bayes DBM versus SQL

[Webmaster]

Those of you you have used both native DBM and new SQL bayesian, 
can you comment on benefits of one versus the other please.

Much appreciated!

Re: Any rule to flag missing message-id's as SPAM?

[Graham Murray]

Robert Nicholson <[EMAIL PROTECTED]> writes:

> Hi,
>
> Is there a rule that says that any message without a message-id is SPAM ie. 
> one who's SCORE I can increase.
>
> I've got a spammer sending messagegs without message-id's.

Just change the score for MSGID_FROM_MTA_ID. This rule will be hit
when the original message does not contain an message-id.

Any rule to flag missing message-id's as SPAM?

[Robert Nicholson]

Hi,Is there a rule that says that any message without a message-id is SPAM ie. one who's SCORE I can increase.I've got a spammer sending messagegs without message-id's.I have no problem with this being considered as SPAM. From: 	  [EMAIL PROTECTED]	Subject: 	Nate Crosswait	Date: 	February 17, 2006 3:13:02 AM GMT+07:00	To: 	  [EMAIL PROTECTED]	Received: 	(qmail 27913 invoked from network); 16 Feb 2006 20:13:12 -	Received: 	from smtpout07-01.prod.mesa1.secureserver.net (HELO smtpout07-04.prod.mesa1.secureserver.net) (64.202.165.230) by 64.34.193.12 with SMTP; 16 Feb 2006 20:13:12 -	Received: 	(qmail 6002 invoked from network); 16 Feb 2006 20:13:30 -	Received: 	from unknown (160.79.200.36) by smtpout07-04.prod.mesa1.secureserver.net (64.202.165.233) with ESMTP; 16 Feb 2006 20:13:30 -	Organization: 	Gregory Laka & Company	Mime-Version: 	1.0	Content-Type: 	multipart/alternative; boundary="=_NextPart_000_0102_01C63303.19449000"	X-Mailer: 	Microsoft Office Outlook, Build 11.0.5510	Thread-Index: 	AcYzNWNZBpGx8IOWT0itxKTkkm8czg==	X-Mimeole: 	Produced By Microsoft MimeOLE V6.00.2900.2180	Lines: 	198

Re: How to deinstall the old version of Spamassassin [v2.43] if I can't do it by make && make deinstall???

[jdow]

From: "Zarshedi H. Ismoilzoda" <[EMAIL PROTECTED]>

My FreeBSD version is 5.3.

I’m not familiar with Linux just learning it.

I installed Spamassassin [v2.43] but that version was old and I downloaded the new one [v 
3.1.0] and installed manually.


Now it is not correctly functioning because I didn’t deinstall the previous 
[v2.43].

How can I solve this problem???

May I deinstall manually or clear everything connected with Spamassassin [v2.43] from my 
OS so that I could install new (well functioning) version of it???


Please help…

<< jdow >>
We, this is the way I'd do it with my limited but non-zero knowledge
of 6.0 FreeBSD. First I would try to use the port or package system to
uninstall. If that failed I'd look in /usr/local/lib/perl5/site_perl. I'd
erradicate anything saying SpamAssassin. It is likely to be in a Mail
directory within site_perl. Both the SpamAssassin.pl and SpamAssassin
directory would go. Then I'd dig around for where the default rules are
stashed. On Linux that is /usr/share/spamassassin. FreeBSD may have
differences of opinion. Similarly I'd look in /etc/spamassassin or more
likely /etc/mail/spamassassin for "local.cf". Rename that puppy to
something safe and not ending in cf. It is worth consulting. It is not
worth reusing. I'd also figure out "which spamassassin", "which spamd",
and "which spamc". They go away, too. They'd typically be in /usr/bin.
Finally figure out where the spamassassin daemon is started in your setup
if it is. Or figure out how spamassassin itself is called by your MTA,
amavisd, or whatever. That may need repairing.

Then I'd use CPAN to install it if there is not a newer port or package
for spamassassin. For easier install using the port or package would be
best.

If might be productive to wait out a "find / -iname Spam* -print" to find
every place SpamAssassin may be stashed on your system. And a "find /
-iname *.cf -print" will find where the rules are stashed. The old rules
do need to be removed if the idea is to make a guaranteed clean install
for a newer SpamAssassin.

You will probably need to follow the upgrade help on the wiki to get
Bayes databases upgraded safely and properly. They may be worth saving.
If you really want to start over nuke them and retrain.

{^_^} 

Re: Automatically Updating Rules on Windows

[jdow]

Heh, I built my own bash script for updating. It is rude, crude, and
effective. If somebody develops an irrational ideological repulsion to
RDJ I can share it. I'd recommend RDJ. I'm just a hard core reactionary
who developed her script about the time RDJ was developed. I stopped
when it was "enough for me". RDJ kept developing.

{^_-}
- Original Message - 
From: "Bret Miller" <[EMAIL PROTECTED]>


Thanks to a recent post with a sample of how to download rules in Perl,
I managed to create a nice perl-based updating tool for SARE rules. Why?
Because for a lot of Windows admins, setting up a CYGWIN environment for
RulesDuJour was daunting.

I had a previous example of a Windows-based tool, but it required a lot
of setup work. We needed a simple, easy-to-use tool for this. So, here
it is.

This tool requires creating a working directory for downloading the
rules, setting some configuration information at the top of the script,
and scheduling the batch file. There's a readme file included with some
minimal information about the process.

Actually, since some of our list members prefer I don't attach this
stuff, you can get it from my mail tools page at
http://webmail.wcg.org/~support or directly
http://webmail.wcg.org/~support/RulesUpdater.zip. 


I'd consider this pre-release as I've only done minimal testing to make
sure it works as I expect it to. But I probably won't do any more work
on it unless someone else suggests it needs fixing or enhancement. So,
feel free to try it out...

And as usual, YMMV.

Bret

SA Howto question

[Abel Jeffcoat]

I don't mean to sound like a I repeat questions, so if this has been 
answered - I'm sorry.


Are there any good Howto documents on SA? In Particular running Qmail? I 
have been using SA for a while, but really want to learn how to use it 
to its fullest.


Any help would be appreciated.

Abel Jeffcoat

Re: Wiki and use_terse_report

[Matt Kettler]

Philip Prindeville wrote:
> I couldn't find any obvious indication of what "use_terse_report" has been
> replaced with...  Anyone?
report_template

RE: question on training spamassassin

[Webmaster]

 

> -Original Message-
> From: Matt Kettler [mailto:[EMAIL PROTECTED] 
> Sent: February 27, 2006 5:18 PM
> To: Jeff Portwine
> Cc: [EMAIL PROTECTED]; users@spamassassin.apache.org
> Subject: Re: question on training spamassassin
> 
> Jeff Portwine wrote:
> > Hmm.. I don't quite understand this.At my company, we 
> forward any
> > spam that gets through to [EMAIL PROTECTED] and any ham marked 
> as spam to 
> > [EMAIL PROTECTED] ... this was set up long ago before I 
> even started
> > working here and the spam filter worked really well.   Recently our
> > bayes database was broken and I ended up clearing it and 
> retraining it
> > with old spam and ham.   Since that time a lot of spams that were
> > getting through STOPPED getting through after a couple of days of 
> > forwarding them to the spam address... and I haven't seen any false
> > spams.So it seems like it does work for us, but you're saying it
> > shouldn't ?
> 
> Correct. It shouldn't work very well.
> 
> Also if your users are only or mostly forwarding spam, SA's 
> bayes is going to have a bayes bias that all messages 
> forwarded by your mail clients are spam, regardless of content.
> 
> 

Does this also mean that it is almost useless to share bayes from 
one server to the next if each server has its own set of hosted 
domains ?
Because if the headers play such an important role, spams targetting 
different sets of domains, I assume, are learned differently.

Re: sa-learn question

[mouss]

Drew Burchett a écrit :
> Does sa-learn read subdirectories? 

If you mean maildir folders, yes.

Re: X-Mailer: GoldMine equated as spam...

[mouss]

Ken Morley a écrit :
> 
> #anti spammer robots
> 
> /^X-Mailer: .*(PSS Bulk Mailer|ccMail
> Link|IXO-Mail|MMailer|K-ML|GoldMine|MAGIC|bomber|expeditor|Brooklyn
> North|Broadcast|DMailer|Extractor|EMailing List Pro|News
> Breaker|dbMail|Unity|PG-MAILINGLIST PRO|Dynamic|
> Splio|Sarbacane|sMailing|[EMAIL PROTECTED]|WorkZ|ABMailer|QuickSender).*$/
> REJECT Header X-Mailer indicates message sent by spambot
> 
>  
> 
> I'll remove GoldMine...

I suggest removing all these. SA is a better tool for such things.


Also, "abusive" use of postfix header checks isn't recommended.

Re: False hits on rules... But Debugging doesn't show them.(SA3.1.0)

[Hamish Marson]

On Tue, 2006-02-28 at 16:51 -0800, jdow wrote:
> From: "Hamish Marson" <[EMAIL PROTECTED]>
> 
> > On Tue, 2006-02-28 at 17:55 +, Hamish Marson wrote:
> >> I have a problem... Got  aload of complaints about emails not coming
> >> through. On investigating, I have discovered that we're getting rules
> >> such as MISSING_SUBJECT hit, where an email clearly has a subject: line
> >> in the headers. Also missing recieved header, no from_or_to etc..
> >> 
> >> So I can spamassassin -D to see why... And although those rules get
> >> listed & counted in the summary, they DON'T show up as being hit in the
> >> actual debug output.
> >> 
> >> But what I do get is a suspicious looking line about header tests...
> >> 
> >> [3317762] dbg: rules: running header regexp tests; score so far=0
> >> [3317762] warn: rules: failed to run header tests, skipping some:
> >> Illegal declaration of anonymous subroutine
> >> at /usr/local/perl-5.8.6/etc/mail/spamassassin/70_sare_genlsubj1.cf,
> >> rule SARE_SUB_GROW_BUSINESS, line 9.
> >> 
> >> 
> >> Now it started with a different sare ruleset first... Which I checked
> >> and can't see any anonymous subroutine sbeing declared... SO renamed it
> >> to see what would happen. And the problem moved to this file. Again
> >> nothing there. Especially at line 9, which just happens to be
> >> constant...
> >> 
> >> So it looks like a problem with an actual module somewhere being
> >> reported falsely as in a ruleset... 
> > 
> > Well... I've isolated it down to a ruleset (File) created locally by
> > myself... Not sure why... The file contains the following...
> > 
> > /etc/mail/spamassassin/bad# ls -l
> > total 8
> > -rw-r--r--   1 root system   131 Jan 24 14:16 01_local_drugs.cf
> > br01ai01:/etc/mail/spamassassin/bad# cat *
> > header  01_DRUGS_01 Subject =~ /Powerful/i
>   ^- Rule name begins with a numeric - bad
> > score   01_DRUGS_01 1.0
>   ^- Rule name begins with a numeric - bad
> > 
> > header  01_DRUGS_02 Subject =~ /Climaxes/i
>   ^- Rule name begins with a numeric - bad
> > score   01_DRUGS_02 3.0
>   ^- Rule name begins with a numeric - bad
> 
> Try:
> header  X01_DRUGS_01 Subject =~ /Powerful/i
> score   X01_DRUGS_01 1.0
> 
> header  X01_DRUGS_02 Subject =~ /Climaxes/i
> score   X01_DRUGS_02 3.00
> 

Doh!

Thanks for that. I didn't realise rules starting with a digit were
bad... Learn something new every day... Sadly by breaking it first of
course :)

Re: SARE_LEGIT_PAYPAL scores -0.0?

[Philip Prindeville]

David B Funk wrote:

>On Wed, 1 Mar 2006, Philip Prindeville wrote:
>
>  
>
>>Loren Wilton wrote:
>>
>>
>>
could I be doing that would avoid this sort of FP?


>>>You don't seem to be running net tests.  I see headers for both SPF and
>>>DomainKeys in that mail.  These tests should have pulled the score down by
>>>some amount if you had run them.
>>>  
>>>
>>How do you know if SPF is enabled and working?
>>
>>Hmmm...  It would be handy if someone had a mailbox set-up somewhere
>>that people
>>could send a test message to, and it would run the SPF test and include
>>the results in
>>a reply...
>>
>>-Philip
>>
>>
>
>Ask and you will receive.
>
>Send a message to "[EMAIL PROTECTED]", they test your SPF, DK, and
>Sender ID data and send back a report message with the results.
>
>Dave
>
>  
>

Ok, thanks.  And in the receiving direction, what knobs need to be
turned to enable SPF checking on incoming mail?

-Philip

Re: SARE_LEGIT_PAYPAL scores -0.0?

[David B Funk]

On Wed, 1 Mar 2006, Philip Prindeville wrote:

> Loren Wilton wrote:
>
> >>could I be doing that would avoid this sort of FP?
> >
> >You don't seem to be running net tests.  I see headers for both SPF and
> >DomainKeys in that mail.  These tests should have pulled the score down by
> >some amount if you had run them.
>
> How do you know if SPF is enabled and working?
>
> Hmmm...  It would be handy if someone had a mailbox set-up somewhere
> that people
> could send a test message to, and it would run the SPF test and include
> the results in
> a reply...
>
> -Philip

Ask and you will receive.

Send a message to "[EMAIL PROTECTED]", they test your SPF, DK, and
Sender ID data and send back a report message with the results.

Dave

-- 
Dave Funk  University of Iowa
College of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include 
Better is not better, 'standard' is better. B{

Wiki and use_terse_report

[Philip Prindeville]

I couldn't find any obvious indication of what "use_terse_report" has been
replaced with...  Anyone?

-Philip

Re: SARE_LEGIT_PAYPAL scores -0.0?

[Philip Prindeville]

Loren Wilton wrote:

>>could I be doing that would avoid this sort of FP?
>>
>>
>
>You don't seem to be running net tests.  I see headers for both SPF and
>DomainKeys in that mail.  These tests should have pulled the score down by
>some amount if you had run them.
>  
>

How do you know if SPF is enabled and working?

Hmmm...  It would be handy if someone had a mailbox set-up somewhere
that people
could send a test message to, and it would run the SPF test and include
the results in
a reply...

-Philip

RE: Problem with SA / Razor

[Drew Burchett]

Sounds like Razor2 isn't installed correctly.  I'd reinstall and see if
this clears the problem up.

-Original Message-
From: Joey [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 01, 2006 12:42 PM
To: SpamAssassin
Subject: Problem with SA / Razor

I keep getting the below message in maillog, but when I installed Razor
via
cpan, I had NO errors.

I appreciate your help...

Joey

Mar  1 13:42:50 pluto spamd[7790]: Can't locate Razor2/Client/Agent.pm
in
@INC (@INC contains: ../lib
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5
/usr/lib/perl5/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/5.8.5
/usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-th



--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for 
the sole use of the intended recipient(s) and may contain confidential and 
privileged information. Any unauthorized review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply e-mail and destroy all copies of the original 
message.

-- 
This message has been scanned for viruses and dangerous content by MailScanner 
and is believed to be clean.

Problem with SA / Razor

[Joey]

I keep getting the below message in maillog, but when I installed Razor via
cpan, I had NO errors.

I appreciate your help...

Joey

Mar  1 13:42:50 pluto spamd[7790]: Can't locate Razor2/Client/Agent.pm in
@INC (@INC contains: ../lib
/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.4 /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl/5.8.2 /usr/lib/perl5/site_perl/5.8.1
/usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
/usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-th

Re: SA-LEARN HANGING when database over 2000 SPAM messages

[Steve Thomas]

> I think it was Steve that said his database is in SQL format. How do I
> convert the spamassassin database on FreeBSD 5.4 to SQL?

I used the procedure found on this page as a guide:
http://www200.pair.com/mecham/spam/fc4-spamassassin-sql.html

RE: SA-LEARN HANGING when database over 2000 SPAM messages

[Matthew.van.Eerde]

Marc Dufresne wrote:
> I think it was Steve that said his database is in SQL format. How do I
> convert the spamassassin database on FreeBSD 5.4 to SQL?

http://wiki.apache.org/spamassassin/BetterDocumentation/SqlReadmeBayes

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer

AW: Multidomain Mailhosting on one physical host

[sa]

Lisa,
 
> Hi,
> 
> >
> > Well, lets say the hosted domains are dom1.org and dom2.org
> >
> > My problem is:
> >
> > User Sam and Joe has internet access via DSL with a dynamic ip address.
> > The
> > mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM
> because
> > the sending ip address is the dynamic dial up address.
> >
> > The same happens, if [EMAIL PROTECTED] send a mail to [EMAIL PROTECTED]
> >
> > The problem apperars only for mail traffic within the hosted domains on
> > these
> > box.
> >
> > How do I solve this problem?
> 
> If you're using Sendmail, you should have the virtual domains set up  as
> such within Sendmail (using virtusertable and genericstable maps)  and
> have
> everyone send mail through your mail server's port 25. 

I don't use sendmail. I use postfix?

> Mail shouldn't besent directly from a dynamic IP address, but rather
through the mail provider's smtp port.

In this case, I am the mail provider for these domains.

Uwe
<>

Re: SA-LEARN HANGING when database over 2000 SPAM messages

[Marc Dufresne]

I think it was Steve that said his database is in SQL format. How do I
convert the spamassassin database on FreeBSD 5.4 to SQL?

I just renamed the bayes_toks file to .org and copied a backup over.
Now sa-learn --sync and sa-learn --dump magic work.


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: [EMAIL PROTECTED]
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> "Steve Thomas" <[EMAIL PROTECTED]> 2/28/2006 1:07 PM >>>
> -rw---  1 root  wheel  549775048704 Feb 28 10:47 bayes_toks

I'll leave it to the experts to help you out here, but I would assume
that
a token db that's apparently half a terrabyte in size is a *slight*
indication of a problem somewhere... ;)



BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Marc Dufresne
TEL;WORK:613-543-3704
ORG:;Information Technology
TEL;PREF;FAX:613-543-2847
EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED]
N:Dufresne;Marc
TITLE:Corporate IT Officer
END:VCARD

RE: SA-LEARN HANGING when database over 2000 SPAM messages

[Marc Dufresne]

What are my options at this point to resolve the issue?


Marc Dufresne, Corporate IT Officer
St. Lawrence Parks Commission
13740 County Road 2
Morrisburg, ON  K0C 1X0

E-mail: [EMAIL PROTECTED]
Voice: 613-543-3704  Ext#2455
Fax: 613-543-2847
Corporate website: www.parks.on.ca

>>> <[EMAIL PROTECTED]> 2/28/2006 1:11 PM >>>
Steve Thomas wrote:
>> -rw---  1 root  wheel  549775048704 Feb 28 10:47 bayes_toks
> 
> I'll leave it to the experts to help you out here, but I would
assume
> that a token db that's apparently half a terrabyte in size is a
> *slight* indication of a problem somewhere... ;)

BerkeleyDB uses sparse files.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer
BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Marc Dufresne
TEL;WORK:613-543-3704
ORG:;Information Technology
TEL;PREF;FAX:613-543-2847
EMAIL;WORK;PREF;NGW:[EMAIL PROTECTED]
N:Dufresne;Marc
TITLE:Corporate IT Officer
END:VCARD

sa-learn question

[Drew Burchett]

Does sa-learn read subdirectories? 
If not, is there a way to make it read subdirectories?





--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.

-- 
This message has been scanned for viruses and
dangerous content by
MailScanner, and is
believed to be clean.

Automatically Updating Rules on Windows

[Bret Miller]

Thanks to a recent post with a sample of how to download rules in Perl,
I managed to create a nice perl-based updating tool for SARE rules. Why?
Because for a lot of Windows admins, setting up a CYGWIN environment for
RulesDuJour was daunting.

I had a previous example of a Windows-based tool, but it required a lot
of setup work. We needed a simple, easy-to-use tool for this. So, here
it is.

This tool requires creating a working directory for downloading the
rules, setting some configuration information at the top of the script,
and scheduling the batch file. There's a readme file included with some
minimal information about the process.

Actually, since some of our list members prefer I don't attach this
stuff, you can get it from my mail tools page at
http://webmail.wcg.org/~support or directly
http://webmail.wcg.org/~support/RulesUpdater.zip.

I'd consider this pre-release as I've only done minimal testing to make
sure it works as I expect it to. But I probably won't do any more work
on it unless someone else suggests it needs fixing or enhancement. So,
feel free to try it out...

And as usual, YMMV.

Bret

Re: General assistance

[DAve]

Chris Santerre wrote:

I would like to make a quick comment to everyone who has helped in this
thread:

Great job. Seriously. Some good answers here. Can we we all take a minute to
make sure these answers are posted somewhere on the SA wiki's for future
reference? Its been a while since we had a push for additions.

http://wiki.apache.org/spamassassin/
and
http://www.exit0.us/

Your chance to preserve your helpful info in the anals of history. (That
almost sounds painful!)

Thanks!

Chris Santerre


Chris and all,

I apologize for being so slow in getting to this, things came up.

I found a page in the Wiki I had not seen, and could not find a link 
for, titled FasterPerformance. It gives an explanation of the DNS cache 
solution. I saw no sense in rewriting an already excellent text.


I also added a page titled ChooseYourRules with my thoughts.

Both pages are now linked under "Performance Tips" at 
http://wiki.apache.org/spamassassin/UsingSpamAssassin


DAve

--
This message was checked by forty monkeys and
found to not contain any SPAM whatsoever.

Your monkeys may vary

Re: X-Mailer: GoldMine equated as spam...

[Ken Morley]

Scott Russell wrote:

> No. If this was amavisd or
spamd it would be logged as such. This is postfix header checks rejecting the

> message. Check your postfix
config.

 

Thanks for the quick and accurate reply Scott!

 

I checked /etc/postfix/header_checks and found:

 

#anti spammer robots

/^X-Mailer: .*(PSS Bulk Mailer|ccMail
Link|IXO-Mail|MMailer|K-ML|GoldMine|MAGIC|bomber|expeditor|Brooklyn
North|Broadcast|DMailer|Extractor|EMailing List Pro|News
Breaker|dbMail|Unity|PG-MAILINGLIST PRO|Dynamic|
Splio|Sarbacane|sMailing|[EMAIL PROTECTED]|WorkZ|ABMailer|QuickSender).*$/ REJECT
Header X-Mailer indicates message sent by spambot

 

I’ll remove GoldMine…

 

Thanks again for the assistance and I apologize for being OT
on this one.

 

Ken Morley

 

Re: X-Mailer: GoldMine equated as spam...

[Scott Russell]

Ken Morley wrote:

Here's what shows in our maillog:

Feb 28 14:07:49 maildrop postfix/cleanup[6597]: 2428D5A0004: reject: 
header X-Mailer: GoldMine [6.50.31113] from s16.vom.com[63.145.240.14]; 
from=<[EMAIL PROTECTED] > 
[EMAIL PROTECTED]  
proto=SMTP helo=: Header X-Mailer indicates message sent 
by spambot
Feb 28 16:38:27 maildrop postfix/cleanup[6929]: D60665A0004: reject: 
header X-Mailer: GoldMine [6.50.31113] from mail.vom.com[63.145.240.4]; 
from=<[EMAIL PROTECTED] > to=recipient 
@recipientzdomain 
 proto=SMTP helo=: 
Header X-Mailer indicates message sent by spambot



I am guessing that our PostFix rejected the message based on 
SpamAssassin's analysis.


No. If this was amavisd or spamd it would be logged as such. This is 
postfix header checks rejecting the message. Check your postfix config.


--
Scott Russell <[EMAIL PROTECTED]>
IBM Linux Technology Center

RE: SORBS unreasonable

[Shayne Lebrun]

> jdow wrote:
> > Extortion means extracting funds by some form of criminal means.
> > Extortion in the form of, pay or we block access to your business,
> > is as wrong as "pay or we'll break your legs."
> >
> > {^_^}
>
> SORBS isn't blocking access to anybody's business.  The worst
> they could be accused of is slander.


Begin old-fashioned gangster movie accent!

Wooow!  Dis is a VERY nice email setup you have here! Isn't dis a nice email
setup, Rocco?  Yeah, a very nice email setup indeed.  Tell me, have you ever
considered buying, shall we say, INSURANCE for dis very nice email setup you
have here?  Never can tell when something BAD might happen to a very nice
email set up.  Now, we're not saying that anything bad WOULD happen, no sir!
We certainly wouldn't DO anything bad.  But we DO keep a list of who HASN'T
payed their insurance, and who we therefore don't consider to be under our
PROTECTION, capiche?

End old-fashioned ganster movie accent!

Me, I've had good experiences with SORBS, and I've had bad experiences with
SORBS.

Re: Failed to parse line...

[Ken Morley]

Drew Burchett wrote:

> I made this same mistake yesterday. 
Turned out that I hadn’t enabled razor in v310.pre.

 

Thanks very much for the reply Drew!

 

I found that the line loading the Razor plug-in in v310.pre
was commented out:

 

# Razor2 - perform Razor2 message checks.

#

# Razor2 is disabled here because it is not available for
unlimited free

# use.  It is currently free for personal use, subject to
capacity

# constraints.  See the Cloudmark SpamNet Service Policy for
more details.

#

# loadplugin Mail::SpamAssassin::Plugin::Razor2

 

Uncommenting the last line fixed the issue.

 

Re: X-Mailer: GoldMine equated as spam...

[Ken Morley]

 

"Tim Jackson" <[EMAIL PROTECTED]>
wrote in message news:[EMAIL PROTECTED]...

Ø   That message
hasn't come from SpamAssassin, it's from an MTA. Either you 
> have something in your MTA config that is doing it, or it's been 
> rejected by a mailserver before it gets to you (check your logs to see 
> if it made it as far as you).
> 
> Tim

Ø    

In the interest of brevity, I did not include the entire NDR
and I omitted some of the story.  However, based on the host names and IP
addresses in the NDR, I have little doubt that the sender's mail server was
speaking to our mailfilter when the message was rejected.  

 

Here's what shows in our maillog:

Feb 28 14:07:49 maildrop postfix/cleanup[6597]: 2428D5A0004:
reject: header X-Mailer: GoldMine [6.50.31113] from s16.vom.com[63.145.240.14];
from=<[EMAIL PROTECTED]> to=[EMAIL PROTECTED] proto=SMTP
helo=: Header X-Mailer indicates message sent by spambot
Feb 28 16:38:27 maildrop postfix/cleanup[6929]: D60665A0004: reject: header
X-Mailer: GoldMine [6.50.31113] from mail.vom.com[63.145.240.4]; from=<[EMAIL PROTECTED]> to=recipient@recipientzdomain proto=SMTP
helo=: Header X-Mailer indicates message sent by spambot

 

I am guessing that our PostFix rejected the message based on
SpamAssassin's analysis.

 

Thanks!

 

Re: Multidomain Mailhosting on one physical host

[Uwe Kiewel]

On Wednesday 01 March 2006 12:21, you wrote:
> Have you tried whitelisting the problem addresses?
>
> whitelist_from [EMAIL PROTECTED]
>

In this case, what happens, if a spammer fake the "from" and use the 
whitelisted address?

Uwe

Re: X-Mailer: GoldMine equated as spam...

[Tim Jackson]

Ken Morley wrote:

I have had a complaint about a message sent using GoldMine being 
rejected. The NDR included "Remote host said: 550 Error: Header X-Mailer 
indicates message sent by spambot".


That message hasn't come from SpamAssassin, it's from an MTA. Either you 
have something in your MTA config that is doing it, or it's been 
rejected by a mailserver before it gets to you (check your logs to see 
if it made it as far as you).


Tim

Failed to parse line...

[Ken Morley]

I have a mailfilter running RedHat ES3, Postfix 2.2.8 (chroooted),
amavis-d, SpamAssassin, etc. and it is generally working very well.

When I "spamassassin -D --lint" I see:

[7670] dbg: plugin: registered 
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8edd2c0)

[7670] info: config: failed to parse line, skipping: razor_config 
/var/amavis/.razor/razor-agent.conf
[7670] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x8edd2c0) 
implements 'finish_parsing_end'

/var/amavis directory, subdirectories and all files are owned by user and group
amavis and have permissions set at 750.  I can successfully "cat
 /var/amavis/.razor/razor-agent.conf".  Why does SA fail to
parse the line?

Thanks!

Ken Morley

X-Mailer: GoldMine equated as spam...

[Ken Morley]

I have a mailfilter running RedHat ES3, Postfix 2.2.8
(chroooted), amavis-d, SpamAssassin, etc. and it is generally working very
well.

I have had a complaint about a message sent using GoldMine being rejected. The
NDR included "Remote host said: 550 Error: Header X-Mailer indicates message
sent by spambot".

The X-Mailer tag was "X-Mailer: GoldMine [6.50.31113]" and, in this
case, it's definitely not spam.  I have searched and cannot find the rule responsible
for this.  Does anyone know where this rule exists and/or how to disable
it?

 

This rule seems a little too general as many legitimate messages
are originated from GoldMine's MUA.

Thanks!

Ken Morley

Re: UNWANTED_LANGUAGE_BODY gives different scores

[Loren Wilton]

> X-Spam-Status: No, score=1.8 required=5.0 tests=AWL,BAYES_00,HTML_40_50,
> HTML_LINK_PUSH_HERE,HTML_MESSAGE,UNWANTED_LANGUAGE_BODY autolearn=no
> version=3.1.0
> 
>
> You see: UNWANTED_LANGUAGE_BODY rule applies to this message, but does
> not give the desired score, otherwise the score would be >= 4.5 and not
> 1.8. Or do you see anything here that could give a *negative* score?!

At least two things.  BAYES_00 is probably about -3 points on your system,
it indicates the message is pure ham.  The AWL score could be positive or
negative, and could have quite large values in either direction.  You would
have to compute the exact score in this case based on the total score and
the score for each rule.

Loren

Re: Spamassassin behavior

[Matt Kettler]

Alan Au wrote:
> Hi Mr. Matt,
>  
> Thanks a lot for replying me. I have some thing to clarify. Please see
> below :
>  
> We forward a wrongly classifed email as attachement (RFC822) . Will it
> be OK for SpamAssassin to learn?
If you strip the attachment and feed that to SA, yes.

If you feed the forwarded message with the attachment on it, no..

RE: Spamassasin on Ubuntu with VHCS

[James Smith]

> You need to add the "universe" repository.  As to how you do 
> this -- I'd suggest asking on an Ubuntu forum -- this is an 
> issue with your apt setup, not SpamAssassin itself.

Thanks, added the new repositories and it now looks to be working.

--
Jay

Re: Spamassasin on Ubuntu with VHCS

[Justin Mason]

You need to add the "universe" repository.  As to how you do this -- I'd
suggest asking on an Ubuntu forum -- this is an issue with your apt setup,
not SpamAssassin itself.

--j.

James Smith writes:
> I need to get spamassasin installed and working on Ubuntu with VHCS.  I have
> googled this and found a tutorial or two all of which start with the same
> line...
> 
> apt-get install clamav clamav-daemon amavisd-new spamassassin
> 
> Unfortunately this bombes out immediately with the error...
> 
> --
> Reading package lists... Done
> Building dependency tree... Done
> Package clamav is not available, but is referred to by another package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
> Release i386 (20051012) breezy/main Packages
> (/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
> 86%20(20051012)_dists_breezy_main_binary-i386_Packages) - stat (2 No such
> file or directory)
> W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
> Release i386 (20051012) breezy/restricted Packages
> (/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
> 86%20(20051012)_dists_breezy_restricted_binary-i386_Packages) - stat (2 No
> such file or directory)
> W: You may want to run apt-get update to correct these problems
> E: Package clamav has no installation candidate
> --
> 
> Skipping clamav and using "apt-get install spamassassin" instead gives
> 
> --
> Reading package lists... Done
> Building dependency tree... Done
> Package spamassassin is not available, but is referred to by another
> package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
> Release i386 (20051012) breezy/main Packages
> (/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
> 86%20(20051012)_dists_breezy_main_binary-i386_Packages) - stat (2 No such
> file or directory)
> W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
> Release i386 (20051012) breezy/restricted Packages
> (/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
> 86%20(20051012)_dists_breezy_restricted_binary-i386_Packages) - stat (2 No
> such file or directory)
> W: You may want to run apt-get update to correct these problems
> E: Package spamassassin has no installation candidate
> --
> 
> Trying "apt-get update" downloads a few files (the biggest of which is only
> 40k) and then fails with a similar error
> 
> --
> W: You may want to run apt-get update to correct these problems
> E: Some index files failed to download, they have been ignored, or old ones
> used instead.
> --
> 
> Does anyone have any ideas how to solve this?
> 
> --
> James Smith

How to deinstall the old version of Spamassassin [v2.43] if I can't do it by make && make deinstall???

[Zarshedi H. Ismoilzoda]

My FreeBSD version is 5.3. 

I’m not familiar with Linux just learning it. 

I installed Spamassassin [v2.43] but that version was old
and I downloaded the new one [v 3.1.0] and installed manually.

Now it is not correctly functioning because I didn’t
deinstall the previous [v2.43].

How can I solve this problem???

May I deinstall manually or clear everything connected with
Spamassassin [v2.43] from my OS so that I could install new (well functioning)
version of it???

Please help… 

Spamassasin on Ubuntu with VHCS

[James Smith]

I need to get spamassasin installed and working on Ubuntu with VHCS.  I have
googled this and found a tutorial or two all of which start with the same
line...

apt-get install clamav clamav-daemon amavisd-new spamassassin

Unfortunately this bombes out immediately with the error...

--
Reading package lists... Done
Building dependency tree... Done
Package clamav is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
Release i386 (20051012) breezy/main Packages
(/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
86%20(20051012)_dists_breezy_main_binary-i386_Packages) - stat (2 No such
file or directory)
W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
Release i386 (20051012) breezy/restricted Packages
(/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
86%20(20051012)_dists_breezy_restricted_binary-i386_Packages) - stat (2 No
such file or directory)
W: You may want to run apt-get update to correct these problems
E: Package clamav has no installation candidate
--

Skipping clamav and using "apt-get install spamassassin" instead gives

--
Reading package lists... Done
Building dependency tree... Done
Package spamassassin is not available, but is referred to by another
package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
Release i386 (20051012) breezy/main Packages
(/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
86%20(20051012)_dists_breezy_main_binary-i386_Packages) - stat (2 No such
file or directory)
W: Couldn't stat source package list cdrom://Ubuntu 5.10 _Breezy Badger_ -
Release i386 (20051012) breezy/restricted Packages
(/var/lib/apt/lists/Ubuntu%205.10%20%5fBreezy%20Badger%5f%20-%20Release%20i3
86%20(20051012)_dists_breezy_restricted_binary-i386_Packages) - stat (2 No
such file or directory)
W: You may want to run apt-get update to correct these problems
E: Package spamassassin has no installation candidate
--

Trying "apt-get update" downloads a few files (the biggest of which is only
40k) and then fails with a similar error

--
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old ones
used instead.
--

Does anyone have any ideas how to solve this?

--
James Smith

Multidomain Mailhosting on one physical host

[Uwe Kiewel]

Hi there,

on my server, there are two mail domains hostet. Spam and virus check is done 
by amavis. Amavis uses SpamAssassin 3.1 and H+BEDV Antivir in current 
versions.
The administration front end for SpamAssassin is MaiaMailguard

Well, lets say the hosted domains are dom1.org and dom2.org

My problem is:

User Sam and Joe has internet access via DSL with a dynamic ip address. The 
mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM 
because 
the sending ip address is the dynamic dial up address.

The same happens, if [EMAIL PROTECTED] send a mail to [EMAIL PROTECTED]

The problem apperars only for mail traffic within the hosted domains on these 
box.

How do I solve this problem?


Uwe

Re: FP on URIBL_JP_SURBL + URIBL_SBL

[Jeff Chan]

On Monday, February 27, 2006, 10:27:59 AM, Dave Pooser wrote:
> So I noticed some messages from one of my mailing lists landed in the ol'
> spambucket; there was a URI in there for 4dquiz-com (dot instead of dash)
> and it hit on URIBL_JP_SURBL and URIBL_SBL which scored enough to override
> BAYES_00. Problem is, as best I can tell it's not on the SBL:
> [dave:~] bubbadv% dig +short 4dquiz[-]com
> 83.104.129.88
> [dave:~] bubbadv% dig +short 88.129.104.83.sbl.spamhaus.org
> [dave:~] bubbadv% 

> (I'll take up the jp.surbl.org FP separately, as it's at least a listing,
> albeit IMHO unwarranted.)

> I'm running SA 3.1.on Mac OS X 10.3.9 with Perl 5.8.1-RC3; I know there was
> a URI bug with SA 3.0 but I should be safe from that.

> Any thoughts?

We're checking this one, but if you find any FPs on SURBLs, would
you please report them to:

  whitelist at surbl. org

Same goes for everyone else.  If you use SURBL data, please help us
improve them by reporting FPs.  It benefits the whole community
of SURBL users when you do that.

Cheers,

Jeff C.
-- 
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/

Re: Spamassassin does not learn

[Chris Purves]

Egoitz Aurrekoetxea Aurre wrote:

First of all I don't understand how spamd and spamc work... I use spampd
to act as smtp proxy for spamassassin, and I've uninstalled the exim4 fro
the machine. Could anyone give me a link or an explanation of this? I'm
very newbie; I've got the default configuration for spamassassin and
spampd. I think I don't use spamc... what's the really use of spamc? must
it work together in the machine with an mta? I tell this because its an
smtp proxy in wich I have clamsmtp and spampd this last obviously runs
with spamassassin but nothing else... what should I do?

Spamc works with spamd.  Spamc is the command that actually checks the 
message.  "spamc < some_message" will scan some_message the same as 
"spamassassin < some_message" would.  The difference is that spamc works 
with spamd which has already loaded spamassassin into memory, so it is 
faster than using the "spamassassin" command.


I recommend installing sa-exim (apt-get install sa-exim), which will 
nicely tie spamassassin into exim4 and allow you to reject messages with 
high spam scores.




--
Good day, eh.
Chris

How to deinstall the old version of Spamassassin [v2.43] if I can't do it by make && make deinstall???

[Zarshedi H. Ismoilzoda]

My FreeBSD version is 5.3. 

I’m not familiar with Linux just learning it. 

I installed Spamassassin [v2.43] but that version was old
and I downloaded the new one [v 3.1.0] and installed manually.

Now it is not correctly functioning because I didn’t deinstall
the previous [v2.43].

How can I solve this problem???

May I deinstall manually or clear everything connected with
Spamassassin [v2.43] from my OS so that I could install new (well functioning)
version of it???

Please help… 

 

Re: UNWANTED_LANGUAGE_BODY gives different scores

[nick]

Gerhard Hofmann wrote:

Hi all,

we are a German company and 99 per cent of our daily email communication 
is in German language. There is only a very small amount of legitimate 
English email coming from some well known sources (mailing lists like 
[EMAIL PROTECTED], [EMAIL PROTECTED] and so on), any other non-German email 
can be considered as spam.


Excerpt from local.cf:
required_score 5.0
...
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
...
ok_languagesde
...
score UNWANTED_LANGUAGE_BODY 4.5 4.5 4.5 4.5
...

SA version is 3.1.

All messages scored >= 5.0 are moved to a separate email account, we 
have had only very few false positives so far. I can see that many 
messages are correctly caught as spam because of UNWANTED_LANGUAGE_BODY 
rule.


But there are also some messages where UNWANTED_LANGUAGE_BODY rule is 
applied but with a too low score, example:


X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on iserv.planat.de
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=5.0 tests=AWL,BAYES_00,HTML_40_50,
HTML_LINK_PUSH_HERE,HTML_MESSAGE,UNWANTED_LANGUAGE_BODY autolearn=no
version=3.1.0


You see: UNWANTED_LANGUAGE_BODY rule applies to this message, but does 
not give the desired score, otherwise the score would be >= 4.5 and not 
1.8. Or do you see anything here that could give a *negative* score?!


TIA
Gerhard


AWL is auto white list, and Bayes_00 should reduce the score also I think.

UNWANTED_LANGUAGE_BODY gives different scores

[Gerhard Hofmann]

Hi all,

we are a German company and 99 per cent of our daily email communication 
is in German language. There is only a very small amount of legitimate 
English email coming from some well known sources (mailing lists like 
[EMAIL PROTECTED], [EMAIL PROTECTED] and so on), any other non-German email 
can be considered as spam.


Excerpt from local.cf:
required_score 5.0
...
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
...
ok_languagesde
...
score UNWANTED_LANGUAGE_BODY 4.5 4.5 4.5 4.5
...

SA version is 3.1.

All messages scored >= 5.0 are moved to a separate email account, we 
have had only very few false positives so far. I can see that many 
messages are correctly caught as spam because of UNWANTED_LANGUAGE_BODY 
rule.


But there are also some messages where UNWANTED_LANGUAGE_BODY rule is 
applied but with a too low score, example:


X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on iserv.planat.de
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=5.0 tests=AWL,BAYES_00,HTML_40_50,
HTML_LINK_PUSH_HERE,HTML_MESSAGE,UNWANTED_LANGUAGE_BODY autolearn=no
version=3.1.0


You see: UNWANTED_LANGUAGE_BODY rule applies to this message, but does 
not give the desired score, otherwise the score would be >= 4.5 and not 
1.8. Or do you see anything here that could give a *negative* score?!


TIA
Gerhard

Re: Spamassassin behavior

[jdow]

Maybe.
If the ENTIRE email is attached, all header lines and all body lines, in a
format that can be easily extracted then "yes" is a possibility. You will
probably have to write the automatic extraction tool to get the attachment
out of the forwarded email and feed it to salearn.

{^_^}
- Original Message - 
From: "Alan Au" <[EMAIL PROTECTED]>




Hi Mr. Matt,

 Thanks a lot for replying me. I have some thing to clarify. Please see below :

 We forward a wrongly classifed email as attachement (RFC822) . Will it be OK for 
SpamAssassin to learn?


 Regards,

 Alan


Matt Kettler <[EMAIL PROTECTED]> wrote:
   Alan Au wrote:

Hi all,

In :
http://wiki.apache.org/spamassassin/BayesInSpamAssassin, it is stated
that :

It's OK to feed emails with Spamassassin markup into the sa-learn
command -- sa-learn will ignore any standard Spamassassin headers, and
if the original email has been encapsulated into an attachment it will
decapsulate the email. In other words sa-learn will undo any changes
which Spamassassin has done before learning the spam/ham character of
the email.



I would like to know that if we forward an email which is not
classified as spam to Spamassassin for it to learn, the reported spam
will be enclosed with my new header information like the sender.


In short: No, you can't learn from forwarded email.







SpamAssassin learns from the headers of a message, as well as the body.
It needs the original headers.

SA can undo it's own markups, because it knows what it added, but
recovering the original headers and message body from a forwarded
message is impossible. When you forward mail, the client completely
destroys and replaces the headers. That's 100% unrecoverable because the
original information is no longer there.


Your mail client also re-encodes the body, and may drop whole mime
sections when you forward a message. This is very common if the message
is a multipart/alterative, the forward will drop the original text/plain
and create a new text/plain based on the content of the text/html
section. A lot of spam contains text/plain sections with different
content from the text/html section in a foolish attempt to create bayes
poison.




I would like to ask if the above quote are still valid for
Spamassassin 2.6.3. Sorry, I should not ask this question. But, I
really need to know about this as we are using this version of
Spamassassin under Mdaemon.

You really should not be using SA 2.63. It is vulnerable to a remotely
exploitable DOS attack. All someone needs to do is email you a malformed
message to exploit this.

If you're using a distro-package, check with your distribution's package
release notes to make sure they've backported the security fixes from
2.64. If you're using the official source, at minimum upgrade to 2.64 ASAP.





-
Yahoo! Mail
Bring photos to life! New PhotoMail  makes sharing a breeze.