RE: ANTIDRUG rulesets
> > Put a full email (including all headers) on a web page somewhere. > > http://www.rocsca.it/it_by_confocal.out > > That's not a drug spam, that's a stock spam. It just happens > to be for a pharmacutical company. Sorry! I'm not very experienced with the kinds of spam.. I'ld very to learn to classify the spam per content.. I need a few documentation.. > Get the SARE stocks ruleset and you will have some better > luck. Often these are GIF images, so ImageInfo and FuzzyOCR > can both help a lot. OK. I will do.. Indeed I already use FuzzyOCR.. but it often miss to block this email.. I'm afraid that I use a bad dictonary (the default) and I'm looking for a better one.. rocsca
RE: ANTIDRUG rulesets
> Enable network tests. You may have to set up several things > correctly to get this to work, but just removing "-L" from > the spamd startup line may be enough as a start. I don' understand.. If I have a message in mbox format, what I have to do so that I can see what score SA should assign to it? I have seen the sintax of spamd command but It doesn't accept any kind of message as input parameter.. Should I run it in demonized mode and send the message on the the listening port? > >> Looking at this my Bayes scores it highly, but so does a > rules from > >> the SARE_STOCKS rule set. There are also a number of > network tests > >> which get this. > > > And so? How do you justify this? What I miss? > > Add-on rulesets. In this case the SARE stocks ruleset. Thanks, rocsca
RE: ANTIDRUG rulesets
> Can you so us which tests these emails hit on your system? Please tell me how I have to do.. rocsca
Re: ANTIDRUG rulesets
Rocco Scappatura wrote: Can you so us which tests these emails hit on your system? Please tell me how I have to do.. If you have the email saved in a text file called email.txt, run this command making sure that you are logged in as the user who spamd run as. spamassassin -t < email.txt If you want a lot more information you can use the debug switch spamassassin -D -t < email.txt -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
RE: ANTIDRUG rulesets
> If you have the email saved in a text file called email.txt, > run this command making sure that you are logged in as the > user who spamd run as. > > spamassassin -t < email.txt > > If you want a lot more information you can use the debug switch > > spamassassin -D -t < email.txt Thanks. Here the output on my system.. Spam detection software, running on the system "av5.stt.vir", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: BULLISH REPORT! Campaign for: MISJPrice: $0.17Target: $0.95Market: hellish! SOMEBODY KNOWS SOMETHING. [...] Content analysis details: (0.3 points, 5.0 required) pts rule name description -- -- 0.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_BIG BODY: HTML tag for a big font size
Re: ANTIDRUG rulesets
Hi, Rocco Scappatura wrote: If you have the email saved in a text file called email.txt, run this command making sure that you are logged in as the user who spamd run as. spamassassin -t < email.txt If you want a lot more information you can use the debug switch spamassassin -D -t < email.txt Thanks. Here the output on my system.. Spam detection software, running on the system "av5.stt.vir", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: BULLISH REPORT! Campaign for: MISJPrice: $0.17Target: $0.95Market: hellish! SOMEBODY KNOWS SOMETHING. [...] Content analysis details: (0.3 points, 5.0 required) pts rule name description -- -- 0.0 HTML_MESSAGE BODY: HTML included in message 0.3 HTML_FONT_BIG BODY: HTML tag for a big font size Wow! That is low... I think the next thing you need to do is run the command with the -D switch. It doesn't look like you are running any network tests, you are certainly not running any Bayes tests. Can you remind us what OS this is on, what version of spamasssassin, how you installed SA, how you call SA? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
RE: ANTIDRUG rulesets
> I think the next thing you need to do is run the command with > the -D switch. The output is attached.. > It doesn't look like you are running any network tests, you > are certainly not running any Bayes tests. I have executed the command you've sayed me after lauching spamd.. > Can you remind us what OS this is on, what version of > spamasssassin, how you installed SA, how you call SA? I call SA via amavisd-new-2.4.4 # /usr/bin/spamassassin --version SpamAssassin version 3.1.7 running on Perl version 5.8.8 OS: SLES 10 Linux av5 2.6.16.21-0.8-bigsmp #1 SMP Mon Jul 3 18:25:39 UTC 2006 i686 i686 i386 GNU/Linux rocsca it_by_confocal.out.debug Description: it_by_confocal.out.debug
Re: ANTIDRUG rulesets
Hi, Rocco Scappatura wrote: I think the next thing you need to do is run the command with the -D switch. The output is attached.. There are a few problems that jump out at me here, I am sure others will pick up on any I have missed: 1. [30482] dbg: dns: is Net::DNS::Resolver available? no [30482] dbg: dns: is DNS available? 0 These lines indicate that the Net::DNS Perl module is not installed. Without this no network tests will be run. You MUST install this module to get best use out of SA. 2. [30482] dbg: bayes: using username: amavis [30482] dbg: dbiplugin: Creating uncached database handle to 'bayes:mysql2.sttspa.intranet_bayes_bayes_AutoCommit=0_PrintError=0_Username=bayes' [30482] dbg: bayes: unable to connect to database: Access denied for user 'bayes'@'80.74.176.142' (using password: YES) [30482] dbg: config: score set 1 chosen. [30482] dbg: dbiplugin: Creating uncached database handle to 'bayes:mysql2.sttspa.intranet_bayes_bayes_AutoCommit=0_PrintError=0_Username=bayes' [30482] dbg: bayes: unable to connect to database: Access denied for user 'bayes'@'80.74.176.142' (using password: YES) Thes lines indicate that you have configured your Bayes system to use a MySQL database, but the connection to the database has failed. This looks like permission problems on the MySQL server. 3. [30482] dbg: config: read file /etc/mail/spamassassin/antidrug.cf You have the antidrug.cf rules file in your local config directory. The rules in this file are now included in the standard rule set for SA 3.x. This could be 'downgrading' some tests, remove this file. 4. You still don't appear to have the 70_sare_stocks.cf file installed. Get it from http://www.rulesemporium.com and install it in the local rules folder. Fix these problems and you should start to see much better results from SA. It doesn't look like you are running any network tests, you are certainly not running any Bayes tests. I have executed the command you've sayed me after lauching spamd.. Can you remind us what OS this is on, what version of spamasssassin, how you installed SA, how you call SA? I call SA via amavisd-new-2.4.4 I am not familiar with amavis, but you should always restart the daemon after making any changes to SA rules or configuration. # /usr/bin/spamassassin --version SpamAssassin version 3.1.7 running on Perl version 5.8.8 OS: SLES 10 Linux av5 2.6.16.21-0.8-bigsmp #1 SMP Mon Jul 3 18:25:39 UTC 2006 i686 i686 i386 GNU/Linux rocsca -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Re: Blocking MMS messages?
Steve Monkhouse wrote: Yeah that works for that one.. but with multiple originating sources and multiple carriers etc I thought there must be a better way than manually enetering every mms provider... ?? I'm old fashioned and don't own an MMS-enabled phone, but phone numbers are generally 12 numbers long if in the standard international form, prefixed with a "+". I just sent myself an SMS-to-email with Vodafone Italy and hit these rules: X-Spam-Status: No, score=2.532 tagged_above=-999 required=3.5 tests=[BAYES_00=-2.599, DNS_FROM_RFC_ABUSE=0.2, FORGED_RCVD_HELO=0.135, FROM_ENDS_IN_NUMS=2.53, FROM_LOCAL_HEX=1.305, NO_REAL_NAME=0.9 while the sender was [EMAIL PROTECTED] Take a survey of how your local providers format senders and write a set of rules accordingly. Paolo
Re: ANTIDRUG rulesets
Hi, Keep replies on the list. Rocco Scappatura wrote: [30482] dbg: dns: is Net::DNS::Resolver available? no [30482] dbg: dns: is DNS available? 0 Ive installed Net::DNS::Resolver. DNS server is local. And have you run spamassassin -D to make sure it is picking it up correctly? [30482] dbg: bayes: using username: amavis [30482] dbg: dbiplugin: Creating uncached database handle to 'bayes:mysql2.sttspa.intranet_bayes_bayes_AutoCommit=0_PrintEr ror=0_Username=bayes' [30482] dbg: bayes: unable to connect to database: Access denied for user 'bayes'@'80.74.176.142' (using password: YES) [30482] dbg: config: score set 1 chosen. [30482] dbg: dbiplugin: Creating uncached database handle to 'bayes:mysql2.sttspa.intranet_bayes_bayes_AutoCommit=0_PrintEr ror=0_Username=bayes' [30482] dbg: bayes: unable to connect to database: Access denied for user 'bayes'@'80.74.176.142' (using password: YES) Thes lines indicate that you have configured your Bayes system to use a MySQL database, but the connection to the database has failed. This looks like permission problems on the MySQL server. I ve corrected this... Good, you are now using the Bayes rules. [30482] dbg: config: read file /etc/mail/spamassassin/antidrug.cf You have the antidrug.cf rules file in your local config directory. The rules in this file are now included in the standard rule set for SA 3.x. This could be 'downgrading' some tests, remove this file. /etc/mail/spamassassin/antidrug.cf deleted Good. You still don't appear to have the 70_sare_stocks.cf file installed. Get it from http://www.rulesemporium.com and install it in the local rules folder. I have updated the config file of rules du jour to dowload the SARE STOCKs ruleset too.. Good. I ve restarted amavisd-new.. This is the score of the previous message.. Spam detection software, running on the system "av5.stt.vir", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: BULLISH REPORT! Campaign for: MISJPrice: $0.17Target: $0.95Market: hellish! SOMEBODY KNOWS SOMETHING. [...] Content analysis details: (1.8 points, 5.0 required) pts rule name description -- -- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.7 SARE_PROLOSTOCK_SYM3 BODY: Last week's hot stock scam 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5002] OK, getting there. You are know using the SARE STOCKS rules. Your Bayes system is working, although you now need to train it that these messages are SPAM. You can use the sa-learn utility to teach the Bayes system about Spam. sa-learn --ham < email.txt http://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html Your network tests are still not working. Run spamassassin -D again to make sure the Net::DNS installation is being used by SA. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Whitelist question
How would I whitelist mail from a listserv? Since the mail is shown to be from the user who sent it and not the listserv, I can't do a whitelist_from. Would it be easier to make a rule to look for the listserv domain in the header? How would I make a rule to look for just a word in the header, rather than a defined type?
Re: ANTIDRUG rulesets
Hi, Rocco Scappatura wrote: Your network tests are still not working. Run spamassassin -D again to make sure the Net::DNS installation is being used by SA. Infact, I'm tryng to install it cos it is not installed.. I have succeded.. Attached there is the output of spamassassin -D before and after instruct bayes db.. Success! That looks far more healthy now. You now need to feed as many of these messages into the Bayes system as possible. The Bayes system calculates its score on statistical probabilities feeding one message may not make a huge difference to the score, so you need to continue to feed messages into the system. If you can train your Bayes system to correctly mark these at 99% probability that will give you another 3.5 marks. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Re: Whitelist question
Hi > How would I whitelist mail from a listserv? Since the mail is shown to > be from the user who sent it and not the listserv, I can't do a > whitelist_from. Would it be easier to make a rule to look for the > listserv domain in the header? How would I make a rule to look for just > a word in the header, rather than a defined type? Define a whitelist_to ;-) http://ugweb.cs.ualberta.ca/howtos/spamassassin.html Regards Sebastian Ries -- DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart Tel: +49-711-849910-36 Fax: +49-711-849910-936 WEB: http://www.dtnet.de/ email: [EMAIL PROTECTED]
Re: ANTIDRUG rulesets
Rocco Scappatura wrote: Your network tests are still not working. Run spamassassin -D again to make sure the Net::DNS installation is being used by SA. Infact, I'm tryng to install it cos it is not installed.. I have succeded.. Attached there is the output of spamassassin -D before and after instruct bayes db.. The other thing to do is to run sa-update to make sure you are running the latest versions of the standard SA rules. http://spamassassin.apache.org/full/3.1.x/doc/sa-update.html -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Vbounce ruleset whitelist_bounce_relays
I've been trying to use the Vbounce ruleset [http://wiki.apache.org/spamassassin/VBounceRuleset] on spamassassin 3.1.4. I'm unable to get whitelist_bounce_relays to work... When I intentionally send an email to a non-existent remote address I get a bounce message marked exactly as if it had been a bogus bounce. Does anyone have whitelisted bounces working with vbounce?
dkim: lookup failed: DNS query timeout
The whole error shown is: Feb 13 03:07:31 localhost spamd[15060]: dkim: lookup failed: DNS query timeout for _policy._domainkey.littlepinkeggs.com I notice that several of my hourly logcheck messages are missing from a certain time period forward, also in my spam folder one message is repeated multiple times. Looking in my earthlink webmail folder I see that same message is still there. I also see this in my logs: Feb 13 03:09:41 localhost fetchmail[27931]: socket error while fetching from pop.earthlink.net If I delete this message from my webmail folder, mail pickup continues as normal. The headers of the message are below: Return-Path: <[EMAIL PROTECTED]> Received: from pop.earthlink.net [209.86.93.209] by localhost with POP3 (fetchmail-6.2.5) for [EMAIL PROTECTED] (single-drop); Tue, 13 Feb 2007 03:07:08 -0600 (CST) Received: from littlepinkeggs.com ([66.11.115.122]) by mx-limpkin.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1hgTCc6qY3Nl34p2 for <[EMAIL PROTECTED]>; Tue, 13 Feb 2007 04:06:21 -0500 (EST) Received: from unknown (HELO smtp18.yenddx.com) (Tue, 13 Feb 2007 19:03:59 +0900) by webmail.halftomorrow.com with LOCAL; Tue, 13 Feb 2007 19:03:59 +0900 Received: from mail.webhostings4u.com ([Tue, 13 Feb 2007 18:48:46 +0900]) by m1.gns.snv.thisdomainl.com with ASMTP; Tue, 13 Feb 2007 18:48:46 +0900 Received: from rly04.hottestmile.com [116.152.71.208] by relay-x.misswldrs.com with NNFMP; Tue, 13 Feb 2007 18:47:21 +0900 Received: from rly04.hottestmile.com [149.95.195.88] by rly04.hottestmile.com with SMTP; Tue, 13 Feb 2007 18:36:55 +0900 Received: from rly04.hottestmile.com [151.98.38.53] by smtp4.cyberemailings.com with SMTP; Tue, 13 Feb 2007 18:34:00 +0900 Message-ID: <[EMAIL PROTECTED]> Date: Tue, 13 Feb 2007 18:22:00 +0900 From: "Animal Lovers" <[EMAIL PROTECTED]> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.5+) Gecko/20011102 MIME-Version: 1.0 To: "Farm Friends" <[EMAIL PROTECTED]> Subject: : animal lovers Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000; X-SenderIP: 66.11.115.122 X-ASN: ASN-14572 X-CIDR: 66.11.112.0/20 I've removed part of the subject, not sure if it would have been tagged as spam due to that or not. What could be causing this? Is it a fetchmail problem, DNS problem? -- Chris KeyID 0xE372A7DA98E6705C pgpFfH07YMvCu.pgp Description: PGP signature
Re: Vbounce ruleset whitelist_bounce_relays
Steve [Spamassassin] writes: > I've been trying to use the Vbounce ruleset > [http://wiki.apache.org/spamassassin/VBounceRuleset] on spamassassin 3.1.4. > > I'm unable to get whitelist_bounce_relays to work... When I > intentionally send an email to a non-existent remote address I get a > bounce message marked exactly as if it had been a bogus bounce. > > Does anyone have whitelisted bounces working with vbounce? could you post an example of your config and the message you're testing with, in full? --j.
Re: dkim: lookup failed: DNS query timeout
Chris, > Feb 13 03:07:31 localhost spamd[15060]: dkim: lookup failed: DNS query > timeout for _policy._domainkey.littlepinkeggs.com DNS setup of domain littlepinkeggs.com is terribly broken, they have no name servers, and even whois gets stuck on them. The response from dkim plugin is normal. > I've removed part of the subject, not sure if it would have been tagged as > spam due to that or not. What could be causing this? Is it a fetchmail > problem, DNS problem? DNS problem on their side. > I notice that several of my hourly logcheck messages are missing from a > certain time period forward, also in my spam folder one message is repeated > multiple times. Looking in my earthlink webmail folder I see that same > message is still there. I also see this in my logs: > > Feb 13 03:09:41 localhost fetchmail[27931]: socket error while fetching > from pop.earthlink.net This may be unrelated to the littlepinkeggs.com problem. Mark
RE: ANTIDRUG rulesets
> The other thing to do is to run sa-update to make sure you > are running the latest versions of the standard SA rules. > > http://spamassassin.apache.org/full/3.1.x/doc/sa-update.html I already use rules_du_jour.. It's OK? Or I can obtain further improvement using sa-update? rocsca
Re: [2] Sender domain must have a DNS MX
Hi Ron and Dan I have the same issues. Have you resolved this problem? If you did, and have a solutions, could you please help me out with it? Thank you in advance more detail below. JT X-Message-Info: LsUYwwHHNt3660MmjhEvYg2f34OAemlKwfim1hp8BGs= Received: from bay0-omc3-s19.bay0.hotmail.com ([65.54.246.219]) by bay0-imc1-s33.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Tue, 13 Feb 2007 04:57:11 -0800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Tue, 13 Feb 2007 04:57:10 -0800 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C7313F958203D8005941F8bay0?omc3?s19.ba" X-DSNContext: 7ce717b1 - 1196 - 0002 - Message-ID: <[EMAIL PROTECTED]> Subject: Delivery Status Notification (Failure) Return-Path: <> X-OriginalArrivalTime: 13 Feb 2007 12:57:11.0101 (UTC) FILETIME=[79C096D0:01C74F6E] This is a MIME-formatted message. Portions of this message may be unreadable without a MIME-capable mail program. --9B095B5ADSN=_01C7313F958203D8005941F8bay0?omc3?s19.ba Content-Type: text/plain; charset=unicode-1-1-utf-7 This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. [EMAIL PROTECTED] --9B095B5ADSN=_01C7313F958203D8005941F8bay0?omc3?s19.ba Content-Type: message/delivery-status Reporting-MTA: dns;bay0-omc3-s19.bay0.hotmail.com Received-From-MTA: dns;hotmail.com Arrival-Date: Tue, 13 Feb 2007 04:56:28 -0800 Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.2.1 Diagnostic-Code: smtp;550 5.2.1 Mailbox unavailable. Sender domain must have a DNS MX or A/CNAME record. --9B095B5ADSN=_01C7313F958203D8005941F8bay0?omc3?s19.ba Content-Type: message/rfc822 Received: from hotmail.com ([64.4.19.86]) by bay0-omc3-s19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 13 Feb 2007 04:56:28 -0800 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 13 Feb 2007 04:56:28 -0800 Message-ID: <[EMAIL PROTECTED]> Received: from 12.170.158.5 by BAY109-DAV14.phx.gbl with DAV; Tue, 13 Feb 2007 12:56:25 + X-Originating-IP: [12.170.158.5] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: "Joe Tran" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: test from hotmail 7:58 Date: Tue, 13 Feb 2007 07:58:38 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0041_01C74F44.C51E5BA0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-OriginalArrivalTime: 13 Feb 2007 12:56:28.0590 (UTC) FILETIME=[6069ECE0:01C74F6E] Return-Path: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_0041_01C74F44.C51E5BA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0041_01C74F44.C51E5BA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0041_01C74F44.C51E5BA0-- --9B095B5ADSN=_01C7313F958203D8005941F8bay0?omc3?s19.ba-- Ron-45 wrote: > > I am getting the following as a bounced message when I send mail to > this one person: > > <[EMAIL PROTECTED]>: host tane-uma.de[81.169.136.73] said: 550 5.2.1 > Mailbox unavailable. Sender domain must have a DNS MX or A/CNAME > record. > (in reply to RCPT TO command) > > I have never seen anything like this for any other email I send from > the same server, and I am wondering if it is something I have set up > wrong, or a problem on their end. I assume this is a spam prevention > technique. > > I run several (virtual) domains off my one server, so if they are > doing a reverse DNS lookup, it is not going to return the correct > domain, but I know a lot of servers do this as well.If this is > indeed what they are doing, how can you set up a sever that hosts > several domains off a single IP address to not fail this spam test? > > The other thing that might be complicating this is that server1.net > (1.2.3.1) hosts email for email1.net and email2.net. But, when I send > email for [EMAIL PROTECTED], server2.net (1.2.3.2) is the outgoing server. > I do this so I can just manage one severs that is relaying mail from > client apps (thunderbird). I don't think this is that abnormal, if > not, how do I make it work correctly for this kind of spam detection? > > Or is the receiving server just broken? > > I apologize that this isn't a 100% spamassassin related question. > > Ron > > -- View this message in context: http://www.nabble.com/Sender-domain-must-have-a-DNS-MX-tf3171099.html#a8944622 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Vbounce ruleset whitelist_bounce_relays
Justin Mason wrote: could you post an example of your config and the message you're testing with, in full? OK in /etc/mail/spamassassin/local.cf -- allow_user_rules 1 bayes_auto_expire 0 whitelist_bounce_relays mail.mydomain.com -- A bounce message which should have been whitelisted: cut Return-Path: <> X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on server.mydomain.com X-Spam-Level: *** X-Spam-Status: No, score=3.7 required=5.0 tests=ANY_BOUNCE_MESSAGE,AWL, BAYES_99,BOUNCE_MESSAGE autolearn=no version=3.1.4 X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: by mail.mydomain.com (Postfix) id EFBE62E48F; Wed, 7 Feb 2007 12:57:43 + (GMT) Date: Wed, 7 Feb 2007 12:57:43 + (GMT) From: [EMAIL PROTECTED] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="6DFA62E3AF.1170853063/mail.mydomain.com" Message-Id: <[EMAIL PROTECTED]> This is a MIME-encapsulated message. --6DFA62E3AF.1170853063/mail.mydomain.com Content-Description: Notification Content-Type: text/plain This is the Postfix program at host mail.mydomain.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program <[EMAIL PROTECTED]>: host mx1.uk.tiscali.com[212.74.100.152] said: 550 RCPT TO:<[EMAIL PROTECTED]> User unknown (in reply to RCPT TO command) --6DFA62E3AF.1170853063/mail.mydomain.com Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; mail.mydomain.com X-Postfix-Queue-ID: 6DFA62E3AF X-Postfix-Sender: rfc822; [EMAIL PROTECTED] Arrival-Date: Wed, 7 Feb 2007 12:57:38 + (GMT) Final-Recipient: rfc822; [EMAIL PROTECTED] Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host mx1.uk.tiscali.com[212.74.100.152] said: 550 RCPT TO:<[EMAIL PROTECTED]> User unknown (in reply to RCPT TO command) --6DFA62E3AF.1170853063/mail.mydomain.com Content-Description: Undelivered Message Content-Type: message/rfc822 Received: from [127.0.0.1] (localhost [127.0.0.1]) by mail.mydomain.com (Postfix) with ESMTP id 6DFA62E3AF for <[EMAIL PROTECTED]>; Wed, 7 Feb 2007 12:57:38 + (GMT) Message-ID: <[EMAIL PROTECTED]> Date: Wed, 07 Feb 2007 12:57:36 + From: Steve <[EMAIL PROTECTED]> User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: [EMAIL PROTECTED] Subject: Test 6... Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Doah! --6DFA62E3AF.1170853063/mail.mydomain.com-- cut
Re: dkim: lookup failed: DNS query timeout
On Tuesday 13 February 2007 7:42 am, Mark Martinec wrote: > > > I notice that several of my hourly logcheck messages are missing from a > > certain time period forward, also in my spam folder one message is > > repeated multiple times. Looking in my earthlink webmail folder I see > > that same message is still there. I also see this in my logs: > > > > Feb 13 03:09:41 localhost fetchmail[27931]: socket error while fetching > > from pop.earthlink.net > > This may be unrelated to the littlepinkeggs.com problem. > > Mark Thanks Mark, its odd though that once I delete the message from the EL server, things are back to normal in regards to the socket error. -- Chris KeyID 0xE372A7DA98E6705C pgppoS3e49Efw.pgp Description: PGP signature
Cannot find the /var/lib/spamassassin catalgue
on my system, and can therfore not find the latest config files. I run SA 3.1.7 and are doing sa-update from time to time, but I'm not assured that the latest version is installed. When I type sa-update -V, I get: sa-update version svn454083 running on Perl version 5.8.8 How can I know this is the latest version? R Dag
Re: Cannot find the /var/lib/spamassassin catalgue
On Tue, Feb 13, 2007 at 03:48:02PM +0100, Dag Ringdal wrote: > 3.1.7 and are doing sa-update from time to time, but I'm not assured that the > latest version is installed. When I type sa-update -V, I get: > sa-update version svn454083 > running on Perl version 5.8.8 > How can I know this is the latest version? Do you care about the latest rules, or the latest version of sa-update? If the former, run "sa-update -D" and the debug output will tell you. If the latter, you have 3.1.7 installed which is (at the moment), the latest release available. -- Randomly Selected Tagline: "A college student who nearly died after a night of pledge drinking is filled a negligence suit against the school, the frat, and the bar where the drinking took place. Now, does anyone disagree with me when I say, the more frat kids who die, the better?"- Bill Maher pgpvC3SzYiYYG.pgp Description: PGP signature
sa-stats and Spamtagging
I recently ran sa-stats (Dallas's script, not the one in SA) Email:10373 Autolearn: 1575 AvgScore: 7.45 AvgScanTime: 3.74 sec Spam: 6179 Autolearn: 680 AvgScore: 12.44 AvgScanTime: 4.03 sec Ham: 4194 Autolearn: 895 AvgScore: 0.10 AvgScanTime: 3.33 sec Time Spent Running SA:10.79 hours Time Spent Processing Spam:6.91 hours Time Spent Processing Ham: 3.88 hours TOP SPAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 454974.92 73.62 76.82 2BAYES_99 394140.06 63.785.10 3AWL 217949.99 35.26 71.67 4BOTNET 186618.40 30.201.03 5URIBL_JP_SURBL 166716.15 26.980.19 -- TOP HAM RULES FIRED -- RANKRULE NAME COUNT %OFMAIL %OFSPAM %OFHAM -- 1HTML_MESSAGE 322274.92 73.62 76.82 2AWL 300649.99 35.26 71.67 3BAYES_00 252225.401.83 60.13 4MIME_HTML_ONLY 169328.26 20.04 40.37 5FORGED_RCVD_HELO 119516.778.82 28.49 -- Now, perhaps I am misunderstanding, but BAYES_99 is hitting on 5% of ham? and AWL on 35% of spam? Looking at this is looks to my, albeit untrained, eye as is something is quite wrong with my spam-tagging solution. Now, to be fair, a large percentage of the incoming spam is being stopped by greylisting before SA ever sees it. Am I worrying over nothing? I do seem to get spam only on those accounts for which greylisting is inactive, but on those I get a LOT that SA fails to tag, including just about every one of those image spams with the 2K or so of seemingly randomish text in the plain/text portion. I am running RDJ with several rules and my SA version is SpamAssassin-3.1.7 TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0 SARE_REDIRECT_POST300 SARE_OBFU"; and RDJ is not reporting any errors -- #27794 ... I wonder if the really nerdy Klingons learn how to speak english
Re: sa-stats and Spamtagging
On Tue, 13 Feb 2007, LuKreme wrote: Now, perhaps I am misunderstanding, but BAYES_99 is hitting on 5% of ham? and AWL on 35% of spam? Keep in mind that AWL is slightly misnamed; it doesn't just whitelist, it adjusts scores (both positively and negatively) based on previous history. So the fact that it's hitting on 35% of your spam is pretty meaningless, really. sa-stats counts something as spam that SA marks as spam. So the fact that BAYES_99 is hitting on 5% of ham means (roughly) that 5% of your unmarked mail hit either only BAYES_99 or BAYES_99 and not enough other rules to mark it as spam. That means, respectively, that either you need to work on training your Bayes better, or that your Bayesian component is very well trained and that you need to turn up the scores for BAYES_99. The only way to know the difference is to look at the messages that are getting tagged with BAYES_99 but are not marked as spam. If Bayes is right about them, turn up your scoring; if not, continue training. This is where a user feedback look -- such as spam/ham reporting links in your webmail client, or the equivalent training for desktop client users -- can be really useful. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University Never send mail to [EMAIL PROTECTED]
Re: ANTIDRUG rulesets
Rocco Scappatura wrote: The other thing to do is to run sa-update to make sure you are running the latest versions of the standard SA rules. http://spamassassin.apache.org/full/3.1.x/doc/sa-update.html I already use rules_du_jour.. It's OK? Or I can obtain further improvement using sa-update? sa-update updates the stock rules that are distributed with SA. Rules Du Jour is used to update add-on rulesets like the SARE rules. If you are not running sa-update you are only updating a small section of your rules. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW:http://www.chime.ucl.ac.uk/~rmhiajp/ "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw
Re: sa-stats and Spamtagging
[EMAIL PROTECTED] says... > Am I worrying over nothing? I do seem to get spam only on those > accounts for which greylisting is inactive, but on those I get a LOT > that SA fails to tag, including just about every one of those image > spams with the 2K or so of seemingly randomish text in the plain/text > portion. Have you considered FuzzyOCR or ImageInfo? Without them I know that I'd be slammed by the 'buy your drugs here' image spams. Obviously there's going to be a CPU hit for FuzzyOCR but perhaps with your greylisting the number of messages that it'll work on will be manageable? -- A.
Re: sa-stats and Spamtagging
On 13-Feb-2007, at 08:39, Chris St. Pierre wrote: This is where a user feedback look -- such as spam/ham reporting links in your webmail client, or the equivalent training for desktop client users -- can be really useful. Ideally I'd like to have per-user bayes, but some of my users are managed through courier/mysql and I've just not gotten to the point of working up how to managed bates for those users, or if it's even possible. I guess what I'd like to have is a IMAP mailbox created for every user where they can drop in spam and have bayes learn it. I set something up for the non-mysql users that worked, mostly, but never got further than that. -- The other cats just think he's a tosser. --Neil Gaiman
Re: sa-stats and Spamtagging
On 13-Feb-2007, at 09:08, Alexis Manning wrote: [EMAIL PROTECTED] says... Am I worrying over nothing? I do seem to get spam only on those accounts for which greylisting is inactive, but on those I get a LOT that SA fails to tag, including just about every one of those image spams with the 2K or so of seemingly randomish text in the plain/text portion. Have you considered FuzzyOCR or ImageInfo? No, I haven't really looked into it. I did note that the version in ports is 2.3 and that version is no longer maintained. Since everything SA related is managed in my ports tree, I am loath to install FuzzyOCR separately. I think that's as far as I got last time. Also, FuzzyOCR seems to have a lot of dependencies, which makes non-ports install even less desirable. I went ahead and tried to install ImageInfo from SARE, so we'll see how that goes. I get a lot of warnings on --lint though: [18402] dbg: plugin: loading Mail::SpamAssassin::Plugin::DKIM from @INC [18402] warn: plugin: failed to parse plugin (from @INC): Can't locate Mail/DKIM.pm in @INC (@INC contains: /usr/local/lib/perl5/ site_perl/5.8.8 /usr/local/lib/perl5/5.8.8/BSDPAN /usr/local/lib/ perl5/site_perl/5.8.8/mach /usr/local/lib/perl5/site_perl/5.8.7 /usr/ local/lib/perl5/site_perl/5.8.2 /usr/local/lib/perl5/site_perl/5.6.2 / usr/local/lib/perl5/site_perl/5.6.1 /usr/local/lib/perl5/site_perl / usr/local/lib/perl5/5.8.8/mach /usr/local/lib/perl5/5.8.8) at /usr/ local/lib/perl5/site_perl/5.8.8/Mail/SpamAssassin/Plugin/DKIM.pm line 60. [18402] warn: Compilation failed in require at (eval 99) line 1. [18402] warn: plugin: failed to create instance of plugin Mail::SpamAssassin::Plugin::DKIM: Can't locate object method "new" via package "Mail::SpamAssassin::Plugin::DKIM" at (eval 100) line 1. Without them I know that I'd be slammed by the 'buy your drugs here' image spams. Obviously there's going to be a CPU hit for FuzzyOCR but perhaps with your greylisting the number of messages that it'll work on will be manageable? I expect so, the mailserver is under a very light load. I'll see how ImageInfo works for now. -- There are 10 types of people in the world: Those who understand binary, and those who don't.
Re: Cannot find the /var/lib/spamassassin catalgue
Tirsdag 13 februar 2007 16:30, skrev Theo Van Dinter:
> On Tue, Feb 13, 2007 at 03:48:02PM +0100, Dag Ringdal wrote:
> > 3.1.7 and are doing sa-update from time to time, but I'm not assured that
> > the latest version is installed. When I type sa-update -V, I get:
> > sa-update version svn454083
> > running on Perl version 5.8.8
> > How can I know this is the latest version?
>
> Do you care about the latest rules, or the latest version of sa-update?
> If the former, run "sa-update -D" and the debug output will tell you.
> If the latter, you have 3.1.7 installed which is (at the moment), the
> latest release available.
I care about the rules as well. Where can I find whether the lastest rules is
updated and in use?
Dag
Here is a print av sa-update -D:
sa-update -D
[25234] dbg: logger: adding facilities: all
[25234] dbg: logger: logging level is DBG
[25234] dbg: generic: SpamAssassin version 3.1.7
[25234] dbg: config: score set 0 chosen.
[25234] dbg: message: MIME PARSER START
[25234] dbg: message: main message type: text/plain
[25234] dbg: message: parsing normal part
[25234] dbg: message: added part, type: text/plain
[25234] dbg: message: MIME PARSER END
[25234] dbg: dns: is Net::DNS::Resolver available? yes
[25234] dbg: dns: Net::DNS version: 0.55
[25234] dbg: generic: sa-update version svn454083
[25234] dbg: generic: using update directory: /var/lib/spamassassin/3.001007
[25234] dbg: diag: perl platform: 5.008008 linux
[25234] dbg: diag: module installed: Digest::SHA1, version 2.10
[25234] dbg: diag: module installed: HTML::Parser, version 3.48
[25234] dbg: diag: module installed: MIME::Base64, version 3.07
[25234] dbg: diag: module installed: DB_File, version 1.814
[25234] dbg: diag: module installed: Net::DNS, version 0.55
[25234] dbg: diag: module installed: Net::SMTP, version 2.29
[25234] dbg: diag: module not installed: Mail::SPF::Query ('require' failed)
[25234] dbg: diag: module not installed: IP::Country::Fast ('require' failed)
[25234] dbg: diag: module installed: Razor2::Client::Agent, version 2.77
[25234] dbg: diag: module not installed: Net::Ident ('require' failed)
[25234] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed)
[25234] dbg: diag: module not installed: IO::Socket::SSL ('require' failed)
[25234] dbg: diag: module installed: Time::HiRes, version 1.86
[25234] dbg: diag: module installed: DBI, version 1.50
[25234] dbg: diag: module installed: Getopt::Long, version 2.35
[25234] dbg: diag: module installed: LWP::UserAgent, version 2.033
[25234] dbg: diag: module installed: HTTP::Date, version 1.47
[25234] dbg: diag: module installed: Archive::Tar, version 1.24
[25234] dbg: diag: module installed: IO::Zlib, version 1.04
[25234] dbg: gpg: Searching for 'gpg'
[25234] dbg: util: current PATH
is:
/home/dagr/bin:/usr/local/bin:/usr/bin:/sbin:/usr/X11R6/bin:/usr/sbin:/bin:/usr/games:/opt/gnome/bin:/opt/kde3/bin:/usr/lib/jvm/jre/bin
[25234] dbg: util: executable for gpg was found at /usr/bin/gpg
[25234] dbg: gpg: found /usr/bin/gpg
[25234] dbg: gpg: release trusted key id list:
5E541DC959CB8BAC7C78DFDC4056A61A5244EC45
26C900A46DD40CD5AD24F6D7DEE01987265FA05B
0C2B1D7175B852C64B3CDC716C55397824F434CE
[25234] dbg: channel: attempting channel updates.spamassassin.org
[25234] dbg: channel: update
directory /var/lib/spamassassin/3.001007/updates_spamassassin_org
[25234] dbg: channel: channel cf
file /var/lib/spamassassin/3.001007/updates_spamassassin_org.cf
[25234] dbg: channel: channel pre
file /var/lib/spamassassin/3.001007/updates_spamassassin_org.pre
[25234] dbg: dns: query failed: 7.1.3.updates.spamassassin.org => NOERROR
[25234] dbg: channel: no updates available, skipping channel
[25234] dbg: diag: updates complete, exiting with code 1
Re: Cannot find the /var/lib/spamassassin catalgue
On Tue, Feb 13, 2007 at 06:37:23PM +0100, Dag Ringdal wrote: > I care about the rules as well. Where can I find whether the lastest rules is > updated and in use? > > [25234] dbg: dns: query failed: 7.1.3.updates.spamassassin.org => NOERROR In your case, you got a DNS error... I'd get that problem fixed, and then you'd see something like: [8572] dbg: channel: metadata version = 503923 [8572] dbg: dns: 7.1.3.updates.spamassassin.org => 503923, parsed as 503923 [8572] dbg: channel: current version is 503923, new version is 503923, skipping channel -- Randomly Selected Tagline: "First they ignore you, then they laugh at you, then they fight you, then you win." - Gandhi pgp72C0aFshR2.pgp Description: PGP signature
Re: Cannot find the /var/lib/spamassassin catalgue
Tirsdag 13 februar 2007 19:15, skrev Theo Van Dinter: > On Tue, Feb 13, 2007 at 06:37:23PM +0100, Dag Ringdal wrote: > > I care about the rules as well. Where can I find whether the lastest > > rules is updated and in use? > > > > [25234] dbg: dns: query failed: 7.1.3.updates.spamassassin.org => NOERROR > > In your case, you got a DNS error... I'd get that problem fixed, and then > you'd see something like: > > [8572] dbg: channel: metadata version = 503923 > [8572] dbg: dns: 7.1.3.updates.spamassassin.org => 503923, parsed as 503923 > [8572] dbg: channel: current version is 503923, new version is 503923, > skipping channel Is it something I shall do?
FuzzyOcr - no image files found in samples?
I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out with the samples images, but I keep getting: [25404] dbg: FuzzyOcr: Starting FuzzyOcr... [25404] info: FuzzyOcr: Processing Message with ID "" ( -> ) [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. And the log file just says: 2007-02-13 13:38:56 [26451] Processing Message with ID "" ( -> ) What might I be missing? --Steve
MTA Search: Non contiguous ranges?
Hello, I would like a Mail Transfer Agent recommendation. What's the best MTA, running on any platform, that will accept two or more thresholds (non-contiguous weight values) for treating messages as spam? Something like: 0-1 is ham 2-9 is spam 10 is ham 11-99 is spam Where 4 paths are possible, instead of the normal 2 (below 10 allow, above 10 tag) such that the treat-as-ham values are literally in between the spam values. This can be native or via a plugin. In order of priority, I'm looking for: 1) Compatibility with SpamAssassin 2) Non contiguous score acceptance 3) Compatibility with multiple AV scanners 4) Ease of use 5) Good logging system Thanks, Dan
Re: MTA Search: Non contiguous ranges?
On Tue, Feb 13, 2007 at 10:57:44AM -0800, Dan wrote: > I would like a Mail Transfer Agent recommendation. What's the best > MTA, running on any platform, that will accept two or more thresholds > (non-contiguous weight values) for treating messages as spam? MTAs don't care about ham or spam, they just deliver messages. I think you're looking for a milter/third-party MTA integration. Just fyi. -- Randomly Selected Tagline: Bingo, gas station, hamburger with a side order of airplane noise, and you'll be Gary, Indiana. - Jessie in the movie "Greaser's Palace" pgpLczz2OJQUn.pgp Description: PGP signature
Re: MTA Search: Non contiguous ranges?
Dan wrote: I would like a Mail Transfer Agent recommendation. What's the best MTA, running on any platform, that will accept two or more thresholds (non-contiguous weight values) for treating messages as spam? Something like: ... Where 4 paths are possible, instead of the normal 2 (below 10 allow, above 10 tag) such that the treat-as-ham values are literally in between the spam values. This can be native or via a plugin. Sendmail with MIMEDefang can do that. MIMEDefang can talk to SpamAssassin and several virus scanners, and you can control its behavior using Perl. This means you can set up any behavior you want. As an example, we currently have a three-tiered setup where mail below the SpamAssassin threshold is allowed through, mail above a higher threshold is rejected, and mail in the middle is let through but flagged as spam. It would have no problem defining behavior for additional score ranges. MIMEDefang is free and open-source (GPL). The authors also have a commercial product, Can-It, with additional capabilities and simpler administration: -- Kelson Vibber SpeedGate Communications
RE: ANTIDRUG rulesets
> -Original Message- > From: Anthony Peacock [mailto:[EMAIL PROTECTED] > Sent: 13 February 2007 15:56 > To: SpamAssassin Users > sa-update updates the stock rules that are distributed with > SA. Rules Du Jour is used to update add-on rulesets like the > SARE rules. > > If you are not running sa-update you are only updating a > small section of your rules. I believe there a way to use sa-update to get the SARE rules from saupdates.openprotect.com. Jon
Re: Whitelist question
Joe Zitnik wrote: > How would I whitelist mail from a listserv? Since the mail is shown > to be from the user who sent it and not the listserv, I can't do a > whitelist_from. Would it be easier to make a rule to look for the > listserv domain in the header? How would I make a rule to look for > just a word in the header, rather than a defined type? whitelist_from will also match return-path type headers, not just From:. Therefore, you can use it for mailing lists, as long as your mailserver is creating a return-path or envelope-sender header before passing mail to SA. That said *NEVER* use whitelist_from unless you absolutely have to. ALWAYS try to find a way to use whitelist_from_rcvd.
Re: FuzzyOcr - no image files found in samples?
Steve Pfister wrote: > > I’m trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) > on RedHat Linux 9 with Spamassassin 3.1.7. I’m trying to test it out > with the samples images, but I keep getting: > > > > [25404] dbg: FuzzyOcr: Starting FuzzyOcr... > > [25404] info: FuzzyOcr: Processing Message with ID "" > ( -> ) > > [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... > > [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. > > > > And the log file just says: > > > > 2007-02-13 13:38:56 [26451] Processing Message with ID " messageid>" ( -> ) > > > > What might I be missing? > Sounds like you're missing an email that the images are attached to.
Re: MTA Search: Non contiguous ranges?
On Tuesday 13 February 2007 19:57, Dan wrote: > I would like a Mail Transfer Agent recommendation. What's the best > MTA, running on any platform, that will accept two or more thresholds > (non-contiguous weight values) for treating messages as spam? > Something like: > > 0-1 is ham > > 2-9 is spam > > 10 is ham > > 11-99 is spam Now I'm curious. How does that work? > Where 4 paths are possible, instead of the normal 2 (below 10 allow, > above 10 tag) such that the treat-as-ham values are literally in > between the spam values. This can be native or via a plugin. Exim can do that without any plugin. > In order of priority, I'm looking for: > > 1) Compatibility with SpamAssassin Check! > 2) Non contiguous score acceptance Exim can do almost anything you want. > 3) Compatibility with multiple AV scanners Check! > 4) Ease of use That's what Exim is best at. > 5) Good logging system I think so, but I can't guarantee that there is no MTA with better logging facilities. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) "Exim is better at being younger, whereas sendmail is better for Scrabble (50 point bonus for clearing your rack)" -- Dave Evans pgpUC9S7uydCr.pgp Description: PGP signature
RE: FuzzyOcr - no image files found in samples?
Sorry... I guess I wasn't clear. I'm running: Spamassassin -tD < ocr-animated.eml In the samples directory of FuzzyOcr-3.5.1. It's saying there's no image files found. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 4:41 PM To: Steve Pfister Cc: users@spamassassin.apache.org Subject: Re: FuzzyOcr - no image files found in samples? Steve Pfister wrote: > > I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) > on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out > with the samples images, but I keep getting: > > > > [25404] dbg: FuzzyOcr: Starting FuzzyOcr... > > [25404] info: FuzzyOcr: Processing Message with ID "" > ( -> ) > > [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... > > [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. > > > > And the log file just says: > > > > 2007-02-13 13:38:56 [26451] Processing Message with ID " messageid>" ( -> ) > > > > What might I be missing? > Sounds like you're missing an email that the images are attached to.
Re: FuzzyOcr - no image files found in samples?
Interesting. What's odd is that FuzzyOCR calls it has having no messageid. Does any other part of the debug output indicate SA understands the message id/sender/recipients? Does the file itself contain a message-id header? ie: Message-ID: <[EMAIL PROTECTED]> Do the line-wraps look right, or are there bunches of ^M's everywhere indicating this was edited on a windows box? I'm largely trying to narrow in on where the problem lies. Is it a file problem, a SA problem, or a fuzzy OCR problem... Steve Pfister wrote: > Sorry... I guess I wasn't clear. I'm running: > > Spamassassin -tD < ocr-animated.eml > > In the samples directory of FuzzyOcr-3.5.1. > > It's saying there's no image files found. > > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 13, 2007 4:41 PM > To: Steve Pfister > Cc: users@spamassassin.apache.org > Subject: Re: FuzzyOcr - no image files found in samples? > > Steve Pfister wrote: > >> I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) >> on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out >> with the samples images, but I keep getting: >> >> >> >> [25404] dbg: FuzzyOcr: Starting FuzzyOcr... >> >> [25404] info: FuzzyOcr: Processing Message with ID "" >> ( -> ) >> >> [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... >> >> [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. >> >> >> >> And the log file just says: >> >> >> >> 2007-02-13 13:38:56 [26451] Processing Message with ID "> messageid>" ( -> ) >> >> >> >> What might I be missing? >> >> > Sounds like you're missing an email that the images are attached to. > > > > >
RE: ANTIDRUG rulesets
[EMAIL PROTECTED] says... > I believe there a way to use sa-update to get the SARE rules from > saupdates.openprotect.com. There's a good guide here: http://daryl.dostech.ca/sa-update/sare/sare- sa-update-howto.txt HTH -- A.
RE: FuzzyOcr - no image files found in samples?
Yes, it has the message Id that you gave. Line wraps look OK. Maybe I'll try and get a hold of my own test message. I get plenty of image spam. --Steve -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 5:38 PM To: Steve Pfister Cc: users@spamassassin.apache.org Subject: Re: FuzzyOcr - no image files found in samples? Interesting. What's odd is that FuzzyOCR calls it has having no messageid. Does any other part of the debug output indicate SA understands the message id/sender/recipients? Does the file itself contain a message-id header? ie: Message-ID: <[EMAIL PROTECTED]> Do the line-wraps look right, or are there bunches of ^M's everywhere indicating this was edited on a windows box? I'm largely trying to narrow in on where the problem lies. Is it a file problem, a SA problem, or a fuzzy OCR problem... Steve Pfister wrote: > Sorry... I guess I wasn't clear. I'm running: > > Spamassassin -tD < ocr-animated.eml > > In the samples directory of FuzzyOcr-3.5.1. > > It's saying there's no image files found. > > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 13, 2007 4:41 PM > To: Steve Pfister > Cc: users@spamassassin.apache.org > Subject: Re: FuzzyOcr - no image files found in samples? > > Steve Pfister wrote: > >> I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) >> on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out >> with the samples images, but I keep getting: >> >> >> >> [25404] dbg: FuzzyOcr: Starting FuzzyOcr... >> >> [25404] info: FuzzyOcr: Processing Message with ID "" >> ( -> ) >> >> [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... >> >> [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. >> >> >> >> And the log file just says: >> >> >> >> 2007-02-13 13:38:56 [26451] Processing Message with ID "> messageid>" ( -> ) >> >> >> >> What might I be missing? >> >> > Sounds like you're missing an email that the images are attached to. > > > > >
RE: FuzzyOcr - no image files found in samples?
I've just tried it with an actual spam message that I've extracted from my own mailbox. The message has a normal looking message id, but it still says no messageid/sender/recipient. --Steve -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 5:38 PM To: Steve Pfister Cc: users@spamassassin.apache.org Subject: Re: FuzzyOcr - no image files found in samples? Interesting. What's odd is that FuzzyOCR calls it has having no messageid. Does any other part of the debug output indicate SA understands the message id/sender/recipients? Does the file itself contain a message-id header? ie: Message-ID: <[EMAIL PROTECTED]> Do the line-wraps look right, or are there bunches of ^M's everywhere indicating this was edited on a windows box? I'm largely trying to narrow in on where the problem lies. Is it a file problem, a SA problem, or a fuzzy OCR problem... Steve Pfister wrote: > Sorry... I guess I wasn't clear. I'm running: > > Spamassassin -tD < ocr-animated.eml > > In the samples directory of FuzzyOcr-3.5.1. > > It's saying there's no image files found. > > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 13, 2007 4:41 PM > To: Steve Pfister > Cc: users@spamassassin.apache.org > Subject: Re: FuzzyOcr - no image files found in samples? > > Steve Pfister wrote: > >> I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) >> on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out >> with the samples images, but I keep getting: >> >> >> >> [25404] dbg: FuzzyOcr: Starting FuzzyOcr... >> >> [25404] info: FuzzyOcr: Processing Message with ID "" >> ( -> ) >> >> [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... >> >> [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. >> >> >> >> And the log file just says: >> >> >> >> 2007-02-13 13:38:56 [26451] Processing Message with ID "> messageid>" ( -> ) >> >> >> >> What might I be missing? >> >> > Sounds like you're missing an email that the images are attached to. > > > > >
RE: FuzzyOcr - no image files found in samples?
Sorry... forgot to mention that it's seeing incoming message and is listing messageids, senders, and recipients for those. I don't think it's successfully run FuzzyOcr on any of them yet, though. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 5:38 PM To: Steve Pfister Cc: users@spamassassin.apache.org Subject: Re: FuzzyOcr - no image files found in samples? Interesting. What's odd is that FuzzyOCR calls it has having no messageid. Does any other part of the debug output indicate SA understands the message id/sender/recipients? Does the file itself contain a message-id header? ie: Message-ID: <[EMAIL PROTECTED]> Do the line-wraps look right, or are there bunches of ^M's everywhere indicating this was edited on a windows box? I'm largely trying to narrow in on where the problem lies. Is it a file problem, a SA problem, or a fuzzy OCR problem... Steve Pfister wrote: > Sorry... I guess I wasn't clear. I'm running: > > Spamassassin -tD < ocr-animated.eml > > In the samples directory of FuzzyOcr-3.5.1. > > It's saying there's no image files found. > > -Original Message- > From: Matt Kettler [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 13, 2007 4:41 PM > To: Steve Pfister > Cc: users@spamassassin.apache.org > Subject: Re: FuzzyOcr - no image files found in samples? > > Steve Pfister wrote: > >> I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) >> on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out >> with the samples images, but I keep getting: >> >> >> >> [25404] dbg: FuzzyOcr: Starting FuzzyOcr... >> >> [25404] info: FuzzyOcr: Processing Message with ID "" >> ( -> ) >> >> [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... >> >> [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. >> >> >> >> And the log file just says: >> >> >> >> 2007-02-13 13:38:56 [26451] Processing Message with ID "> messageid>" ( -> ) >> >> >> >> What might I be missing? >> >> > Sounds like you're missing an email that the images are attached to. > > > > >
Re: MTA Search: Non contiguous ranges?
On Feb 13, 2007, at 13:41, Magnus Holmgren wrote: On Tuesday 13 February 2007 19:57, Dan wrote: I would like a Mail Transfer Agent recommendation. What's the best MTA, running on any platform, that will accept two or more thresholds (non-contiguous weight values) for treating messages as spam? Something like: 0-1 is ham 2-9 is spam 10 is ham 11-99 is spam Now I'm curious. How does that work? Please see my Feb 11th post - Find the Ham: A Prototype Config: http://www.nabble.com/Find-the-Ham:-A-Prototype-Config-t3210639.html Dan
Re: MTA Search: Non contiguous ranges?
Dan wrote: On Feb 13, 2007, at 13:41, Magnus Holmgren wrote: On Tuesday 13 February 2007 19:57, Dan wrote: I would like a Mail Transfer Agent recommendation. What's the best MTA, running on any platform, that will accept two or more thresholds (non-contiguous weight values) for treating messages as spam? Something like: 0-1 is ham 2-9 is spam 10 is ham 11-99 is spam Now I'm curious. How does that work? Please see my Feb 11th post - Find the Ham: A Prototype Config: http://www.nabble.com/Find-the-Ham:-A-Prototype-Config-t3210639.html Are there any MTA's that actually make this decision? It seems to me that what you're really looking for is something like procmail or a milter which is flexible enough to do what you want. It might be a little tricky to do in procmail, but I know that you could easily do something like that in MimeDefang (you'd just be writing perl code to analyze the score and/or rule profiles).
Remember Me? -> RememberMe.pm plugin
Hi,
I have been looking (as I described earlier) for a way to use variables
in the rules for a few days without lucky.
I tried to hack SA, mix with plugins and got to the conclusion that the
only way to do this was to reevaluates the rules (REs) on every new
message, which is a huge draw back.
So, I took a different approach. I kept it all on a plugin using 2 eval
options.
First is remember_me_header() which takes:
- a user defined variable name
- a header name (or pseudo header)
- a Regular Expression with matching parentheses.
The header name and the RE will work as header rule:
header FOO header_name =~ RE
The difference is that the parentheses in the RE, if matched, will be
stored in the user defined variable name.
E.G.
header RDNS eval:remember_me_header('rdns', 'X-Spam-Relays-External',
'/rdns=(.*)\s/')
will save the rdns value from the last (external) relay into a variable
named rdns. This gives the opportunity to reuse this value in a later
rule.
Multiples parentheses are supported and the /g modifier will iterate the
RE until it stops matching.
Multiple matchs are stores with a suffix _. So if the example
above had a /g, the rdns from the second relay (if existed) would be
rdns_1 .
In order to use this variables a second eval function is needed. in
this case it is check_remember_me_header(), which takes:
- a header name
- a RE using one or more matched variables
- an optional prefix character.
As before it works in the same way as:
header FOO header_name =~ RE
to especify one or more variables in the RE, use: %{variable_name} .
the % can be changed to another character optionally.
So, to match if the helo is the same as the rdns (my client break the
lines):
#get the rdns
header _RM_RELAY_RDNS eval:remember_me_header('rdns', \
'X-Spam-Relays-External', '/rdns=(.*?)\s/')
score _RM_RELAY_RDNS 0.01
#the checking
header RM_RELAY_HELO_MATCHES_RNDS eval:check_remember_me_header \
('X-Spam-Relays-External', '/helo=%{rdns}\s/')
describe RM_RELAY_HELO_MATCHES_RNDS Reverse DNS and HELO are the same.
score -0.1
The idea is that this will help some people to write (and share :) rules
with the need to write plugins (and learn to write or even perl).
This code is beta and only work on headers right now (if anyone would
like this on body, let me know).
I would like to see what do you guys think about the idea, problems,
enhancements.
-Raul Dias
RememberMe.pm
Description: Perl program
RE: FuzzyOcr - no image files found in samples?
What if you point directly to the .eml eg Spamassassin -tD < /this/is/the/directory/samples/ocr-animated.eml Just to be absolutely sure it is findingthe correct place?? Check permissions on the .eml, view it and see if it seems to have an image inside Just the usual I can suggest sorry Kind Regards, Philip Seccombe Turnstone Technologies NZ Limited Phone: +64 9 970 5550 Fax: +64 9 970 5559 DDI: +64 9 970 5552 Email: [EMAIL PROTECTED] Web: www.turnstone.co.nz -Original Message- From: Steve Pfister [mailto:[EMAIL PROTECTED] Sent: Wednesday, 14 February 2007 10:51 a.m. To: 'Matt Kettler' Cc: users@spamassassin.apache.org Subject: RE: FuzzyOcr - no image files found in samples? Sorry... I guess I wasn't clear. I'm running: Spamassassin -tD < ocr-animated.eml In the samples directory of FuzzyOcr-3.5.1. It's saying there's no image files found. -Original Message- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 13, 2007 4:41 PM To: Steve Pfister Cc: users@spamassassin.apache.org Subject: Re: FuzzyOcr - no image files found in samples? Steve Pfister wrote: > > I'm trying to install FuzzyOcr 3.51 (with patches for < 10.34 netpbm) > on RedHat Linux 9 with Spamassassin 3.1.7. I'm trying to test it out > with the samples images, but I keep getting: > > > > [25404] dbg: FuzzyOcr: Starting FuzzyOcr... > > [25404] info: FuzzyOcr: Processing Message with ID "" > ( -> ) > > [25404] dbg: FuzzyOcr: Skipping OCR, no image files found... > > [25404] dbg: FuzzyOcr: Processed in 0.001779 sec. > > > > And the log file just says: > > > > 2007-02-13 13:38:56 [26451] Processing Message with ID " messageid>" ( -> ) > > > > What might I be missing? > Sounds like you're missing an email that the images are attached to.
Re: Vbounce ruleset whitelist_bounce_relays
Steve [Spamassassin] wrote: > Justin Mason wrote: >> could you post an example of your config and the message you're testing >> with, in full? > OK in /etc/mail/spamassassin/local.cf > Received: by mail.mydomain.com (Postfix) id EFBE62E48F; Wed, 7 Feb > 2007 12:57:43 + (GMT) Nice.. A Received: header with no from clause. My guess is that the whitelist isn't working because it thinks this message came from nowhere at all. In an environment where your outbound SMTP server is also your MX, all bounce messages you get will be received by mail.mydomain.com, but only locally generated bounces will come from it.
Securitysage rhsbl down
my MTA is configured to block domains listed in securitysage but I cant see any hits lately Is blackhole.securitysage.com down ?? Thanks Ram
Re: Securitysage rhsbl down
On Wednesday 14 February 2007, Ramprasad wrote: >my MTA is configured to block domains listed in securitysage but I cant >see any hits lately >Is blackhole.securitysage.com down ?? > >Thanks >Ram According to my procmail.log, its down. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2007 by Maurice Eugene Heskett, all rights reserved.
