Re: OT Question
On Saturday 02 December 2006 2:09 pm, Nigel Frankcom wrote: > Hey all, > > Did a botnet fall over or am I just lucky? > > spam has dropped dramatically here ~80% down. Not that I'm complaining > - just curious is anyone else is seeing the same. > > KR > > Nigel Quite a bit lower, IIRC, for the last two weeks of Nov I was seeing about 250+/day on my home box, whereas for yesterday and today: Total: 127 reports in 7m 30s. 3.54 seconds per report. Fri Dec 1 21:06:29 CST 2006 Total: 109 reports in 5m 50s. 3.21 seconds per report. Sat Dec 2 21:24:20 CST 2006 -- Chris pgppuJqcuNgdQ.pgp Description: PGP signature
Re: Botnet 0.5 plugin
Ralf Hildebrandt wrote: * John Rudd <[EMAIL PROTECTED]>: Changes in 0.5: s/relgular/regular/g in Botnet.txt Heh. Thank you.
Re: Botnet 0.5 plugin
* John Rudd <[EMAIL PROTECTED]>: > > Changes in 0.5: s/relgular/regular/g in Botnet.txt -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: Best Choice for Bayes filtering on SpamAssassin
On Sat, 2 Dec 2006 16:20:53 -0500, "Michael Scheidell" <[EMAIL PROTECTED]> wrote: > >> -Original Message- >> From: Craig Morrison [mailto:[EMAIL PROTECTED] >> Sent: Saturday, December 02, 2006 3:08 PM >> To: Michael Scheidell >> Cc: Nigel Frankcom; SpamAssassin >> Subject: Re: Best Choice for Bayes filtering on SpamAssassin >> >> >> What you seem to have missed in the conversation is that there is a >> *single* bayes backend.. > >What you misses is his QUESTION about 'Best Choice' (as it is in the >subject) > >I bet you spend yout time looking for spellling typoess also? Do you practice being a prat or is it a natural talent?
Re: OT Question
On Sat, 2 Dec 2006, Nigel Frankcom wrote: Hey all, Did a botnet fall over or am I just lucky? spam has dropped dramatically here ~80% down. Not that I'm complaining - just curious is anyone else is seeing the same. Huh... I too have noticed a significant drop since yesterday's stock onslaught. Without hard data available at the moment, I'd guess we are seeing a less than a third of what we were getting 24hrs ago. -- Jon Trulson mailto:[EMAIL PROTECTED] #include "No Kill I" -Horta
RE: Best Choice for Bayes filtering on SpamAssassin
> -Original Message- > From: Craig Morrison [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 02, 2006 3:08 PM > To: Michael Scheidell > Cc: Nigel Frankcom; SpamAssassin > Subject: Re: Best Choice for Bayes filtering on SpamAssassin > > > What you seem to have missed in the conversation is that there is a > *single* bayes backend.. What you misses is his QUESTION about 'Best Choice' (as it is in the subject) I bet you spend yout time looking for spellling typoess also?
RE: Systemwide Procmail usage
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Just a thought, but when I place rules in /etc/procmailrc, I do something > like: > > :0: > *^List-ID: > /var/spool/mail/$USER > > That way, if someone else on the server joins the affected list, it is put > in > the correct inbox. > > Karl > > I updated my procmailrc to this: SHELL=/bin/sh #LOGFILE=$HOME/.procmail-log #VERBOSE=on DROPPRIVS=yes :0: *^List-ID: /var/spool/mail/$USER :0fw * < 256000 | /home/spam-filter/bin/spamc -U /home/spam-filter/tmp/spamd.sock And now I get no SpamAssassin mailing list mail. I don't think that's what I want. :-) --Will
Re: RelayChecker ?
Those work, but: a) you should look at the Botnet plugin. I just posted an announcement about it this morning. I renamed "RelayChecker" to Botnet a few weeks ago. I've done at least one code update since then. b) if you stick with the one you've got, remove the line that has "128\.114\.125" in it. That's my mail server block. You don't really need to have that in your config. Noc Phibee wrote: Hi, this is my RelayChecker config: # load the plugin loadplugin RelayCheckerRelayChecker.pm # configuration settings relaychecker_pass_auth 0 relaychecker_reduced_dns0 relaychecker_skip_ip^127\.0\.0\.1$ relaychecker_skip_ip^128\.114\.125\..*$ relaychecker_pass_ip^10\.0\.0\..*$ relaychecker_keywords = cable catv ddns dhcp dial-?up dip dsl dynamic modem ppp # slightly more controversial keywords relaychecker_keywords = client fixed pool static user # the Rules describeRELAY_CHECKER Any RelayChecker rule hit metaRELAY_CHECKER (( RELAY_CHECKER_KEYWORDS + RELAY_CHECKER_IPHOSTNAME + RELAY_CHECKER_BADDNS + RELAY_CHECKER_NORDNS) > 0) score RELAY_CHECKER 6.0 describeRELAY_CHECKER_NORDNSNo PTR record header RELAY_CHECKER_NORDNSeval:relay_checker_nordns() score RELAY_CHECKER_NORDNS0.01 describeRELAY_CHECKER_BADDNSDoesn't have full circle DNS header RELAY_CHECKER_BADDNSeval:relay_checker_baddns() score RELAY_CHECKER_BADDNS0.01 describeRELAY_CHECKER_IPHOSTNAMEHostname contains IP address header RELAY_CHECKER_IPHOSTNAME eval:relay_checker_iphostname() score RELAY_CHECKER_IPHOSTNAME0.01 describeRELAY_CHECKER_KEYWORDS Hostname matches keywords header RELAY_CHECKER_KEYWORDS eval:relay_checker_keywords() score RELAY_CHECKER_KEYWORDS 0.01 i thnk's it's the default install, this value are correct or small ? Thanks bye
OT Question
Hey all, Did a botnet fall over or am I just lucky? spam has dropped dramatically here ~80% down. Not that I'm complaining - just curious is anyone else is seeing the same. KR Nigel
Re: Best Choice for Bayes filtering on SpamAssassin
Michael Scheidell wrote: -Original Message- From: Nigel Frankcom [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 2:24 PM To: SpamAssassin Subject: Re: Best Choice for Bayes filtering on SpamAssassin My MTA has a list of SA servers it will use in series; if 1 is unavailable it will got to 2 and so on. Biggest issue with that, is that box #2 will see less 'real email' then box #1, and have a very jaded view of the world... Almost EVERYTHING would be a spam token.. What you seem to have missed in the conversation is that there is a *single* bayes backend.. -- Craig smime.p7s Description: S/MIME Cryptographic Signature
Re: Best Choice for Bayes filtering on SpamAssassin
On Sat, 2 Dec 2006 14:27:57 -0500, "Michael Scheidell" <[EMAIL PROTECTED]> wrote: >> -Original Message- >> From: Nigel Frankcom [mailto:[EMAIL PROTECTED] >> Sent: Saturday, December 02, 2006 2:24 PM >> To: SpamAssassin >> Subject: Re: Best Choice for Bayes filtering on SpamAssassin >> >> My MTA has a list of SA servers it will use in series; if 1 >> is unavailable it will got to 2 and so on. > >Biggest issue with that, is that box #2 will see less 'real email' then >box #1, and have a very jaded view of the world... Almost EVERYTHING >would be a spam token.. > >Its pretty easy to set up a dual master/slave mysql server and let them >talk to each other. > >If its just the bayes db, there should be no collisions, but if there >are, a cronjob forcing a skip/restart should work. Since, as we well know, spammers aim for the higher MX's, they *should* have the more jaded view. That said, I don't face this issue since all SA's use the same db. My failover servers have lower scoring than my primaries for just this reason. Just as my servers that act as failover for other domains have lower tolerances. Primaries & failovers share user files so there's none of this fake address rubbish to deal with. This was one of the 1st issues we tackled with the MTA to avoid loading up the SA servers unnecessarily. Nigel
RE: Best Choice for Bayes filtering on SpamAssassin
> -Original Message- > From: Nigel Frankcom [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 02, 2006 2:24 PM > To: SpamAssassin > Subject: Re: Best Choice for Bayes filtering on SpamAssassin > > My MTA has a list of SA servers it will use in series; if 1 > is unavailable it will got to 2 and so on. Biggest issue with that, is that box #2 will see less 'real email' then box #1, and have a very jaded view of the world... Almost EVERYTHING would be a spam token.. Its pretty easy to set up a dual master/slave mysql server and let them talk to each other. If its just the bayes db, there should be no collisions, but if there are, a cronjob forcing a skip/restart should work.
Re: Best Choice for Bayes filtering on SpamAssassin
On Sat, 02 Dec 2006 18:31:47 +0100, Noc Phibee <[EMAIL PROTECTED]> wrote: >Thanks to your answer > >Yes 6 server in load balancing with for all 70 concurrency incoming >only for spam detect and 3 server for virus scan > > > > > >Michael Scheidell a écrit : >>> -Original Message- >>> From: Noc Phibee [mailto:[EMAIL PROTECTED] >>> Sent: Saturday, December 02, 2006 8:35 AM >>> To: users@spamassassin.apache.org >>> Subject: Best Choice for Bayes filtering on SpamAssassin >>> >>> >>> Hi >>> >>> i have 6 servers running on spamassassin 3.1.7 (now after a >>> upgrades). Actually, all have Bayes Filering with local Db >>> (default db, not sql) >>> >>> I want know what is the best choice ? : >>>- Default Db or MySQL db ? >>> >> >> MySql. Db can corrupt. Db WILL corrupt, and you can't replicate/share >> it. >> >> >>>- 1 Bayes Db per server or 1 Bayes on Sql for all server (same >>> database) >>> >> >> If all 'round robin' mx, maybe 1 bayes on each server. >> >> If priority (mx 1, mx 2, mx... Etc) having one bayes per server will >> give a very jaded view of the world for server 6 (spammers go for >> highest # mx first. All it will get is spam) >> >> Also depends on why 6 servers, are all 6 the same? Load balancing? >> Failover? Backup mx's? different functions? >> (some do SA, some do cached dns, some do mysql, some do postfix?) >> >> >> >> >>> My server receive 500 000/ 750 000 mails /days >>> >> >> I have one getting 10MM per day. >> >> Configured right, you would really only need two servers, the other 4 >> make an update/configuration problem. >> >> With 3 servers, you could try mysql nbd database (I have not yet tried >> this) >> With 2, you could try mysql replication dual-master/slave(and deal with >> collisions, collision skips might not be a big deal) >> >> With 2, you might try memory devices, and 'mirror' the memory device >> which would hold the mysql server (I have not tried this, I don't think >> that a missing record or two on the bayes db is any bid deal) >> >> You COULD, once per day, just after expire, dump/load the Bayesian from >> 'master' to slave. >> >> >> Hi, I run multiple SA server fronts end with a single MySQL bayes backend and have done for a number of years. At some point I'll add Load Balancing to the SQL but at the moment it's on a stable box with little or nothing else to do. To date I've had no issue with it; though my mail throughput is a fraction of yours. The reason for multiple SA's is/was to cover downtime on any given server for maintenance. My MTA has a list of SA servers it will use in series; if 1 is unavailable it will got to 2 and so on. How this would work under the heavy loads you experience is open to debate. All I can say is that it's worked very well here. HTH Nigel
RE: Best Choice for Bayes filtering on SpamAssassin
> -Original Message- > From: Noc Phibee [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 02, 2006 12:32 PM > To: Michael Scheidell > Cc: users@spamassassin.apache.org; Wazir Shpoon > Subject: Re: Best Choice for Bayes filtering on SpamAssassin > > > Thanks to your answer > > Yes 6 server in load balancing with for all 70 concurrency > incoming only for spam detect and 3 server for virus scan Than 6 LOCAL baysian, mysql tables won't hurt. I think it would be easier than trying to set up a master/slave on NDB reduncant sql table across 6 servers, and I have a superstition that in the long run, it won't matter much. (I think I would seed all 6 with a couple thousand each, spam and ham to get them started) -- Michael Scheidell, CTO SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news
RelayChecker ?
Hi, this is my RelayChecker config: # load the plugin loadplugin RelayCheckerRelayChecker.pm # configuration settings relaychecker_pass_auth 0 relaychecker_reduced_dns0 relaychecker_skip_ip^127\.0\.0\.1$ relaychecker_skip_ip^128\.114\.125\..*$ relaychecker_pass_ip^10\.0\.0\..*$ relaychecker_keywords = cable catv ddns dhcp dial-?up dip dsl dynamic modem ppp # slightly more controversial keywords relaychecker_keywords = client fixed pool static user # the Rules describeRELAY_CHECKER Any RelayChecker rule hit metaRELAY_CHECKER (( RELAY_CHECKER_KEYWORDS + RELAY_CHECKER_IPHOSTNAME + RELAY_CHECKER_BADDNS + RELAY_CHECKER_NORDNS) > 0) score RELAY_CHECKER 6.0 describeRELAY_CHECKER_NORDNSNo PTR record header RELAY_CHECKER_NORDNSeval:relay_checker_nordns() score RELAY_CHECKER_NORDNS0.01 describeRELAY_CHECKER_BADDNSDoesn't have full circle DNS header RELAY_CHECKER_BADDNSeval:relay_checker_baddns() score RELAY_CHECKER_BADDNS0.01 describeRELAY_CHECKER_IPHOSTNAMEHostname contains IP address header RELAY_CHECKER_IPHOSTNAME eval:relay_checker_iphostname() score RELAY_CHECKER_IPHOSTNAME0.01 describeRELAY_CHECKER_KEYWORDS Hostname matches keywords header RELAY_CHECKER_KEYWORDS eval:relay_checker_keywords() score RELAY_CHECKER_KEYWORDS 0.01 i thnk's it's the default install, this value are correct or small ? Thanks bye
Re: Best Choice for Bayes filtering on SpamAssassin
Thanks to your answer Yes 6 server in load balancing with for all 70 concurrency incoming only for spam detect and 3 server for virus scan Michael Scheidell a écrit : -Original Message- From: Noc Phibee [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 8:35 AM To: users@spamassassin.apache.org Subject: Best Choice for Bayes filtering on SpamAssassin Hi i have 6 servers running on spamassassin 3.1.7 (now after a upgrades). Actually, all have Bayes Filering with local Db (default db, not sql) I want know what is the best choice ? : - Default Db or MySQL db ? MySql. Db can corrupt. Db WILL corrupt, and you can't replicate/share it. - 1 Bayes Db per server or 1 Bayes on Sql for all server (same database) If all 'round robin' mx, maybe 1 bayes on each server. If priority (mx 1, mx 2, mx... Etc) having one bayes per server will give a very jaded view of the world for server 6 (spammers go for highest # mx first. All it will get is spam) Also depends on why 6 servers, are all 6 the same? Load balancing? Failover? Backup mx's? different functions? (some do SA, some do cached dns, some do mysql, some do postfix?) My server receive 500 000/ 750 000 mails /days I have one getting 10MM per day. Configured right, you would really only need two servers, the other 4 make an update/configuration problem. With 3 servers, you could try mysql nbd database (I have not yet tried this) With 2, you could try mysql replication dual-master/slave(and deal with collisions, collision skips might not be a big deal) With 2, you might try memory devices, and 'mirror' the memory device which would hold the mysql server (I have not tried this, I don't think that a missing record or two on the bayes db is any bid deal) You COULD, once per day, just after expire, dump/load the Bayesian from 'master' to slave.
RE: Rate question
Please note I'm not using that way, nor I'm using spamd. That said. From: Jeff [mailto:[EMAIL PROTECTED] > > I've seen an installation where postfix handed off mail directly to > spamd, treating it as a policy server in smtpd_recipient_restrictions. > I was thinking about doing this for a server with several thousand users > and heavy usage. > In that configuration, how would spamd behave under load? It would work more or less how it works in the more classical content filtering case, so I guess it wouldn't matter how you invoke it. > Is it likely to cause problems? I *guess* that the way you describe wouldn't allow the destinating user to have control of received spam. I mean, he/she wouldn't have a 'spam' folder in its mailbox. This may be a problem in case of false positives. BUT, also note that this way the senders gets informed of the undelivered message, since the postfix's connecting peer would get a 5xx error and, in case of a legitimate sender, he/she would easily get a bounce mail back from his/her smtp server. The 5xx error is not that bad in this, but also exposes a neck to spammers: since they have a feedback from your antispam engine, they may attempt multiple versions of their "payload" 'till they get into... > Should I be using amavis? I use it and I'm fine with it, but I don't see an easy way to integrate smtpd_recipient_restrictions with amavisd-new: amavis is designed to resubmit legitimate messages for final delivery to the MTA, so I don't see how could this cope with refusing the message at whole. However, if you forget the smtpd_recipient_restrictions way, you would get even antivirus handling thanks to amavis. > What's the best way to get mail to spamd when the volume is high? Actually, greylisting: you may decrease the inboung e-mail traffic a lot. giampaolo
Rewrite subject with score
I have seen this in the past but now can not find those email on how to do this. What i want to do is rewrite the subject line so when it is thought to be spam, it will appear like this: [SPAM] =the score of the email thought to be spam. Can some please let me know how to do this. Chris begin:vcard n:Arnold;Chris fn:Arnold, Chris url:http://www.mytimewithgod.net version:2.1 email;internet:[EMAIL PROTECTED] end:vcard
RE: optional score in local.cf is not working
>3) The Mail::SpamAssassin Perl API -- This allows the SpamAssassin code to > be called directly by another Perl program. This is how Amavisd runs. > It gets a message, calls the SpamAssassin routines, marks up the message, > and sends it along. It still only loads everything once, but it is being > loaded into Amavisd instead of spamd. Thank you all for clearing that up for me. I've stopped spamd and amavis still catching spam messages. So as I see it now amavisd just using SA routines via Perl API.
Rate question
I've seen an installation where postfix handed off mail directly to spamd, treating it as a policy server in smtpd_recipient_restrictions. I was thinking about doing this for a server with several thousand users and heavy usage. In that configuration, how would spamd behave under load? Is it likely to cause problems? Should I be using amavis? What's the best way to get mail to spamd when the volume is high?
RE: Best Choice for Bayes filtering on SpamAssassin
> -Original Message- > From: Noc Phibee [mailto:[EMAIL PROTECTED] > Sent: Saturday, December 02, 2006 8:35 AM > To: users@spamassassin.apache.org > Subject: Best Choice for Bayes filtering on SpamAssassin > > > Hi > > i have 6 servers running on spamassassin 3.1.7 (now after a > upgrades). Actually, all have Bayes Filering with local Db > (default db, not sql) > > I want know what is the best choice ? : >- Default Db or MySQL db ? MySql. Db can corrupt. Db WILL corrupt, and you can't replicate/share it. >- 1 Bayes Db per server or 1 Bayes on Sql for all server (same > database) If all 'round robin' mx, maybe 1 bayes on each server. If priority (mx 1, mx 2, mx... Etc) having one bayes per server will give a very jaded view of the world for server 6 (spammers go for highest # mx first. All it will get is spam) Also depends on why 6 servers, are all 6 the same? Load balancing? Failover? Backup mx's? different functions? (some do SA, some do cached dns, some do mysql, some do postfix?) > > My server receive 500 000/ 750 000 mails /days I have one getting 10MM per day. Configured right, you would really only need two servers, the other 4 make an update/configuration problem. With 3 servers, you could try mysql nbd database (I have not yet tried this) With 2, you could try mysql replication dual-master/slave(and deal with collisions, collision skips might not be a big deal) With 2, you might try memory devices, and 'mirror' the memory device which would hold the mysql server (I have not tried this, I don't think that a missing record or two on the bayes db is any bid deal) You COULD, once per day, just after expire, dump/load the Bayesian from 'master' to slave.
Botnet 0.5 plugin
Changes in 0.5: 1) in case there's a problem with SA reading the MTA's rdns value for the relay's hostname, Botnet will do a gethostbyaddr call _once_ per message. This may incur a slight performance hit. You can mitigate this by having a caching DNS server on whatever hosts are doing your spam assassin checks. 2) botnet_skip_domains allows you to specify domain name regular expressions which will be matched against the rdns value for the relay. In the case of a match, no Botnet rules will hit. 3) hopefully fixed a small problem in the "IP in Hostname" check. The hexidecimal and decimal octets are now checked in separate expressions. 4) added "mx" to the list of botnet_serverwords 5) added all of the rfc (forget which number) private IP blocks to botnet_skip_ip. Unless people find bugs, have a better solution for #1, or think that #4 causes too many misses, I think this might end up becoming the 1.0 release in a week or two. The 1.0 release will probably also include a file of suggested modifications to the meta rules, for people who want to link them in with DK, etc. (I'll try to track those down, but it might be best to email me off-list with "Botnet Metarule Alternative" in the subject, for such suggestions). And a I'll make a thank you note to various people who have contributed suggestions, code, feedback, stats, etc. somewhere in Botnet.txt. http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar (which is now a symlink to Botnet-0.5.tar ; the 0.4 is in the same directory as Botnet-0.4.tar) Install instructions are in the files INSTALL and Botnet.txt
Re: new Botnet plugin version soon
Rosenbaum, Larry M. wrote: From: Dennis Davis [mailto:[EMAIL PROTECTED] ... Question 2: someone asked why my module is "Botnet" instead of "Mail::SpamAssassin::Plugin::Botnet". The answer is: when I first started this (and this is/was my first SA Plugin authoring attempt), I tried that and it didn't work. If someone wants to look at it, and figure out how to make that work I prefer to have all the SpamAssassin plugins grouped together where the default install puts them. This is in the directory: /usr/local/libdata/perl5/site_perl/Mail/SpamAssassin/Plugin/ I would prefer to use the xxx/site_perl/Mail/SpamAssassin/Plugin for plugins that are packaged with SpamAssassin, and that any added-in plugins that I install separately go into /etc/mail/spamassassin. I also see no advantage to moving the "loadplugin" statement into the init.pre file unless there are rules in other .cf files that depend on the plugin. In other words, it's fine the way it is. My perspective is pretty much the same as Larry's. I prefer to keep "installed with the software" and "3rd party or locally installed/maintained" things in different locations. The site_perl stuff is what SpamAssassin installs with the software, and is not "3rd party" nor "locally installed/maintained". Therefore, if I can't make this change work while keeping the files in /etc/mail/spamassassin ... I'm not going to make that change. And, since, for some odd reason, I can't make the change work, I'm not going to break something that's working. Aesthetically I'd like the package name to be the full blown thing ... but practically speaking, "works" is better than "elegant". So, unless I suddenly realize why I couldn't get it to work the other way, this part is going to stay the way it is. (for those who might have insights, I'm currently running this on Mac OS X 10.3.(current), which has a funky perl that doesn't always put things in the right place ... so this might have worked if I was on 10.4.x, or when I switch to putting this on my Solaris machines (which happens Monday, actually))
Re: Easyjet e-mail scoring very high
In article <[EMAIL PROTECTED]>, David B Funk <[EMAIL PROTECTED]> writes >FYI, easyjet.com appears to have a valid SPF record, so > > whitelist_from_spf [EMAIL PROTECTED] > >should also work with out the hastle of trying to stay ahead >of mailserver changes. Unfortunately it looks like savvis.net wouldn't be covered by EasyJet's SPF record: easyjet.com.14297 IN TXT "v=spf1" "a" "mx" "include:dartmail.net" "~all" So we're all still screwed. Kevin
Re: bayes error
Jack Gostl wrote: > I've been looking at the spams that slip through, and I notice that > they have no Bayes score. Not a low score, but no score. I suspect > that is tied to this message in my log: > > Dec 2 02:00:44 web01 spamd[21664]: bayes: cannot open bayes > databases /home/gostl/.spamassassin/bayes_* R/W: lock failed: A > system call received an interrupt. > > I'm guessing that this is the result of two copies of spamd hitting > the Bayes files at once. Since we have several people sharing the same > Bayes files, this is a distinct possibility. R/W lock failures should not have amy impact on scoring. It will just cause autolearning to be skipped. Now R/O lock failures WILL cause bayes to not be used in scoring, but you're not getting those.
Best Choice for Bayes filtering on SpamAssassin
Hi i have 6 servers running on spamassassin 3.1.7 (now after a upgrades). Actually, all have Bayes Filering with local Db (default db, not sql) I want know what is the best choice ? : - Default Db or MySQL db ? - 1 Bayes Db per server or 1 Bayes on Sql for all server (same database) My server receive 500 000/ 750 000 mails /days thanks bye
Re: Problemes with sa-updates
Hihi ;=) i have deleted all spamassassin files, delete key into gpg and restart the installation and now that's work ! Thanks bye Sietse van Zanen a écrit : I do not speak French, though I learned some in high school. Signature faite le mer 22 nov 2006 00:58:01 Now, I'm only familiar with faite l'amour, but doesn't that mean the certificate is expired? If so, the channel maintainer should renew it. -Sietse -Original Message- From: Noc Phibee [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 09:21 To: users@spamassassin.apache.org Subject: Problemes with sa-updates Hi i have a lot of server with spamassassin 3.1.7 what sa-update work perfectly. But on one server, i have this error: [7053] dbg: gpg: populating temp signature file [7053] dbg: gpg: calling gpg [7053] dbg: gpg: gpg: Signature faite le mer 22 nov 2006 00:58:01 CET avec la clé RSA ID 24F434CE [7053] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1164153481 9 [7053] dbg: gpg: [GNUPG:] NO_PUBKEY 6C55397824F434CE [7053] dbg: gpg: gpg: Impossible de vérifier la signature: clé publique non trouvée error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 24F434CE Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY gpg --import GPG.KEY channel: GPG validation failed, channel failed [7053] dbg: diag: updates complete, exiting with code 4 [EMAIL PROTECTED] Bin]# i have downloaded the key and import it, but no change. Anyone know why ?
RE: Percentage of email that is spam after filtering?
Hi, Really what are the tools you're using and/or suggesting to generate such reports? Regards, Leon -Original Message- From: Quinn Comendant [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 29, 2006 2:41 AM To: SpamAssassin Users Subject: Re: Percentage of email that is spam after filtering? What is being used to generate these summaries? Q On Mon, 27 Nov 2006 18:03:55 -0500, Rick Macdougall wrote: > Ed Kasky wrote: >> At 02:00 PM Monday, 11/27/2006, Bill Randle wrote -=> >>> Like other posters, I don't have real stats on the amount of spam that >>> makes it past the filters, other than my own mailbox. I typically get >>> from 2-3 spam messages per day, on rare occasions, maybe 6-10. We use >>> blacklisting, the SARE rules, ImageInfo, FuzzyOCR and local custom >>> rules. >>> >>> Our overall stats for the last 24 hours are: Msgs %total %after rbl >>> total incoming messages: 84620 100% -- >>> rejected (cbl.abuseat.org, list.dsbl.org): 57624 68% -- >>> viruses (ClamAV):1830.2%0.7% >>> spam (blocked):22294 26% 83% >>> possible spam (sent to user mailbox):2520.3%0.9% >>> clean (sent to user mailbox): 18282.2%6.8% >>> >>> So, bottom line, of all the incoming mail, only 2.5% is actually >>> delivered to a customer mailbox. >>> >>> -Bill >> >> I thought I was the only one experiencing those numbers: >> >> Our overall stats since Sunday 4:00 am: Msgs %total %after rbl >> total incoming messages:5535 100% -- >> rejected (cbl.abuseat.org, list.dsbl.org): 4366 78% -- >> Sendmail Reject - Pre-Greeting Traffic: 3336% -- >> viruses (ClamAV): 230.4%0.5% >> spam (blocked): 4017.2%9.1% >> clean (sent to user mailbox):4127.4%9.4% >> > > Similar numbers here since 6am this morning on one of our 4 MX's > > Received 88952 100.00% > RBL Reject61965 69.66% > Clam 167 0.19% > Spam Reject 49115.52% > Spam Pass 599 0.67% > Clean 13580 15.27% > > Bear in mind that this particular machine is also the outbound MX for > another mailserver for Yahoo, AOL, Sympatico, etc for scanning > purposes, so the Clean number is going to be a little high. > > We are also very proactive about infected local users (we're an ISP) > so out Clam numbers are a lot lower than say a year ago when we > weren't scanning. > > Regards, > > Rick >
RE: Problemes with sa-updates
I do not speak French, though I learned some in high school. Signature faite le mer 22 nov 2006 00:58:01 Now, I'm only familiar with faite l'amour, but doesn't that mean the certificate is expired? If so, the channel maintainer should renew it. -Sietse -Original Message- From: Noc Phibee [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 09:21 To: users@spamassassin.apache.org Subject: Problemes with sa-updates Hi i have a lot of server with spamassassin 3.1.7 what sa-update work perfectly. But on one server, i have this error: [7053] dbg: gpg: populating temp signature file [7053] dbg: gpg: calling gpg [7053] dbg: gpg: gpg: Signature faite le mer 22 nov 2006 00:58:01 CET avec la clé RSA ID 24F434CE [7053] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1164153481 9 [7053] dbg: gpg: [GNUPG:] NO_PUBKEY 6C55397824F434CE [7053] dbg: gpg: gpg: Impossible de vérifier la signature: clé publique non trouvée error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 24F434CE Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY gpg --import GPG.KEY channel: GPG validation failed, channel failed [7053] dbg: diag: updates complete, exiting with code 4 [EMAIL PROTECTED] Bin]# i have downloaded the key and import it, but no change. Anyone know why ?
RE: bayes error
Plain and simple, put you bayes in a MySQL database. -Sietse From: Jack Gostl [mailto:[EMAIL PROTECTED] Sent: Saturday, December 02, 2006 09:17 To: Spamass Subject: bayes error I've been looking at the spams that slip through, and I notice that they have no Bayes score. Not a low score, but no score. I suspect that is tied to this message in my log: Dec 2 02:00:44 web01 spamd[21664]: bayes: cannot open bayes databases /home/gostl/.spamassassin/bayes_* R/W: lock failed: A system call received an interrupt. I'm guessing that this is the result of two copies of spamd hitting the Bayes files at once. Since we have several people sharing the same Bayes files, this is a distinct possibility. Is there any way to deal with this? Thanks - Jack
Problemes with sa-updates
Hi i have a lot of server with spamassassin 3.1.7 what sa-update work perfectly. But on one server, i have this error: [7053] dbg: gpg: populating temp signature file [7053] dbg: gpg: calling gpg [7053] dbg: gpg: gpg: Signature faite le mer 22 nov 2006 00:58:01 CET avec la clé RSA ID 24F434CE [7053] dbg: gpg: [GNUPG:] ERRSIG 6C55397824F434CE 1 2 00 1164153481 9 [7053] dbg: gpg: [GNUPG:] NO_PUBKEY 6C55397824F434CE [7053] dbg: gpg: gpg: Impossible de vérifier la signature: clé publique non trouvée error: GPG validation failed! The update downloaded successfully, but it was not signed with a trusted GPG key. Instead, it was signed with the following keys: 24F434CE Perhaps you need to import the channel's GPG key? For example: wget http://spamassassin.apache.org/updates/GPG.KEY gpg --import GPG.KEY channel: GPG validation failed, channel failed [7053] dbg: diag: updates complete, exiting with code 4 [EMAIL PROTECTED] Bin]# i have downloaded the key and import it, but no change. Anyone know why ?
bayes error
I've been looking at the spams that slip through, and I notice that they have no Bayes score. Not a low score, but no score. I suspect that is tied to this message in my log: Dec 2 02:00:44 web01 spamd[21664]: bayes: cannot open bayes databases /home/gostl/.spamassassin/bayes_* R/W: lock failed: A system call received an interrupt. I'm guessing that this is the result of two copies of spamd hitting the Bayes files at once. Since we have several people sharing the same Bayes files, this is a distinct possibility. Is there any way to deal with this? Thanks - Jack
