Re: SA-Update required modules

[Nigel Frankcom]

I had similar problems on CentOS 32 & 64; I ended up installing the
Net::Ident with yum instead (off the dag repo), that worked ok...

yum install perl-Net-Ident.noarch

The INET6 can be installed the same way, though I don't think it's
critical to have it in.

HTH

Nigel

On Mon, 7 Aug 2006 20:45:19 -0500, Chris <[EMAIL PROTECTED]>
wrote:

>I looked at the list of required modules and noticed after I've been running 
>it for awhile that I didn't have these two installed:
>
>9109] dbg: diag: module not installed: Net::Ident ('require' failed)
>9109] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
>
>I tried installing Net::Ident awhile ago and get this:
>
>PERL_DL_NONLAZY=1 /usr/bin/perl5.8.5 "-MExtUtils::Command::MM" "-e" 
>"test_harness(0, 'blib/lib', 'bl
>ib/arch')" t/*.t
>t/0use..Net::Ident::_export_hooks() called too early to check prototype 
>at /tmp/.webmin/Net-Iden
>t-1.20/blib/lib/Net/Ident.pm line 29.
>ok
>t/apacheNet::Ident::_export_hooks() called too early to check prototype 
>at /tmp/.webmin/Net-Iden
>t-1.20/blib/lib/Net/Ident.pm line 29.
>skipped
>all skipped: no reason given
>t/compatNet::Ident::_export_hooks() called too early to check prototype 
>at /tmp/.webmin/Net-Iden
>t-1.20/blib/lib/Net/Ident.pm line 29.
>FAILED test 1
>   Failed 1/2 tests, 50.00% okay
>t/Ident.Net::Ident::_export_hooks() called too early to check prototype 
>at /tmp/.webmin/Net-Iden
>t-1.20/blib/lib/Net/Ident.pm line 29.
>FAILED tests 1-3
>   Failed 3/7 tests, 57.14% okay
>Failed 2/4 test scripts, 50.00% okay. 4/10 subtests failed, 60.00% okay.
>Failed Test Stat Wstat Total Fail  Failed  List of Failed
>---
>t/Ident.t  73  42.86%  1-3
>t/compat.t 21  50.00%  1
>1 test skipped.
>make: *** [test_dynamic] Error 255
>
>The install failed. Would anyone possibly know why this may have happened?

Re: Latest Network Upgrade not spam.

[jdow]

From: "Robert Nicholson" <[EMAIL PROTECTED]>


It seems the latest version of these isn't spam?

Are there any rules to mark MS attachments as SPAM?

From:   [EMAIL PROTECTED]
Subject: Latest Network Upgrade
Date: August 5, 2006 9:55:10 PM CDT
To:   [EMAIL PROTECTED]
X-Spam-Dcc: : grub.camros.com 1113; Body=1 Fuz1=1 Fuz2=1
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on  
grub.camros.com
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=0.6  
tests=BAYES_50,HTML_MESSAGE, MIME_BASE64_NO_NAME autolearn=ham  
version=3.1.1

Received: (qmail 6256 invoked from network); 7 Aug 2006 13:14:38 -
Received: from surfgate.starhub.net.sg (203.116.254.187) by  
64.34.193.12 with DES-CBC3-SHA encrypted SMTP; 7 Aug 2006 13:14:38 -
Received: from imx2.starhub.net.sg (imx2.starhub.net.sg  
[203.116.254.42]) by surfgate.starhub.net.sg (8.13.6+Sun/8.13.6) with  
ESMTP id k763FTJC000782 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006  
11:29:11 +0800 (SGT)
Received: from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg  
[203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP  
id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43  
+0800
Received: from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg  
(Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with  
ESMTPP id <[EMAIL PROTECTED]> for  
[EMAIL PROTECTED]; Sun, 06 Aug 2006 10:55:40 +0800 (SGT)

Date-Warning: Date header was inserted by kbsmtao2.starhub.net.sg
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="Boundary_ 
(ID_fld50HgNZSb4ucD84dSJhA)"

X-Accept-Flag: Sender is Unknown
Lines: 2665


Without some of the body I've no idea what would block these other
than DNS rules. And if you are one of the first to be attacked they
are often ineffective.

The originating address is from another .sg computer.
d121101.ppp121.cyberway.com.sg

So network rules might not even work.

One thing I notice that might be trapped upon is that these two headers
and the "To:" do not agree. But that is not a particularly strong
spam sign.
===8<---
Received: from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg  
[203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP  
id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43  
+0800
Received: from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg  
(Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with  
ESMTPP id <[EMAIL PROTECTED]> for  

===8<---

To:   [EMAIL PROTECTED]

===8<---

If you are not a member of advisor.com's mailing lists you could
simply black list them. If you are you might want to generate a
specific rule trio that detects advisor.com for the purported
source and requires that it be ONLY from their address. That'd
be two rules and a meta rule to put them together. (I don't know
what would happen with a "blacklist_from" and a more specific
"whitelist_from_rcvd". Ideally that would do the trick. But I am
not sure it would.)

{^_^}

Re: Memory requirements

[jdow]

From: "James Lay" <[EMAIL PROTECTED]>


Hey all!

Anyone happen to know the memory requirements of SpamAssassin?  I have
3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE
rules tank it?  Or am I safe?  Thanks all!


Perhaps.

Do not run anything else with a significant memory footprint on the
system at the same time. Do not use X, of course. Minimize the number
of children spawned to one.

{^_^}   Joanne

Re: Memory requirements

[John D. Hardin]

On Mon, 7 Aug 2006, James Lay wrote:

> Anyone happen to know the memory requirements of SpamAssassin?  I have
> 3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE
> rules tank it?  Or am I safe?  Thanks all!

I'm running 3.1.3 with a bunch of SARE and local rules on my hosted
server, which only has 96MB of RAM and 196MB of swap. It's also
running BIND serving as authoritative for a few domains, and apache
serving static content, but no databases or other fancy stuff.

I have it configured to only spawn one child and run all scans
sequentially, as I don't really care if it takes a couple of minutes
to score a message.

It works reliably, though there's little margin for adding much else.
If there was any less memory I would not be able to run SA.

How much swap do you have? And what else is running on the server?

--
 John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  False is the idea of utility that sacrifices a thousand real
  advantages for one imaginary or trifling inconvenience; that would
  take fire from men because it burns, and water because one may drown
  in it; that has no remedy for evils except destruction. The laws
  that forbid the carrying of arms are laws of such a nature. They
  disarm only those who are neither inclined nor determined to commit
  crime.   -- Cesare Beccaria, quoted by Thomas Jefferson
---

Latest Network Upgrade not spam.

[Robert Nicholson]

It seems the latest version of these isn't spam?Are there any rules to mark MS attachments as SPAM?        From: 	  [EMAIL PROTECTED]	Subject: 	Latest Network Upgrade	Date: 	August 5, 2006 9:55:10 PM CDT	To: 	  [EMAIL PROTECTED]	X-Spam-Dcc: 	: grub.camros.com 1113; Body=1 Fuz1=1 Fuz2=1	X-Spam-Checker-Version: 	SpamAssassin 3.1.1 (2006-03-10) on grub.camros.com	X-Spam-Level: 		X-Spam-Status: 	No, score=0.2 required=0.6 tests=BAYES_50,HTML_MESSAGE, MIME_BASE64_NO_NAME autolearn=ham version=3.1.1	Received: 	(qmail 6256 invoked from network); 7 Aug 2006 13:14:38 -	Received: 	from surfgate.starhub.net.sg (203.116.254.187) by 64.34.193.12 with DES-CBC3-SHA encrypted SMTP; 7 Aug 2006 13:14:38 -	Received: 	from imx2.starhub.net.sg (imx2.starhub.net.sg [203.116.254.42]) by surfgate.starhub.net.sg (8.13.6+Sun/8.13.6) with ESMTP id k763FTJC000782 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 11:29:11 +0800 (SGT)	Received: 	from kbsmtao2.starhub.net.sg (kbsmtao181.starhub.net.sg [203.116.2.181]) by imx2.starhub.net.sg (8.12.10/8.12.10) with ESMTP id k762oex0025517 for <[EMAIL PROTECTED]>; Sun, 6 Aug 2006 10:50:43 +0800	Received: 	from kslqb ([203.116.121.101]) by kbsmtao2.starhub.net.sg (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTPP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sun, 06 Aug 2006 10:55:40 +0800 (SGT)	Date-Warning: 	Date header was inserted by kbsmtao2.starhub.net.sg	Message-Id: 	<[EMAIL PROTECTED]>	Mime-Version: 	1.0	Content-Type: 	multipart/mixed; boundary="Boundary_(ID_fld50HgNZSb4ucD84dSJhA)"	X-Accept-Flag: 	Sender is Unknown	Lines: 	2665

Memory requirements

[James Lay]

Hey all!

Anyone happen to know the memory requirements of SpamAssassin?  I have
3.0.4 running on 128 Megs okwill upgrading to 3.1.4 plus the SARE
rules tank it?  Or am I safe?  Thanks all!

James

SA-Update required modules

[Chris]

I looked at the list of required modules and noticed after I've been running 
it for awhile that I didn't have these two installed:

9109] dbg: diag: module not installed: Net::Ident ('require' failed)
9109] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)

I tried installing Net::Ident awhile ago and get this:

PERL_DL_NONLAZY=1 /usr/bin/perl5.8.5 "-MExtUtils::Command::MM" "-e" 
"test_harness(0, 'blib/lib', 'bl
ib/arch')" t/*.t
t/0use..Net::Ident::_export_hooks() called too early to check prototype 
at /tmp/.webmin/Net-Iden
t-1.20/blib/lib/Net/Ident.pm line 29.
ok
t/apacheNet::Ident::_export_hooks() called too early to check prototype 
at /tmp/.webmin/Net-Iden
t-1.20/blib/lib/Net/Ident.pm line 29.
skipped
all skipped: no reason given
t/compatNet::Ident::_export_hooks() called too early to check prototype 
at /tmp/.webmin/Net-Iden
t-1.20/blib/lib/Net/Ident.pm line 29.
FAILED test 1
Failed 1/2 tests, 50.00% okay
t/Ident.Net::Ident::_export_hooks() called too early to check prototype 
at /tmp/.webmin/Net-Iden
t-1.20/blib/lib/Net/Ident.pm line 29.
FAILED tests 1-3
Failed 3/7 tests, 57.14% okay
Failed 2/4 test scripts, 50.00% okay. 4/10 subtests failed, 60.00% okay.
Failed Test Stat Wstat Total Fail  Failed  List of Failed
---
t/Ident.t  73  42.86%  1-3
t/compat.t 21  50.00%  1
1 test skipped.
make: *** [test_dynamic] Error 255

The install failed. Would anyone possibly know why this may have happened?

-- 
Chris
20:41:09 up 8 days, 2:09, 1 user, load average: 1.36, 2.00, 1.94



pgpHMFyyND4FW.pgp
Description: PGP signature

Re: Improved OCR Plugin with approximate matching

[jdow]

From: "uNiXpSyChO" <[EMAIL PROTECTED]>


decoder wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello there,

I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy
matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text don't make the recognition
impossible. This is being done with a relative distance calculation
between the pattern (word from a given word list) and a line in the
recognized input. Also, the plugin uses dynamic scoring (more matched
words means more score, this can be adjusted in the source).

You can find a full description and an example in the wiki under:

http://wiki.apache.org/spamassassin/FuzzyOcrPlugin


Ideas for improvements or critics are always welcome :)



seems to work... but i never see a score about 1.00.

the docs say the default score is 4.  did i miss something?


You probably never amended your local.cf or equivalent with the
score for the rule. So it gets the default score of 1.

{^_^}

Re: Improved OCR Plugin with approximate matching

[uNiXpSyChO]

seems to work... but i never see a score about 1.00.

the docs say the default score is 4.  did i miss something?


above 1.00 i meant.

Re: Improved OCR Plugin with approximate matching

[uNiXpSyChO]

decoder wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello there,

I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy
matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text don't make the recognition
impossible. This is being done with a relative distance calculation
between the pattern (word from a given word list) and a line in the
recognized input. Also, the plugin uses dynamic scoring (more matched
words means more score, this can be adjusted in the source).

You can find a full description and an example in the wiki under:

http://wiki.apache.org/spamassassin/FuzzyOcrPlugin


Ideas for improvements or critics are always welcome :)



seems to work... but i never see a score about 1.00.

the docs say the default score is 4.  did i miss something?

Re: spamd not well after crash

[John Andersen]

On Monday 07 August 2006 03:32, Loren Wilton wrote:
> If you previously installed from a distro of some kind you should probably
> upgrade using the newer distro rather than CPAN directly; otherwise you can
> end up with mucked up installations since some distros move things around.

The problem with that is that many Distros don't release upgrades very often.
The only problem you are likely too have in this regard is spamd located in 
a non-standard place. So check dates.

It might be wise to uninstall the rpm just prior to doing the CPAN route.

Be sure to follow and install all the pre-requisite cpan modules.
There are some that just do not work, and won't build.  You can ignore
these.  But do get the network tests working if possible.

-- 
_
John Andersen


pgpmB77wkaOQh.pgp
Description: PGP signature

Re: 0451.com

[jdow]

From: "Hamish Marson" <[EMAIL PROTECTED]>

Duncan Hill wrote:

On Monday 07 August 2006 00:02,  wrote:

| 2250 0733.com



Here are my numbers from last week:

5006 0451.com 3845 53.com


Not seeing anywhere near as high, but this is only on my personal
server: 440733.com 340451.com 110668.com 4 023.com
2 08.com 2 020.com 1 212.com 1 07770500.com 1
01191.com 1 004.com

However, the majority are already being rejected with my standard
rules in Postfix (like don't accept mail from certain netblocks).
I would have sworn there used to be a domain registration rule that
said pure-numeric domains were illegal, but I'm not sure.


The RFC's actually state that a domain MUST start with a letter, and
be any letter or digit or hyphen after. So according to the RFC's
purely numberic domains are illegal.

(e.g. From RFC 1035)

 ::=  | " "

 ::=  |  "." 

 ::=  [ [  ]  ]

 ::=  |  

 ::=  | "-"

 ::=  | 

 ::= any one of the 52 alphabetic characters A through Z in
upper case and a through z in lower case

 ::= any one of the ten digits 0 through 9


Seems clear to me... And since RFC1035 is still current, I'm not sure why
purely numeric domains are considered acceptable. (Apart from I can't
think
of a really good reason apart from pedanticness to stop them).


Well, some browsers allow you to put in "google" for the address and
will self-complete to what it thinks you wants. If there is a number
only in there the browser will likely try to interpret the number
as an 32 IP address in decimal form.

All those addresses would hit network 0, though. And that is a reserved
net number.

{^_-}

Improved OCR Plugin with approximate matching

[decoder]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello there,

I have improved the original OcrPlugin (found at
http://wiki.apache.org/spamassassin/OcrPlugin), so it contains fuzzy
matching. Like that, mistakes made by the OCR recognition or
intentional obfuscations in the text don't make the recognition
impossible. This is being done with a relative distance calculation
between the pattern (word from a given word list) and a line in the
recognized input. Also, the plugin uses dynamic scoring (more matched
words means more score, this can be adjusted in the source).

You can find a full description and an example in the wiki under:

http://wiki.apache.org/spamassassin/FuzzyOcrPlugin


Ideas for improvements or critics are always welcome :)


Best regards,


Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE18IMJQIKXnJyDxURAm4PAJ9WcLtEDharV99qZrgPGuy0oa6a+QCfcvgz
azeW1/azOeGFnW2qBnvcOUs=
=KZIA
-END PGP SIGNATURE-

Re: 0451.com

[Hamish]

On Monday 07 August 2006 16:09, Tony Finch wrote:
> On Mon, 7 Aug 2006, Hamish Marson wrote:
> > The RFC's actually state that a domain MUST start with a letter, and
> > be any letter or digit or hyphen after. So according to the RFC's
> > purely numberic domains are illegal.
>
> No! Wrong! Totally wrong! If they were illegal they would never have been
> allocated. Duh.
>

Yeah, Right... And Verisign never wildcarded domains either did they? Duh! 
right back at you. 

> RFC 1123 section 2.1:
>
> The syntax of a legal Internet host name was specified in RFC-952

Hostname vs DomainName

RFC1035 is still current. never superceeded. It states Domain names. RFC1123 
says hostnames... In fact RFC1035 isn't even marked as updated! (At least the 
copies I'm looking at now)

AFAICS RFC1123 only mentions hostnames, nothing about domains. A small 
semantic difference I know, but possibly an important one. I wonder what 
Cricket has to say about domain names being all digits? Possibly it comes 
under the be lenient in what you accept & rigid in what you present rule.

RFC1912 throws more wood on the fire...


 Allowable characters in a label for a host name are only ASCII
   letters, digits, and the `-' character.  Labels may not be all
   numbers, but may have a leading digit  (e.g., 3com.com).  Labels must
   end and begin only with a letter or digit.  See [RFC 1035] and [RFC
   1123].  (Labels were initially restricted in [RFC 1035] to start with
   a letter, and some older hosts still reportedly have problems with
   the relaxation in [RFC 1123].)  Note there are some Internet
   hostnames which violate this rule (411.org, 1776.com).  The presence
   of underscores in a label is allowed in [RFC 1033], except [RFC 1033]
   is informational only and was not defining a standard.  There is at
   least one popular TCP/IP implementation which currently refuses to
   talk to hosts named with underscores in them.  It must be noted that
   the language in [1035] is such that these rules are voluntary -- they
   are there for those who wish to minimize problems.  Note that the
   rules for Internet host names also apply to hosts and addresses used
   in SMTP (See RFC 821).


So even rfc1912 still thinks all digit domains are incorrect... But it 
interprets 1123 as meaning hosts & domains. But even in 1996 it was 
recognised that the registrars didn't really follow the RFC's properly... 


I still think all digit domains are probably worth a point or so. 


> [DNS:4].  One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit.  Host software MUST support this more liberal
> syntax.
>
> Tony.


pgpx2IGc4ElMm.pgp
Description: PGP signature

Having Bayes MySQL problems

[Marc Perkel]

Anyone know what would cause this? I ran sa-learn --force-expire

Use of uninitialized value in concatenation (.) or string at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 132.
Use of uninitialized value in numeric ne (!=) at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 134.
Use of uninitialized value in concatenation (.) or string at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 135.
bayes: database version  is different than we understand (3), aborting! 
at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 135.
Use of uninitialized value in concatenation (.) or string at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 179.
Use of uninitialized value in numeric ne (!=) at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 181.
Use of uninitialized value in concatenation (.) or string at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 182.
bayes: database version  is different than we understand (3), aborting! 
at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/BayesStore/SQL.pm 
line 182.

Re: URIBL and SURBL no lnger hitting

[DAve]

DAve wrote:

DAve wrote:

Richard wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160


I noticed this morning that I am no longer hitting any URIBL and
SURBL. I did a test,

...


I should have included this in the debug output.

[23441] dbg: dns: is Net::DNS::Resolver available? yes
[23441] dbg: dns: Net::DNS version: 0.57


iirc (may not ...), there were some Net::DNS version issues causing 
probs.


perhaps try upgrading Net::DNS:

% perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"'
0.58

richard


I found a few messages of interest. One concerning teh ClamAV plugin, 
which I don't use though I have just installed the ImageInfo plugin. I 
removed it no change. I also found another message reporting a bug in 
URIDNSBL lookups. I don't think that is affecting me because it 
concerned the check loop finishing before the timeout. I can certainly 
see my timeout, it takes a full minutes before spamassassin -D --lint 
< testemail.txt will finish.


I've seen no recent messages about Net::DNS.

Not sure where to go next. The delay in SA is causing my mail to 
backup.  Though I threw some more children at MailScanner and it is 
catching up now, slowly.


Dig works, host works. Not sure why SA can't get a lookup. I've 
restarted dnscache several times, and I have my normal dns servers 
listed under 127.0.0.1 in /etc/resolv.conf.


DAve



[63142] dbg: dns: is Net::DNS::Resolver available? yes
[63142] dbg: dns: Net::DNS version: 0.58
[63142] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[63142] dbg: uridnsbl: aborting remaining lookups

No change, still cannot complete uridnsbl lookups.

But... this works.
dig dadixus.com.multi.uribl.com

I really hate spammers today. Really, really, hate spammers. Castration
is too good for them. This last upgrade of SA and MailScanner has been
brutal.

I've no idea where to look next.

DAve



In frustration I edited /etc/resolv.conf and removed 127.0.0.1, URI 
lookups are completing and MailScanner is blasting through the queues on 
both machines exceedingly fast now.


No idea what could have possibly changed, dnscache is normally 
bulletproof. I run it on a dozen servers as a local cache, it is a 
standard install on all my servers and all installs share the same 
config. Especially since dig worked, and still works to 127.0.0.1.


Very odd.

DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: ImageInfo path

[qqqq]

| I am sure it has to do with the dir structure. We use oes-linux and the
| dir structure on it is /etc/mail/spamassassin. So i am asking in what
| file do i change the path from /mail/spamassassin to
| /etc/mail/spamassassin. I have searched through the 2 files (*.pm and
| *.cf and can not find it_). Thanks for any help


Do this:
find /usr -name Plugin

ImageInfo path

[carnold5]

Hello all. Mostly a lurker here. I am trying to install the imageinfo
plugin. So, i followed the instructions, place *.pm file in "Plugins"
dir and *.cf file in "Spamassassin" dir. Do a spamassassin --lint and get 
[6870] warn: plugin: failed to parse plugin (from @INC): Can't locate
Mail/SpamA  ssassin/Plugin/ImageInfo.pm in @INC (@INC
contains: /usr/lib/perl5/vendor_perl/5 
.8.3/i586-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.3
/usr/lib/perl5/5.8  .3/i586-linux-thread-multi
/usr/lib/perl5/5.8.3 /usr/lib/perl5/site_perl/5.8.3/i 
586-linux-thread-multi /usr/lib/perl5/site_perl/5.8.3
/usr/lib/perl5/site_perl /  usr/lib/perl5/vendor_perl) at
(eval 58) line 1.
[6870] warn: plugin: failed to create instance of plugin
Mail::SpamAssassin::Plu  gin::ImageInfo: Can't locate object
method "new" via package "Mail::SpamAssassin 
::Plugin::ImageInfo" at (eval 59) line 1.

I am sure it has to do with the dir structure. We use oes-linux and the
dir structure on it is /etc/mail/spamassassin. So i am asking in what
file do i change the path from /mail/spamassassin to
/etc/mail/spamassassin. I have searched through the 2 files (*.pm and
*.cf and can not find it_). Thanks for any help
begin:vcard
n:Arnold;Chris
fn:Chris, Arnold
url:http://www.mytimewithgod.net
version:2.1
email;internet:[EMAIL PROTECTED]
end:vcard

RE: sa-update gives Can't locate LWP/UserAgent.pm in @INC ?

[Chan, Wilson]

> -Original Message-
> From: Evan Platt [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 07, 2006 8:53 AM
> To: users@spamassassin.apache.org
> Subject: sa-update gives Can't locate LWP/UserAgent.pm in @INC ?

Had the same problem on Fedora Core 5. I had to install these additional
packages.

==Install via Yum==
perl-Archive-Tar
perl-IO-Zlib
perl-libwww-perl

Also, once you get the packages installed. Try running "sa-update -D" to
see what its doing in the background. :)


-Wilson

Re: 0451.com

[John D. Hardin]

On Mon, 7 Aug 2006, Tony Finch wrote:

> On Mon, 7 Aug 2006, Hamish Marson wrote:
> >
> > The RFC's actually state that a domain MUST start with a letter, and
> > be any letter or digit or hyphen after. So according to the RFC's
> > purely numberic domains are illegal.
> 
> No! Wrong! Totally wrong! If they were illegal they would never have been
> allocated. Duh.
> 
> RFC 1123 section 2.1:
> 
> The syntax of a legal Internet host name was specified in RFC-952
> [DNS:4].  One aspect of host name syntax is hereby changed: the
> restriction on the first character is relaxed to allow either a
> letter or a digit.  Host software MUST support this more liberal
> syntax.

...I guess not. Dammit, when am I going to learn to read my mailbox in
*reverse* chronological order?

--
 John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The difference is that Unix has had thirty years of technical
  types demanding basic functionality of it. And the Macintosh has
  had fifteen years of interface fascist users shaping its progress.
  Windows has the hairpin turns of the Microsoft marketing machine
  and that's all.-- Red Drag Diva
---

Re: 0451.com

[John D. Hardin]

On Mon, 7 Aug 2006, Hamish Marson wrote:

> The RFC's actually state that a domain MUST start with a letter, and
> be any letter or digit or hyphen after. So according to the RFC's
> purely numberic domains are illegal.

Should this be worth a point or so in the base ruleset?

--
 John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
 [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED]
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  The difference is that Unix has had thirty years of technical
  types demanding basic functionality of it. And the Macintosh has
  had fifteen years of interface fascist users shaping its progress.
  Windows has the hairpin turns of the Microsoft marketing machine
  and that's all.-- Red Drag Diva
---

Re: A lot of this going around

[David Baron]

On Monday 07 August 2006 21:34, Theo Van Dinter wrote:
> On Mon, Aug 07, 2006 at 09:28:12PM +0300, David Baron wrote:
> > >Aug  7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes
> > >journal /home/david/.spamassassin/bayes_journal (0 of 3624)!
> > >
> > >Getting numerous messages of this form. Things seem to be working
> > > normally!
> >
> > Aug  7 18:03:38 d_baron spamd[28529]: Exiting eval via last
> > at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127.
>
> The latter is caused by the former, btw.  Perhaps something is over quota
> or otherwise out of space?  Alternately, something like selinux restricting
> what spamd can do?
>
> The first error happens if you can open the journal file for appending,
> but doing the write actually fails (in this case, nothing was able to
> be written to the file).

Yup. Some stuff eats up your home partition and does not even tell you.
Thanks for the hint.

Re: URIBL and SURBL no lnger hitting

[DAve]

DAve wrote:

Richard wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160


I noticed this morning that I am no longer hitting any URIBL and
SURBL. I did a test,

...


I should have included this in the debug output.

[23441] dbg: dns: is Net::DNS::Resolver available? yes
[23441] dbg: dns: Net::DNS version: 0.57


iirc (may not ...), there were some Net::DNS version issues causing 
probs.


perhaps try upgrading Net::DNS:

% perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"'
0.58

richard


I found a few messages of interest. One concerning teh ClamAV plugin, 
which I don't use though I have just installed the ImageInfo plugin. I 
removed it no change. I also found another message reporting a bug in 
URIDNSBL lookups. I don't think that is affecting me because it 
concerned the check loop finishing before the timeout. I can certainly 
see my timeout, it takes a full minutes before spamassassin -D --lint < 
testemail.txt will finish.


I've seen no recent messages about Net::DNS.

Not sure where to go next. The delay in SA is causing my mail to backup. 
 Though I threw some more children at MailScanner and it is catching up 
now, slowly.


Dig works, host works. Not sure why SA can't get a lookup. I've 
restarted dnscache several times, and I have my normal dns servers 
listed under 127.0.0.1 in /etc/resolv.conf.


DAve



[63142] dbg: dns: is Net::DNS::Resolver available? yes
[63142] dbg: dns: Net::DNS version: 0.58
[63142] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[63142] dbg: uridnsbl: aborting remaining lookups

No change, still cannot complete uridnsbl lookups.

But... this works.
dig dadixus.com.multi.uribl.com

I really hate spammers today. Really, really, hate spammers. Castration
is too good for them. This last upgrade of SA and MailScanner has been
brutal.

I've no idea where to look next.

DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: sa-update gives Can't locate LWP/UserAgent.pm in @INC ?

[Theo Van Dinter]

On Mon, Aug 07, 2006 at 11:52:50AM -0700, Evan Platt wrote:
> Running SpamAssassin 3.1.3 on a OS/X box. Running sa-update gives 
> "Can't locate LWP/UserAgent.pm in @INC". Can't recall if I've ever 
> tried sa-update before.
> 
> Googling doesn't give much help, and a locate of UserAgent.pm finds 
> nothing on my system.

Did you read the INSTALL doc for the sa-update required modules? ;)

-- 
Randomly Generated Tagline:
"Luge strategy? Lie flat and try not to die." - Tim Steeves


pgpNMFDYYpRb4.pgp
Description: PGP signature

sa-update gives Can't locate LWP/UserAgent.pm in @INC ?

[Evan Platt]

Hello all...
Running SpamAssassin 3.1.3 on a OS/X box. Running sa-update gives 
"Can't locate LWP/UserAgent.pm in @INC". Can't recall if I've ever 
tried sa-update before.


Googling doesn't give much help, and a locate of UserAgent.pm finds 
nothing on my system.


Thanks.

Evan

A lot of this going around

[David Baron]

Aug  7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes 
journal /home/david/.spamassassin/bayes_journal (0 of 3624)!

Getting numerous messages of this form. Things seem to be working normally!

(Note that sa-update failed this morning due to problems at the site.)

Re: A lot of this going around

[Theo Van Dinter]

On Mon, Aug 07, 2006 at 09:28:12PM +0300, David Baron wrote:
> >Aug  7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes 
> >journal /home/david/.spamassassin/bayes_journal (0 of 3624)!
> 
> >Getting numerous messages of this form. Things seem to be working normally!
> 
> Aug  7 18:03:38 d_baron spamd[28529]: Exiting eval via last 
> at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127.

The latter is caused by the former, btw.  Perhaps something is over quota or
otherwise out of space?  Alternately, something like selinux restricting what
spamd can do?

The first error happens if you can open the journal file for appending,
but doing the write actually fails (in this case, nothing was able to
be written to the file).

-- 
Randomly Generated Tagline:
"The nice thing about Windows is - It does not just crash, it displays a
 dialog box and lets you press 'OK' first." - Arno Schaefer's .sig


pgp2wIMKD1dna.pgp
Description: PGP signature

RE: A lot of this going around

[David Baron]

>Aug  7 18:04:30 d_baron spamd[28549]: bayes: write failed to Bayes 
>journal /home/david/.spamassassin/bayes_journal (0 of 3624)!

>Getting numerous messages of this form. Things seem to be working normally!

>(Note that sa-update failed this morning due to problems at the site.)

Also these:

Aug  7 18:03:38 d_baron spamd[28529]: Exiting eval via last 
at /usr/share/perl5/Mail/SpamAssassin/BayesStore/DBM.pm line 1127.

bayes: database version is different than what we understand ???

[Marc Perkel]

I'm using MySQL and getting this error:

bayes: database version is different than what we understand ???

What does this mean?

Re: URIBL and SURBL no lnger hitting

[DAve]

Richard wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160


I noticed this morning that I am no longer hitting any URIBL and
SURBL. I did a test,

...


I should have included this in the debug output.

[23441] dbg: dns: is Net::DNS::Resolver available? yes
[23441] dbg: dns: Net::DNS version: 0.57


iirc (may not ...), there were some Net::DNS version issues causing probs.

perhaps try upgrading Net::DNS:

% perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"'
0.58

richard


I found a few messages of interest. One concerning teh ClamAV plugin, 
which I don't use though I have just installed the ImageInfo plugin. I 
removed it no change. I also found another message reporting a bug in 
URIDNSBL lookups. I don't think that is affecting me because it 
concerned the check loop finishing before the timeout. I can certainly 
see my timeout, it takes a full minutes before spamassassin -D --lint < 
testemail.txt will finish.


I've seen no recent messages about Net::DNS.

Not sure where to go next. The delay in SA is causing my mail to backup. 
 Though I threw some more children at MailScanner and it is catching up 
now, slowly.


Dig works, host works. Not sure why SA can't get a lookup. I've 
restarted dnscache several times, and I have my normal dns servers 
listed under 127.0.0.1 in /etc/resolv.conf.


DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: Spam with mail address in it

[Rob McEwen (PowerView Systems)]

> Perhaps sometime someone can take Joe's data and
>create a web site like URIBL were people can report
>e-mail addresses found in scam spam to create a more
>comprehensive list with faster turnaround?

Oh... I forget... a previous round of discussions about this killed off this 
idea because there is much potential for abuse.

Consider this... a 419 spammer decides to poison such a list by filling out the 
form and submitting "forged" 419 samples where they paste a 419 scam e-mail 
into the box, but use a innocent person's yahoo/hotmail/etc e-mail address.

Eventually, too many FPs and it is hard to tell the difference between the 
"real" 419 addresses and the "fake" ones which are really legit addresses of 
innocent people.

But I still think it could be done on a trust basis:

(1) submissions ONLY accepted from password-protected accounts... no option for 
anonomous submissions

(2) no data from account fed into system until X number of submissions from 
that account which match up with OTHER submitters's data

(3) data from that submitter nullified as soon as X number of submissions 
become suspect... with  (percent questioned/percent not questioned) factored 
in... knowing that if someone submits thousands of true 419 scams at some 
point, a few of these will be questioned)

Rob McEwen
PowerView Systems
[EMAIL PROTECTED]

Re: URIBL and SURBL no lnger hitting

[DAve]

DAve wrote:

DAve wrote:

Good morning,

I noticed this morning that I am no longer hitting any URIBL and 
SURBL. I did a test,


host -tTXT test.uribl.com.multi.uribl.com

and got the proper response. I also ran

spamassassin -D < testemail.txt

which is a message with a URI known in the URIBL list and it provided 
the following,


[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 
'check_tick'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:12 2006

[11340] dbg: check: running tests for priority: 500
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:13 2006

[11340] dbg: dns: success for 0 of 2 queries
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 
'check_post_dnsbl'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:26 2006

[11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:28 2006

[11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: aborting remaining lookups

Oddly the only thing I have changed is I began running sa-update. So 
out of curiosity I moved my updates.spamassassin.org* out to /tmp and 
reran the debug, same results. Logs show the last time I was getting 
hits was 4 days ago.


What have I done wrong?

DAve



I should have included this in the debug output.

[23441] dbg: dns: is Net::DNS::Resolver available? yes
[23441] dbg: dns: Net::DNS version: 0.57

DAve



OK, I'm digging now, Yahoo and Google show nothing useful. I did install 
the ImageInfo plugin so I will take it back out see what happens. 
Searching the archives again.


I'm running SA 3.1.1
No spamc/spamd (called from MailScanner)
Installed as FreeBSD port on FreeBSD 5

DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: Spam with mail address in it

[Rob McEwen (PowerView Systems)]

> Maybe uribl could be changed to also check mail addresses, too?

Chris,

SURBL and URIBL are not intended to be used for checking against the domains of 
e-mail addresses, even when the e-mail is contained within the body of the 
message.

In spite of that, I did used to do this... but I discovered that this was a 
large source for FPs... particularly e-mails which went through many rounds of 
forwarding and left dozens of e-mail addresses in the body of the message.

However, I do think that it would be great if someone created a dns-based 
blacklist stricktly for e-mails contained within the body of the message. This 
would be handy for catching the spam that you mentioned as well as for MANY 419 
scam e-mails.

In fact, Joe Wein maintains just such a list on his web site that one can 
download and then integrate into their system. But I often find that the few 
such spams which make it past my system wouldn't have been caught if checked 
against Joe's list anyways.

I attribute this to two things:

(1) dns lists that are most successful when they use **multiple** data input 
sources, all working together

(2)  turnaround time from the intitial reports to the domain (or e-mail 
address, in this case) being listed must also be lightening fast.

(but I may be making assumptions here about Joe's list)

Perhaps sometime someone can take Joe's data and create a web site like URIBL 
were people can report e-mail addresses found in scam spam to create a more 
comprehensive list with faster turnaround?

Rob McEwen
PowerView Systems
[EMAIL PROTECTED]

Re: Spam with mail address in it

[Theo Van Dinter]

On Mon, Aug 07, 2006 at 05:37:37PM +0200, decoder wrote:
> Maybe uribl could be changed to also check mail addresses, too?

FWIW, I thought there was an older one, but a quick search didn't turn
it up, so here's the new one:

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5014

-- 
Randomly Generated Tagline:
Alton Brown: Don't thank me, Chuck. I'm only here because a bet's a bet.
 Patty: Ha. I guess you didn't know about Chucky being National Junior
Wacky Golf Champion four years running.
 AB: No. I regrettably let my Wacky Golf Weekly expire.
   - Good Eats, "Squid Pro Quo"


pgpHZipEWv0LM.pgp
Description: PGP signature

Spam with mail address in it

[decoder]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,


today we received a non-recognized spam mail which contained only
plaintext + an email address to write to.

The email was [EMAIL PROTECTED] so I wanted to see if uribl maybe
lists the domain.

The command

hostx -t TXT summerdayzz.com.multi.uribl.com

gave me:

summerdayzz.com.multi.uribl.com TXT "Blacklisted, see
http://lookup.uribl.com/?domain=summerdayzz.com";


Maybe uribl could be changed to also check mail addresses, too?


Best regards,

Chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE115BJQIKXnJyDxURAnr7AJ9koMvWegG6B0Fiop4v3Dx7sjJ4WACfRYoK
CMUDyvUjXRiChgTrArCaZEw=
=U0ZF
-END PGP SIGNATURE-

Re: URIBL and SURBL no lnger hitting

[Richard]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

>> I noticed this morning that I am no longer hitting any URIBL and
>> SURBL. I did a test,
...

> I should have included this in the debug output.
> 
> [23441] dbg: dns: is Net::DNS::Resolver available? yes
> [23441] dbg: dns: Net::DNS version: 0.57

iirc (may not ...), there were some Net::DNS version issues causing probs.

perhaps try upgrading Net::DNS:

% perl -e 'use Net::DNS; print $Net::DNS::VERSION,"\n"'
0.58

richard
- --

/"\
\ /  ASCII Ribbon Campaign
 X   against HTML email, vCards
/ \  & micro$oft attachments

[GPG] OpenMacNews at gmail dot com
fingerprint: 50C9 1C46 2F8F DE42 2EDB  D460 95F7 DDBD 3671 08C6
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (Darwin)

iEYEAREDAAYFAkTXXeAACgkQlffdvTZxCMbbSQCdGworLrHjuRCNXjXwEFlsT6oy
wqYAnRoRX5LxbAULG0VfooHSAWDaynwg
=9FNS
-END PGP SIGNATURE-

Re: URIBL and SURBL no lnger hitting

[DAve]

DAve wrote:

Good morning,

I noticed this morning that I am no longer hitting any URIBL and SURBL. 
I did a test,


host -tTXT test.uribl.com.multi.uribl.com

and got the proper response. I also ran

spamassassin -D < testemail.txt

which is a message with a URI known in the URIBL list and it provided 
the following,


[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 
'check_tick'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:12 2006

[11340] dbg: check: running tests for priority: 500
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:13 2006

[11340] dbg: dns: success for 0 of 2 queries
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 
'check_post_dnsbl'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:26 2006

[11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:28 2006

[11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: aborting remaining lookups

Oddly the only thing I have changed is I began running sa-update. So out 
of curiosity I moved my updates.spamassassin.org* out to /tmp and reran 
the debug, same results. Logs show the last time I was getting hits was 
4 days ago.


What have I done wrong?

DAve



I should have included this in the debug output.

[23441] dbg: dns: is Net::DNS::Resolver available? yes
[23441] dbg: dns: Net::DNS version: 0.57

DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: 0451.com

[Logan Shaw]

On Mon, 7 Aug 2006, Tony Finch wrote:

On Mon, 7 Aug 2006, Hamish Marson wrote:



The RFC's actually state that a domain MUST start with a letter, and
be any letter or digit or hyphen after. So according to the RFC's
purely numberic domains are illegal.


No! Wrong! Totally wrong! If they were illegal they would never have been
allocated. Duh.

RFC 1123 section 2.1:

   The syntax of a legal Internet host name was specified in RFC-952
   [DNS:4].  One aspect of host name syntax is hereby changed: the
   restriction on the first character is relaxed to allow either a
   letter or a digit.  Host software MUST support this more liberal
   syntax.


Ah, I thought I remembered something along those lines but
couldn't find the reference.

Also, for what it's worth, there are some legitimate businesses
that use domains beginning with a digit.  3Com, for instance.

  - Logan

Re: 0451.com

[Tony Finch]

On Mon, 7 Aug 2006, Hamish Marson wrote:
>
> The RFC's actually state that a domain MUST start with a letter, and
> be any letter or digit or hyphen after. So according to the RFC's
> purely numberic domains are illegal.

No! Wrong! Totally wrong! If they were illegal they would never have been
allocated. Duh.

RFC 1123 section 2.1:

The syntax of a legal Internet host name was specified in RFC-952
[DNS:4].  One aspect of host name syntax is hereby changed: the
restriction on the first character is relaxed to allow either a
letter or a digit.  Host software MUST support this more liberal
syntax.

Tony.
-- 
f.a.n.finch  <[EMAIL PROTECTED]>  http://dotat.at/
FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR
GOOD.

Re: testing for empty text/plain

[Theo Van Dinter]

On Mon, Aug 07, 2006 at 09:11:14AM -0400, Eric A. Hall wrote:
> What's the most efficient way to grab the text/plain part?

Check out the other code/plugins.  Getting to a specific message part
is pretty easy.

-- 
Randomly Generated Tagline:
Sarchasm: The gulf between the author of sarcastic wit, and the recipient
 who doesn't get it.
 - Washington Post


pgpjQVMr52Don.pgp
Description: PGP signature

OCR

[Filbert]

Hi,

I'm planning to test the OCR module in SA very soon.

I was wondering if other (commercial) anti-spam products already have a OCR 
module built-in?

Thx
F.

Re: Upgrade Woo's

[Theo Van Dinter]

On Mon, Aug 07, 2006 at 08:00:59AM -0400, Chuck Payne wrote:
> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: W
> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
> skipping: bayes_use_chi2_combining 1

"W" isn't a valid config line, and the chi2 business is not a valid config
option.

> Aug  7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to
> parse line, "/home/spamd/" is not valid for "bayes_path", skipping:
> bayes_path /home/spamd/

bayes_path should be pointing at a path w/ file prefix, not a directory.

> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
> skipping: use_dcc 1
> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
> skipping: dcc_timeout 8
> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
> skipping: dcc_home /var/spool/amavis/dcc/
> Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
> skipping: dcc_path /var/spool/amavis/bin/cdcc

Looks like you didn't load the plugin.

-- 
Randomly Generated Tagline:
"And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports
 on it, you know they are just evil lies."   - Linus Torvalds


pgp9UrmzWu0km.pgp
Description: PGP signature

URIBL and SURBL no lnger hitting

[DAve]

Good morning,

I noticed this morning that I am no longer hitting any URIBL and SURBL. 
I did a test,


host -tTXT test.uribl.com.multi.uribl.com

and got the proper response. I also ran

spamassassin -D < testemail.txt

which is a message with a URI known in the URIBL list and it provided 
the following,


[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 'check_tick'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:12 2006

[11340] dbg: check: running tests for priority: 500
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:13 2006

[11340] dbg: dns: success for 0 of 2 queries
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: dns: timeout for NO_DNS_FOR_FROM after 15 seconds
[11340] dbg: plugin: 
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8a19be0) implements 
'check_post_dnsbl'

[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:26 2006

[11340] dbg: uridnsbl: waiting 2 seconds for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: select found no socks ready
[11340] dbg: uridnsbl: queries completed: 0 started: 0
[11340] dbg: uridnsbl: queries active: DNSBL=2 NS=1 at Mon Aug  7 
10:23:28 2006

[11340] dbg: uridnsbl: done waiting for URIDNSBL lookups to complete
[11340] dbg: uridnsbl: aborting remaining lookups

Oddly the only thing I have changed is I began running sa-update. So out 
of curiosity I moved my updates.spamassassin.org* out to /tmp and reran 
the debug, same results. Logs show the last time I was getting hits was 
4 days ago.


What have I done wrong?

DAve

--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?

Maybe they forgot who made that choice possible.

Re: 0451.com

[Duncan Hill]

On Monday 07 August 2006 15:20, Obantec Support wrote:

> What would 192.com or 118118.com do without these names?

Deal with the fact that the RFCs don't support such names, and petition for a 
new RFC that accomodates their names?

Other businesses have had no issues adapting to the requirements of the RFCs, 
so why they should be singled out, I don't know.

Re: 0451.com

[Obantec Support]

- Original Message - 
From: "Hamish Marson" <[EMAIL PROTECTED]>
To: "Duncan Hill" <[EMAIL PROTECTED]>
Cc: 
Sent: Monday, August 07, 2006 3:11 PM
Subject: Re: 0451.com


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Duncan Hill wrote:
> > On Monday 07 August 2006 00:02,  wrote:
> >> | 2250 0733.com
> >
> >> Here are my numbers from last week:
> >>
> >> 5006 0451.com 3845 53.com
> >
> > Not seeing anywhere near as high, but this is only on my personal
> > server: 440733.com 340451.com 110668.com 4 023.com
> > 2 08.com 2 020.com 1 212.com 1 07770500.com 1
> > 01191.com 1 004.com
> >
> > However, the majority are already being rejected with my standard
> > rules in Postfix (like don't accept mail from certain netblocks).
> > I would have sworn there used to be a domain registration rule that
> > said pure-numeric domains were illegal, but I'm not sure.
> 
> The RFC's actually state that a domain MUST start with a letter, and
> be any letter or digit or hyphen after. So according to the RFC's
> purely numberic domains are illegal.
> 
> (e.g. From RFC 1035)
> 
>  ::=  | " "
> 
>  ::=  |  "." 
> 
>  ::=  [ [  ]  ]
> 
>  ::=  |  
> 
>  ::=  | "-"
> 
>  ::=  | 
> 
>  ::= any one of the 52 alphabetic characters A through Z in
> upper case and a through z in lower case
> 
>  ::= any one of the ten digits 0 through 9
> 
> 
> Seems clear to me... And since RFC1035 is still current, I'm not sure why
> purely numeric domains are considered acceptable. (Apart from I can't
> think
> of a really good reason apart from pedanticness to stop them).
> 
> Hamish,
> 
> 
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFE10oj/3QXwQQkZYwRAiq3AJ9aPoHZ7M6Bdmhf2E093xX8iOlCMACePBe8
> pgAwacs61+KKqglxUcMr9vs=
> =kn09
> -END PGP SIGNATURE-
>

What would 192.com or 118118.com do without these names?

Mark
 

Re: 0451.com

[Hamish Marson]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Duncan Hill wrote:
> On Monday 07 August 2006 00:02,  wrote:
>> | 2250 0733.com
>
>> Here are my numbers from last week:
>>
>> 5006 0451.com 3845 53.com
>
> Not seeing anywhere near as high, but this is only on my personal
> server: 440733.com 340451.com 110668.com 4 023.com
> 2 08.com 2 020.com 1 212.com 1 07770500.com 1
> 01191.com 1 004.com
>
> However, the majority are already being rejected with my standard
> rules in Postfix (like don't accept mail from certain netblocks).
> I would have sworn there used to be a domain registration rule that
> said pure-numeric domains were illegal, but I'm not sure.

The RFC's actually state that a domain MUST start with a letter, and
be any letter or digit or hyphen after. So according to the RFC's
purely numberic domains are illegal.

(e.g. From RFC 1035)

 ::=  | " "

 ::=  |  "." 

 ::=  [ [  ]  ]

 ::=  |  

 ::=  | "-"

 ::=  | 

 ::= any one of the 52 alphabetic characters A through Z in
upper case and a through z in lower case

 ::= any one of the ten digits 0 through 9


Seems clear to me... And since RFC1035 is still current, I'm not sure why
purely numeric domains are considered acceptable. (Apart from I can't
think
of a really good reason apart from pedanticness to stop them).

Hamish,




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE10oj/3QXwQQkZYwRAiq3AJ9aPoHZ7M6Bdmhf2E093xX8iOlCMACePBe8
pgAwacs61+KKqglxUcMr9vs=
=kn09
-END PGP SIGNATURE-

Re: Upgrade Woo's

[Loren Wilton]

As Imentioned to someone (perhaps you) the error checking has improved and 
previously erroneous stuff is getting caught and flagged.



Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: 
W


You seem to have an uncommented "W" somewhere in a config file.


Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: bayes_use_chi2_combining 1


Not sure, this may be obsolete.


Aug  7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to
parse line, "/home/spamd/" is not valid for "bayes_path", skipping:
bayes_path /home/spamd/


Bayes_path is misnamed, it is both a path and a filename prefix.  "/" isn't 
a valid filename prefix.

A usable name would be /home/spamd/bayes.


Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: use_dcc 1


DCC is now a plugin and not enabled by default.  Enable the plugin in 
init.pre or v310.pre (wherever it happens to live) and these shoudl fix 
themselves.



Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_timeout 8
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_home /var/spool/amavis/dcc/
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_path /var/spool/amavis/bin/cdcc


The rest of this is just debug noise, no problems.


Aug  7 07:32:03 magi spamd[14114]: spamd: server started on port
783/tcp (running version 3.1.3)
Aug  7 07:32:03 magi spamd[14114]: spamd: server pid: 14114
Aug  7 07:32:03 magi spamd[14114]: spamd: server successfully spawned
child process, pid 14115
Aug  7 07:32:03 magi spamd[14114]: spamd: server successfully spawned
child process, pid 14116
Aug  7 07:32:03 magi spamd[14114]: prefork: child states: II


   Loren

Re: testing for empty text/plain

[Eric A. Hall]

On 8/7/2006 12:25 AM, Theo Van Dinter wrote:
> On Mon, Aug 07, 2006 at 12:07:58AM -0400, Eric A. Hall wrote:
>> Anybody written a rule that tests for empty text/plain, preferably only
>> when a non-empty text/html or some other media-type is provided?
> 
> Sounds very similar to MPART_ALT_DIFF.

That might be useful as a pre-test filter, such as looking to see if
MPART_ALT_DIFF fired before doing anything else. From there I can grep to
see if text/plain has any printable characters.

What's the most efficient way to grab the text/plain part?

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

Re: 0451.com and blacklist domains

[Ben Wylie]

and not only them according to our daily sendmail logs:

# egrep '@[0-9]+\.com' YESTERDAY | sed -e 's/^.*@//' -e 's/>.*$//' |
sort | uniq -c | sort -rn | head
2484 0733.com
2449 0451.com
100 072.com
 66 1039.com
 52 006.com
 51 0668.com
 40 004.com
 37 163.com
 18 126.com
 15 mail.0451.com


Thanks for your lists.
This leads me onto another point, are there any lists of domains which 
NEVER send out ham?


I do block some domains such as:
management-skills-uk.co.uk
bahamasvacationdealweb.com

which i have received a lot of spam from in the past but i don't know if 
they still do send spam.


Obviously most spam comes from forged email addresses but if there was a 
list of forged domains which never send ham, i expect it would catch a 
significant proportion of spam.


I don't want to block spammy domains like hanmail.net because i do get 
some ham from them as well which i can't block.


Thanks,
Ben

Upgrade Woo's

[Chuck Payne]

Hi,

I just did a major from 3.0.4 to 3.1.3. I am having some issue with
the upgrade. When I start spamd I see the following error in my mail
log.


Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line, skipping: W
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: bayes_use_chi2_combining 1
Aug  7 07:32:02 magi spamd[14114]: config: SpamAssassin failed to
parse line, "/home/spamd/" is not valid for "bayes_path", skipping:
bayes_path /home/spamd/
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: use_dcc 1
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_timeout 8
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_home /var/spool/amavis/dcc/
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_path /var/spool/amavis/bin/cdcc
Aug  7 07:32:03 magi spamd[14114]: spamd: server started on port
783/tcp (running version 3.1.3)
Aug  7 07:32:03 magi spamd[14114]: spamd: server pid: 14114
Aug  7 07:32:03 magi spamd[14114]: spamd: server successfully spawned
child process, pid 14115
Aug  7 07:32:03 magi spamd[14114]: spamd: server successfully spawned
child process, pid 14116
Aug  7 07:32:03 magi spamd[14114]: prefork: child states: II


"/home/spamd/" is not valid for "bayes_path", skipping: bayes_path /home/spamd/
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: use_dcc 1
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_timeout 8
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_home /var/spool/amavis/dcc/
Aug  7 07:32:02 magi spamd[14114]: config: failed to parse line,
skipping: dcc_path /var/spool/amavis/bin/cdcc

These were working in 3.0.4  I haven't change anything in my local.cf.

# Enable Bayes auto-learning
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_learn1
bayes_path  /home/spamd/
bayes_file_mode 0666
bayes_min_ham_num 200
bayes_min_spam_num 200
bayes_learn_during_report 1
bayes_auto_learn_threshold_nonspam  0.1
bayes_auto_learn_threshold_spam 5.0
bayes_use_hapaxes   1
bayes_use_chi2_combining1
bayes_ignore_header ReSent-Date
bayes_ignore_header ReSent-From
bayes_ignore_header ReSent-Message-ID
bayes_ignore_header ReSent-Subject
bayes_ignore_header ReSent-To
bayes_ignore_header Resent-Date
bayes_ignore_header Resent-From
bayes_ignore_header ReSent-Message-ID
bayes_ignore_header ReSent-Subject
bayes_ignore_header ReSent-To
bayes_ignore_header Resent-Date
bayes_ignore_header Resent-From
bayes_ignore_header Resent-Message-ID
bayes_ignore_header Resent-Subject
bayes_ignore_header Resent-To
bayes_ignore_header X-Received-From-IP
bayes_ignore_header X-Virus-Scanned
bayes_ignore_header X-Spam-Status
bayes_ignore_header X-Spam-Level
bayes_ignore_header X-Sender
bayes_ignore_header X-Mailer


#
# Enable or disable network checks
#
use_razor2  1
use_dcc 1
dcc_timeout 8
dcc_home/var/spool/amavis/dcc/
use_pyzor   0

Before the update dcc was working...here is example of the out from a
message just minutes before the update

Content analysis details:   (3.6 points, 1.5 required)

pts rule name  description
 -- --
0.2 RISK_FREE  BODY: Risk free.  Suuurr
0.1 HTML_50_60 BODY: Message is 50% to 60% HTML
0.0 HTML_WEB_BUGS  BODY: Image tag intended to identify you
0.0 HTML_MESSAGE   BODY: HTML included in message
1.5 RAZOR2_CF_RANGE_51_100 BODY: Razor2 gives confidence level above 50%
   [cf: 100]
0.1 RAZOR2_CHECK   Listed in Razor2 (http://razor.sf.net/)
1.4 DCC_CHECK  Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.2 DIGEST_MULTIPLEMessage hits more than one network digest check

Bayes has never worked, so at this time I am not worried about. The
path is correct.
-
The other problem I am having is where the score show up in the header
isn't the same as that subject

Subject: [SPAM(4.3)] Re: your order is ready for shipment  138925084

X-Spam-Checker-Version:SpamAssassin 3.1.3 (2006-06-01) on my.domain.com
X-Spam-Status: No, score=1.4 required=5.0
tests=AWL,HTML_MESSAGE, NUMERIC_HTTP_ADDR,SUBJ_HAS_UNIQ_ID,UNPARSEABLE_RELAY
autolearn=noversion=3.1.3
X-Spam-Level: *

from the box


Content analysis details:   (4.3 points, 1.5 required)

pts rule name  description
 -- --

RE: 0451.com

[Gary D. Margiotta]

On Mon, 7 Aug 2006, Sietse van Zanen wrote:


OK than let's put this in another 'political' context:

Caring about 'legitimate' e-mail coming from those domains would be like 
caring for the few 'legitimate' bombs dropped over Iraq, Afghanistan or 
Lebanon.


It would indeed be better to have no bombs at all

-Sietse



First off, STOP top-posting.

Secondly, let's keeps the political contexts, views, and any other 
personal beliefs off of this technical mailing list.  No, I am not saying 
this to express my beliefs on what you're talking about either way, this 
is no place for that type of discussion.


If you want to talk politics or whether your take on any conflict is 
right, just, "leitimate", or whatever, then take it to a political 
discussion board and you can talk all day long.


Now, back on topic please.

-Gary





From: Tony Finch on behalf of Tony Finch
Sent: Mon 07-Aug-06 13:26
To: Sietse van Zanen
Cc: users@spamassassin.apache.org
Subject: RE: 0451.com



On Mon, 7 Aug 2006, Sietse van Zanen wrote:


Caring about 'legitimate' e-mail coming from these domains would be like
caring about the 'legitimate' claims of Bush saying he is a true
christian...


All-numeric domains are popular in China because they are easier for
people to deal with than alphabetic domains. For example, 263.com is
China's second-largest ISP. You can't just assume that an all-numeric
domain is necessarily abusive, any more so than Yahoo or Fastmail.

Tony.
--
f.a.n.finch  <[EMAIL PROTECTED]>  http://dotat.at/
FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR
GOOD.

RE: 0451.com

[Michael Scheidell]

I have a US customer with a numeric domain.

Not sure why they did that (boy, did it muck up Microsoft NT!)

Funny thing, when the spammers starting dictionary attacks, they do it
in alphabetic order, so numeric domains get hit with spam first also.

RE: 0451.com

[Sietse van Zanen]

OK than let's put this in another 'political' context:
 
Caring about 'legitimate' e-mail coming from those domains would be like caring 
for the few 'legitimate' bombs dropped over Iraq, Afghanistan or Lebanon.
 
It would indeed be better to have no bombs at all
 
-Sietse



From: Tony Finch on behalf of Tony Finch
Sent: Mon 07-Aug-06 13:26
To: Sietse van Zanen
Cc: users@spamassassin.apache.org
Subject: RE: 0451.com



On Mon, 7 Aug 2006, Sietse van Zanen wrote:

> Caring about 'legitimate' e-mail coming from these domains would be like
> caring about the 'legitimate' claims of Bush saying he is a true
> christian...

All-numeric domains are popular in China because they are easier for
people to deal with than alphabetic domains. For example, 263.com is
China's second-largest ISP. You can't just assume that an all-numeric
domain is necessarily abusive, any more so than Yahoo or Fastmail.

Tony.
--
f.a.n.finch  <[EMAIL PROTECTED]>  http://dotat.at/
FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR
GOOD.

Re: spamd not well after crash

[Loren Wilton]

It would be easier to fire up CPAN and install the latest than to
try and figure it out.  You are back level 2 or 4 releases.


If you previously installed from a distro of some kind you should probably 
upgrade using the newer distro rather than CPAN directly; otherwise you can 
end up with mucked up installations since some distros move things around.




ok. i'll be doing it. but we are using vpopmail with individual
preferences for every user. does that mean that every single user has to
start from scratch?!  how do you rebuild individual databases?!
i remember asking bout that in order to be able to do black/white listing
per user and as far as i remember that was not possible?!?!?!
and what happened the the rbl lookups?!?!


Not much has changed in regards to any of this between 3.0.4 and now.  The 
major change is that there are more things in plugins, and some of them 
arean't enabled by default.  You will have to look for init.pre and any 
other *.pre files in the same general place, and see which things you want 
to uncomment.  I think some of the RBLs may qualify for this.


The user config files, if they were up to date in 3.0 and not spitting 
warnings, will probably still be OK.  There has been some added syntax 
checking, so things that were wrong but didn't get complaints before might 
get complaints now.  Same with your site-wide config files.  As always, it 
is a good idea to run --lint after the new install to see what it might 
complain about.


I don't believe either the Bayes or AWL databases have changed since around 
3.0, so I don't think you should have to do any rebuilding as the result of 
the upgrade.


   Loren

Re: 0451.com

[Ralf Hildebrandt]

* Tony Finch <[EMAIL PROTECTED]>:

> All-numeric domains are popular in China because they are easier for
> people to deal with than alphabetic domains. For example, 263.com is
> China's second-largest ISP. You can't just assume that an all-numeric
> domain is necessarily abusive, any more so than Yahoo or Fastmail.

Is there any meaning to "263" in Chinese?
-- 
Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED]
Charite - Universitätsmedizin BerlinTel.  +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-BerlinFax.  +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]

RE: 0451.com

[Tony Finch]

On Mon, 7 Aug 2006, Sietse van Zanen wrote:

> Caring about 'legitimate' e-mail coming from these domains would be like
> caring about the 'legitimate' claims of Bush saying he is a true
> christian...

All-numeric domains are popular in China because they are easier for
people to deal with than alphabetic domains. For example, 263.com is
China's second-largest ISP. You can't just assume that an all-numeric
domain is necessarily abusive, any more so than Yahoo or Fastmail.

Tony.
-- 
f.a.n.finch  <[EMAIL PROTECTED]>  http://dotat.at/
FISHER: WEST OR NORTHWEST 4 OR 5 BECOMING VARIABLE 3 OR 4. FAIR. MODERATE OR
GOOD.

Re: sender in blacklist_from but message is delivered to recipient

[Daryl C. W. O'Shea]

jdow wrote:


All is normal. SpamAssassin NEVER fails to deliver email. It simply
marks it as spam. It is the job of whatever called SpamAssassin to
parse the return and filter as you wish.


I'd say it ALWAYS fails to deliver email, since it doesn't do that. ;)

RE: 0451.com

[Sietse van Zanen]

Caring about 'legitimate' e-mail coming from these domains would be like caring 
about the 'legitimate' claims of Bush saying he is a true christian...
 
-Sietse



From: Nigel Frankcom [mailto:[EMAIL PROTECTED]
Sent: Mon 07-Aug-06 11:32
To: users@spamassassin.apache.org
Subject: Re: 0451.com



On Mon, 7 Aug 2006 08:21:41 +0100, Duncan Hill
<[EMAIL PROTECTED]> wrote:

>On Monday 07 August 2006 00:02,  wrote:
>> | 2250 0733.com
>
>> Here are my numbers from last week:
>>
>>5006 0451.com
>>3845 53.com
>
>Not seeing anywhere near as high, but this is only on my personal server:
>440733.com
>340451.com
>110668.com
>4 023.com
>2 08.com
>2 020.com
>1 212.com
>1 07770500.com
>1 01191.com
>1 004.com
>
>However, the majority are already being rejected with my standard rules in
>Postfix (like don't accept mail from certain netblocks).  I would have sworn
>there used to be a domain registration rule that said pure-numeric domains
>were illegal, but I'm not sure.

Daily stats for 0451.com... we are by no means a large mail operation.
Pretty safe to say they don't send any legitimate mail out I think.

DateCount
060701 = 146
060702 = 152
060703 = 121
060704 = 419
060705 = 479
060706 = 135
060707 = 81
060708 = 77
060709 = 48
060710 = 30
060711 = 270
060712 = 128
060713 = 53
060714 = 111
060715 = 56
060716 = 100
060717 = 74
060718 = 71
060719 = 103
060720 = 86
060721 = 186
060722 = 85
060723 = 107
060724 = 90
060725 = 15
060726 = 114
060727 = 86
060728 = 110
060729 = 103
060730 = 102
060731 = 117
060801 = 119
060802 = 63
060803 = 83
060804 = 153
060805 = 132
060806 = 149

Total = 4554

Re: spamd not well after crash

[kalin mintchev]

>
> Horked Bayes database?
>
> It would be easier to fire up CPAN and install the latest than to
> try and figure it out.  You are back level 2 or 4 releases.

ok. i'll be doing it. but we are using vpopmail with individual
preferences for every user. does that mean that every single user has to
start from scratch?!  how do you rebuild individual databases?!
i remember asking bout that in order to be able to do black/white listing
per user and as far as i remember that was not possible?!?!?!
and what happened the the rbl lookups?!?!

thanks..



>
>
> --
> _
> John Andersen
>

Re: sender in blacklist_from but message is delivered to recipient

[jdow]

From: "Daniel Chojecki" <[EMAIL PROTECTED]>


Hello,

my conf is:
postfix-2.3.2
spamd 3.1.4
blacklist_from in sql.

The problem is that spamd delivers message even when the sender
is on blacklist_from - in logs i see - user_in_blacklist.

Any idea ?


All is normal. SpamAssassin NEVER fails to deliver email. It simply
marks it as spam. It is the job of whatever called SpamAssassin to
parse the return and filter as you wish. (I simply filter by letting
OE sort into folders. The spam folder gets checked once or twice a
day for false alarms at low scores. Otherwise it just gets trashed.)

{^_^}   Joanne

Re: 0451.com

[Nigel Frankcom]

On Mon, 7 Aug 2006 08:21:41 +0100, Duncan Hill
<[EMAIL PROTECTED]> wrote:

>On Monday 07 August 2006 00:02,  wrote:
>> | 2250 0733.com
>
>> Here are my numbers from last week:
>>
>>5006 0451.com
>>3845 53.com
>
>Not seeing anywhere near as high, but this is only on my personal server:
>440733.com
>340451.com
>110668.com
>4 023.com
>2 08.com
>2 020.com
>1 212.com
>1 07770500.com
>1 01191.com
>1 004.com
>
>However, the majority are already being rejected with my standard rules in 
>Postfix (like don't accept mail from certain netblocks).  I would have sworn 
>there used to be a domain registration rule that said pure-numeric domains 
>were illegal, but I'm not sure.

Daily stats for 0451.com... we are by no means a large mail operation.
Pretty safe to say they don't send any legitimate mail out I think.

DateCount
060701 = 146
060702 = 152
060703 = 121
060704 = 419
060705 = 479
060706 = 135
060707 = 81
060708 = 77
060709 = 48
060710 = 30
060711 = 270
060712 = 128
060713 = 53
060714 = 111
060715 = 56
060716 = 100
060717 = 74
060718 = 71
060719 = 103
060720 = 86
060721 = 186
060722 = 85
060723 = 107
060724 = 90
060725 = 15
060726 = 114
060727 = 86
060728 = 110
060729 = 103
060730 = 102
060731 = 117
060801 = 119
060802 = 63
060803 = 83
060804 = 153
060805 = 132
060806 = 149

Total = 4554

sender in blacklist_from but message is delivered to recipient

[Daniel Chojecki]

Hello,my conf is:postfix-2.3.2spamd 3.1.4blacklist_from in sql.The problem is that spamd delivers message even when the senderis on blacklist_from - in logs i see - user_in_blacklist.
Any idea ?best regradsDaniel

Re: 0451.com

[Duncan Hill]

On Monday 07 August 2006 00:02,  wrote:
> | 2250 0733.com

> Here are my numbers from last week:
>
>5006 0451.com
>3845 53.com

Not seeing anywhere near as high, but this is only on my personal server:
440733.com
340451.com
110668.com
4 023.com
2 08.com
2 020.com
1 212.com
1 07770500.com
1 01191.com
1 004.com

However, the majority are already being rejected with my standard rules in 
Postfix (like don't accept mail from certain netblocks).  I would have sworn 
there used to be a domain registration rule that said pure-numeric domains 
were illegal, but I'm not sure.