warning messages when running --lint -D
Just finished upgrading to v. 3.1.1 from 3.1.0. I'm also using the following SARE rules: 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_evilnum1.cf 70_sare_evilnum2.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_highrisk.cf 70_sare_html.cf 70_sare_obfu.cf 70_sare_obfu2.cf 70_sare_obfu3.cf 70_sare_obfu4.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_stocks.cf 70_sare_unsub.cf 70_sare_uri0.cf 70_sare_uri1.cf 70_sare_uri2.cf 70_sare_uri3.cf 70_sare_uri4.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf chickenpox.cf random.current.cf When I run spamassassin --lint -D I receive these warning messages: warn: config: warning: score set for non-existent rule BAYES_50 warn: config: warning: score set for non-existent rule BAYES_99 warn: config: warning: score set for non-existent rule BAYES_95 warn: config: warning: score set for non-existent rule BAYES_20 warn: config: warning: score set for non-existent rule BAYES_00 warn: config: warning: score set for non-existent rule BAYES_05 warn: config: warning: score set for non-existent rule BAYES_60 warn: config: warning: score set for non-existent rule BAYES_40 warn: config: warning: score set for non-existent rule BAYES_80 And at the very end: warn: lint: 9 issues detected, please rerun with debug enabled for more information Any thoughts on solving my problem? Thanks, jg
Moving bayes from bdb to MySQL
I'm about to move my bayes and auto-whitelist data from local db-files on each server to a common MySQL-db. I have 2+2 load balanced servers scanning mail using amavisd-new for different kinds of customers, home and corporate users repectively, and I was planning to keep their respective data in two separate db's since they seem to be quite different. Now, since in each case the source data can come from two different servers scanning the same kind of mails, should I try to merge the bayes-data from servers home1 and home2 into the the same myqsl-db and then merge the data from corp1 and corp2 into the other mysql-db, or should I pick my starting sourcedata from only one server in each pair? Would spamassassin benefit from having the greater source to look at, or would I only be adding close-to-identical data which would then only be expired faster than it was to merge them? And out of curiosity, the "home servers" have about 165MB och bayes-data and 335MB in auto-whitelist, while the "corporate servers" have it the other way around, 335MB in bayes-db and 165MB in auto-whitelist. Could anyone enlight me briefly on why? Is it as simple as that the "home-servers" has fewer senders/recipients, but more different emails, and the "corporate-servers" has more senders/recipients but fewer different e-mails, or what? //maccall -- lars-dot-ringh-at-bahnhof-dot-net
Randomly Not Scanning Messages
I am using Postfix and Spam Assassin. For some reason some messages that
are blatantly SPAM are not getting the X-Spam-Score added to them. They
show that they are received by Postfix (in the header) but they are not
scanned from what I can tell (X-Spam entries). When I had version 3.1.0 it
was happening quite frequently but since upgrading to 3.1.1 it seems to
happen quite a bit less. My setup is pretty plain other than I use MySQL
for user prefs. Any ideas?
Mike
--
Postfix master.cf:
# Spam Filter
spamassassin unix - n n - - pipe
flags=Rq user=spamass argv=/usr/local/bin/spamfilter.sh -f ${sender}
-- ${recipient}
smtp inet n - n - - smtpd
-o content_filter=spamassassin:
smtp unix - - n - - smtp
-o content_filter=spamassassin:
---
spamfilter.sh:
#!/bin/bash
/usr/bin/spamc -u $4 | /usr/sbin/sendmail -i "$@"
exit $?
Re: Randomly Not Scanning Messages
Michael Shuler wrote: > I am using Postfix and Spam Assassin. For some reason some messages that > are blatantly SPAM are not getting the X-Spam-Score added to them. They > show that they are received by Postfix (in the header) but they are not > scanned from what I can tell (X-Spam entries). When I had version 3.1.0 it > was happening quite frequently but since upgrading to 3.1.1 it seems to > happen quite a bit less. My setup is pretty plain other than I use MySQL > for user prefs. Any ideas? > Are the messages involved over 250k? Unless you pass -s with a different size, spamc will bypass scanning for any message over 250k. (Note: going over 250k will significantly increase spamd's memory usage and scan time, so adjust this size with caution).
running SA on multiple machines
I'm trying to get SA working by remote connections and don't see it consistantly working. Users kick off SA in their .procmailrc on our mail server which can't handle a more recent version of SA so we only have v2.64 installed locally. (Don't ask) What I'd like to do is have a call in their .procmailrc something like this :0fw: $HOME/spamassassin.lock | /opt/spamassassin/bin/spamc -d spamcheck.fqdn -t 10 I have spamcheck.fqdn as a SRV record something like this: spamcheck IN SRV 1 1 783 samachine.fqdn. IN SRV 2 1 783 mailmachine.fqdn. ie connect to port 783 on samachine and if it's not available, connect to same port on mailmachine and timeout within 10 seconds if neither works perhaps the timeout is too quick as I see no spamassassin headers in mail going thru even tho procmail logfiles say it executed the spamc line. I also tried variations on | /opt/spamassassin/bin/spamc -d 127.0.0.1,10 -d 128.8.120.159,10 -t 10 Has anyone done spam checking to multiple machines with some type of failover? TIA =-=-=-=-=-=-=-=-=-=- generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-= David SternUniversity of Maryland Institute for Advanced Computer Studies
WTF is Plaxo.com?
I periodically get automated emails from people I mostly don't know or know only remotely asking me to update some contact information for them... and it's always from Plaxo. Looking at the headers, the origin looks legit. This seems to be a service that maintains contact information for its users. However, I don't wish to participate. Does anyone know much about this service, including any issues they might have had with privacy, or if there are any known spoofs or exploits that masquerade as Plaxo? Thanks, -Philip
Re: WTF is Plaxo.com?
Philip Prindeville wrote: I periodically get automated emails from people I mostly don't know or know only remotely asking me to update some contact information for them... and it's always from Plaxo. Looking at the headers, the origin looks legit. This seems to be a service that maintains contact information for its users. However, I don't wish to participate. Does anyone know much about this service, including any issues they might have had with privacy, or if there are any known spoofs or exploits that masquerade as Plaxo? Thanks, -Philip Plaxo is legit. I have an account although I don't really use it. I'm not aware of any spoofs or privacies issues related to plaxo. Cheers, Fed.
Re: WTF is Plaxo.com?
Philip Prindeville wrote: > I periodically get automated emails from people I mostly don't know > or know only remotely asking me to update some contact information > for them... and it's always from Plaxo. Looking at the headers, the > origin looks legit. > > This seems to be a service that maintains contact information for > its users. However, I don't wish to participate. > > Does anyone know much about this service, including any issues > they might have had with privacy, or if there are any known spoofs > or exploits that masquerade as Plaxo? http://socialsoftware.weblogsinc.com/2004/03/23/why-do-really-smart-people-hate-plaxo-so-much-or-tim-koogle/ http://socialsoftware.weblogsinc.com/2004/03/24/plaxo-not-evil/ http://www.theinquirer.net/?article=14545 Based on the above it looks like a "social network for morons" service. It doesn't seem to have many privacy problems in and of itself, except for when someone you know gives them your email you get bombarded with update requests. The problem being that anyone who knows your email address can do this, then harvest any information you willingly submit and share back. For example, a spam marketer could submit your address in the hopes you'll blindly share-back and add the information you provide to his/her database. Fortunately, this involves YOU willingly submitting the extra information. So, unless you stupidly give out a ton of information, it's annoying but mostly harmless (nod to D. Adams). If you find it too annoying they have a permanent opt-out list which is linked in the update notices. Since this doesn't involve giving them anything but your email address, which they already have, the risks are low. Yes, you're confirming the address is valid to them, but Plaxo itself seems legit and relatively privacy concerned and aware. Its users on the other hand may not be. http://www.plaxo.com/privacy/policy/
Install help for Spamassasian 3.1.1 on Fedora Core 4
Hello, I'm trying to install the new version of Spamassasian on a new mail server I building. I'm using Fedora Core 4, and I have the latest updates for Perl, etc. When I attempt to install it via cpan. Does anyonr of any experience getting Spamassasian installed on Fedora Core 4? Any help would be apprecciated. Abel Jeffcoat output from cpan below: NOTE: settings for "make test" are now controlled using "t/config.dist". See that file if you wish to customise what tests are run, and how. checking module dependencies and their versions... *** NOTE: the optional Mail::SPF::Query module is not installed. Used to check DNS Sender Policy Framework (SPF) records to fight email address forgery and make it easier to identify spams. *** NOTE: the optional IP::Country module is not installed. Used by the RelayCountry plugin (not enabled by default) to determine the domain country codes of each relay in the path of an email. *** NOTE: the optional Razor2 (version 2.61) module is not installed. Used to check message signatures against Vipul's Razor collaborative filtering network. Razor has a large number of dependencies on CPAN modules. Feel free to skip installing it, if this makes you nervous; SpamAssassin will still work well without it. More info on installing and using Razor can be found at http://wiki.apache.org/spamassassin/InstallingRazor . *** NOTE: the optional Net::Ident module is not installed. If you plan to use the --auth-ident option to spamd, you will need to install this module. *** NOTE: the optional IO::Socket::INET6 module is not installed. This is required if the first nameserver listed in your IP configuration or /etc/resolv.conf file is available only via an IPv6 address. *** NOTE: the optional IO::Socket::SSL module is not installed. If you wish to use SSL encryption to communicate between spamc and spamd (the --ssl option to spamd), you need to install this module. (You will need the OpenSSL libraries and use the ENABLE_SSL="yes" argument to Makefile.PL to build and run an SSL compatibile spamc.) *** NOTE: the optional DBI module is not installed. If you intend to use SpamAssassin with an SQL database backend for user configuration data, Bayes storage, or other storage, you will need to have these installed; both the basic DBI module and the driver for your database. *** NOTE: the optional Archive::Tar module is not installed. The "sa-update" script requires this module to access tar update archive files. *** NOTE: the optional IO::Zlib module is not installed. The "sa-update" script requires this module to access compressed update archive files. optional module missing: Mail::SPF::Query optional module missing: IP::Country optional module missing: Razor2 optional module missing: Net::Ident optional module missing: IO::Socket::INET6 optional module missing: IO::Socket::SSL optional module missing: DBI optional module missing: Archive::Tar optional module missing: IO::Zlib warning: some functionality may not be available, please read the above report before continuing! Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.17 /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/AutoWhitelist.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Logger/File.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Message/Metadata/Received.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/BayesStore.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Plugin/Pyzor.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Conf.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Util.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -DVERSION="3.001001" -DPREFIX="/usr" >blib/lib/Mail/SpamAssassin/Message.pm /usr/bin/perl build/preprocessor -Mconditional -Mvars -
Re: WTF is Plaxo.com?
Matt Kettler wrote: > >http://socialsoftware.weblogsinc.com/2004/03/23/why-do-really-smart-people-hate-plaxo-so-much-or-tim-koogle/ >http://socialsoftware.weblogsinc.com/2004/03/24/plaxo-not-evil/ > > >http://www.theinquirer.net/?article=14545 > > >Based on the above it looks like a "social network for morons" service. > >It doesn't seem to have many privacy problems in and of itself, except for when >someone you know gives them your email you get bombarded with update requests. > >The problem being that anyone who knows your email address can do this, then >harvest any information you willingly submit and share back. For example, a >spam >marketer could submit your address in the hopes you'll blindly share-back and >add the information you provide to his/her database. > >Fortunately, this involves YOU willingly submitting the extra information. So, >unless you stupidly give out a ton of information, it's annoying but mostly >harmless (nod to D. Adams). > >If you find it too annoying they have a permanent opt-out list which is linked >in the update notices. Since this doesn't involve giving them anything but your >email address, which they already have, the risks are low. Yes, you're >confirming the address is valid to them, but Plaxo itself seems legit and >relatively privacy concerned and aware. Its users on the other hand may not be. > >http://www.plaxo.com/privacy/policy/ > > Would it be worth adding a rule that has a low value that people can then increment as they see fit (like setting the score to 6.0)? -Philip
Filtering windows-1252 charset
I was trying to filter messages like: > Return-Path: <[EMAIL PROTECTED]> > Received: from redfish-solutions.com (ppp125-53.dsl-coc.eth.net > [61.11.125.53] (may be forged)) > by mail.redfish-solutions.com (8.13.1/8.13.1) with ESMTP id > k1SGqvTs021448 > for <[EMAIL PROTECTED]>; Tue, 28 Feb 2006 > 09:53:01 -0700 > Message-Id: <[EMAIL PROTECTED]> > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: Sample > Date: Tue, 28 Feb 2006 22:23:05 +0530 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="=_NextPart_000_0016=_NextPart_000_0016" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Scanned-By: MIMEDefang 2.56 on 192.168.1.2 > > This is a multi-part message in MIME format. > > --=_NextPart_000_0016=_NextPart_000_0016 > Content-Type: text/plain; > charset="Windows-1252" > Content-Transfer-Encoding: 7bit > > I have corrected your document. > > > --=_NextPart_000_0016=_NextPart_000_0016 > Content-Type: application/octet-stream; > name="document04.zip" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="document04.zip" > > [snip] Using: # don't allow windows-1252 text attachments... header __CTYPE_WIN_1252 Content-Type =~ /charset=\"windows-1252\"/i meta L_WIN_CHARSET ((__CTYPE_TEXT_PLAIN || __CTYPE_HTML) && __CTYPE_WIN_1252) describe L_WIN_CHARSET Content-Type is Windows-specific text score L_WIN_CHARSET 0.1 but after saving the email to a file and running "spamassassin" over it by hand, I'm not seeing __CTYPE_WIN_1252 in the rules that matched: > [1769] dbg: check: > subtests=__CT,__CTYPE_HAS_BOUNDARY,__ENV_AND_HDR_FROM_MATCH,__FROM_YAHOO_COM,__HAS_MSGID,__HAS_MSMAIL_PRI,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_PRIORITY,__MIME_ATTACHMENT,__MIME_BASE64,__MIME_VERSION,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NEXTPART_ALL,__NONEMPTY_BODY,__SANE_MSGID,__TOCC_EXISTS What am I missing? -Philip
Re: WTF is Plaxo.com?
On Monday 03 April 2006 12:59, Philip Prindeville wrote: >I periodically get automated emails from people I mostly don't know >or know only remotely asking me to update some contact information >for them... and it's always from Plaxo. Looking at the headers, the >origin looks legit. > >This seems to be a service that maintains contact information for >its users. However, I don't wish to participate. > >Does anyone know much about this service, including any issues >they might have had with privacy, or if there are any known spoofs >or exploits that masquerade as Plaxo? > >Thanks, > >-Philip My guess is that its a phishing attempt, ignore, sort to /dev/null, whatever. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
OT: Delirium...
Well, I was off on Vancouver Island for nearly a week, and didn't take a laptop with me... Clearly it caused some major trauma because I had the following hallucinatory idea: I was thinking about the issue in which sending spam isn't a crime in a lot of countries, or if it is that it's poorly enforced. Then I thought of SPF, Domain-Keys, and ways to enforce authenticity using existing laws... And came up with this idea. What if we had a TXT Record in the DNS for a domain that looked like: @IN TXT "XYZZY 123 456 (C) Copyright 2006 Redfish Solutions, LLC" And then had hosts participating in this scheme generate outgoing mail as: X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish Solutions, LLC" and uses the presence of this copywritten key to match the appropriate string in the DNS as proof that the sender is who he says he is. Then if the scheme were widely adopted (we could have an applet or script that generated a random string and primed the DNS with it or could be easily cut-n-pasted into the DNS configuration... the MTA could of course extract the string easily, as could anyone else for verification), then it would be a leverage point if someone started forging emails. While sending spam might not be a crime in all civilized countries, copyright infringement is. Is that too "out there?" -Philip
Re: Filtering windows-1252 charset
On Mon, Apr 03, 2006 at 12:07:00PM -0600, Philip Prindeville wrote: > > --=_NextPart_000_0016=_NextPart_000_0016 > > Content-Type: text/plain; > > charset="Windows-1252" > > Content-Transfer-Encoding: 7bit > > > Using: > # don't allow windows-1252 text attachments... > header __CTYPE_WIN_1252 Content-Type =~ /charset=\"windows-1252\"/i > What am I missing? the charset isn't in the message header, it's in the mime header. you can use the MIMEHeader plugin if you want to. -- Randomly Generated Tagline: "640K ought to be enough for anybody." - Bill Gates, 1981 pgpJNWw5Dp7hz.pgp Description: PGP signature
Re: OT: Delirium...
So everytime someone uses your copyrighted dns entry YOUR going to: Find them Sue them Prove in a court of law it was them etc... - Original Message - >Well, I was off on Vancouver Island for nearly a week, and >didn't take a laptop with me... Clearly it caused some >major trauma because I had the following hallucinatory >idea: > >I was thinking about the issue in which sending spam isn't >a crime in a lot of countries, or if it is that it's poorly >enforced. > >Then I thought of SPF, Domain-Keys, and ways to enforce >authenticity using existing laws... > >And came up with this idea. > >What if we had a TXT Record in the DNS for a domain that >looked like: > >@IN TXT "XYZZY 123 456 (C) Copyright >2006 Redfish Solutions, LLC" > >And then had hosts participating in this scheme generate >outgoing mail as: > >X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 >Redfish Solutions, LLC" > >and uses the presence of this copywritten key to match the >appropriate string >in the DNS as proof that the sender is who he says he is. > >Then if the scheme were widely adopted (we could have an >applet or script that generated a random string and primed >the DNS with it or could be easily cut-n-pasted into the >DNS configuration... the MTA could of course extract the >string easily, as could anyone else for verification), then >it would be a >leverage point if someone started forging emails. > >While sending spam might not be a crime in all civilized >countries, copyright >infringement is. > >Is that too "out there?" > >-Philip > = Kevin W. Gagel Network Administrator Information Technology Services (250) 562-2131 local 448 My Blog: http://mail.cnc.bc.ca/blogs/gagel --- The College of New Caledonia, Visit us at http://www.cnc.bc.ca Virus scanning is done on all incoming and outgoing email. Anti-spam information for CNC can be found at http://avas.cnc.bc.ca ---
Re: OT: Delirium...
On Monday 03 April 2006 14:16, Philip Prindeville wrote: >Well, I was off on Vancouver Island for nearly a week, and didn't take > a laptop with me... Clearly it caused some major trauma because I > had the following hallucinatory idea: > >I was thinking about the issue in which sending spam isn't a crime in > a lot of countries, or if it is that it's poorly enforced. > >Then I thought of SPF, Domain-Keys, and ways to enforce authenticity >using existing laws... > >And came up with this idea. > >What if we had a TXT Record in the DNS for a domain that looked like: > >@IN TXT "XYZZY 123 456 (C) Copyright 2006 Redfish >Solutions, LLC" > >And then had hosts participating in this scheme generate outgoing mail > as: > >X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish > Solutions, LLC" > >and uses the presence of this copywritten key to match the appropriate >string >in the DNS as proof that the sender is who he says he is. > >Then if the scheme were widely adopted (we could have an applet or > script that generated a random string and primed the DNS with it or > could be easily cut-n-pasted into the DNS configuration... the MTA > could of course extract the string easily, as could anyone else for > verification), then it would be a >leverage point if someone started forging emails. > >While sending spam might not be a crime in all civilized countries, >copyright >infringement is. > >Is that too "out there?" > >-Philip No, but I'd expect it would take a netwide RFC to enable it, and of course the commercial interests wouldn't touch that idea with a 100 foot pole.. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Re: OT: Delirium...
That might not be necessary. A lot of ISP's have a zero tolerance policy for copyright infringement, even if they don't enforce spamming policy. -Philip Kevin W. Gagel wrote: >So everytime someone uses your copyrighted dns entry YOUR >going to: >Find them >Sue them >Prove in a court of law it was them >etc... > >- Original Message - > > >>Well, I was off on Vancouver Island for nearly a week, and >>didn't take a laptop with me... Clearly it caused some >>major trauma because I had the following hallucinatory >>idea: >> >>I was thinking about the issue in which sending spam isn't >>a crime in a lot of countries, or if it is that it's poorly >>enforced. >> >>Then I thought of SPF, Domain-Keys, and ways to enforce >>authenticity using existing laws... >> >>And came up with this idea. >> >>What if we had a TXT Record in the DNS for a domain that >>looked like: >> >>@IN TXT "XYZZY 123 456 (C) Copyright >>2006 Redfish Solutions, LLC" >> >>And then had hosts participating in this scheme generate >>outgoing mail as: >> >>X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 >>Redfish Solutions, LLC" >> >>and uses the presence of this copywritten key to match the >>appropriate string >>in the DNS as proof that the sender is who he says he is. >> >>Then if the scheme were widely adopted (we could have an >>applet or script that generated a random string and primed >>the DNS with it or could be easily cut-n-pasted into the >>DNS configuration... the MTA could of course extract the >>string easily, as could anyone else for verification), then >>it would be a >>leverage point if someone started forging emails. >> >>While sending spam might not be a crime in all civilized >>countries, copyright >>infringement is. >> >>Is that too "out there?" >> >>-Philip >> >> >> > >= >Kevin W. Gagel >Network Administrator >Information Technology Services >(250) 562-2131 local 448 >My Blog: >http://mail.cnc.bc.ca/blogs/gagel > >--- >The College of New Caledonia, Visit us at http://www.cnc.bc.ca >Virus scanning is done on all incoming and outgoing email. >Anti-spam information for CNC can be found at http://avas.cnc.bc.ca >--- > >
Re: Delirium...
Well, I was off on Vancouver Island for nearly a week, and didn't take a laptop with me... Clearly it caused some major trauma because I had the following hallucinatory idea: I was thinking about the issue in which sending spam isn't a crime in a lot of countries, or if it is that it's poorly enforced. Then I thought of SPF, Domain-Keys, and ways to enforce authenticity using existing laws... And came up with this idea. What if we had a TXT Record in the DNS for a domain that looked like: @IN TXT "XYZZY 123 456 (C) Copyright 2006 Redfish Solutions, LLC" And then had hosts participating in this scheme generate outgoing mail as: X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish Solutions, LLC" and uses the presence of this copywritten key to match the appropriate string in the DNS as proof that the sender is who he says he is. Then if the scheme were widely adopted (we could have an applet or script that generated a random string and primed the DNS with it or could be easily cut-n-pasted into the DNS configuration... the MTA could of course extract the string easily, as could anyone else for verification), then it would be a leverage point if someone started forging emails. While sending spam might not be a crime in all civilized countries, copyright infringement is. Is that too "out there?" IANAL, but I think it would depend on what is copyrightable, and how much text can be quoted and still be considered fair use. IIRC, you can quote ~250 words under US law, which would be too long and cumbersome for your suggested system. Then you might run into user problems that would construe (correctly or incorrectly) that the system is claiming copyright of their written material. But nice try though :)
Re: WTF is Plaxo.com?
Philip Prindeville wrote: >> > > Would it be worth adding a rule that has a low value that people can then > increment as they see fit (like setting the score to 6.0)? Locally? sure.. In a downloadable add-on? maybe. In the SA distro? No. The main SA distro has no place containing policy rules that aren't strictly spam related. SA's current definition of spam is Unsolicited Bulk Email: http://wiki.apache.org/spamassassin/Spam While these messages may be unsolicited, and there are lots of them, they are single recipient in nature, and are specific to one recipient, not bulk-sent to blind masses. For example, spamhaus further elaborates on the definition of UBE: http://www.spamhaus.org/definition.html And this email doesn't meet technical criteria 1, because the context of a particular recipient is relevant. (Note: the SA project should expand its "Official" definition of spam to be more detailed than it currently is. Currently it defines spam, but does not define UBE)
Re: Filtering windows-1252 charset
Theo Van Dinter wrote: >On Mon, Apr 03, 2006 at 12:07:00PM -0600, Philip Prindeville wrote: > > >>>--=_NextPart_000_0016=_NextPart_000_0016 >>>Content-Type: text/plain; >>>charset="Windows-1252" >>>Content-Transfer-Encoding: 7bit >>> >>> >>> >>Using: >># don't allow windows-1252 text attachments... >>header __CTYPE_WIN_1252 Content-Type =~ /charset=\"windows-1252\"/i >>What am I missing? >> >> > >the charset isn't in the message header, it's in the mime header. you can use >the MIMEHeader plugin if you want to. > > > Ok, so I have to use: mimeheader __CTYPE_WIN_1252 Content-Type =~ /charset=\"windows-1252\"/i instead. As for the rest... Are there the equivalent subtests of __CTYPE_TEXT_PLAIN and __CTYPE_HTML for the mime header portions? -Philip
RE: Delirium...
Philip Prindeville wrote: > > What if we had a TXT Record in the DNS for a domain that looked like: > > @IN TXT "XYZZY 123 456 (C) Copyright 2006 Redfish > Solutions, LLC" > > And then had hosts participating in this scheme generate outgoing > mail as: > > X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish > Solutions, LLC" > > and uses the presence of this copywritten key to match the appropriate > string > in the DNS as proof that the sender is who he says he is. > > -Philip Reminds me of Habeus... -Don
Re: Filtering windows-1252 charset
Theo Van Dinter wrote: On Mon, Apr 03, 2006 at 12:07:00PM -0600, Philip Prindeville wrote: --=_NextPart_000_0016=_NextPart_000_0016 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Using: # don't allow windows-1252 text attachments... header __CTYPE_WIN_1252 Content-Type =~ /charset=\"windows-1252\"/i What am I missing? the charset isn't in the message header, it's in the mime header. you can use the MIMEHeader plugin if you want to. I see some spam with "windows-1252" or other unwanted character sets at the start of the subject. I reject them via an Exim ACL, so SA doesn't even have to scan them.
Re: WTF is Plaxo.com?
Philip Prindeville wrote: > I periodically get automated emails from people I mostly don't know > or know only remotely asking me to update some contact information > for them... and it's always from Plaxo. Looking at the headers, the > origin looks legit. > > This seems to be a service that maintains contact information for > its users. However, I don't wish to participate. > > Does anyone know much about this service, including any issues > they might have had with privacy, or if there are any known spoofs > or exploits that masquerade as Plaxo? > > Thanks, > > -Philip Plaxo is legit. Plaxo is also extremely annoying, but so is a lot of tv :) -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239
RE: Install help for Spamassasian 3.1.1 on Fedora Core 4
1. Skip CPAN and just download the tar.gz file. 2. Extract it 3. Goto the Mail-SpamAssassin-3.1.1 you just extracted and type "make Makefile.PL" 4. make 5. make install There is a nice startup script under Mail-SpamAssassin-3.1.1/spamd called redhat-rc-script.sh. Just copy to your /etc/rc.d/init.d directory as spamassassin and turn it on. There's a little bit more but if you look at the INSTALL and README files they pretty much cover it all. Michael Shuler > -Original Message- > From: Abel Jeffcoat [mailto:[EMAIL PROTECTED] > Sent: Monday, April 03, 2006 12:51 PM > To: users@spamassassin.apache.org > Subject: Install help for Spamassasian 3.1.1 on Fedora Core 4 > > > Hello, > > I'm trying to install the new version of Spamassasian on a new mail > server I building. I'm using Fedora Core 4, and I have the latest > updates for Perl, etc. > > When I attempt to install it via cpan. Does anyonr of any experience > getting Spamassasian installed on Fedora Core 4? > > Any help would be apprecciated. > > Abel Jeffcoat > > output from cpan below: > > NOTE: settings for "make test" are now controlled using > "t/config.dist". > See that file if you wish to customise what tests are run, and how. > > checking module dependencies and their versions... > > ** > * > NOTE: the optional Mail::SPF::Query module is not installed. > > Used to check DNS Sender Policy Framework (SPF) records to fight email > address forgery and make it easier to identify spams. > > > ** > * > NOTE: the optional IP::Country module is not installed. > > Used by the RelayCountry plugin (not enabled by default) to determine > the domain country codes of each relay in the path of an email. > > > ** > * > NOTE: the optional Razor2 (version 2.61) module is not installed. > > Used to check message signatures against Vipul's Razor collaborative > filtering network. Razor has a large number of dependencies on CPAN > modules. Feel free to skip installing it, if this makes you nervous; > SpamAssassin will still work well without it. > > More info on installing and using Razor can be found > at http://wiki.apache.org/spamassassin/InstallingRazor . > > > ** > * > NOTE: the optional Net::Ident module is not installed. > > If you plan to use the --auth-ident option to spamd, you will need > to install this module. > > > ** > * > NOTE: the optional IO::Socket::INET6 module is not installed. > > This is required if the first nameserver listed in your IP > configuration or /etc/resolv.conf file is available only via > an IPv6 address. > > > ** > * > NOTE: the optional IO::Socket::SSL module is not installed. > > If you wish to use SSL encryption to communicate between spamc and > spamd (the --ssl option to spamd), you need to install this > module. (You will need the OpenSSL libraries and use the > ENABLE_SSL="yes" argument to Makefile.PL to build and run an SSL > compatibile spamc.) > > > ** > * > NOTE: the optional DBI module is not installed. > > If you intend to use SpamAssassin with an SQL database backend for > user configuration data, Bayes storage, or other storage, you > will need > to have these installed; both the basic DBI module and the driver for > your database. > > > ** > * > NOTE: the optional Archive::Tar module is not installed. > > The "sa-update" script requires this module to access tar update > archive files. > > > ** > * > NOTE: the optional IO::Zlib module is not installed. > > The "sa-update" script requires this module to access compressed > update archive files. > > optional module missing: Mail::SPF::Query > optional module missing: IP::Country > optional module missing: Razor2 > optional module missing: Net::Ident > optional module missing: IO::Socket::INET6 > optional module missing: IO::Socket::SSL > optional module missing: DBI > optional module missing: Archive::Tar > optional module missing: IO::Zlib > > warning: some functionality may not be available, > please read the above report before continuing! > > Checking if your kit is complete... > Looks good > Writing Makefile for Mail::SpamAssassin > Makefile written by ExtUtils::MakeMaker 6.17 > /usr/bin/perl build/preprocessor -Mconditional -Mvars > -DVERSION="3.001001" -DPREFIX="/usr" > >blib/lib/Mail/SpamAssassin/AutoWhitelist.pm > /usr
Re: WTF is Plaxo.com?
Philip Prindeville wrote: Would it be worth adding a rule that has a low value that people can then increment as they see fit (like setting the score to 6.0)? That's not more spam than when you get confirmation for ML subscription. anybody can put your address on a mailman web interface, on a google form, on a yahoo form, on a sourceforge form, ... etc, and in all these cases you'll get a confirmation message. when you get a message from plaxo, it's like getting it from the guy who put your address there.
Re: Filtering windows-1252 charset
If anyone would like to make use of it, I ended up using: # for mime headers... mimeheader __CTYPE_MH_TEXT_PLAIN Content-Type =~ /text\/plain/i mimeheader __CTYPE_MH_HTML Content-Type =~ /text\/html/i # don't allow windows-1252 text attachments... mimeheader __CTYPE_MH_WIN1252 Content-Type =~ /charset=\"windows-1252\"/i meta L_WIN_CHARSET ((__CTYPE_MH_HTML || __CTYPE_MH_TEXT_PLAIN) && __CTYPE_MH_WIN1252) describe L_WIN_CHARSET Content-Type is Windows-specific text score L_WIN_CHARSET 0.1 and it works fine (or at least, it did against my test set of data). If you're in certain parts of the world, it might be worth matching against: /charset=\"windows-125[1-9]\"/i instead. -Philip
Re: OT: Delirium...
Philip Prindeville wrote: And then had hosts participating in this scheme generate outgoing mail as: X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish Solutions, LLC" and uses the presence of this copywritten key to match the appropriate string in the DNS as proof that the sender is who he says he is. This sounds a lot like the original scheme for Habeas , which used a copyrighted haiku that licensed senders could put in their email headers. Habeas would make sure they weren't spammers, filters could check for the haiku as a sign of non-spam, and when spammers used the haiku, they'd take them to court for copyright infringement. It worked for maybe a year. Then spammers started forging it on a massive scale, using botnets so Habeas couldn't just add the IPs to their list of known infringers (and had a hard time tracking them down). In the end, they abandoned the haiku and switched to an IP-based whitelist. -- Kelson Vibber SpeedGate Communications
RE: Delirium...
Don Levey wrote: >> and uses the presence of this copywritten key to match the >> appropriate string in the DNS as proof that the sender is who he >> says he is. >> >> -Philip > > Reminds me of Habeus... Indeed, this is almost exactly Habeas. http://www.habeas.com/ Spam Fighter Habeas Wins One http://www.clickz.com/news/article.php/3336631 -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer
Is Spamassassin failing math?
X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_60,SARE_MLB_Stock1, TW_AQ autolearn=no version=3.1.0 X-Spam-Report: * 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1 * 0.1 TW_AQ BODY: Odd Letter Triples with AQ * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% * [score: 0.6809] To me, that looks more like 2.8 not 2.7 points! Is this just my site? Sorry if someone already brought this up long ago... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Is Spamassassin failing math?
Jason Marshall wrote: X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_60,SARE_MLB_Stock1, TW_AQ autolearn=no version=3.1.0 X-Spam-Report: * 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1 * 0.1 TW_AQ BODY: Odd Letter Triples with AQ * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% * [score: 0.6809] To me, that looks more like 2.8 not 2.7 points! Is this just my site? Sorry if someone already brought this up long ago... http://wiki.apache.org/spamassassin/RoundingIssues
Re: Is Spamassassin failing math?
Jason Marshall wrote: > X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_60,SARE_MLB_Stock1, > TW_AQ autolearn=no version=3.1.0 > X-Spam-Report: > * 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1 > * 0.1 TW_AQ BODY: Odd Letter Triples with AQ > * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% > * [score: 0.6809] > > To me, that looks more like 2.8 not 2.7 points! Is this just my site? > Sorry if someone already brought this up long ago... Short answer: one word.. Rounding. Medium-length answer: To avoid cluttering the display, SA rounds scores to two digits when displaying numbers in some places, and truncates in others. This can cause small differences. Don't worry about it. Long answer: The real score of SARE_MLB_Stock1 is not 1.7, it is: score SARE_MLB_Stock1 1.66 But SA rounds that rule score to 1.7 to save display space. Most SA rules actually have scores with 3 decimal places. (ie: 1.268) So the "real" score of this message, when accounting for all digits, is 2.76 points. However, when displaying, SA truncates the total score to 2.7. There's been lots of arguments about how best to handle this, but really there is no perfect way to handle it. There is no way to reliably represent a series of 3 decimal place numbers as 1 decimal place numbers and then have their sum always be the same as adding all the real numbers and bringing that down to 1 decimal place. No method of rounding or truncation will ever work 100% of the time for this. However, the current method of truncating the final scores avoids really confusing situations like 4.96 rounding up and displaying things like this: X-Spam-Status: No, score=5.0 required=5.0 SA used to round everything, but the above case caused so many errant bug reports that it was changed so the final result is truncated. As for rule scores, rounding the rule scores is on average more accurate than truncating. And switching to truncation here, while more consistent, won't reduce the number of cases where the numbers don't add up, so there's no point in bothering. The "real" answer would be to always display 3-decimal place scores, but that's rather of ugly and creates a cluttered report. However, you'd always be 100% accurate.
Re: Is Spamassassin failing math?
http://wiki.apache.org/spamassassin/RoundingIssues Thanks Daryl, I didn't realize the scores were actually accurate to 3 decimal places! Makes sense now, thanks! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Delirium...
From: "Mike Jackson" <[EMAIL PROTECTED]>
Well, I was off on Vancouver Island for nearly a week, and didn't take a
laptop with me... Clearly it caused some major trauma because I had the
following hallucinatory idea:
I was thinking about the issue in which sending spam isn't a crime in a
lot
of countries, or if it is that it's poorly enforced.
Then I thought of SPF, Domain-Keys, and ways to enforce authenticity
using existing laws...
And came up with this idea.
What if we had a TXT Record in the DNS for a domain that looked like:
@IN TXT "XYZZY 123 456 (C) Copyright 2006 Redfish
Solutions, LLC"
And then had hosts participating in this scheme generate outgoing mail as:
X-Yes-Its-Really-Me: XYZZY 123 456 (C) Copyright 2006 Redfish Solutions,
LLC"
and uses the presence of this copywritten key to match the appropriate
string
in the DNS as proof that the sender is who he says he is.
Then if the scheme were widely adopted (we could have an applet or script
that generated a random string and primed the DNS with it or could be
easily
cut-n-pasted into the DNS configuration... the MTA could of course extract
the string easily, as could anyone else for verification), then it would
be a
leverage point if someone started forging emails.
While sending spam might not be a crime in all civilized countries,
copyright
infringement is.
Is that too "out there?"
IANAL, but I think it would depend on what is copyrightable, and how much
text can be quoted and still be considered fair use. IIRC, you can quote
~250 words under US law, which would be too long and cumbersome for your
suggested system. Then you might run into user problems that would construe
(correctly or incorrectly) that the system is claiming copyright of their
written material. But nice try though :)
Habeas.
{^_^}
Re: Is Spamassassin failing math?
Daryl C. W. O'Shea wrote: > Jason Marshall wrote: >> X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_60,SARE_MLB_Stock1, >> TW_AQ autolearn=no version=3.1.0 >> X-Spam-Report: >> * 1.7 SARE_MLB_Stock1 BODY: SARE_MLB_Stock1 >> * 0.1 TW_AQ BODY: Odd Letter Triples with AQ >> * 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >> * [score: 0.6809] >> >> To me, that looks more like 2.8 not 2.7 points! Is this just my site? >> Sorry if someone already brought this up long ago... > > http://wiki.apache.org/spamassassin/RoundingIssues > There are bugs in that page. The second-half example is from the old rounding behavior, not the more recent truncation behavior. Modern SA versions would display 8.5 as the score, not 8.6. We need an example where the error swings in the other direction... (The top half has been adapted to reflect SA's current behavior, but the bottom half has not)
Re: Is Spamassassin failing math?
But SA rounds that rule score to 1.7 to save display space. Most SA rules actually have scores with 3 decimal places. (ie: 1.268) The "real" answer would be to always display 3-decimal place scores, but that's rather of ugly and creates a cluttered report. However, you'd always be 100% accurate. I'm sure I'm not the first one to suggest this, but why NOT always display the numbers in their entirety? I can't think of any reason why a user would say "please give me less accuracy and a lot more confusion in return for fewer digits to parse". Would it really make things more cluttered to add two digits to each number in the report? Or how about making the actual scores accurate to two decimal places, and display those in their entirety -- meeting both sides of the argument 1/2 way? *8-) I could live with: X-Spam-Status: No, score=-2.50 required=5.00 tests=AWL,BAYES_00 autolearn=ham version=3.1.0 X-Spam-Report: * -2.60 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.] * 0.10 AWL AWL: From: address is in the auto white-list In fact, I'll bet the spamassassin developers could make that change and I'd never even notice! Just a thought... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Is Spamassassin failing math?
Jason Marshall wrote: >> But SA rounds that rule score to 1.7 to save display space. Most SA rules >> actually have scores with 3 decimal places. (ie: 1.268) > >> The "real" answer would be to always display 3-decimal place scores, >> but that's rather of ugly and creates a cluttered report. However, >> you'd always be 100% accurate. > > I'm sure I'm not the first one to suggest this, but why NOT always > display the numbers in their entirety? As stated above: "That's rather ugly and creates a cluttered report". > > Would it really make things more cluttered to add two digits to each number > in the report? Yes, and it's unnecessary. Life is full of round-number issues. Learning to accept rounding is unavoidable. People like rounded numbers because they are fast and easy to read. Nearly every number you see in life is rounded. You've just never checked the background math before. Take Signposts along roads. Have you never checked those signs telling you how far away a city is against your odometer? Sometimes you'll pass one sign saying 70km, then another saying 60km, but your odometer will show less than (or more than) 10km between the two signs.. Do you call the highway dept and complain they can't measure? Do you complain to the auto-maker that your odometer should only show 10km increments? No, because we all intuitively know that the numbers are rounded. We all know that a measurement 10.5 really means "something near, but not exactly 10.5" Why should SA be so different? Why do you expect numbers the to add exactly down to the last decimal place? > Or how about making the actual scores accurate to two decimal places, and > display those in their entirety -- meeting both sides of the argument 1/2 > way? *8-) That would be reasonable, however you'd have to re-code the perceptron to generate scores that way. That said, I still think the shorter report is more readable and elegant.
Re: Is Spamassassin failing math?
As stated above: "That's rather ugly and creates a cluttered report". And as I stated below, I disagree. Yes, and it's unnecessary. Life is full of round-number issues. This one would have been pretty avoidable. accept rounding is unavoidable. People like rounded numbers because they are fast and easy to read. Nearly every number you see in life is rounded. You've just never checked the background math before. If I had a nickel for every one of my users who actually read the report added to the scanned mail, I'd have about a buck fifty. As a geek, I like real numbers that add up to exactly what they say they'll add up to. Do you call the highway dept and complain they can't measure? Do you complain to the auto-maker that your odometer should only show 10km increments? No, but maybe I should! *8-) Or, get my shovel out and "fix" the "problem"... Why should SA be so different? Why do you expect numbers the to add exactly down to the last decimal place? That's just goofy. Okay... Because SA runs inside a computer, and the computer is better at adding up numbers for real than making approximations. Because when you're looking at something a computer did, you expect the numbers to actually add up. Because when you see something that appears to be accurate to one tenth, you expect it to actually be accurate to one tenth. Because the effort of adding up all those numbers accurately to three decimal places has already been done; why throw away the accuracy if you went to the trouble of computing it in the first place? Because no computer user, no matter how unseasoned, is going to be shocked to see numbers accurate to three decimal places that actually add up to the right answer. If my dumbest user sees "scored 4.999 out of 5.000" he'll say "gee, that was close". If he sees "scored 4.9 out of 5.0", but all the numbers under it add up to 5.0, he's going to say "gee, that's dumb" and pick up the phone to tell me how dumb it is. That would be reasonable, however you'd have to re-code the perceptron to generate scores that way. Fair enough. That said, I still think the shorter report is more readable and elegant. I disagree. Anyway, I've been using this stuff for years and never noticed this before, so it's clearly not that big a deal. I feel better for venting (a little), and apologize for wasting everyone's bits. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Jason Marshall, [EMAIL PROTECTED] Spots InterConnect, Inc. Calgary, AB | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: Install help for Spamassasian 3.1.1 on Fedora Core 4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Abel Jeffcoat wrote: > Hello, > > I'm trying to install the new version of Spamassasian on a new mail > server I building. I'm using Fedora Core 4, and I have the latest > updates for Perl, etc. > > When I attempt to install it via cpan. Does anyonr of any experience > getting Spamassasian installed on Fedora Core 4? > > Any help would be apprecciated. > > Abel Jeffcoat [snip] Hey Abel, Axel T has already done the business for you: http://atrpms.net/dist/fc4/spamassassin/ Regards, Craig. - -- Craig McLeanhttp://fukka.co.uk [EMAIL PROTECTED] Where the fun never starts Powered by FreeBSD, and GIN! -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEMaTAMDDagS2VwJ4RAsckAKCrCrMBjgRev5VEVi3cOvpMpAXkdwCg/jJB dxj0g7ERdSt4NdSrVBZq0ME= =Zqly -END PGP SIGNATURE-
Re: running SA on multiple machines
Dave Stern wrote: > I'm trying to get SA working by remote connections and don't see it > consistantly working. > > Users kick off SA in their .procmailrc on our mail server which can't > handle > a more recent version of SA so we only have v2.64 installed locally. > (Don't > ask) > > What I'd like to do is have a call in their .procmailrc something like > this > > :0fw: $HOME/spamassassin.lock > | /opt/spamassassin/bin/spamc -d spamcheck.fqdn -t 10 > > I have spamcheck.fqdn as a SRV record something like this: > > spamcheck IN SRV 1 1 783 samachine.fqdn. > IN SRV 2 1 783 mailmachine.fqdn. > > ie connect to port 783 on samachine and if it's not available, connect to > same port on mailmachine and timeout within 10 seconds if neither works Try this with multiple A records or CNAME records for the same name instead of using SRV records. (who on earth still uses SRV records for anything?) Spamc will automatically resolve down to A records and if it has multiple IPs, it try them in-order. >From the spamc manpage: **-d* /host[,host2]/* In TCP/IP mode, connect to spamd server on given host (default: localhost). Several hosts can be specified if separated by commas. If /host/ resolves to multiple addresses, then spamc will fail-over to the other addresses, if the first one cannot be connected to. It will first try all addresses of one host before it tries the next one in the list. > > perhaps the timeout is too quick as I see no spamassassin headers in mail > going thru even tho procmail logfiles say it executed the spamc line. > I also tried variations on > > | /opt/spamassassin/bin/spamc -d 127.0.0.1,10 -d 128.8.120.159,10 -t 10 Erm.. what's the ,10 for in those -d fields? The normal format would be: -d 127.0.0.1,128.8.120.159 (This also should do what you want) > > Has anyone done spam checking to multiple machines with some type of > failover? Many have, and the docs even say how. Many folks use this same and add on the -H switch, which causes spamc to randomize what host it connects to from the list, often used for crude but effective load balancing. http://spamassassin.apache.org/full/3.1.x/dist/doc/spamc.html
warn: reporter: razor2 report failed
Maybe its my imagination, but it seems ever since the razor license was changed I get two or three of these when manually reporting a spam. The whole error is: warn: reporter: razor2 report failed: No such file or directory reporter: razor2 had unknown error during authenticate at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line 209, line 1. at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Plugin/Razor2.pm line 322. 1 message(s) examined. After two or three tries it reports the message correctly. Anyone else seen this or know of any reason for it? -- Chris Registered Linux User 283774 http://counter.li.org 19:43:58 up 34 days, 22:47, 2 users, load average: 0.19, 0.17, 0.16 Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk pgp2kyctDu8Ys.pgp Description: PGP signature
Re: running SA on multiple machines
On Mon, 3 Apr 2006, Matt Kettler wrote:
[snip..]
> (who on earth still uses SRV records for anything?)
The 800 Lb Gorilla of Redmond. ;)
Most modern Kerberos clients will use them to find KDCs
if properly set up.
--
Dave Funk University of Iowa
College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include
Better is not better, 'standard' is better. B{
Re: Is Spamassassin failing math?
Jason Marshall schrieb: > I'm sure I'm not the first one to suggest this, but why NOT always display > the numbers in their entirety? I can't think of any reason why a user > would say "please give me less accuracy and a lot more confusion in return > for fewer digits to parse". But I can - and I would. :) I can read numbers with just one decimal place much better, and I'm not interested at all in "more accuracy". Why (and when) do I need the scores? When I want to see why mail is tagged spam or not, and how relevant each rule was for that decision. It's not important if a rule scores 1.223 or 1.2 - it's not even important if it scores 1.1 oder 1.3. But it *does* matter if it scores 0.2 or 2.5. So that accuracy is just unneceassaray, and it *would* make it harder - at least for me - to "get" the scores with just one quick look. Regards, -thh
