Re: Russian and Chinese spam rulesets?
In article [EMAIL PROTECTED], Eray Aslan [EMAIL PROTECTED] writes Some Russian and Chinese spam (especially Russian) is making its way to our users inboxes. We do business with those 2 countries. Consequently, lots of legitimate emails go back and forth so that I cannot just bump up the score for these 2 locales. We do use user submitted spam/ham emails for bayesian training but SA is still not as good as catching, say, English spam. Anyone know of any good rules sets for SA for determining spam for Russian and Chinese emails? This has always seemed pretty reliable for Chinese spam: http://www.ccert.edu.cn/spam/sa/Chinese_rules_en.htm They update quite regularly and I've not had any problems from using it. Although in fairness I don't handle a great deal of Chinese mail so greater volumes may get different results. Kevin
Annoying stocks scams
Hi List! I'm getting hit by a bunch of annoying stock scams which aren't found by any of my sare lists, they keep on scoring low. So I decided to write a custom rule, which seem to work pretty well for my case: body __HILO_STOCKS1 /(High|Low|Curr[e3]nt|Cur(r|\r.|r[e3]nt|\.)\ Price|Price)[\:\ \t]+\$[\d\ ]+?(.*)(Last|Low|Growth|High|Sale|Price)/i body __HILO_STOCKS2 /(hotlist|r[e3]cord|publicity|n[e3]ws|invest|incr[e3]as[e3]|[e3]xplosion|pric[e3]|high|pr[e3]mium|mark[e3]t|al[e3]rt|sym[b8]ol)/i meta HILO_STOCKS ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS Looks like stocks scam score HILO_STOCKS 3.5 It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : - if __HILO_STOCKS1 fires up, i would like to give the score maybe 0.5 - if __HILO_STOCKS2 matches as well together with __HILO_STOCKS2, make it 3.5 Any other comments on this rule? Thanks!
Re: Annoying stocks scams
[EMAIL PROTECTED] wrote: Hi List! I'm getting hit by a bunch of annoying stock scams which aren't found by any of my sare lists, they keep on scoring low. So I decided to write a custom rule, which seem to work pretty well for my case: body __HILO_STOCKS1 /(High|Low|Curr[e3]nt|Cur(r|\r.|r[e3]nt|\.)\ Price|Price)[\:\ \t]+\$[\d\ ]+?(.*)(Last|Low|Growth|High|Sale|Price)/i body __HILO_STOCKS2 /(hotlist|r[e3]cord|publicity|n[e3]ws|invest|incr[e3]as[e3]|[e3]xplosion|pric[e3]|high|pr[e3]mium|mark[e3]t|al[e3]rt|sym[b8]ol)/i meta HILO_STOCKS ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS Looks like stocks scam score HILO_STOCKS 3.5 It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : - if __HILO_STOCKS1 fires up, i would like to give the score maybe 0.5 - if __HILO_STOCKS2 matches as well together with __HILO_STOCKS2, make it 3.5 You could define: body HILO_STOCKS1 ... desc HILO_STOCKS1 ... score HILO_STOCKS1 ... body __HILO_STOCKS2 ... and create a meta meta HILO_STOCKS ( HILO_STOCKS1 __HILO_STOCKS2 ) You could also rename __HILO_STOCKS2 to HILO_STOCKS2 to make it a stand-alone rule..
How to whitelist mail lists?
Hi, several of my users have mail lists (such as Yahoo ones, or some other, at elsevier.com, or other scientific publications). I've been searching the web, trying to find a way to whitelist the messages from these lists. Could anyone point me some directions? Thanks in advance, Luis -- - GNU-GPL: May The Source Be With You... -
Re: How to whitelist mail lists?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luis Hernán Otegui wrote: Hi, several of my users have mail lists (such as Yahoo ones, or some other, at elsevier.com http://elsevier.com, or other scientific publications). I've been searching the web, trying to find a way to whitelist the messages from these lists. Could anyone point me some directions? Thanks in advance, Luis -- Look for the List-Id field such as: List-Id: Dans_CCCemails.yahoogroups.com As an example for if your call SA via procmail: :0fw * ! ^List-Id: Dans_CCCemails.yahoogroups.com * ! ^X-Spam-Checker-Version:.*iceman11 | /usr/bin/spamc -d IP ADDRESS -u spamass If the message does not contain that list id, and it hasn't already been scanned by our SA, then passit to SA. David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7YKd417vU8/9QfkRAlo6AJ9/M97mO6H/KhViklaqprojwmHJVQCgmFKa dVBuzm38UjcbidJbVLhUos0= =ilI/ -END PGP SIGNATURE-
RE: Annoying stocks scams
Sorry to mess up the thread, I lost the original -Original Message- From: Dhawal Doshy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 06, 2007 9:39 AM To: users@spamassassin.apache.org Subject: Re: Annoying stocks scams [EMAIL PROTECTED] wrote: Hi List! [ ... ] meta HILO_STOCKS ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS Looks like stocks scam score HILO_STOCKS 3.5 It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : - if __HILO_STOCKS1 fires up, i would like to give the score maybe 0.5 - if __HILO_STOCKS2 matches as well together with __HILO_STOCKS2, make it 3.5 [ ... ] Define two metas, the first one hits only when 1 is true and 2 is false The second hits when both are true. You have to use the negation for 2 In meta one or you would double dip whenever both are true. meta HILO_STOCKS_1 ( __HILO_STOCKS1 !__HILO_STOCKS2 ) meta HILO_STOCKS_2 ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS_1 Looks like stocks scam First Hit Only describe HILO_STOCKS_2 Looks like stocks scam Both Hit score HILO_STOCKS_1 0.5 score HILO_STOCKS_2 3.5 If you wanted to score the 0.5 whenever either 1 or 2 is true and the other is false meta HILO_STOCKS_1 ( (__HILO_STOCKS1 !__HILO_STOCKS2) || (!__HILO_STOCKS1 __HILO_STOCKS2) ) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Annoying stocks scams
Rick Cooper wrote: Sorry to mess up the thread, I lost the original -Original Message- From: Dhawal Doshy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 06, 2007 9:39 AM To: users@spamassassin.apache.org Subject: Re: Annoying stocks scams [EMAIL PROTECTED] wrote: Hi List! [ ... ] meta HILO_STOCKS ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS Looks like stocks scam score HILO_STOCKS 3.5 It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : - if __HILO_STOCKS1 fires up, i would like to give the score maybe 0.5 - if __HILO_STOCKS2 matches as well together with __HILO_STOCKS2, make it 3.5 [ ... ] Define two metas, the first one hits only when 1 is true and 2 is false The second hits when both are true. You have to use the negation for 2 In meta one or you would double dip whenever both are true. meta HILO_STOCKS_1 ( __HILO_STOCKS1 !__HILO_STOCKS2 ) meta HILO_STOCKS_2 ( __HILO_STOCKS1 __HILO_STOCKS2 ) describe HILO_STOCKS_1 Looks like stocks scam First Hit Only describe HILO_STOCKS_2 Looks like stocks scam Both Hit score HILO_STOCKS_1 0.5 score HILO_STOCKS_2 3.5 If you wanted to score the 0.5 whenever either 1 or 2 is true and the other is false meta HILO_STOCKS_1 ( (__HILO_STOCKS1 !__HILO_STOCKS2) || (!__HILO_STOCKS1 __HILO_STOCKS2) ) Hi Rick, Though this looks simpler, you are effectively adding an extra meta.. you could simply replicate the AND/OR effect by modifying the scores. body HILO_STOCKS_1 whatever1 body __HILO_STOCKS_2 whatever2 meta HILO_STOCKS ( HILO_STOCKS1 __HILO_STOCKS2 ) score HILO_STOCKS_1 0.5 score HILO_STOCKS 3.0 Only HILO_STOCKS_1 == 0.5 Only __HILO_STOCKS2 == Nothing Both == 0.5 + 3.0 Though i'm not sure how much overhead one extra meta will have??
Re: How to whitelist mail lists?
OK, but the point is that I run SA trough AMaViS, so procmail recipes aren't the answer. Thanks a lot, I suppose I should create some type of whitelist in AMaViS to avoid SA. Luis 2007/3/6, David Goldsmith [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luis Hernán Otegui wrote: Hi, several of my users have mail lists (such as Yahoo ones, or some other, at elsevier.com http://elsevier.com, or other scientific publications). I've been searching the web, trying to find a way to whitelist the messages from these lists. Could anyone point me some directions? Thanks in advance, Luis -- Look for the List-Id field such as: List-Id: Dans_CCCemails.yahoogroups.com As an example for if your call SA via procmail: :0fw * ! ^List-Id: Dans_CCCemails.yahoogroups.com * ! ^X-Spam-Checker-Version:.*iceman11 | /usr/bin/spamc -d IP ADDRESS -u spamass If the message does not contain that list id, and it hasn't already been scanned by our SA, then passit to SA. David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7YKd417vU8/9QfkRAlo6AJ9/M97mO6H/KhViklaqprojwmHJVQCgmFKa dVBuzm38UjcbidJbVLhUos0= =ilI/ -END PGP SIGNATURE- -- - GNU-GPL: May The Source Be With You... -
Bayes and Upgrade
Like many.I am a Noob to SpamAssasin. I just upgraded to 3.1.8 (first time performing an upgrade and all went well) and have a simple question I was unable to find an answer to on the website: Do I need to retrain Bayes after a version Upgrade? Version: Upgraded 3.1.7 to 3.1.8 Platform: Windows 2000 Server (Using Christopher Lewis's AWESOME sink)
Re: Bayes and Upgrade
On Tue, Mar 06, 2007 at 09:49:28AM -0600, [EMAIL PROTECTED] wrote: Like many.I am a Noob to SpamAssasin. I just upgraded to 3.1.8 (first time performing an upgrade and all went well) and have a simple question I was unable to find an answer to on the website: Do I need to retrain Bayes after a version Upgrade? No. Especially not for a maintenance release upgrade (major.minor.maintenance). pgp3k715ylNAd.pgp Description: PGP signature
Re: Bayes and Upgrade
Heute (06.03.2007/16:49 Uhr) schrieb [EMAIL PROTECTED], Like many.I am a Noob to SpamAssasin. I just upgraded to 3.1.8 (first time performing an upgrade and all went well) and have a simple question I was unable to find an answer to on the website: Do I need to retrain Bayes after a version Upgrade? no, not needed Version: Upgraded 3.1.7 to 3.1.8 -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Erfolg steigt nur zu Kopf, wenn dort der erforderliche Hohlraum vorhanden ist. (Manfred Hinrich) -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2098 Build 9212 06.03.2007
RE: Bayes and Upgrade
F: Theo Van Dinter No. Especially not for a maintenance release upgrade (major.minor.maintenance). Hm Will we need to retrain for the upcoming 3.2.0 ? Im not sure if that is considered major or not -- Robert - Abba Communications http://www.abbacomm.net/
Re: auto-learn learned_points
ram01 wrote: auto-learn? no: scored as spam but learner indicated ham is given if if ($learned_points $learner_said_ham_points)where $learner_said_ham_points = -1.0 what exactly is learned_points It is a recalculation of the message score, based on the following changes from the normal score calculation: 1) All userconf tests disabled. ie: whitelist/blacklists. This is to prevent an errant whitelist_from from poisoning the autolearning. 2) All learning subsystems are disabled, ie: bayes and AWL. This is to prevent self feedback. 3) The score set is changed, because bayes is disabled.
Re: Bayes and Upgrade
R Lists06 writes: No. Especially not for a maintenance release upgrade (major.minor.maintenance). Hm Will we need to retrain for the upcoming 3.2.0 ? Im not sure if that is considered major or not it's pretty major, but retraining won't be required. Don't worry; if retraining *is* required, it'll be top of the Important Notes list in the UPGRADE file. --j.
Spamhaus Tests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some questions: 1. RCVD_IN_XBL Why is this only applied by default to -lastexternal rather than all the Received: lines? Surely if any forwarding host is a known exploit, it should score the same 3.897 ? 2. RCVD_IN_PBL This is (IMHO) correctly applied to -lastexternal. Why is the default score only 0.001 ? 3. -lastexternal The docs for this flag say, You can select only the external host that connected to your internal network. Does this mean that trusted_networks is ignored for this flag and I would need to put the secondary MXs' IP addresses into internal_networks instead. 4. Lists Is this the right place or should I have posted this to the dev list instead? Many thanks, Cliff. - -- Cliff Stanford Might Limited +44 845 0045 666 (Office) Suite 67, Dorset House +44 7973 616 666 (Mobile) Duke Street, Chelmsford, CM1 1TB -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7Zl6fNTx9pWyKfwRAnxFAJ42+uaxKVd9y764iMHUX6Tc6HmhvACcDVK5 liMuRvQlu3/S2NMsGjZfsPw= =v7sQ -END PGP SIGNATURE-
Not Enough Points
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is how this message scored: X-Spam-DCC: PacNet-SG: iceman11.giac.net 1358; Body=65 Fuz1=65 Fuz2=51 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on iceman11.giac.net X-Spam-Level: *** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_99,HTML_90_100, HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,PLING_PLING autolearn=no version=3.1.8 X-Spam-Pyzor: Reported 0 times. X-Spam-Report: * 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME * headers * 0.3 PLING_PLING Subject has lots of exclamation marks Here is a URL for the message: http://members.cox.net/dgoldsmi/spam/lowscore02a.eml Maybe I just got lucky and was an early recipient of it. None of the message hash sites have seen it enough yet to assign points. Does this message break 5.0 points for anyone? David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7aXa417vU8/9QfkRAvXbAKClnfNGXJ7+Mkl+rWvNMgMtk5aRYQCgmotU nIs5jZZjvjdb0PzohvFZJbk= =RCUf -END PGP SIGNATURE-
Re: [2] auto-learn learned_points
Thanks for the reply, but I think that you are referring to autolearn_points. As computed in PerMsgStatus.pm and is used in AutoLearningThreshold.pm. They are computed in the same function but they are not the same. Notice that in the get_autolearn_points autolearn_points is $score where learned points is $self-{learned_points} += $self-{conf}-{scoreset}-[$orig_scoreset]-{$test}; which is inside a loop and a conditional. I am not very familiar with perl and was kind of lost in the syntactics of the for and the if, but I assume that += means the same as in say c/c++ so this is some kind of cumulative sum of something. On one run of sa-learn in debug mode I got the following numbers back: [28135] dbg: learn: auto-learn: currently using scoreset 3, recomputing score based on scoreset 1 [28135] dbg: learn: auto-learn: message score: 10.955, computed score for autolearn: 12.011 [28135] dbg: learn: auto-learn? ham=12, spam=1, body-points=0, head-points=10.813, learned-points=-2.599 so it is definitely not the same score, but what is it? here's a snippet of AutoLearnThreshold.pm sub autolearn_discriminator { my ($self, $params) = @_; my $scan = $params-{permsgstatus}; my $conf = $scan-{conf}; # Figure out min/max for autolearning. # Default to specified auto_learn_threshold settings my $min = $conf-{bayes_auto_learn_threshold_nonspam}; my $max = $conf-{bayes_auto_learn_threshold_spam}; # Find out what score we should consider this message to have ... my $score = $scan-get_autolearn_points(); my $body_only_points = $scan-get_body_only_points(); my $head_only_points = $scan-get_head_only_points(); my $learned_points = $scan-get_learned_points(); dbg(learn: auto-learn? ham=$min, spam=$max, . body-points=.$body_only_points., . head-points=.$head_only_points., . learned-points=.$learned_points); my $isspam; if ($score $min) { $isspam = 0; } elsif ($score = $max) { $isspam = 1; } else { dbg(learn: auto-learn? no: inside auto-learn thresholds, not considered ham or spam); return; } my $learner_said_ham_points = -1.0; my $learner_said_spam_points = 1.0; if ($isspam) { my $required_body_points = 3; my $required_head_points = 3; if ($body_only_points $required_body_points) { dbg(learn: auto-learn? no: scored as spam but too few body points (. $body_only_points. .$required_body_points.)); return; } if ($head_only_points $required_head_points) { dbg(learn: auto-learn? no: scored as spam but too few head points (. $head_only_points. .$required_head_points.)); return; } if ($learned_points $learner_said_ham_points) { dbg(learn: auto-learn? no: scored as spam but learner indicated ham (. $learned_points. .$learner_said_ham_points.)); return; } if (!$scan-is_spam()) { dbg(learn: auto-learn? no: scored as ham but autolearn wanted spam); return; } } else { if ($learned_points $learner_said_spam_points) { dbg(learn: auto-learn? no: scored as ham but learner indicated spam (. $learned_points. .$learner_said_spam_points.)); return; } if ($scan-is_spam()) { dbg(learn: auto-learn? no: scored as spam but autolearn wanted ham); return; } } dbg(learn: auto-learn? yes, .($isspam?spam ($score $max):ham ($score $min))); return $isspam; } here's a snippet of PerMsgStatus.pm sub _get_autolearn_points { my ($self) = @_; return if (exists $self-{autolearn_points}); # ensure it only gets computed once, even if we return early $self-{autolearn_points} = 0; # This function needs to use use sum($score[scoreset % 2]) not just {score}. # otherwise we shift what we autolearn on and it gets really wierd. - tvd my $orig_scoreset = $self-{conf}-get_score_set(); my $new_scoreset = $orig_scoreset; my $scores = $self-{conf}-{scores}; if (($orig_scoreset 2) == 0) { # we don't need to recompute dbg(learn: auto-learn: currently using scoreset $orig_scoreset); } else { $new_scoreset = $orig_scoreset ~2; dbg(learn: auto-learn: currently using scoreset $orig_scoreset, recomputing score based on scoreset $new_scoreset); $scores = $self-{conf}-{scoreset}-[$new_scoreset]; } my $tflags = $self-{conf}-{tflags}; my $points = 0; # Just in case this function is called multiple times, clear out the # previous calculated values $self-{learned_points} = 0; $self-{body_only_points} = 0; $self-{head_only_points} = 0; foreach my $test (@{$self-{test_names_hit}}) { # According to the documentation, noautolearn, userconf, and learn # rules are ignored for autolearning. if (exists $tflags-{$test}) { next if $tflags-{$test} =~ /\bnoautolearn\b/; next if $tflags-{$test} =~ /\buserconf\b/; # Keep track of the learn points for an additional
Re: Not Enough Points
David Goldsmith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is how this message scored: X-Spam-DCC: PacNet-SG: iceman11.giac.net 1358; Body=65 Fuz1=65 Fuz2=51 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on iceman11.giac.net X-Spam-Level: *** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_99,HTML_90_100, HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,PLING_PLING autolearn=no version=3.1.8 X-Spam-Pyzor: Reported 0 times. X-Spam-Report: * 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME * headers * 0.3 PLING_PLING Subject has lots of exclamation marks Here is a URL for the message: http://members.cox.net/dgoldsmi/spam/lowscore02a.eml Maybe I just got lucky and was an early recipient of it. None of the message hash sites have seen it enough yet to assign points. Does this message break 5.0 points for anyone? Yep - Content analysis details: (9.8 points, 5.0 required) pts rule name description -- -- 1.1 HTML_IMAGE_RATIO_04BODY: HTML has a low ratio of text to image area 0.1 HTML_MESSAGE BODY: HTML included in message 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.2 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers 0.7 PLING_PLINGSubject has lots of exclamation marks Still rocking SA 2.64 with incredible results ;) -Jim
Re: Spamassassin filter files? / Oh, i forgot
No i don't have qmail-scanner installed... I wish to use http://untroubled.org/qmail-qfilter/ Anyone has any experience witht qmail-qfilter? Thanks. Mário Gamito [EMAIL PROTECTED] escribió: You have to have qmail-scanner installed. I suppose you do. -- Mário Gamito Mário Gamito wrote: night duke wrote: Hi i wish to know if it's possible to filter on email files like .mp3 .exe .vbs .scr .com .pif etc... with spamassassin? Yes, it's possible. Let's say you want to block .exe files. Edit file /var/spool/qmailscan/quarantine-attachments.txt and insert the line .exe 0 You van filter for subject: I am.*Bad Or for RCPT TO and MAIL FROM from the message header: [EMAIL PROTECTED] Virus-MAILFROM: You're blocked. This prevents messages from [EMAIL PROTECTED] arriving Hope it helps. Warm Regards, Mário Gamito - LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com
NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. SpamAssassin is a mail filter which uses advanced statistical and heuristic tests to identify spam (also known as unsolicited bulk email). Highlights of the release - (TODO ;) Downloading --- http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-pre2.tar.bz2 http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-pre2.tar.gz http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-pre2.zip md5sum of archive files: b530e3b3b828cc0fbe8ee738a300dcef Mail-SpamAssassin-3.2.0-pre2.tar.bz2 5c84180b188f2dde9bb6ff5e11bf35e6 Mail-SpamAssassin-3.2.0-pre2.tar.gz 9b5d4a335b18ef49103e81e04df1df4e Mail-SpamAssassin-3.2.0-pre2.zip sha1sum of archive files: 99080918fe4d194923a672443c49a14473310b34 Mail-SpamAssassin-3.2.0-pre2.tar.bz2 9878e61bd3f9fc90903ac5840b5dd61cffe94400 Mail-SpamAssassin-3.2.0-pre2.tar.gz f65c4bf5ea09d5e887bef0ca1d851d1ad8b45698 Mail-SpamAssassin-3.2.0-pre2.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] Key fingerprint =3D 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B Important installation notes - see the INSTALL and UPGRADE files in the distribution. Summary of major changes since 3.1.x (TODO ;)
Re: Not Enough Points
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: David Goldsmith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is how this message scored: X-Spam-DCC: PacNet-SG: iceman11.giac.net 1358; Body=65 Fuz1=65 Fuz2=51 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on iceman11.giac.net X-Spam-Level: *** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_99,HTML_90_100, HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,PLING_PLING autolearn=no version=3.1.8 X-Spam-Pyzor: Reported 0 times. X-Spam-Report: * 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME * headers * 0.3 PLING_PLING Subject has lots of exclamation marks Here is a URL for the message: http://members.cox.net/dgoldsmi/spam/lowscore02a.eml Maybe I just got lucky and was an early recipient of it. None of the message hash sites have seen it enough yet to assign points. Does this message break 5.0 points for anyone? Yep - Content analysis details: (9.8 points, 5.0 required) pts rule name description -- -- 1.1 HTML_IMAGE_RATIO_04BODY: HTML has a low ratio of text to image area 0.1 HTML_MESSAGE BODY: HTML included in message 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.2 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers 0.7 PLING_PLINGSubject has lots of exclamation marks Still rocking SA 2.64 with incredible results ;) -Jim Ok, so my SA 3.1.8 install with the latest rules via sa-update has: # grep HTML_IMAGE_RATIO_04 * 20_html_tests.cf:body HTML_IMAGE_RATIO_04 eval:html_image_ratio('0.002','0.004') 20_html_tests.cf:describe HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area 50_scores.cf:score HTML_IMAGE_RATIO_04 0.877 0 1.057 0 but it apparently does not trip this. We both have MIME_HTML_ONLY, MIME_HEADER_CTYPE_ONLY and PLING_PLING but you have higher scores for all three. I have HTML_MESSAGE and HTML_90_100 which correlate to your HTML_MESSAGE rule and score. You have a higher BAYES_99 score. Your scores for MIME_HTML_ONLY, MIME_HEADER_CTYPE_ONLY, PLING_PLING and BAYES_99 -- are they the default values from SA 2.64 or have you increased them? I ran the message through spamassassin -D but do not see anything in the debug output relating to html_image_ratio. David Goldsmith -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF7a6a417vU8/9QfkRAjBgAJwKMnWApQFaGuWVSPvsuDeJUn8cEACff2GX E2GnKTKP/9bvGQZZIm1QmfU= =/xIN -END PGP SIGNATURE-
Re: Not Enough Points
David Goldsmith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Maul wrote: David Goldsmith wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is how this message scored: X-Spam-DCC: PacNet-SG: iceman11.giac.net 1358; Body=65 Fuz1=65 Fuz2=51 X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on iceman11.giac.net X-Spam-Level: *** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_99,HTML_90_100, HTML_MESSAGE,MIME_HEADER_CTYPE_ONLY,MIME_HTML_ONLY,PLING_PLING autolearn=no version=3.1.8 X-Spam-Pyzor: Reported 0 times. X-Spam-Report: * 0.1 HTML_90_100 BODY: Message is 90% to 100% HTML * 0.0 HTML_MESSAGE BODY: HTML included in message * 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% * [score: 1.] * 0.0 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME * headers * 0.3 PLING_PLING Subject has lots of exclamation marks Here is a URL for the message: http://members.cox.net/dgoldsmi/spam/lowscore02a.eml Maybe I just got lucky and was an early recipient of it. None of the message hash sites have seen it enough yet to assign points. Does this message break 5.0 points for anyone? Yep - Content analysis details: (9.8 points, 5.0 required) pts rule name description -- -- 1.1 HTML_IMAGE_RATIO_04BODY: HTML has a low ratio of text to image area 0.1 HTML_MESSAGE BODY: HTML included in message 5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.] 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 2.2 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME headers 0.7 PLING_PLINGSubject has lots of exclamation marks Still rocking SA 2.64 with incredible results ;) -Jim Ok, so my SA 3.1.8 install with the latest rules via sa-update has: # grep HTML_IMAGE_RATIO_04 * 20_html_tests.cf:body HTML_IMAGE_RATIO_04 eval:html_image_ratio('0.002','0.004') 20_html_tests.cf:describe HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area 50_scores.cf:score HTML_IMAGE_RATIO_04 0.877 0 1.057 0 but it apparently does not trip this. We both have MIME_HTML_ONLY, MIME_HEADER_CTYPE_ONLY and PLING_PLING but you have higher scores for all three. I have HTML_MESSAGE and HTML_90_100 which correlate to your HTML_MESSAGE rule and score. You have a higher BAYES_99 score. Your scores for MIME_HTML_ONLY, MIME_HEADER_CTYPE_ONLY, PLING_PLING and BAYES_99 -- are they the default values from SA 2.64 or have you increased them? I have increased my bayes scores because of the high accuracy of my bayes database. BAYES_99 alone is enough to push spam over my 5.0 threshold. All other scores are stock for 2.64. -Jim
Re: Annoying stocks scams
On 3/6/2007 5:30 AM, [EMAIL PROTECTED] wrote: It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : my local rules use combinations. any message that hits AT LEAST one rule gets the L_STOCKS_1 match. messages that hit more than one ALSO get a separate score, in addition to L_STOCKS_1: metaL_STOCKS_1 (__L_STOCKS_01 || __L_STOCKS_02 || __L_STOCKS_03 || __L_STOCKS_04 || __L_STOCKS_05 || __L_STOCKS_06 || __L_STOCKS_07 || __L_STOCKS_08 || __L_STOCKS_09 || __L_STOCKS_10 || __L_STOCKS_11 || __L_STOCKS_12 || __L_STOCKS_13 || __L_STOCKS_14 || __L_STOCKS_15 || __L_STOCKS_16 || __L_STOCKS_17 || __L_STOCKS_18 || __L_STOCKS_19 || __L_STOCKS_20 || __L_STOCKS_21 || __L_STOCKS_22 || __L_STOCKS_23 || __L_STOCKS_24 || __L_STOCKS_25 || __L_STOCKS_26 || __L_STOCKS_27 ) describeL_STOCKS_1 One or more stock markers score L_STOCKS_1 1.0 metaL_STOCKS_2 (( __L_STOCKS_01 + __L_STOCKS_02 + __L_STOCKS_03 + __L_STOCKS_04 + __L_STOCKS_05 + __L_STOCKS_06 + __L_STOCKS_07 + __L_STOCKS_08 + __L_STOCKS_09 + __L_STOCKS_10 + __L_STOCKS_11 + __L_STOCKS_12 + __L_STOCKS_13 + __L_STOCKS_14 + __L_STOCKS_15 + __L_STOCKS_16 + __L_STOCKS_17 + __L_STOCKS_18 + __L_STOCKS_19 + __L_STOCKS_20 + __L_STOCKS_21 + __L_STOCKS_22 + __L_STOCKS_23 + __L_STOCKS_24 + __L_STOCKS_25 + __L_STOCKS_26 + __L_STOCKS_27 ) == 2) describeL_STOCKS_2 Two stock markers score L_STOCKS_2 4.0 metaL_STOCKS_3 (( __L_STOCKS_01 + __L_STOCKS_02 + __L_STOCKS_03 + __L_STOCKS_04 + __L_STOCKS_05 + __L_STOCKS_06 + __L_STOCKS_07 + __L_STOCKS_08 + __L_STOCKS_09 + __L_STOCKS_10 + __L_STOCKS_11 + __L_STOCKS_12 + __L_STOCKS_13 + __L_STOCKS_14 + __L_STOCKS_15 + __L_STOCKS_16 + __L_STOCKS_17 + __L_STOCKS_18 + __L_STOCKS_19 + __L_STOCKS_20 + __L_STOCKS_21 + __L_STOCKS_22 + __L_STOCKS_23 + __L_STOCKS_24 + __L_STOCKS_25 + __L_STOCKS_26 + __L_STOCKS_27 ) == 3) describeL_STOCKS_3 Three stock markers score L_STOCKS_3 9.0 metaL_STOCKS_4 (( __L_STOCKS_01 + __L_STOCKS_02 + __L_STOCKS_03 + __L_STOCKS_04 + __L_STOCKS_05 + __L_STOCKS_06 + __L_STOCKS_07 + __L_STOCKS_08 + __L_STOCKS_09 + __L_STOCKS_10 + __L_STOCKS_11 + __L_STOCKS_12 + __L_STOCKS_13 + __L_STOCKS_14 + __L_STOCKS_15 + __L_STOCKS_16 + __L_STOCKS_17 + __L_STOCKS_18 + __L_STOCKS_19 + __L_STOCKS_20 + __L_STOCKS_21 + __L_STOCKS_22 + __L_STOCKS_23 + __L_STOCKS_24 + __L_STOCKS_25 + __L_STOCKS_26 + __L_STOCKS_27 ) 3) describeL_STOCKS_4 Four or more stock markers score L_STOCKS_4 20.0 My scores are high because I have some mail accounts on other networks that are lightly whitelisted and I need to hit the spams that come from there. Do not use those scores or else you will fry mailing lists etc.
PNG graphics
Does anyone have a rule for a message that contains PNG graphics either inline or attached? Thanks Bryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. -
Re: PNG graphics
On Tue, Mar 06, 2007 at 12:29:47PM -0600, bryan haase wrote: Does anyone have a rule for a message that contains PNG graphics either inline or attached? How are those different? -- Randomly Selected Tagline: Meanwhile the US military officials are looking for their next target in the war on terrorism. Today President Bush restated his commitment to the war on terror, saying, You're either with us, or against us, or, in the case of Saudi Arabia, both.- Bill Maher pgpTVPQFDQXA3.pgp Description: PGP signature
[Fwd: Re: *****POSIBLE SPAM***** Re: Annoying stocks scams]
please suspend this users mailing list account ---BeginMessage--- Mensaje Automatico *** Este usuario no se encuentra operativo, para cualquier asunto le ruego se pongan en contacto con Leandro Gayango [EMAIL PROTECTED] *** ehall 03/06/07 19:24 Spam detection software, running on the system vm-antispam2.mpsistemas.es, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: On 3/6/2007 5:30 AM, [EMAIL PROTECTED] wrote: It's my first meta rule, which only gives a score if both conditions are true, and I was wondering if there's a possibility to make the score more intelligent : [...] Content analysis details: (5.1 points, 4.0 required) pts rule name description -- -- 1.0 MY_DSL I could use a BL for this. 0.5 NO_RDNSSending MTA has no reverse DNS (Postfix variant) 0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in headers 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% [score: 0.5000] 2.0 RATWR10_MESSID Message-ID has ratware pattern (HEXHEX.HEXHEX@) 0.4 UPPERCASE_50_75message body is 50-75% uppercase 0.0 NO_RDNS2 Sending MTA has no reverse DNS 1.0 RCVD_IN_SORBS RCVD_IN_SORBS ---End Message---
Re: How to whitelist mail lists?
On Mar 6, 2007, at 10:37 AM, Luis Hernán Otegui wrote: OK, but the point is that I run SA trough AMaViS, so procmail recipes aren't the answer. Thanks a lot, I suppose I should create some type of whitelist in AMaViS to avoid SA. amavisd-new has several whitelisting options. first you have to identify the common part, such as the sender address or sender domain, etc., then use that for creating your whitelist. smime.p7s Description: S/MIME cryptographic signature
[OT] How to deal with SPF_FAIL ?
I was thinking about adding spf checking support directly in the MTA. This would allow messages that fail spf to be instantly blocked. However, I noticed that many maillists (sourceforge's ones included) set the MAIL FROM to the original sender address. If the senders domain is spf enabled, it will generate an SPF_FAIL error. Also, many webservices (like contact forms, php generated messages) forge the sender address (usually to the recipients address). How do you guys deal with this? 1 - Dont enable spf at mta level (leave it to SA) 2 - Enable spf at MTA, but keep monitoring and whitelisting broken sender. 3 - Something else. -Raul Dias
Re: How to whitelist mail lists?
Luis Hernán Otegui wrote: OK, but the point is that I run SA trough AMaViS, so procmail recipes aren't the answer. Thanks a lot, I suppose I should create some type of whitelist in AMaViS to avoid SA. Yes an example for bypass THIS list with amavisd, I've postet here in Feb. 06 search the archive: http://wiki.apache.org/spamassassin/MailingLists Subject Re: Bypass SA Was: DO NOT Filter this list!!! Ciao Marco!
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Looks fine, runs also under amavisd-new cleanly (after having to remove some stale rule scores in my local.cf of course to make a --lint happy). An updated DKIM plugin patch is now in the bug tracker: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5332 Thanks for your efforts! Mark
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
Mark Martinec writes: SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Looks fine, runs also under amavisd-new cleanly (after having to remove some stale rule scores in my local.cf of course to make a --lint happy). An updated DKIM plugin patch is now in the bug tracker: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5332 Thanks for your efforts! And thanks for the patch and feedback ;) --j.
domain has been refused (why?)
I have a client who complains that one of their own clients cannot send mail to them. The sender has performed a simple SMTP transmission and receives the following error: SMTP Error 4570: Illegal response to the sender(550): 550 5.7.1 H:MXBSMTP client IPConnection refused to due abuse I realize this is a generic MTA question but I figured some may want to comment since it may be a spam abuse issue. I have gone to dnsstuff.com and checked the sender IP and all is well. PM
Re: domain has been refused (why?)
Peter wrote: I have a client who complains that one of their own clients cannot send mail to them. The sender has performed a simple SMTP transmission and receives the following error: SMTP Error 4570: Illegal response to the sender(550): 550 5.7.1 H:MXBSMTP client IPConnection refused to due abuse I realize this is a generic MTA question but I figured some may want to comment since it may be a spam abuse issue. I have gone to dnsstuff.com and checked the sender IP and all is well. PM It sounds like someone has setup a rule at the MTA level to block that IP or netblock. If it's a private DNSBL it won't appear in most of your public checks -- Mr Michele Neylon Blacknight Solutions Hosting Colocation, Brand Protection http://www.blacknight.ie/ http://blog.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Fax. +353 (0) 59 9164239
Re: domain has been refused (why?)
On Tue, 6 Mar 2007, Peter wrote: I have a client who complains that one of their own clients cannot send mail to them. The sender has performed a simple SMTP transmission and receives the following error: SMTP Error 4570: Illegal response to the sender(550): 550 5.7.1 H:MXBSMTP client IPConnection refused to due abuse I realize this is a generic MTA question but I figured some may want to comment since it may be a spam abuse issue. I have gone to dnsstuff.com and checked the sender IP and all is well. What MTA is your client using? Given the grammar of the error message, it smells like a local config (e.g. something in /etc/mail/access if they're using sendmail) that's returning a hard fail with a custom error message. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Failure to plan ahead on someone else's part does not constitute an emergency on my part. -- David W. Barts in a.s.r --- 5 days until Daylight Saving Time begins in U.S. - Spring Forward
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
Gestern (06.03.2007/15:09 Uhr) schrieb Justin Mason, SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Actual there a little bit changed with trusted network? My local.cf included # Trusted clear_trusted_networks trusted_networks 127/8 # Internal clear_internal_networks internal_networks 127/8 and this getting by --lint [15519] warn: netset: cannot include 127/8 as it has already been included [15519] warn: netset: cannot include 127/8 as it has already been included -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Als Mensch kann man vernünftig denken und trotzdem unsinnig handeln. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2099 Build 9215 06.03.2007
RE: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Phil -Original Message- From: Jim Knuth [mailto:[EMAIL PROTECTED] Sent: 07 March 2007 00:12 To: Justin Mason Cc: dev@spamassassin.apache.org; users@spamassassin.apache.org Subject: Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available Gestern (06.03.2007/15:09 Uhr) schrieb Justin Mason, SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Actual there a little bit changed with trusted network? My local.cf included # Trusted clear_trusted_networks trusted_networks 127/8 # Internal clear_internal_networks internal_networks 127/8 and this getting by --lint [15519] warn: netset: cannot include 127/8 as it has already been included [15519] warn: netset: cannot include 127/8 as it has already been included -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Als Mensch kann man vernünftig denken und trotzdem unsinnig handeln. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2099 Build 9215 06.03.2007
User or Admin?
Hello all! I have a shared hosting account. My host has Exim installed as the mail server and has SA installed. I have three domains (1 for personal use and 2 for small businesses--one man operations). Should I be looking at the docs written for users or for admins? If I use Bayesian filtering (I want to), will other users of my host's system affect SA's learning? Or will it only read MINE? If I can allow it to include other users training but have that carry a lower weight in the decision process then that's what I'd like to do. But I don't want the fact that someone else identified something as spam to carry as much weight as MY identifying something as spam. Should I be creating a special directory for SA to learn from me? Last night I got my account set up to learn from ham/spam folders under IMAP (using a PHP script and Cron). Now I just need to make sure it learns properly. Also when the host updates SA, will I need to re-train SA? I've read that minor or maintenance updates don't need retrained, but what about major upgrades? If so, will SA just stop working? Or will I just start receiving more spam until I get it re-trained again? Thx! Don Ireland
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
Heute (07.03.2007/01:42 Uhr) schrieb Randal, Phil, 127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Thank you. I have only asked because I could read nothing in the Changes. Phil -Original Message- From: Jim Knuth [mailto:[EMAIL PROTECTED] Sent: 07 March 2007 00:12 To: Justin Mason Cc: dev@spamassassin.apache.org; users@spamassassin.apache.org Subject: Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available Gestern (06.03.2007/15:09 Uhr) schrieb Justin Mason, SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Actual there a little bit changed with trusted network? My local.cf included # Trusted clear_trusted_networks trusted_networks 127/8 # Internal clear_internal_networks internal_networks 127/8 and this getting by --lint [15519] warn: netset: cannot include 127/8 as it has already been included [15519] warn: netset: cannot include 127/8 as it has already been included -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Ein guter Spruch ist die Wahrheit eines ganzen Buches in einem einzigen Satz. (Theodor Fontane) -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2099 Build 9215 06.03.2007
RE: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Phil Are you saying we should remove the entry 127.0.0.1 from the trusted_networks ? What about if in the internal_networks entry ? Is this for 3.2.0 only or is it in 3.1.8 too? Isn't this somewhat confusing? There are cases where it isn't necessary to run SMTP or even the same MTA/smtp service on 127.0.0.1 etc... - rh -- Robert - Abba Communications http://www.abbacomm.net/
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
Heute (07.03.2007/02:26 Uhr) schrieb R Lists06, 127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Phil Are you saying we should remove the entry 127.0.0.1 from the trusted_networks ? What about if in the internal_networks entry ? Is this for 3.2.0 only or is it in 3.1.8 too? I think it is only for 3.2.0. In 3.1.8 was this ok. But the maintainers knowing these better. ;) Isn't this somewhat confusing? There are cases where it isn't necessary to run SMTP or even the same MTA/smtp service on 127.0.0.1 etc... - rh -- Robert - Abba Communications http://www.abbacomm.net/ -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Eskimos haben Hunderte von Worten für Eis, aber keines für Hallo. -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2099 Build 9215 06.03.2007
Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available
Heute (07.03.2007/01:42 Uhr) schrieb Randal, Phil, 127/8 is now always trusted. Remove that trusted_networks 127/8 line and all should be well. Are then still other changes, which are not explained in Changes or INSTALL? Phil -Original Message- From: Jim Knuth [mailto:[EMAIL PROTECTED] Sent: 07 March 2007 00:12 To: Justin Mason Cc: dev@spamassassin.apache.org; users@spamassassin.apache.org Subject: Re: NOTICE: SpamAssassin 3.2.0-pre2 PRERELEASE available Gestern (06.03.2007/15:09 Uhr) schrieb Justin Mason, SpamAssassin 3.2.0-pre2 is released! This is a *prerelease* of SpamAssassin 3.2.0; not the full release. Actual there a little bit changed with trusted network? My local.cf included # Trusted clear_trusted_networks trusted_networks 127/8 # Internal clear_internal_networks internal_networks 127/8 and this getting by --lint [15519] warn: netset: cannot include 127/8 as it has already been included [15519] warn: netset: cannot include 127/8 as it has already been included -- Viele Gruesse, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 -- Zufalls-Zitat -- Diplomatie ist die Fähigkeit, so zu tun, als täte man nicht so. (Boleslaw Barlog) -- Der Text hat nichts mit dem Empfaenger der Mail zu tun -- Virus free. Checked by NOD32 Version 2099 Build 9215 06.03.2007
Re: spamd child processing timeout
On 3/2/2007 2:50 AM, Sandeep Agarwal wrote: any suggestions how to fix this or the reason for this. It's probably being caused by bayes expiries. Disable auto expiry and do the expiries via a cron job. Daryl
Re: Spamhaus Tests
Cliff Stanford wrote: Some questions: 1. RCVD_IN_XBL Why is this only applied by default to -lastexternal rather than all the Received: lines? Surely if any forwarding host is a known exploit, it should score the same 3.897 ? The problem here is that XBL will generally consist of home-user IPs. Those IPs are of hosts known to have been infected with backdoors that cause spam relaying. XBL is highly effective if you use it to pick of hosts directly sending mail to your network, with near zero false positives. Generally home users use their relays, and spam tools direct deliver. However, if you apply it to the originating IP, you'll also pick off all the legitamate mail sent by infected users (or uninfected users who got reallocated the same IP!) the false positive rate goes up as a result, and the score of this test would fall as a result. 2. RCVD_IN_PBL This is (IMHO) correctly applied to -lastexternal. Why is the default score only 0.001 ? I suspect It's not been around long enough to have been subjected to a mass-check to determine its accuracy. It is also not clear to what degree it will overlap with the NJABL and SORBS DUL lists, which would also show up in mass-check. With no detailed information on the accuracy of the list, or how it interacts with other existing lists, they probably assigned it this score to start. 3. -lastexternal The docs for this flag say, You can select only the external host that connected to your internal network. Does this mean that trusted_networks is ignored for this flag and I would need to put the secondary MXs' IP addresses into internal_networks instead. Yes, although be aware that unless you explicitly specify a internal_networks, the value is copied from trusted_networks. Most people only need to set trusted_networks, and let internal_networks copy it. Only a few sites (for example those that need to accept mail from dialup users) need to make these two lists differ. 4. Lists Is this the right place or should I have posted this to the dev list instead? This is the right place for questions about SA. Even though this touches a bit on the subject of development, it's really only questions about the hows and whys of SA's rules. As such, I'd say this is the right list. Personally, I kind of view the dev list as more of a place to make specific suggestions. This list is a better place to ask questions, unless you're really getting into questions that arise from attempts to implement a new feature in SA. (ie: if you were writing a new bayes store for some new kind of database, and had questions about how bayes stores are used.. that would probably be good to post to dev) However, be aware that I'm merely a helpful community member and my opinions on the list uses are purely non-official.
Spamassassin 3.1.8
Hello All, I have upgraded spamassassin from 3.1.7 to 3.1.8 and have a easy quiestion, When I look at the headers it still shows that Spamassassin 3.1.7 is installed / running Why is that? I did the following -- downloaded Mail-SpamassAssin-3.1.8.tar.gz and installed by perl Makefile.PL / make / make install stopped the current spamd and restarted and it shows that 3.1.7 in the header. TIA
Re: Spamassassin 3.1.8
On Tue, Mar 06, 2007 at 09:08:59PM -0600, SAtalk Mail User wrote: stopped the current spamd and restarted and it shows that 3.1.7 in the header. I would guess that your install didn't happen correctly. Sounds like you have one version installed and probably installed 3.1.8 to a different location. -- Randomly Selected Tagline: Remember: while root can do most everything, there are certain privileges that only a partner can grant.- Telsa Gwynne pgpm1R3knMDIo.pgp Description: PGP signature
Re: User or Admin?
On Tue, Mar 06, 2007 at 07:42:54PM -0500, Don Ireland wrote: Should I be looking at the docs written for users or for admins? Are you running SA as a user or as an admin? If I use Bayesian filtering (I want to), will other users of my host's system affect SA's learning? Or will it only read MINE? If I can allow it Depends how you set it up. to include other users training but have that carry a lower weight in the decision process then that's what I'd like to do. But I don't want the fact that someone else identified something as spam to carry as much weight as MY identifying something as spam. There's a single DB, either yours, or a site-wide DB. Also when the host updates SA, will I need to re-train SA? I've read that minor or maintenance updates don't need retrained, but what about major upgrades? If so, will SA just stop working? Or will I just start receiving more spam until I get it re-trained again? So far, there's been no situation where an upgrade requires restarting with Bayes, SA upgrades the DB formats and such. It sounds like you're a user on someone else's hosting though -- I'd talk to them about what their SA setup is and how you're expected to use it. -- Randomly Selected Tagline: the Audi sounds and feels like a volcano making love to an avalanche - http://www.thetruthaboutcars.com/?p=2545 pgpEq9aKh3Bem.pgp Description: PGP signature
Re: User or Admin?
Are you running SA as a user or as an admin? I THINK user. But that's what I was looking for confirmation on. That's why I posted the details of the fact that I'm using a shared hosting account. Depends how you set it up. Ok--so it can be configured to use MY bayesian training then. GOOD. It sounds like you're a user on someone else's hosting though Yes I am. I'd talk to them about what their SA setup is and how you're expected to use it. When I ask them anything about SA configuration, they point me to spamassassin.apache.org. They have told me that I can use my own userprefs file and told me where the file is. Theo Van Dinter wrote: On Tue, Mar 06, 2007 at 07:42:54PM -0500, Don Ireland wrote: Should I be looking at the docs written for users or for admins? Are you running SA as a user or as an admin? If I use Bayesian filtering (I want to), will other users of my host's system affect SA's learning? Or will it only read MINE? If I can allow it Depends how you set it up. to include other users training but have that carry a lower weight in the decision process then that's what I'd like to do. But I don't want the fact that someone else identified something as spam to carry as much weight as MY identifying something as spam. There's a single DB, either yours, or a site-wide DB. Also when the host updates SA, will I need to re-train SA? I've read that minor or maintenance updates don't need retrained, but what about major upgrades? If so, will SA just stop working? Or will I just start receiving more spam until I get it re-trained again? So far, there's been no situation where an upgrade requires restarting with Bayes, SA upgrades the DB formats and such. It sounds like you're a user on someone else's hosting though -- I'd talk to them about what their SA setup is and how you're expected to use it.
RE: Spamassassin 3.1.8
I have upgraded spamassassin from 3.1.7 to 3.1.8 and have a easy quiestion, When I look at the headers it still shows that Spamassassin 3.1.7 is installed / running Why is that? I did the following -- downloaded Mail-SpamassAssin- 3.1.8.tar.gz and installed by perl Makefile.PL / make / make install stopped the current spamd and restarted and it shows that 3.1.7 in the header. TIA Greetings back at ya... What operating system? It isn't accidentally installed twice in two separate places is it? Are you using qmail-scanner-queue? If so, you have to run it (the QMS perl script) a certain way to have it reinit the new config - rh -- Robert - Abba Communications http://www.abbacomm.net/