Re: SPAM: Increase in targeted spams
I see this statement every so often, and frankly, I don't buy it. If I sign up for a product registration with one of your partners, it should not be my burden to be sure your partners don't use it for spam and don't give it to you for spam (and, yes, it's still spam in that situation). It's YOUR burden to ensure that you're not sending advertisements to anyone who doesn't want them. It's not their burden to ask to be taken off of a list they didn't want to be on in the first place. Any service sending ads that doesn't regularly ask "still want to be on our list?" and automatically unsubscribe anyone who doesn't positively respond, has no business saying that they're not sending spam. On Aug 11, 2006, at 7:57 PM, Genutrust wrote: Just a quick note. I am from Genutrust.com. We do not harvest any information, nor do we send spam email. If your user was on our list, it is because she subscribed through one of our partners. It is very easy to unsubscribe at genutrust.com/trust . It would be impossible to get all the information we have on our subscribers if they did not provide it to us. Also regarding the message about using our CPU cycles, we are not concerned with this, as we are not spammers and only send about 250,000 messages daily. Thanks. Chris Santerre wrote: One of our users received a spam today from genutrust .com, URL in spam CHICHIMECA .COM This spam was VERY targeted. User's first and last name, complete address, and her phone number. She informed me her phone number was listed with initials of her and her husband, not her full name. So she has no idea where they got this info. It was already caught as spam, but it definetly has the user a bit nervous. Looks like the targeted spams to bypass bayes filters is on the rise. Anyone else see one of these from genutrust? Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com -- View this message in context: http://www.nabble.com/SPAM%3A-Increase-in-targeted-spams- tf1992607.html#a5772241 Sent from the SpamAssassin - Users forum at Nabble.com.
Re: [ot] Re: HTML-tests good or bad?
From: "Bill Horne" <[EMAIL PROTECTED]> On Aug 10, 2006, at 8:42 PM, jdow wrote: >I skipped step three. >{+_+}This will haunt me forever, right? Not at all, we're not that kind of people. Mind you, we have been known to have a _little_ fun now and then, so if it's not too much trouble, would you please supply - The name and address of your college English professor Um deceased. The name, address, and phone number of your parents Two candidates for this are dead. The phone number for the local "Rent A Clown" service Erm "I'm it?" Thanks in advance, and really, don't worry so much. What, ME worry? {^_-}
Re: [ot] Re: HTML-tests good or bad?
> On Aug 10, 2006, at 8:42 PM, jdow wrote: > > >I skipped step three. > >{+_+}This will haunt me forever, right? Not at all, we're not that kind of people. Mind you, we have been known to have a _little_ fun now and then, so if it's not too much trouble, would you please supply - The name and address of your college English professor The name, address, and phone number of your parents The phone number for the local "Rent A Clown" service Thanks in advance, and really, don't worry so much. Bill
Re: SPAM: Increase in targeted spams
Just a quick note. I am from Genutrust.com. We do not harvest any information, nor do we send spam email. If your user was on our list, it is because she subscribed through one of our partners. It is very easy to unsubscribe at genutrust.com/trust . It would be impossible to get all the information we have on our subscribers if they did not provide it to us. Also regarding the message about using our CPU cycles, we are not concerned with this, as we are not spammers and only send about 250,000 messages daily. Thanks. Chris Santerre wrote: > > One of our users received a spam today from genutrust .com, URL in spam > CHICHIMECA .COM > > This spam was VERY targeted. User's first and last name, complete address, > and her phone number. She informed me her phone number was listed with > initials of her and her husband, not her full name. So she has no idea > where > they got this info. > > It was already caught as spam, but it definetly has the user a bit > nervous. > Looks like the targeted spams to bypass bayes filters is on the rise. > > Anyone else see one of these from genutrust? > > Chris Santerre > SysAdmin and SARE/URIBL ninja > http://www.uribl.com > http://www.rulesemporium.com > > > > -- View this message in context: http://www.nabble.com/SPAM%3A-Increase-in-targeted-spams-tf1992607.html#a5772241 Sent from the SpamAssassin - Users forum at Nabble.com.
Slow scan time
http://www3.2cah.com/spam/sa_slowhtml.txt I got inundated with messages similar to this today. The average scan time here for these is 25+ seconds when the box is under _low_ load. My guess is that it has to do with the number of URLs. Any thoughts on this? -- Craig
RE: Image spam with inline jpeg image
> -Original Message- > From: jdow [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 09, 2006 7:33 PM > Gary Funck wrote: > > Has anyone considered also supplying new rules in the > > form of rpm's available via a yum-compatible repository? > > It'd be nice to have the usual versioning and logging > > support as well as a central update facility. This > > could be done as a gateway to sa-update, perhaps > > providing the updates in other package formats as well. > > For about a femto-second, perhaps. There is too much YMMV > involved with the SARE rule sets to make it practical as > an rpm solution. I agree there's lots of room for variation, but for the rpm-minded, perhaps it'd make sense to have have a small number of pre-config'd packages - something like: (1) conservative, (2) aggressive, and (3) kitchen sink. Alternatively, perhaps the install of the rpm could be pre-conditioned by a config. file [not something that appeals to me, but possible]. I think offering a few canned packages is doable and probably would meet the 80/20 criteria for most users.
Re: Image spam with inline jpeg image
From: "Bret Miller" <[EMAIL PROTECTED]> >>> Nor does it make sense to use a tool, even if supplied with SpamAssassin, >>> that is broken for performing updates. > >> what's the "broken" part? > > Well, this may not qualify as broken, but I would say it's an > undesirable behavior that, upon successful download of the new > set of rules, it immediately deletes your old set of rules. > What happens if the new set is broken? There's no easy way > to revert to the last known good state. > > I would prefer a system where it downloads every update to a new > directory, then just changes a symlink to point to the newest > one, leaving the old one in place in case you want to revert. > Of course, this would require a system for expiring old updates > (since you don't want to have 100 copies of the rules sitting > around), but that shouldn't be too hard. One would presume an intelligent system for doing such updates would play directory rename tricks or simply copy off active rules to an archive directory so that if a "spamassasssin --lint" fails on the newly downloaded files recovery could be effected easily. One would further presume that update would do this. Is this cyberunit faulty for making this presumption? Sa-update lints prior to updating, and updates only if the rules lint successfully. Bret, I'd have been utterly astonished if it didn't. {^_-}
Re: [ot] Re: HTML-tests good or bad?
From: "Kurt Buff" <[EMAIL PROTECTED]> | From: jdow [mailto:[EMAIL PROTECTED] | | - Original Message - | From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> | To: | Sent: Thursday, August 10, 2006 16:00 | Subject: [ot] Re: HTML-tests good or bad? | | | > jdow wrote: | >> From: "John Rudd" <[EMAIL PROTECTED]> | >>> | >>> On Aug 9, 2006, at 8:08 PM, Daryl C. W. O'Shea wrote: | >>> | jdow wrote: | > I've been noticing that this seems to be cropping up in | an awful lot | > in the righting committed by younger folks. It | contributes to the | > impression that even college graduates these days are | functionally | > illiterate. | | In the righting? I think you spelt that wrong. :) | | >>> | >>> Yeah, I thought I smelt something wrong in there... | >> | >> Actually spelled correctly but I picked the wrong synonym. | So it was a | >> case of synonymitis. (Yeah, I admit I am prone to neologisms.) | >> | >> {^_-} | > | > Nope. "righting" isn't a synonym for "writing". :p | Duh - homonym. | | Agenda | 1) Get out of bed at a REASONABLE time - like 3PM | 2) Perform morning ablutions. | 3) Make sure brain is functional. | 4) THEN get online. | | I skipped step three. | {+_+}This will haunt me forever, right? No - it will only last as long as the Internet does. :):):) My immortality is assured! {^_-}
RE: [ot] Re: HTML-tests good or bad?
| From: jdow [mailto:[EMAIL PROTECTED] | | - Original Message - | From: "Daryl C. W. O'Shea" <[EMAIL PROTECTED]> | To: | Sent: Thursday, August 10, 2006 16:00 | Subject: [ot] Re: HTML-tests good or bad? | | | > jdow wrote: | >> From: "John Rudd" <[EMAIL PROTECTED]> | >>> | >>> On Aug 9, 2006, at 8:08 PM, Daryl C. W. O'Shea wrote: | >>> | jdow wrote: | > I've been noticing that this seems to be cropping up in | an awful lot | > in the righting committed by younger folks. It | contributes to the | > impression that even college graduates these days are | functionally | > illiterate. | | In the righting? I think you spelt that wrong. :) | | >>> | >>> Yeah, I thought I smelt something wrong in there... | >> | >> Actually spelled correctly but I picked the wrong synonym. | So it was a | >> case of synonymitis. (Yeah, I admit I am prone to neologisms.) | >> | >> {^_-} | > | > Nope. "righting" isn't a synonym for "writing". :p | Duh - homonym. | | Agenda | 1) Get out of bed at a REASONABLE time - like 3PM | 2) Perform morning ablutions. | 3) Make sure brain is functional. | 4) THEN get online. | | I skipped step three. | {+_+}This will haunt me forever, right? No - it will only last as long as the Internet does. :):):) Kurt
Re: sa-update vs RDJ
On Thu, Aug 10, 2006 at 06:27:59PM -0400, Theo Van Dinter wrote: > Gah! I just found that sha1sum.pl is in MANIFEST.SKIP for some reason. > WTF? FWIW, I just put build/md5sum.pl and build/sha1sum.pl back in MANIFEST so they'll be included in the tarball for 3.1.5 and beyond. :) -- Randomly Generated Tagline: "Imagination is more important than knowledge." - Albert Einstein pgp9kHaelb0NU.pgp Description: PGP signature
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
Chris Santerre wrote: and, the OTHER project in this discussion -- SARE -- leaning on your own argument, is pointedly NOT undertaking to use/conform to sa's 'official' tools & capabilities -- namely, sa-update as a delivery mechanism. I don't see how I can make this any clearer SARE is rules. NOT delivery. SARE is NOT an official part of SA. And it is completely optional. I agree completely (feeling guilty for starting this discussion). The entire point of my thread, my questions, my request for input was *not* that I thought SA should provide some mechanisim for keeping rules all in one place, or that I thought SARE_*, backhair, weeds, or any other ruleset/author/hacker should conform to SA's delivery method. Nor should the SA team be required to provide a delivery method. I was just trying to find a way to make my life easier. My failed attempt at using sa-update --updatedir to place SA updated rules alongside RoulsDuJour updates caused me to change my thinking 180 degrees and attempt to get all other rule updates to play nicely with SA. Right now SARE seems to be getting the brunt of the discussion, but what about tomorrow with Doctor Doolittle's SA Rule Compendium launches? Or next year when the EuropeanAntiSpamConsortium goes online? I don't consider it the rule authors responsibility to make a channel anymore than I think every single piece of software should be provided as RPM. With that said, I would prefer not to have a update procedure for every rule source I use. The SA developers have provided a means to update rules efficiently and in a supported manner. Until now, RulsDuJour was "the only game in town". Now there is a supported method. I'm happy to supply channels if others are interested, some SARE rules, maybe others if requested. If it works and is well received, possibly Doctor Doolittle and the EuropeanAntiSpamConsortium will consider providing channels for their own rules, maybe even SARE. Who knows? exit 0 DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
Chris Santerre wrote: We write rules, not delivery systems. You can print out the rulesets from our webpage, and retype them into your system if you like. You can have someone encrypt ROT13, RAR, ZIP, and send you the torrent link. How you get your rules is your choice. It looks like SARE rules are Artistic licensed so redistribution shouldn't be a problem, I suppose. Someone has already volunteered to provide an sa-update channel of SARE rules. When a resonible solution to the channel vs ruleset problem comes to light, SARE will most definetly help to aid in whatever way we can. As of now, we provide cf files via port 80. I believe two solutions have been suggested. Both of them seem pretty reasonable to me: 1) One channel for each ruleset. Channels can be autogenerated with scripts. Multiple channels can be easily handled with the --channelfile option. 2) One channel for all rules, all disabled by default. Users 'include' the rulesets they want. Of course, either of these options still require the work of a distributor whether that is SARE, the SA project, or some other volunteer.
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 oops. s/i did not say "SARE is rules"./i did not say "SARE is delivery"./ On 8/11/06 Richard wrote: > i did not say "SARE is rules". - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTc1BQACgkQlffdvTZxCMZfggCfSdZmbwtpEqBi1unZkZ2D5MqA Y9gAoLD8uZNKfpT2B1WTzoBcmlWFyT8P =r+RF -END PGP SIGNATURE-
RE: Image spam with inline jpeg image
> >>> Nor does it make sense to use a tool, even if supplied > with SpamAssassin, > >>> that is broken for performing updates. > > > >> what's the "broken" part? > > > > Well, this may not qualify as broken, but I would say it's an > > undesirable behavior that, upon successful download of the new > > set of rules, it immediately deletes your old set of rules. > > What happens if the new set is broken? There's no easy way > > to revert to the last known good state. > > > > I would prefer a system where it downloads every update to a new > > directory, then just changes a symlink to point to the newest > > one, leaving the old one in place in case you want to revert. > > Of course, this would require a system for expiring old updates > > (since you don't want to have 100 copies of the rules sitting > > around), but that shouldn't be too hard. > > One would presume an intelligent system for doing such updates would > play directory rename tricks or simply copy off active rules to an > archive directory so that if a "spamassasssin --lint" fails on the > newly downloaded files recovery could be effected easily. One would > further presume that update would do this. Is this cyberunit faulty > for making this presumption? Sa-update lints prior to updating, and updates only if the rules lint successfully. Bret
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Chris Santerre wrote, On 8/11/06 11:51 AM: >> and, the OTHER project in this discussion -- SARE -- leaning >> on your own >> argument, is pointedly NOT undertaking to use/conform to sa's >> 'official' tools & capabilities -- namely, sa-update as a delivery >> mechanism. > > I don't see how I can make this any clearer why so pissy? > SARE is rules. NOT delivery. > SARE is NOT an official part of SA. And it is completely optional. i did not say "SARE is rules". i did not say SARE is an official part of SA. i did not say it's not optional. more wasted breath. i'm talking about retrieval/delivery of SARE rules in/to spamassassin. on the spamassassin user list. NOT on the SARE list. > It just so happened that RDJ came to be. We supported it, but all we really > needed to do was standardise our headers. > > We write rules, not delivery systems. You can print out the rulesets from > our webpage, and retype them into your system if you like. You can have > someone encrypt ROT13, RAR, ZIP, and send you the torrent link. How you get > your rules is your choice. > > When a resonible solution to the channel vs ruleset problem comes to light, > SARE will most definetly help to aid in whatever way we can. As of now, we > provide cf files via port 80. > > If you want to volunteer to update our webpage everytime we get around to > updating rules, then you let me know. We are a group of volunteers with > $dayjobs. Some SARE members even have lives after work. "I don't see how I can make this any clearer" i most certainly don't expect a thing of you. i'll make you a deal. you don't listen to me, and i won't listen to you. if you want to stick your fingers in your ears, it's most assuredly no skin off MY nose ... > And your UNIX vs Winodws argument is pointless. i did not MAKE a unix vs windows argument. richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTc01wACgkQlffdvTZxCMYynwCfe3wixemVqq64XMRdcxS3N2rb LXwAn2rcvNuxClwaUcsgD4iFqFdy4snd =Renj -END PGP SIGNATURE-
Too many problems whth SA:0(?/?)
Hi list, I'm using spamassassin with qmail-rocks + qmai-scanner + clamav and I'm having >too many< cases with messages classified with SA:0(?/?) I read the FAQ and there I get this explanation: >>> Why do some messages get tagged with "SA:0(?/?)" instead of numbers?. >>> SpamAssassins "spamd" daemon has a max e-mail size limit. If a message is larger than that size, it just returns with no score (as it skipped it). As such Qmail-Scanner has no numbers to report, so it uses "?" to show that happened. Also, if some error occurs within SpamAssassin, Qmail-Scanner returns "?" again - showing that SA couldn't do the job on that particular mail message. If you use softlimit to limit the max amount of RAM SA can use - that can impact this too. In my case, the problem aren't size limit email (spam mail are too short, like 2-5k) So, there is another problem with spamassassin or qmail or configuration. I do a google search with SA:0(?/?) and see that solution: Start a spamd with args: m 5 --max-conn-per-child=1 but this not solved my problem... My /var/qmail/control/qmail-smtpd-softlimit is up to 2000 My hardware is a 2x Intel(R) Pentium(R) 4 CPU 2.80GHz (HT) -2GB RAM Send and reciveid email are about 20.000 per day Any ideas
RE: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
Title: RE: breaking out: thinking abt the 'sa-update *VS* rdj' thread ... > and, the OTHER project in this discussion -- SARE -- leaning > on your own > argument, is pointedly NOT undertaking to use/conform to sa's > 'official' tools & capabilities -- namely, sa-update as a delivery > mechanism. I don't see how I can make this any clearer SARE is rules. NOT delivery. SARE is NOT an official part of SA. And it is completely optional. It just so happened that RDJ came to be. We supported it, but all we really needed to do was standardise our headers. We write rules, not delivery systems. You can print out the rulesets from our webpage, and retype them into your system if you like. You can have someone encrypt ROT13, RAR, ZIP, and send you the torrent link. How you get your rules is your choice. When a resonible solution to the channel vs ruleset problem comes to light, SARE will most definetly help to aid in whatever way we can. As of now, we provide cf files via port 80. If you want to volunteer to update our webpage everytime we get around to updating rules, then you let me know. We are a group of volunteers with $dayjobs. Some SARE members even have lives after work. And your UNIX vs Winodws argument is pointless. IIRC a batch job and AT command still work in the win x32 enviorment. --Chris
Re: Image spam with inline jpeg image
On Fri, 11 Aug 2006, Kenneth Porter wrote: > --On Wednesday, August 09, 2006 7:33 PM -0700 jdow <[EMAIL PROTECTED]> > wrote: > > > For about a femto-second, perhaps. There is too much YMMV > > involved with the SARE rule sets to make it practical as > > an rpm solution. > > True, this is the real problem with packaging SARE: There's no > clear separation of configuration so that a single update package > can serve all users. How about: install ALL of the current SARE rules into a directory that SA does not look at (/usr/lib/SARE perhaps?), and set up RDJ or whatever to update them there, and in order to use a particular SARE ruleset the admin goes into the SA config directory and creates a symlink to the desired ruleset file(s). You could even write a pointy-clicky-gooey thingy to put a pretty face on activating/deactivating the rulesets: a list of the available rules, with their descriptions, caveats, masscheck results, and so forth, and a checkbox that indicates whether or not a symlink exists to expose that rule to SA. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- People seem to have this obsession with objects and tools as being dangerous in and of themselves, as though a weapon will act of its own accord to cause harm. A weapon is just a force multiplier. It's *humans* that are (or are not) dangerous. ---
Re: Nailed by spam today?
wrote: Are you guys getting hit pretty hard today? I don't have exact numbers but I see more activity than normal. We've been getting hammered off and on the past three weeks. I've seen a large increase in dictionary attacks (nah nah nah milter-ahead) and forms-phishing. Now the stocks are rising again. Came at a bad bad time for us. My smtp refusals are running about 120k to 140k per day, 80k to 90k are getting in, and I'm delivering 25k. The rest are grabbed by SA and MailScanner. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: Nailed by spam today?
No harder than usual since July 1. On that date, almost like a switch was flipped, spam to my accounts here dropped about 50%. I've been wondering about it. 250-300+ per day went down to 100 to 180 per day. Now, as for ssh attacks and other port "activity" it's been pretty bad lately. (WTF is on port 41126? DSL dropped. The new address seemed to have had boxes from all over the world trying to connect on port 41126. It was so bad the connection died. Hey, it's Verizon based DSL. They don't maintain their wires very well.) {o.o} - Original Message - From: "" <[EMAIL PROTECTED]> Are you guys getting hit pretty hard today? I don't have exact numbers but I see more activity than normal.
Nailed by spam today?
Are you guys getting hit pretty hard today? I don't have exact numbers but I see more activity than normal.
Re: Image spam with inline jpeg image
--On Wednesday, August 09, 2006 7:33 PM -0700 jdow <[EMAIL PROTECTED]> wrote: For about a femto-second, perhaps. There is too much YMMV involved with the SARE rule sets to make it practical as an rpm solution. True, this is the real problem with packaging SARE: There's no clear separation of configuration so that a single update package can serve all users.
RE: Image spam with inline jpeg image
--On Wednesday, August 09, 2006 3:54 PM -0500 Logan Shaw <[EMAIL PROTECTED]> wrote: This is purely a philosophical argument, but something seems wrong about the idea of using a package manager to manage volatile data files in /var. The problem is not the use of the package manager but the placement of non-volatile files in /var. An update need not be considered "volatile", at least not any more so than a regular package update.
Re: sa-update vs RDJ
jdow writes: > From: "Justin Mason" <[EMAIL PROTECTED]> > > Panagiotis Christias writes: > >> On 8/11/06, DAve <[EMAIL PROTECTED]> wrote: > >> > DAve wrote: > >> > > Panagiotis Christias wrote: > >> > >> On 8/11/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: > >> > >>> FWIW, the format sa-update expects is the standard format from > >> > >>> sha1sum. > >> > >>> Does FreeBSD have a sha1sum that produces the format that you showed? > >> > >>> > >> > >>> Answering my own question, FreeBSD seems to not have a "sha1sum", > >> > >>> but has a "sha1" which has that kind of format, which seems to be the > >> > >>> same output as "openssl sha1 file". Of course to be consistent, > >> > >>> "openssl ssl < file" produces just the hash. > >> > >> > >> > >> FYI, on FreeBSD you can use "sha1 -r file" (-r Reverses the format of > >> > >> the output). > >> > >> > >> > > > >> > > I have no sha1 command in my bin dirs, locate doesn't find one either. > >> > > man openssl doesn't show an -r switch as well, and any use of it fails. > >> > > FreeBSD 4.8, 4.11, 5.2.1, 5.3 using openssl 0.9.7e don't seem to have > >> > > the sha1 command (all upgraded via ports). The earliest I can find it > >> > > on > >> > > my servers is 5.4, using the FreeBSD included openssl. > >> > > > >> > > It might show up when I upgrade the port. > >> > > > >> > > >> > Nope, upgraded all the way to 0.9.8b, no sha1 command. > >> > >> /sbin/sha1 is part of the base system since FreeBSD 5.3. The openssl > >> command included in the base system supports the sha1 command. Here is > >> a (dirty?) way to get your output: > >> > >> openssl sha1 your-file | sed -e 's/^SHA1(//' -e 's/)=//' -e 's/^\(.*\) > >> \([^ ]*$\)/\2 \1/' > > > > It should be possible to use a perl one-liner with the Digest::SHA1 > > module, too, which is a SpamAssassin required module anyway ;) > > Er RDJ is a simple bash script, I understand. > > Add three lines to execute sa-update if it is present right at the end > of the normal RDJ update. Why rewrite the world? Wrong thread! This one is discussing *generating* sa-update files, not downloading them. --j.
Re: sa-update vs RDJ
From: "Justin Mason" <[EMAIL PROTECTED]> Panagiotis Christias writes: On 8/11/06, DAve <[EMAIL PROTECTED]> wrote: > DAve wrote: > > Panagiotis Christias wrote: > >> On 8/11/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: > >>> FWIW, the format sa-update expects is the standard format from sha1sum. > >>> Does FreeBSD have a sha1sum that produces the format that you showed? > >>> > >>> Answering my own question, FreeBSD seems to not have a "sha1sum", > >>> but has a "sha1" which has that kind of format, which seems to be the > >>> same output as "openssl sha1 file". Of course to be consistent, > >>> "openssl ssl < file" produces just the hash. > >> > >> FYI, on FreeBSD you can use "sha1 -r file" (-r Reverses the format of > >> the output). > >> > > > > I have no sha1 command in my bin dirs, locate doesn't find one either. > > man openssl doesn't show an -r switch as well, and any use of it fails. > > FreeBSD 4.8, 4.11, 5.2.1, 5.3 using openssl 0.9.7e don't seem to have > > the sha1 command (all upgraded via ports). The earliest I can find it on > > my servers is 5.4, using the FreeBSD included openssl. > > > > It might show up when I upgrade the port. > > > > Nope, upgraded all the way to 0.9.8b, no sha1 command. /sbin/sha1 is part of the base system since FreeBSD 5.3. The openssl command included in the base system supports the sha1 command. Here is a (dirty?) way to get your output: openssl sha1 your-file | sed -e 's/^SHA1(//' -e 's/)=//' -e 's/^\(.*\) \([^ ]*$\)/\2 \1/' It should be possible to use a perl one-liner with the Digest::SHA1 module, too, which is a SpamAssassin required module anyway ;) Er RDJ is a simple bash script, I understand. Add three lines to execute sa-update if it is present right at the end of the normal RDJ update. Why rewrite the world? {o.o}
Re: Image spam with inline jpeg image
From: "Justin Mason" <[EMAIL PROTECTED]> jdow writes: From: "Jim Maul" <[EMAIL PROTECTED]> > Bowie Bailey wrote: > >> It doesn't really matter to me who supports which pieces as long as >> they all work. >> >> Someone may be able to fix sa-update so that it can take over from >> RDJ, but as of now, that is not possible without configuring about 62 >> sa-update channels (one for each ruleset RDJ manages). >> > > True, but doesnt that make more sense than having 2 separate programs > which both pull down updated rules for SA, but from 2 different locations? Nor does it make sense to use a tool, even if supplied with SpamAssassin, that is broken for performing updates. what's the "broken" part? Channels "sounds" like a most awkward way of putting it all together. I figure two tools is not a bad thing. I have my working RDJ substitute (created more or less synchronously with RDJ) so I figure to continue using it and use update only for the SA native rules. One thing concerns me - if both SARE and native rules are dynamically changing managing scores becomes "awkward" to say the least when rules overlap. {^_^}
Re: Image spam with inline jpeg image
From: "Logan Shaw" <[EMAIL PROTECTED]> On Fri, 11 Aug 2006, Justin Mason wrote: jdow writes: Nor does it make sense to use a tool, even if supplied with SpamAssassin, that is broken for performing updates. what's the "broken" part? Well, this may not qualify as broken, but I would say it's an undesirable behavior that, upon successful download of the new set of rules, it immediately deletes your old set of rules. What happens if the new set is broken? There's no easy way to revert to the last known good state. I would prefer a system where it downloads every update to a new directory, then just changes a symlink to point to the newest one, leaving the old one in place in case you want to revert. Of course, this would require a system for expiring old updates (since you don't want to have 100 copies of the rules sitting around), but that shouldn't be too hard. One would presume an intelligent system for doing such updates would play directory rename tricks or simply copy off active rules to an archive directory so that if a "spamassasssin --lint" fails on the newly downloaded files recovery could be effected easily. One would further presume that update would do this. Is this cyberunit faulty for making this presumption? {^_-}/2
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread ...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi andy, > Breaking out flamethrower. :-) heh. > The official SA rules are meant to be used by all users. SARE on the > other hand is "Here's the rules we have, go ahead and pick and choose what > you'd like to use. If anything" true. agreed. tangential to the discussion. > SARE makes new rules available in a quick fashion that may > eventually make their way into the official SA rules. my argument is that "eventually" has arrived. >> from a user's perspective, all this is confusing/confounding. as a >> user, i want to see/use one mechanism for rules. > > Works rather well for me, no confusuion involved. RDJ has my list of > rules. If it finds an update, it downloads it. SAupdate I'll manually run > about once every couple weeks. as it does for me. and for many others on this list. and you're speaking - -- i'll argue -- as an admin. but it is "yet another functional add on that's required" ... to bret's argument, and mine, the environment is unnecessarily complex. particularly now that sa-update *is* an available delivery mechanism. the 'sa vs rdj' thread has been an argument, imho, about the wrong argument. >> quite clearly, with the advent of SA-project released/blessed sa-update, >> it's not really necessary anymore. i.e., asynchronous rule & code >> releases are provided for. > > I think SARE can put out a new rule for a specific spam problem a lot > faster than the SA project, so I'll have to disagree with you here. huh? i'm talking about the DELIVERY mechanism of sa-update, NOT the rule source. >> SA *is* about managing/processing rules after all! ... > > And SARE is a set of OPTIONAL, add on rules. Once installed, SA processes > them very well. again, i'm talking about the delivery mechanism. > Are optional addons to IE all installed the same way? No. How about SA > itself. You've got CPAN, tarball, ports, packages, RPMs etc. etc. etc. I > have at least four different ways of installing the OPTIONAL SA package > onto my FreeBSD system. We are admins after all, not end users. apples and oranges. all your examples are generic functionalities/tools that have multiple other uses as well. and they are all making it possible to install and conform with the official SA release, its tools & capabilities. sa-update, rdj & sare *all*deal with one thing --- well two --- rule creation & rule delivery. and, the OTHER project in this discussion -- SARE -- leaning on your own argument, is pointedly NOT undertaking to use/conform to sa's 'official' tools & capabilities -- namely, sa-update as a delivery mechanism. times change. so has SA. sa-update is now available. adapt! finally, if, as an admin, you're arguing than unnecessary complexity is a good thing, then someone's paying you too much :-p (we won't tell ...) > Flame thrower extinguished. > >> > readily available> whew! nothing singed! richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTcutwACgkQlffdvTZxCMamGgCfYNFdDbx1mn1Mi200b8dmRSWf GtcAoKewavDxUtacdmpfSy3ZboGbgp1k =CKLZ -END PGP SIGNATURE-
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread ...
Richard <[EMAIL PROTECTED]> wrote on 08/11/2006 11:11:00 AM: > -BEGIN PGP SIGNED MESSAGE- > Hash: RIPEMD160 > > hi, > > < ... adjusting tin-foil hat and asbestos shorts ...> > Breaking out flamethrower. :-) > a recent thread comment "from SARE" is the trigger here: > > "RDJ and SAupdate are really separate from SARE" > Actually I'd say that RDJ & SARE are separate from SAupdate. The official SA rules are meant to be used by all users. SARE on the other hand is "Here's the rules we have, go ahead and pick and choose what you'd like to use. If anything" There's nothing that says you have to use SARE rules, but you should use SAupdate. SARE makes new rules available in a quick fashion that may eventually make their way into the official SA rules. > from a user's perspective, all this is confusing/confounding. as a > user, i want to see/use one mechanism for rules. > Works rather well for me, no confusuion involved. RDJ has my list of rules. If it finds an update, it downloads it. SAupdate I'll manually run about once every couple weeks. > quite clearly, with the advent of SA-project released/blessed sa-update, > it's not really necessary anymore. i.e., asynchronous rule & code > releases are provided for. I think SARE can put out a new rule for a specific spam problem a lot faster than the SA project, so I'll have to disagree with you here. > SA *is* about managing/processing rules after all! ... And SARE is a set of OPTIONAL, add on rules. Once installed, SA processes them very well. Are optional addons to IE all installed the same way? No. How about SA itself. You've got CPAN, tarball, ports, packages, RPMs etc. etc. etc. I have at least four different ways of installing the OPTIONAL SA package onto my FreeBSD system. We are admins after all, not end users. Flame thrower extinguished. > > > readily available> :-D Andy
Re: bayes_auto_learn_threshold failed
Beast wrote: Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. Is the plugin loaded? If not it won't be there to parse these lines. Loren
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread ...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi bret, > Amen. well, that, at least, makes two of us ;-) ... > Keeping the environment simpler and similar tasks done in a consistent > manner is really essential in a lot of business environments. 100% agreed. and re: "the environment", here we've stumbled on an achilles-heel of opensource projects. most are organized in project "silos" ... i.e., "we care deeply" about stuff in our silo. but as for "inter-silo-coordination", often -- not always -- the response is "don't care" or "do it yourself". sigh. > As for the "we just write the rules, it's up to you how you get them", personally, i think both projects should recognize the necessary synergies between them, and work to "make it work" -- TOGETHER. > It doesn't help that half the time the web page that > points to the rules doesn't get updated with the version info. well, amen to that! > It's like SARE saying, we want you to use the rules, but we won't make > it easy to keep them updated. add to that the "it makes sense for SA admins" (lame ... sorry chris) argument! > I do really understand the reason there isn't "one place" to go for sa > rules. It's community-supported. OK. > But when sa starts providing a way > to make your rules more accessible and easy to keep updated-- I don't > understand the avoidance. > > Yes, an official way to update rules. again to Chris' earlier point ... update & delivery, yes. a "good thing" to have multiple, separate *sources* cheers, richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTcto8ACgkQlffdvTZxCMYwPwCgwH/SYkaaJOrdwn62Nvij/JEL m88An0TsYkuvLSck+4Q7mU7vqPY2uCQv =XyIy -END PGP SIGNATURE-
RE: breaking out: thinking abt the 'sa-update *VS* rdj' thread ...
> < ... adjusting tin-foil hat and asbestos shorts ...> > > since i actually asked a simple question early on (~ "can we use > sa-update rather than RDJ to pull SARE rules ...") in the interminable > "SA vs RDJ" thread ;-) , and, afaict, it's still unanswered, > i'll "opine". > > a recent thread comment "from SARE" is the trigger here: > > "RDJ and SAupdate are really separate from SARE" > > while true & acknowledged, allow me to put my "average user > hat" on ... > > first, > >disclaimer: all this just my $0.01 (as a user, i'm > cheap) ... > > now, > > "this is stupid!" > > there. i said it! nyah! > > from a user's perspective, all this is confusing/confounding. as a > user, i want to see/use one mechanism for rules. > > currently, it all "smells" like a bunch o' (talented & well-meaning) > engineers discussing how NOT to do things, and WHETHER to do things. > and, a fair dosage of 'project pride' mixed in ... > > nothing generally bad. neither atypical nor unpredictable. simply, > wasted breath, imho. > > iiuc, SARE, & eventually RDJ, were created a while ago because, > historically , releasing new sa-project rules > > quite clearly, with the advent of SA-project released/blessed > sa-update, > it's not really necessary anymore. i.e., asynchronous rule & code > releases are provided for. > > as a user, might i suggest a "management mandate"? something to the > effect of: > > "This" will be doable-&-done within the SA-project. > This is the way we intend to do things. > This is how you do it. > This is how you migrate what you've done. > Full stop. > > perhaps add to the mandate a dedicated-to-the-topic & simply > documented > wiki page (or better yet, something off the main page) that > step-by-steps "how to create & maintain" an sa-update channel > for .cf's > & .pm's. > > yes, i know this is an "open source" project ... and that consensus is > some-part-n-parcel. but can y'all get to one? > > i know SA-proj leads have openly said, effectively, that if > people want > more explanation to let them know their questions and they'll try to > update the avilable info. > > rather than everybody waiting around for "the other project" to > undertake the effort/clarity, can there at least be SOME recognition > that clarity, if not simplicity, is a user requirement? > > and, that we're talking about core functionality here, not something > horribly tangential ... > SA *is* about managing/processing rules after all! ... > > readily available> Amen. And not to mention that RDJ is essentially non-existent for the average windows admin. I mean really-- to suggest that someone who doesn't much know how to run DOS commands understand, install, and learn to use CYGWIN, a Windows environment to emulate unix, is a completely unworkable solution. I *could* do this, yes. But no one I work with is probably capable of understanding even the logic behind it. I'd get chewed out by management for making the environment more complex than it needs to be. Honestly, it probably took me less time to write my own tool to do it. And that's something that no one here would understand either. Keeping the environment simpler and similar tasks done in a consistent manner is really essential in a lot of business environments. I get really tired of "you can't use this on Windows", when the real reason for most of it is simply a lack of understand of what does and doesn't work there. I'm happy for the cross-platform support. I'm happy to continue to debug things that aren't working right and suggest possible solutions via bugzilla. But I can't do that if you're gonna write a shell script for unix, and then defend it as the best way to do things. My environment isn't Windows by my choice, it's Windows by management directive, so I'm stuck with it. As for the "we just write the rules, it's up to you how you get them", you can't honestly expect that any admin can manually manage the number of rules available from various sources without some automation. I tried for a long time. It doesn't help that half the time the web page that points to the rules doesn't get updated with the version info. So, here we have it: automation is really essential for updating rules; RDJ isn't a solution for Windows admins; sa-update works very well with some limitations; SARE doesn't see the need for sa-update channels, so now we're dependent on another volunteer maintaining channels in a separate architecture to update channels for rules he doesn't write. While I'm happy that someone is doing it, I'm a little disappointed. It's like SARE saying, we want you to use the rules, but we won't make it easy to keep them updated. I do really understand the reason there isn't "one place" to go for sa rules. It's community-supported. OK. But when sa starts providing a way to make your rules more accessible and easy to keep updated-- I don't understand the avoidance. Yes, an official way to
Re: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi chris, Chris Santerre wrote, On 8/11/06 9:26 AM: >> from a user's perspective, all this is confusing/confounding. as a >> user, i want to see/use one mechanism for rules. > > From an SA admin, it makes perfect sense. :) well, given that i'm admin numerous SA-installs as well, and was simply opining as a user, i'll politely & adamantly disagree with you :-) and, it would seem, both some other admins and sa-devs do as well ... to be fair, others agree with you. >> currently, it all "smells" like a bunch o' (talented & well-meaning) >> engineers discussing how NOT to do things, and WHETHER to do things. >> and, a fair dosage of 'project pride' mixed in ... > > A little from column A and B. But there are some good reasons to why they > are seperate. i'm not arguing the reasons. i'm opining about the (my) end-users perspective. since i'm 'spending' my $0.01 anyway, that opinion is (where ARE those asbestos shorts ?!) that "i don't care about the reasons". >> iiuc, SARE, & eventually RDJ, were created a while ago because, >> historically , releasing new sa-project rules >> > > You kind of trailed off there :) (damn copy-n-paste ...) > "... releasing new sa-project rules" ... ... required an SA-code release which was an unacceptably slow process >> quite clearly, with the advent of SA-project released/blessed >> sa-update, >> it's not really necessary anymore. i.e., asynchronous rule & code >> releases are provided for. > > Ok, no. SARE and the official SA are worlds apart. SARE has been setup to be > QUICK and accurate. SA is accurate. SARE wants to get good rules out when > they are needed. Now saupdate make the DELIVERY of that possible. fine. point made re: the CREATION of rules. i agree that multiples sources of rules are a good thing ... just like multiple DNSBL/RBS sources are. but, using that example, there's a "standard way" for getting at those multiple sources ... THAT's what i think needs to be fixed here. to your point, it's abt the delivery. > But the creation of rules in the official method of SA is... please pardon me... a > clusterfsck! if true -- and i'll assume so for the sake of discussion here -- then, in the immortal words of "Tim Gunn", then collaborate & "Make it work!" > And the apache lic is like reading the fine print on a life insurance > policy. I've looked into what it would take to make SARE a part of SA > officialy. Yeah, I'll pass. from your perspective, certainly valid. from a user's, again - don't care. > The ability for SARE to get good rules out fast is why it is there. again, not arguing about an asynchronously developed, fast & accurate, *source* of rules. the more the merrier. i'm ranting about the functional "getting them" part. thanks for the comments! - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTcssoACgkQlffdvTZxCMbuhACdEFDgb+/4gs0Ds/ROT/5tc6S/ rgMAmgPUrKWCqiKxXM5JW5VSHoQM0vXx =h/Lf -END PGP SIGNATURE-
Re: Image spam with inline jpeg image
Theo Van Dinter wrote: On Fri, Aug 11, 2006 at 11:56:00AM -0400, DAve wrote: I think a status report would be a good option as well. SA already asks you for your admins email address at install time. Sending a report of what happened during the sa-update process would be very, very valuable. Hrm. I'd say feel free to open a BZ ticket about that. I have certain initial issues wrt implementation, but it's not a bad idea. http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5043 DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
RE: Word Doc spam
Title: RE: Word Doc spam > > Are there other subjects, or just these two: > Bill Summary - Invoice #. > August Payment Summary, Invoice #. I'm only seeing those 2. But you can't really right a rue for just that without major FPs. Going to have to meta with another sign. --Chris
Re: Word Doc spam
Words by Chris Santerre [Fri, Aug 11, 2006 at 12:12:41PM -0400]: > > ... > > > > I'd always thought that it would be nice for the Open Office > > people to > > create a simple command-line utility to convert Word files to > > plain text > > for spam checking. Or it could strip any macros for virus protection. > > Antiword. > > These seem on the rise this morning. Caught a bunch more. This one might be > a big PITA. -- Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc "I can picture in my mind a world without war, a world without hate. And I can picture us attacking that world, because they’d never expect it.” — Jack Handy
RE: breaking out: thinking abt the 'sa-update *VS* rdj' thread .. .
Title: RE: breaking out: thinking abt the 'sa-update *VS* rdj' thread ... > from a user's perspective, all this is confusing/confounding. as a > user, i want to see/use one mechanism for rules. From an SA admin, it makes perfect sense. :) > > currently, it all "smells" like a bunch o' (talented & well-meaning) > engineers discussing how NOT to do things, and WHETHER to do things. > and, a fair dosage of 'project pride' mixed in ... A little from column A and B. But there are some good reasons to why they are seperate. > > iiuc, SARE, & eventually RDJ, were created a while ago because, > historically , releasing new sa-project rules > You kind of trailed off there :) > quite clearly, with the advent of SA-project released/blessed > sa-update, > it's not really necessary anymore. i.e., asynchronous rule & code > releases are provided for. Ok, no. SARE and the official SA are worlds apart. SARE has been setup to be QUICK and accurate. SA is accurate. SARE wants to get good rules out when they are needed. Now saupdate make the DELIVERY of that possible. But the creation of rules in the official method of SA is... please pardon me... a clusterfsck! And the apache lic is like reading the fine print on a life insurance policy. I've looked into what it would take to make SARE a part of SA officialy. Yeah, I'll pass. The ability for SARE to get good rules out fast is why it is there. We have differences on how things should be done. But we take our good rules and submit them to the official SA project. They go thru their testing and eventually get added. RDJ allows you to get new rules, days maybe hours after a new spam sign is found. And these are TESTED! Not just thrown in. We just have quicker methods of doing it. Being a closed group gives us some abilities that the SA project will never have. So you have 2 completely seperate ideals of rules. The method of which you choose, and how you aquire is up to you. Thanks, Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com
Re: Word Doc spam
Chris Santerre wrote: -Original Message- From: Rob Poe [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 5:40 PM To: Kenneth Porter; users@spamassassin.apache.org Subject: Re: Word Doc spam I got one of these too... Kenneth Porter <[EMAIL PROTECTED]> 8/8/2006 8:07 AM >>> --On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers <[EMAIL PROTECTED]> wrote: Received in my .mac (basically a spam bin) account. http://www.triksys.be/docspam.jpg = screenshot of word doc attached. Neer seen this before Is this new, or old news? 211.16.219.135 is in all kinds of blacklists though. I was surprised to see one of these as well. I'd always thought that it would be nice for the Open Office people to create a simple command-line utility to convert Word files to plain text for spam checking. Or it could strip any macros for virus protection. These seem on the rise this morning. Caught a bunch more. This one might be a big PITA. Are there other subjects, or just these two: Bill Summary - Invoice #. August Payment Summary, Invoice #. ? Ken Pacific.Net I love "Right click -> Open in TextPad" --Chris
RE: Word Doc spam
Title: RE: Word Doc spam > -Original Message- > From: Rob Poe [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 10, 2006 5:40 PM > To: Kenneth Porter; users@spamassassin.apache.org > Subject: Re: Word Doc spam > > > I got one of these too... > > >>> Kenneth Porter <[EMAIL PROTECTED]> 8/8/2006 8:07 AM >>> > --On Tuesday, August 08, 2006 10:27 AM +0200 Patrick Sneyers > <[EMAIL PROTECTED]> wrote: > > > Received in my .mac (basically a spam bin) account. > > http://www.triksys.be/docspam.jpg = screenshot of word doc attached. > > > > Neer seen this before > > Is this new, or old news? > > 211.16.219.135 is in all kinds of blacklists though. > > I was surprised to see one of these as well. > > I'd always thought that it would be nice for the Open Office > people to > create a simple command-line utility to convert Word files to > plain text > for spam checking. Or it could strip any macros for virus protection. > These seem on the rise this morning. Caught a bunch more. This one might be a big PITA. I love "Right click -> Open in TextPad" --Chris
breaking out: thinking abt the 'sa-update *VS* rdj' thread ...
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 hi, < ... adjusting tin-foil hat and asbestos shorts ...> since i actually asked a simple question early on (~ "can we use sa-update rather than RDJ to pull SARE rules ...") in the interminable "SA vs RDJ" thread ;-) , and, afaict, it's still unanswered, i'll "opine". a recent thread comment "from SARE" is the trigger here: "RDJ and SAupdate are really separate from SARE" while true & acknowledged, allow me to put my "average user hat" on ... first, disclaimer: all this just my $0.01 (as a user, i'm cheap) ... now, "this is stupid!" there. i said it! nyah! from a user's perspective, all this is confusing/confounding. as a user, i want to see/use one mechanism for rules. currently, it all "smells" like a bunch o' (talented & well-meaning) engineers discussing how NOT to do things, and WHETHER to do things. and, a fair dosage of 'project pride' mixed in ... nothing generally bad. neither atypical nor unpredictable. simply, wasted breath, imho. iiuc, SARE, & eventually RDJ, were created a while ago because, historically , releasing new sa-project rules quite clearly, with the advent of SA-project released/blessed sa-update, it's not really necessary anymore. i.e., asynchronous rule & code releases are provided for. as a user, might i suggest a "management mandate"? something to the effect of: "This" will be doable-&-done within the SA-project. This is the way we intend to do things. This is how you do it. This is how you migrate what you've done. Full stop. perhaps add to the mandate a dedicated-to-the-topic & simply documented wiki page (or better yet, something off the main page) that step-by-steps "how to create & maintain" an sa-update channel for .cf's & .pm's. yes, i know this is an "open source" project ... and that consensus is some-part-n-parcel. but can y'all get to one? i know SA-proj leads have openly said, effectively, that if people want more explanation to let them know their questions and they'll try to update the avilable info. rather than everybody waiting around for "the other project" to undertake the effort/clarity, can there at least be SOME recognition that clarity, if not simplicity, is a user requirement? and, that we're talking about core functionality here, not something horribly tangential ... SA *is* about managing/processing rules after all! ... cheers, richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iEYEAREDAAYFAkTcrBQACgkQlffdvTZxCMatJgCggnRWqShnz7VEfVKS6TlZ6NFr FKkAmgJcRBpWJ2U/0YUYb55sELhvV5bl =y8AX -END PGP SIGNATURE-
RE: [ot] Re: HTML-tests good or bad?
Title: RE: [ot] Re: HTML-tests good or bad? > -Original Message- > From: John Rudd [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 11, 2006 12:50 AM > To: jdow > Cc: users@spamassassin.apache.org > Subject: Re: [ot] Re: HTML-tests good or bad? > > > > On Aug 10, 2006, at 8:42 PM, jdow wrote: > > > I skipped step three. > > {+_+} This will haunt me forever, right? > > Only as long as we know you :-) I put it in my calender to bring it up on its one year aniversary ;) --Chris
Re: sa-update vs RDJ
Theo Van Dinter wrote: On Fri, Aug 11, 2006 at 11:42:57AM -0400, Chris Santerre wrote: If the SARE guys are interested in this project, maybe they could come up with a list of the most commonly downloaded rulesets. For the month of Aug to date 1 /rules/70_sare_random.cf 2 /rules/70_sare_adult.cf 3 /rules/99_sare_fraud_post25x.cf [...] Just curious Chris, is there a way to understand the scale here? ie: how many downloads of each ruleset? Knowing the order is nice, but if 1 and 2 each are downloaded 4000 times, and then 3 and below are only downloaded 10 times, that's what's really important to know IMO. What he said. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: Image spam with inline jpeg image
On Fri, Aug 11, 2006 at 11:56:00AM -0400, DAve wrote: > I think a status report would be a good option as well. SA already asks > you for your admins email address at install time. Sending a report of > what happened during the sa-update process would be very, very valuable. Hrm. I'd say feel free to open a BZ ticket about that. I have certain initial issues wrt implementation, but it's not a bad idea. -- Randomly Generated Tagline: "The most useful pieces of engineering that you'll probably ever have to do will be to thwart some lawyer somewhere..." - Prof. Vaz pgpVjU9DAFD6V.pgp Description: PGP signature
RE: sa-update vs RDJ
Title: RE: sa-update vs RDJ > -Original Message- > From: Theo Van Dinter [mailto:[EMAIL PROTECTED]] > Sent: Friday, August 11, 2006 11:45 AM > To: Chris Santerre > Cc: users@spamassassin.apache.org > Subject: Re: sa-update vs RDJ > > > On Fri, Aug 11, 2006 at 11:42:57AM -0400, Chris Santerre wrote: > > > If the SARE guys are interested in this project, maybe > they could come > > > up with a list of the most commonly downloaded rulesets. > > > > For the month of Aug to date > > > > 1 /rules/70_sare_random.cf > > 2 /rules/70_sare_adult.cf > > 3 /rules/99_sare_fraud_post25x.cf > [...] > > Just curious Chris, is there a way to understand the scale > here? ie: how > many downloads of each ruleset? > > Knowing the order is nice, but if 1 and 2 each are downloaded > 4000 times, > and then 3 and below are only downloaded 10 times, that's > what's really > important to know IMO. For you, I'd hang the moon ;) However I believe these numbers are for just ONE of the servers and doesn't include mirrors. But if gives you a good idea... So this is for 7 days on one server: 1 8608 /rules/70_sare_random.cf 2 8461 /rules/70_sare_adult.cf 3 7943 /rules/99_sare_fraud_post25x.cf 4 7638 /rules/70_sare_spoof.cf 5 7621 /rules/99_FVGT_Tripwire.cf 6 7449 /rules/70_sare_oem.cf 7 7317 /rules/72_sare_bml_post25x.cf 8 7176 /rules/70_sare_specific.cf 9 6669 /rules/70_sare_bayes_poison_nxm.cf 10 6584 /rules/70_sare_evilnum0.cf 11 5464 /rules/70_sare_uri0.cf 12 4837 /rules/72_sare_redirect_post3.0.0.cf 13 4806 /rules/70_sare_unsub.cf 14 4791 /rules/70_sare_html0.cf 15 4778 /rules/70_sare_header0.cf 16 4585 /rules/70_sare_genlsubj0.cf 17 3693 /rules/70_sare_obfu0.cf 18 3514 /rules/bogus-virus-warnings.cf 19 3343 /rules/70_sare_html.cf 20 2983 /rules/70_sare_header.cf 21 2923 /rules/70_sare_evilnum1.cf 22 2876 /rules/70_sare_whitelist.cf 23 2866 /rules/70_sare_uri1.cf 24 2428 /rules/70_sare_obfu.cf 25 2345 /rules/70_sare_obfu1.cf 26 2276 /rules/70_sare_stocks.cf 27 2262 /rules/70_sare_html1.cf 28 2217 /rules/70_sc_top200.cf 29 2146 /rules/70_sare_highrisk.cf 30 1943 /rules/70_sare_genlsubj1.cf HTH --Chris
Re: Image spam with inline jpeg image
Bret Miller wrote: Bret Miller writes: On Fri, 11 Aug 2006, Justin Mason wrote: jdow writes: Nor does it make sense to use a tool, even if supplied with SpamAssassin, that is broken for performing updates. what's the "broken" part? Well, this may not qualify as broken, but I would say it's an undesirable behavior that, upon successful download of the new set of rules, it immediately deletes your old set of rules. What happens if the new set is broken? There's no easy way to revert to the last known good state. I would prefer a system where it downloads every update to a new directory, then just changes a symlink to point to the newest one, leaving the old one in place in case you want to revert. Of course, this would require a system for expiring old updates (since you don't want to have 100 copies of the rules sitting around), but that shouldn't be too hard. Symlinks aren't so easy when you're trying to be cross-platform. But they could easily tgz the ruleset to an archive subfolder using the old version number prior to replacing the rule set... At least for those people who are really sensitive about the update process. Note that the rules are only updated if they lint properly first. You could always add a bz ticket for the feature... actually, that's really not a bad idea ;) could you do that? http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5042 I'm just happy that the tool actually works on Windows. cool ;) I'm amazed GPG does. I am too, but it works surprisingly well with GPG for Windows. ;) Bret I think a status report would be a good option as well. SA already asks you for your admins email address at install time. Sending a report of what happened during the sa-update process would be very, very valuable. DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: sa-update broken? (was Image spam with inline jpeg image)
I received/responded to this privately before it was also sent to the list, so paraphrasing below... On Fri, Aug 11, 2006 at 08:45:43AM -0700, Bret Miller wrote: > But adding the option to archive will make at least some people more > comfortable with running sa-update. So I added the bz ticket. We'll see > where it goes. Yeah, I just wanted to make sure people understood that sa-update does a bunch of things to try protecting the current installation before putting a new update in place. It's more than "download a file, delete the current directory, untar the file, exit." :) -- Randomly Generated Tagline: "Leary ate psilocybin cubensis in Cuernavaca and saw the beauty of the universe; I ate goulash and saw the suckage of IT management. We both drank crappy beer. You be the judge." - Benjy Feen pgp2uV3hTxiV7.pgp Description: PGP signature
RE: sa-update broken? (was Image spam with inline jpeg image)
> On Fri, Aug 11, 2006 at 10:14:46AM -0500, Logan Shaw wrote: > > What happens if the new set is broken? There's no easy way > > to revert to the last known good state. > > sa-update lint checks the new files in a separate temp area before > installing them into the real directory. Only if lint succeeds > (which is also, of course, after verifying the sha1 and (by default) > gpg signatures of the update file), will the currently > installed channel > files be removed and the new files installed. > > So there's no reverting involved for a "broken" update file. Note: > "broken" means an update file which has errors in it. This algorithm > doesn't address someone publishing valid config files that don't do > what the publisher expected, ie: only empty or commented config files, > no files, or . IMO, channel > publishing QA is really outside the scope of sa-update. I agree, really. But I probably trust updates way more than most admins do. (At least that's the feeling I get.) And if someone updates a channel with a set of rules that lints but doesn't work right, they can just re-release the old set as a new version and tell us to re-update. But adding the option to archive will make at least some people more comfortable with running sa-update. So I added the bz ticket. We'll see where it goes. Bret
Re: sa-update vs RDJ
On Fri, Aug 11, 2006 at 11:42:57AM -0400, Chris Santerre wrote: > > If the SARE guys are interested in this project, maybe they could come > > up with a list of the most commonly downloaded rulesets. > > For the month of Aug to date > > 1 /rules/70_sare_random.cf > 2 /rules/70_sare_adult.cf > 3 /rules/99_sare_fraud_post25x.cf [...] Just curious Chris, is there a way to understand the scale here? ie: how many downloads of each ruleset? Knowing the order is nice, but if 1 and 2 each are downloaded 4000 times, and then 3 and below are only downloaded 10 times, that's what's really important to know IMO. -- Randomly Generated Tagline: "Sen. Strom Thurmond is a living artifact; he has been alive for almost half the history of the United States." - http://www.uwire.com/content/topops121001003.html pgpXizQ5xEs8i.pgp Description: PGP signature
RE: sa-update vs RDJ
Title: RE: sa-update vs RDJ > > If the SARE guys are interested in this project, maybe they could come > up with a list of the most commonly downloaded rulesets. For the month of Aug to date 1 /rules/70_sare_random.cf 2 /rules/70_sare_adult.cf 3 /rules/99_sare_fraud_post25x.cf 4 /rules/70_sare_spoof.cf 5 /rules/99_FVGT_Tripwire.cf 6 /rules/70_sare_oem.cf 7 /rules/72_sare_bml_post25x.cf 8 /rules/70_sare_specific.cf 9 /rules/70_sare_bayes_poison_nxm.cf 10 /rules/70_sare_evilnum0.cf 11 /rules/70_sare_uri0.cf 12 /rules/72_sare_redirect_post3.0.0.cf 13 /rules/70_sare_unsub.cf 14 /rules/70_sare_html0.cf 15 /rules/70_sare_header0.cf 16 /rules/70_sare_genlsubj0.cf 17 /rules/70_sare_obfu0.cf 18 /rules/bogus-virus-warnings.cf 19 /rules/70_sare_html.cf 20 /rules/70_sare_header.cf 21 /rules/70_sare_evilnum1.cf 22 /rules/70_sare_whitelist.cf 23 /rules/70_sare_uri1.cf 24 /rules/70_sare_obfu.cf 25 /rules/70_sare_obfu1.cf 26 /rules/70_sare_stocks.cf 27 /rules/70_sare_html1.cf 28 /rules/70_sc_top200.cf 29 /rules/70_sare_highrisk.cf 30 /rules/70_sare_genlsubj1.cf Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com
RE: What is the aim of this spam?
I got one of these from someone pretending to be a chick in Israel. I just knew it wasn't legit but I played along. It's someone or a group of someones trying to scam money off lonely nerds. They soften you up with sweet talk and naked pics then try and get you to send them money so they can buy a plane ticket to visit see you. I got to tell you I had a blast messing with em in chat but still that's what it's all about. Anyway hope that information helps. I got a good laugh out of the whole thing -Original Message- From: Ben Wylie [mailto:[EMAIL PROTECTED] Sent: Friday, August 11, 2006 10:24 AM To: users@spamassassin.apache.org Subject: What is the aim of this spam? Can anyone tell me what the aim of this SPAM is? Am I meant to buy stuff via MSN Messenger or something? IF i understand a piece of spam i can more effectively stop it! Any ideas greatfully received! Ben Received: from [127.0.0.1] by arkbb.co.uk with SMTP (HELO server.) (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.7)); Fri, 11 Aug 2006 15:08:48 +0100 Received: from exchange-pop3-connector.com ([127.0.0.1]) by server. (NAVGW 2.5.2.12) with SMTP id M2006081115084019859 for <>; Fri, 11 Aug 2006 15:08:40 +0100 Received: from ajwn.com ([67.174.237.161]) by bay0-mc2-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 11 Aug 2006 07:03:51 -0700 Received: from unknown (HELO nntp.pinxodet.net) (31.208.180.171) by mail.gimmicc.net with SMTP; Sat, 12 Aug 2006 02:03:02 +1100 Received: from 68.135.198.93 ([68.135.198.93]) by relay37.vosimerkam.net with SMTP; Sat, 12 Aug 2006 01:46:27 +1100 Received: from [190.135.215.3] by mx03.listsystemsf.net with LOCAL; Sat, 12 Aug 2006 01:43:28 +1100 Received: from 96.50.13.184 ([96.50.13.184]) by asx121.turbo-inline.com with ASMTP; Sat, 12 Aug 2006 01:33:23 +1100 Received: from unknown (HELO smtp18.yenddx.com) (140.140.181.92) by mail.gimmicc.net with LOCAL; Sat, 12 Aug 2006 01:25:48 +1100 Message-ID: <[EMAIL PROTECTED]> From: <[EMAIL PROTECTED]> To: <> Subject: re: benwylie Date: Sat, 12 Aug 2006 01:06:51 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Return-Path: <[EMAIL PROTECTED]> X-OriginalArrivalTime: 11 Aug 2006 14:03:51.0879 (UTC) FILETIME=[F9915D70:01C6BD4E] You are gorgeous reach me on msn messenger at emilybutthot me llamo david y me gustaria conocerte mas, no se si me escribes a mi o de pura casualidad me llego este mensaje a mi. pero bueno espero contestes a mi correo, tengo un traductor de ingles porque no se muy bien ingles, asi que espero que tu tengas un traductor de español, asi aprenderemos juntos bye
Re: Image spam with inline jpeg image
On Fri, Aug 11, 2006 at 10:14:46AM -0500, Logan Shaw wrote: > What happens if the new set is broken? There's no easy way > to revert to the last known good state. sa-update lint checks the new files in a separate temp area before installing them into the real directory. Only if lint succeeds (which is also, of course, after verifying the sha1 and (by default) gpg signatures of the update file), will the currently installed channel files be removed and the new files installed. So there's no reverting involved for a "broken" update file. Note: "broken" means an update file which has errors in it. This algorithm doesn't address someone publishing valid config files that don't do what the publisher expected, ie: only empty or commented config files, no files, or . IMO, channel publishing QA is really outside the scope of sa-update. -- Randomly Generated Tagline: Turnaucka's Law: The attention span of a computer is only as long as its electrical cord. pgpt4N6mOwPg1.pgp Description: PGP signature
RE: Image spam with inline jpeg image
> Bret Miller writes: > > > On Fri, 11 Aug 2006, Justin Mason wrote: > > > > jdow writes: > > > > > > >> Nor does it make sense to use a tool, even if supplied > > > with SpamAssassin, > > > >> that is broken for performing updates. > > > > > > > what's the "broken" part? > > > > > > Well, this may not qualify as broken, but I would say it's an > > > undesirable behavior that, upon successful download of the new > > > set of rules, it immediately deletes your old set of rules. > > > What happens if the new set is broken? There's no easy way > > > to revert to the last known good state. > > > > > > I would prefer a system where it downloads every update to a new > > > directory, then just changes a symlink to point to the newest > > > one, leaving the old one in place in case you want to revert. > > > Of course, this would require a system for expiring old updates > > > (since you don't want to have 100 copies of the rules sitting > > > around), but that shouldn't be too hard. > > > > Symlinks aren't so easy when you're trying to be cross-platform. But > > they could easily tgz the ruleset to an archive subfolder > using the old > > version number prior to replacing the rule set... At least for those > > people who are really sensitive about the update process. > Note that the > > rules are only updated if they lint properly first. > > > > You could always add a bz ticket for the feature... > > actually, that's really not a bad idea ;) could you do that? http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5042 > > > I'm just happy that the tool actually works on Windows. > > cool ;) I'm amazed GPG does. I am too, but it works surprisingly well with GPG for Windows. ;) Bret
Re: Image spam with inline jpeg image
Bret Miller writes: > > On Fri, 11 Aug 2006, Justin Mason wrote: > > > jdow writes: > > > > >> Nor does it make sense to use a tool, even if supplied > > with SpamAssassin, > > >> that is broken for performing updates. > > > > > what's the "broken" part? > > > > Well, this may not qualify as broken, but I would say it's an > > undesirable behavior that, upon successful download of the new > > set of rules, it immediately deletes your old set of rules. > > What happens if the new set is broken? There's no easy way > > to revert to the last known good state. > > > > I would prefer a system where it downloads every update to a new > > directory, then just changes a symlink to point to the newest > > one, leaving the old one in place in case you want to revert. > > Of course, this would require a system for expiring old updates > > (since you don't want to have 100 copies of the rules sitting > > around), but that shouldn't be too hard. > > Symlinks aren't so easy when you're trying to be cross-platform. But > they could easily tgz the ruleset to an archive subfolder using the old > version number prior to replacing the rule set... At least for those > people who are really sensitive about the update process. Note that the > rules are only updated if they lint properly first. > > You could always add a bz ticket for the feature... actually, that's really not a bad idea ;) could you do that? > I'm just happy that the tool actually works on Windows. cool ;) I'm amazed GPG does. --j.
RE: sa-update vs RDJ
Title: RE: sa-update vs RDJ >> If the SARE guys are interested in this project, maybe they could come >> up with a list of the most commonly downloaded rulesets. >They are oddly silent on the subject so far... We're listening :) RDJ and SAupdate are really seperate from SARE. How you choose to get the rules shouldn't be our decision. I'll see if I can drum up stats on most downloaded rules. I'll also see about getting the header on the ImageInfo plugin standardised. Chris Santerre SysAdmin and Spamfighter www.rulesemporium.com www.uribl.com
What is the aim of this spam?
Can anyone tell me what the aim of this SPAM is? Am I meant to buy stuff via MSN Messenger or something? IF i understand a piece of spam i can more effectively stop it! Any ideas greatfully received! Ben Received: from [127.0.0.1] by arkbb.co.uk with SMTP (HELO server.) (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.8.7)); Fri, 11 Aug 2006 15:08:48 +0100 Received: from exchange-pop3-connector.com ([127.0.0.1]) by server. (NAVGW 2.5.2.12) with SMTP id M2006081115084019859 for <>; Fri, 11 Aug 2006 15:08:40 +0100 Received: from ajwn.com ([67.174.237.161]) by bay0-mc2-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Fri, 11 Aug 2006 07:03:51 -0700 Received: from unknown (HELO nntp.pinxodet.net) (31.208.180.171) by mail.gimmicc.net with SMTP; Sat, 12 Aug 2006 02:03:02 +1100 Received: from 68.135.198.93 ([68.135.198.93]) by relay37.vosimerkam.net with SMTP; Sat, 12 Aug 2006 01:46:27 +1100 Received: from [190.135.215.3] by mx03.listsystemsf.net with LOCAL; Sat, 12 Aug 2006 01:43:28 +1100 Received: from 96.50.13.184 ([96.50.13.184]) by asx121.turbo-inline.com with ASMTP; Sat, 12 Aug 2006 01:33:23 +1100 Received: from unknown (HELO smtp18.yenddx.com) (140.140.181.92) by mail.gimmicc.net with LOCAL; Sat, 12 Aug 2006 01:25:48 +1100 Message-ID: <[EMAIL PROTECTED]> From: <[EMAIL PROTECTED]> To: <> Subject: re: benwylie Date: Sat, 12 Aug 2006 01:06:51 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Return-Path: <[EMAIL PROTECTED]> X-OriginalArrivalTime: 11 Aug 2006 14:03:51.0879 (UTC) FILETIME=[F9915D70:01C6BD4E] You are gorgeous reach me on msn messenger at emilybutthot me llamo david y me gustaria conocerte mas, no se si me escribes a mi o de pura casualidad me llego este mensaje a mi. pero bueno espero contestes a mi correo, tengo un traductor de ingles porque no se muy bien ingles, asi que espero que tu tengas un traductor de español, asi aprenderemos juntos bye
RE: Image spam with inline jpeg image
> On Fri, 11 Aug 2006, Justin Mason wrote: > > jdow writes: > > >> Nor does it make sense to use a tool, even if supplied > with SpamAssassin, > >> that is broken for performing updates. > > > what's the "broken" part? > > Well, this may not qualify as broken, but I would say it's an > undesirable behavior that, upon successful download of the new > set of rules, it immediately deletes your old set of rules. > What happens if the new set is broken? There's no easy way > to revert to the last known good state. > > I would prefer a system where it downloads every update to a new > directory, then just changes a symlink to point to the newest > one, leaving the old one in place in case you want to revert. > Of course, this would require a system for expiring old updates > (since you don't want to have 100 copies of the rules sitting > around), but that shouldn't be too hard. Symlinks aren't so easy when you're trying to be cross-platform. But they could easily tgz the ruleset to an archive subfolder using the old version number prior to replacing the rule set... At least for those people who are really sensitive about the update process. Note that the rules are only updated if they lint properly first. You could always add a bz ticket for the feature... I'm just happy that the tool actually works on Windows. Bret
Re: Image spam with inline jpeg image
On Fri, 11 Aug 2006, Justin Mason wrote: jdow writes: Nor does it make sense to use a tool, even if supplied with SpamAssassin, that is broken for performing updates. what's the "broken" part? Well, this may not qualify as broken, but I would say it's an undesirable behavior that, upon successful download of the new set of rules, it immediately deletes your old set of rules. What happens if the new set is broken? There's no easy way to revert to the last known good state. I would prefer a system where it downloads every update to a new directory, then just changes a symlink to point to the newest one, leaving the old one in place in case you want to revert. Of course, this would require a system for expiring old updates (since you don't want to have 100 copies of the rules sitting around), but that shouldn't be too hard. - Logan
RE: sa-update vs RDJ
> >> Theo Van Dinter wrote: > > >> Going further... > >> > >> I could see SARE rules offered on many channels though some > >> reorganization may be required. Channels such as post25, > >> pre30, header, > >> body, etc. There are too many rules to have a channel for each but > >> possibly sets of popular rules could be collected together. > >> > >> I could also see breaking my own local rules into individual > >> *.cf files. > >> I like the idea of moving all transient rules such as SARE and > >> TLS.cf(our local rules) into a common dir structure and location. > >> > >> /var/lib/spamassassin/$VER/updates.sare-fraud.rulesemporium.com > >> /var/lib/spamassassin/$VER/updates.sare-header.rulesemporium.com > >> /var/lib/spamassassin/$VER/updates.tls.local > >> /var/lib/spamassassin/$VER/updates.someOtherRulesHouse.com > >> > >> This would leave /usr/local/etc/mail/spamassassin > containing only the > >> local site specific .pre files and local.cf which set > >> required options for my specific installation. > >> > >> Would all this be a correct interpretation on my part? > > > > That sounds good to me. I think the real problem with doing > this to SARE > > rules is the subsetting. Many of the SARE rulesets are > subsetted so you > > can use just the 0 set which is likely not to impact HAM at > all, the 1, > > 2, 3, or full combined set depending on how much risk of > false positives > > you allow on your server. > > > > I guess what you'd really need is a way to update all the > rules without > > re-writing the channel CF and PRE files. That way you could > set your own > > CF and PRE to include only the rules you wanted to use while still > > updating the whole channel. It would be a tiny bit more > overhead since > > you'd have to download the entire set of rules even if you > weren't using > > them all, but probably the best compromise between that and having a > > channel for every rule subset. > > > > Bret > > I have it working fine here, about 20 lines of /bin/sh and and I can > turn out any number of rule sets, even a channel per SARE rule. > > I'm willing to publish the channels if there is interest in them. I > still believe packages or sets of popular rules would be good. > Alternatively I can create a channel file with each rule > commented out > and the user can download the file, uncomment the rules they > want, and > run 'sa-update --channelfile MY_FILE' and be done with it. > > I still need to get a gpg sig for the channels, it's been a few years > since I did anything with gpg so there is a bit of dusting off of > braincells to do. > > Any thoughts on popular sets? I had to write my own tool to update these rules, so anything that makes my life less complicated is worth testing. Here's the set I currently update. It's pretty much the full set of everything SARE. I'd be willing to test on any subset of this list. I also use the ImageInfo plugin, but can't update it with my tool because the headers don't include the locations in the same way the other rules do. (Yeah, inconsistency means having to recode the parsing for specific cases and I haven't had the time to look at it. Hoping he'll change the headers to match the other SARE rules before I figure out how to parse his headers.) 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_evilnum1.cf 70_sare_evilnum2.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_highrisk.cf 70_sare_html.cf 70_sare_obfu.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_specific.cf 70_sare_spoof.cf 70_sare_stocks.cf 70_sare_unsub.cf 70_sare_uri.cf 70_sare_uri_eng.cf 70_sare_whitelist_rcvd.cf 70_sare_whitelist_spf.cf 70_zmi_german.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf Bret
Re: sa-update vs RDJ
Bowie Bailey wrote: DAve wrote: I have it working fine here, about 20 lines of /bin/sh and and I can turn out any number of rule sets, even a channel per SARE rule. I'm willing to publish the channels if there is interest in them. I still believe packages or sets of popular rules would be good. Alternatively I can create a channel file with each rule commented out and the user can download the file, uncomment the rules they want, and run 'sa-update --channelfile MY_FILE' and be done with it. I came out against this idea mainly because it seemed complex and unwieldy. If it is really this simple, then go for it. I would be willing to give it a try. Yea, it really is that simple. The sa-update process makes it so there is no editing of config files, no paths to change, etc. sa-update knows what to do to make SA happy. If your SA install works, simply running sa-update is all that is required. (just don't get any strange ideas about the --updatdir option ;^) I still need to get a gpg sig for the channels, it's been a few years since I did anything with gpg so there is a bit of dusting off of braincells to do. Sorry, can't help you there. man gpg should do nicely. Any thoughts on popular sets? That would probably vary quite a bit. A good start might be a set of "safe" rules. Something like this: SARE_EVILNUMBERS0 SARE_HTML0 SARE_HEADER0 SARE_GENLSUBJ0 SARE_URI0 SARE_OBFU0 Maybe along with some other good rules. SARE_FRAUD SARE_OEM SARE_RANDOM SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_WHITELIST_SPF SARE_WHITELIST_RCVD Of course it all depends on whether the user's machine has enough power to deal with a large number of rulesets. If anyone has some numbers about memory requirements on certain rules it would help. If the SARE guys are interested in this project, maybe they could come up with a list of the most commonly downloaded rulesets. They are oddly silent on the subject so far... DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
RE: sa-update vs RDJ
DAve wrote: > > I have it working fine here, about 20 lines of /bin/sh and and I can > turn out any number of rule sets, even a channel per SARE rule. > > I'm willing to publish the channels if there is interest in them. I > still believe packages or sets of popular rules would be good. > Alternatively I can create a channel file with each rule commented out > and the user can download the file, uncomment the rules they want, and > run 'sa-update --channelfile MY_FILE' and be done with it. I came out against this idea mainly because it seemed complex and unwieldy. If it is really this simple, then go for it. I would be willing to give it a try. > I still need to get a gpg sig for the channels, it's been a few years > since I did anything with gpg so there is a bit of dusting off of > braincells to do. Sorry, can't help you there. > Any thoughts on popular sets? That would probably vary quite a bit. A good start might be a set of "safe" rules. Something like this: SARE_EVILNUMBERS0 SARE_HTML0 SARE_HEADER0 SARE_GENLSUBJ0 SARE_URI0 SARE_OBFU0 Maybe along with some other good rules. SARE_FRAUD SARE_OEM SARE_RANDOM SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_WHITELIST_SPF SARE_WHITELIST_RCVD Of course it all depends on whether the user's machine has enough power to deal with a large number of rulesets. If the SARE guys are interested in this project, maybe they could come up with a list of the most commonly downloaded rulesets. -- Bowie
RE: Sa-learn doesn't seem to work
Halid Faith wrote: > > I use spamassassin3.1 with simscan1.2 on qmail. > I want my mailserver to deny some messages which are spam using > sa-learn. So I typed as below; > sa-learn --spam /path/badmails/ > > Learned tokens from 6 message(s) (6 message(s) examined) > > Despite I learnt to my server as spam with the above way (sa-learn), > when I sent a spam message to the server, I got that email which I > put in /path/badmails/. Here is a part of the header in that email; > Return-Path: [EMAIL PROTECTED] > Delivered-To: [EMAIL PROTECTED] > X-Spam-DCC: sonic.net: snort.domain.net 1156; Body=1 Fuz1=1 Fuz2=1 > X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on > snort.domain.net > X-Spam-Level: *** > X-Spam-Status: No, score=3.7 required=10.0 tests=AWL,EXTRA_MPART_TYPE, > HTML_MESSAGE,INFO_TLD,RAZOR2_CF_RANGE_51_100, > RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK autolearn=no version=3.1.1 > X-Spam-Pyzor: Reported 0 times. > > The server gave a score but it didn't reject that message. > I think my sa-learn doesn't seem to work. > > my local.cf > rewrite_header Subject SPAMMSG > required_score 9.0 > add_header all DCC _DCCB_: _DCCR_ > use_razor2 1 > pyzor_path /usr/local/bin/pyzor > pyzor_max 2 > use_pyzor 1 > add_header all Pyzor _PYZOR_ > use bayes 1 > bayes_auto_learn 1 > use_dcc 1 > dcc_path /usr/local/bin/dccproc > use_auto_whitelist 0 > > init.pre is below > loadplugin Mail::SpamAssassin::Plugin::DCC > loadplugin Mail::SpamAssassin::Plugin::Pyzor > loadplugin Mail::SpamAssassin::Plugin::Razor2 > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > How can I reject a mail with sa-learn ? > Thanks The Bayes database (which you are training with sa-learn) does not reject messages, it only increases or decreases their score based on certain tokens that are found in the message. Bayes simply keeps track of which tokens (words mostly) are found in spam and ham messages. When SA checks a message, Bayes gives it a score based on the tokens in the message that it has seen before. For a bit more info, see here: http://wiki.apache.org/spamassassin/BayesInSpamAssassin Based on the fact that your X-Spam-Status header does not show any Bayes score, you probably either have not yet learned enough messages (200 ham and 200 spam) for the Bayes scoring to take effect, or you are learning your messages to a different database than SA is using. When you run sa-learn, you must be logged in as the user whose Bayes database you wish to train. Also, your required score is a bit high. Unless you have lots of custom rules, there will be quite a bit of spam which will score less than 10 points. I have had good luck sticking with the default score of 5. Even with Razor2, DCC, and lots of SARE rule sets, I get almost zero false positives. -- Bowie
Re: sa-update vs RDJ
Bret Miller wrote: Theo Van Dinter wrote: Going further... I could see SARE rules offered on many channels though some reorganization may be required. Channels such as post25, pre30, header, body, etc. There are too many rules to have a channel for each but possibly sets of popular rules could be collected together. I could also see breaking my own local rules into individual *.cf files. I like the idea of moving all transient rules such as SARE and TLS.cf(our local rules) into a common dir structure and location. /var/lib/spamassassin/$VER/updates.sare-fraud.rulesemporium.com /var/lib/spamassassin/$VER/updates.sare-header.rulesemporium.com /var/lib/spamassassin/$VER/updates.tls.local /var/lib/spamassassin/$VER/updates.someOtherRulesHouse.com This would leave /usr/local/etc/mail/spamassassin containing only the local site specific .pre files and local.cf which set required options for my specific installation. Would all this be a correct interpretation on my part? That sounds good to me. I think the real problem with doing this to SARE rules is the subsetting. Many of the SARE rulesets are subsetted so you can use just the 0 set which is likely not to impact HAM at all, the 1, 2, 3, or full combined set depending on how much risk of false positives you allow on your server. I guess what you'd really need is a way to update all the rules without re-writing the channel CF and PRE files. That way you could set your own CF and PRE to include only the rules you wanted to use while still updating the whole channel. It would be a tiny bit more overhead since you'd have to download the entire set of rules even if you weren't using them all, but probably the best compromise between that and having a channel for every rule subset. Bret I have it working fine here, about 20 lines of /bin/sh and and I can turn out any number of rule sets, even a channel per SARE rule. I'm willing to publish the channels if there is interest in them. I still believe packages or sets of popular rules would be good. Alternatively I can create a channel file with each rule commented out and the user can download the file, uncomment the rules they want, and run 'sa-update --channelfile MY_FILE' and be done with it. I still need to get a gpg sig for the channels, it's been a few years since I did anything with gpg so there is a bit of dusting off of braincells to do. Any thoughts on popular sets? No one from SARE has said a word about this yet, any problem with me publishing SARE rules? DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: sa-update vs RDJ
Bill Randle wrote: On Thu, 2006-08-10 at 22:35 -0400, DAve wrote: DAve wrote: Panagiotis Christias wrote: On 8/11/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: FWIW, the format sa-update expects is the standard format from sha1sum. Does FreeBSD have a sha1sum that produces the format that you showed? Answering my own question, FreeBSD seems to not have a "sha1sum", but has a "sha1" which has that kind of format, which seems to be the same output as "openssl sha1 file". Of course to be consistent, "openssl ssl < file" produces just the hash. FYI, on FreeBSD you can use "sha1 -r file" (-r Reverses the format of the output). I have no sha1 command in my bin dirs, locate doesn't find one either. man openssl doesn't show an -r switch as well, and any use of it fails. FreeBSD 4.8, 4.11, 5.2.1, 5.3 using openssl 0.9.7e don't seem to have the sha1 command (all upgraded via ports). The earliest I can find it on my servers is 5.4, using the FreeBSD included openssl. It might show up when I upgrade the port. Nope, upgraded all the way to 0.9.8b, no sha1 command. On an old FreeBSD 4.5-STABLE with OpenSSL 0.9.7e: openssl dgst -sha1 [file] (See 'man dgst'.) -Bill Getting the sig isn't the problem, it's getting it in the same format as sha1sum. I've got it working now by creating the sig, then creating the file. Not a big deal. Thanks, DAve -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: SPF and envelope senders
On Fri, August 11, 2006 01:02, Logan Shaw wrote: > So... is it safe to assume their servers are configured > incorrectly? no thay just use another header fix with my config change this config to what your mta adds as header -- Benny# # this one is from Mark # needed in sa 3.1.3 to make spf work !!! # envelope_sender_header Return-Path always_trust_envelope_sender 1
Re: bayes_auto_learn_threshold failed
On Fri, August 11, 2006 10:46, Anthony Peacock wrote: > Hi, > > Beast wrote: >> Any reason why this config failed? >> According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a >> valid config. >> >> # spamassassin --lint >> [11919] warn: config: failed to parse line, skipping: >> bayes_auto_learn_threshold_nonspam 0.1 >> [11919] warn: config: failed to parse line, skipping: >> bayes_auto_learn_threshold_spam 12.0 >> [11919] warn: lint: 2 issues detected, please rerun with debug enabled >> for more information >> # spamassassin --version >> SpamAssassin version 3.1.4 >> running on Perl version 5.8.5 > > That looks OK to me. The next thing to look at is the config file > itself. Check the lines either side of these lines. Make sure that the > line endings are correct eg you have copied a file that was edited on a > Windows PC onto a *nix computer and the line endings are still in DOS > format. could be that this are missing in my attachment ? -- Benny ifplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 endif # Mail::SpamAssassin::Plugin::AutoLearnThreshold # AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning # loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold
Re: bayes_auto_learn_threshold failed
Hi, Beast wrote: Anthony Peacock wrote: Hi, Beast wrote: Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. # spamassassin --lint [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_nonspam 0.1 [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_spam 12.0 [11919] warn: lint: 2 issues detected, please rerun with debug enabled for more information # spamassassin --version SpamAssassin version 3.1.4 running on Perl version 5.8.5 That looks OK to me. The next thing to look at is the config file itself. Check the lines either side of these lines. Make sure that the line endings are correct eg you have copied a file that was edited on a Windows PC onto a *nix computer and the line endings are still in DOS format. File was edited with vi only. Does order matter? use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 Make sure you have the autolearn plugin enabled in v310.pre... # AutoLearnThreshold - threshold-based discriminator for Bayes auto-learning # loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
solved Re: bayes_auto_learn_threshold failed
Beast wrote: Anthony Peacock wrote: Hi, Beast wrote: Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. # spamassassin --lint [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_nonspam 0.1 [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_spam 12.0 [11919] warn: lint: 2 issues detected, please rerun with debug enabled for more information # spamassassin --version SpamAssassin version 3.1.4 running on Perl version 5.8.5 That looks OK to me. The next thing to look at is the config file itself. Check the lines either side of these lines. Make sure that the line endings are correct eg you have copied a file that was edited on a Windows PC onto a *nix computer and the line endings are still in DOS format. File was edited with vi only. Does order matter? use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 Oh, i've just move *.pre , its fine now. Thanks. --beast
Re: Sa-learn doesn't seem to work
On Fri, 11 Aug 2006 11:49:16 +0300, "Halid Faith" <[EMAIL PROTECTED]> wrote: >Hello > >I use spamassassin3.1 with simscan1.2 on qmail. >I want my mailserver to deny some messages which are spam using sa-learn. So I >typed as below; >sa-learn --spam /path/badmails/ > >Learned tokens from 6 message(s) (6 message(s) examined) > >Despite I learnt to my server as spam with the above way (sa-learn), when I >sent a spam message to the server, I got that email which I put in >/path/badmails/. >Here is a part of the header in that email; >Return-Path: [EMAIL PROTECTED] >Delivered-To: [EMAIL PROTECTED] >X-Spam-DCC: sonic.net: snort.domain.net 1156; Body=1 Fuz1=1 Fuz2=1 >X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on snort.domain.net >X-Spam-Level: *** >X-Spam-Status: No, score=3.7 required=10.0 tests=AWL,EXTRA_MPART_TYPE, > HTML_MESSAGE,INFO_TLD,RAZOR2_CF_RANGE_51_100, > RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK autolearn=no version=3.1.1 >X-Spam-Pyzor: Reported 0 times. > >The server gave a score but it didn't reject that message. >I think my sa-learn doesn't seem to work. > >my local.cf > rewrite_header Subject SPAMMSG > required_score 9.0 >add_header all DCC _DCCB_: _DCCR_ >use_razor2 1 >pyzor_path /usr/local/bin/pyzor >pyzor_max 2 >use_pyzor 1 >add_header all Pyzor _PYZOR_ >use bayes 1 > bayes_auto_learn 1 >use_dcc 1 >dcc_path /usr/local/bin/dccproc >use_auto_whitelist 0 > >init.pre is below >loadplugin Mail::SpamAssassin::Plugin::DCC >loadplugin Mail::SpamAssassin::Plugin::Pyzor >loadplugin Mail::SpamAssassin::Plugin::Razor2 >loadplugin Mail::SpamAssassin::Plugin::Hashcash > >How can I reject a mail with sa-learn ? >Thanks Unless you are logged into the SA box as the connector you will need to do... sa-learn --spam -u /path/to/spam HTH Nigel
Re: bayes_auto_learn_threshold failed
Anthony Peacock wrote: Hi, Beast wrote: Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. # spamassassin --lint [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_nonspam 0.1 [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_spam 12.0 [11919] warn: lint: 2 issues detected, please rerun with debug enabled for more information # spamassassin --version SpamAssassin version 3.1.4 running on Perl version 5.8.5 That looks OK to me. The next thing to look at is the config file itself. Check the lines either side of these lines. Make sure that the line endings are correct eg you have copied a file that was edited on a Windows PC onto a *nix computer and the line endings are still in DOS format. File was edited with vi only. Does order matter? use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0
Sa-learn doesn't seem to work
Hello I use spamassassin3.1 with simscan1.2 on qmail. I want my mailserver to deny some messages which are spam using sa-learn. So I typed as below; sa-learn --spam /path/badmails/ Learned tokens from 6 message(s) (6 message(s) examined) Despite I learnt to my server as spam with the above way (sa-learn), when I sent a spam message to the server, I got that email which I put in /path/badmails/. Here is a part of the header in that email; Return-Path: [EMAIL PROTECTED]Delivered-To: [EMAIL PROTECTED]X-Spam-DCC: sonic.net: snort.domain.net 1156; Body=1 Fuz1=1 Fuz2=1X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on snort.domain.net X-Spam-Level: ***X-Spam-Status: No, score=3.7 required=10.0 tests=AWL,EXTRA_MPART_TYPE, HTML_MESSAGE,INFO_TLD,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK autolearn=no version=3.1.1X-Spam-Pyzor: Reported 0 times. The server gave a score but it didn't reject that message. I think my sa-learn doesn't seem to work. my local.cf rewrite_header Subject SPAMMSG required_score 9.0 add_header all DCC _DCCB_: _DCCR_use_razor2 1 pyzor_path /usr/local/bin/pyzorpyzor_max 2use_pyzor 1add_header all Pyzor _PYZOR_ use bayes 1 bayes_auto_learn 1use_dcc 1dcc_path /usr/local/bin/dccprocuse_auto_whitelist 0 init.pre is below loadplugin Mail::SpamAssassin::Plugin::DCCloadplugin Mail::SpamAssassin::Plugin::Pyzorloadplugin Mail::SpamAssassin::Plugin::Razor2loadplugin Mail::SpamAssassin::Plugin::Hashcash How can I reject a mail with sa-learn ? Thanks
Re: bayes_auto_learn_threshold failed
Hi, Beast wrote: Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. # spamassassin --lint [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_nonspam 0.1 [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_spam 12.0 [11919] warn: lint: 2 issues detected, please rerun with debug enabled for more information # spamassassin --version SpamAssassin version 3.1.4 running on Perl version 5.8.5 That looks OK to me. The next thing to look at is the config file itself. Check the lines either side of these lines. Make sure that the line endings are correct eg you have copied a file that was edited on a Windows PC onto a *nix computer and the line endings are still in DOS format. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
bayes_auto_learn_threshold failed
Any reason why this config failed? According to Mail::SpamAssassin::Plugin::AutoLearnThreshold it is a valid config. # spamassassin --lint [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_nonspam 0.1 [11919] warn: config: failed to parse line, skipping: bayes_auto_learn_threshold_spam 12.0 [11919] warn: lint: 2 issues detected, please rerun with debug enabled for more information # spamassassin --version SpamAssassin version 3.1.4 running on Perl version 5.8.5 --beast
Re: Image spam with inline jpeg image
jdow writes: > From: "Jim Maul" <[EMAIL PROTECTED]> > > > Bowie Bailey wrote: > > > >> It doesn't really matter to me who supports which pieces as long as > >> they all work. > >> > >> Someone may be able to fix sa-update so that it can take over from > >> RDJ, but as of now, that is not possible without configuring about 62 > >> sa-update channels (one for each ruleset RDJ manages). > >> > > > > True, but doesnt that make more sense than having 2 separate programs > > which both pull down updated rules for SA, but from 2 different locations? > > Nor does it make sense to use a tool, even if supplied with SpamAssassin, > that is broken for performing updates. what's the "broken" part? --j.
Re: sa-update vs RDJ
Panagiotis Christias writes: > On 8/11/06, DAve <[EMAIL PROTECTED]> wrote: > > DAve wrote: > > > Panagiotis Christias wrote: > > >> On 8/11/06, Theo Van Dinter <[EMAIL PROTECTED]> wrote: > > >>> FWIW, the format sa-update expects is the standard format from sha1sum. > > >>> Does FreeBSD have a sha1sum that produces the format that you showed? > > >>> > > >>> Answering my own question, FreeBSD seems to not have a "sha1sum", > > >>> but has a "sha1" which has that kind of format, which seems to be the > > >>> same output as "openssl sha1 file". Of course to be consistent, > > >>> "openssl ssl < file" produces just the hash. > > >> > > >> FYI, on FreeBSD you can use "sha1 -r file" (-r Reverses the format of > > >> the output). > > >> > > > > > > I have no sha1 command in my bin dirs, locate doesn't find one either. > > > man openssl doesn't show an -r switch as well, and any use of it fails. > > > FreeBSD 4.8, 4.11, 5.2.1, 5.3 using openssl 0.9.7e don't seem to have > > > the sha1 command (all upgraded via ports). The earliest I can find it on > > > my servers is 5.4, using the FreeBSD included openssl. > > > > > > It might show up when I upgrade the port. > > > > > > > Nope, upgraded all the way to 0.9.8b, no sha1 command. > > /sbin/sha1 is part of the base system since FreeBSD 5.3. The openssl > command included in the base system supports the sha1 command. Here is > a (dirty?) way to get your output: > > openssl sha1 your-file | sed -e 's/^SHA1(//' -e 's/)=//' -e 's/^\(.*\) > \([^ ]*$\)/\2 \1/' It should be possible to use a perl one-liner with the Digest::SHA1 module, too, which is a SpamAssassin required module anyway ;) --j.