example.com. is that in the FAQ? because it certainly sounds like a cool tip for Bayes/SQL users. I don't think so. One other thing to note about this setup is: I think I caught the idea of using !GLOBAL from someone's how-to a while back (IIRC, the manual suggests @GLOBAL), this way the global settings can be ordered in the query to always override any per-domain settings. (there should really be a section of the FAQ dedicated to that stuff.) Would be nice. __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
Re: How to verify SA options being used by spamc from remote host
Matthew.van.Eerde at hbinc.com writes: Geoff Varney wrote: I start spamd with a -u spamd user. ... bayes_path /root/.spamassassin The short answer is, you can tell if bayes is being used because (almost) every message will hit a BAYES_XX rule for some value of XX. The exceptions will be messages with blank bodies, or which are unsuitable for bayes-checking for some other reason. But even a Bayes-neutral text should fire BAYES_50. That said, there are at least two problems with your bayes_path. First, it ends in a directory name. Read the documentation for bayes_path to understand why this is wrong... it's not really a path, despite the name. It's a path and a filename prefix. So /root/.spamassassin/bayes is more likely to be what you want. Second, the spamd user likely doesn't have write access to /root/.spamassassin/ -- if it does, that's a problem. Make a directory like /etc/mail/spamassassin/bayes/, chown it to the spamd user, and set bayes_path to /etc/mail/spamassassin/bayes/bayes (note the double bayes there) Awesome Matthew! I was heading down the right path yesterday with this being at least in part a permissions issue. So many things in Linux end up being permissions, but not always easy to spot for near-novice Linux users like me. I did as you suggested and created the new bayes path. I copied over the other (improperly named) database files and renamed them to bayes_? and now in the maillog I am seeing bayes_ entries when mail is scanned. Thanks a lot for your help. I will monitor and make sure this is working. Geoff
Help starting service
I installed SA 3.1.0 using the CPAN install Mail::SpamAssassin method and all went well with no errors. I cannot however get the service started. I am using Qmail from the qmailrocks install. I have removed all my old SA 3.0.2 files and started fresh. What can I do at this point to make the SA work with qmail J
Re: Help starting service
FWIW, it's generally bad form to post HTML-only messages to mailing lists. On Thu, Nov 10, 2005 at 02:33:37PM -0500, Jeffrey Duncan wrote: -- Randomly Generated Tagline: If we can't keep this sort of thing out of the kernel, we might as well pack it up and go run Solaris. - Larry McVoy pgpWfM2CVuyJt.pgp Description: PGP signature
RE: Help starting service
From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] I installed SA 3.1.0 using the CPAN install Mail::SpamAssassin method and all went well with no errors. I cannot however get the service started. I am using Qmail from the qmailrocks install. I have removed all my old SA 3.0.2 files and started fresh. What can I do at this point to make the SA work with qmail Details please! How are you trying to start the service? Do you get any error messages? Have you checked the log files? Bowie
Re: Help starting service
Hello Jeffrey, what is your platform ? You need to install sa-spamd daemon. qmail-scanner use spamc which then communicate with spamassassin daemon. cheers, Mathieu CHATEAU Thursday, November 10, 2005, 8:33:37 PM, you wrote: -- Best regards, Mathieu mailto:[EMAIL PROTECTED]
Re: Help starting service
Hello. I am running FC4. I can start the service on the command line by just typing spamd and it all works fine. Must be something very simple - been at this all day ! I have tried to start the service the following ways ... # service spamassassin start spamassassin: unrecognized service and # /etc/rc.d/init.d/spamassassin start -bash: /etc/rc.d/init.d/spamassassin: No such file or directory Thanks for the help. Jeff Mathieu CHATEAU wrote: Hello Jeffrey, what is your platform ? You need to install sa-spamd daemon. qmail-scanner use spamc which then communicate with spamassassin daemon. cheers, Mathieu CHATEAU Thursday, November 10, 2005, 8:33:37 PM, you wrote: -- Best regards, Mathieumailto:[EMAIL PROTECTED]
Re: Help starting service
Jeffrey Duncan wrote: Hello. I am running FC4. I can start the service on the command line by just typing spamd and it all works fine. Must be something very simple - been at this all day ! I have tried to start the service the following ways ... # service spamassassin start spamassassin: unrecognized service and # /etc/rc.d/init.d/spamassassin start -bash: /etc/rc.d/init.d/spamassassin: No such file or directory look in /etc/rc.d/init.d and see if theres a spamd service instead of a spamassassin service. Also, when you re-installed, how did you re-install?
Re: Help starting service
I installed using cpan Mail::SpamAssassin as listed on SA site. It's working, but it won't start as a service. neither service is listed in that directory. Matt Kettler wrote: Jeffrey Duncan wrote: Hello. I am running FC4. I can start the service on the command line by just typing spamd and it all works fine. Must be something very simple - been at this all day ! I have tried to start the service the following ways ... # service spamassassin start spamassassin: unrecognized service and # /etc/rc.d/init.d/spamassassin start -bash: /etc/rc.d/init.d/spamassassin: No such file or directory look in /etc/rc.d/init.d and see if theres a spamd service instead of a spamassassin service. Also, when you re-installed, how did you re-install?
Re: Help starting service
Jeffrey Duncan wrote: I installed using cpan Mail::SpamAssassin as listed on SA site. It's working, but it won't start as a service. neither service is listed in that directory. Ok, if you installed from CPAN, you essentially installed from source. The source will NOT install a service script. Service scripts are distribution specific. ie: they differ between Redhat Linux, suse Linux, Solaris, and freebsd. There is no universal common format for them that applies to all *nix oses. The SA source does come with several service scripts you can use, but it doesn't automatically install them. Find the redhat-rc-script.sh (probably in /root/.cpan/ somewhere) and copy it to /etc/rc.d/init.d/spamassassin. That should let you treat SA as a redhatish service.
RE: Help starting service
From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] I installed using cpan Mail::SpamAssassin as listed on SA site. It's working, but it won't start as a service. neither service is listed in that directory. I install the same way and I've got an /etc/rc.d/init.d/spamd file to do the startup. It's possible I may have written it myself. Try putting the file listed below into /etc/rc.d/init.d/spamd (or spamassassin, whichever you prefer). Bowie #!/bin/bash # chkconfig: 2345 30 70 # Description: Daemon for email spam checking # Startup file for spamd # export LC_ALL=C # source function library . /etc/init.d/functions RETVAL=0 start() { echo -n $Starting SpamAssassin daemon: /usr/bin/spamd -d -m 8 --max-conn-per-child=50 -r /var/run/spamd/spamd.pid echo return 0 } stop() { echo -n $Stopping SpamAssassin daemon: kill `cat /var/run/spamd/spamd.pid` echo return 0 } reload(){ stop start } restart(){ stop start } case $1 in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; *) echo $Usage: $0 {start|stop|restart|reload} RETVAL=1 esac exit $RETVAL
Re: Help starting service
I get the following after creating the script, chmod +x .. Starting SpamAssassin daemon: [16717] warn: Option r requires an argument /etc/init.d/spamd: line 17: /var/run/spamd/spamd.pid: No such file or directory Bowie Bailey wrote: From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] I installed using cpan Mail::SpamAssassin as listed on SA site. It's working, but it won't start as a service. neither service is listed in that directory. I install the same way and I've got an /etc/rc.d/init.d/spamd file to do the startup. It's possible I may have written it myself. Try putting the file listed below into /etc/rc.d/init.d/spamd (or spamassassin, whichever you prefer). Bowie #!/bin/bash # chkconfig: 2345 30 70 # Description: Daemon for email spam checking # Startup file for spamd # export LC_ALL=C # source function library . /etc/init.d/functions RETVAL=0 start() { echo -n $Starting SpamAssassin daemon: /usr/bin/spamd -d -m 8 --max-conn-per-child=50 -r /var/run/spamd/spamd.pid echo return 0 } stop() { echo -n $Stopping SpamAssassin daemon: kill `cat /var/run/spamd/spamd.pid` echo return 0 } reload(){ stop start } restart(){ stop start } case $1 in start) start ;; stop) stop ;; restart) restart ;; reload) reload ;; *) echo $Usage: $0 {start|stop|restart|reload} RETVAL=1 esac exit $RETVAL
RE: Help starting service
From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] I get the following after creating the script, chmod +x .. Starting SpamAssassin daemon: [16717] warn: Option r requires an argument /etc/init.d/spamd: line 17: /var/run/spamd/spamd.pid: No such file or directory Right... The following should be one line: /usr/bin/spamd -d -m 8 --max-conn-per-child=50 -r /var/run/spamd/spamd.pid That second line is actually the argument to '-r'. Bowie
Re: Help starting service
Great I am almost there! A cpuple more things ... How do I get it to start on boot? The same way with chkconfig spamd on ? and The STOP fails .. # service spamd start Starting SpamAssassin daemon: # service spamd stop Stopping SpamAssassin daemon: cat: /var/run/spamd/spamd.pid: No such file or directory kill: usage: kill [-s sigspec | -n signum | -sigspec] [pid | job]... or kill -l [sigspec] Bowie Bailey wrote: From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] I get the following after creating the script, chmod +x .. Starting SpamAssassin daemon: [16717] warn: Option r requires an argument /etc/init.d/spamd: line 17: /var/run/spamd/spamd.pid: No such file or directory Right... The following should be one line: /usr/bin/spamd -d -m 8 --max-conn-per-child=50 -r /var/run/spamd/spamd.pid That second line is actually the argument to '-r'. Bowie
RE: Help starting service
From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] Great I am almost there! A cpuple more things ... How do I get it to start on boot? The same way with chkconfig spamd on ? and The STOP fails .. # service spamd start Starting SpamAssassin daemon: # service spamd stop Stopping SpamAssassin daemon: cat: /var/run/spamd/spamd.pid: No such file or directory kill: usage: kill [-s sigspec | -n signum | -sigspec] [pid | job]... or kill -l [sigspec] The script tries to record the pid in /var/run/spamd/spamd.pid. If the directory doesn't exist (or isn't writable), it fails. What you need to do is create the directory and chown it to the user spamd runs as. For example (assuming your spamd user is 'spamscan'): mkdir /var/run/spamd chown spamscan /var/run/spamd The chkconfig information is already in the file. To get it to run at startup, simply do this: chkconfig --add spamd This will cause it to start in runlevels 2-5. To change the runlevel settings, take a look at the man page for chkconfig. It's very easy to use. Bowie
Re: Help starting service
Perfect, that did the trick. Thanks for your help with all this! Cheers, Jeff Bowie Bailey wrote: From: Jeffrey Duncan [mailto:[EMAIL PROTECTED] Great I am almost there! A cpuple more things ... How do I get it to start on boot? The same way with chkconfig spamd on ? and The STOP fails .. # service spamd start Starting SpamAssassin daemon: # service spamd stop Stopping SpamAssassin daemon: cat: /var/run/spamd/spamd.pid: No such file or directory kill: usage: kill [-s sigspec | -n signum | -sigspec] [pid | job]... or kill -l [sigspec] The script tries to record the pid in /var/run/spamd/spamd.pid. If the directory doesn't exist (or isn't writable), it fails. What you need to do is create the directory and chown it to the user spamd runs as. For example (assuming your spamd user is 'spamscan'): mkdir /var/run/spamd chown spamscan /var/run/spamd The chkconfig information is already in the file. To get it to run at startup, simply do this: chkconfig --add spamd This will cause it to start in runlevels 2-5. To change the runlevel settings, take a look at the man page for chkconfig. It's very easy to use. Bowie
Re: rejectlog
[EMAIL PROTECTED] wrote: On Thursday 10 Nov 2005 14:21, Jean-Paul Natola wrote: I do see other rejects have the reason appended Checking for rejected mail: 2005-11-09 00:03:54 1EZi7e-000Het-74 H=(mail.fdsjsu.com) [58.180.196.234] F=[EMAIL PROTECTED] rejected after DATA: This message scored 22.7 points. Congratulations! 2005-11-09 00:26:25 1EZiTY-000Hfn-D7 H=pim-112-112.focalexmail.com [206.81.112.112] F=[EMAIL PROTECTED] rejected after DATA: This message scored 9.3 points. Congratulations! You have configured Exim to use SA on the DATA segment of an SMTP transaction. This is, as nick @ mobilia pointed out, a bad idea. I beg to differ. The DATA segment is still part of the SMTP transaction and is the correct place to reject (note, not discard as Nick stated) the message if it has a high score. Use things like Spamhaus and ORDB to reject at the SMTP layer, along with any other checks that careful research indicates will work for your environment. DNSBLs are also a good thing to use. We put them in front of the spamassassin check so that the server load is reduced. No need to run messages through spamassassin that have come from known bad sources. Use things like SpamAssassin to tag mail with a score after accepting the e-mail. He'll be accepting a lot of spam that he needn't. We reject about 3,000 messages a day with high spamassassin scores, after rejecting 20,000 with DNSBLs (including Spamhaus). Never, ever bounce mail after accepting it for delivery. That'll earn you the ire of many mail admins the world over. And probably get you blacklisted. He is not bouncing messages. They are rejected during the SMTP conversation with the sending mail server. During the DATA phase, the sending mail server is still on line. The term after DATA means that the DATA has been accepted but the message has not. This may be an Exim specific kind of terminology. As to Jean-Paul's original question: First, as this is an Exim problem you should join exim-users (www.exim.org) and post there. Second, look in the paniclog for why the messages are being given a temporary rejection (4xx). It is likely a permissions error or some process can't run or returns an error (like spamassassin or ClamAV). Cheers, Bob -- Bob Amen O'Reilly Media, Inc. http://www.ora.com/ http://www.oreilly.com/
OT - Is XO a good ISP?
I wouldn't normally ask this, but perhaps I should more often. We're likely changing our ISP when we relocate soon and XO Communications seems to be the choice of management this time. Obviously, I'd like an ISP whose IP ranges aren't blocked by half the mail servers in the U.S. We'll have T1 service with a static IP range, so we shouldn't have the obvious issues that you have on DSL or dial-up ranges. But, just in case, is XO a good ISP? Anyone? Feel free to reply off-list. Thanks, Bret E-mail: [EMAIL PROTECTED] Spam only to: [EMAIL PROTECTED]
Temp RBL
Hi, I just set up a temporary RBL of mail servers that accept then bounce later. My personal mail server has been getting nailed for the last 26 hours with millions of bounces to non existent users from servers all over the world. Obviously it is due to a spam run using my personal domain name but I'm sick and tired of servers that accept an email then bounce it later. Anyone in the same predicament ? Regards, Rick ps: it is accept-bounce.nougen.com if anyone wants to take a look at their servers.
RE: Temp RBL /invalid recipient
Your subject should not be temp RBL, you started talking about temp RBL then changed subjects to your real subject. Regardless. You need to configure an invalid recipient filter. Different email servers have different ways of doing this. Postfix has a rule too for invalid recipients. Here is a write-up about exchange for instance. http://support.microsoft.com/?kbid=886208 Invalid recipient rejecting is becoming a standard on the Internet for just the reasons you mentioned. -Original Message- From: Rick Macdougall [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 7:24 PM To: SpamAssassin Users Subject: Temp RBL Hi, I just set up a temporary RBL of mail servers that accept then bounce later. My personal mail server has been getting nailed for the last 26 hours with millions of bounces to non existent users from servers all over the world. Obviously it is due to a spam run using my personal domain name but I'm sick and tired of servers that accept an email then bounce it later. Anyone in the same predicament ? Regards, Rick ps: it is accept-bounce.nougen.com if anyone wants to take a look at their servers.
Apparently Recieved by my server...
The following email to me gets through by their spoofing my IP even though it clearly comes from somewhere else. I remember someone mentioning a trusted_networks-like setting that used something like a apparently_received_from name or something similar. How do I set it up? Just a pointer to a DOC will suffice, unless you've had trouble setting it up... I've searched google and have found some cryptic stuff but am new enough to this to ask for help. I hope this isn't so elementary that I'm annoying. start email header Return-Path: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on moroni.ourldsfamily.com X-Spam-Status: No, score=-89.8 required=0.8 tests=AWL,INVALID_TZ_EST, MIME_BOUND_DD_DIGITS,MSGID_DOLLARS_RANDOM,RCVD_HELO_IP_MISMATCH, RCVD_IN_SORBS_SOCKS,RCVD_IN_WHOIS_BOGONS,RCVD_NUMERIC_HELO, UNPARSEABLE_RELAY,USER_IN_WHITELIST,X_MESSAGE_INFO autolearn=no version=3.1.0 X-Spam-Level: Received: from 198.60.114.90 ([200.167.92.14]) by moroni.ourldsfamily.com (8.12.5/8.12.5) with SMTP id jAAHFTBO030068 for [EMAIL PROTECTED]; Thu, 10 Nov 2005 10:15:31 -0700 X-Message-Info: 467kOHoSGZ7SWRqwaLFZ320K2GKVdkqDSbpxbWUyjJe4W Received: from werbe-rusch.de (186.64.94.117) by xcy30-zj88.larslc.dk with Microsoft SMTPSVC(5.9.3473.6402); Thu, 10 Nov 2005 15:06:46 -0200 Received: from waitakere.govt.nz (racqi.com.au 192.8.84.72) by tmtinternational.de (8.12.10/8.12.9) with ESMTP id i3POG667 for [EMAIL PROTECTED]; Thu, 10 Nov 2005 22:10:46 +0500 (EST) (envelope-from [EMAIL PROTECTED]) Received: from SS67603 (modemcable295.49140-018.jaw.waitakere.govt.nz 164.203.120.36) (authenticated bits=8) by netbank.com.br (8.12.10/8.12.9) with ESMTP id p420JVB337jkd666 for [EMAIL PROTECTED]; Thu, 10 Nov 2005 18:09:46 +0100 (EST) (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED] Date: Thu, 10 Nov 2005 10:10:46 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--637301109548042328 X-Virus-Scanned: ClamAV 0.87/1167/Thu Nov 10 04:02:18 2005 on moroni.ourldsfamily.com X-Virus-Status: Clean end email header Thanks for your help most esteemed ones... Karl Pearson [EMAIL PROTECTED] --- Senior Consulting Sys/DB Analyst http://consulting.ourldsfamily.com ---
Re: Apparently Recieved by my server...
[EMAIL PROTECTED] wrote: The following email to me gets through by their spoofing my IP even though it clearly comes from somewhere else. I remember someone mentioning a trusted_networks-like setting that used something like a apparently_received_from name or something similar. How do I set it up? Just a pointer to a DOC will suffice, unless you've had trouble setting it up... I've searched google and have found some cryptic stuff but am new enough to this to ask for help. I hope this isn't so elementary that I'm annoying. start email header Return-Path: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on moroni.ourldsfamily.com X-Spam-Status: No, score=-89.8 required=0.8 tests=AWL,INVALID_TZ_EST, MIME_BOUND_DD_DIGITS,MSGID_DOLLARS_RANDOM,RCVD_HELO_IP_MISMATCH, RCVD_IN_SORBS_SOCKS,RCVD_IN_WHOIS_BOGONS,RCVD_NUMERIC_HELO, UNPARSEABLE_RELAY,USER_IN_WHITELIST,X_MESSAGE_INFO autolearn=no Hi, You want to look at USER_IN_WHITELIST_TO or USER_IN_WHITELIST_FROM, not your current setting of USER_IN_WHITELIST in you rlocal.cf or user_prefs. Regards, Rick
using SA with SQL for lookups, quarantine
Hello, I am using MySQL 4.0.24 SA 3.04 amavisd-new 2.3.3 OpenBSD 3.8 I am having difficulty creating a proper SQL schema. I am using the one in the amavisd-new documenation but it gives me errors reletating I believe with my older MySQL version. Their schema contains lines like: CREATE TABLE users ( id PRIMARY KEY, -- unique id, not necessarily auto-assigned priority integer NOT NULL DEFAULT '7', -- sort field, 0 is low prior. policy_id integer unsigned NOT NULL DEFAULT '1', -- JOINs with policy.id email varchar(255) NOT NULL, fullname varchar(255) DEFAULT NULL,-- not used by amavisd-new local char(1), -- Y/N (optional field, see note further down) KEY email (email) ); Resulting in this error: ERROR 1064 at line 1: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'PRIMARY KEY, priority integer NOT NULL DEFAULT '7', What should be changed near PRIMARY KEY ? __ Find your next car at http://autos.yahoo.ca
First time home made rule not doing what I was thinkin....
Here's the rule: bodyGATEWAY_001 /tripod\.com/i score 5 describematch tripod.com Here's the result: Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2 -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001 scantime=0.6,size=1213,user=spamfilter,uid=1004,required_score=3.4,rhost=localhost,raddr=127.0.0.1,rport=/var/spool/spamfilter/spamd,mid=[EMAIL PROTECTED],bayes=0,autolearn=ham Did I totally miss something? Thanks! James
Re: First time home made rule not doing what I was thinkin....
On Thu, 2005-11-10 at 20:02 -0700, James Lay wrote: Here's the rule: body GATEWAY_001 /tripod\.com/i score 5 describe match tripod.com Here's the result: Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2 -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001 scantime=0.6,size=1213,user=spamfilter,uid=1004,required_score=3.4,rhost=localhost,raddr=127.0.0.1,rport=/var/spool/spamfilter/spamd,mid=[EMAIL PROTECTED],bayes=0,autolearn=ham Did I totally miss something? Thanks! James It's probably working as expected. It scored 5 for your rule (presumably), then subtracted something for BAYES_00 and subtracted another amount for ALL_TRUSTED (the amounts depend on if you're using bayes and if network tests are enabled). Also, it would appear the From: address is in the auto whitelist. Did you send a test message from your local machine, perhaps, or is this a score on a real message with all original email headers intact? -Bill
some email not getting scaned
I have a user that gets a lot of spam and sometimes the spam doesn't have any spam-* information written to the header. spamd quits scanning and writes to the log handled cleanup of child pid 8036 I understand it kills itself for memory mgmt purposes but it does it before it writes the header information to the email is this a bug? -chris begin:vcard fn:Christian Motta n:Motta;Christian org:Agweb Inc adr:;;P.O. Box 7443;Chico;CA;95927;us email;internet:[EMAIL PROTECTED] tel;work:530 893 2388 tel;fax:530 893 0271 tel;cell:530 521 4324 x-mozilla-html:TRUE url:http://www.agweb.net version:2.1 end:vcard
Re: some email not getting scaned * More Information
Follow-up with more info ***Sry if you got this twice - I attached the spam to the last one which would triger this email as spam*** logs Nov 10 18:57:00 localhost sendmail[19433]: jAB2ubrF019433: from=[EMAIL PROTECTED], size=12662, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=SMTP, daemon=MTA, relay=y180204.ppp.dion.ne.jp [219.108.180.204] Nov 10 18:57:00 localhost sendmail[19433]: jAB2ubrF019433: Milter add: header: X-Virus-Scanned: ClamAV 0.87.1/1168/Thu Nov 10 10:23:40 2005 on agwebinc.com Nov 10 18:57:00 localhost sendmail[19433]: jAB2ubrF019433: Milter add: header: X-Virus-Status: Clean Nov 10 18:57:00 localhost spamd[14010]: connection from localhost.localdomain [127.0.0.1] at port 40590 Nov 10 18:57:00 localhost spamd[14010]: info: setuid to [EMAIL PROTECTED] succeeded Nov 10 18:57:00 localhost spamd[14010]: processing message [EMAIL PROTECTED] for [EMAIL PROTECTED]:622. Nov 10 18:57:07 localhost spamd[14005]: server hit by SIGCHLD Nov 10 18:57:07 localhost spamd[14005]: handled cleanup of child pid 14010 Nov 10 18:57:07 localhost spamd[14005]: server successfully spawned child process, pid 19459 Nov 10 18:57:07 localhost sendmail[19445]: jAB2ubrF019433: to=[EMAIL PROTECTED], delay=00:00:24, xdelay=00:00:07, mailer=local, pri=42964, dsn=2.0.0, stat=Sent spam email header From [EMAIL PROTECTED] Thu Nov 10 18:57:00 2005 Return-Path: [EMAIL PROTECTED] Received: from y180204.ppp.dion.ne.jp (y180204.ppp.dion.ne.jp [219.108.180.204]) by agwebinc.com (8.13.4/8.13.4) with SMTP id jAB2ubrF019433 for [EMAIL PROTECTED]; Thu, 10 Nov 2005 18:56:43 -0800 Received: from localhost.localdomain (219.108.180.204 [219.108.180.204]) by 12.183.180.68 with ESMTP id e92si29[7]qbe.2005.25.64.32.97.74; Thu, 10 Nov 2005 18:56:50 -0800 Message-ID: [EMAIL PROTECTED] Date: Thu, 10 Nov 2005 18:56:50 -0800 From: Marguerite Raines [EMAIL PROTECTED] X-PGP-Key: xCR1TUCwnNulvysY4G6B8KeCWribguB5w7Ww494TaDyFDsSoErElPCnSPuD6XDoS== X-Mime-Key: Base64 (0uOSGfEsuxtXnz4mTtt02twRdRdm) X-Yahoo-ID: autosuggestible MIME-Version: 1.0 To: [EMAIL PROTECTED] X-Authentication-Warning: localhost.localdomain: apache set sender to [EMAIL PROTECTED] using -f Subject: sup #04 Content-Type: multipart/related; boundary=NOaP77813051.PortA X-Virus-Scanned: ClamAV 0.87.1/1168/Thu Nov 10 10:23:40 2005 on agwebinc.com X-Virus-Status: Clean This is a multi-part message in MIME format. --NOaP77813051.PortA Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit thx chris Christian Motta wrote: I have a user that gets a lot of spam and sometimes the spam doesn't have any spam-* information written to the header. spamd quits scanning and writes to the log handled cleanup of child pid 8036 I understand it kills itself for memory mgmt purposes but it does it before it writes the header information to the email is this a bug? -chris
Re: First time home made rule not doing what I was thinkin....
James Lay wrote: Here's the rule: bodyGATEWAY_001 /tripod\.com/i score 5 describematch tripod.com Here's the result: Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2 -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001 scantime=0.6,size=1213,user=spamfilter,uid=1004,required_score=3.4,rhost=localhost,raddr=127.0.0.1,rport=/var/spool/spamfilter/spamd,mid=[EMAIL PROTECTED],bayes=0,autolearn=ham Did I totally miss something? Thanks! James You want this: bodyGATEWAY_001 /tripod\.com/i score GATEWAY_001 5 describeGATEWAY_001 match tripod.com signature.asc Description: OpenPGP digital signature
Re: First time home made rule not doing what I was thinkin....
Here's the rule: body GATEWAY_001 /tripod\.com/i Here's the result: Nov 9 13:42:03 gateway spamd[17880]: spamd: result: . -2 -ALL_TRUSTED,AWL,BAYES_00,GATEWAY_001 Did I totally miss something? Thanks! May deprnd on what you expected. That says your rule hit on something. Hopefully it contained 'tripod.com' someplace in the message. It also hit bayes_00, which says it is pure ham, so got about -3 points. It also hit all_trusted, saying it came from a trusted host, so got some negative score since that host isn't expected to originate spam. If this was a test message you sent yourself these last two hits may be reasonable. If it was a spam message, these last two hits indicate configuration problems and bayes training problems. Assuming you are going for Leo's latest spams, you could better write your rule as uri GATEWAY_001/\.tripod\.com\b/i This will make sure you don't get a hit on some random text like It stood on a tripod.Comments anyone? Loren
User level Spam Rule with GUI
Hello All, We are using Qmail and using spamassessin for spam control. Any one know ? How to inplement user/domain level spamassassin ? Can we provde GUI for the same ?-- M.A.ShaikhLinux System Administrator