RE: bayes DBM versus SQL
DBM is fine for small installations but if you need to scale up then SQL will allow for a consolidate database across multiple machine. We use it on a decent size platform (multiple front end relays, multiple sa boxes and a clustered MySQL instance). It works well for us. For bayes training, we use a separate linux workstation and just point it to the master database. This gives us the ability to do tasks without impacting the overall SA boxes. -Original Message- From: Webmaster [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 01, 2006 11:59 PM To: users@spamassassin.apache.org Subject: bayes DBM versus SQL Those of you you have used both native DBM and new SQL bayesian, can you comment on benefits of one versus the other please. Much appreciated!
Re: Automatically Updating Rules on Windows
I use SpamAssassin on Windows with no Perl/CYGWIN environment (via MDaemon) which means I can't use RDJ, so I found and customised a reasonably advanced batch file which automatically checks for newer versions of the SA rules I want, and downloads them if there are new versions available for download - complete with logging and optional email reports. Works very well for me - I'd be happy to make it available if anyone was interested... Cheers, Jeremy jdow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Heh, I built my own bash script for updating. It is rude, crude, and effective. If somebody develops an irrational ideological repulsion to RDJ I can share it. I'd recommend RDJ. I'm just a hard core reactionary who developed her script about the time RDJ was developed. I stopped when it was enough for me. RDJ kept developing. {^_-} - Original Message - From: Bret Miller [EMAIL PROTECTED] Thanks to a recent post with a sample of how to download rules in Perl, I managed to create a nice perl-based updating tool for SARE rules. Why? Because for a lot of Windows admins, setting up a CYGWIN environment for RulesDuJour was daunting. I had a previous example of a Windows-based tool, but it required a lot of setup work. We needed a simple, easy-to-use tool for this. So, here it is. This tool requires creating a working directory for downloading the rules, setting some configuration information at the top of the script, and scheduling the batch file. There's a readme file included with some minimal information about the process. Actually, since some of our list members prefer I don't attach this stuff, you can get it from my mail tools page at http://webmail.wcg.org/~support or directly http://webmail.wcg.org/~support/RulesUpdater.zip. I'd consider this pre-release as I've only done minimal testing to make sure it works as I expect it to. But I probably won't do any more work on it unless someone else suggests it needs fixing or enhancement. So, feel free to try it out... And as usual, YMMV. Bret
Re: X-Mailer: GoldMine equated as spam...
I am guessing that our PostFix rejected the message based on SpamAssassin's analysis. Quite possibly true. However, since there is no stock rule for Goldmine that I'm aware of, this would indicate you have a custom local rule objecting to the X-Mailer line. Adjusting it as you desire should be easy. Loren
URIBL_SBL
Hi All, A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Cami
Re: bayes DBM versus SQL
Webmaster wrote: Those of you you have used both native DBM and new SQL bayesian, can you comment on benefits of one versus the other please. Much appreciated! I have three MX servers fronting our Exchange box. The fastest of the MX servers is also handling the MySQL server for both bayes and AWL. It's surprisingly fast and all three boxes are working from the same set of information so the path the mail takes doesn't affect scoring. Most of the spam comes through the non-preferred MX server. -- Steve
SpamAssassin tested by lwn.net
http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 pgpoXabRvtU40.pgp Description: PGP signature
Re: URIBL_SBL
Cami wrote: Hi All, A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Cami Hi. Look at ther homepage, under FAQ. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137 /Dojja
Re: URIBL_SBL
Hi All, A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Cami Well, there is at least one easy way, one hard way, and one right way (which may be none of the others). One of the above would be to call Anne Gray at +27.218554201 (in your country) and ask her why she is doing business with a Canadian firm that supports phishing operations - See: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35748 Note also that netfirms is possibly tainted merely by being on Big Pipe and thus suspect no matter what they do. (Now that they seem to be owned by Shaw Cable, things might get better, or we might just have the Canadian version of UUNET/MCI AS701.) Any other methods remain an exercise for the reader. Paul Shupak [EMAIL PROTECTED]
RE: question on training spamassassin
Webmaster wrote: From: Matt Kettler [mailto:[EMAIL PROTECTED] Jeff Portwine wrote: Hmm.. I don't quite understand this.At my company, we forward any spam that gets through to [EMAIL PROTECTED] and any ham marked as spam to [EMAIL PROTECTED] ... this was set up long ago before I even started working here and the spam filter worked really well. Recently our bayes database was broken and I ended up clearing it and retraining it with old spam and ham. Since that time a lot of spams that were getting through STOPPED getting through after a couple of days of forwarding them to the spam address... and I haven't seen any false spams.So it seems like it does work for us, but you're saying it shouldn't ? Correct. It shouldn't work very well. Also if your users are only or mostly forwarding spam, SA's bayes is going to have a bayes bias that all messages forwarded by your mail clients are spam, regardless of content. Does this also mean that it is almost useless to share bayes from one server to the next if each server has its own set of hosted domains ? Because if the headers play such an important role, spams targetting different sets of domains, I assume, are learned differently. Not really. The main use for the headers is to tell where the message came from. The final destination only shows up in one header and is not as important. The problem with forwarding messages into Bayes is that you lose all of the information relating to the servers the mail passed through on it's way to you. Bayes works best on a per-user basis since everyone gets different types of spam and ham email. But if you can't (or don't want to) do it that way, it will also work just fine as a site-wide database. -- Bowie
RE: SpamAssassin tested by lwn.net
Seems to produce != doesn't ever. Depends on your config, but I think the developers err on the side of caution a little and don't have single test score that would trigger go over the default 'is spam' limit. Could be wrong - frequently am... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 -Original Message- From: Michael Monnerie [mailto:[EMAIL PROTECTED] Sent: 02 March 2006 13:21 To: users@spamassassin.apache.org Subject: SpamAssassin tested by lwn.net http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. mfg zmi -- // Michael Monnerie, Ing.BSc --- it-management Michael Monnerie // http://zmi.at Tel: 0660/4156531 Linux 2.6.11 // PGP Key: lynx -source http://zmi.at/zmi2.asc | gpg --import // Fingerprint: EB93 ED8A 1DCD BB6C F952 F7F4 3911 B933 7054 5879 // Keyserver: www.keyserver.net Key-ID: 0x70545879 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: SpamAssassin tested by lwn.net
Michael Monnerie wrote: http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality, it does a lot better than that. However, in the SA 3.1.0 set3 mass checks it still managed to match about 21 messages in the nonspam test set: OVERALL% SPAM% HAM% S/ORANK SCORE NAME 176869 123778530910.700 0.000.00 (all messages) 60.712 86.7351 0.03961.000 0.903.50 BAYES_99 SA's scores aren't based on human assumptions about how the rules behave. They are based on real-world testing and a perceptron score-fitting system that accounts not only for the hit-rate of the rule, but also for the combinations of rules that it tends to match with. Often the reality is a lot more complex than you think.
Re: URIBL_SBL
Dojja wrote: Cami wrote: A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Look at ther homepage, under FAQ. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137 This is not clear at all, i can not see what list it is on because it does not mention what ip address has been blacklisted. All it mentions is the URL is blocked but when to check on the site, the ip address in question is not blocked at all. Cami
RE: URIBL_SBL
Title: RE: URIBL_SBL -Original Message- From: Cami [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 02, 2006 9:45 AM To: Spamassasin Users List Subject: Re: URIBL_SBL Dojja wrote: Cami wrote: A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Look at ther homepage, under FAQ. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137 This is not clear at all, i can not see what list it is on because it does not mention what ip address has been blacklisted. All it mentions is the URL is blocked but when to check on the site, the ip address in question is not blocked at all. Cami I don't see the IP listed on anywhere but Blars. Non-authoritative answer: Name: ANNEALBATROSS.ORG Address: 64.34.66.18 64.34.66.18 has no reverse DNS entry; some mail servers may not accept your mail. --Chris
RE: Automatically Updating Rules on Windows
Title: RE: Automatically Updating Rules on Windows All three of you should add them to the www.exit0.us wiki!! And also, bring me a shrubery! --Chris -Original Message- From: Jeremy [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 02, 2006 4:25 AM To: users@spamassassin.apache.org Subject: Re: Automatically Updating Rules on Windows I use SpamAssassin on Windows with no Perl/CYGWIN environment (via MDaemon) which means I can't use RDJ, so I found and customised a reasonably advanced batch file which automatically checks for newer versions of the SA rules I want, and downloads them if there are new versions available for download - complete with logging and optional email reports. Works very well for me - I'd be happy to make it available if anyone was interested... Cheers, Jeremy jdow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Heh, I built my own bash script for updating. It is rude, crude, and effective. If somebody develops an irrational ideological repulsion to RDJ I can share it. I'd recommend RDJ. I'm just a hard core reactionary who developed her script about the time RDJ was developed. I stopped when it was enough for me. RDJ kept developing. {^_-} - Original Message - From: Bret Miller [EMAIL PROTECTED] Thanks to a recent post with a sample of how to download rules in Perl, I managed to create a nice perl-based updating tool for SARE rules. Why? Because for a lot of Windows admins, setting up a CYGWIN environment for RulesDuJour was daunting. I had a previous example of a Windows-based tool, but it required a lot of setup work. We needed a simple, easy-to-use tool for this. So, here it is. This tool requires creating a working directory for downloading the rules, setting some configuration information at the top of the script, and scheduling the batch file. There's a readme file included with some minimal information about the process. Actually, since some of our list members prefer I don't attach this stuff, you can get it from my mail tools page at http://webmail.wcg.org/~support or directly http://webmail.wcg.org/~support/RulesUpdater.zip. I'd consider this pre-release as I've only done minimal testing to make sure it works as I expect it to. But I probably won't do any more work on it unless someone else suggests it needs fixing or enhancement. So, feel free to try it out... And as usual, YMMV. Bret
Re: Automatically Updating Rules on Windows
Jeremy a écrit : I use SpamAssassin on Windows with no Perl/CYGWIN environment do you mean you managed to run SA without perl? if so, how?
Re: SpamAssassin tested by lwn.net
Matt Kettler writes: Michael Monnerie wrote: http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality, it does a lot better than that. However, in the SA 3.1.0 set3 mass checks it still managed to match about 21 messages in the nonspam test set: OVERALL% SPAM% HAM% S/ORANK SCORE NAME 176869 123778530910.700 0.000.00 (all messages) 60.712 86.7351 0.03961.000 0.903.50 BAYES_99 SA's scores aren't based on human assumptions about how the rules behave. They are based on real-world testing and a perceptron score-fitting system that accounts not only for the hit-rate of the rule, but also for the combinations of rules that it tends to match with. Often the reality is a lot more complex than you think. It's important to note that, without good training, BAYES_99 may indeed fire regularly on nonspam mail -- that's the danger with user-trained rules. In the *default* scenario, therefore, a score of 3.5 is reasonably optimal. However, if good training is supplied, it's a good plan to increase the BAYES_99 score to 5.0, or even more. (I think we might mention that somewhere in the documentation -- I hope. ;) Also, it's worth noting that BAYES_99 doesn't really refer to a 1% probability. SpamAssassin uses the Fisher Inverse Chi-Square Procedure described at http://garyrob.blogs.com/whychi90.pdf , and as a result these are no longer true probability values -- so don't expect to see probabilistic distributions. Great articles btw. The grumpy editor has outdone himself ;) [I've posted this as a comment on the story already btw.] --j.
Re: URIBL_SBL
Cami wrote: Dojja wrote: Cami wrote: A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] This is not clear at all, i can not see what list it is on because it does not mention what ip address has been blacklisted. All it mentions is the URL is blocked but when to check on the site, the ip address in question is not blocked at all. Cami The URIBL_SBL block means that one or more of the NS servers for the domain annealbatross.org is in the Spamhaus SBL. The NS server ns2.netfirms.com (66.244.253.14) is the culprit. $ dig +noall +additional ns annealbatross.org ns1.netfirms.com. 88013 IN A 64.34.74.221 ns2.netfirms.com. 88013 IN A 66.244.253.14 $ dig +short 221.74.34.64.sbl.spamhaus.org $ dig +short 14.253.244.66.sbl.spamhaus.org 127.0.0.2 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL35748 Best regards, Brandon
RE: SpamAssassin tested by lwn.net
Title: RE: SpamAssassin tested by lwn.net Michael Monnerie wrote: http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. Disregarding the excellent explanation JMason gave, there is also rule #1 of rule writing: No single rule should ever mark a messege as spam. Numerous testing has shown that like a picture your buddies took of you while you were drunk, it will eventually come back up and bite you in the bum! --Chris
Config files
I am having some trouble finding the spamassassin config files on my system. I have got /etc/mail/spamassassin with local.cf and init.pre, I have /etc/spamassassin with the same two files but all four of them seem relatively empty with only 4 config lines, all of them commented. I do have a /usr/share/spamassassin with loads of config files in but I am not supposed to modify these directly am I? Any other suggestions as to where the elusive config files could be hiding? I am using Ubuntu with VHCS if that helps. -- James Smith IT Director - Music Express
RE: Config files
Sorry, should have mentioned that /etc/mail/spamassassin is a link to /etc/spamassassin not a directory. -- Jay
RE: Config files
James Smith wrote: Sorry, should have mentioned that /etc/mail/spamassassin is a link to /etc/spamassassin not a directory. Run 'spamassassin -D --lint' and look for a line like the following: [18246] dbg: config: read file /etc/mail/spamassassin/init.pre -- Bowie
Getting BAYES to work with ESA?
Hi folks, I'm having some trouble getting the bayes filter to work on my windows installation. SA 3.1.0 is installed and working properly, the ESA fires on every received message and calls spamassassin.bat. Bayes DB trained with 260 HAMs and 2600 SPAMs ^^. When I strip a spam message of its X-SPAM flags and run it manually through spamassassin.bat, all works fine and BAYES_99 is added to the flags. But when run through the ESA, all tests are pre- sent, except that BAYES_99?!?! What am I doing wrong? Or does anyone with the same system constellation have similar difficul- ties? Thanks, Chris
Re: question on training spamassassin
Webmaster wrote: Also if your users are only or mostly forwarding spam, SA's bayes is going to have a bayes bias that all messages forwarded by your mail clients are spam, regardless of content. Does this also mean that it is almost useless to share bayes from one server to the next if each server has its own set of hosted domains ? Yes, it's definitly very sub-optimal to share bayes DB's across different domains, but not for the reason of header differences. The reason this is useless is that the nonspam mail received by different domains is not likely to be similar. Take for example a shipping company and a law firm. How much similarity is there going to be in the day-to-day nonspam of these sites? Sure both are likely to have some personal Hi hon, working late, be home at 7pm type emails. However their commercial nonspam is going to be VERY different. Because if the headers play such an important role, spams targetting different sets of domains, I assume, are learned differently. To some degree, yes, but this is less severe than forwarding. At least things like source IP, User-agent, Message-ID and other patterns are NOT going to be different across domains. To: and Received: headers will be considerably different, but with a forward you retain ZERO of the original headers.
RE: Config files
Run 'spamassassin -D --lint' and look for a line like the following: [18246] dbg: config: read file /etc/mail/spamassassin/init.pre Thanks, I got... debug: config: read file /etc/spamassassin/init.pre But the only thing in that file NOT commented is the loading of 3 plugins (spf, hashcash and uridnsbl) there is no other config info in there at all. I also got... debug: config: read file /etc/spamassassin/local.cf But that only contains 4 lines of config and they are all commented as well. My current emails get a header like... X-Spam-Status: No, hits=0.0 tagged_above=-0.1 required=4.0 tests= But I have added Require_score 5.0 To the above local.cf so this file is clearly not being read properly anyway. Any other ideas? -- Jay
Contextual rules in SA
Hello list, I've seen a sharp increase in spam that is really easy to identify, but I'm struggling to get SA to do so. One example is The To: header matches: /^([EMAIL PROTECTED])@(?:regexp-of-my-local-domains)$/ The Subject matches: /^Fw: Discount for (\S+)/ and the $1 capture in both these patterns are the same, in an Ceq sense. Finally, the message body is a multipart message, purported to be a forwarded message, and in the body of the message there is /^Subject: (\S+)$/ and once again the captured pattern is the same as the previous two. If those three conditions match up, that's worth 3 to 5 straight away. And there's other garbage to improve the score. If I could write a contextual rule that remembers those three items and then makes a decision, I'd be a happy man. I think I need to write a plugin, since you can't capture stuff with basic rules and then manipulate the captures (at least, not in any rulesets I've seen). Plus, since the captured pattern is the LHS of a local email address, so I could refine things even further if necessary by doing a recipient lookup. I'm sure people have already done this sort of thing, so I tried searching for ideas to steal but came up short. So... does anyone have some ideas (or code) they can point out to me? I know how to do this in a policy server for Postfix, but I'd rather do it in SA if possible. Thanks, David -- It's overkill of course, but you can never have too much overkill.
Re: Getting BAYES to work with ESA?
Christoph Söllner wrote: Hi folks, I'm having some trouble getting the bayes filter to work on my windows installation. SA 3.1.0 is installed and working properly, the ESA fires on every received message and calls spamassassin.bat. Bayes DB trained with 260 HAMs and 2600 SPAMs ^^. When I strip a spam message of its X-SPAM flags and run it manually through spamassassin.bat, all works fine and BAYES_99 is added to the flags. But when run through the ESA, all tests are pre- sent, except that BAYES_99?!?! What am I doing wrong? Or does anyone with the same system constellation have similar difficul- ties? First, I know nothing about ESA.. I don't even know what ESA is, and have never heard of it before outside of the European space agency. That said, 99% of the time the problem you're referring to is differences in effective user ID. When you train mail, are you training it while logged in as the same user that calls spamassassin.bat? I assume this is a windows platform, but SA by default stores it's bayes database in the user's home directory. I'm not sure what happens on windows, but this might be in the user's documents and settings tree.
Help with BAYES + MYSQL
Hoppe someone can help me!! Iam using Spamassassin 3.0.1 ( users stored in mysql and vpopmail and qmail). Slackware version 10.2 Mysql version 5.0 My problem: when i use the standart bayes confs ( hard drive .db files) everything works so fine.. When i change to bayes MYSQL. strange things happens. First time i receive a email, system give me a message that not have user at bayes tables. but at end he use the learn mode and everything is ok . After this when this same user start to receive email the system dye in a Segmentation fault message ( look debug example 1 ). And after a --lit debug example.. any idea what happens? ## ebug example 1 ### Thu Mar 2 14:01:24 2006 [17152] dbg: prefork: ordered 17156 to accept Thu Mar 2 14:01:24 2006 [17152] dbg: prefork: sysread(6) not ready, wait max 300 secs Thu Mar 2 14:01:24 2006 [17156] info: spamd: connection from localhost [127.0.0.1] at port 48847 Thu Mar 2 14:01:24 2006 [17152] dbg: prefork: child 17156: entering state 2 Thu Mar 2 14:01:24 2006 [17152] dbg: prefork: new lowest idle kid: 17157 Thu Mar 2 14:01:24 2006 [17156] info: spamd: handle_user unable to find user: [EMAIL PROTECTED] Thu Mar 2 14:01:24 2006 [17156] dbg: config: Conf::SQL: executing SQL: select preference, value from userpref where username = '[EMAIL PROTECTED]' or username = '@GLOBAL' order by username asc Thu Mar 2 14:01:24 2006 [17156] dbg: config: retrieving prefs for [EMAIL PROTECTED] from SQL server Thu Mar 2 14:01:24 2006 [17156] dbg: info: user has changed Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: using username: [EMAIL PROTECTED] Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: database connection established Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: found bayes db version 3 Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: Using userid: 4 Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB 10 Thu Mar 2 14:01:24 2006 [17156] dbg: config: score set 1 chosen. Thu Mar 2 14:01:24 2006 [17156] dbg: dns: name server: 192.168.100.105, LocalAddr: 0.0.0.0 Thu Mar 2 14:01:24 2006 [17156] info: spamd: processing message [EMAIL PROTECTED] for [EMAIL PROTECTED]:0 Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: database connection established Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: found bayes db version 3 Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: Using userid: 4 Thu Mar 2 14:01:24 2006 [17156] dbg: bayes: not available for scanning, only 0 spam(s) in bayes DB 10 Thu Mar 2 14:01:24 2006 [17156] dbg: received-header: parsed as [ ip=209.73.178.172 rdns=web60524.mail.yahoo.com helo=web60524.mail.yahoo.com by=nisyros.psmi.com.br ident= envfrom= intl=0 id= auth= ] Thu Mar 2 14:01:24 2006 [17156] dbg: dns: looking up A records for 'nisyros.psmi.com.br' Thu Mar 2 14:01:24 2006 [17156] dbg: dns: A records for 'nisyros.psmi.com.br': 201.64.97.21 201.64.97.21 201.64.97.21 Thu Mar 2 14:01:24 2006 [17156] dbg: dns: looking up A records for 'nisyros.psmi.com.br' Thu Mar 2 14:01:24 2006 [17156] dbg: dns: A records for 'nisyros.psmi.com.br': 201.64.97.21 201.64.97.21 201.64.97.21 Thu Mar 2 14:01:24 2006 [17156] dbg: received-header: 'by' nisyros.psmi.com.br has public IP 201.64.97.21 Thu Mar 2 14:01:24 2006 [17156] dbg: received-header: relay 209.73.178.172 trusted? no internal? no Thu Mar 2 14:01:24 2006 [17156] dbg: dns: looking up PTR record for '201.64.97.17' Thu Mar 2 14:01:24 2006 [17156] dbg: dns: PTR for '201.64.97.17': 'nagios.psmi.com.br' Thu Mar 2 14:01:24 2006 [17156] dbg: received-header: parsed as [ ip=201.64.97.17 rdns=nagios.psmi.com.br helo= by=web60524.mail.yahoo.com ident= envfrom= intl=0 id= auth= ] Thu Mar 2 14:01:24 2006 [17156] dbg: received-header: relay 201.64.97.17 trusted? no internal? no Thu Mar 2 14:01:24 2006 [17156] dbg: metadata: X-Spam-Relays-Trusted: Thu Mar 2 14:01:24 2006 [17156] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=209.73.178.172 rdns=web60524.mail.yahoo.com helo=web60524.mail.yahoo.com by=nisyros.psmi.com.br ident= envfrom= intl=0 id= auth= ] [ ip=201.64.97.17 rdns=nagios.psmi.com.br helo= by=web60524.mail.yahoo.com ident= envfrom= intl=0 id= auth= ] Thu Mar 2 14:01:24 2006 [17156] dbg: message: MIME PARSER START Thu Mar 2 14:01:24 2006 [17156] dbg: message: main message type: multipart/alternative Thu Mar 2 14:01:24 2006 [17156] dbg: message: parsing multipart, got boundary: 0-1994749066-1141318697=:2926 Thu Mar 2 14:01:24 2006 [17156] dbg: message: found part of type text/plain, boundary: 0-1994749066-1141318697=:2926 Thu Mar 2 14:01:24 2006 [17156] dbg: message: parsing normal part Thu Mar 2 14:01:24 2006 [17156] dbg: message: added part, type: text/plain Thu Mar 2 14:01:24 2006 [17156] dbg: message: found part of type text/html, boundary: 0-1994749066-1141318697=:2926 Thu Mar 2 14:01:24 2006
Re: Multidomain Mailhosting on one physical host
[EMAIL PROTECTED] wrote: User Sam and Joe has internet access via DSL with a dynamic ip address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM because the sending ip address is the dynamic dial up address. The solution is twofold: 1) Don't scan outgoing mail for spam, or don't run network tests on outgoing mail. 2) Treat mail coming from your users as outgoing, even if it's being sent to another domain on your server. The best solution would be to make your users send with SMTP-AUTH, and then tell whatever calls SpamAssassin to skip SA if it finds valid SMTP-AUTH info. I'd guess from your description, however, that you're running SpamAssassin on delivery and not on receipt, which will probably make this a bit more challenging. Though if you can check after the fact for valid SMTP-AUTH info, you can probably still make it work. -- Kelson Vibber SpeedGate Communications www.speed.net
RE: bayes DBM versus SQL
Gary W. Smith wrote -Original Message- From: Webmaster [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 01, 2006 11:59 PM To: users@spamassassin.apache.org Subject: bayes DBM versus SQL Those of you you have used both native DBM and new SQL bayesian, can you comment on benefits of one versus the other please. Much appreciated! DBM is fine for small installations but if you need to scale up then SQL will allow for a consolidate database across multiple machine. We use it on a decent size platform (multiple front end relays, multiple sa boxes and a clustered MySQL instance). It works well for us. For bayes training, we use a separate linux workstation and just point it to the master database. This gives us the ability to do tasks without impacting the overall SA boxes. Thanks. So SQL is the way to go for cluster enviroment. Having a separate training box is also a good idea.
RE: bayes DBM versus SQL
-Original Message- From: Steven Stern [mailto:[EMAIL PROTECTED] Sent: March 2, 2006 5:13 AM To: spamass Subject: Re: bayes DBM versus SQL Webmaster wrote: Those of you you have used both native DBM and new SQL bayesian, can you comment on benefits of one versus the other please. Much appreciated! I have three MX servers fronting our Exchange box. The fastest of the MX servers is also handling the MySQL server for both bayes and AWL. It's surprisingly fast and all three boxes are working from the same set of information so the path the mail takes doesn't affect scoring. Most of the spam comes through the non-preferred MX server. -- Steve Thanks for letting me know Steve. That's what I want to hear. I will implement SQL version of Bayes then.
RE: Re: Automatically Updating Rules on Windows
Jeremy wrote: I use SpamAssassin on Windows with no Perl/CYGWIN environment (via MDaemon) which means I can't use RDJ, so I found and customised a reasonably advanced batch file which automatically checks for newer versions of the SA rules I want, and downloads them if there are new versions available for download - complete with logging and optional email reports. Works very well for me - I'd be happy to make it available if anyone was interested... Sounds like good wikifood. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
RE: question on training spamassassin
-Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: March 2, 2006 8:53 AM To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: question on training spamassassin Webmaster wrote: Also if your users are only or mostly forwarding spam, SA's bayes is going to have a bayes bias that all messages forwarded by your mail clients are spam, regardless of content. Does this also mean that it is almost useless to share bayes from one server to the next if each server has its own set of hosted domains ? Yes, it's definitly very sub-optimal to share bayes DB's across different domains, but not for the reason of header differences. The reason this is useless is that the nonspam mail received by different domains is not likely to be similar. Take for example a shipping company and a law firm. How much similarity is there going to be in the day-to-day nonspam of these sites? Sure both are likely to have some personal Hi hon, working late, be home at 7pm type emails. However their commercial nonspam is going to be VERY different. Because if the headers play such an important role, spams targetting different sets of domains, I assume, are learned differently. To some degree, yes, but this is less severe than forwarding. At least things like source IP, User-agent, Message-ID and other patterns are NOT going to be different across domains. To: and Received: headers will be considerably different, but with a forward you retain ZERO of the original headers. ok gotcha! At least it will not be entirely useless. I am assuming that the non-spam, false positive issues will not be severe. Thanks.
RE: Config files
James Smith wrote: Run 'spamassassin -D --lint' and look for a line like the following: [18246] dbg: config: read file /etc/mail/spamassassin/init.pre Thanks, I got... debug: config: read file /etc/spamassassin/init.pre But the only thing in that file NOT commented is the loading of 3 plugins (spf, hashcash and uridnsbl) there is no other config info in there at all. I also got... debug: config: read file /etc/spamassassin/local.cf But that only contains 4 lines of config and they are all commented as well. My current emails get a header like... X-Spam-Status: No, hits=0.0 tagged_above=-0.1 required=4.0 tests= But I have added Require_score 5.0 To the above local.cf so this file is clearly not being read properly anyway. Any other ideas? It looks like it is definitely reading your config from the /etc/spamassassin directory. So make your changes there. It is normal for those files to be mostly empty. init.pre and v310.pre should have some loadplugin lines that you can uncomment to enable various features. If you added a line to local.cf and it is not being recognized, then you are probably running spamd and have not restarted it since making the changes. The default value for required_score is 5.0, so I'm wondering where the 4.0 comes from in the first place. How are you running SA? -- Bowie
Re: Config files
James Smith wrote: I am having some trouble finding the spamassassin config files on my system. I have got /etc/mail/spamassassin with local.cf and init.pre, I have /etc/spamassassin ^ Ah, Debian. :/ I am using Ubuntu with VHCS if that helps. OK, a Debian derivative. Same difference. One is a symlink to the other, I don't recall offhand which way around it is. IIRC it's the wrong way (as compared to, oh, say, EVERY OTHER DISTRO). But functionally it doesn't much matter. with the same two files but all four of them seem relatively empty with only 4 config lines, all of them commented. Those *are* the stock user-side *global* configuration files. You can add entries as you like to those files, and they should not get clobbered when you upgrade SA packages. You can also add new files in that directory, and as long as it's a .cf it will be automatically read. .pre files are only referenced by specific lines in a .cf file; man mail::SpamAssassin::Conf for full details on exactly what goes in the various files. I do have a /usr/share/spamassassin with loads of config files in but I am not supposed to modify these directly am I? Typically not. There *are* rare cases where one might need to (ARIN opening up IP assignments from a previously reserved IP block causing certain rules to FP - IP blocks 76/8, 74/8, and a few others near there IIRC), but those files ARE pretty much guaranteed to be overwritten on upgrades, and any extra files are very likely to be deleted. If you *really* want to customize SA to your local mail flow, you *could* delete (or change the extension on) the files there, and create whole new rulesets entirely customized for your mail. I don't think you really want to go there just yet. g Any other suggestions as to where the elusive config files could be hiding? The other place SA configuration files will show up is in ~/.spamassassin. These are per-user files, and set up *slightly* differently than the main files. There is one file (~/.spamassassin/user_prefs) that is automatically parsed, and this is where per-user Bayes and AWL files will get put as well. However, on most systems, user_prefs may only contain a limited subset of the SA configuration and rules possible in a .cf file /etc/mail/spamassassin. -kgd
Re: [sa-list] Re: Spamd keeps getting hung up!
On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote: Had another hangup today. Should I comment on the bug report, or just reply here, and note http://www.gushi.org/maillog.txt -Dan Dan Mahoney, System Admin wrote: Hey All, I've been running the latest spamd for months now, and it seems to be a weekly (at least) occurence that all my child processes will fill up and hang the thing and allow spam to start seeping through. However, today I woke up to find this error: Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark last message repeated 20403 times Please try out Justin's latest patch in bug 4696 and PLEASE comment on that bug to let us know how it goes. Even if it doesn't fix your problem, it'll probably provide different errors that may help us. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4696 Daryl -- Long live little fat girls! -Recent Taco Bell Ad Slogan, Literally Translated. (Viva Gorditas) Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: [sa-list] Re: Spamd keeps getting hung up!
Dan Mahoney, System Admin wrote: On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote: Had another hangup today. Should I comment on the bug report, or just reply here, and note http://www.gushi.org/maillog.txt If you're seeing this again... Dan Mahoney, System Admin wrote: Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark last message repeated 20403 times Provide what you can for bug 4590: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4590 Providing info about actual bugs with the software (and not configuration errors/problems) is almost always best done on Bugzilla. Daryl
Re: [sa-list] Re: Spamd keeps getting hung up!
On Thu, 2 Mar 2006, Daryl C. W. O'Shea wrote: Dan Mahoney, System Admin wrote: On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote: Had another hangup today. Should I comment on the bug report, or just reply here, and note http://www.gushi.org/maillog.txt If you're seeing this again... Dan Mahoney, System Admin wrote: Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark last message repeated 20403 times I am not seeing that. Here's the errors I'm currently seeing that do not seem right to me: 1) An error relating to Textcat that I can find no real documentation on in the wiki or the docs, and reading the source does not imply specifying a filename: Mar 2 13:09:07 quark spamd[52083]: textcat: languages filename not defined at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm line 320. Mar 2 13:09:07 quark spamd[52083]: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::TextCat: textcat: languages filename not defined at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm line 320. 2) A bunch of warnings, all in a row (I see this regularly, I think when a new child spawns): Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 430, GEN1723 line 97. Mar 2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 430, GEN1723 line 97. Mar 2 13:07:56 quark spamd[95378]: Use of uninitialized value in numeric eq (==) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 430, GEN1723 line 97. 3) This on startup: Mar 2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 547, GEN2752 line 2. Mar 2 13:43:57 quark
Re: Multidomain Mailhosting on one physical host
Kelson wrote: [EMAIL PROTECTED] wrote: User Sam and Joe has internet access via DSL with a dynamic ip address. The mail going from [EMAIL PROTECTED] to [EMAIL PROTECTED] is identified as SPAM because the sending ip address is the dynamic dial up address. The best solution would be to make your users send with SMTP-AUTH, and then tell whatever calls SpamAssassin to skip SA if it finds valid SMTP-AUTH info. I'd guess from your description, however, that you're running SpamAssassin on delivery and not on receipt, which will probably make this a bit more challenging. Though if you can check after the fact for valid SMTP-AUTH info, you can probably still make it work. If you can get Postfix to insert RFC 3848 style with ESMTPA tokens or Sendmail style authenticated user lines in the headers, SpamAssassin will automatically recognize that the user is authenticated (if they authenticate) and not do the dynablock checks. If anyone knows how to do this (I've never used Postfix), I'd like to document it on the wiki. If you use POP-before-SMTP, there's also the POPAuth plugin available on the wiki at: http://wiki.apache.org/spamassassin/POPAuthPlugin Also (like Kelson said), if you don't want to scan local-domain mail at all (NOT something I prefer myself), you can probably configure amavisd-new or Postfix to skip mail from these users. Daryl
Re: [sa-list] Re: Spamd keeps getting hung up!
On Thu, Mar 02, 2006 at 01:33:24PM -0500, Dan Mahoney, System Admin wrote: Here's the errors I'm currently seeing that do not seem right to me: 1) An error relating to Textcat that I can find no real documentation on in the wiki or the docs, and reading the source does not imply specifying a filename: Mar 2 13:09:07 quark spamd[52083]: textcat: languages filename not defined at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm line 320. There should be a file called languages in the default rules directory (/usr/share/spamassassin). It gets installed with the standard rules. If it's not there, TextCat won't work. 2) A bunch of warnings, all in a row (I see this regularly, I think when a new child spawns): Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm This is related to http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4699 We still haven't been able to standardly reproduce the issue, so it's hard to track down. 3) This on startup: Mar 2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 547, GEN2752 line 2. Mar 2 13:43:57 quark spamd[52090]: Use of uninitialized value in pattern match (m//) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Conf/Parser.pm line 547, GEN2752 line 2. Could be related to the above. line 547 in 3.1.0 is: $set_score = -$set_score if ( $conf-{tflags}-{$k} =~ /\bnice\b/ ); This should definitely never be possible with the standard code. When a rule is added, the function that adds it specifically does: $conf-{tflags}-{$name} ||= ''; The #2 issue above is that there's a rule hit for a rule without a score set, which should also never be possible -- in fact, the function from #3 sets the default score for all rules, which means #2 shouldn't be possible. -- Randomly Generated Tagline: Two heads are better than one. -- John Heywood pgpHXVNGS6c0o.pgp Description: PGP signature
Re: [sa-list] Re: Spamd keeps getting hung up!
Dan Mahoney, System Admin wrote: On Thu, 2 Mar 2006, Daryl C. W. O'Shea wrote: Dan Mahoney, System Admin wrote: On Fri, 10 Feb 2006, Daryl C. W. O'Shea wrote: Had another hangup today. Should I comment on the bug report, or just reply here, and note http://www.gushi.org/maillog.txt If you're seeing this again... Dan Mahoney, System Admin wrote: Feb 10 08:57:40 quark spamd[66716]: prefork: select returned error on server filehandle: Bad file descriptor Feb 10 08:57:51 quark last message repeated 20403 times I am not seeing that. I would never have guessed from had another hangup today. :) The link you posted to your maillog was first 404 and now 403. Here's the errors I'm currently seeing that do not seem right to me: 1) An error relating to Textcat that I can find no real documentation on in the wiki or the docs, and reading the source does not imply specifying a filename: Mar 2 13:09:07 quark spamd[52083]: textcat: languages filename not defined at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm line 320. Mar 2 13:09:07 quark spamd[52083]: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::TextCat: textcat: languages filename not defined at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/TextCat.pm line 320. Hmm, that's your bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4803 From SpamAssassin.pm pod (I don't think anything else uses this config option... it should probably be moved to the plugin): =item languages_filename If you want to be able to use the language-guessing rule CUNWANTED_LANGUAGE_BODY, and are using Cconfig_text instead of Crules_filename, Csite_rules_filename, and Cuserprefs_filename, you will need to set this. It should be the path to the Blanguages file normally found in the SpamAssassin Brules directory. If this applies, make sure you set the path to your languages file as above. If this works, please note the fix in your bug 4803 and close it as invalid. 2) A bunch of warnings, all in a row (I see this regularly, I think when a new child spawns): Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2707, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in addition (+) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2698, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric ge (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in numeric le (=) at /usr/local/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2703, GEN1723 line 97. Mar 2 13:07:55 quark spamd[95378]: Use of uninitialized value in sprintf at
Re: Spamassassin Spam Header
Sounds like you didn't kill spamd first. this is my top: 7091 root 9 0 20092 1096 1096 S 0.0 0.1 0:01.17 spamd 7303 backuppc 8 0 5468 3364 1124 S 0.0 0.3 1:02.43 BackupPC 7315 backuppc 9 0 3032 1536 1100 S 0.0 0.1 0:07.87 BackupPC_trashC 7428 root 9 0 38596 23m 23m S 0.0 2.3 0:27.23 spamd 7429 root 9 0 47164 27m 27m S 0.0 2.7 0:19.87 spamd 7430 root 9 0 34328 4948 4948 S 0.0 0.5 0:22.41 spamd 7431 root 9 0 118m 29m 29m S 0.0 3.0 0:33.93 spamd 7432 root 9 0 40520 23m 23m S 0.0 2.3 0:24.63 spamd Sounds like your installation is severely hosed. How did you install SA? i installed it over apt-get install spamassassin i have a debian sarge system... _ Haben Spinnen Ohren? Finden Sie es heraus mit dem MSN Suche Superquiz via http://www.msn-superquiz.de Jetzt mitmachen und gewinnen!
moving bayes db?
I'm moving our mail server to a new machine with current versions of SpamAssassin amd Amavis-new. Can I just copy over the .spamassassin directory containing all the bayes stuff and the autowhitelist or should I start fresh? The old SA is 2.63. thanks, -- Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: Any rule to flag missing message-id's as SPAM?
Graham Murray wrote: Robert Nicholson [EMAIL PROTECTED] writes: Hi, Is there a rule that says that any message without a message-id is SPAM ie. one who's SCORE I can increase. I've got a spammer sending messagegs without message-id's. Just change the score for MSGID_FROM_MTA_ID. This rule will be hit when the original message does not contain an message-id. I'm curious to know how the message could have been routed and delivered without ever getting an Message-Id: stamped on it... Sendmail, for instance, will always add a message-id if one isn't present, regardless of whether the message is being submitted locally via a pipe, a file, loopback socket, etc. or whether it is being relayed on port 25. -Philip
Re: SpamAssassin tested by lwn.net
It is graded 5 here. I overrode the perceptron score. So far I have not seen a false positive that got a BAYES_99 score. I've seen a very small number of false negatives in spite of the BAYES_99 score. {^_^} - Original Message - From: Martin Hepworth [EMAIL PROTECTED] Seems to produce != doesn't ever. Depends on your config, but I think the developers err on the side of caution a little and don't have single test score that would trigger go over the default 'is spam' limit. Could be wrong - frequently am... -- Martin Hepworth -Original Message- From: Michael Monnerie [mailto:[EMAIL PROTECTED] http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. mfg zmi
Re: SpamAssassin tested by lwn.net
From: Matt Kettler [EMAIL PROTECTED] Michael Monnerie wrote: http://lwn.net/SubscriberLink/173910/e7bf95a7cb044637/ They are wondering why bayes_99 is not given 5 points by default, as it seems to have no FP. Statisticaly speaking, 1% of BAYES_99 hits should be nonspam.In reality, it does a lot better than that. However, in the SA 3.1.0 set3 mass checks it still managed to match about 21 messages in the nonspam test set: OVERALL% SPAM% HAM% S/ORANK SCORE NAME 176869 123778530910.700 0.000.00 (all messages) 60.712 86.7351 0.03961.000 0.903.50 BAYES_99 SA's scores aren't based on human assumptions about how the rules behave. They are based on real-world testing and a perceptron score-fitting system that accounts not only for the hit-rate of the rule, but also for the combinations of rules that it tends to match with. Often the reality is a lot more complex than you think. And of course, when reading BAYES_99 pronouncements one must ALWAYS be aware that YMMV in big glowing radioactive Cherenkov Radiation Blue letters is always presumed. Matt's note above proves it. {^_-}
Re: URIBL_SBL
From: Dojja [EMAIL PROTECTED] Cami wrote: Hi All, A specific message is hitting the following rule: * 5 URIBL_SBL Contains an URL listed in the SBL blocklist * [URIs: annealbatross.org] The sender would like to know how to fix it and i am unable to find any reference anywhere on the procedure stating how to go about it. Cami Hi. Look at ther homepage, under FAQ. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#137 And either it has been removed recently or somehow the lookup above got a bad answer. 64.34.66.18 is not on SBL at the moment. {o.o}
prefork: server reached --max-clients setting, consider raising it messages
After upgrading to 3.1 from 3.0 we are starting to see the following error messages in our logs prefork: server reached --max-clients setting, consider raising it I have looked through the list archives and tried the suggestions that I have found. (adjusting the max children numbers) But still no luck. Here is our config: 3 inbound qmail servers doing rbl look-ups to block spam They deliver to 6 qmail servers running qmail-scanner with spamc support enabled. Those 6 servers look up against 4 spamd servers for scoring. All the scanners and spamd boxes are P4 3.2GB 1M cache machines with 2GB of ram. The spamd servers have a second disk for the bayes db file. ( haven't moved to SQL bayes yet) We are using Mysql for per user actually per domain white\black list and default score options. The inbound servers deliver via a dns round robin lookup to one of the 6 scanners. They in turn do the same dns round robin lookup to a spamd server for scoring. Spamd startup options - -d -q -m 50 -x -- siteconfigpath=/etc/mail/spamassassin -i xxx.xxx.xxx.xxx -A xxx.xxx.xxx. -u spamd Spamd servers are also running a caching dns server as well. localdb.cf contents required_hits 5.0 report_safe 0 use_bayes 1 lock_method flock use_auto_whitelist 0 bayes_path /home/spamd/.spamassassin/bayes bayes_auto_expire 1 skip_rbl_checks 1 loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold # TextCat - language guesser # loadplugin Mail::SpamAssassin::Plugin::TextCat # WhitelistSubject - Whitelist/Blacklist certain subject regular expressions # loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject ok_languagesall ok_locales en user_scores_dsn DBI:mysql:spamassassin:xxx.xxx.xxx.xxx user_scores_sql_usernameusername user_scores_sql_passwordpassword bayes_ignore_header X-Habeas-SWE-1 bayes_ignore_header X-Habeas-SWE-2 bayes_ignore_header X-Habeas-SWE-3 bayes_ignore_header X-Habeas-SWE-4 bayes_ignore_header X-Habeas-SWE-5 bayes_ignore_header X-Habeas-SWE-6 bayes_ignore_header X-Habeas-SWE-7 bayes_ignore_header X-Habeas-SWE-8 bayes_ignore_header X-Habeas-SWE-9 Spamc switches - -c -s 20 -d round-robin hostname -u domainname We average between 50k to 75k messages scanned per day via this system. I was wanting to find out if there are any additional things that can be done to better tune the spamassassin performance and get rid of these messages. We normally see that message when a large burst of mail is transmitted. Is there anything that can be done to either spamd/spamc or both that would handle this better? Thanks -- Ron Culler
Re: prefork: server reached --max-clients setting, consider raising itmessages
Spamd startup options - -d -q -m 50 -x -- siteconfigpath=/etc/mail/spamassassin -i xxx.xxx.xxx.xxx -A xxx.xxx.xxx. -u spamd There's a disconnect between the spamd man page and what the error log reports. What you're looking to change is the -m option in your startup. The man page lists that option's long name as --max-children, though the logs refer to it as --max-client. You might want to run a few messages through in debug mode to see what's causing the bottleneck. 50 children should be plenty for that many messages, unless your mail traffic is incredibly bursty. I'll bet some step in the checking process is tying up the spamd children for longer than necessary.
Re: Automatically Updating Rules on Windows
On Mar 2, 2006, at 10:16 AM, mouss wrote: Jeremy a écrit : I use SpamAssassin on Windows with no Perl/CYGWIN environment do you mean you managed to run SA without perl? if so, how? No, he's running SA from MDaemon, which has some form of an internal SA engine, but uses the same basic configuration and rulesets via text files. Steven --- Steven Dickenson [EMAIL PROTECTED] http://www.mrchuckles.net
RE: Automatically Updating Rules on Windows
I run SA... Well the SA libraries wrapped in a .NET assembly. Then used in an in-house windows port of spamd. I run the whole thing in an exchange sink, so every message coming into the exchange server is checked via spamd-nt, takes about a second or less for each message to be checked; plus gives all the advantages that the original spamd does... Save memory usage. Given about 10 children, the spam-server.exe process (our spamd-nt), uses about 30-60 of memory. There must be *some* form of perl interpreter running over the sa libraries... As they *are* written in perl. The regular expressions alone would be troublesome to attempt with any win32 compatible libraries (aka tre), why bother rewriting SA libs... -Original Message- From: Steven Dickenson [mailto:[EMAIL PROTECTED] Sent: Friday, 3 March 2006 12:25 PM To: mouss Cc: Jeremy; users@spamassassin.apache.org Subject: Re: Automatically Updating Rules on Windows On Mar 2, 2006, at 10:16 AM, mouss wrote: Jeremy a écrit : I use SpamAssassin on Windows with no Perl/CYGWIN environment do you mean you managed to run SA without perl? if so, how? No, he's running SA from MDaemon, which has some form of an internal SA engine, but uses the same basic configuration and rulesets via text files. Steven --- Steven Dickenson [EMAIL PROTECTED] http://www.mrchuckles.net
Fwd: setruid() not implemented at /usr/bin/spamd line 875 [Mac OS X 10.3]
Greetings, It appears Apple's Mac OS X 10.3 (Panther) Security Update 2006-001 has killed my SA 3.1.0. After the update, upon starting spamd this is what happens: Mar 3 14:05:00 localhost spamd[15757]: spamd: server started on UNIX domain socket /tmp/spamd.sock (running version 3.1.0-agsvsoft_2005102101) Mar 3 14:05:01 localhost spamd[15757]: spamd: server pid: 15757 Mar 3 14:05:01 localhost spamd[15759]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15759 Mar 3 14:05:01 localhost spamd[15760]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15760 Mar 3 14:05:01 localhost spamd[15757]: prefork: child states: SS Mar 3 14:05:01 localhost spamd[15762]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15762 Mar 3 14:05:01 localhost spamd[15757]: prefork: child states: SSS Mar 3 14:05:01 localhost spamd[15763]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15763 Mar 3 14:05:01 localhost spamd[15757]: spamd: handled cleanup of child pid 15759 due to SIGCHLD Mar 3 14:05:01 localhost spamd[15757]: prefork: child states: SSS Mar 3 14:05:01 localhost spamd[15764]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:01 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15764 Mar 3 14:05:01 localhost spamd[15757]: prefork: child states: Mar 3 14:05:01 localhost spamd[15765]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15765 Mar 3 14:05:02 localhost spamd[15757]: prefork: child states: S Mar 3 14:05:02 localhost spamd[15757]: prefork: server reached --max-clients setting, consider raising it Mar 3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of child pid 15762 due to SIGCHLD Mar 3 14:05:02 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of child pid 15760 due to SIGCHLD Mar 3 14:05:02 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of child pid 15763 due to SIGCHLD Mar 3 14:05:02 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:02 localhost spamd[15757]: spamd: handled cleanup of child pid 15764 due to SIGCHLD Mar 3 14:05:02 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:02 localhost spamd[15766]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15766 Mar 3 14:05:02 localhost spamd[15757]: prefork: child states: SS Mar 3 14:05:02 localhost spamd[15767]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15767 Mar 3 14:05:02 localhost spamd[15757]: prefork: child states: SSS Mar 3 14:05:02 localhost spamd[15768]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15768 Mar 3 14:05:02 localhost spamd[15757]: prefork: child states: Mar 3 14:05:02 localhost spamd[15769]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:02 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15769 Mar 3 14:05:03 localhost spamd[15757]: prefork: child states: S Mar 3 14:05:03 localhost spamd[15757]: prefork: server reached --max-clients setting, consider raising it Mar 3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of child pid 15765 due to SIGCHLD Mar 3 14:05:03 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of child pid 15767 due to SIGCHLD Mar 3 14:05:03 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of child pid 15766 due to SIGCHLD Mar 3 14:05:03 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:03 localhost spamd[15757]: spamd: handled cleanup of child pid 15768 due to SIGCHLD Mar 3 14:05:03 localhost spamd[15757]: prefork: select returned error on server filehandle: Mar 3 14:05:03 localhost spamd[15757]: spamd: server successfully spawned child process, pid 15770 Mar 3 14:05:03 localhost spamd[15770]: setruid() not implemented at /usr/bin/spamd line 875. Mar 3 14:05:03 localhost spamd[15757]: