RE: bayes DBM versus SQL

[Gary W. Smith]

DBM is fine for small installations but if you need to scale up then SQL
will allow for a consolidate database across multiple machine.

We use it on a decent size platform (multiple front end relays, multiple
sa boxes and a clustered MySQL instance).  It works well for us.

For bayes training, we use a separate linux workstation and just point
it to the master database.  This gives us the ability to do tasks
without impacting the overall SA boxes.



 -Original Message-
 From: Webmaster [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, March 01, 2006 11:59 PM
 To: users@spamassassin.apache.org
 Subject: bayes DBM versus SQL
 
 Those of you you have used both native DBM and new SQL bayesian,
 can you comment on benefits of one versus the other please.
 
 Much appreciated!

Re: Automatically Updating Rules on Windows

[Jeremy]

I use SpamAssassin on Windows with no Perl/CYGWIN environment (via MDaemon) 
which means I can't use RDJ, so I found and customised a reasonably advanced 
batch file which automatically checks for newer versions of the SA rules I 
want, and downloads them if there are new versions available for download - 
complete with logging and optional email reports. Works very well for me - 
I'd be happy to make it available if anyone was interested...

Cheers,
Jeremy



jdow [EMAIL PROTECTED] wrote in message 
news:[EMAIL PROTECTED]
 Heh, I built my own bash script for updating. It is rude, crude, and
 effective. If somebody develops an irrational ideological repulsion to
 RDJ I can share it. I'd recommend RDJ. I'm just a hard core reactionary
 who developed her script about the time RDJ was developed. I stopped
 when it was enough for me. RDJ kept developing.

 {^_-}
 - Original Message - 
 From: Bret Miller [EMAIL PROTECTED]

 Thanks to a recent post with a sample of how to download rules in Perl,
 I managed to create a nice perl-based updating tool for SARE rules. Why?
 Because for a lot of Windows admins, setting up a CYGWIN environment for
 RulesDuJour was daunting.

 I had a previous example of a Windows-based tool, but it required a lot
 of setup work. We needed a simple, easy-to-use tool for this. So, here
 it is.

 This tool requires creating a working directory for downloading the
 rules, setting some configuration information at the top of the script,
 and scheduling the batch file. There's a readme file included with some
 minimal information about the process.

 Actually, since some of our list members prefer I don't attach this
 stuff, you can get it from my mail tools page at
 http://webmail.wcg.org/~support or directly
 http://webmail.wcg.org/~support/RulesUpdater.zip.
 I'd consider this pre-release as I've only done minimal testing to make
 sure it works as I expect it to. But I probably won't do any more work
 on it unless someone else suggests it needs fixing or enhancement. So,
 feel free to try it out...

 And as usual, YMMV.

 Bret


 

Re: X-Mailer: GoldMine equated as spam...

[Loren Wilton]

 I am guessing that our PostFix rejected the message based on
SpamAssassin's analysis.

Quite possibly true.  However, since there is no stock rule for Goldmine
that I'm aware of, this would indicate you have a custom local rule
objecting to the X-Mailer line.  Adjusting it as you desire should be easy.

Loren

URIBL_SBL

[Cami]

Hi All,

A specific message is hitting the following rule:

*   5  URIBL_SBL Contains an URL listed in the SBL blocklist
*  [URIs: annealbatross.org]

The sender would like to know how to fix it and i
am unable to find any reference anywhere on the
procedure stating how to go about it.

Cami

Re: bayes DBM versus SQL

[Steven Stern]

Webmaster wrote:
Those of you you have used both native DBM and new SQL bayesian, 
can you comment on benefits of one versus the other please.


Much appreciated!



I  have three MX servers fronting our Exchange box.  The fastest of the 
MX servers is also handling the MySQL server for both bayes and AWL. 
It's surprisingly fast and all three boxes are working from the same set 
of information so the path the mail takes doesn't affect scoring.  Most 
of the spam comes through the non-preferred MX server.


--

  Steve

SpamAssassin tested by lwn.net

[Michael Monnerie]

http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/

They are wondering why bayes_99 is not given 5 points by default, as it 
seems to have no FP.

mfg zmi
-- 
// Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
// http://zmi.at   Tel: 0660/4156531  Linux 2.6.11
// PGP Key:   lynx -source http://zmi.at/zmi2.asc | gpg --import
// Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
// Keyserver: www.keyserver.net Key-ID: 0x70545879


pgpoXabRvtU40.pgp
Description: PGP signature

Re: URIBL_SBL

[Dojja]

Cami wrote:

 Hi All,

 A specific message is hitting the following rule:

 *   5  URIBL_SBL Contains an URL listed in the SBL blocklist
 *  [URIs: annealbatross.org]

 The sender would like to know how to fix it and i
 am unable to find any reference anywhere on the
 procedure stating how to go about it.

 Cami

Hi.
Look at ther homepage, under FAQ.
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137

/Dojja

Re: URIBL_SBL

[List Mail User]

Hi All,

A specific message is hitting the following rule:

 *   5  URIBL_SBL Contains an URL listed in the SBL blocklist
 *  [URIs: annealbatross.org]

The sender would like to know how to fix it and i
am unable to find any reference anywhere on the
procedure stating how to go about it.

Cami


Well, there is at least one easy way, one hard way, and one right
way (which may be none of the others).

One of the above would be to call Anne Gray at +27.218554201 (in
your country) and ask her why she is doing business with a Canadian firm
that supports phishing operations - See:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35748

Note also that netfirms is possibly tainted merely by being on Big Pipe
and thus suspect no matter what they do.  (Now that they seem to be owned
by Shaw Cable, things might get better, or we might just have the Canadian
version of UUNET/MCI AS701.)

Any other methods remain an exercise for the reader.

Paul Shupak
[EMAIL PROTECTED]

RE: question on training spamassassin

[Bowie Bailey]

Webmaster wrote:
 From: Matt Kettler [mailto:[EMAIL PROTECTED]
  
  Jeff Portwine wrote:
   Hmm.. I don't quite understand this.At my company, we forward
   any spam that gets through to [EMAIL PROTECTED] and any ham marked
   as spam to [EMAIL PROTECTED] ... this was set up long ago before
   I even started working here and the spam filter worked really
   well.   Recently our bayes database was broken and I ended up
   clearing it and retraining it with old spam and ham.   Since that
   time a lot of spams that were getting through STOPPED getting
   through after a couple of days of forwarding them to the spam
   address... and I haven't seen any false spams.So it seems
   like it does work for us, but you're saying it shouldn't ?
  
  Correct. It shouldn't work very well.
  
  Also if your users are only or mostly forwarding spam, SA's
  bayes is going to have a bayes bias that all messages
  forwarded by your mail clients are spam, regardless of content.
  
  
 
 Does this also mean that it is almost useless to share bayes from
 one server to the next if each server has its own set of hosted
 domains ?
 Because if the headers play such an important role, spams targetting
 different sets of domains, I assume, are learned differently.

Not really.  The main use for the headers is to tell where the message
came from.  The final destination only shows up in one header and is
not as important.  The problem with forwarding messages into Bayes is
that you lose all of the information relating to the servers the mail
passed through on it's way to you.

Bayes works best on a per-user basis since everyone gets different
types of spam and ham email.  But if you can't (or don't want to) do
it that way, it will also work just fine as a site-wide database.

-- 
Bowie

RE: SpamAssassin tested by lwn.net

[Martin Hepworth]

Seems to produce != doesn't ever.

Depends on your config, but I think the developers err on the side of
caution a little and don't have single test score that would trigger go over
the default 'is spam' limit.

Could be wrong - frequently am...

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

 -Original Message-
 From: Michael Monnerie [mailto:[EMAIL PROTECTED]
 Sent: 02 March 2006 13:21
 To: users@spamassassin.apache.org
 Subject: SpamAssassin tested by lwn.net
 
 http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/
 
 They are wondering why bayes_99 is not given 5 points by default, as it
 seems to have no FP.
 
 mfg zmi
 --
 // Michael Monnerie, Ing.BSc  ---   it-management Michael Monnerie
 // http://zmi.at   Tel: 0660/4156531  Linux 2.6.11
 // PGP Key:   lynx -source http://zmi.at/zmi2.asc | gpg --import
 // Fingerprint: EB93 ED8A 1DCD BB6C F952  F7F4 3911 B933 7054 5879
 // Keyserver: www.keyserver.net Key-ID: 0x70545879


**

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.   

**

Re: SpamAssassin tested by lwn.net

[Matt Kettler]

Michael Monnerie wrote:
 http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/

 They are wondering why bayes_99 is not given 5 points by default, as it 
 seems to have no FP.

Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality,
it does a lot better than that.

However, in the SA 3.1.0 set3 mass checks it still managed to match
about 21 messages in the nonspam test set:

OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
 176869   123778530910.700   0.000.00  (all messages)
60.712  86.7351   0.03961.000   0.903.50  BAYES_99


SA's scores aren't based on human assumptions about how the rules
behave. They are based on real-world testing and a perceptron
score-fitting system that accounts not only for the hit-rate of the
rule, but also for the combinations of rules that it tends to match
with. Often the reality is a lot more complex than you think.

Re: URIBL_SBL

[Cami]

Dojja wrote:

Cami wrote:


A specific message is hitting the following rule:

   *   5  URIBL_SBL Contains an URL listed in the SBL blocklist
   *  [URIs: annealbatross.org]

The sender would like to know how to fix it and i
am unable to find any reference anywhere on the
procedure stating how to go about it.


Look at ther homepage, under FAQ.
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137


This is not clear at all, i can not see what list it is on
because it does not mention what ip address has been blacklisted.
All it mentions is the URL is blocked but when to check on the
site, the ip address in question is not blocked at all.

Cami

RE: URIBL_SBL

[Chris Santerre]

Title: RE: URIBL_SBL







 -Original Message-
 From: Cami [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 02, 2006 9:45 AM
 To: Spamassasin Users List
 Subject: Re: URIBL_SBL
 
 
 Dojja wrote:
  Cami wrote:
  
 A specific message is hitting the following rule:
 
  * 5 URIBL_SBL Contains an URL listed in the SBL blocklist
  * [URIs: annealbatross.org]
 
 The sender would like to know how to fix it and i
 am unable to find any reference anywhere on the
 procedure stating how to go about it.
 
  Look at ther homepage, under FAQ.
  http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137
 
 This is not clear at all, i can not see what list it is on
 because it does not mention what ip address has been blacklisted.
 All it mentions is the URL is blocked but when to check on the
 site, the ip address in question is not blocked at all.
 
 Cami


I don't see the IP listed on anywhere but Blars. 


Non-authoritative answer:
Name: ANNEALBATROSS.ORG
Address: 64.34.66.18


64.34.66.18 has no reverse DNS entry; some mail servers may not accept your mail.


--Chris

RE: Automatically Updating Rules on Windows

[Chris Santerre]

Title: RE: Automatically Updating Rules on Windows





All three of you should add them to the www.exit0.us wiki!!


And also, bring me a shrubery!


--Chris 


 -Original Message-
 From: Jeremy [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 02, 2006 4:25 AM
 To: users@spamassassin.apache.org
 Subject: Re: Automatically Updating Rules on Windows
 
 
 I use SpamAssassin on Windows with no Perl/CYGWIN environment 
 (via MDaemon) 
 which means I can't use RDJ, so I found and customised a 
 reasonably advanced 
 batch file which automatically checks for newer versions of 
 the SA rules I 
 want, and downloads them if there are new versions available 
 for download - 
 complete with logging and optional email reports. Works very 
 well for me - 
 I'd be happy to make it available if anyone was interested...
 
 Cheers,
 Jeremy
 
 
 
 jdow [EMAIL PROTECTED] wrote in message 
 news:[EMAIL PROTECTED]...
  Heh, I built my own bash script for updating. It is rude, crude, and
  effective. If somebody develops an irrational ideological 
 repulsion to
  RDJ I can share it. I'd recommend RDJ. I'm just a hard core 
 reactionary
  who developed her script about the time RDJ was developed. I stopped
  when it was enough for me. RDJ kept developing.
 
  {^_-}
  - Original Message - 
  From: Bret Miller [EMAIL PROTECTED]
 
  Thanks to a recent post with a sample of how to download 
 rules in Perl,
  I managed to create a nice perl-based updating tool for 
 SARE rules. Why?
  Because for a lot of Windows admins, setting up a CYGWIN 
 environment for
  RulesDuJour was daunting.
 
  I had a previous example of a Windows-based tool, but it 
 required a lot
  of setup work. We needed a simple, easy-to-use tool for 
 this. So, here
  it is.
 
  This tool requires creating a working directory for downloading the
  rules, setting some configuration information at the top of 
 the script,
  and scheduling the batch file. There's a readme file 
 included with some
  minimal information about the process.
 
  Actually, since some of our list members prefer I don't attach this
  stuff, you can get it from my mail tools page at
  http://webmail.wcg.org/~support or directly
  http://webmail.wcg.org/~support/RulesUpdater.zip.
  I'd consider this pre-release as I've only done minimal 
 testing to make
  sure it works as I expect it to. But I probably won't do 
 any more work
  on it unless someone else suggests it needs fixing or 
 enhancement. So,
  feel free to try it out...
 
  And as usual, YMMV.
 
  Bret
 
 
  
 
 
 

Re: Automatically Updating Rules on Windows

[mouss]

Jeremy a écrit :
 I use SpamAssassin on Windows with no Perl/CYGWIN environment 

do you mean you managed to run SA without perl? if so, how?

Re: SpamAssassin tested by lwn.net

[Justin Mason]

Matt Kettler writes:
 Michael Monnerie wrote:
  http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/
 
  They are wondering why bayes_99 is not given 5 points by default, as it 
  seems to have no FP.
 
 Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality,
 it does a lot better than that.
 
 However, in the SA 3.1.0 set3 mass checks it still managed to match
 about 21 messages in the nonspam test set:
 
 OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
  176869   123778530910.700   0.000.00  (all messages)
 60.712  86.7351   0.03961.000   0.903.50  BAYES_99
 
 SA's scores aren't based on human assumptions about how the rules
 behave. They are based on real-world testing and a perceptron
 score-fitting system that accounts not only for the hit-rate of the
 rule, but also for the combinations of rules that it tends to match
 with. Often the reality is a lot more complex than you think.

It's important to note that, without good training, BAYES_99 may indeed
fire regularly on nonspam mail -- that's the danger with user-trained
rules.  In the *default* scenario, therefore, a score of 3.5 is reasonably
optimal.   However, if good training is supplied, it's a good plan to
increase the BAYES_99 score to 5.0, or even more.  (I think we might
mention that somewhere in the documentation -- I hope. ;)

Also, it's worth noting that BAYES_99 doesn't really refer to a 1%
probability.   SpamAssassin uses the Fisher Inverse Chi-Square Procedure
described at http://garyrob.blogs.com/whychi90.pdf , and as a result these
are no longer true probability values -- so don't expect to see
probabilistic distributions.

Great articles btw.  The grumpy editor has outdone himself ;)
[I've posted this as a comment on the story already btw.]

--j.

Re: URIBL_SBL

[Brandon Hutchinson]

Cami wrote:

Dojja wrote:

Cami wrote:


A specific message is hitting the following rule:

   *   5  URIBL_SBL Contains an URL listed in the SBL blocklist
   *  [URIs: annealbatross.org]





This is not clear at all, i can not see what list it is on
because it does not mention what ip address has been blacklisted.
All it mentions is the URL is blocked but when to check on the
site, the ip address in question is not blocked at all.

Cami


The URIBL_SBL block means that one or more of the NS servers for the 
domain annealbatross.org is in the Spamhaus SBL. The NS server 
ns2.netfirms.com (66.244.253.14) is the culprit.


$ dig +noall +additional ns annealbatross.org
ns1.netfirms.com.   88013   IN  A   64.34.74.221
ns2.netfirms.com.   88013   IN  A   66.244.253.14

$ dig +short 221.74.34.64.sbl.spamhaus.org

$ dig +short 14.253.244.66.sbl.spamhaus.org
127.0.0.2

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35748

Best regards,

Brandon

RE: SpamAssassin tested by lwn.net

[Chris Santerre]

Title: RE: SpamAssassin tested by lwn.net 






  Michael Monnerie wrote:
   http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/
  
   They are wondering why bayes_99 is not given 5 points by 
 default, as it 
   seems to have no FP.


Disregarding the excellent explanation JMason gave, there is also rule #1 of rule writing:


No single rule should ever mark a messege as spam.


Numerous testing has shown that like a picture your buddies took of you while you were drunk, it will eventually come back up and bite you in the bum!

--Chris 

Config files

[James Smith]

I am having some trouble finding the spamassassin config files on my system.

I have got /etc/mail/spamassassin with local.cf and init.pre, I have
/etc/spamassassin with the same two files but all four of them seem
relatively empty with only 4 config lines, all of them commented.

I do have a /usr/share/spamassassin with loads of config files in but I am
not supposed to modify these directly am I?

Any other suggestions as to where the elusive config files could be hiding?

I am using Ubuntu with VHCS if that helps.

--
James Smith
IT Director - Music Express

RE: Config files

[James Smith]

Sorry, should have mentioned that /etc/mail/spamassassin is a link to
/etc/spamassassin not a directory.

--
Jay

RE: Config files

[Bowie Bailey]

James Smith wrote:
 Sorry, should have mentioned that /etc/mail/spamassassin is a link to
 /etc/spamassassin not a directory.

Run 'spamassassin -D --lint' and look for a line like the following:

[18246] dbg: config: read file /etc/mail/spamassassin/init.pre

-- 
Bowie

Getting BAYES to work with ESA?

[Christoph Söllner]

Hi folks,

I'm having some trouble getting the bayes filter
to work on my windows installation. SA 3.1.0 is
installed and working properly, the ESA fires on
every received message and calls spamassassin.bat.
Bayes DB trained with 260 HAMs and 2600 SPAMs ^^.

When I strip a spam message of its X-SPAM flags
and run it manually through spamassassin.bat, all
works fine and BAYES_99 is added to the flags.
But when run through the ESA, all tests are pre-
sent, except that BAYES_99?!?!
What am I doing wrong? Or does anyone with the 
same system constellation have similar difficul-
ties?

Thanks,
Chris

Re: question on training spamassassin

[Matt Kettler]

Webmaster wrote:

 Also if your users are only or mostly forwarding spam, SA's 
 bayes is going to have a bayes bias that all messages 
 forwarded by your mail clients are spam, regardless of content.


 
 Does this also mean that it is almost useless to share bayes from 
 one server to the next if each server has its own set of hosted 
 domains ?

Yes, it's definitly very sub-optimal to share bayes DB's across different
domains, but not for the reason of header differences.

The reason this is useless is that the nonspam mail received by different
domains is not likely to be similar.

Take for example a shipping company and a law firm. How much similarity is there
going to be in the day-to-day nonspam of these sites? Sure both are likely to
have some personal Hi hon, working late, be home at 7pm type emails. However
their commercial nonspam is going to be VERY different.


 Because if the headers play such an important role, spams targetting 
 different sets of domains, I assume, are learned differently.

To some degree, yes, but this is less severe than forwarding.

At least things like source IP, User-agent, Message-ID and other patterns are
NOT going to be different across domains.

To: and Received: headers will be considerably different, but with a forward you
retain ZERO of the original headers.

RE: Config files

[James Smith]

 Run 'spamassassin -D --lint' and look for a line like the following:
 
 [18246] dbg: config: read file /etc/mail/spamassassin/init.pre

Thanks, I got...
debug: config: read file /etc/spamassassin/init.pre

But the only thing in that file NOT commented is the loading of 3 plugins
(spf, hashcash and uridnsbl) there is no other config info in there at all.

I also got...
debug: config: read file /etc/spamassassin/local.cf

But that only contains 4 lines of config and they are all commented as well.

My current emails get a header like...
X-Spam-Status: No, hits=0.0 tagged_above=-0.1 required=4.0 tests=

But I have added 
Require_score   5.0

To the above local.cf so this file is clearly not being read properly
anyway.

Any other ideas?

--
Jay

Contextual rules in SA

[David Landgren]

Hello list,

I've seen a sharp increase in spam that is really easy to identify, but 
I'm struggling to get SA to do so. One example is


The To: header matches:

  /^([EMAIL PROTECTED])@(?:regexp-of-my-local-domains)$/

The Subject matches:

  /^Fw: Discount for (\S+)/

and the $1 capture in both these patterns are the same, in an Ceq 
sense. Finally, the message body is a multipart message, purported to be 
a forwarded message, and in the body of the message there is


  /^Subject: (\S+)$/

and once again the captured pattern is the same as the previous two. If 
those three conditions match up, that's worth 3 to 5 straight away. And 
there's other garbage to improve the score.


If I could write a contextual rule that remembers those three items and 
then makes a decision, I'd be a happy man. I think I need to write a 
plugin, since you can't capture stuff with basic rules and then 
manipulate the captures (at least, not in any rulesets I've seen). Plus, 
since the captured pattern is the LHS of a local email address, so I 
could refine things even further if necessary by doing a recipient lookup.


I'm sure people have already done this sort of thing, so I tried 
searching for ideas to steal but came up short. So... does anyone have 
some ideas (or code) they can point out to me?


I know how to do this in a policy server for Postfix, but I'd rather do 
it in SA if possible.


Thanks,
David
--
It's overkill of course, but you can never have too much overkill.

Re: Getting BAYES to work with ESA?

[Matt Kettler]

Christoph Söllner wrote:
 Hi folks,
 
 I'm having some trouble getting the bayes filter
 to work on my windows installation. SA 3.1.0 is
 installed and working properly, the ESA fires on
 every received message and calls spamassassin.bat.
 Bayes DB trained with 260 HAMs and 2600 SPAMs ^^.
 
 When I strip a spam message of its X-SPAM flags
 and run it manually through spamassassin.bat, all
 works fine and BAYES_99 is added to the flags.
 But when run through the ESA, all tests are pre-
 sent, except that BAYES_99?!?!
 What am I doing wrong? Or does anyone with the 
 same system constellation have similar difficul-
 ties?
 

First, I know nothing about ESA.. I don't even know what ESA is, and have never
heard of it before outside of the European space agency.


That said, 99% of the time the problem you're referring to is differences in
effective user ID. When you train mail, are you training it while logged in as
the same user that calls spamassassin.bat?

I assume this is a windows platform, but SA by default stores it's bayes
database in the user's home directory. I'm not sure what happens on windows, but
this might be in the user's documents and settings tree.

Help with BAYES + MYSQL

[sinofzik]

Hoppe someone can help me!!

Iam using Spamassassin 3.0.1 
( users stored in mysql and vpopmail and qmail).
Slackware version 10.2
Mysql version 5.0

My problem:
when i use the standart bayes confs ( hard drive .db files) everything  
works so fine..

When i change to bayes MYSQL. strange things happens.
First time i receive a email, system give me a message that not have  
user at bayes tables. but at end he use the learn mode and everything  
is ok .
After this when this same user start to receive email the system dye  
in a Segmentation fault message ( look debug example 1 ).

And after a --lit debug example..

any idea what happens?


##
ebug example 1
###
Thu Mar  2 14:01:24 2006 [17152] dbg: prefork: ordered 17156 to accept
Thu Mar  2 14:01:24 2006 [17152] dbg: prefork: sysread(6) not ready,  
wait max 300 secs
Thu Mar  2 14:01:24 2006 [17156] info: spamd: connection from  
localhost [127.0.0.1] at port 48847

Thu Mar  2 14:01:24 2006 [17152] dbg: prefork: child 17156: entering state 2
Thu Mar  2 14:01:24 2006 [17152] dbg: prefork: new lowest idle kid: 17157
Thu Mar  2 14:01:24 2006 [17156] info: spamd: handle_user unable to  
find user: [EMAIL PROTECTED]
Thu Mar  2 14:01:24 2006 [17156] dbg: config: Conf::SQL: executing  
SQL: select preference, value  from userpref where username =  
'[EMAIL PROTECTED]' or username = '@GLOBAL' order by username asc
Thu Mar  2 14:01:24 2006 [17156] dbg: config: retrieving prefs for  
[EMAIL PROTECTED] from SQL server

Thu Mar  2 14:01:24 2006 [17156] dbg: info: user has changed
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: using username:  
[EMAIL PROTECTED]

Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: database connection established
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: found bayes db version 3
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: Using userid: 4
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: not available for  
scanning, only 0 spam(s) in bayes DB  10

Thu Mar  2 14:01:24 2006 [17156] dbg: config: score set 1 chosen.
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: name server:  
192.168.100.105, LocalAddr: 0.0.0.0
Thu Mar  2 14:01:24 2006 [17156] info: spamd: processing message  
[EMAIL PROTECTED] for  
[EMAIL PROTECTED]:0

Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: database connection established
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: found bayes db version 3
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: Using userid: 4
Thu Mar  2 14:01:24 2006 [17156] dbg: bayes: not available for  
scanning, only 0 spam(s) in bayes DB  10
Thu Mar  2 14:01:24 2006 [17156] dbg: received-header: parsed as [  
ip=209.73.178.172 rdns=web60524.mail.yahoo.com  
helo=web60524.mail.yahoo.com by=nisyros.psmi.com.br ident= envfrom=  
intl=0 id= auth= ]
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: looking up A records for  
'nisyros.psmi.com.br'
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: A records for  
'nisyros.psmi.com.br': 201.64.97.21 201.64.97.21 201.64.97.21
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: looking up A records for  
'nisyros.psmi.com.br'
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: A records for  
'nisyros.psmi.com.br': 201.64.97.21 201.64.97.21 201.64.97.21
Thu Mar  2 14:01:24 2006 [17156] dbg: received-header: 'by'  
nisyros.psmi.com.br has public IP 201.64.97.21
Thu Mar  2 14:01:24 2006 [17156] dbg: received-header: relay  
209.73.178.172 trusted? no internal? no
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: looking up PTR record for  
'201.64.97.17'
Thu Mar  2 14:01:24 2006 [17156] dbg: dns: PTR for '201.64.97.17':  
'nagios.psmi.com.br'
Thu Mar  2 14:01:24 2006 [17156] dbg: received-header: parsed as [  
ip=201.64.97.17 rdns=nagios.psmi.com.br helo=  
by=web60524.mail.yahoo.com ident= envfrom= intl=0 id= auth= ]
Thu Mar  2 14:01:24 2006 [17156] dbg: received-header: relay  
201.64.97.17 trusted? no internal? no

Thu Mar  2 14:01:24 2006 [17156] dbg: metadata: X-Spam-Relays-Trusted:
Thu Mar  2 14:01:24 2006 [17156] dbg: metadata:  
X-Spam-Relays-Untrusted: [ ip=209.73.178.172  
rdns=web60524.mail.yahoo.com helo=web60524.mail.yahoo.com  
by=nisyros.psmi.com.br ident= envfrom= intl=0 id= auth= ] [  
ip=201.64.97.17 rdns=nagios.psmi.com.br helo=  
by=web60524.mail.yahoo.com ident= envfrom= intl=0 id= auth= ]

Thu Mar  2 14:01:24 2006 [17156] dbg: message:  MIME PARSER START 
Thu Mar  2 14:01:24 2006 [17156] dbg: message: main message type:  
multipart/alternative
Thu Mar  2 14:01:24 2006 [17156] dbg: message: parsing multipart, got  
boundary: 0-1994749066-1141318697=:2926
Thu Mar  2 14:01:24 2006 [17156] dbg: message: found part of type  
text/plain, boundary: 0-1994749066-1141318697=:2926

Thu Mar  2 14:01:24 2006 [17156] dbg: message: parsing normal part
Thu Mar  2 14:01:24 2006 [17156] dbg: message: added part, type: text/plain
Thu Mar  2 14:01:24 2006 [17156] dbg: message: found part of type  
text/html, boundary: 0-1994749066-1141318697=:2926

Thu Mar  2 14:01:24 2006 

Re: Multidomain Mailhosting on one physical host

[Kelson]

[EMAIL PROTECTED] wrote:

User Sam and Joe has internet access via DSL with a dynamic ip
address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is
identified as SPAM because the sending ip address is the dynamic dial
up address.


The solution is twofold:

1) Don't scan outgoing mail for spam, or don't run network tests on 
outgoing mail.
2) Treat mail coming from your users as outgoing, even if it's being 
sent to another domain on your server.


The best solution would be to make your users send with SMTP-AUTH, and 
then tell whatever calls SpamAssassin to skip SA if it finds valid 
SMTP-AUTH info.


I'd guess from your description, however, that you're running 
SpamAssassin on delivery and not on receipt, which will probably make 
this a bit more challenging.  Though if you can check after the fact for 
valid SMTP-AUTH info, you can probably still make it work.


--
Kelson Vibber
SpeedGate Communications www.speed.net

RE: bayes DBM versus SQL

[Webmaster]

Gary W. Smith wrote

  -Original Message-
  From: Webmaster [mailto:[EMAIL PROTECTED]
  Sent: Wednesday, March 01, 2006 11:59 PM
  To: users@spamassassin.apache.org
  Subject: bayes DBM versus SQL
  
  Those of you you have used both native DBM and new SQL 
 bayesian, can 
  you comment on benefits of one versus the other please.
  
  Much appreciated!
  
 
 DBM is fine for small installations but if you need to scale 
 up then SQL will allow for a consolidate database across 
 multiple machine.
 
 We use it on a decent size platform (multiple front end 
 relays, multiple sa boxes and a clustered MySQL instance).  
 It works well for us.
 
 For bayes training, we use a separate linux workstation and 
 just point it to the master database.  This gives us the 
 ability to do tasks without impacting the overall SA boxes.
 
 

Thanks.  
So SQL is the way to go for cluster enviroment.
Having a separate training box is also a good idea.

RE: bayes DBM versus SQL

[Webmaster]

 

 -Original Message-
 From: Steven Stern [mailto:[EMAIL PROTECTED] 
 Sent: March 2, 2006 5:13 AM
 To: spamass
 Subject: Re: bayes DBM versus SQL
 
 Webmaster wrote:
  Those of you you have used both native DBM and new SQL 
 bayesian, can 
  you comment on benefits of one versus the other please.
  
  Much appreciated!
  
 
 I  have three MX servers fronting our Exchange box.  The 
 fastest of the MX servers is also handling the MySQL server 
 for both bayes and AWL. 
 It's surprisingly fast and all three boxes are working from 
 the same set of information so the path the mail takes 
 doesn't affect scoring.  Most of the spam comes through the 
 non-preferred MX server.
 
 -- 
 
Steve


Thanks for letting me know Steve.  That's what I want to hear. 
I will implement SQL version of Bayes then.

RE: Re: Automatically Updating Rules on Windows

[Matthew.van.Eerde]

Jeremy wrote:
 I use SpamAssassin on Windows with no Perl/CYGWIN environment (via
 MDaemon) which means I can't use RDJ, so I found and customised a
 reasonably advanced batch file which automatically checks for newer
 versions of the SA rules I want, and downloads them if there are new
 versions available for download - complete with logging and optional
 email reports. Works very well for me - I'd be happy to make it
 available if anyone was interested... 

Sounds like good wikifood.

-- 
Matthew.van.Eerde (at) hbinc.com   805.964.4554 x902
Hispanic Business Inc./HireDiversity.com   Software Engineer

RE: question on training spamassassin

[Webmaster]

 

 -Original Message-
 From: Matt Kettler [mailto:[EMAIL PROTECTED] 
 Sent: March 2, 2006 8:53 AM
 To: [EMAIL PROTECTED]
 Cc: users@spamassassin.apache.org
 Subject: Re: question on training spamassassin
 
 Webmaster wrote:
 
  Also if your users are only or mostly forwarding spam, 
 SA's bayes is 
  going to have a bayes bias that all messages forwarded by 
 your mail 
  clients are spam, regardless of content.
 
 
  
  Does this also mean that it is almost useless to share 
 bayes from one 
  server to the next if each server has its own set of hosted 
 domains ?
 
 Yes, it's definitly very sub-optimal to share bayes DB's 
 across different domains, but not for the reason of header 
 differences.
 
 The reason this is useless is that the nonspam mail received 
 by different domains is not likely to be similar.
 
 Take for example a shipping company and a law firm. How much 
 similarity is there going to be in the day-to-day nonspam of 
 these sites? Sure both are likely to have some personal Hi 
 hon, working late, be home at 7pm type emails. However their 
 commercial nonspam is going to be VERY different.
 
 
  Because if the headers play such an important role, spams 
 targetting 
  different sets of domains, I assume, are learned differently.
 
 To some degree, yes, but this is less severe than forwarding.
 
 At least things like source IP, User-agent, Message-ID and 
 other patterns are NOT going to be different across domains.
 
 To: and Received: headers will be considerably different, but 
 with a forward you retain ZERO of the original headers.
 

ok gotcha!
At least it will not be entirely useless.  I am assuming that 
the non-spam, false positive issues will not be severe.

Thanks.

RE: Config files

[Bowie Bailey]

James Smith wrote:
  Run 'spamassassin -D --lint' and look for a line like the following:
  
  [18246] dbg: config: read file /etc/mail/spamassassin/init.pre
 
 Thanks, I got...
 debug: config: read file /etc/spamassassin/init.pre
 
 But the only thing in that file NOT commented is the loading of 3
 plugins (spf, hashcash and uridnsbl) there is no other config info in
 there at all. 
 
 I also got...
 debug: config: read file /etc/spamassassin/local.cf
 
 But that only contains 4 lines of config and they are all commented
 as well. 
 
 My current emails get a header like...
 X-Spam-Status: No, hits=0.0 tagged_above=-0.1 required=4.0 tests=
 
 But I have added
 Require_score 5.0
 
 To the above local.cf so this file is clearly not being read properly
 anyway.
 
 Any other ideas?

It looks like it is definitely reading your config from the
/etc/spamassassin directory.  So make your changes there.

It is normal for those files to be mostly empty.  init.pre and
v310.pre should have some loadplugin lines that you can uncomment to
enable various features.

If you added a line to local.cf and it is not being recognized, then
you are probably running spamd and have not restarted it since making
the changes.

The default value for required_score is 5.0, so I'm wondering where
the 4.0 comes from in the first place.  How are you running SA?

-- 
Bowie

Re: Config files

[Kris Deugau]

James Smith wrote:

I am having some trouble finding the spamassassin config files on my system.

I have got /etc/mail/spamassassin with local.cf and init.pre, I have
/etc/spamassassin

  ^
Ah, Debian.  :/

 I am using Ubuntu with VHCS if that helps.

OK, a Debian derivative.  Same difference.

One is a symlink to the other, I don't recall offhand which way around 
it is.  IIRC it's the wrong way (as compared to, oh, say, EVERY OTHER 
DISTRO).  But functionally it doesn't much matter.



with the same two files but all four of them seem
relatively empty with only 4 config lines, all of them commented.


Those *are* the stock user-side *global* configuration files.  You can 
add entries as you like to those files, and they should not get 
clobbered when you upgrade SA packages.  You can also add new files in 
that directory, and as long as it's a .cf it will be automatically read.


.pre files are only referenced by specific lines in a .cf file;  man 
mail::SpamAssassin::Conf for full details on exactly what goes in the 
various files.



I do have a /usr/share/spamassassin with loads of config files in but I am
not supposed to modify these directly am I?


Typically not.  There *are* rare cases where one might need to (ARIN 
opening up IP assignments from a previously reserved IP block causing 
certain rules to FP - IP blocks 76/8, 74/8, and a few others near there 
IIRC), but those files ARE pretty much guaranteed to be overwritten on 
upgrades, and any extra files are very likely to be deleted.


If you *really* want to customize SA to your local mail flow, you 
*could* delete (or change the extension on) the files there, and create 
whole new rulesets entirely customized for your mail.  I don't think you 
really want to go there just yet.  g



Any other suggestions as to where the elusive config files could be hiding?


The other place SA configuration files will show up is in 
~/.spamassassin.  These are per-user files, and set up *slightly* 
differently than the main files.  There is one file 
(~/.spamassassin/user_prefs) that is automatically parsed, and this is 
where per-user Bayes and AWL files will get put as well.  However, on 
most systems, user_prefs may only contain a limited subset of the SA 
configuration and rules possible in a .cf file /etc/mail/spamassassin.


-kgd

Re: [sa-list] Re: Spamd keeps getting hung up!

[Dan Mahoney, System Admin]

On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote:

Had another hangup today.  Should I comment on the bug report, or just 
reply here, and note http://www.gushi.org/maillog.txt


-Dan



Dan Mahoney, System Admin wrote:

Hey All,

I've been running the latest spamd for months now, and it seems to be a 
weekly (at least) occurence that all my child processes will fill up and 
hang the thing and allow spam to start seeping through.


However, today I woke up to find this error:

Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on 
server filehandle: Bad file descriptor

Feb 10 08:57:51 quark last message repeated 20403 times


Please try out Justin's latest patch in bug 4696 and PLEASE comment on that 
bug to let us know how it goes.  Even if it doesn't fix your problem, it'll 
probably provide different errors that may help us.


http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4696


Daryl



--

Long live little fat girls!

-Recent Taco Bell Ad Slogan, Literally Translated.  (Viva Gorditas)

Dan Mahoney
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---

Re: [sa-list] Re: Spamd keeps getting hung up!

[Daryl C. W. O'Shea]

Dan Mahoney, System Admin wrote:

On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote:

Had another hangup today.  Should I comment on the bug report, or just 
reply here, and note http://www.gushi.org/maillog.txt


If you're seeing this again...


Dan Mahoney, System Admin wrote:
Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on 
server filehandle: Bad file descriptor

Feb 10 08:57:51 quark last message repeated 20403 times


Provide what you can for bug 4590:
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4590

Providing info about actual bugs with the software (and not 
configuration errors/problems) is almost always best done on Bugzilla.



Daryl

Re: [sa-list] Re: Spamd keeps getting hung up!

[Dan Mahoney, System Admin]

On Thu, 2 Mar 2006, Daryl C. W. O'Shea wrote:


Dan Mahoney, System Admin wrote:

On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote:

Had another hangup today.  Should I comment on the bug report, or just 
reply here, and note http://www.gushi.org/maillog.txt


If you're seeing this again...


Dan Mahoney, System Admin wrote:
Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on 
server filehandle: Bad file descriptor

Feb 10 08:57:51 quark last message repeated 20403 times


I am not seeing that.

Here's the errors I'm currently seeing that do not seem right to me:

1) An error relating to Textcat that I can find no real documentation on 
in the wiki or the docs, and reading the source does not imply specifying 
a filename:


Mar  2 13:09:07 quark spamd[52083]: textcat: languages filename not 
defined at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm 
line 320.
Mar  2 13:09:07 quark spamd[52083]: plugin: failed to create instance of 
plugin Mail::SpamAssassin::Plugin::TextCat: textcat: languages filename 
not defined at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm 
line 320.


2) A bunch of warnings, all in a row (I see this regularly, I think when 
a new child spawns):


Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition 
(+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf 
at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition 
(+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf 
at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition 
(+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf 
at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition 
(+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric 
le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf 
at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric 
eq (==) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 430, GEN1723 line 97.
Mar  2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric 
eq (==) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 430, GEN1723 line 97.
Mar  2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric 
eq (==) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 430, GEN1723 line 97.


3) This on startup:

Mar  2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern 
match (m//) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 
547, GEN2752 line 2.
Mar  2 13:43:57 quark 

Re: Multidomain Mailhosting on one physical host

[Daryl C. W. O'Shea]

Kelson wrote:

[EMAIL PROTECTED] wrote:

User Sam and Joe has internet access via DSL with a dynamic ip
address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is
identified as SPAM because the sending ip address is the dynamic dial
up address.


The best solution would be to make your users send with SMTP-AUTH, and 
then tell whatever calls SpamAssassin to skip SA if it finds valid 
SMTP-AUTH info.


I'd guess from your description, however, that you're running 
SpamAssassin on delivery and not on receipt, which will probably make 
this a bit more challenging.  Though if you can check after the fact for 
valid SMTP-AUTH info, you can probably still make it work.


If you can get Postfix to insert RFC 3848 style with ESMTPA tokens or 
Sendmail style authenticated user lines in the headers, SpamAssassin 
will automatically recognize that the user is authenticated (if they 
authenticate) and not do the dynablock checks.  If anyone knows how to 
do this (I've never used Postfix), I'd like to document it on the wiki.


If you use POP-before-SMTP, there's also the POPAuth plugin available on 
the wiki at: http://wiki.apache.org/spamassassin/POPAuthPlugin


Also (like Kelson said), if you don't want to scan local-domain mail at 
all (NOT something I prefer myself), you can probably configure 
amavisd-new or Postfix to skip mail from these users.



Daryl

Re: [sa-list] Re: Spamd keeps getting hung up!

[Theo Van Dinter]

On Thu, Mar 02, 2006 at 01:33:24PM -0500, Dan Mahoney, System Admin wrote:
 Here's the errors I'm currently seeing that do not seem right to me:
 
 1) An error relating to Textcat that I can find no real documentation on 
 in the wiki or the docs, and reading the source does not imply specifying 
 a filename:
 
 Mar  2 13:09:07 quark spamd[52083]: textcat: languages filename not 
 defined at 
 /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm 
 line 320.

There should be a file called languages in the default rules directory
(/usr/share/spamassassin).  It gets installed with the standard rules.  If
it's not there, TextCat won't work.

 2) A bunch of warnings, all in a row (I see this regularly, I think when 
 a new child spawns):
 
 Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition 
 (+) at 
 /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 

This is related to http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4699

We still haven't been able to standardly reproduce the issue, so it's hard to
track down.

 3) This on startup:
 
 Mar  2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern 
 match (m//) at 
 /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 
 547, GEN2752 line 2.
 Mar  2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern 
 match (m//) at 
 /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 
 547, GEN2752 line 2.

Could be related to the above.  line 547 in 3.1.0 is:

  $set_score = -$set_score if ( $conf-{tflags}-{$k} =~ /\bnice\b/ );

This should definitely never be possible with the standard code.  When a rule
is added, the function that adds it specifically does:

  $conf-{tflags}-{$name} ||= '';

The #2 issue above is that there's a rule hit for a rule without a score set,
which should also never be possible -- in fact, the function from #3 sets the
default score for all rules, which means #2 shouldn't be possible.

-- 
Randomly Generated Tagline:
Two heads are better than one.
-- John Heywood


pgpHXVNGS6c0o.pgp
Description: PGP signature

Re: [sa-list] Re: Spamd keeps getting hung up!

[Daryl C. W. O'Shea]

Dan Mahoney, System Admin wrote:

On Thu, 2 Mar 2006, Daryl C. W. O'Shea wrote:


Dan Mahoney, System Admin wrote:

On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote:

Had another hangup today.  Should I comment on the bug report, or 
just reply here, and note http://www.gushi.org/maillog.txt


If you're seeing this again...


Dan Mahoney, System Admin wrote:
Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error 
on server filehandle: Bad file descriptor

Feb 10 08:57:51 quark last message repeated 20403 times


I am not seeing that.


I would never have guessed from had another hangup today. :)
The link you posted to your maillog was first 404 and now 403.



Here's the errors I'm currently seeing that do not seem right to me:

1) An error relating to Textcat that I can find no real documentation on 
in the wiki or the docs, and reading the source does not imply 
specifying a filename:


Mar  2 13:09:07 quark spamd[52083]: textcat: languages filename not 
defined at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm 
line 320.
Mar  2 13:09:07 quark spamd[52083]: plugin: failed to create instance of 
plugin Mail::SpamAssassin::Plugin::TextCat: textcat: languages filename 
not defined at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm 
line 320.


Hmm, that's your bug: 
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4803


From SpamAssassin.pm pod (I don't think anything else uses this config 
option... it should probably be moved to the plugin):


=item languages_filename

If you want to be able to use the language-guessing rule
CUNWANTED_LANGUAGE_BODY, and are using Cconfig_text instead of
Crules_filename, Csite_rules_filename, and Cuserprefs_filename, 
you will

need to set this.  It should be the path to the Blanguages file normally
found in the SpamAssassin Brules directory.


If this applies, make sure you set the path to your languages file as 
above.  If this works, please note the fix in your bug 4803 and close it 
as invalid.



2) A bunch of warnings, all in a row (I see this regularly, I think when 
a new child spawns):


Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
addition (+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
sprintf at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
addition (+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
sprintf at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
addition (+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
sprintf at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2707, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
addition (+) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2698, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric ge (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
numeric le (=) at 
/usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm 
line 2703, GEN1723 line 97.
Mar  2 13:07:55 quark spamd[95378]: Use of uninitialized value in 
sprintf at 

Re: Spamassassin Spam Header

[Markus Braun]

Sounds like you didn't kill spamd first.


this is my top:
7091 root   9   0 20092 1096 1096 S  0.0  0.1   0:01.17 spamd
7303 backuppc   8   0  5468 3364 1124 S  0.0  0.3   1:02.43 BackupPC
7315 backuppc   9   0  3032 1536 1100 S  0.0  0.1   0:07.87 BackupPC_trashC
7428 root   9   0 38596  23m  23m S  0.0  2.3   0:27.23 spamd
7429 root   9   0 47164  27m  27m S  0.0  2.7   0:19.87 spamd
7430 root   9   0 34328 4948 4948 S  0.0  0.5   0:22.41 spamd
7431 root   9   0  118m  29m  29m S  0.0  3.0   0:33.93 spamd
7432 root   9   0 40520  23m  23m S  0.0  2.3   0:24.63 spamd


Sounds like your installation is severely hosed. How did you install SA?


i installed it over

apt-get install spamassassin

i have a debian sarge system...

_
Haben Spinnen Ohren? Finden Sie es heraus – mit dem MSN Suche Superquiz via  
http://www.msn-superquiz.de  Jetzt mitmachen und gewinnen!

moving bayes db?

[Charles Farinella]

I'm moving our mail server to a new machine with current versions of
SpamAssassin amd Amavis-new.  Can I just copy over the .spamassassin
directory containing all the bayes stuff and the autowhitelist or should
I start fresh?  The old SA is 2.63.

thanks,

-- 
Charles Farinella 
Appropriate Solutions, Inc. (www.AppropriateSolutions.com)
[EMAIL PROTECTED]
603.924.6079

Re: Any rule to flag missing message-id's as SPAM?

[Philip Prindeville]

Graham Murray wrote:

Robert Nicholson [EMAIL PROTECTED] writes:

  

Hi,

Is there a rule that says that any message without a message-id is SPAM ie. 
one who's SCORE I can increase.

I've got a spammer sending messagegs without message-id's.



Just change the score for MSGID_FROM_MTA_ID. This rule will be hit
when the original message does not contain an message-id.
  


I'm curious to know how the message could have been routed and delivered
without ever getting an Message-Id: stamped on it...

Sendmail, for instance, will always add a message-id if one isn't present,
regardless of whether the message is being submitted locally via a pipe, a
file, loopback socket, etc. or whether it is being relayed on port 25.

-Philip

Re: SpamAssassin tested by lwn.net

[jdow]

It is graded 5 here. I overrode the perceptron score. So far I have not seen
a false positive that got a BAYES_99 score. I've seen a very small number of
false negatives in spite of the BAYES_99 score.

{^_^}
- Original Message - 
From: Martin Hepworth [EMAIL PROTECTED]


Seems to produce != doesn't ever.

Depends on your config, but I think the developers err on the side of
caution a little and don't have single test score that would trigger go over
the default 'is spam' limit.

Could be wrong - frequently am...

--
Martin Hepworth 

-Original Message-
From: Michael Monnerie [mailto:[EMAIL PROTECTED]

http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/

They are wondering why bayes_99 is not given 5 points by default, as it
seems to have no FP.

mfg zmi

Re: SpamAssassin tested by lwn.net

[jdow]

From: Matt Kettler [EMAIL PROTECTED]


Michael Monnerie wrote:

http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/

They are wondering why bayes_99 is not given 5 points by default, as it 
seems to have no FP.


Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality,
it does a lot better than that.

However, in the SA 3.1.0 set3 mass checks it still managed to match
about 21 messages in the nonspam test set:

OVERALL%   SPAM% HAM% S/ORANK   SCORE  NAME
176869   123778530910.700   0.000.00  (all messages)
60.712  86.7351   0.03961.000   0.903.50  BAYES_99


SA's scores aren't based on human assumptions about how the rules
behave. They are based on real-world testing and a perceptron
score-fitting system that accounts not only for the hit-rate of the
rule, but also for the combinations of rules that it tends to match
with. Often the reality is a lot more complex than you think.


And of course, when reading BAYES_99 pronouncements one must ALWAYS be
aware that YMMV in big glowing radioactive Cherenkov Radiation Blue
letters is always presumed. Matt's note above proves it.

{^_-}

Re: URIBL_SBL

[jdow]

From: Dojja [EMAIL PROTECTED]


Cami wrote:


Hi All,

A specific message is hitting the following rule:

*   5  URIBL_SBL Contains an URL listed in the SBL blocklist
*  [URIs: annealbatross.org]

The sender would like to know how to fix it and i
am unable to find any reference anywhere on the
procedure stating how to go about it.

Cami


Hi.
Look at ther homepage, under FAQ.
http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137


And either it has been removed recently or somehow the lookup above got
a bad answer. 64.34.66.18 is not on SBL at the moment.

{o.o}

prefork: server reached --max-clients setting, consider raising it messages

[Ron Culler]

After upgrading to 3.1 from 3.0 we are starting to see the following
error messages in our logs prefork: server reached --max-clients
setting, consider raising it

I have looked through the list archives and tried the suggestions that I
have found. (adjusting the max children numbers) But still no luck.

Here is our config:

3 inbound qmail servers doing rbl look-ups to block spam
They deliver to 6 qmail servers running qmail-scanner with spamc support
enabled.  Those 6 servers look up against 4 spamd servers for scoring.

All the scanners and spamd boxes are P4 3.2GB 1M cache machines with 2GB
of ram.  The spamd servers have a second disk for the bayes db file.
( haven't moved to SQL bayes yet) We are using Mysql for per user
actually per domain white\black list and default score options.

The inbound servers deliver via a dns round robin lookup to one of the 6
scanners.  They in turn do the same dns round robin lookup to a spamd
server for scoring.

Spamd startup options - -d -q -m 50 -x --
siteconfigpath=/etc/mail/spamassassin -i xxx.xxx.xxx.xxx -A xxx.xxx.xxx.
-u spamd

Spamd servers are also running a caching dns server as well.

localdb.cf contents
required_hits   5.0
report_safe 0
use_bayes   1
lock_method flock
use_auto_whitelist 0
bayes_path /home/spamd/.spamassassin/bayes
bayes_auto_expire   1
skip_rbl_checks 1
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold

# TextCat - language guesser
#
loadplugin Mail::SpamAssassin::Plugin::TextCat

# WhitelistSubject - Whitelist/Blacklist certain subject regular
expressions
#
loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject

ok_languagesall
ok_locales  en

user_scores_dsn DBI:mysql:spamassassin:xxx.xxx.xxx.xxx
user_scores_sql_usernameusername
user_scores_sql_passwordpassword

bayes_ignore_header X-Habeas-SWE-1
bayes_ignore_header X-Habeas-SWE-2
bayes_ignore_header X-Habeas-SWE-3
bayes_ignore_header X-Habeas-SWE-4
bayes_ignore_header X-Habeas-SWE-5
bayes_ignore_header X-Habeas-SWE-6
bayes_ignore_header X-Habeas-SWE-7
bayes_ignore_header X-Habeas-SWE-8
bayes_ignore_header X-Habeas-SWE-9


Spamc switches - -c -s 20 -d round-robin hostname -u domainname

We average between 50k to 75k messages scanned per day via this
system.  

I was wanting to find out if there are any additional things that can be
done to better tune the spamassassin performance and get rid of these
messages.  We normally see that message when a large burst of mail is
transmitted. Is there anything that can be done to either spamd/spamc or
both that would handle this better?

Thanks

-- 
Ron Culler

Re: prefork: server reached --max-clients setting, consider raising itmessages

[Mike Jackson]

Spamd startup options - -d -q -m 50 -x --
siteconfigpath=/etc/mail/spamassassin -i xxx.xxx.xxx.xxx -A xxx.xxx.xxx.
-u spamd


There's a disconnect between the spamd man page and what the error log 
reports. What you're looking to change is the -m option in your startup. The 
man page lists that option's long name as --max-children, though the logs 
refer to it as --max-client.


You might want to run a few messages through in debug mode to see what's 
causing the bottleneck. 50 children should be plenty for that many messages, 
unless your mail traffic is incredibly bursty. I'll bet some step in the 
checking process is tying up the spamd children for longer than necessary. 

Re: Automatically Updating Rules on Windows

[Steven Dickenson]

On Mar 2, 2006, at 10:16 AM, mouss wrote:


Jeremy a écrit :

I use SpamAssassin on Windows with no Perl/CYGWIN environment


do you mean you managed to run SA without perl? if so, how?



No, he's running SA from MDaemon, which has some form of an internal  
SA engine, but uses the same basic configuration and rulesets via  
text files.


Steven
---
Steven Dickenson [EMAIL PROTECTED]
http://www.mrchuckles.net

RE: Automatically Updating Rules on Windows

[ajc85]

I run SA... Well the SA libraries wrapped in a .NET assembly. Then used in
an in-house windows port of spamd.
I run the whole thing in an exchange sink, so every message coming into the
exchange server is checked via spamd-nt, takes about a second or less for
each message to be checked; plus gives all the advantages that the original
spamd does... Save memory usage. Given about 10 children, the
spam-server.exe process (our spamd-nt), uses about 30-60 of memory.

There must be *some* form of perl interpreter running over the sa
libraries... As they *are* written in perl. The regular expressions alone
would be troublesome to attempt with any win32 compatible libraries (aka
tre), why bother rewriting SA libs...

-Original Message-
From: Steven Dickenson [mailto:[EMAIL PROTECTED] 
Sent: Friday, 3 March 2006 12:25 PM
To: mouss
Cc: Jeremy; users@spamassassin.apache.org
Subject: Re: Automatically Updating Rules on Windows


On Mar 2, 2006, at 10:16 AM, mouss wrote:

 Jeremy a écrit :
 I use SpamAssassin on Windows with no Perl/CYGWIN environment

 do you mean you managed to run SA without perl? if so, how?


No, he's running SA from MDaemon, which has some form of an internal  
SA engine, but uses the same basic configuration and rulesets via  
text files.

Steven
---
Steven Dickenson [EMAIL PROTECTED] http://www.mrchuckles.net

Fwd: setruid() not implemented at /usr/bin/spamd line 875 [Mac OS X 10.3]

[Damon McMahon]

Greetings,

It appears Apple's Mac OS X 10.3 (Panther) Security Update 2006-001
has killed my SA 3.1.0. After the update, upon starting spamd this is
what happens:

Mar  3 14:05:00 localhost spamd[15757]: spamd: server started on UNIX
domain socket /tmp/spamd.sock (running version
3.1.0-agsvsoft_2005102101)
Mar  3 14:05:01 localhost spamd[15757]: spamd: server pid: 15757
Mar  3 14:05:01 localhost spamd[15759]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15759
Mar  3 14:05:01 localhost spamd[15760]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15760
Mar  3 14:05:01 localhost spamd[15757]: prefork: child states: SS
Mar  3 14:05:01 localhost spamd[15762]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15762
Mar  3 14:05:01 localhost spamd[15757]: prefork: child states: SSS
Mar  3 14:05:01 localhost spamd[15763]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15763
Mar  3 14:05:01 localhost spamd[15757]: spamd: handled cleanup of
child pid 15759 due to SIGCHLD
Mar  3 14:05:01 localhost spamd[15757]: prefork: child states: SSS
Mar  3 14:05:01 localhost spamd[15764]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15764
Mar  3 14:05:01 localhost spamd[15757]: prefork: child states: 
Mar  3 14:05:01 localhost spamd[15765]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:02 localhost spamd[15757]: spamd: server successfully
spawned child process, pid 15765
Mar  3 14:05:02 localhost spamd[15757]: prefork: child states: S
Mar  3 14:05:02 localhost spamd[15757]: prefork: server reached
--max-clients setting, consider raising it
Mar  3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of
child pid 15762 due to SIGCHLD
Mar  3 14:05:02 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of
child pid 15760 due to SIGCHLD
Mar  3 14:05:02 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of
child pid 15763 due to SIGCHLD
Mar  3 14:05:02 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of
child pid 15764 due to SIGCHLD
Mar  3 14:05:02 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:02 localhost spamd[15766]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:02 localhost spamd[15757]: spamd: server successfully
spawned child  process, pid 15766
Mar  3 14:05:02 localhost spamd[15757]: prefork: child states: SS
Mar  3 14:05:02 localhost spamd[15767]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15767
Mar  3 14:05:02 localhost spamd[15757]: prefork: child states: SSS
Mar  3 14:05:02 localhost spamd[15768]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15768
Mar  3 14:05:02 localhost spamd[15757]: prefork: child states: 
Mar  3 14:05:02 localhost spamd[15769]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15769
Mar  3 14:05:03 localhost spamd[15757]: prefork: child states: S
Mar  3 14:05:03 localhost spamd[15757]: prefork: server reached
--max-clients setting, consider raising it
Mar  3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of
child pid 15765 due to SIGCHLD
Mar  3 14:05:03 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of
child pid 15767 due to SIGCHLD
Mar  3 14:05:03 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of
child pid 15766 due to SIGCHLD
Mar  3 14:05:03 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of
child pid 15768 due to SIGCHLD
Mar  3 14:05:03 localhost spamd[15757]: prefork: select returned error
on server filehandle:
Mar  3 14:05:03 localhost spamd[15757]: spamd: server successfully spawned child
 process, pid 15770
Mar  3 14:05:03 localhost spamd[15770]: setruid() not implemented at
/usr/bin/spamd line 875.
Mar  3 14:05:03 localhost spamd[15757]: