Re: Upgrading from 2.63 to 3.1.8
Matt Kettler wrote: Yes, it's covered in the UPGRADE file [..] sa-learn --sync Thanks Mark, Meanwhile, I discovered that a few messages were still delivered and filtered by SA 2.6 on another mail delivery server and I think that's what was causing trouble. I made sure mail was coming through SA 3.1.8 only and I ran the following script on behalf of concerned users (procmail tests the presence of ~/.nofilterspam before calling spamc for users who do not want SA and I use this to prevent SA interfering during the conversion) : #!/bin/sh # if [ -f ~/.nofilterspam ] ; then echo SPAM filtering disabled by ~/.nofilterspam else touch ~/.nofilterspam if /usr/bin/sa-learn -D --sync then echo Conversion to bayes DB3 was successful else echo Conversion to bayes DB3 FAILED ! rm ~/.nofilterspam exit 1 fi rm ~/.nofilterspam fi exit 0 Problem is that it seems I would have to run this script for 200 or so users after I put SA 3.1.8 in prod on our main server... Thanks. JM -- Jean-michel BARBET| Tel: +33 (0)2 51 85 84 86 Laboratoire SUBATECH Nantes France| Fax: +33 (0)2 51 85 84 79 CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: [EMAIL PROTECTED]
Re: Don't want hatfield.com to send mail to mccoy.com - can /etc/mail/spamassassin/local.cf help?
On Tue, April 24, 2007 06:33, John Schmerold wrote: SA is protecting 20 domains from evil, I want to keep 2 domains from communicating with one another, I believe local.cf can help resolve this for me, if I can figure out how to do: scoreLOCAL__H_M 50.00 header LOCAL__H_M From =~ /hatfield\.com/i .and. header LOCAL__H_M To =~ /mccoy\.com/i describe LOCAL__H_M Hatfield to McCoy change header __LOCAL__H_MF From =~ /hatfield\.com/i .and. header __LOCAL__H_MT To =~ /mccoy\.com/i meta LOCAL__H_M (__LOCAL__H_MF __LOCAL__H_MT) scoreLOCAL__M_H 50.00 header LOCAL__M_HFrom =~ /mccoy\.com/i .and. header LOCAL__M_H To =~ /hatfield\.com/i describe LOCAL__M_H McCoy to Hatfield make the same change here as the first one So, this newbie has 2 questions: 1. Can this be done yes 2. How to do it - I suspect the answer lies in the stack of regex information I've been staring at, but can figure out regexp is not needed :-) -- This message was sent using 100% recycled spam mails.
ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. Downloads are available from: http://people.apache.org/~jm/devel/ Downloading --- http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc3.tar.bz2 http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc3.tar.gz http://people.apache.org/~jm/devel/Mail-SpamAssassin-3.2.0-rc3.zip md5sum of archive files: 23299659a018a1e316ce450c28ac2e29 Mail-SpamAssassin-3.2.0-rc3.tar.bz2 43b7774fab7ac7a3ba5a4257af8eb700 Mail-SpamAssassin-3.2.0-rc3.tar.gz 1451c9770e70dfe21bf7156955d0c19c Mail-SpamAssassin-3.2.0-rc3.zip sha1sum of archive files: bec7332ba34a702d1b3b3d7c990dea2f34ceb0cf Mail-SpamAssassin-3.2.0-rc3.tar.bz2 5074e8131a3ce13953d8e390aa8bcb386b046154 Mail-SpamAssassin-3.2.0-rc3.tar.gz 38939a3b51fcc6ec1adc1782ca31b9a2a182295c Mail-SpamAssassin-3.2.0-rc3.zip The release files also have a .asc accompanying them. The file serves as an external GPG signature for the given release file. The signing key is available via the wwwkeys.pgp.net key server, as well as http://spamassassin.apache.org/released/GPG-SIGNING-KEY The key information is: pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key [EMAIL PROTECTED] Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B See the INSTALL and UPGRADE files in the distribution for important installation notes. Summary of major changes since 3.1.8 Changes to the core code: * new behavior for trusted_networks/internal_networks: the 127.* network is now always considered trusted and internal, regardless of configuration. * bug 3109: short-circuiting of 'definite ham' or 'definite spam' messages based on individual short-circuit rules using the 'shortcircuit' setting, by Dallas Engelken dallase /at/ uribl.com. * bug 5305: implement 'msa_networks', for ISPs to specify their Mail Submission Agents, and extend network trust accordingly. * bug 4636: Add support for charset normalization, so rules can be written in UTF-8 to match text in other charsets. * sa-compile: compilation of SpamAssassin rules into a fast parallel-matching DFA, implemented in native code. * tflags multiple: allow writing of rules that count multiple hits in a single message. * bug 4363: if a message uses CRLF for line endings, we should use it as well, otherwise stay with LF as usual; important for Windows users. * bug 4515: content preview was omitting first paragraph when no Subject: header was present. * The third-party modules used by sa-update are now required by the SpamAssassin package, instead of being optional. * Bug 5165: 'sa-update --checkonly' added to check for updates without applying them; thanks to anomie /at/ users.sourceforge.net * Bugs 4606, 4609: Adjust MIME parsing limits for nested multipart/* and message/rfc822 MIME parts. * bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM * Removed dependency on Text::Wrap CPAN module. * Received header parsing updates/fixes/additions. Spamc / spamd: * bug 4603: Mail::SpamAssassin::Spamd::Apache2 -- mod_perl2 module, implementing spamd as a mod_perl module, contributed as a Google Summer of Code project by Radoslaw Zielinski. * bug 3991: spamd can now listen on UNIX domain, TCP, and SSL sockets simultaneously. Command-line semantics extended slightly, although fully backwards compatibly; add the --ssl-port switch to allow TCP and SSL listening at the same time. * bug 3466: do Bayes expiration, if required, after results have been passed back to the client from spamd; this helps avoid client timeouts. * more complete IPv6 support. * spamc: Add '-K' switch, to ping spamd. * spamc: add '-z' switch, which compresses mails to be scanned using zlib compression; very useful for long-distance use of spamc over the internet. * bug 5296: spamc '--headers' switch, which scans messages and transmits back just rewritten headers. This is more bandwidth-efficient than the normal mode of scanning, but only works for 'report_safe 0'. * Bump spamd's protocol version to 1.4, to reflect new HEADERS verb used for '--headers'. Mail::SpamAssassin modules and API: * bug 4589: allow M::SA::Message to use IO::File objects to read in message (same as GLOB). * bug 4517: rule instrumentation plugin hooks, to measure performance, from John Gardiner Myers jgmyers /at/ proofpoint.com. * add two features to core rule-parsing code; 1. optional behaviour to recurse through subdirs looking for .cf/.pre's, to support rules compilers working on rulesrc dir. 2. call back into invoking code on lint failure, so rule compiler can detect which rules exactly fail the lint check. * bug 5206: detect duplicate rules, and silently merge them internally for greater efficiency. * bug 5243: add Plugin::register_method_priority()
RE: Newbie Questions.
Grant Peel wrote: I have not turned on bayes, is it critical (to catching spam)? Bayes is not critical, but it can be very useful. For best results, I suggest you do this: Manually train the Bayes db with hand-sorted ham and spam at least until you get to the 200-ham/200-spam limit. After that, keep an eye on your incoming mail and retrain any messages that are mis-classified. Manual training works like this: sa-learn --ham /directory/with/nonspam sa-learn --spam /directory/with/spam By default Bayes will also auto-learn incoming messages as either ham or spam based on certain criteria. Some people suggest adjusting the criteria to further prevent mis-training, but I have not had any problems with the default settings. However, on some of my accounts, I will disable the autolearning and manually sort and learn on all of my incoming mail each day. -- Bowie
Newsletter gets declared as spam
Hi there, I am operating a travel community portal since 5 years now. Members can subscribe online to a newsletter by checking a box while they sign up for an account. Since a few months more and more newsletters get stuck in the junk folder and I am trying to find out why. Even if the spam score is as little as 2.1 the message get in there! Regular mail gets filtered out with 6 on my settings. The mail gets send through phpmailer 1.7.3 and the header looks like: X-Sieve: CMU Sieve 2.3 X-Spam-score: 1.9 X-Spam-hits: BAYES_00 -0.7, EXTRA_MPART_TYPE 1.091, FORGED_RCVD_HELO 0.135, HTML_MESSAGE 0.001, HTML_TAG_BALANCE_BODY 0.228, MIME_HTML_ONLY 0.001, TVD_FW_GRAPHIC_NAME_MID 1.2 EXTRA_MPART_TYPE gets highest, but I do not see a way to get rid of this? Can anybody help please? Best regards, Merlin
Re: Newbie Questions.
Bowie Bailey schrieb: Grant Peel wrote: I have not turned on bayes, is it critical (to catching spam)? Bayes is not critical, but it can be very useful. For best results, I suggest you do this: ACK. It can kick the spam over the treshold which is maybe not hit by other rules, a well trained Bayes is essential i think. (And it produces no false-positives if bayes was: BAYES_100 it was always right). Manually train the Bayes db with hand-sorted ham and spam at least until you get to the 200-ham/200-spam limit. After that, keep an eye on your incoming mail and retrain any messages that are mis-classified. Manual training works like this: sa-learn --ham /directory/with/nonspam sa-learn --spam /directory/with/spam You should run sa-learn with the proper user account e.g.: sudo -u amavis -H sa-learn --spam /path/to/spam-messages/ By default Bayes will also auto-learn incoming messages as either ham or spam based on certain criteria. Some people suggest adjusting the criteria to further prevent mis-training, but I have not had any problems with the default settings. However, on some of my accounts, I will disable the autolearning and manually sort and learn on all of my incoming mail each day. Autolearning is not failure proof i think, especially on less restrictive Mailinglists ... -- Greetings MH Dont send mail to: [EMAIL PROTECTED] --
Re: Newsletter gets declared as spam
On Tuesday 24 April 2007 15:52, Merlin Morgenstern wrote: X-Sieve: CMU Sieve 2.3 X-Spam-score: 1.9 X-Spam-hits: BAYES_00 -0.7, EXTRA_MPART_TYPE 1.091, FORGED_RCVD_HELO 0.135, HTML_MESSAGE 0.001, HTML_TAG_BALANCE_BODY 0.228, MIME_HTML_ONLY 0.001, TVD_FW_GRAPHIC_NAME_MID 1.2 EXTRA_MPART_TYPE gets highest, but I do not see a way to get rid of this? Can anybody help please? EXTRA_MPART_TYPE has been bug reported already. Its rationale is incorrect (the type parameter is actually required), but on the other hand SA doesn't care about what is correct or not, only what indicates spam. Apparently there hasn't been enough ham matching it in the corpora fed to the mass-checks. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpdRwUcGfcqR.pgp Description: PGP signature
RE: Newbie Questions.
Matthias Haegele wrote: Bowie Bailey schrieb: Grant Peel wrote: I have not turned on bayes, is it critical (to catching spam)? Bayes is not critical, but it can be very useful. For best results, I suggest you do this: ACK. It can kick the spam over the treshold which is maybe not hit by other rules, a well trained Bayes is essential i think. (And it produces no false-positives if bayes was: BAYES_100 it was always right). Very useful, yes. Critical, no. Manually train the Bayes db with hand-sorted ham and spam at least until you get to the 200-ham/200-spam limit. After that, keep an eye on your incoming mail and retrain any messages that are mis-classified. Manual training works like this: sa-learn --ham /directory/with/nonspam sa-learn --spam /directory/with/spam You should run sa-learn with the proper user account e.g.: sudo -u amavis -H sa-learn --spam /path/to/spam-messages/ Thanks, I forgot to mention this piece of (critical) information. Training the wrong database is, unfortunately, a common problem. By default Bayes will also auto-learn incoming messages as either ham or spam based on certain criteria. Some people suggest adjusting the criteria to further prevent mis-training, but I have not had any problems with the default settings. However, on some of my accounts, I will disable the autolearning and manually sort and learn on all of my incoming mail each day. Autolearning is not failure proof i think, especially on less restrictive Mailinglists ... It's not failure proof, but most of my accounts rely on autotraining with the default settings. I have had one instance where I had to recreate a corrupted database, but this was on an account that had no manual training done at all. -- Bowie
Re: Newsletter gets declared as spam
Merlin Morgenstern writes: Hi there, I am operating a travel community portal since 5 years now. Members can subscribe online to a newsletter by checking a box while they sign up for an account. Since a few months more and more newsletters get stuck in the junk folder and I am trying to find out why. Even if the spam score is as little as 2.1 the message get in there! Regular mail gets filtered out with 6 on my settings. The mail gets send through phpmailer 1.7.3 and the header looks like: X-Sieve: CMU Sieve 2.3 X-Spam-score: 1.9 X-Spam-hits: BAYES_00 -0.7, EXTRA_MPART_TYPE 1.091, FORGED_RCVD_HELO 0.135, HTML_MESSAGE 0.001, HTML_TAG_BALANCE_BODY 0.228, MIME_HTML_ONLY 0.001, TVD_FW_GRAPHIC_NAME_MID 1.2 EXTRA_MPART_TYPE gets highest, but I do not see a way to get rid of this? Can anybody help please? That adds up to 2.656. That's way off the spam threshold of 5... well within the nonspam score range. --j.
Testing Spamassassin with the mail command
Hello. I am new to SpamAssasin. I have configured my new Sendmail server to use Spamassassin and have tested with the usual commands: spamassassin -D /usr/share/doc/spamassassin-3.1.8/sample-spam.txt I want to test how the messages will look when delivered, so I can tweak that. Thanks in advance! -- View this message in context: http://www.nabble.com/Testing-Spamassassin-with-the-mail-command-tf3639390.html#a10163382 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
RE: Testing Spamassassin with the mail command
StarkRavingCalm wrote: Hello. I am new to SpamAssasin. I have configured my new Sendmail server to use Spamassassin and have tested with the usual commands: spamassassin -D /usr/share/doc/spamassassin-3.1.8/sample-spam.txt I want to test how the messages will look when delivered, so I can tweak that. spamassassin testmessage.txt or spamc testmessage.txt Output will be the modified message. -- Bowie
RE: Testing Spamassassin with the mail command
Bowie, Thank you for the reply. What I would like to do is to test it by letting it pass thru so I can see how it would arrive in the user's inbox. Thanks Bowie Bailey wrote: StarkRavingCalm wrote: Hello. I am new to SpamAssasin. I have configured my new Sendmail server to use Spamassassin and have tested with the usual commands: spamassassin -D /usr/share/doc/spamassassin-3.1.8/sample-spam.txt I want to test how the messages will look when delivered, so I can tweak that. spamassassin testmessage.txt or spamc testmessage.txt Output will be the modified message. -- Bowie -- View this message in context: http://www.nabble.com/Testing-Spamassassin-with-the-mail-command-tf3639390.html#a10165180 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Newsletter gets declared as spam
On Tue, 24 Apr 2007, Merlin Morgenstern wrote: X-Spam-hits: BAYES_00 -0.7, EXTRA_MPART_TYPE 1.091, FORGED_RCVD_HELO 0.135, HTML_MESSAGE 0.001, HTML_TAG_BALANCE_BODY 0.228, MIME_HTML_ONLY 0.001, TVD_FW_GRAPHIC_NAME_MID 1.2 MIME_HTML_ONLY: Don't omit the text-only version of the body. Be considerate of those who don't like or can't read HTML e-mail. HTML_TAG_BALANCE_BODY: Run your newsletter through an HTML validator before you send it. Be aware that Word writes utterly crappy HTML (yes, I am making an assumption here). -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The fetters imposed on liberty at home have ever been forged out of the weapons provided for defense against real, pretended, or imaginary dangers from abroad. -- James Madison, 1799 --- 560 days until the Presidential Election
Re: Spamassassin: Best Practices
Mike Jackson wrote: That depends on your MTA. Some make it easy (Postfix), some make it difficult (Sendmail), some you just shouldn't be using (Qmail). (That last one was a joke, people.) Actually, anyone who voluntarily administers any MTA has to be someone who enjoys beating themselves in the head with a baseball bat in the first place... g -kgd
Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
Justin Mason wrote: Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. Downloads are available from: http://people.apache.org/~jm/devel/ http://people.apache.org/%7Ejm/devel/ are we missing the tools subdirectory? is is being removed? cd tools spammertrap# ls README.speedtestmboxsplit sysreport check_whitelist sa-stats.pl test_extract convert_awl_dbm_to_sql speedtest triplets.pl desc_length.pl split_corpora _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
RE: Testing Spamassassin with the mail command
OK Everyone - Send him your SPAM!!! ;-) Just kidding... I'm not sure what you're looking for from us. Please be more specific. By the way, I use Sendmail as well, and find the spamass-milter to be a great way to link in spamassassin. Also, the blacklists are very effective. If you need any assistance with the sendmail.mc entries required, email me back. Regards, Vince -Original Message- From: StarkRavingCalm [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 11:23 AM To: users@spamassassin.apache.org Subject: Testing Spamassassin with the mail command Hello. I am new to SpamAssasin. I have configured my new Sendmail server to use Spamassassin and have tested with the usual commands: spamassassin -D /usr/share/doc/spamassassin-3.1.8/sample-spam.txt I want to test how the messages will look when delivered, so I can tweak that. Thanks in advance! -- View this message in context: http://www.nabble.com/Testing-Spamassassin-with-the-mail-command-tf36393 90.html#a10163382 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
On Tue, Apr 24, 2007 at 01:47:29PM -0400, Michael Scheidell wrote: are we missing the tools subdirectory? is is being removed? Yes, tools was removed from the tarball, along with masses and contrib. It's all still available via SVN/http. -- Randomly Selected Tagline: An authority is anyone who guessed right more than once. pgpvizvflaIYZ.pgp Description: PGP signature
RE: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
From: Justin Mason [mailto:[EMAIL PROTECTED] Subject: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available! Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. I have found the following (non-fatal) issues with SA v3.2.0-rc3: 1) Now that spamc is linked with zlib, it doesn't link correctly on Solaris 8 where libz.so is in /usr/local/lib. Attempting to run spamc gives the following error: ld.so.1: ../spamc/spamc: fatal: libz.so: open failed: No such file or directory A workaround is to use the following make command # LD_RUN_PATH=/usr/local/lib make but it would be better if the configuration code supplied the right link options. 2) I tried to compile the rules to see how much speed increase I could get, but it didn't work. After running sa-compile and uncommenting the Rule2XSBody plugin, I got the following error: # spamassassin --lint ld.so.1: /usr/local/bin/spamassassin: fatal: relocation error: file /var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/CompiledR egexps/body_0/body_0.so: symbol Mail_SpamAssassin_CompiledRegexps_body_0_scan17: referenced symbol not found Killed This is with rc2 on Solaris 8. I haven't tried it with rc3 yet because it takes about 3 hours to compile on our development system. 3) I noticed the following rules were removed: SUBJECT_DRUG_GAP_P HTML_NONELEMENT_50_60 HTML_NONELEMENT_70_80 HTML_NONELEMENT_90_100 HTML_FONT_INVISIBLE HTML_BACKHAIR_8 RISK_FREE PORN_URL_SEX I was wondering why some of the HTML_NONELEMENT_nn_nn rules were removed and some were not. * bug 5236: Support Mail::SPF replacement for Mail::SPF::Query. Makefile.PL complains if Mail::SPF::Query is missing, even though it knows that Mail::SPF is preferred.
RE: Newsletter gets declared as spam
-Original Message- From: Merlin Morgenstern [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 9:52 AM To: users@spamassassin.apache.org Subject: Newsletter gets declared as spam X-Spam-score: 1.9 X-Spam-hits: BAYES_00 -0.7, EXTRA_MPART_TYPE 1.091, FORGED_RCVD_HELO 0.135, HTML_MESSAGE 0.001, HTML_TAG_BALANCE_BODY 0.228, MIME_HTML_ONLY 0.001, TVD_FW_GRAPHIC_NAME_MID 1.2 EXTRA_MPART_TYPE gets highest, but I do not see a way to get rid of this? Can anybody help please? Might be that outlook is sending to the Junk mail folder? Or something else. Spamassassing doesn't send ANYTHING to the Junk Email folder. _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
Justin Mason wrote: Apache SpamAssassin 3.2.0-rc3 is now available! This is a *PRERELEASE*, not the full release of 3.2.0. on Freebsd 5.5, after (what I think) is a successful sa-compile: /libexec/ld-elf.so.1: /var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so: Undefined symbol Mail_SpamAssassin_CompiledRegexps_body_0_scan1 _ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _
SARE_URI_IHIRE bug?
I have some ham with 'iHireEngineering.com' URL's in the message that are hitting this regex for SARE_URI_IHIRE: uri SARE_URI_IHIRE /\biHire\w+\.com/i describe SARE_URI_IHIRE body contains link to known spammer score SARE_URI_IHIRE 3.333 I have disabled here, will it be fixed to properly hit the entire domain? Where should I notify? It is missing a boundary on the right side. -- Robert
RE: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available! - UTF error
Testing v3.2.0-rc3 on Solaris 8 I'm finding zillions of the following errors in the log file: Apr 24 10:13:27 emaildev.ornl.gov spamd[12593]: Malformed UTF-8 character (unexpected non-continuation by te 0x00, immediately after start byte 0xce) in pattern match (m//) at /etc/mail/spamassassin/70_sare_obfu .cf, rule __SARE_OBFU_VISIT1, line 1, GEN174 line 390. Apr 24 10:13:27 emaildev.ornl.gov last message repeated 1 time Apr 24 10:13:28 emaildev.ornl.gov spamd[12593]: Malformed UTF-8 character (unexpected non-continuation by te 0x00, immediately after start byte 0xc4) in pattern match (m//) at /etc/mail/spamassassin/70_sare_obfu .cf, rule __SARE_OBFU_VISIT1, line 1, GEN174 line 390. Apr 24 10:13:28 emaildev.ornl.gov last message repeated 3 times ... Apr 24 10:39:13 emaildev.ornl.gov spamd[12592]: Malformed UTF-8 character (unexpected non-continuation byte 0x00, immediately after start byte 0xce) in pattern match (m//) at /etc/mail/spamassassin/72_sare_bml_post25x.cf, rule SARE_OBFUAUCTION, line 1, GEN192 line 832. Apr 24 10:39:13 emaildev.ornl.gov last message repeated 1 time Apr 24 10:39:13 emaildev.ornl.gov spamd[12592]: Malformed UTF-8 character (unexpected non-continuation byte 0x00, immediately after start byte 0xd0) in pattern match (m//) at /etc/mail/spamassassin/72_sare_bml_post25x.cf, rule SARE_OBFUAUCTION, line 1, GEN192 line 832. I don't see this error in v3.1.8. What is causing this error, and how do I fix it? Thanks, Larry
Re: SARE_URI_IHIRE bug?
Robert Fitzpatrick wrote: I have some ham with 'iHireEngineering.com' URL's in the message that are hitting this regex for SARE_URI_IHIRE: uri SARE_URI_IHIRE /\biHire\w+\.com/i describe SARE_URI_IHIRE body contains link to known spammer score SARE_URI_IHIRE 3.333 I have disabled here, will it be fixed to properly hit the entire domain? Where should I notify? It is missing a boundary on the right side. You're probably best off bring this up on the SARE users list since the rule in question is a third party (SARE) rule and not a rule distributed with SpamAssassin itself. Daryl
Re: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
Rosenbaum, Larry M. writes: 1) Now that spamc is linked with zlib, it doesn't link correctly on Solaris 8 where libz.so is in /usr/local/lib. Attempting to run spamc gives the following error: ld.so.1: ../spamc/spamc: fatal: libz.so: open failed: No such file or directory A workaround is to use the following make command # LD_RUN_PATH=/usr/local/lib make but it would be better if the configuration code supplied the right link options. Right -- sounds like we need some kind of smarts in our spamc/configure and spamc/Makefile.in to deal with adding the -R switch for the compiler? pretty tricky :( 2) I tried to compile the rules to see how much speed increase I could get, but it didn't work. After running sa-compile and uncommenting the Rule2XSBody plugin, I got the following error: # spamassassin --lint ld.so.1: /usr/local/bin/spamassassin: fatal: relocation error: file /var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/CompiledR egexps/body_0/body_0.so: symbol Mail_SpamAssassin_CompiledRegexps_body_0_scan17: referenced symbol not found Killed This is with rc2 on Solaris 8. I haven't tried it with rc3 yet because it takes about 3 hours to compile on our development system. Again, sounds like some kind of -R related issue. However, this *should* work since this module is simply built using the ExtUtils::MakeMaker support for building XS modules. Are you able to build XS modules (e.g. HTML::Parser) from source ok on that system? 3) I noticed the following rules were removed: SUBJECT_DRUG_GAP_P HTML_NONELEMENT_50_60 HTML_NONELEMENT_70_80 HTML_NONELEMENT_90_100 HTML_FONT_INVISIBLE HTML_BACKHAIR_8 RISK_FREE PORN_URL_SEX I was wondering why some of the HTML_NONELEMENT_nn_nn rules were removed and some were not. Basically- some of them were still useful against spam, some were not ;) The ones that were not were removed, iirc. * bug 5236: Support Mail::SPF replacement for Mail::SPF::Query. Makefile.PL complains if Mail::SPF::Query is missing, even though it knows that Mail::SPF is preferred. So you *have* Mail::SPF installed, but not Mail::SPF::Query? True; I don't think we yet have code to figure out that situation automatically. However the INSTALL doc is pretty clear about that... --j.
RE: Testing Spamassassin with the mail command
Vince, Thanks for your reply. Here is what I am looking for: I have built a new server to replace one of our internal mail relays, it is configured to use ClamAV and Spamassassin. Before I make the switch, I want to make sure that everything is working as I would like it and the switch will be transparent to users. Now, I am not very familiar with SA, but examples I have seen so a lot of re-writing in the subject etc... I would like to test it so that I can see a piece of mail marked as Spam but delivered to a user so that I can see what the email will look like when it comes thru. This way I can tweak it if I need to. Ultimately using the mail command would be best. Rich -Original Message- From: Vincent Fleming [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 1:54 PM To: StarkRavingCalm; Subject: RE: Testing Spamassassin with the mail command OK Everyone - Send him your SPAM!!! ;-) Just kidding... I'm not sure what you're looking for from us. Please be more specific. By the way, I use Sendmail as well, and find the spamass-milter to be a great way to link in spamassassin. Also, the blacklists are very effective. If you need any assistance with the sendmail.mc entries required, email me back. Regards, Vince -Original Message- From: StarkRavingCalm [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 11:23 AM To: users@spamassassin.apache.org Subject: Testing Spamassassin with the mail command Hello. I am new to SpamAssasin. I have configured my new Sendmail server to use Spamassassin and have tested with the usual commands: spamassassin -D /usr/share/doc/spamassassin-3.1.8/sample-spam.txt I want to test how the messages will look when delivered, so I can tweak that. Thanks in advance! -- View this message in context: http://www.nabble.com/Testing-Spamassassin-with-the-mail-command-tf36393 90.html#a10163382 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: SARE_URI_IHIRE bug?
On Tue, 2007-04-24 at 14:57 -0400, Robert Fitzpatrick wrote: I have some ham with 'iHireEngineering.com' URL's in the message that are hitting this regex for SARE_URI_IHIRE: uri SARE_URI_IHIRE /\biHire\w+\.com/i describe SARE_URI_IHIRE body contains link to known spammer score SARE_URI_IHIRE 3.333 I have disabled here, will it be fixed to properly hit the entire domain? Where should I notify? It is missing a boundary on the right side. Or, is this meant to include others besides just iHire.com? Anyway, my recipient wants the e-mail, he is a recruiter. Looking closer, I see the name of the sender is just iHire, LLC. -- Robert
RE: Testing Spamassassin with the mail command
StarkRavingCalm wrote: Bowie, Thank you for the reply. What I would like to do is to test it by letting it pass thru so I can see how it would arrive in the user's inbox. Then configure the MTA to accept and deliver mail for a test user and send him some mail. You can send the mail either using the mail command line utility or by connecting directly to the server from Thunderbird or some other mail program. As long as your DNS servers don't have any (non-test) MX records pointing to your new mail server, it won't affect your real mail traffic. -- Bowie
RE: ANNOUNCE: Apache SpamAssassin 3.2.0-rc3 PRERELEASE available!
2) I tried to compile the rules to see how much speed increase I could get, but it didn't work. After running sa-compile and uncommenting the Rule2XSBody plugin, I got the following error: # spamassassin --lint ld.so.1: /usr/local/bin/spamassassin: fatal: relocation error: file /var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/CompiledR egexps/body_0/body_0.so: symbol Mail_SpamAssassin_CompiledRegexps_body_0_scan17: referenced symbol not found Killed This is with rc2 on Solaris 8. I haven't tried it with rc3 yet because it takes about 3 hours to compile on our development system. Again, sounds like some kind of -R related issue. However, this *should* work since this module is simply built using the ExtUtils::MakeMaker support for building XS modules. Are you able to build XS modules (e.g. HTML::Parser) from source ok on that system? I have no trouble compiling other XS Perl modules. It doesn't seem to be a problem finding the dynamic libraries: # ldd /var/lib/spamassassin/compiled/3.002000/auto/Mail/ SpamAssassin/CompiledRegexps/body_0/body_0.so libc.so.1 = /usr/lib/libc.so.1 libdl.so.1 =/usr/lib/libdl.so.1 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 It's more a matter of finding the symbols: # ldd -r /var/lib/spamassassin/compiled/3.002000/auto/Mail/ SpamAssassin/CompiledRegexps/body_0/body_0.so libc.so.1 = /usr/lib/libc.so.1 libdl.so.1 =/usr/lib/libdl.so.1 /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 symbol not found: main (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: PL_markstack_ptr (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: PL_stack_sp (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: PL_sv_yes (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: PL_stack_base (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_newSVpvn_share (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_av_push (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_sv_2pvutf8 (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_newAV (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_sv_2mortal (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Mail_SpamAssassin_CompiledRegexps_body_0_scan17 (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_croak (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_newRV (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_form (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_get_sv (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_sv_2pv_flags (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so) symbol not found: Perl_newXS (/var/lib/spamassassin/compiled/3.002000/auto/Mail/SpamAssassin/Compiled Regexps/body_0/body_0.so)
One word spam
I'm seeing a lot of one words spam. I'm guessing they are probing for capabilities. Is anyone else seeing this? If so - what do you know about it?
Re: Don't want hatfield.com to send mail to mccoy.com - can /etc/mail/spamassassin/local.cf help?
Out of curiosity, is there a reason to do this in SA vs. at the MTA, firewall, etc? -faisal -used to work with a Hatfield and is friends with a McCoy On Apr 24, 2007, at 12:33 AM, John Schmerold wrote: SA is protecting 20 domains from evil, I want to keep 2 domains from communicating with one another, I believe local.cf can help resolve this for me, if I can figure out how to do: scoreLOCAL__H_M 50.00 header LOCAL__H_M From =~ /hatfield\.com/i .and. header LOCAL__H_M To =~ /mccoy\.com/i describe LOCAL__H_M Hatfield to McCoy scoreLOCAL__M_H 50.00 header LOCAL__M_HFrom =~ /mccoy\.com/i .and. header LOCAL__M_H To =~ /hatfield\.com/i describe LOCAL__M_H McCoy to Hatfield So, this newbie has 2 questions: 1. Can this be done 2. How to do it - I suspect the answer lies in the stack of regex information I've been staring at, but can figure out TIA
Re: One word spam
As I recall, this has been discussed earlier on the list. It seems like spammers are fishing for valid addresses Not lately, but I have seen this kind of spam a lot two months ago or so... Luix 2007/4/24, Marc Perkel [EMAIL PROTECTED]: I'm seeing a lot of one words spam. I'm guessing they are probing for capabilities. Is anyone else seeing this? If so - what do you know about it? -- - GNU-GPL: May The Source Be With You... -
[Possible SPAM] trustedrelays
I'm 'trying' to get things back to normal after the switch from earthlink to my dsl provider, embarq. I'm reading the wiki page regarding this and ran spamassassin -D -t on a test message I had sent to myself. I'm confused about the results below: [2474] dbg: received-header: parsed as [ ip=127.0.0.1 rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=8B8062336D7 auth= ] [2474] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes [2474] dbg: dns: IP is private, not looking up PTR: 127.0.0.1 [2474] dbg: received-header: parsed as [ ip=127.0.0.1 rdns= helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=0 id=jfvuG0A1xsHa auth= ] [2474] dbg: received-header: relay 127.0.0.1 trusted? yes internal? yes [2474] dbg: received-header: parsed as [ ip=71.48.168.13 rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ] [2474] dbg: received-header: relay 71.48.168.13 trusted? no internal? no [2474] dbg: metadata: X-Spam-Relays-Trusted: [ ip=127.0.0.1 rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 id=jfvuG0A1xsHa auth= ] [2474] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=71.48.168.13 rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ] [2474] dbg: metadata: X-Spam-Relays-Internal: [ ip=127.0.0.1 rdns=localhost.localdomain helo=localhost by=mailrelay.embarq.synacor.com ident= envfrom= intl=1 id=8B8062336D7 auth= ] [ ip=127.0.0.1 rdns= helo=mailrelay.embarq.synacor.com by=localhost ident= envfrom= intl=1 id=jfvuG0A1xsHa auth= ] [2474] dbg: metadata: X-Spam-Relays-External: [ ip=71.48.168.13 rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ] I read what it says, but I guess I don't understand. I see that 127.0.0.1 is trusted and from what the wiki says, thats a given. I read this as my ip being untrusted, is that correct? If thats the case would the only trusted relays be 127.0.0.1? What about the trusted_networks entry? I'm unsure on that also. This is my current trusted_networks line: trusted_networks 127/8 192.168/16 207.217.121/24 209.86.93/24 208.47.184/24 I had to leave earthlink in there as they are forwarding mail to my embarq address through 31 Oct. I 'think' I have the last entry correct for embarq, but not sure. The actual message headers are below, I did make one change and that was in the botnet setup which dropped the SA markup. X-Spam-Virus: No X-Spam-Seen: Tokens 80 X-Spam-New: Tokens 122 X-Spam-ASN: X-Spam-Remote: Host localhost.localdomain X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on cpollock.localdomain X-Spam-Status: No, score=4.0 required=5.0 tests=AWL=0.955,BAYES_00=-6.4, BOTNET=5,RCVD_IN_NJABL_DUL=1.946,RCVD_IN_PBL=0.001,RCVD_IN_SORBS_DUL=2.046, RM_t_bobbf3=0.5 autolearn=disabled version=3.1.8 X-Spam-Hammy: Tokens 31 X-Spam-Spammy: Tokens 5 X-Spam-Pyzor: X-Spam-DCC: cpollock 104; Body=1 Fuz1=1 X-Spam-Level: X-Spam-Untrusted: Relays [ ip=71.48.168.13 rdns=tx-71-48-168-13.dhcp.embarqhsd.net helo=!192.168.2.2! by=mailrelay.embarq.synacor.com ident= envfrom= intl=0 id=228272334BD auth= ] X-Spam-RBL: Results dns:13.168.48.71.combined.njabl.org [127.0.0.3] dns:13.168.48.71.zen.spamhaus.org [127.0.0.11] dns:13.168.48.71.dnsbl.sorbs.net [127.0.0.10] Received: from pop.embarq.synacor.com [208.47.184.129] by localhost.localdomain with POP3 (fetchmail-6.3.8) for [EMAIL PROTECTED] (single-drop); Mon, 23 Apr 2007 19:06:30 -0500 (CDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailrelay.embarq.synacor.com (Postfix) with ESMTP id 8B8062336D7 for [EMAIL PROTECTED]; Mon, 23 Apr 2007 20:05:54 -0400 (EDT) X-Virus-Scanned: amavisd-new at Old-X-Spam-Flag: YES Old-X-Spam-Score: 7.006 Old-X-Spam-Level: *** Old-X-Spam-Status: Yes, score=7.006 tagged_above=-10 required=6.6 tests=[AWL=2.014, BAYES_60=1, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] Received: from mailrelay.embarq.synacor.com ([127.0.0.1]) by localhost (smtp02.embarq.synacor.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfvuG0A1xsHa for [EMAIL PROTECTED]; Mon, 23 Apr 2007 20:05:54 -0400 (EDT) Received: from [192.168.2.2] (tx-71-48-168-13.dhcp.embarqhsd.net [71.48.168.13]) by mailrelay.embarq.synacor.com (Postfix) with ESMTP id 228272334BD for [EMAIL PROTECTED]; Mon, 23 Apr 2007 20:05:54 -0400 (EDT) Thanks for any help Chris -- Chris KeyID 0xE372A7DA98E6705C pgpMgp16vjsF8.pgp Description: PGP signature
[Possible SPAM] Posts tagged as Subject: [Possible SPAM]
Since changing to embarqmail.com last Sunday each post I've made to this list has been marked-up as possible spam. Is Embarq that screwed up? Or is Synacor? Here are the markups on the one I just posted: X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Flag: YES X-Old-Spam-Status: Yes, score=8.98 tagged_above=-10 required=6.6 tests=[AWL=1.313, BAYES_99=3.5, NORMAL_HTTP_TO_IP=0.175, RCVD_IN_NJABL_DUL=1.946, RCVD_IN_SORBS_DUL=2.046] Any assistance would be appreciated. -- Chris KeyID 0xE372A7DA98E6705C pgpG0no0jkWbU.pgp Description: PGP signature
IP - Responsible Person
Is there an algorithm that one can feed an IP address into and return the email address of the responsible person for the IP to report spam to?
Re: IP - Responsible Person
Marc Perkel wrote: Is there an algorithm that one can feed an IP address into and return the email address of the responsible person for the IP to report spam to? That works 100%? no. That works sometimes? ARIN's ip whois. That's really the most accurate source out there.
Re: IP - Responsible Person
Matt Kettler wrote: Marc Perkel wrote: Is there an algorithm that one can feed an IP address into and return the email address of the responsible person for the IP to report spam to? That works 100%? no. That works sometimes? ARIN's ip whois. That's really the most accurate source out there. I wish abuse.net supported that for the [EMAIL PROTECTED] email stuff (so you could email [EMAIL PROTECTED]). But that'd probably be much harder for them to keep track of.
Re: One word spam
--- Luis Hernán Otegui [EMAIL PROTECTED] wrote: As I recall, this has been discussed earlier on the list. It seems like spammers are fishing for valid addresses Not lately, but I have seen this kind of spam a lot two months ago or so... Luix 2007/4/24, Marc Perkel [EMAIL PROTECTED]: I'm seeing a lot of one words spam. I'm guessing they are probing for capabilities. Is anyone else seeing this? If so - what do you know about it? Yeah, we're getting quite a few of those emails today. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com