Re: spam forwarding
Hello Magnus, I did install it from source, but I only want to know if it is possible to change the spam assassin configuration for this forward. With kind regards, Met vriendelijke groet, Mark Scholten Stream Service Web: http://www.streamservice.nl/ E-mail: [EMAIL PROTECTED] NOC: http://www.mynoc.eu/ NOC e-mail: [EMAIL PROTECTED] Tel.: +31 (0)642 40 86 02 Fax: +31 (0)20 20 101 57 KVK: 08141074 BTW: NL104278274B01 - Original Message - From: Magnus Holmgren [EMAIL PROTECTED] To: users@spamassassin.apache.org Sent: Sunday, May 20, 2007 5:42 PM Subject: Re: spam forwarding
Re: image link
On Mon, May 21, 2007 11:03, Mark || Stream Service wrote: Hello, In relation to this: - Is it possible to block all messages that contain an url or sites on that url? For example to block all messages that have an url to imageshack.us (and an image from there)? I posted a suggestion of a SA rule for this in the 'new technical spam' thread. SA won't block, but tools using SA could search for the ruleset firing.
Re: spam forwarding
On Monday 21 May 2007 12:05, Mark || Stream Service wrote: I did install it from source, but I only want to know if it is possible to change the spam assassin configuration for this forward. No, SpamAssassin doesn't forward anything anywhere, it merely scans mail. You have to change the configuration of Exim or procmail or whatever you use. -- Magnus Holmgren[EMAIL PROTECTED] (No Cc of list mail needed, thanks) pgpXTek3H9crw.pgp Description: PGP signature
Temporary dir
Hello, I have problem with the directory tmp inside the home directory of the user running amavisd-new (which use spamassassin). That directory is configured as temporary dir for Amavisd-new. I mounted on it a tmpfs file system. The size of the partition is the one suggested for this job (to do the temporary directory for amavisd-new). But Often it filled up. I saw the other files (directory) is contained inside that directory.. drwx-- 2 amavis amavis 180 May 21 13:01 .spamassassin5530r7wcrVtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7237wyAuoBtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7288uoiiXPtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289MYWBOwtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289QcqPY2tmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289sijshHtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7297BbAzmltmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7418uqGnv3tmp and I can't figure out why they are there! Have someone an idea? thanks rocsca
Re: Spamassassin 3.2.0
Ming Hou,
My issue Mail::DKIM and Mail::DomainKeys are required
Crypt::OpenSSL::Random and Crypt::OpenSSL::RSA. But, I could not get
Crypt::OpenSSL::Random to be built successfully because it always
complained the following messages:
Edit Makefile.PL and add -lssl and -lcrypto to the LIBS line. I also had to
add an include line for the SSL headers.
Then rerun Makefile.PL
Just in case you are unable to build Crypt::OpenSSL::RSA,
you can just disable SA plugins Mail::DKIM and Mail::DomainKeys
('loadplugin' lines in *.pre files) and still benefit from
the rest of SA 3.2.0.
Mark
multiple behaviour
Hi the list I have a setup with SpamAssassin version 3.0.3 running on Perl version 5.8.4 (integrated with communigate pro). I would like SA to behave differently according to the score of the mail. I mean I would like mails to be silently discarded if the mail get an high score (e.g: 20) and only tag messages within the required_score (e.g. 5) and the high score. I think I already setup such a behaviour in an older release but I can't find out how I did it? Does anyone use this kind of setup or know how to achieve it?
Re: Temporary dir
Rocco Scappatura wrote: Hello, I have problem with the directory tmp inside the home directory of the user running amavisd-new (which use spamassassin). That directory is configured as temporary dir for Amavisd-new. I mounted on it a tmpfs file system. The size of the partition is the one suggested for this job (to do the temporary directory for amavisd-new). But Often it filled up. I saw the other files (directory) is contained inside that directory.. drwx-- 2 amavis amavis 180 May 21 13:01 .spamassassin5530r7wcrVtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7237wyAuoBtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7288uoiiXPtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289MYWBOwtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289QcqPY2tmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289sijshHtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7297BbAzmltmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7418uqGnv3tmp and I can't figure out why they are there! Have someone an idea? Are you using SA 3.2.0? If so, known bug: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444
Re: multiple behaviour
Alexandre Chapellon wrote: Hi the list I have a setup with SpamAssassin version 3.0.3 running on Perl version 5.8.4 (integrated with communigate pro). I would like SA to behave differently according to the score of the mail. I mean I would like mails to be silently discarded if the mail get an high score (e.g: 20) and only tag messages within the required_score (e.g. 5) and the high score. I think I already setup such a behaviour in an older release but I can't find out how I did it? This is beyond SpamAssassin's power. Due to it's place in the mail chain, as a message pipe, SpamAssassin has no direct control over message delivery. Directly, all it can do is modify the message contents. If SpamAssassin were to try to delete the message by not returning a message, most mail tools would assume it crashed, recover the original message, and deliver that. Does anyone use this kind of setup or know how to achieve it? Lots of folks do it, but this is done by the tool calling SA, not by SA itself. In fact, many tools designed to call SA have quite a lot of customization you can do in this regard. That said, I know very little about communigate, and nothing the features it provides to allow for this kind of thing.
Re: multiple behaviour
Le lundi 21 mai 2007 à 09:12 -0400, Matt Kettler a écrit : Alexandre Chapellon wrote: Hi the list I have a setup with SpamAssassin version 3.0.3 running on Perl version 5.8.4 (integrated with communigate pro). I would like SA to behave differently according to the score of the mail. I mean I would like mails to be silently discarded if the mail get an high score (e.g: 20) and only tag messages within the required_score (e.g. 5) and the high score. I think I already setup such a behaviour in an older release but I can't find out how I did it? This is beyond SpamAssassin's power. Due to it's place in the mail chain, as a message pipe, SpamAssassin has no direct control over message delivery. Directly, all it can do is modify the message contents. If SpamAssassin were to try to delete the message by not returning a message, most mail tools would assume it crashed, recover the original message, and deliver that. Does anyone use this kind of setup or know how to achieve it? Lots of folks do it, but this is done by the tool calling SA, not by SA itself. In fact, many tools designed to call SA have quite a lot of customization you can do in this regard. That said, I know very little about communigate, and nothing the features it provides to allow for this kind of thing. OK thanks a lot!
Re: sa-compile and SARE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Koopmann, Jan-Peter wrote: On Thursday, May 17, 2007 12:44 AM Doc Schneider wrote: No, the 70_sare_stocks.cf was re-scored and a couple rules were removed from it and had nothing to do with the UTF-8 issue. I've just about gotten the rule sets that are causing that issue fixed. Look for them in the next day or so. Of course, this all depends on other factors. 8*) Could you drop us or the list a note once the rules are sa-compile compatible? :-) Maybe some other rules have similar problems. If possible could you enlarge on what you did to the rules to make them work so I/we can contact the authors of other possible faulty rules? Kind regards Jan-Peter Koopmann I just now committed fixed rule sets for SARE. Please give it an hour or so to become available. And also let me know if you're still seeing these issues. Thanks! - -- -Doc Penguins: Do it on the ice. 8:44am up 4 days, 16:55, 17 users, load average: 0.18, 0.30, 0.37 SARE HQ http://www.rulesemporium.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFGUaLpqOEeBwEpgcsRAm3mAJ9WOz6xNix0dZsWSKmCUPJ4yJaBeQCfYCBj Scg4KBPqPZYnsj28dJPDi/o= =xMnk -END PGP SIGNATURE-
RE: Spamassassin 3.2.0
From: Christopher X. Candreva [mailto:[EMAIL PROTECTED] On Sat, 19 May 2007, Ming Hou wrote: My issue Mail::DKIM and Mail::DomainKeys are required Crypt::OpenSSL::Random and Crypt::OpenSSL::RSA. But, I could not get Crypt::OpenSSL::Random to be built successfully because it always complained the following messages: Note (probably harmless): No library found for -lssl Note (probably harmless): No library found for -lcrypto Edit Makefile.PL and add -lssl and -lcrypto to the LIBS line. I also had to add an include line for the SSL headers. Then rerun Makefile.PL Or you can try the following: perl Makefile.PL INC='-I/usr/local/ssl/include' LIBS='-L/usr/local/ssl/lib -lssl -lcrypto' (all on one line)
RE: __AOL_FROM is too American?
-Original Message-
From: Giampaolo Tomassoni [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 20, 2007 2:10 PM
To: users@spamassassin.apache.org
Subject: __AOL_FROM is too American?
Dears,
the __AOL_FROM rule in the 20_ratware.cf file from the
spamassassin ruleset
looks for forged AOL From: addresses.
I'm getting some messages from @aol.co.uk which score pretty
high while
looking legit.
I see the rule is a:
From:addr =~ /\@(?:aol|cs)\.com$/i
which, whenever I was in right, should probably be instead
something like:
From:addr =~ /\@(?:aol|cs)\.(?:it|fr|co\.uk|com)$/i
and maybe even more internationaly:
From:addr =~ /\@(?:aol|cs)\.(?:[a-z]{2}|co\.uk|com)$/i
Do I have to file a bug request? Which list is regarding the ruleset
borrowed with spamassassin?
Yes, filing a bug is the right way to go. Have you seen spam using these
TLDs? It may not be meant to be just american, it may be that the only spam
they found was from aol.com? If not, shame on Jmason for not thining of his
buddies in .uk ;)
--Chris
per user filtering
I have succesfully enabled weprefs 0.6 from http://sourceforge.net/projects/webuserprefs/ for my domain. I had to write an ldap authenticator mind you but it is trivial... Now i have a couple more questions. Is this to be used in conjuction with the local.cf file on the spamassassin server or which takes precedence I guess is what im after. I reject all incoming mail at the MTA at SMTP time if the spamscoreint variable is above 100 ie 10 points. How much use are the options provided(the panels) other than white/black listing? -- Regards Ronan McGlue === Analyst / Programmer Queens University Belfast
RE: sa-compile and SARE
Doc Schneider wrote: I just now committed fixed rule sets for SARE. Please give it an hour or so to become available. And also let me know if you're still seeing these issues. Thanks! Can you tell us which SARE rules were amended? Just so we can do a sanity check. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
R: __AOL_FROM is too American?
-
Giampaolo Tomassoni - I.T. Consultant
Piazza VIII Aprile 1948, 4
I-53043 Chiusi (SI) - Italy
Tel/Ph: +39-0578-21100
MAI mandare un messaggio a:
NEVER send an e-mail to:
[EMAIL PROTECTED]
Da: Chris Santerre [mailto:[EMAIL PROTECTED]
-Original Message-
From: Giampaolo Tomassoni [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 20, 2007 2:10 PM
To: users@spamassassin.apache.org
Subject: __AOL_FROM is too American?
Dears,
the __AOL_FROM rule in the 20_ratware.cf file from the
spamassassin ruleset
looks for forged AOL From: addresses.
I'm getting some messages from @aol.co.uk which score pretty
high while
looking legit.
I see the rule is a:
From:addr =~ /\@(?:aol|cs)\.com$/i
which, whenever I was in right, should probably be instead
something like:
From:addr =~ /\@(?:aol|cs)\.(?:it|fr|co\.uk|com)$/i
and maybe even more internationaly:
From:addr =~ /\@(?:aol|cs)\.(?:[a-z]{2}|co\.uk|com)$/i
Do I have to file a bug request? Which list is regarding the ruleset
borrowed with spamassassin?
Yes, filing a bug is the right way to go.
Right. Probably I have to. Where? In the spamassassin's bugzilla? Where do I
have to send a rule-related bug report?
Have you seen spam using these TLDs?
Yes, few from aol.co.uk. Not big mass mailings, however.
It may not be meant to be just american, it may be that the only spam they
found was from aol.com?
Well, actually the rule is meant to detect mails spoofing an unexistant
domain in From:. So, the rule matches the only existant AOL domain that was
probably running at the time it was made.
Maybe AOL started country-based operations too recently for this rule to be
updated.
Apart co.uk, see http://www.aol.fr, in example.
If not, shame on Jmason for not thining of his buddies in .uk ;)
--Chris
Nah, there is no need to shame on anybody... :)
Giampaolo
Re: Spamd
then it would be a good idea to post the results logs of the various build stages. it may even be that the spamassassin is not getting built. On 16 May 2007 at 16:58, Sunil Chelaramani wrote: I am trying to compile from source files. On 5/15/07, .rp [EMAIL PROTECTED] wrote: On 14 May 2007 at 15:07, Sunil Chelaramani wrote: Hello Group/Everyone, I am trying to setup SPAMD on Fedora Core but no luck. I would appreciate if anyone can point to the documentation which guides though step-by-step to get started with Spamd :-) I will appreciate any help. -- Are you trying to compile and install from source or with a premade RPM package?
possible conflict in a SA setup between .pre and local.cf issue
I think I just noticed a conflict. Not sure if I made the mistake or not, yet I probably did. In my init.pre I have loadplugin Mail::SpamAssassin::Plugin::URIDNSBL uncommented and in my local.cf I have purposely set the config below. skip_rbl_checks 1 do these settings conflict? I believe they do, correct? If so... It appears that the init.pre config is winning the battle and doing what I don't want it to do. Somehow I missed this on upgrade or new config setup somehow. Shouldn't a --lint warn about this? - rh -- Abba Communications Spokane, WA www.abbacomm.net
avoid hostname in X-Spam-Checker-Version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi all, how can i avoid the hostname in X-Spam-Checker-Version? i.e. X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on test.host.de - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGUdNtfGH2AvR16oERAtDxAJ9spNMkjoVeVv/mzfq362Sqz1tEmQCfdpvj SaOt5zg+X25oZ0Wz/kEVQbM= =QobR -END PGP SIGNATURE-
Re: What to do with spam?
On 5/20/07, night duke [EMAIL PROTECTED] wrote: But i have a problem if i want to move all the spam messages to each spam folder of each user i must touch each .qmail and create one .procmailrc for each user. Nope, you can use maildrop and create a single mailfilter rule. Place it in the .qmail-default file for the domain and it will move the mail for everyone.. It's good to move all the spam from all the users to a spam account and use sa-learn each day from that account? I have mine set up to run sa-learn on two particular folders, Learn Spam and Learn Ham. Put the mail in the appropriate folder and the system learns each night. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com
RE: possible conflict in a SA setup between .pre and local.cf issue
From: Abba Communications [mailto:[EMAIL PROTECTED] I think I just noticed a conflict. Not sure if I made the mistake or not, yet I probably did. In my init.pre I have loadplugin Mail::SpamAssassin::Plugin::URIDNSBL uncommented and in my local.cf I have purposely set the config below. skip_rbl_checks 1 do these settings conflict? I believe they do, correct? No. skip_rbl_checks 1 does not turn off the URI DNSBL checks.
Re: sa-compile and SARE
Randal, Phil wrote: Doc Schneider wrote: I just now committed fixed rule sets for SARE. Please give it an hour or so to become available. And also let me know if you're still seeing these issues. Thanks! Can you tell us which SARE rules were amended? [EMAIL PROTECTED] channels]$ ls -l | grep May\ 21 | cut -d' ' -f8- May 21 10:14 70_sare_adult.cf May 21 11:14 70_sare_obfu1.cf May 21 10:14 72_sare_bml_post25x.cf [EMAIL PROTECTED] channels]$
RE: possible conflict in a SA setup between .pre and local.cf issue
skip_rbl_checks 1 do these settings conflict? I believe they do, correct? No. skip_rbl_checks 1 does not turn off the URI DNSBL checks. See http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5384 Are you still experiencing this issue?
Re: Spamassassin 3.2.0
Ming Hou wrote: Thank all of your replies. I did try the following option: perl Makefile.PL INC='-I/usr/local/ssl/include' LIBS='-L/usr/local/ssl/lib -lssl -lcrypto' The make test still failed for the SSL portion. Any ideal? Thanks. ming After fighting with many problems with this install, I finally gave up. But I did get all of the perl modules in line. Since I kept track of these from version 3.1.7. These are the modules I had to install starting with 3.1.7 Digest::SHA1 HTML::Parser HTML::Tagset libwww-perl-5.805 URI Compress::Zlib Compress::Raw::Zlib IO::Compress::Base Net::DNS Digest::HMAC_MD5 Net::IP IO::Socket::INET6 Socket6-0.19 Mail::SPF::Query Net::CIDR::Lite Sys::Hostname::Long IP::Country Razor2 razor-agents-sdk-2.07 Archive::Tar IO::Zlib Net::Ident IO::Socket::SSL Net::SSLeay LWP::UserAgent HTTP::Date These are the ones I had to install to get 3.2.0-pre to install (sorry I didn't list the actual module::name Mail-SPF-2.004.tar.gz Net-DNS-Resolver-Programmable-0.002.2.tar.gz Error-0.17008.tar.gz NetAddr-IP-4.004.tar.gz Module-Build-0.2806.tar.gz Module-Signature-0.55.tar.gz ExtUtils-ParseXS-2.18.tar.gz ExtUtils-CBuilder-0.18.tar.gz version-0.71.tar.gz Pod-Readme-0.09.tar.gz Regexp-Common-2.120.tar.gz podlators-2.0.5.tar.gz Pod-Simple-3.05.tar.gz ExtUtils-CBuilder-0.18.tar.gz Mail-DomainKeys-1.0.tar.gz Crypt-OpenSSL-RSA-0.24.tar.gz Crypt-OpenSSL-Random-0.03.tar.gz Mail-DKIM-0.24.tar.gz Encode-Detect-1.00.tar.gz Maybe this will help you. It seems like I had the same problems, and this corrected it. -=Aubrey=-
Re: Spamassassin 3.2.0
Thank all of your replies. I did try the following option: perl Makefile.PL INC='-I/usr/local/ssl/include' LIBS='-L/usr/local/ssl/lib -lssl -lcrypto' The make test still failed for the SSL portion. Any ideal? Thanks. ming Rosenbaum, Larry M. wrote: From: Christopher X. Candreva [mailto:[EMAIL PROTECTED] On Sat, 19 May 2007, Ming Hou wrote: My issue Mail::DKIM and Mail::DomainKeys are required Crypt::OpenSSL::Random and Crypt::OpenSSL::RSA. But, I could not get Crypt::OpenSSL::Random to be built successfully because it always complained the following messages: Note (probably harmless): No library found for -lssl Note (probably harmless): No library found for -lcrypto Edit Makefile.PL and add -lssl and -lcrypto to the LIBS line. I also had to add an include line for the SSL headers. Then rerun Makefile.PL Or you can try the following: perl Makefile.PL INC='-I/usr/local/ssl/include' LIBS='-L/usr/local/ssl/lib -lssl -lcrypto' (all on one line)
Re: per user filtering
Ronan McGlue wrote: I have succesfully enabled weprefs 0.6 from http://sourceforge.net/projects/webuserprefs/ for my domain. I had to write an ldap authenticator mind you but it is trivial... Now i have a couple more questions. Is this to be used in conjuction with the local.cf file on the spamassassin server or which takes precedence I guess is what im after. For most settings the last-parsed setting takes precedence, and user preferences are the last thing parsed. I reject all incoming mail at the MTA at SMTP time if the spamscoreint variable is above 100 ie 10 points. How much use are the options provided(the panels) other than white/black listing? I'm not familiar with the tool, so I don't know what's in the other panels. I'd assume it can change required_score, which would be useful for the stuff that doesn't get rejected.
Bayes problem: very large spam/ham ratio
Hi, After years of stability, my bayes db is doing poorly. When I first noticed it, it was classifying lots of ham BAYES_99, I cleared the db and started over. Now it finds *very* few ham. 0.000 0 3 0 non-token data: bayes db version 0.000 0 14779 0 non-token data: nspam 0.000 0 86 0 non-token data: nham 0.000 0 231925 0 non-token data: ntokens 0.000 0 1177142672 0 non-token data: oldest atime 0.000 0 1179789654 0 non-token data: newest atime 0.000 0 1179789681 0 non-token data: last journal sync atime 0.000 0 1179761284 0 non-token data: last expiry atime 0.000 0 43200 0 non-token data: last expire atime delta 0.000 0 90881 0 non-token data: last expire reduction count I've seen people report large spam/ham ratios on this list, but this seems extreme, 170:1. So I added about 500 ham (I am sure of the quality) to the db with sa-learn --ham, hoping that would help. But it is still behaving poorly, over 20% of my ham is BAYES_99. (Normally less the 1% of my ham is BAYES_99.) Does anyone know why my system can't find any ham? It's a fairly typical university site of about 1 messages/day with a 50/50 ham/spam ratio, so I know it is receiving plenty of ham. Running 3.2.0 if it matters. Thanks, Fletcher
