Re: bayes_seen and bayes_toks DB size
Ok, that's a perfect answer to my questions..I didn't think of the DB preallocation. Thanks! Steven On Jan 26, 2006, at 4:45 PM, Theo Van Dinter wrote: On Thu, Jan 26, 2006 at 10:52:20AM +0100, Steven Moix wrote: I'm currently running a mail server with Postfix + amavsid-new + SA 3.1 with a global bayesian filtering and auto-learn enabled. It works perfectly except that since some days I notice that my bayes_seen and bayes_toks databases are not growing anymore...let's have a look at the current status (size in bytes, date, file): Yeah, that's perfectly fine. Berkeley DB expands the file when it needs to, but preallocates space to be more efficient for new entries. This works well, but makes it difficult to get the space back since the DB file stays the same size even if you delete all the entries -- which is why SA has to build a new DB, copy over entries, then delete and swap, whenever we do an expire. I also tried to increse the bayes_expiry_max_db_size from 15 to 50 but it didn't change anything... That setting tells SA to let more tokens go into the DB, but we leave managing the DB file to Berkeley DB so it'll expand when it has to expand. -- Randomly Generated Tagline: Aiee! - Linux kernel error message
Configuration issue
Hi all, I have spamassassin 2.64 running on a SuSE Enterprise 9 running postfix as smtpd. My spamassassin system is leaking most spam messages (60-80%) without tagging them. I have done some configuration tests: # spamassassin --lint gives no output error. # spamassassin /tmp/spam-message [...] Subject: *SPAM* Special Alert to Investors Date: Sat, 28 Jan 2006 00:22:23 + Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on trueno.fresh-it.com X-Spam-Level: * X-Spam-Status: Yes, hits=9.7 required=4.0 tests=BAYES_99,DATE_IN_FUTURE_12_24, MIME_BASE64_TEXT autolearn=no version=2.64 X-Spam-Report: * 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 3.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date [...] # spamc -R /tmp/spam-message [...] Content analysis details: (8.6 points, 4.0 required) pts rule name description -- -- 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date The args passed to spamd are: SPAMD_ARGS=-d -c -a -L Finally, the message reaches the inbox mail client untagged as spam. What I am doing wrong? Thank you.
RE: New RDJ configs..
Chris
That seemed to work ta - I'll me a little more careful with editing next
time...
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
-Original Message-
From: Chris Thielen [mailto:[EMAIL PROTECTED]
Sent: 26 January 2006 17:29
To: Martin Hepworth
Cc: 'SpamAssassin Users'
Subject: Re: New RDJ configs..
Martin Hepworth wrote:
Hi all (and Chris Thielen specifically)
I'm try to create some new RDJ config sets ... here's an example
JG_badhosts=9006;
CF_URLS[9006]=http://files.grayonline.id.au/rules/local_badhosts.
cf;
CF_NAMES[9006]=James Gray's badhost rules;
PARSE_NEW_VER_SCRIPTS[9006]=${PERL} -ne 'print if
/^\s*#.*(version|rev|revision
|,v)[:\.\s]*[0-9]/i ;' | sort | tail -1;
#CF_MUNGE_SCRIPTS[9006]=nothing for this ruleset.;
(watch those line breaks!)
Anyway when IO run RDJ with this In the trusted ruleset I get the
following
file in /etc/mail/spamsassassin
local_badhosts.cf.2
(NB the .2 at the end of filename)
Why?
In /etc/mail/spamsassassin/RulesDuJour the filename is correct with the
.cf
at the end not the .2?
Hi Martin,
Add a CF_FILES[9006]=local_badhosts.cf to your conf file; that should
do the trick. Give that a shot and let me know.
Chris
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**
SA_TIMED_OUT
Hi,
The Amavis is generated this error in /var/log/maillog:
Jan 27 04:03:40 jacaranda amavis[26216]: (26216-01) SA TIMED OUT,
backtrace: at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line
1846\n\teval {...} called at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line
1846\n\tMail::SpamAssassin::BayesStore::DBM::tok_unpack('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)',
'undef') called at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line
851\n\tMail::SpamAssassin::BayesStore::DBM::tok_get('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)',
'-\\x{ce}\\x{f3}7\\x{cb}') called at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line
1333\n\tMail::SpamAssassin::BayesStore::DBM::tok_sync_counters('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)',
0, 1, 1138341789, '-\\x{ce}\\x{f3}7\\x{cb}') called at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line
1044\n\tMail::SpamAssassin::BayesStore::DBM::mult...
Any idea? What's happening?
How to fix?
Tks a lot,
Clóvis
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: mailto:[EMAIL PROTECTED] http://www.agr.unicamp.br
Fone(0xx19) 37881031-37881038 ou FAX(55xx19) 37881005/37881010
Re: Configuration issue
X-Spam-Status: Yes, hits=9.7 required=4.0 This says it is spam. The X-Spam-Report also says that. It would seem you have aproblem in Postfix, that it is doing something wrong with the message. Loren
Re: SA_TIMED_OUT
Looks like Amvis thought an SA transaction was taking too long. The backtrace seems to indicate that SA was in Bayes. I suspect that you have a fairly large bayes database, and this user got hit with a bayes expiry run. Since Amvis killed SA before this could complete, it will probably keep happening to a lot of messages until the update can happen. You can turn off auto-expiry and set up a cron job to do it every so often. Loren
Re: SA_TIMED_OUT
Hi Loren, Loren Wilton wrote: Looks like Amvis thought an SA transaction was taking too long. The backtrace seems to indicate that SA was in Bayes. I suspect that you have a fairly large bayes database, and this user got hit with a bayes expiry run. Since Amvis killed SA before this could complete, it will probably keep happening to a lot of messages until the update can happen. You can turn off auto-expiry and set up a cron job to do it every so often. I have try, i will edit local.cf and setup bayes_auto_expire to 0. It's correct? Thanks a lot, Clvis -- Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola Administrador de Redes - Secao de Informatica (SINFO) E-mail: mailto:[EMAIL PROTECTED] http://www.agr.unicamp.br Fone(0xx19) 37881031-37881038 ou FAX(55xx19) 37881005/37881010
RE: Configuration issue
In what way is a postfix issue?. I guess the usual message flow is postfix - amavis - spamassassin - postfix - imap_user_inbox Why would postfix rewrite the subject of a message already tagged with SPAM -Mensaje original- De: Loren Wilton [mailto:[EMAIL PROTECTED] Enviado el: viernes, 27 de enero de 2006 13:49 Para: users@spamassassin.apache.org Asunto: Re: Configuration issue X-Spam-Status: Yes, hits=9.7 required=4.0 This says it is spam. The X-Spam-Report also says that. It would seem you have aproblem in Postfix, that it is doing something wrong with the message. Loren
Re: Configuration issue
Do you run amavisd-new (which is shipped with SLES9, I think) If you do, there's the culprit: amavisd-new does its own spam testing using the spamassassin code directly (not via spamc/spamd) Details can be found at http://www.ijs.si/software/amavisd/#faq-spam Likey you didn't configure amavisd-new correctly, so there you are. Dirk Jaime Aguado schrieb: Hi all, I have spamassassin 2.64 running on a SuSE Enterprise 9 running postfix as smtpd. My spamassassin system is leaking most spam messages (60-80%) without tagging them. I have done some configuration tests: # spamassassin --lint gives no output error. # spamassassin /tmp/spam-message [...] Subject: *SPAM* Special Alert to Investors Date: Sat, 28 Jan 2006 00:22:23 + Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on trueno.fresh-it.com X-Spam-Level: * X-Spam-Status: Yes, hits=9.7 required=4.0 tests=BAYES_99,DATE_IN_FUTURE_12_24, MIME_BASE64_TEXT autolearn=no version=2.64 X-Spam-Report: * 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 3.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date [...] # spamc -R /tmp/spam-message [...] Content analysis details: (8.6 points, 4.0 required) pts rule name description -- -- 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date The args passed to spamd are: SPAMD_ARGS=-d -c -a -L Finally, the message reaches the inbox mail client untagged as spam. What I am doing wrong? Thank you.
Re: Configuration issue
Jaime, btw: any special reason you plan to use SA 2.64 with local tests only? I'd recommend upgrading to the latest and greatest stable version which can be found (as RPMs for SLES9 on Intel) at http://ftp.suse.com/pub/people/choeger/spamassassin/i386/sles9/ Take care as the config requires changes in some places. If you use amavisd-new then enable network tests (or disable the local-tests-only-option) in the amavis config HTH Dirk Jaime Aguado schrieb: Hi all, I have spamassassin 2.64 running on a SuSE Enterprise 9 running postfix as smtpd. My spamassassin system is leaking most spam messages (60-80%) without tagging them. I have done some configuration tests: # spamassassin --lint gives no output error. # spamassassin /tmp/spam-message [...] Subject: *SPAM* Special Alert to Investors Date: Sat, 28 Jan 2006 00:22:23 + Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on trueno.fresh-it.com X-Spam-Level: * X-Spam-Status: Yes, hits=9.7 required=4.0 tests=BAYES_99,DATE_IN_FUTURE_12_24, MIME_BASE64_TEXT autolearn=no version=2.64 X-Spam-Report: * 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 3.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date [...] # spamc -R /tmp/spam-message [...] Content analysis details: (8.6 points, 4.0 required) pts rule name description -- -- 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date The args passed to spamd are: SPAMD_ARGS=-d -c -a -L Finally, the message reaches the inbox mail client untagged as spam. What I am doing wrong? Thank you.
Re: SA_TIMED_OUT
You can turn off auto-expiry and set up a cron job to do it every so often. I have try, i will edit local.cf and setup /bayes_auto_expire/ to 0. It's correct? Thanks a lot, Clóvis Yes, and here is a sample cron job: http://www200.pair.com/mecham/spam/bayes-maint.txt Also, you can simply give spamassassin more time to process. In amavisd.conf, set: $sa_timeout = 60; # default is 30 seconds. Gary V _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Configuration issue
Jaime Aguado wrote: Hi all, I have spamassassin 2.64 running on a SuSE Enterprise 9 running postfix as smtpd. My spamassassin system is leaking most spam messages (60-80%) without tagging them. I have done some configuration tests: # spamassassin --lint gives no output error. # spamassassin /tmp/spam-message [...] Subject: *SPAM* Special Alert to Investors Date: Sat, 28 Jan 2006 00:22:23 + Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on trueno.fresh-it.com X-Spam-Level: * X-Spam-Status: Yes, hits=9.7 required=4.0 tests=BAYES_99,DATE_IN_FUTURE_12_24, MIME_BASE64_TEXT autolearn=no version=2.64 X-Spam-Report: * 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding * 3.3 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date [...] # spamc -R /tmp/spam-message [...] Content analysis details: (8.6 points, 4.0 required) pts rule name description -- -- 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 1.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.2 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date The args passed to spamd are: SPAMD_ARGS=-d -c -a -L Finally, the message reaches the inbox mail client untagged as spam. What I am doing wrong? Your tests are being run as the root user, what user is your mail being scanned as? Unless you're using a bayes_path declaration, the bayes databases could be different, resulting in different scores. Also, for what it's worth, it's generally bad form for spamd to scan mail as root. SA 3.x actualy refuses to do so and if you try will wind up using the nobody user.
inconsistant spam tagging
dear spamassassin list, this question regards using SA via sun's JES which has a spamassassin library, but any ideas from this list would be appreciated: here's how spam looks in my spam folder from sun's uwc (imap/http webmail client): [SPAM detected True ; 25.0 / 5.0] The Ultimate Online Pharmaceutical [SPAM detected True ; 18.7 / 5.0] Impress your target audience with your unique logo 7.1 [SPAM detected True ; 9.2 / 5.0] Report For Traders notice the last message has a numeric score before the bracket (but not the score that's in the brackert)... this happens to about one out of 6 spam messages. here is my option.dat for SA - unpatched 2005Q4/Sol 9 sparc !for Spamassassin spamfilter_config_file=/var/opt/SUNWmsgsr/config/spamassassin.o pt spamfilter_library=/opt/SUNWmsgsr/lib/libspamass.so spamfilter_optional =1 spamfilter_string_action=data:,require [fileinto]; fileinto SPAM;[addheader ];addtag [SPAM detected $U];addheader X-Spam-Level: $U; thanks, s7
inconsistant spam tagging
dear spamassassin list, this question regards using SA via sun's JES which has a spamassassin library, but any ideas from this list would be appreciated: here's how spam looks in my spam folder from sun's uwc (imap/http webmail client): [SPAM detected True ; 25.0 / 5.0] The Ultimate Online Pharmaceutical [SPAM detected True ; 18.7 / 5.0] Impress your target audience with your unique logo 7.1 [SPAM detected True ; 9.2 / 5.0] Report For Traders notice the last message has a numeric score before the bracket (but not the score that's in the brackert)... this happens to about one out of 6 spam messages. here is my option.dat for SA - unpatched 2005Q4/Sol 9 sparc !for Spamassassin spamfilter_config_file=/var/opt/SUNWmsgsr/config/spamassassin.o pt spamfilter_library=/opt/SUNWmsgsr/lib/libspamass.so spamfilter_optional =1 spamfilter_string_action=data:,require [fileinto]; fileinto SPAM;[addheader ];addtag [SPAM detected $U];addheader X-Spam-Level: $U; thanks, s7
Re: inconsistant spam tagging
[EMAIL PROTECTED] wrote: dear spamassassin list, this question regards using SA via sun's JES which has a spamassassin library, but any ideas from this list would be appreciated: here's how spam looks in my spam folder from sun's uwc (imap/http webmail client): [SPAM detected True ; 25.0 / 5.0] The Ultimate Online Pharmaceutical [SPAM detected True ; 18.7 / 5.0] Impress your target audience with your unique logo 7.1 [SPAM detected True ; 9.2 / 5.0] Report For Traders notice the last message has a numeric score before the bracket (but not the score that's in the brackert)... this happens to about one out of 6 spam messages. here is my option.dat for SA - unpatched 2005Q4/Sol 9 sparc !for Spamassassin spamfilter_config_file=/var/opt/SUNWmsgsr/config/spamassassin.o pt spamfilter_library=/opt/SUNWmsgsr/lib/libspamass.so spamfilter_optional =1 spamfilter_string_action=data:,require [fileinto]; fileinto SPAM;[addheader ];addtag [SPAM detected $U];addheader X-Spam-Level: $U; thanks, s7 This is the second time today this was posted to this list. My guess as to why you havent gotten an answer is because this is not an SA question but rather a sun JES (whatever that is) question. Do they have a mailing list or other method of support? -Jim
RE: inconsistant spam tagging
[EMAIL PROTECTED] wrote: 7.1 [SPAM detected True ; 9.2 / 5.0] Report For Traders ... spamfilter_string_action=data:,require [fileinto]; fileinto SPAM;[addheader ];addtag [SPAM detected $U];addheader X-Spam-Level: $U; An uneducated guess... Perhaps there's another addtag later on in your config (unrelated to SpamAssassin) that just adds a number? The 7.1 doesn't seem to be coming from SpamAssassin at all. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Pump and Dump SARE rules
http://rulesemporium.com/rules/70_sare_stocks.cf Is the latest addition to the SARE rule sets. -Doc (SARE Ninja)
Re: Configuration issue
Actually I'd suspect it was amavis doing the rewriting. I understand
it simply uses SA as a score mechanism and discards its markups unless
you tell it otherwise somehow.
Either way it's not an SA issue so you can expect confusion here.
{^_^}
- Original Message -
From: Jaime Aguado [EMAIL PROTECTED]
In what way is a postfix issue?. I guess the usual message flow is
postfix - amavis - spamassassin - postfix - imap_user_inbox
Why would postfix rewrite the subject of a message already tagged with
SPAM
-Mensaje original-
De: Loren Wilton [mailto:[EMAIL PROTECTED]
X-Spam-Status: Yes, hits=9.7 required=4.0
This says it is spam. The X-Spam-Report also says that.
It would seem you have aproblem in Postfix, that it is doing something wrong
with the message.
Loren
Re: No X-Spam-Status (sa_tag_level_deflt = -100.0)
Am Freitag, 27. Januar 2006 00:52 schrieb Gary V: The only configurable header field is the X-Virus-Scanned ($X_HEADER_TAG, $X_HEADER_LINE), other are not configurable, I found a workaround to find out which machine wrote the X-Spam-Status. I use different values for sa_tag_level_deflt Al
Exim 4.60 SA 3.1.0 Issues [Update]
I just wanted to take a few moments to update everyone here on my trials and tribulations on getting SA to work using Exim 4.60 or several previous versions. As I wrote in my lastemail, and just to give a quick refresher, I have had problems successfully running SA 3.1.0 and Exim 4.60 together. When both services are started using the "service exim restart" and "spamd -d -c -m 5" commands, everything seems to intially work great. The few emails that come through show that they have been scanned with spamblocker (Jeff Lasman's creation) and also show that they have been scanned with SpamAssassin with a 2.5 level rating. However I immediately notice an instant decrease in overall general email. Upon checking my /var/log/exim/mainlog I immediately see that exim is havings problems with BSMTP data timeout errors. Here is a clip of my logfile from 11pm last night when I had restarted the spamd service. Beneath that is a clip of the log from 6pm this evening without the spamd service running: * 01-26-2006 * 2006-01-26 21:08:54 SMTP data timeout (message abandoned) on connection from local process F=[EMAIL PROTECTED]2006-01-26 21:08:54 1F2H3A-0008I1-G1 [EMAIL PROTECTED]: spamcheck transport output: An error was detected while processing a file of BSMTP input.2006-01-26 21:08:54 1F2H3A-0008I1-G1 == [EMAIL PROTECTED] R=spamcheck_director T=spamcheck defer (0): transport filter timeout while writing to pipe2006-01-26 21:08:54 SMTP connection from mail lost while reading message data (header)2006-01-26 21:08:54 1F2Gsa-0008CE-Bc [EMAIL PROTECTED]: spamcheck transport output: An error was detected while processing a file of BSMTP input.2006-01-26 21:08:54 1F2Gsa-0008CE-Bc == [EMAIL PROTECTED] R=spamcheck_director T=spamcheck defer (0): transport filter timeout while writing to pipe * 01-27-2006 * 2006-01-27 17:59:45 1F2cZF-0002LZ-3r = [EMAIL PROTECTED] H=mta190.mail.mud.yahoo.com [68.142.202.138] P=smtp S=1624 T="Yahoo! Auto Response" from [EMAIL PROTECTED] for [EMAIL PROTECTED]2006-01-27 17:59:48 1F2cZF-0002Ld-A1 = [EMAIL PROTECTED] U=mail P=spam-scanned S=1890 T="Yahoo! Auto Response" from [EMAIL PROTECTED] for [EMAIL PROTECTED]2006-01-27 17:59:48 1F2cZF-0002Ld-A1 = barbara [EMAIL PROTECTED] F=[EMAIL PROTECTED] R=virtual_user T=virtual_localdelivery S=20742006-01-27 17:59:48 1F2cZF-0002Ld-A1 Completed2006-01-27 17:59:48 1F2cZF-0002LZ-3r = barbara [EMAIL PROTECTED] F=[EMAIL PROTECTED] R=spamcheck_director T=spamcheck S=17062006-01-27 17:59:48 1F2cZF-0002LZ-3r Completed As you can tell there is a major difference in what is happening. With SpamAssassin running, I'm having *LOTS* of SMTP data timeouts being written to the exim log. The symptoms are still the same with users intermittently not getting or being able to send email. In some cases as it is above, people in the same office who use my server are unable to send or forward email to one another. After getting intial thoughts and suggestions from those here on the list, I began implimenting some of them with no luck. Here is what I tried: - Downgraded to Exim 4.54 running SpamAssassin 3.1.0 (Did not work) - Downgraded to Exim 4.53 running SpamAssassin 3.1.0 (Did not work) - Downgraded to earlier versions of Exim earlier versions of SpamAssassin, 3.0.0 and earlier. (Did not work) - Used the latest version of Exim with earlier versions of SpamAssassin going back to 2.6x (Did not work) - Added "timeout_defer" and "ignore_status" to the exim.conf. (Did not work) - Checked for "blacklist-uri.cafe", "blacklist.cf" to possibly remove them. (Did not find these) - Checked normal system load averages. Load averages are 0.01/0.0/0.0. - Checked CPU memory usage. CPU usage is very low, less than 2% normally and memory at 1GB is not over utilized. - Checked to make sure I am NOT using MySQL for Bayes DB's. Currently I am out of options on what to do. Jeff Lasman's spamblocker is doing a good job blocking alot of spam, but there is still a good bit getting through being delievered right to client's inboxes. Several clients have wanted me to do something about this and I would love to oblige those clients by getting another layer of spamprotection working again. What bothers me is that when I orginially was running Exim 4.53 SpamAssassin 2.6 everything was working *GREAT*. But now it's not, even if I downlograde. Thoughts? Suggestions? Comments?
Bayes+SQL
How much diskspace do you need for your database and how many users do you have? Bye, Aiko -- Aiko Barz [EMAIL PROTECTED] Web: http://www.haeckser.de signature.asc Description: OpenPGP digital signature
hey john spam
This is a new one for me. Today I've received some mail with hey john in the subject, and the mail otherwise appears blank. It didn't contain a virus, or it would've been discarded by ClamAV. Are these familiar to you guys? What's the point of them? Headers of one below: Thanks! - John Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from ln (unknown [217.96.67.109]) by wa9als.com (Postfix) with SMTP id 4AD4D33E60D for [EMAIL PROTECTED]; Fri, 27 Jan 2006 16:54:33 -0500 (EST) Message-ID: [EMAIL PROTECTED] From: Medeiros Pablo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hey john Date: Fri, 27 Jan 2006 22:58:47 -0800 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_000E_01C62395.3B540860 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.88/1254/Fri Jan 27 12:22:39 2006 signatures 35.1254 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on Luke.wa9als.com X-Spam-Level: ** X-Spam-Status: No, score=2.3 required=5.0 tests=BAYES_60,DATE_IN_FUTURE_06_12 autolearn=no version=3.0.3 Status: X-Antivirus: AVG for E-mail 7.1.375 [267.14.23/243]
Re: hey john spam
This is a new one for me. Today I've received some mail with hey john in the subject, and the mail otherwise appears blank. It didn't contain a virus, or it would've been discarded by ClamAV. Are these familiar to you guys? What's the point of them? Headers of one below: Thanks! - John It sounds like the rash of them I received today with hey postmaster in the subject line (postmaster was extracted from the email address the message was sent to, as it seems with john in the subject line of yours) and an embedded pornographic image. I don't think SA picked them up as spam, but then my server was acting pretty wonky today.
Re: hey john spam
John Fleming wrote: This is a new one for me. Today I've received some mail with hey john in the subject, and the mail otherwise appears blank. It didn't contain a virus, or it would've been discarded by ClamAV. Are these familiar to you guys? What's the point of them? Headers of one below: Thanks! - John I've been seeing a lot of these over the last two days. In each case it's hey LHS-of-address So I've seen a lot of hey kelson and hey webmaster. I thought hey postmaster was funny, but then I saw hey mailer-daemon Most of them have been blank, like the one you saw. What's interesting is that they aren't actually empty -- they're multipart/alternative messages containing both HTML and plaintext parts -- it's just that there's no content in either of them. I did see one that had some text and an attached image, but I didn't pay much attention to it and discarded it after training Bayes reporting to Razor. Nothing really stood out about it, so I don't remember the topic, and I'm not 100% certain it was one of these and not another piece of spam that showed up in the search for Subject: hey My guess is that it's just a broken or misconfigured mailer. It's sending incorrectly, or the spammer forgot to paste in the body of the message, or something. -- Kelson Vibber SpeedGate Communications www.speed.net
Re: hey john spam
On Fri, 2006-01-27 at 17:13 -0800, Kelson wrote: John Fleming wrote: This is a new one for me. Today I've received some mail with hey john in the subject, and the mail otherwise appears blank. It didn't contain a virus, or it would've been discarded by ClamAV. Are these familiar to you guys? What's the point of them? Headers of one below: Thanks! - John I've been seeing a lot of these over the last two days. In each case it's hey LHS-of-address So I've seen a lot of hey kelson and hey webmaster. I thought hey postmaster was funny, but then I saw hey mailer-daemon Most of them have been blank, like the one you saw. What's interesting is that they aren't actually empty -- they're multipart/alternative messages containing both HTML and plaintext parts -- it's just that there's no content in either of them. I did see one that had some text and an attached image, but I didn't pay much attention to it and discarded it after training Bayes reporting to Razor. Nothing really stood out about it, so I don't remember the topic, and I'm not 100% certain it was one of these and not another piece of spam that showed up in the search for Subject: hey My guess is that it's just a broken or misconfigured mailer. It's sending incorrectly, or the spammer forgot to paste in the body of the message, or something. I wonder if perhaps it's just some sort of probe. Maybe they send out a bunch of them and then make a note of the ones which don't bounce. Those are then used for the real spam. Thoughts? TC
Re: hey john spam
From: John Fleming [EMAIL PROTECTED]
This is a new one for me. Today I've received some mail with hey john in
the subject, and the mail otherwise appears blank. It didn't contain a
virus, or it would've been discarded by ClamAV.
Are these familiar to you guys? What's the point of them? Headers of one
below: Thanks! - John
Return-Path: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from ln (unknown [217.96.67.109])
by wa9als.com (Postfix) with SMTP id 4AD4D33E60D
for [EMAIL PROTECTED]; Fri, 27 Jan 2006 16:54:33 -0500 (EST)
Message-ID: [EMAIL PROTECTED]
From: Medeiros Pablo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: hey john
Date: Fri, 27 Jan 2006 22:58:47 -0800
MIME-Version: 1.0
Content-Type: multipart/related;
type=multipart/alternative;
boundary==_NextPart_000_000E_01C62395.3B540860
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Virus-Status: No
X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with
ClamAV 0.88/1254/Fri Jan 27 12:22:39 2006 signatures 35.1254
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on Luke.wa9als.com
X-Spam-Level: **
X-Spam-Status: No, score=2.3 required=5.0
tests=BAYES_60,DATE_IN_FUTURE_06_12
autolearn=no version=3.0.3
Status:
X-Antivirus: AVG for E-mail 7.1.375 [267.14.23/243]
Yeah, I have seen at least two today. It's fishing for valid addresses.
{^_^}
Re: hey john spam
Funny . I am reading thid and then I get one with the. Subject Hey mdm. Spooky Regards, Michael Di Martino Director of MIS The telx Group Office: 212 480 3300 X.2022 Cell: 646 207 6603 [EMAIL PROTECTED] -- Sent from my BlackBerry Wireless Handheld -Original Message- From: Thomas Cameron [EMAIL PROTECTED] To: Spamassassin users@spamassassin.apache.org Sent: Fri Jan 27 21:07:11 2006 Subject: Re: hey john spam On Fri, 2006-01-27 at 17:13 -0800, Kelson wrote: John Fleming wrote: This is a new one for me. Today I've received some mail with hey john in the subject, and the mail otherwise appears blank. It didn't contain a virus, or it would've been discarded by ClamAV. Are these familiar to you guys? What's the point of them? Headers of one below: Thanks! - John I've been seeing a lot of these over the last two days. In each case it's hey LHS-of-address So I've seen a lot of hey kelson and hey webmaster. I thought hey postmaster was funny, but then I saw hey mailer-daemon Most of them have been blank, like the one you saw. What's interesting is that they aren't actually empty -- they're multipart/alternative messages containing both HTML and plaintext parts -- it's just that there's no content in either of them. I did see one that had some text and an attached image, but I didn't pay much attention to it and discarded it after training Bayes reporting to Razor. Nothing really stood out about it, so I don't remember the topic, and I'm not 100% certain it was one of these and not another piece of spam that showed up in the search for Subject: hey My guess is that it's just a broken or misconfigured mailer. It's sending incorrectly, or the spammer forgot to paste in the body of the message, or something. I wonder if perhaps it's just some sort of probe. Maybe they send out a bunch of them and then make a note of the ones which don't bounce. Those are then used for the real spam. Thoughts? TC
How to fix the SA lint errors?
I am using SA 3.0.4. Not sure why these errors are occuring, # spamassassin --lint config: SpamAssassin failed to parse line, skipping: P_6_ALPH_L + __GAP_7_ALPH_L + __GAP_8_ALPH_L + __GAP_9_ALPH_L + __GAP_10_ALPH_L = 5) config: SpamAssassin failed to parse line, skipping: P_6_ALPH_R + __GAP_7_ALPH_R + __GAP_8_ALPH_R + __GAP_9_ALPH_R + __GAP_10_ALPH_R = 5) config: SpamAssassin failed to parse line, skipping: P_6_ALPH_B + __GAP_7_ALPH_B + __GAP_8_ALPH_B + __GAP_9_ALPH_B + __GAP_10_ALPH_B = 5) config: SpamAssassin failed to parse line, skipping: HARB + __GAP_8_CHARB + __GAP_9_CHARB + __GAP_10_CHARB = 5) config: SpamAssassin failed to parse line, skipping: P_6_ALPH_L + __GAP_7_ALPH_L + __GAP_8_ALPH_L + __GAP_9_ALPH_L + __GAP_10_ALPH_L + __GAP_1_ALPH_R + __GAP_2_ALPH_R + __GAP_ config: SpamAssassin failed to parse line, skipping: 3_ALPH_R + __GAP_4_ALPH_R + __GAP_5_ALPH_R + __GAP_6_ALPH_R + __GAP_7_ALPH_R + __GAP_8_ALPH_R + __GAP_9_ALPH_R + __GAP_10_ config: SpamAssassin failed to parse line, skipping: ALPH_R + __GAP_1_ALPH_B + __GAP_2_ALPH_B + __GAP_3_ALPH_B + __GAP_4_ALPH_B + __GAP_5_ALPH_B + __GAP_6_ALPH_B + __GAP_7_ALP config: SpamAssassin failed to parse line, skipping: H_B + __GAP_8_ALPH_B + __GAP_9_ALPH_B + __GAP_10_ALPH_B = 10) config: SpamAssassin failed to parse line, skipping: A + __GAP_7_WORDB 1) config: SpamAssassin failed to parse line, skipping: = 3) config: SpamAssassin failed to parse line, skipping: = 5) invalid regexp for rule __LISTKEYWORD: /(?:level|host|fr.|USD|CHF|EUR|euro|file|price|pieces|stück|save|artikel|server|Kbyte|Copy config: SpamAssassin failed to parse line, skipping: right)/i config: SpamAssassin failed to parse line, skipping: E + __GAP_2_CHAR + __GAP_3_CHAR + __GAP_4_CHAR + __GAP_5_CHAR + __GAP_6_CHAR + __GAP_7_CHAR + __GAP_8_CHAR + __GAP_9_CHAR config: SpamAssassin failed to parse line, skipping: + __GAP_10_CHAR + __GAP_4_WORD + __GAP_5_WORD + __GAP_6_WORDA + __GAP_6_WORDB + __GAP_7_WORDA + __GAP_7_WORDB + __GAP_ALPH config: SpamAssassin failed to parse line, skipping: _C + __GAP_POINT - (__SPAMREPORT * 4) + __RANDOM_CHARS_1 + __RANDOM_CHARS_2 + ((__RANDOM_CHARS_3 + __RANDOM_CHARS_4) * 2) config: SpamAssassin failed to parse line, skipping: - ((__HTMLCOMMENT + __PATHNAME + __GAP_ALPH_L + __GAP_ALPH_R + __GAP_ALPH_B + __GAP_ALPH_D + __TXTATTACH + __LISTKEYWORD + config: SpamAssassin failed to parse line, skipping: HTML_FONT_BIG)*2) - __GAP_NOWORD == 5) ! __HAVE_NOURI config: SpamAssassin failed to parse line, skipping: E + __GAP_2_CHAR + __GAP_3_CHAR + __GAP_4_CHAR + __GAP_5_CHAR + __GAP_6_CHAR + __GAP_7_CHAR + __GAP_8_CHAR + __GAP_9_CHAR config: SpamAssassin failed to parse line, skipping: + __GAP_10_CHAR + __GAP_4_WORD + __GAP_5_WORD + __GAP_6_WORDA + __GAP_6_WORDB + __GAP_7_WORDA + __GAP_7_WORDB + __GAP_ALPH config: SpamAssassin failed to parse line, skipping: _C + __GAP_POINT - (__SPAMREPORT * 4) + __RANDOM_CHARS_1 + __RANDOM_CHARS_2 + ((__RANDOM_CHARS_3 + __RANDOM_CHARS_4) * 2) config: SpamAssassin failed to parse line, skipping: - ((__HTMLCOMMENT + __PATHNAME + __GAP_ALPH_L + __GAP_ALPH_R + __GAP_ALPH_B + __GAP_ALPH_D + __TXTATTACH + __LISTKEYWORD + config: SpamAssassin failed to parse line, skipping: HTML_FONT_BIG)*2) - __GAP_NOWORD == 6) ! __HAVE_NOURI config: SpamAssassin failed to parse line, skipping: E + __GAP_2_CHAR + __GAP_3_CHAR + __GAP_4_CHAR + __GAP_5_CHAR + __GAP_6_CHAR + __GAP_7_CHAR + __GAP_8_CHAR + __GAP_9_CHAR config: SpamAssassin failed to parse line, skipping: + __GAP_10_CHAR + __GAP_4_WORD + __GAP_5_WORD + __GAP_6_WORDA + __GAP_6_WORDB + __GAP_7_WORDA + __GAP_7_WORDB + __GAP_ALPH config: SpamAssassin failed to parse line, skipping: _C + __GAP_POINT - (__SPAMREPORT * 4) + __RANDOM_CHARS_1 + __RANDOM_CHARS_2 + ((__RANDOM_CHARS_3 + __RANDOM_CHARS_4) * 2) config: SpamAssassin failed to parse line, skipping: - ((__HTMLCOMMENT + __PATHNAME + __GAP_ALPH_L + __GAP_ALPH_R + __GAP_ALPH_B + __GAP_ALPH_D + __TXTATTACH + __LISTKEYWORD + config: SpamAssassin failed to parse line, skipping: HTML_FONT_BIG)*2) - __GAP_NOWORD == 7) ! __HAVE_NOURI config: SpamAssassin failed to parse line, skipping: E + __GAP_2_CHAR + __GAP_3_CHAR + __GAP_4_CHAR + __GAP_5_CHAR + __GAP_6_CHAR + __GAP_7_CHAR + __GAP_8_CHAR + __GAP_9_CHAR config: SpamAssassin failed to parse line, skipping: + __GAP_10_CHAR + __GAP_4_WORD + __GAP_5_WORD + __GAP_6_WORDA + __GAP_6_WORDB + __GAP_7_WORDA + __GAP_7_WORDB + __GAP_ALPH config: SpamAssassin failed to parse line, skipping: _C + __GAP_POINT - (__SPAMREPORT * 4) + __RANDOM_CHARS_1 + __RANDOM_CHARS_2 + ((__RANDOM_CHARS_3 + __RANDOM_CHARS_4) * 2) config: SpamAssassin failed to parse line, skipping: - ((__HTMLCOMMENT + __PATHNAME + __GAP_ALPH_L + __GAP_ALPH_R + __GAP_ALPH_B + __GAP_ALPH_D + __TXTATTACH + __LISTKEYWORD + config: SpamAssassin failed to parse line, skipping: HTML_FONT_BIG)*2) - __GAP_NOWORD == 8) ! __HAVE_NOURI config: SpamAssassin failed to parse line, skipping: E + __GAP_2_CHAR +
